+int
+vnet_session_rule_add_del (session_rule_add_del_args_t * args)
+{
+ app_namespace_t *app_ns = app_namespace_get (args->appns_index);
+ session_rules_table_t *srt;
+ session_table_t *st;
+ u32 fib_index;
+ u8 fib_proto;
+ int rv = 0;
+
+ if (!app_ns)
+ return VNET_API_ERROR_APP_INVALID_NS;
+
+ if (args->scope > 3)
+ return VNET_API_ERROR_INVALID_VALUE;
+
+ if (args->transport_proto != TRANSPORT_PROTO_TCP
+ && args->transport_proto != TRANSPORT_PROTO_UDP)
+ return VNET_API_ERROR_INVALID_VALUE;
+
+ if ((args->scope & SESSION_RULE_SCOPE_GLOBAL) || args->scope == 0)
+ {
+ fib_proto = args->table_args.rmt.fp_proto;
+ fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
+ st = session_table_get_for_fib_index (fib_proto, fib_index);
+ srt = &st->session_rules[args->transport_proto];
+ if ((rv = session_rules_table_add_del (srt, &args->table_args)))
+ return rv;
+ }
+ if (args->scope & SESSION_RULE_SCOPE_LOCAL)
+ {
+ clib_memset (&args->table_args.lcl, 0, sizeof (args->table_args.lcl));
+ args->table_args.lcl.fp_proto = args->table_args.rmt.fp_proto;
+ args->table_args.lcl_port = 0;
+ st = app_namespace_get_local_table (app_ns);
+ srt = &st->session_rules[args->transport_proto];
+ rv = session_rules_table_add_del (srt, &args->table_args);
+ }
+ return rv;
+}
+
+/**
+ * Mark (global) tables as pertaining to app ns
+ */
+void
+session_lookup_set_tables_appns (app_namespace_t * app_ns)
+{
+ session_table_t *st;
+ u32 fib_index;
+ u8 fp;
+
+ for (fp = 0; fp < ARRAY_LEN (fib_index_to_table_index); fp++)
+ {
+ fib_index = app_namespace_get_fib_index (app_ns, fp);
+ st = session_table_get_or_alloc (fp, fib_index);
+ if (st)
+ st->appns_index = app_namespace_index (app_ns);
+ }
+}
+
+u8 *
+format_ip4_session_lookup_kvp (u8 * s, va_list * args)
+{
+ clib_bihash_kv_16_8_t *kvp = va_arg (*args, clib_bihash_kv_16_8_t *);
+ u32 is_local = va_arg (*args, u32);
+ v4_connection_key_t *key = (v4_connection_key_t *) kvp->key;
+ session_t *session;
+ app_worker_t *app_wrk;
+ const u8 *app_name;
+ u8 *str = 0;
+
+ if (!is_local)
+ {
+ session = session_get_from_handle (kvp->value);
+ app_wrk = app_worker_get (session->app_wrk_index);
+ app_name = application_name_from_index (app_wrk->app_index);
+ str = format (0, "[%U] %U:%d->%U:%d", format_transport_proto_short,
+ key->proto, format_ip4_address, &key->src,
+ clib_net_to_host_u16 (key->src_port), format_ip4_address,
+ &key->dst, clib_net_to_host_u16 (key->dst_port));
+ s = format (s, "%-40v%-30v", str, app_name);
+ }
+ else
+ {
+ session = session_get_from_handle (kvp->value);
+ app_wrk = app_worker_get (session->app_wrk_index);
+ app_name = application_name_from_index (app_wrk->app_index);
+ str = format (0, "[%U] %U:%d", format_transport_proto_short, key->proto,
+ format_ip4_address, &key->src,
+ clib_net_to_host_u16 (key->src_port));
+ s = format (s, "%-30v%-30v", str, app_name);
+ }
+ return s;
+}
+
+typedef struct _ip4_session_table_show_ctx_t
+{
+ vlib_main_t *vm;
+ u8 is_local;
+} ip4_session_table_show_ctx_t;
+
+static int
+ip4_session_table_show (clib_bihash_kv_16_8_t * kvp, void *arg)
+{
+ ip4_session_table_show_ctx_t *ctx = arg;
+ vlib_cli_output (ctx->vm, "%U", format_ip4_session_lookup_kvp, kvp,
+ ctx->is_local);
+ return 1;
+}
+
+void
+session_lookup_show_table_entries (vlib_main_t * vm, session_table_t * table,
+ u8 type, u8 is_local)
+{
+ ip4_session_table_show_ctx_t ctx = {
+ .vm = vm,
+ .is_local = is_local,
+ };
+ if (!is_local)
+ vlib_cli_output (vm, "%-40s%-30s", "Session", "Application");
+ else
+ vlib_cli_output (vm, "%-30s%-30s", "Listener", "Application");
+ switch (type)
+ {
+ /* main table v4 */
+ case 0:
+ ip4_session_table_walk (&table->v4_session_hash, ip4_session_table_show,
+ &ctx);
+ break;
+ default:
+ clib_warning ("not supported");
+ }
+}
+
+static clib_error_t *
+session_rule_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen = 0, rmt_plen = 0;
+ u32 appns_index, scope = 0;
+ ip46_address_t lcl_ip, rmt_ip;
+ u8 is_ip4 = 1, conn_set = 0;
+ u8 fib_proto, is_add = 1, *ns_id = 0;
+ u8 *tag = 0;
+ app_namespace_t *app_ns;
+ int rv;
+
+ session_cli_return_if_not_enabled ();
+
+ clib_memset (&lcl_ip, 0, sizeof (lcl_ip));
+ clib_memset (&rmt_ip, 0, sizeof (rmt_ip));
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "del"))
+ is_add = 0;
+ else if (unformat (input, "add"))
+ ;
+ else if (unformat (input, "appns %_%v%_", &ns_id))
+ ;
+ else if (unformat (input, "scope global"))
+ scope = SESSION_RULE_SCOPE_GLOBAL;
+ else if (unformat (input, "scope local"))
+ scope = SESSION_RULE_SCOPE_LOCAL;
+ else if (unformat (input, "scope all"))
+ scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
+ else if (unformat (input, "proto %U", unformat_transport_proto, &proto))
+ ;
+ else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
+ &lcl_ip.ip4, &lcl_plen, &lcl_port,
+ unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 1;
+ conn_set = 1;
+ }
+ else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
+ &lcl_ip.ip6, &lcl_plen, &lcl_port,
+ unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 0;
+ conn_set = 1;
+ }
+ else if (unformat (input, "action %d", &action))
+ ;
+ else if (unformat (input, "tag %_%v%_", &tag))
+ ;
+ else
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, input);
+ }
+
+ if (proto == ~0)
+ {
+ vlib_cli_output (vm, "proto must be set");
+ return 0;
+ }
+ if (is_add && !conn_set && action == ~0)
+ {
+ vlib_cli_output (vm, "connection and action must be set for add");
+ return 0;
+ }
+ if (!is_add && !tag && !conn_set)
+ {
+ vlib_cli_output (vm, "connection or tag must be set for delete");
+ return 0;
+ }
+ if (vec_len (tag) > SESSION_RULE_TAG_MAX_LEN)
+ {
+ vlib_cli_output (vm, "tag too long (max u64)");
+ return 0;
+ }
+
+ if (ns_id)
+ {
+ app_ns = app_namespace_get_from_id (ns_id);
+ if (!app_ns)
+ {
+ vlib_cli_output (vm, "namespace %v does not exist", ns_id);
+ return 0;
+ }
+ }
+ else
+ {
+ app_ns = app_namespace_get_default ();
+ }
+ appns_index = app_namespace_index (app_ns);
+
+ fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
+ session_rule_add_del_args_t args = {
+ .transport_proto = proto,
+ .table_args.lcl.fp_addr = lcl_ip,
+ .table_args.lcl.fp_len = lcl_plen,
+ .table_args.lcl.fp_proto = fib_proto,
+ .table_args.rmt.fp_addr = rmt_ip,
+ .table_args.rmt.fp_len = rmt_plen,
+ .table_args.rmt.fp_proto = fib_proto,
+ .table_args.lcl_port = lcl_port,
+ .table_args.rmt_port = rmt_port,
+ .table_args.action_index = action,
+ .table_args.is_add = is_add,
+ .table_args.tag = tag,
+ .appns_index = appns_index,
+ .scope = scope,
+ };
+ if ((rv = vnet_session_rule_add_del (&args)))
+ return clib_error_return (0, "rule add del returned %u", rv);
+
+ vec_free (tag);