session_type_from_proto_and_ip (t->proto, 0));
}
-
static session_table_t *
-session_table_get_or_alloc_for_connection (transport_connection_t * tc)
+session_table_get_or_alloc (u8 fib_proto, u8 fib_index)
{
session_table_t *st;
- u32 table_index, fib_proto = transport_connection_fib_proto (tc);
- if (vec_len (fib_index_to_table_index[fib_proto]) <= tc->fib_index)
+ u32 table_index;
+ if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
{
st = session_table_alloc ();
table_index = session_table_index (st);
- vec_validate (fib_index_to_table_index[fib_proto], tc->fib_index);
- fib_index_to_table_index[fib_proto][tc->fib_index] = table_index;
+ vec_validate (fib_index_to_table_index[fib_proto], fib_index);
+ fib_index_to_table_index[fib_proto][fib_index] = table_index;
+ st->active_fib_proto = fib_proto;
return st;
}
else
{
- table_index = fib_index_to_table_index[fib_proto][tc->fib_index];
+ table_index = fib_index_to_table_index[fib_proto][fib_index];
return session_table_get (table_index);
}
}
+static session_table_t *
+session_table_get_or_alloc_for_connection (transport_connection_t * tc)
+{
+ u32 fib_proto;
+ fib_proto = transport_connection_fib_proto (tc);
+ return session_table_get_or_alloc (fib_proto, tc->fib_index);
+}
+
static session_table_t *
session_table_get_for_connection (transport_connection_t * tc)
{
return session_lookup_del_connection (ts);
}
+static u32
+session_lookup_action_to_session (u32 action_index)
+{
+ if (action_index != SESSION_RULES_TABLE_ACTION_DROP)
+ return action_index;
+ return SESSION_INVALID_INDEX;
+}
+
static stream_session_t *
session_lookup_app_listen_session (u32 app_index, u8 fib_proto,
u8 transport_proto)
}
stream_session_t *
-session_lookup_rules_table4 (session_rules_table_t * srt, u8 proto,
+session_lookup_rules_table4 (session_table_t * st, u8 proto,
ip4_address_t * lcl, u16 lcl_port,
ip4_address_t * rmt, u16 rmt_port)
{
- u32 action_index;
- action_index = session_rules_table_lookup4 (srt, proto, lcl, rmt, lcl_port,
+ session_rules_table_t *srt = &st->session_rules[proto];
+ u32 action_index, session_index;
+ action_index = session_rules_table_lookup4 (srt, lcl, rmt, lcl_port,
rmt_port);
+ session_index = session_lookup_action_to_session (action_index);
/* Nothing sophisticated for now, action index is app index */
- return session_lookup_app_listen_session (action_index, FIB_PROTOCOL_IP4,
+ return session_lookup_app_listen_session (session_index, FIB_PROTOCOL_IP4,
proto);
}
stream_session_t *
-session_lookup_rules_table6 (session_rules_table_t * srt, u8 proto,
+session_lookup_rules_table6 (session_table_t * st, u8 proto,
ip6_address_t * lcl, u16 lcl_port,
ip6_address_t * rmt, u16 rmt_port)
{
- u32 action_index;
- action_index = session_rules_table_lookup6 (srt, proto, lcl, rmt, lcl_port,
+ session_rules_table_t *srt = &st->session_rules[proto];
+ u32 action_index, session_index;
+ action_index = session_rules_table_lookup6 (srt, lcl, rmt, lcl_port,
rmt_port);
- return session_lookup_app_listen_session (action_index, FIB_PROTOCOL_IP6,
+ session_index = session_lookup_action_to_session (action_index);
+ return session_lookup_app_listen_session (session_index, FIB_PROTOCOL_IP6,
proto);
}
u64
session_lookup_session_endpoint (u32 table_index, session_endpoint_t * sep)
{
+ session_rules_table_t *srt;
session_table_t *st;
session_kv4_t kv4;
session_kv6_t kv6;
ip4_address_t lcl4;
ip6_address_t lcl6;
- u32 si;
+ u32 ai;
int rv;
+ u8 sst;
+ sst = session_type_from_proto_and_ip (sep->transport_proto, sep->is_ip4);
st = session_table_get (table_index);
if (!st)
return SESSION_INVALID_HANDLE;
if (sep->is_ip4)
{
- make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
- sep->transport_proto);
+ make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port, sst);
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return kv4.value;
memset (&lcl4, 0, sizeof (lcl4));
- si =
- session_rules_table_lookup4 (&st->session_rules, sep->transport_proto,
- &lcl4, &sep->ip.ip4, 0, sep->port);
- if (si != SESSION_RULES_TABLE_INVALID_INDEX)
- return si;
+ srt = &st->session_rules[sep->transport_proto];
+ ai = session_rules_table_lookup4 (srt, &lcl4, &sep->ip.ip4, 0,
+ sep->port);
+ if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
+ return session_lookup_action_to_session (ai);
}
else
{
- make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
- sep->transport_proto);
+ make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port, sst);
rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
if (rv == 0)
return kv6.value;
memset (&lcl6, 0, sizeof (lcl6));
- si =
- session_rules_table_lookup6 (&st->session_rules, sep->transport_proto,
- &lcl6, &sep->ip.ip6, 0, sep->port);
- if (si != SESSION_RULES_TABLE_INVALID_INDEX)
- return si;
+ srt = &st->session_rules[sep->transport_proto];
+ ai = session_rules_table_lookup6 (srt, &lcl6, &sep->ip.ip6, 0,
+ sep->port);
+ if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
+ return session_lookup_action_to_session (ai);
}
return SESSION_INVALID_HANDLE;
}
if (rv == 0)
return session_get_from_handle (kv4.value);
memset (&lcl4, 0, sizeof (lcl4));
- return session_lookup_rules_table4 (&st->session_rules,
- sep->transport_proto, &lcl4, 0,
+ return session_lookup_rules_table4 (st, sep->transport_proto, &lcl4, 0,
&sep->ip.ip4, sep->port);
}
else
if (rv == 0)
return session_get_from_handle (kv6.value);
memset (&lcl6, 0, sizeof (lcl6));
- return session_lookup_rules_table6 (&st->session_rules,
- sep->transport_proto, &lcl6, 0,
+ return session_lookup_rules_table6 (st, sep->transport_proto, &lcl6, 0,
&sep->ip.ip6, sep->port);
}
}
session_lookup_local_session_endpoint (u32 table_index,
session_endpoint_t * sep)
{
+ session_rules_table_t *srt;
session_table_t *st;
session_kv4_t kv4;
session_kv6_t kv6;
ip4_address_t lcl4;
ip6_address_t lcl6;
- u32 si;
+ u32 ai;
int rv;
st = session_table_get (table_index);
return (u32) kv4.value;
memset (&lcl4, 0, sizeof (lcl4));
- si =
- session_rules_table_lookup4 (&st->session_rules, sep->transport_proto,
- &lcl4, &sep->ip.ip4, 0, sep->port);
- if (si != SESSION_RULES_TABLE_INVALID_INDEX)
- return si;
+ srt = &st->session_rules[sep->transport_proto];
+ ai = session_rules_table_lookup4 (srt, &lcl4, &sep->ip.ip4, 0,
+ sep->port);
+ if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
+ return session_lookup_action_to_session (ai);
}
else
{
return (u32) kv6.value;
memset (&lcl6, 0, sizeof (lcl6));
- si =
- session_rules_table_lookup6 (&st->session_rules, sep->transport_proto,
- &lcl6, &sep->ip.ip6, 0, sep->port);
- if (si != SESSION_RULES_TABLE_INVALID_INDEX)
- return si;
+ srt = &st->session_rules[sep->transport_proto];
+ ai = session_rules_table_lookup6 (srt, &lcl6, &sep->ip.ip6, 0,
+ sep->port);
+ if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
+ return session_lookup_action_to_session (ai);
}
return SESSION_INVALID_INDEX;
}
return 0;
}
-transport_connection_t *
-session_lookup_rules_table_connection4 (session_rules_table_t * srt, u8 proto,
+static transport_connection_t *
+session_lookup_rules_table_connection4 (session_table_t * st, u8 proto,
ip4_address_t * lcl, u16 lcl_port,
ip4_address_t * rmt, u16 rmt_port)
{
stream_session_t *s;
- s = session_lookup_rules_table4 (srt, proto, lcl, lcl_port, rmt, rmt_port);
+ s = session_lookup_rules_table4 (st, proto, lcl, lcl_port, rmt, rmt_port);
if (s)
return tp_vfts[s->session_type].get_listener (s->connection_index);
return 0;
}
-transport_connection_t *
-session_lookup_rules_table_connection6 (session_rules_table_t * srt, u8 proto,
+static transport_connection_t *
+session_lookup_rules_table_connection6 (session_table_t * srt, u8 proto,
ip6_address_t * lcl, u16 lcl_port,
ip6_address_t * rmt, u16 rmt_port)
{
}
/* Check the session rules table */
- return session_lookup_rules_table_connection4 (&st->session_rules, proto,
- lcl, lcl_port, rmt,
- rmt_port);
+ return session_lookup_rules_table_connection4 (st, proto, lcl, lcl_port,
+ rmt, rmt_port);
}
/**
return tp_vfts[sst].get_half_open (kv4.value & 0xFFFFFFFF);
}
/* Check the session rules table */
- return session_lookup_rules_table_connection4 (&st->session_rules, proto,
- lcl, lcl_port, rmt,
- rmt_port);
+ return session_lookup_rules_table_connection4 (st, proto, lcl, lcl_port,
+ rmt, rmt_port);
}
/**
/* If nothing is found, check if any listener is available */
if ((s = session_lookup_listener4_i (st, lcl, lcl_port, proto)))
return s;
- return session_lookup_rules_table4 (&st->session_rules, proto, lcl,
+ return session_lookup_rules_table4 (st, proto, lcl,
lcl_port, rmt, rmt_port);
}
return tp_vfts[sst].get_half_open (kv6.value & 0xFFFFFFFF);
}
- return session_lookup_rules_table_connection6 (&st->session_rules, proto,
- lcl, lcl_port, rmt,
- rmt_port);
+ return session_lookup_rules_table_connection6 (st, proto, lcl, lcl_port,
+ rmt, rmt_port);
}
/**
return tp_vfts[sst].get_half_open (kv6.value & 0xFFFFFFFF);
}
- return session_lookup_rules_table_connection6 (&st->session_rules, proto,
- lcl, lcl_port, rmt,
- rmt_port);
+ return session_lookup_rules_table_connection6 (st, proto, lcl, lcl_port,
+ rmt, rmt_port);
}
/**
/* If nothing is found, check if any listener is available */
if ((s = session_lookup_listener6_i (st, lcl, lcl_port, proto)))
return s;
- return session_lookup_rules_table6 (&st->session_rules, proto, lcl,
+ return session_lookup_rules_table6 (st, proto, lcl,
lcl_port, rmt, rmt_port);
}
vnet_session_rule_add_del (session_rule_add_del_args_t * args)
{
app_namespace_t *app_ns = app_namespace_get (args->appns_index);
+ session_rules_table_t *srt;
session_table_t *st;
u32 fib_index;
u8 fib_proto;
if (args->scope > 3)
return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
"invalid scope");
+ if (args->transport_proto != TRANSPORT_PROTO_TCP
+ && args->transport_proto != TRANSPORT_PROTO_UDP)
+ return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
+ "invalid transport proto");
if ((args->scope & SESSION_RULE_SCOPE_GLOBAL) || args->scope == 0)
{
fib_proto = args->table_args.rmt.fp_proto;
fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
st = session_table_get_for_fib_index (fib_proto, fib_index);
- if ((error = session_rules_table_add_del (&st->session_rules,
- &args->table_args)))
- return error;
+ srt = &st->session_rules[args->transport_proto];
+ if ((error = session_rules_table_add_del (srt, &args->table_args)))
+ {
+ clib_error_report (error);
+ return error;
+ }
}
if (args->scope & SESSION_RULE_SCOPE_LOCAL)
{
st = app_namespace_get_local_table (app_ns);
- error =
- session_rules_table_add_del (&st->session_rules, &args->table_args);
+ srt = &st->session_rules[args->transport_proto];
+ error = session_rules_table_add_del (srt, &args->table_args);
}
return error;
}
+/**
+ * Mark (global) tables as pertaining to app ns
+ */
+void
+session_lookup_set_tables_appns (app_namespace_t * app_ns)
+{
+ session_table_t *st;
+ u32 fib_index;
+ u8 fp;
+
+ for (fp = 0; fp < ARRAY_LEN (fib_index_to_table_index); fp++)
+ {
+ fib_index = app_namespace_get_fib_index (app_ns, fp);
+ st = session_table_get_for_fib_index (fp, fib_index);
+ if (st)
+ st->appns_index = app_namespace_index (app_ns);
+ }
+}
+
u8 *
format_ip4_session_lookup_kvp (u8 * s, va_list * args)
{
session_rule_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_command_t * cmd)
{
- u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen, rmt_plen;
+ u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen = 0, rmt_plen = 0;
u32 appns_index, scope = 0;
ip46_address_t lcl_ip, rmt_ip;
u8 is_ip4 = 1, conn_set = 0;
u8 fib_proto, is_add = 1, *ns_id = 0;
+ u8 *tag = 0;
app_namespace_t *app_ns;
+ clib_error_t *error;
memset (&lcl_ip, 0, sizeof (lcl_ip));
memset (&rmt_ip, 0, sizeof (rmt_ip));
}
else if (unformat (input, "action %d", &action))
;
+ else if (unformat (input, "tag %_%v%_", &tag))
+ ;
else
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, input);
}
- if (proto == ~0 || !conn_set || action == ~0)
- return clib_error_return (0, "proto, connection and action must be set");
+ if (proto == ~0)
+ {
+ vlib_cli_output (vm, "proto must be set");
+ return 0;
+ }
+ if (is_add && !conn_set && action == ~0)
+ {
+ vlib_cli_output (vm, "connection and action must be set for add");
+ return 0;
+ }
+ if (!is_add && !tag && !conn_set)
+ {
+ vlib_cli_output (vm, "connection or tag must be set for delete");
+ return 0;
+ }
+ if (vec_len (tag) > SESSION_RULE_TAG_MAX_LEN)
+ {
+ vlib_cli_output (vm, "tag too long (max u64)");
+ return 0;
+ }
if (ns_id)
{
app_ns = app_namespace_get_from_id (ns_id);
if (!app_ns)
- return clib_error_return (0, "namespace %v does not exist", ns_id);
+ {
+ vlib_cli_output (vm, "namespace %v does not exist", ns_id);
+ return 0;
+ }
}
else
{
.table_args.rmt_port = rmt_port,
.table_args.action_index = action,
.table_args.is_add = is_add,
+ .table_args.tag = tag,
.appns_index = appns_index,
.scope = scope,
};
- return vnet_session_rule_add_del (&args);
+ error = vnet_session_rule_add_del (&args);
+ vec_free (tag);
+ return error;
}
/* *INDENT-OFF* */
u8 transport_proto)
{
vlib_main_t *vm = vlib_get_main ();
+ session_rules_table_t *srt;
session_table_t *st;
st = session_table_get_for_fib_index (fib_index, fib_proto);
- session_rules_table_cli_dump (vm, &st->session_rules, fib_proto,
- transport_proto);
+ srt = &st->session_rules[transport_proto];
+ session_rules_table_cli_dump (vm, srt, fib_proto);
}
void
u8 transport_proto)
{
vlib_main_t *vm = vlib_get_main ();
+ session_rules_table_t *srt;
session_table_t *st;
st = session_table_get (table_index);
- session_rules_table_cli_dump (vm, &st->session_rules, fib_proto,
- transport_proto);
+ srt = &st->session_rules[transport_proto];
+ session_rules_table_cli_dump (vm, srt, fib_proto);
}
static clib_error_t *
ip46_address_t lcl_ip, rmt_ip;
u8 is_ip4 = 1, show_one = 0;
app_namespace_t *app_ns;
+ session_rules_table_t *srt;
session_table_t *st;
u8 *ns_id = 0, fib_proto;
if (show_one)
{
- session_rules_table_show_rule (vm, &st->session_rules, transport_proto,
- &lcl_ip, lcl_port, &rmt_ip, rmt_port,
- is_ip4);
+ srt = &st->session_rules[transport_proto];
+ session_rules_table_show_rule (vm, srt, &lcl_ip, lcl_port, &rmt_ip,
+ rmt_port, is_ip4);
return 0;
}
- session_rules_table_cli_dump (vm, &st->session_rules, FIB_PROTOCOL_IP4,
- transport_proto);
- session_rules_table_cli_dump (vm, &st->session_rules, FIB_PROTOCOL_IP6,
- transport_proto);
+ vlib_cli_output (vm, "%U rules table", format_transport_proto,
+ transport_proto);
+ srt = &st->session_rules[transport_proto];
+ session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4);
+ session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP6);
vec_free (ns_id);
return 0;
session_table_t *st = session_table_alloc ();
vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP4], 0);
fib_index_to_table_index[FIB_PROTOCOL_IP4][0] = session_table_index (st);
- session_table_init (st);
+ st->active_fib_proto = FIB_PROTOCOL_IP4;
+ session_table_init (st, FIB_PROTOCOL_IP4);
st = session_table_alloc ();
vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP6], 0);
fib_index_to_table_index[FIB_PROTOCOL_IP6][0] = session_table_index (st);
- session_table_init (st);
+ st->active_fib_proto = FIB_PROTOCOL_IP6;
+ session_table_init (st, FIB_PROTOCOL_IP6);
}
/*