src/vnet/session/session_rules_table.h

   1 /*
   2  * Copyright (c) 2017-2019 Cisco and/or its affiliates.
   3  * Licensed under the Apache License, Version 2.0 (the "License");
   4  * you may not use this file except in compliance with the License.
   5  * You may obtain a copy of the License at:
   6  *
   7  *     http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  * Unless required by applicable law or agreed to in writing, software
  10  * distributed under the License is distributed on an "AS IS" BASIS,
  11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  * See the License for the specific language governing permissions and
  13  * limitations under the License.
  14  */
  15
  16 #ifndef SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
  17 #define SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
  18
  19 #include <vnet/vnet.h>
  20 #include <vnet/fib/fib.h>
  21 #include <vnet/session/session_types.h>
  22 #include <vnet/session/transport.h>
  23 #include <vnet/session/mma_16.h>
  24 #include <vnet/session/mma_40.h>
  25
  26 /* *INDENT-OFF* */
  27 typedef CLIB_PACKED (struct
  28 {
  29   union
  30     {
  31       struct
  32         {
  33           ip4_address_t rmt_ip;
  34           ip4_address_t lcl_ip;
  35           u16 rmt_port;
  36           u16 lcl_port;
  37         };
  38       u64 as_u64[2];
  39     };
  40 }) session_mask_or_match_4_t;
  41
  42 typedef CLIB_PACKED (struct
  43 {
  44   union
  45     {
  46       struct
  47         {
  48           ip6_address_t rmt_ip;
  49           ip6_address_t lcl_ip;
  50           u16 rmt_port;
  51           u16 lcl_port;
  52         };
  53       u64 as_u64[5];
  54     };
  55 }) session_mask_or_match_6_t;
  56 /* *INDENT-ON* */
  57
  58 #define SESSION_RULE_TAG_MAX_LEN 64
  59 #define SESSION_RULES_TABLE_INVALID_INDEX MMA_TABLE_INVALID_INDEX
  60 #define SESSION_RULES_TABLE_ACTION_DROP (MMA_TABLE_INVALID_INDEX - 1)
  61 #define SESSION_RULES_TABLE_ACTION_ALLOW (MMA_TABLE_INVALID_INDEX - 2)
  62
  63 typedef struct _session_rules_table_add_del_args
  64 {
  65   fib_prefix_t lcl;
  66   fib_prefix_t rmt;
  67   u16 lcl_port;
  68   u16 rmt_port;
  69   u32 action_index;
  70   u8 *tag;
  71   u8 is_add;
  72 } session_rule_table_add_del_args_t;
  73
  74 typedef struct _rule_tag
  75 {
  76   u8 *tag;
  77 } session_rule_tag_t;
  78
  79 typedef struct _session_rules_table_t
  80 {
  81   /**
  82    * Per fib proto session rules tables
  83    */
  84   mma_rules_table_16_t session_rules_tables_16;
  85   mma_rules_table_40_t session_rules_tables_40;
  86   /**
  87    * Hash table that maps tags to rules
  88    */
  89   uword *rules_by_tag;
  90   /**
  91    * Pool of rules tags
  92    */
  93   session_rule_tag_t *rule_tags;
  94   /**
  95    * Hash table that maps rule indices to tags
  96    */
  97   uword *tags_by_rules;
  98 } session_rules_table_t;
  99
 100 u32 session_rules_table_lookup4 (session_rules_table_t * srt,
 101                                  ip4_address_t * lcl_ip,
 102                                  ip4_address_t * rmt_ip, u16 lcl_port,
 103                                  u16 rmt_port);
 104 u32 session_rules_table_lookup6 (session_rules_table_t * srt,
 105                                  ip6_address_t * lcl_ip,
 106                                  ip6_address_t * rmt_ip, u16 lcl_port,
 107                                  u16 rmt_port);
 108 void session_rules_table_cli_dump (vlib_main_t * vm,
 109                                    session_rules_table_t * srt, u8 fib_proto);
 110 void session_rules_table_show_rule (vlib_main_t * vm,
 111                                     session_rules_table_t * srt,
 112                                     ip46_address_t * lcl_ip, u16 lcl_port,
 113                                     ip46_address_t * rmt_ip, u16 rmt_port,
 114                                     u8 is_ip4);
 115 session_error_t
 116 session_rules_table_add_del (session_rules_table_t *srt,
 117                              session_rule_table_add_del_args_t *args);
 118 u8 *session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri,
 119                                   u8 is_ip4);
 120 void session_rules_table_init (session_rules_table_t * srt);
 121 void session_rules_table_free (session_rules_table_t *srt);
 122 #endif /* SRC_VNET_SESSION_SESSION_RULES_TABLE_H_ */
 123 /*
 124  * fd.io coding-style-patch-verification: ON
 125  *
 126  * Local Variables:
 127  * eval: (c-set-style "gnu")
 128  * End:
 129  */