2 * Copyright (c) 2017-2019 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 /** Generate typed init functions for multiple hash table styles... */
17 #include <vppinfra/bihash_16_8.h>
18 #include <vppinfra/bihash_template.h>
20 #include <vppinfra/bihash_template.c>
22 #undef __included_bihash_template_h__
24 #include <vppinfra/bihash_48_8.h>
25 #include <vppinfra/bihash_template.h>
27 #include <vppinfra/bihash_template.c>
28 #include <vnet/session/session_lookup.h>
29 #include <vnet/session/session.h>
30 #include <vnet/session/application.h>
32 static session_lookup_main_t sl_main;
35 * Network namespace index (i.e., fib index) to session lookup table. We
36 * should have one per network protocol type but for now we only support IP4/6
38 static u32 *fib_index_to_table_index[2];
41 typedef CLIB_PACKED (struct {
50 /* align by making this 4 octets even though its a 1-bit field
51 * NOTE: avoid key overlap with other transports that use 5 tuples for
52 * session identification.
58 }) v4_connection_key_t;
60 typedef CLIB_PACKED (struct {
75 }) v6_connection_key_t;
77 typedef clib_bihash_kv_16_8_t session_kv4_t;
78 typedef clib_bihash_kv_48_8_t session_kv6_t;
81 make_v4_ss_kv (session_kv4_t * kv, ip4_address_t * lcl, ip4_address_t * rmt,
82 u16 lcl_port, u16 rmt_port, u8 proto)
84 kv->key[0] = (u64) rmt->as_u32 << 32 | (u64) lcl->as_u32;
85 kv->key[1] = (u64) proto << 32 | (u64) rmt_port << 16 | (u64) lcl_port;
90 make_v4_listener_kv (session_kv4_t * kv, ip4_address_t * lcl, u16 lcl_port,
93 kv->key[0] = (u64) lcl->as_u32;
94 kv->key[1] = (u64) proto << 32 | (u64) lcl_port;
99 make_v4_proxy_kv (session_kv4_t * kv, ip4_address_t * lcl, u8 proto)
101 kv->key[0] = (u64) lcl->as_u32;
102 kv->key[1] = (u64) proto << 32;
107 make_v4_ss_kv_from_tc (session_kv4_t * kv, transport_connection_t * tc)
109 make_v4_ss_kv (kv, &tc->lcl_ip.ip4, &tc->rmt_ip.ip4, tc->lcl_port,
110 tc->rmt_port, tc->proto);
114 make_v6_ss_kv (session_kv6_t * kv, ip6_address_t * lcl, ip6_address_t * rmt,
115 u16 lcl_port, u16 rmt_port, u8 proto)
117 kv->key[0] = lcl->as_u64[0];
118 kv->key[1] = lcl->as_u64[1];
119 kv->key[2] = rmt->as_u64[0];
120 kv->key[3] = rmt->as_u64[1];
121 kv->key[4] = (u64) proto << 32 | (u64) rmt_port << 16 | (u64) lcl_port;
127 make_v6_listener_kv (session_kv6_t * kv, ip6_address_t * lcl, u16 lcl_port,
130 kv->key[0] = lcl->as_u64[0];
131 kv->key[1] = lcl->as_u64[1];
134 kv->key[4] = (u64) proto << 32 | (u64) lcl_port;
140 make_v6_proxy_kv (session_kv6_t * kv, ip6_address_t * lcl, u8 proto)
142 kv->key[0] = lcl->as_u64[0];
143 kv->key[1] = lcl->as_u64[1];
146 kv->key[4] = (u64) proto << 32;
152 make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * tc)
154 make_v6_ss_kv (kv, &tc->lcl_ip.ip6, &tc->rmt_ip.ip6, tc->lcl_port,
155 tc->rmt_port, tc->proto);
159 session_table_alloc_needs_sync (void)
161 return !vlib_thread_is_main_w_barrier () && (vlib_num_workers () > 1);
164 static_always_inline u8
165 session_table_is_alloced (u8 fib_proto, u32 fib_index)
167 return (vec_len (fib_index_to_table_index[fib_proto]) > fib_index &&
168 fib_index_to_table_index[fib_proto][fib_index] != ~0);
171 static session_table_t *
172 session_table_get_or_alloc (u8 fib_proto, u32 fib_index)
177 ASSERT (fib_index != ~0);
179 if (session_table_is_alloced (fib_proto, fib_index))
181 table_index = fib_index_to_table_index[fib_proto][fib_index];
182 return session_table_get (table_index);
185 u8 needs_sync = session_table_alloc_needs_sync ();
186 session_lookup_main_t *slm = &sl_main;
188 /* Stop workers, otherwise consumers might be affected. This is
189 * acceptable because new tables should seldom be allocated */
192 vlib_workers_sync ();
194 /* We might have a race, only one worker allowed at once */
195 clib_spinlock_lock (&slm->st_alloc_lock);
198 /* Another worker just allocated this table */
199 if (session_table_is_alloced (fib_proto, fib_index))
201 table_index = fib_index_to_table_index[fib_proto][fib_index];
202 st = session_table_get (table_index);
206 st = session_table_alloc ();
207 st->active_fib_proto = fib_proto;
208 session_table_init (st, fib_proto);
209 vec_validate_init_empty (fib_index_to_table_index[fib_proto], fib_index,
211 table_index = session_table_index (st);
212 fib_index_to_table_index[fib_proto][fib_index] = table_index;
217 clib_spinlock_unlock (&slm->st_alloc_lock);
218 vlib_workers_continue ();
224 static session_table_t *
225 session_table_get_or_alloc_for_connection (transport_connection_t * tc)
228 fib_proto = transport_connection_fib_proto (tc);
229 return session_table_get_or_alloc (fib_proto, tc->fib_index);
232 static session_table_t *
233 session_table_get_for_connection (transport_connection_t * tc)
235 u32 fib_proto = transport_connection_fib_proto (tc);
236 if (vec_len (fib_index_to_table_index[fib_proto]) <= tc->fib_index)
239 session_table_get (fib_index_to_table_index[fib_proto][tc->fib_index]);
242 static session_table_t *
243 session_table_get_for_fib_index (u32 fib_proto, u32 fib_index)
245 if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
247 return session_table_get (fib_index_to_table_index[fib_proto][fib_index]);
251 session_lookup_get_index_for_fib (u32 fib_proto, u32 fib_index)
253 if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
254 return SESSION_TABLE_INVALID_INDEX;
255 return fib_index_to_table_index[fib_proto][fib_index];
259 session_lookup_get_or_alloc_index_for_fib (u32 fib_proto, u32 fib_index)
262 st = session_table_get_or_alloc (fib_proto, fib_index);
263 return session_table_index (st);
267 * Add transport connection to a session table
269 * Session lookup 5-tuple (src-ip, dst-ip, src-port, dst-port, session-type)
270 * is added to requested session table.
272 * @param tc transport connection to be added
273 * @param value value to be stored
275 * @return non-zero if failure
278 session_lookup_add_connection (transport_connection_t * tc, u64 value)
284 st = session_table_get_or_alloc_for_connection (tc);
289 make_v4_ss_kv_from_tc (&kv4, tc);
291 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4,
296 make_v6_ss_kv_from_tc (&kv6, tc);
298 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6,
304 session_lookup_add_session_endpoint (u32 table_index,
305 session_endpoint_t * sep, u64 value)
311 st = session_table_get (table_index);
316 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
317 sep->transport_proto);
319 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 1);
323 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
324 sep->transport_proto);
326 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 1);
331 session_lookup_del_session_endpoint (u32 table_index,
332 session_endpoint_t * sep)
338 st = session_table_get (table_index);
343 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
344 sep->transport_proto);
345 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 0);
349 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
350 sep->transport_proto);
351 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 0);
356 session_lookup_del_session_endpoint2 (session_endpoint_t * sep)
358 fib_protocol_t fib_proto;
363 fib_proto = sep->is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
364 st = session_table_get_for_fib_index (fib_proto, sep->fib_index);
369 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
370 sep->transport_proto);
371 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 0);
375 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
376 sep->transport_proto);
377 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 0);
382 * Delete transport connection from session table
384 * @param table_index session table index
385 * @param tc transport connection to be removed
387 * @return non-zero if failure
390 session_lookup_del_connection (transport_connection_t * tc)
396 st = session_table_get_for_connection (tc);
401 make_v4_ss_kv_from_tc (&kv4, tc);
402 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4,
407 make_v6_ss_kv_from_tc (&kv6, tc);
408 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6,
414 session_lookup_del_session (session_t * s)
416 transport_connection_t *ts;
417 ts = transport_get_connection (session_get_transport_proto (s),
418 s->connection_index, s->thread_index);
419 if (!ts || (ts->flags & TRANSPORT_CONNECTION_F_NO_LOOKUP))
421 return session_lookup_del_connection (ts);
425 session_lookup_action_index_is_valid (u32 action_index)
427 if (action_index == SESSION_RULES_TABLE_ACTION_ALLOW
428 || action_index == SESSION_RULES_TABLE_INVALID_INDEX)
434 session_lookup_action_to_handle (u32 action_index)
436 switch (action_index)
438 case SESSION_RULES_TABLE_ACTION_DROP:
439 return SESSION_DROP_HANDLE;
440 case SESSION_RULES_TABLE_ACTION_ALLOW:
441 case SESSION_RULES_TABLE_INVALID_INDEX:
442 return SESSION_INVALID_HANDLE;
444 /* application index */
450 session_lookup_app_listen_session (u32 app_index, u8 fib_proto,
454 app = application_get_if_valid (app_index);
458 return app_worker_first_listener (application_get_default_worker (app),
459 fib_proto, transport_proto);
463 session_lookup_action_to_session (u32 action_index, u8 fib_proto,
467 app_index = session_lookup_action_to_handle (action_index);
468 /* Nothing sophisticated for now, action index is app index */
469 return session_lookup_app_listen_session (app_index, fib_proto,
475 session_lookup_rules_table_session4 (session_table_t * st, u8 proto,
476 ip4_address_t * lcl, u16 lcl_port,
477 ip4_address_t * rmt, u16 rmt_port)
479 session_rules_table_t *srt = &st->session_rules[proto];
480 u32 action_index, app_index;
481 action_index = session_rules_table_lookup4 (srt, lcl, rmt, lcl_port,
483 app_index = session_lookup_action_to_handle (action_index);
484 /* Nothing sophisticated for now, action index is app index */
485 return session_lookup_app_listen_session (app_index, FIB_PROTOCOL_IP4,
491 session_lookup_rules_table_session6 (session_table_t * st, u8 proto,
492 ip6_address_t * lcl, u16 lcl_port,
493 ip6_address_t * rmt, u16 rmt_port)
495 session_rules_table_t *srt = &st->session_rules[proto];
496 u32 action_index, app_index;
497 action_index = session_rules_table_lookup6 (srt, lcl, rmt, lcl_port,
499 app_index = session_lookup_action_to_handle (action_index);
500 return session_lookup_app_listen_session (app_index, FIB_PROTOCOL_IP6,
505 * Lookup listener for session endpoint in table
507 * @param table_index table where the endpoint should be looked up
508 * @param sep session endpoint to be looked up
509 * @param use_rules flag that indicates if the session rules of the table
511 * @return invalid handle if nothing is found, the handle of a valid listener
512 * or an action derived handle if a rule is hit
515 session_lookup_endpoint_listener (u32 table_index, session_endpoint_t * sep,
518 session_rules_table_t *srt;
523 st = session_table_get (table_index);
525 return SESSION_INVALID_HANDLE;
531 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
532 sep->transport_proto);
533 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
538 clib_memset (&lcl4, 0, sizeof (lcl4));
539 srt = &st->session_rules[sep->transport_proto];
540 ai = session_rules_table_lookup4 (srt, &lcl4, &sep->ip.ip4, 0,
542 if (session_lookup_action_index_is_valid (ai))
543 return session_lookup_action_to_handle (ai);
551 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
552 sep->transport_proto);
553 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
559 clib_memset (&lcl6, 0, sizeof (lcl6));
560 srt = &st->session_rules[sep->transport_proto];
561 ai = session_rules_table_lookup6 (srt, &lcl6, &sep->ip.ip6, 0,
563 if (session_lookup_action_index_is_valid (ai))
564 return session_lookup_action_to_handle (ai);
567 return SESSION_INVALID_HANDLE;
571 * Look up endpoint in local session table
573 * The result, for now, is an application index and it may in the future
574 * be extended to a more complicated "action object". The only action we
575 * emulate now is "drop" and for that we return a special app index.
577 * Lookup logic is to check in order:
578 * - the rules in the table (connect acls)
579 * - session sub-table for a listener
580 * - session sub-table for a local listener (zeroed addr)
582 * @param table_index table where the lookup should be done
583 * @param sep session endpoint to be looked up
584 * @return session handle that can be interpreted as an adjacency
587 session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep)
589 session_rules_table_t *srt;
594 st = session_table_get (table_index);
596 return SESSION_INVALID_INDEX;
597 ASSERT (st->is_local);
605 * Check if endpoint has special rules associated
607 clib_memset (&lcl4, 0, sizeof (lcl4));
608 srt = &st->session_rules[sep->transport_proto];
609 ai = session_rules_table_lookup4 (srt, &lcl4, &sep->ip.ip4, 0,
611 if (session_lookup_action_index_is_valid (ai))
612 return session_lookup_action_to_handle (ai);
615 * Check if session endpoint is a listener
617 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
618 sep->transport_proto);
619 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
624 * Zero out the ip. Logic is that connect to local ips, say
625 * 127.0.0.1:port, can match 0.0.0.0:port
627 if (ip4_is_local_host (&sep->ip.ip4))
630 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
640 * Zero out the port and check if we have proxy
643 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
652 clib_memset (&lcl6, 0, sizeof (lcl6));
653 srt = &st->session_rules[sep->transport_proto];
654 ai = session_rules_table_lookup6 (srt, &lcl6, &sep->ip.ip6, 0,
656 if (session_lookup_action_index_is_valid (ai))
657 return session_lookup_action_to_handle (ai);
659 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
660 sep->transport_proto);
661 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
666 * Zero out the ip. Same logic as above.
669 if (ip6_is_local_host (&sep->ip.ip6))
671 kv6.key[0] = kv6.key[1] = 0;
672 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
678 kv6.key[0] = kv6.key[1] = 0;
682 * Zero out the port. Same logic as above.
684 kv6.key[4] = kv6.key[5] = 0;
685 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
689 return SESSION_INVALID_HANDLE;
692 static inline session_t *
693 session_lookup_listener4_i (session_table_t * st, ip4_address_t * lcl,
694 u16 lcl_port, u8 proto, u8 use_wildcard)
700 * First, try a fully formed listener
702 make_v4_listener_kv (&kv4, lcl, lcl_port, proto);
703 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
705 return listen_session_get ((u32) kv4.value);
708 * Zero out the lcl ip and check if any 0/0 port binds have been done
713 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
715 return listen_session_get ((u32) kv4.value);
723 * Zero out port and check if we have a proxy set up for our ip
725 make_v4_proxy_kv (&kv4, lcl, proto);
726 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
728 return listen_session_get ((u32) kv4.value);
734 session_lookup_listener4 (u32 fib_index, ip4_address_t * lcl, u16 lcl_port,
735 u8 proto, u8 use_wildcard)
738 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
741 return session_lookup_listener4_i (st, lcl, lcl_port, proto, use_wildcard);
745 session_lookup_listener6_i (session_table_t * st, ip6_address_t * lcl,
746 u16 lcl_port, u8 proto, u8 ip_wildcard)
751 make_v6_listener_kv (&kv6, lcl, lcl_port, proto);
752 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
754 return listen_session_get ((u32) kv6.value);
756 /* Zero out the lcl ip */
759 kv6.key[0] = kv6.key[1] = 0;
760 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
762 return listen_session_get ((u32) kv6.value);
766 kv6.key[0] = kv6.key[1] = 0;
769 make_v6_proxy_kv (&kv6, lcl, proto);
770 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
772 return listen_session_get ((u32) kv6.value);
777 session_lookup_listener6 (u32 fib_index, ip6_address_t * lcl, u16 lcl_port,
778 u8 proto, u8 use_wildcard)
781 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
784 return session_lookup_listener6_i (st, lcl, lcl_port, proto, use_wildcard);
788 * Lookup listener, exact or proxy (inaddr_any:0) match
791 session_lookup_listener (u32 table_index, session_endpoint_t * sep)
794 st = session_table_get (table_index);
798 return session_lookup_listener4_i (st, &sep->ip.ip4, sep->port,
799 sep->transport_proto, 0);
801 return session_lookup_listener6_i (st, &sep->ip.ip6, sep->port,
802 sep->transport_proto, 0);
807 * Lookup listener wildcard match
810 session_lookup_listener_wildcard (u32 table_index, session_endpoint_t * sep)
813 st = session_table_get (table_index);
817 return session_lookup_listener4_i (st, &sep->ip.ip4, sep->port,
818 sep->transport_proto,
819 1 /* use_wildcard */ );
821 return session_lookup_listener6_i (st, &sep->ip.ip6, sep->port,
822 sep->transport_proto,
823 1 /* use_wildcard */ );
828 session_lookup_add_half_open (transport_connection_t * tc, u64 value)
834 st = session_table_get_or_alloc_for_connection (tc);
839 make_v4_ss_kv_from_tc (&kv4, tc);
841 return clib_bihash_add_del_16_8 (&st->v4_half_open_hash, &kv4,
846 make_v6_ss_kv_from_tc (&kv6, tc);
848 return clib_bihash_add_del_48_8 (&st->v6_half_open_hash, &kv6,
854 session_lookup_del_half_open (transport_connection_t * tc)
860 st = session_table_get_for_connection (tc);
865 make_v4_ss_kv_from_tc (&kv4, tc);
866 return clib_bihash_add_del_16_8 (&st->v4_half_open_hash, &kv4,
871 make_v6_ss_kv_from_tc (&kv6, tc);
872 return clib_bihash_add_del_48_8 (&st->v6_half_open_hash, &kv6,
878 session_lookup_half_open_handle (transport_connection_t * tc)
885 st = session_table_get_for_fib_index (transport_connection_fib_proto (tc),
888 return HALF_OPEN_LOOKUP_INVALID_VALUE;
891 make_v4_ss_kv (&kv4, &tc->lcl_ip.ip4, &tc->rmt_ip.ip4, tc->lcl_port,
892 tc->rmt_port, tc->proto);
893 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
899 make_v6_ss_kv (&kv6, &tc->lcl_ip.ip6, &tc->rmt_ip.ip6, tc->lcl_port,
900 tc->rmt_port, tc->proto);
901 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
905 return HALF_OPEN_LOOKUP_INVALID_VALUE;
908 transport_connection_t *
909 session_lookup_half_open_connection (u64 handle, u8 proto, u8 is_ip4)
911 if (handle != HALF_OPEN_LOOKUP_INVALID_VALUE)
913 u32 sst = session_type_from_proto_and_ip (proto, is_ip4);
914 return transport_get_half_open (sst, handle & 0xFFFFFFFF);
920 * Lookup connection with ip4 and transport layer information
922 * This is used on the fast path so it needs to be fast. Thereby,
923 * duplication of code and 'hacks' allowed.
925 * The lookup is incremental and returns whenever something is matched. The
927 * - Try to find an established session
928 * - Try to find a half-open connection
929 * - Try session rules table
930 * - Try to find a fully-formed or local source wildcarded (listener bound to
931 * all interfaces) listener session
934 * @param fib_index index of fib wherein the connection was received
935 * @param lcl local ip4 address
936 * @param rmt remote ip4 address
937 * @param lcl_port local port
938 * @param rmt_port remote port
939 * @param proto transport protocol (e.g., tcp, udp)
940 * @param thread_index thread index for request
941 * @param is_filtered return flag that indicates if connection was filtered.
943 * @return pointer to transport connection, if one is found, 0 otherwise
945 transport_connection_t *
946 session_lookup_connection_wt4 (u32 fib_index, ip4_address_t * lcl,
947 ip4_address_t * rmt, u16 lcl_port,
948 u16 rmt_port, u8 proto, u32 thread_index,
957 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
958 if (PREDICT_FALSE (!st))
962 * Lookup session amongst established ones
964 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
965 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
968 if (PREDICT_FALSE ((u32) (kv4.value >> 32) != thread_index))
970 *result = SESSION_LOOKUP_RESULT_WRONG_THREAD;
973 s = session_get (kv4.value & 0xFFFFFFFFULL, thread_index);
974 return transport_get_connection (proto, s->connection_index,
979 * Try half-open connections
981 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
983 return transport_get_half_open (proto, kv4.value & 0xFFFFFFFF);
986 * Check the session rules table
988 action_index = session_rules_table_lookup4 (&st->session_rules[proto], lcl,
989 rmt, lcl_port, rmt_port);
990 if (session_lookup_action_index_is_valid (action_index))
992 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
994 *result = SESSION_LOOKUP_RESULT_FILTERED;
997 if ((s = session_lookup_action_to_session (action_index,
998 FIB_PROTOCOL_IP4, proto)))
999 return transport_get_listener (proto, s->connection_index);
1004 * If nothing is found, check if any listener is available
1006 s = session_lookup_listener4_i (st, lcl, lcl_port, proto, 1);
1008 return transport_get_listener (proto, s->connection_index);
1014 * Lookup connection with ip4 and transport layer information
1016 * Not optimized. Lookup logic is identical to that of
1017 * @ref session_lookup_connection_wt4
1019 * @param fib_index index of the fib wherein the connection was received
1020 * @param lcl local ip4 address
1021 * @param rmt remote ip4 address
1022 * @param lcl_port local port
1023 * @param rmt_port remote port
1024 * @param proto transport protocol (e.g., tcp, udp)
1026 * @return pointer to transport connection, if one is found, 0 otherwise
1028 transport_connection_t *
1029 session_lookup_connection4 (u32 fib_index, ip4_address_t * lcl,
1030 ip4_address_t * rmt, u16 lcl_port, u16 rmt_port,
1033 session_table_t *st;
1039 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
1040 if (PREDICT_FALSE (!st))
1044 * Lookup session amongst established ones
1046 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
1047 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
1050 s = session_get_from_handle (kv4.value);
1051 return transport_get_connection (proto, s->connection_index,
1056 * Try half-open connections
1058 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
1060 return transport_get_half_open (proto, kv4.value & 0xFFFFFFFF);
1063 * Check the session rules table
1065 action_index = session_rules_table_lookup4 (&st->session_rules[proto], lcl,
1066 rmt, lcl_port, rmt_port);
1067 if (session_lookup_action_index_is_valid (action_index))
1069 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1071 if ((s = session_lookup_action_to_session (action_index,
1072 FIB_PROTOCOL_IP4, proto)))
1073 return transport_get_listener (proto, s->connection_index);
1078 * If nothing is found, check if any listener is available
1080 s = session_lookup_listener4_i (st, lcl, lcl_port, proto, 1);
1082 return transport_get_listener (proto, s->connection_index);
1088 * Lookup session with ip4 and transport layer information
1090 * Important note: this may look into another thread's pool table
1092 * Lookup logic is similar to that of @ref session_lookup_connection_wt4 but
1093 * this returns a session as opposed to a transport connection and it does not
1094 * try to lookup half-open sessions.
1096 * Typically used by dgram connections
1099 session_lookup_safe4 (u32 fib_index, ip4_address_t * lcl, ip4_address_t * rmt,
1100 u16 lcl_port, u16 rmt_port, u8 proto)
1102 session_table_t *st;
1108 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
1109 if (PREDICT_FALSE (!st))
1113 * Lookup session amongst established ones
1115 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
1116 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
1118 return session_get_from_handle_safe (kv4.value);
1121 * Check the session rules table
1123 action_index = session_rules_table_lookup4 (&st->session_rules[proto], lcl,
1124 rmt, lcl_port, rmt_port);
1125 if (session_lookup_action_index_is_valid (action_index))
1127 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1129 return session_lookup_action_to_session (action_index, FIB_PROTOCOL_IP4,
1134 * If nothing is found, check if any listener is available
1136 if ((s = session_lookup_listener4_i (st, lcl, lcl_port, proto, 1)))
1143 * Lookup connection with ip6 and transport layer information
1145 * This is used on the fast path so it needs to be fast. Thereby,
1146 * duplication of code and 'hacks' allowed.
1148 * The lookup is incremental and returns whenever something is matched. The
1150 * - Try to find an established session
1151 * - Try to find a half-open connection
1152 * - Try session rules table
1153 * - Try to find a fully-formed or local source wildcarded (listener bound to
1154 * all interfaces) listener session
1157 * @param fib_index index of the fib wherein the connection was received
1158 * @param lcl local ip6 address
1159 * @param rmt remote ip6 address
1160 * @param lcl_port local port
1161 * @param rmt_port remote port
1162 * @param proto transport protocol (e.g., tcp, udp)
1163 * @param thread_index thread index for request
1165 * @return pointer to transport connection, if one is found, 0 otherwise
1167 transport_connection_t *
1168 session_lookup_connection_wt6 (u32 fib_index, ip6_address_t * lcl,
1169 ip6_address_t * rmt, u16 lcl_port,
1170 u16 rmt_port, u8 proto, u32 thread_index,
1173 session_table_t *st;
1179 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1180 if (PREDICT_FALSE (!st))
1183 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1184 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1187 ASSERT ((u32) (kv6.value >> 32) == thread_index);
1188 if (PREDICT_FALSE ((u32) (kv6.value >> 32) != thread_index))
1190 *result = SESSION_LOOKUP_RESULT_WRONG_THREAD;
1193 s = session_get (kv6.value & 0xFFFFFFFFULL, thread_index);
1194 return transport_get_connection (proto, s->connection_index,
1198 /* Try half-open connections */
1199 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
1201 return transport_get_half_open (proto, kv6.value & 0xFFFFFFFF);
1203 /* Check the session rules table */
1204 action_index = session_rules_table_lookup6 (&st->session_rules[proto], lcl,
1205 rmt, lcl_port, rmt_port);
1206 if (session_lookup_action_index_is_valid (action_index))
1208 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1210 *result = SESSION_LOOKUP_RESULT_FILTERED;
1213 if ((s = session_lookup_action_to_session (action_index,
1214 FIB_PROTOCOL_IP6, proto)))
1215 return transport_get_listener (proto, s->connection_index);
1219 /* If nothing is found, check if any listener is available */
1220 s = session_lookup_listener6_i (st, lcl, lcl_port, proto, 1);
1222 return transport_get_listener (proto, s->connection_index);
1228 * Lookup connection with ip6 and transport layer information
1230 * Not optimized. This is used on the fast path so it needs to be fast.
1231 * Thereby, duplication of code and 'hacks' allowed. Lookup logic is identical
1232 * to that of @ref session_lookup_connection_wt4
1234 * @param fib_index index of the fib wherein the connection was received
1235 * @param lcl local ip6 address
1236 * @param rmt remote ip6 address
1237 * @param lcl_port local port
1238 * @param rmt_port remote port
1239 * @param proto transport protocol (e.g., tcp, udp)
1241 * @return pointer to transport connection, if one is found, 0 otherwise
1243 transport_connection_t *
1244 session_lookup_connection6 (u32 fib_index, ip6_address_t * lcl,
1245 ip6_address_t * rmt, u16 lcl_port, u16 rmt_port,
1248 session_table_t *st;
1254 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1255 if (PREDICT_FALSE (!st))
1258 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1259 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1262 s = session_get_from_handle (kv6.value);
1263 return transport_get_connection (proto, s->connection_index,
1267 /* Try half-open connections */
1268 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
1270 return transport_get_half_open (proto, kv6.value & 0xFFFFFFFF);
1272 /* Check the session rules table */
1273 action_index = session_rules_table_lookup6 (&st->session_rules[proto], lcl,
1274 rmt, lcl_port, rmt_port);
1275 if (session_lookup_action_index_is_valid (action_index))
1277 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1279 if ((s = session_lookup_action_to_session (action_index,
1280 FIB_PROTOCOL_IP6, proto)))
1281 return transport_get_listener (proto, s->connection_index);
1285 /* If nothing is found, check if any listener is available */
1286 s = session_lookup_listener6_i (st, lcl, lcl_port, proto, 1);
1288 return transport_get_listener (proto, s->connection_index);
1294 * Lookup session with ip6 and transport layer information
1296 * Important note: this may look into another thread's pool table and
1297 * register as 'peeker'. Caller should call @ref session_pool_remove_peeker as
1298 * if needed as soon as possible.
1300 * Lookup logic is similar to that of @ref session_lookup_connection_wt6 but
1301 * this returns a session as opposed to a transport connection and it does not
1302 * try to lookup half-open sessions.
1304 * Typically used by dgram connections
1307 session_lookup_safe6 (u32 fib_index, ip6_address_t * lcl, ip6_address_t * rmt,
1308 u16 lcl_port, u16 rmt_port, u8 proto)
1310 session_table_t *st;
1316 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1317 if (PREDICT_FALSE (!st))
1320 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1321 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1323 return session_get_from_handle_safe (kv6.value);
1325 /* Check the session rules table */
1326 action_index = session_rules_table_lookup6 (&st->session_rules[proto], lcl,
1327 rmt, lcl_port, rmt_port);
1328 if (session_lookup_action_index_is_valid (action_index))
1330 if (action_index == SESSION_RULES_TABLE_ACTION_DROP)
1332 return session_lookup_action_to_session (action_index, FIB_PROTOCOL_IP6,
1336 /* If nothing is found, check if any listener is available */
1337 if ((s = session_lookup_listener6_i (st, lcl, lcl_port, proto, 1)))
1342 transport_connection_t *
1343 session_lookup_connection (u32 fib_index, ip46_address_t * lcl,
1344 ip46_address_t * rmt, u16 lcl_port, u16 rmt_port,
1345 u8 proto, u8 is_ip4)
1348 return session_lookup_connection4 (fib_index, &lcl->ip4, &rmt->ip4,
1349 lcl_port, rmt_port, proto);
1351 return session_lookup_connection6 (fib_index, &lcl->ip6, &rmt->ip6,
1352 lcl_port, rmt_port, proto);
1356 vnet_session_rule_add_del (session_rule_add_del_args_t *args)
1358 app_namespace_t *app_ns = app_namespace_get (args->appns_index);
1359 session_rules_table_t *srt;
1360 session_table_t *st;
1366 return SESSION_E_INVALID_NS;
1368 if (args->scope > 3)
1369 return SESSION_E_INVALID;
1371 if (args->transport_proto != TRANSPORT_PROTO_TCP
1372 && args->transport_proto != TRANSPORT_PROTO_UDP)
1373 return SESSION_E_INVALID;
1375 if ((args->scope & SESSION_RULE_SCOPE_GLOBAL) || args->scope == 0)
1377 fib_proto = args->table_args.rmt.fp_proto;
1378 fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
1379 st = session_table_get_for_fib_index (fib_proto, fib_index);
1380 srt = &st->session_rules[args->transport_proto];
1381 if ((rv = session_rules_table_add_del (srt, &args->table_args)))
1384 if (args->scope & SESSION_RULE_SCOPE_LOCAL)
1386 clib_memset (&args->table_args.lcl, 0, sizeof (args->table_args.lcl));
1387 args->table_args.lcl.fp_proto = args->table_args.rmt.fp_proto;
1388 args->table_args.lcl_port = 0;
1389 st = app_namespace_get_local_table (app_ns);
1390 srt = &st->session_rules[args->transport_proto];
1391 rv = session_rules_table_add_del (srt, &args->table_args);
1397 * Mark (global) tables as pertaining to app ns
1400 session_lookup_set_tables_appns (app_namespace_t * app_ns)
1402 session_table_t *st;
1406 for (fp = 0; fp < ARRAY_LEN (fib_index_to_table_index); fp++)
1408 fib_index = app_namespace_get_fib_index (app_ns, fp);
1409 st = session_table_get_or_alloc (fp, fib_index);
1411 st->appns_index = app_namespace_index (app_ns);
1416 format_ip4_session_lookup_kvp (u8 * s, va_list * args)
1418 clib_bihash_kv_16_8_t *kvp = va_arg (*args, clib_bihash_kv_16_8_t *);
1419 u32 is_local = va_arg (*args, u32);
1420 v4_connection_key_t *key = (v4_connection_key_t *) kvp->key;
1422 app_worker_t *app_wrk;
1428 session = session_get_from_handle (kvp->value);
1429 app_wrk = app_worker_get (session->app_wrk_index);
1430 app_name = application_name_from_index (app_wrk->app_index);
1431 str = format (0, "[%U] %U:%d->%U:%d", format_transport_proto_short,
1432 key->proto, format_ip4_address, &key->src,
1433 clib_net_to_host_u16 (key->src_port), format_ip4_address,
1434 &key->dst, clib_net_to_host_u16 (key->dst_port));
1435 s = format (s, "%-40v%-30v", str, app_name);
1439 session = session_get_from_handle (kvp->value);
1440 app_wrk = app_worker_get (session->app_wrk_index);
1441 app_name = application_name_from_index (app_wrk->app_index);
1442 str = format (0, "[%U] %U:%d", format_transport_proto_short, key->proto,
1443 format_ip4_address, &key->src,
1444 clib_net_to_host_u16 (key->src_port));
1445 s = format (s, "%-30v%-30v", str, app_name);
1450 typedef struct _ip4_session_table_show_ctx_t
1454 } ip4_session_table_show_ctx_t;
1457 ip4_session_table_show (clib_bihash_kv_16_8_t * kvp, void *arg)
1459 ip4_session_table_show_ctx_t *ctx = arg;
1460 vlib_cli_output (ctx->vm, "%U", format_ip4_session_lookup_kvp, kvp,
1466 session_lookup_show_table_entries (vlib_main_t * vm, session_table_t * table,
1467 u8 type, u8 is_local)
1469 ip4_session_table_show_ctx_t ctx = {
1471 .is_local = is_local,
1474 vlib_cli_output (vm, "%-40s%-30s", "Session", "Application");
1476 vlib_cli_output (vm, "%-30s%-30s", "Listener", "Application");
1481 ip4_session_table_walk (&table->v4_session_hash, ip4_session_table_show,
1485 clib_warning ("not supported");
1489 static clib_error_t *
1490 session_rule_command_fn (vlib_main_t * vm, unformat_input_t * input,
1491 vlib_cli_command_t * cmd)
1493 u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen = 0, rmt_plen = 0;
1494 clib_error_t *error = 0;
1495 u32 appns_index, scope = 0;
1496 ip46_address_t lcl_ip, rmt_ip;
1497 u8 is_ip4 = 1, conn_set = 0;
1498 u8 fib_proto, is_add = 1, *ns_id = 0;
1500 app_namespace_t *app_ns;
1503 session_cli_return_if_not_enabled ();
1505 clib_memset (&lcl_ip, 0, sizeof (lcl_ip));
1506 clib_memset (&rmt_ip, 0, sizeof (rmt_ip));
1507 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1509 if (unformat (input, "del"))
1511 else if (unformat (input, "add"))
1513 else if (unformat (input, "appns %_%v%_", &ns_id))
1515 else if (unformat (input, "scope global"))
1516 scope = SESSION_RULE_SCOPE_GLOBAL;
1517 else if (unformat (input, "scope local"))
1518 scope = SESSION_RULE_SCOPE_LOCAL;
1519 else if (unformat (input, "scope all"))
1520 scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
1521 else if (unformat (input, "proto %U", unformat_transport_proto, &proto))
1523 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
1524 &lcl_ip.ip4, &lcl_plen, &lcl_port,
1525 unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
1531 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
1532 &lcl_ip.ip6, &lcl_plen, &lcl_port,
1533 unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
1539 else if (unformat (input, "action %d", &action))
1541 else if (unformat (input, "tag %_%v%_", &tag))
1545 error = clib_error_return (0, "unknown input `%U'",
1546 format_unformat_error, input);
1553 vlib_cli_output (vm, "proto must be set");
1556 if (is_add && !conn_set && action == ~0)
1558 vlib_cli_output (vm, "connection and action must be set for add");
1561 if (!is_add && !tag && !conn_set)
1563 vlib_cli_output (vm, "connection or tag must be set for delete");
1566 if (vec_len (tag) > SESSION_RULE_TAG_MAX_LEN)
1568 vlib_cli_output (vm, "tag too long (max u64)");
1574 app_ns = app_namespace_get_from_id (ns_id);
1577 vlib_cli_output (vm, "namespace %v does not exist", ns_id);
1583 app_ns = app_namespace_get_default ();
1585 appns_index = app_namespace_index (app_ns);
1587 fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
1588 session_rule_add_del_args_t args = {
1589 .transport_proto = proto,
1590 .table_args.lcl.fp_addr = lcl_ip,
1591 .table_args.lcl.fp_len = lcl_plen,
1592 .table_args.lcl.fp_proto = fib_proto,
1593 .table_args.rmt.fp_addr = rmt_ip,
1594 .table_args.rmt.fp_len = rmt_plen,
1595 .table_args.rmt.fp_proto = fib_proto,
1596 .table_args.lcl_port = lcl_port,
1597 .table_args.rmt_port = rmt_port,
1598 .table_args.action_index = action,
1599 .table_args.is_add = is_add,
1600 .table_args.tag = tag,
1601 .appns_index = appns_index,
1604 if ((rv = vnet_session_rule_add_del (&args)))
1605 error = clib_error_return (0, "rule add del returned %u", rv);
1613 VLIB_CLI_COMMAND (session_rule_command, static) =
1615 .path = "session rule",
1616 .short_help = "session rule [add|del] appns <ns_id> proto <proto> "
1617 "<lcl-ip/plen> <lcl-port> <rmt-ip/plen> <rmt-port> action <action>",
1618 .function = session_rule_command_fn,
1622 session_lookup_dump_rules_table (u32 fib_index, u8 fib_proto,
1625 vlib_main_t *vm = vlib_get_main ();
1626 session_rules_table_t *srt;
1627 session_table_t *st;
1628 st = session_table_get_for_fib_index (fib_index, fib_proto);
1629 srt = &st->session_rules[transport_proto];
1630 session_rules_table_cli_dump (vm, srt, fib_proto);
1634 session_lookup_dump_local_rules_table (u32 table_index, u8 fib_proto,
1637 vlib_main_t *vm = vlib_get_main ();
1638 session_rules_table_t *srt;
1639 session_table_t *st;
1640 st = session_table_get (table_index);
1641 srt = &st->session_rules[transport_proto];
1642 session_rules_table_cli_dump (vm, srt, fib_proto);
1645 static clib_error_t *
1646 show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input,
1647 vlib_cli_command_t * cmd)
1649 u32 transport_proto = ~0, lcl_port, rmt_port, lcl_plen, rmt_plen;
1650 u32 fib_index, scope = 0;
1651 ip46_address_t lcl_ip, rmt_ip;
1652 u8 is_ip4 = 1, show_one = 0;
1653 app_namespace_t *app_ns;
1654 session_rules_table_t *srt;
1655 session_table_t *st;
1656 u8 *ns_id = 0, fib_proto;
1658 session_cli_return_if_not_enabled ();
1660 clib_memset (&lcl_ip, 0, sizeof (lcl_ip));
1661 clib_memset (&rmt_ip, 0, sizeof (rmt_ip));
1662 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1664 if (unformat (input, "%U", unformat_transport_proto, &transport_proto))
1666 else if (unformat (input, "appns %_%v%_", &ns_id))
1668 else if (unformat (input, "scope global"))
1670 else if (unformat (input, "scope local"))
1672 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
1673 &lcl_ip.ip4, &lcl_plen, &lcl_port,
1674 unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
1680 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
1681 &lcl_ip.ip6, &lcl_plen, &lcl_port,
1682 unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
1689 return clib_error_return (0, "unknown input `%U'",
1690 format_unformat_error, input);
1693 if (transport_proto == ~0)
1695 vlib_cli_output (vm, "transport proto must be set");
1701 app_ns = app_namespace_get_from_id (ns_id);
1704 vlib_cli_output (vm, "appns %v doesn't exist", ns_id);
1710 app_ns = app_namespace_get_default ();
1713 if (scope == 1 || scope == 0)
1715 fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
1716 fib_index = is_ip4 ? app_ns->ip4_fib_index : app_ns->ip6_fib_index;
1717 st = session_table_get_for_fib_index (fib_proto, fib_index);
1721 st = app_namespace_get_local_table (app_ns);
1726 srt = &st->session_rules[transport_proto];
1727 session_rules_table_show_rule (vm, srt, &lcl_ip, lcl_port, &rmt_ip,
1732 vlib_cli_output (vm, "%U rules table", format_transport_proto,
1734 srt = &st->session_rules[transport_proto];
1735 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4);
1736 session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP6);
1742 VLIB_CLI_COMMAND (show_session_rules_command, static) =
1744 .path = "show session rules",
1745 .short_help = "show session rules [<proto> appns <id> <lcl-ip/plen> "
1746 "<lcl-port> <rmt-ip/plen> <rmt-port> scope <scope>]",
1747 .function = show_session_rules_command_fn,
1751 format_session_lookup_tables (u8 *s, va_list *args)
1753 u32 fib_proto = va_arg (*args, u32);
1754 u32 *fibs, num_fibs = 0, fib_index, indent;
1755 session_table_t *st;
1758 fibs = fib_index_to_table_index[fib_proto];
1760 for (fib_index = 0; fib_index < vec_len (fibs); fib_index++)
1762 if (fibs[fib_index] == ~0)
1766 st = session_table_get (fibs[fib_index]);
1767 total_mem += session_table_memory_size (st);
1770 indent = format_get_indent (s);
1771 s = format (s, "active fibs:\t%u\n", num_fibs);
1772 s = format (s, "%Umax fib-index:\t%u\n", format_white_space, indent,
1773 vec_len (fibs) - 1);
1774 s = format (s, "%Utable memory:\t%U\n", format_white_space, indent,
1775 format_memory_size, total_mem);
1776 s = format (s, "%Uvec memory:\t%U\n", format_white_space, indent,
1777 format_memory_size, vec_mem_size (fibs));
1782 static clib_error_t *
1783 show_session_lookup_command_fn (vlib_main_t *vm, unformat_input_t *input,
1784 vlib_cli_command_t *cmd)
1786 session_table_t *st;
1789 session_cli_return_if_not_enabled ();
1790 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1792 if (unformat (input, "table %u", &fib_index))
1795 return clib_error_return (0, "unknown input `%U'",
1796 format_unformat_error, input);
1799 if (fib_index != ~0)
1801 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
1803 vlib_cli_output (vm, "%U", format_session_table, st);
1805 vlib_cli_output (vm, "no ip4 table for fib-index %u", fib_index);
1806 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1808 vlib_cli_output (vm, "%U", format_session_table, st);
1810 vlib_cli_output (vm, "no ip6 table for fib-index %u", fib_index);
1814 vlib_cli_output (vm, "ip4 fib lookup tables:\n %U",
1815 format_session_lookup_tables, FIB_PROTOCOL_IP4);
1816 vlib_cli_output (vm, "ip6 fib lookup tables:\n %U",
1817 format_session_lookup_tables, FIB_PROTOCOL_IP6);
1823 VLIB_CLI_COMMAND (show_session_lookup_command, static) = {
1824 .path = "show session lookup",
1825 .short_help = "show session lookup [table <fib-index>]",
1826 .function = show_session_lookup_command_fn,
1830 session_lookup_init (void)
1832 session_lookup_main_t *slm = &sl_main;
1834 clib_spinlock_init (&slm->st_alloc_lock);
1837 * Allocate default table and map it to fib_index 0
1839 session_table_t *st = session_table_alloc ();
1840 vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP4], 0);
1841 fib_index_to_table_index[FIB_PROTOCOL_IP4][0] = session_table_index (st);
1842 st->active_fib_proto = FIB_PROTOCOL_IP4;
1843 session_table_init (st, FIB_PROTOCOL_IP4);
1844 st = session_table_alloc ();
1845 vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP6], 0);
1846 fib_index_to_table_index[FIB_PROTOCOL_IP6][0] = session_table_index (st);
1847 st->active_fib_proto = FIB_PROTOCOL_IP6;
1848 session_table_init (st, FIB_PROTOCOL_IP6);
1852 * fd.io coding-style-patch-verification: ON
1855 * eval: (c-set-style "gnu")