2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 /** Generate typed init functions for multiple hash table styles... */
17 #include <vppinfra/bihash_16_8.h>
18 #include <vppinfra/bihash_template.h>
20 #include <vppinfra/bihash_template.c>
22 #undef __included_bihash_template_h__
24 #include <vppinfra/bihash_48_8.h>
25 #include <vppinfra/bihash_template.h>
27 #include <vppinfra/bihash_template.c>
28 #include <vnet/session/session_lookup.h>
29 #include <vnet/session/session.h>
30 #include <vnet/session/application.h>
33 * External vector of per transport virtual functions table
35 extern transport_proto_vft_t *tp_vfts;
38 * Network namespace index (i.e., fib index) to session lookup table. We
39 * should have one per network protocol type but for now we only support IP4/6
41 static u32 *fib_index_to_table_index[2];
45 typedef CLIB_PACKED (struct {
54 /* align by making this 4 octets even though its a 1-bit field
55 * NOTE: avoid key overlap with other transports that use 5 tuples for
56 * session identification.
62 }) v4_connection_key_t;
64 typedef CLIB_PACKED (struct {
79 }) v6_connection_key_t;
82 typedef clib_bihash_kv_16_8_t session_kv4_t;
83 typedef clib_bihash_kv_48_8_t session_kv6_t;
86 make_v4_ss_kv (session_kv4_t * kv, ip4_address_t * lcl, ip4_address_t * rmt,
87 u16 lcl_port, u16 rmt_port, u8 proto)
89 v4_connection_key_t *key = (v4_connection_key_t *) kv->key;
91 key->src.as_u32 = lcl->as_u32;
92 key->dst.as_u32 = rmt->as_u32;
93 key->src_port = lcl_port;
94 key->dst_port = rmt_port;
101 make_v4_listener_kv (session_kv4_t * kv, ip4_address_t * lcl, u16 lcl_port,
104 v4_connection_key_t *key = (v4_connection_key_t *) kv->key;
106 key->src.as_u32 = lcl->as_u32;
108 key->src_port = lcl_port;
116 make_v4_ss_kv_from_tc (session_kv4_t * kv, transport_connection_t * t)
118 make_v4_ss_kv (kv, &t->lcl_ip.ip4, &t->rmt_ip.ip4, t->lcl_port, t->rmt_port,
119 session_type_from_proto_and_ip (t->proto, 1));
123 make_v6_ss_kv (session_kv6_t * kv, ip6_address_t * lcl, ip6_address_t * rmt,
124 u16 lcl_port, u16 rmt_port, u8 proto)
126 v6_connection_key_t *key = (v6_connection_key_t *) kv->key;
128 key->src.as_u64[0] = lcl->as_u64[0];
129 key->src.as_u64[1] = lcl->as_u64[1];
130 key->dst.as_u64[0] = rmt->as_u64[0];
131 key->dst.as_u64[1] = rmt->as_u64[1];
132 key->src_port = lcl_port;
133 key->dst_port = rmt_port;
141 make_v6_listener_kv (session_kv6_t * kv, ip6_address_t * lcl, u16 lcl_port,
144 v6_connection_key_t *key = (v6_connection_key_t *) kv->key;
146 key->src.as_u64[0] = lcl->as_u64[0];
147 key->src.as_u64[1] = lcl->as_u64[1];
148 key->dst.as_u64[0] = 0;
149 key->dst.as_u64[1] = 0;
150 key->src_port = lcl_port;
159 make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * t)
161 make_v6_ss_kv (kv, &t->lcl_ip.ip6, &t->rmt_ip.ip6, t->lcl_port, t->rmt_port,
162 session_type_from_proto_and_ip (t->proto, 0));
166 static session_table_t *
167 session_table_get_or_alloc_for_connection (transport_connection_t * tc)
170 u32 table_index, fib_proto = transport_connection_fib_proto (tc);
171 if (vec_len (fib_index_to_table_index[fib_proto]) <= tc->fib_index)
173 st = session_table_alloc ();
174 table_index = session_table_index (st);
175 vec_validate (fib_index_to_table_index[fib_proto], tc->fib_index);
176 fib_index_to_table_index[fib_proto][tc->fib_index] = table_index;
181 table_index = fib_index_to_table_index[fib_proto][tc->fib_index];
182 return session_table_get (table_index);
186 static session_table_t *
187 session_table_get_for_connection (transport_connection_t * tc)
189 u32 fib_proto = transport_connection_fib_proto (tc);
190 if (vec_len (fib_index_to_table_index[fib_proto]) <= tc->fib_index)
193 session_table_get (fib_index_to_table_index[fib_proto][tc->fib_index]);
196 static session_table_t *
197 session_table_get_for_fib_index (u32 fib_proto, u32 fib_index)
199 if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
201 return session_table_get (fib_index_to_table_index[fib_proto][fib_index]);
205 session_lookup_get_index_for_fib (u32 fib_proto, u32 fib_index)
207 if (vec_len (fib_index_to_table_index[fib_proto]) <= fib_index)
208 return SESSION_TABLE_INVALID_INDEX;
209 return fib_index_to_table_index[fib_proto][fib_index];
213 * Add transport connection to a session table
215 * Session lookup 5-tuple (src-ip, dst-ip, src-port, dst-port, session-type)
216 * is added to requested session table.
218 * @param tc transport connection to be added
219 * @param value value to be stored
221 * @return non-zero if failure
224 session_lookup_add_connection (transport_connection_t * tc, u64 value)
230 st = session_table_get_or_alloc_for_connection (tc);
235 make_v4_ss_kv_from_tc (&kv4, tc);
237 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4,
242 make_v6_ss_kv_from_tc (&kv6, tc);
244 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6,
250 session_lookup_add_session_endpoint (u32 table_index,
251 session_endpoint_t * sep, u64 value)
257 st = session_table_get (table_index);
262 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
263 sep->transport_proto);
265 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 1);
269 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
270 sep->transport_proto);
272 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 1);
277 session_lookup_del_session_endpoint (u32 table_index,
278 session_endpoint_t * sep)
284 st = session_table_get (table_index);
289 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
290 sep->transport_proto);
291 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4, 0);
295 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
296 sep->transport_proto);
297 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6, 0);
302 * Delete transport connection from session table
304 * @param table_index session table index
305 * @param tc transport connection to be removed
307 * @return non-zero if failure
310 session_lookup_del_connection (transport_connection_t * tc)
316 st = session_table_get_for_connection (tc);
321 make_v4_ss_kv_from_tc (&kv4, tc);
322 return clib_bihash_add_del_16_8 (&st->v4_session_hash, &kv4,
327 make_v6_ss_kv_from_tc (&kv6, tc);
328 return clib_bihash_add_del_48_8 (&st->v6_session_hash, &kv6,
334 session_lookup_del_session (stream_session_t * s)
336 transport_connection_t *ts;
337 ts = tp_vfts[s->session_type].get_connection (s->connection_index,
339 return session_lookup_del_connection (ts);
343 session_lookup_action_to_session (u32 action_index)
345 if (action_index != SESSION_RULES_TABLE_ACTION_DROP)
347 return SESSION_INVALID_INDEX;
350 static stream_session_t *
351 session_lookup_app_listen_session (u32 app_index, u8 fib_proto,
355 app = application_get (app_index);
359 return application_first_listener (app, fib_proto, transport_proto);
363 session_lookup_rules_table4 (session_rules_table_t * srt, u8 proto,
364 ip4_address_t * lcl, u16 lcl_port,
365 ip4_address_t * rmt, u16 rmt_port)
367 u32 action_index, session_index;
368 action_index = session_rules_table_lookup4 (srt, proto, lcl, rmt, lcl_port,
370 session_index = session_lookup_action_to_session (action_index);
371 /* Nothing sophisticated for now, action index is app index */
372 return session_lookup_app_listen_session (session_index, FIB_PROTOCOL_IP4,
377 session_lookup_rules_table6 (session_rules_table_t * srt, u8 proto,
378 ip6_address_t * lcl, u16 lcl_port,
379 ip6_address_t * rmt, u16 rmt_port)
381 u32 action_index, session_index;
382 action_index = session_rules_table_lookup6 (srt, proto, lcl, rmt, lcl_port,
384 session_index = session_lookup_action_to_session (action_index);
385 return session_lookup_app_listen_session (session_index, FIB_PROTOCOL_IP6,
390 session_lookup_session_endpoint (u32 table_index, session_endpoint_t * sep)
400 st = session_table_get (table_index);
402 return SESSION_INVALID_HANDLE;
405 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
406 sep->transport_proto);
407 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
411 memset (&lcl4, 0, sizeof (lcl4));
412 ai = session_rules_table_lookup4 (&st->session_rules,
413 sep->transport_proto, &lcl4,
414 &sep->ip.ip4, 0, sep->port);
415 if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
416 return session_lookup_action_to_session (ai);
420 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
421 sep->transport_proto);
422 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
426 memset (&lcl6, 0, sizeof (lcl6));
427 ai = session_rules_table_lookup6 (&st->session_rules,
428 sep->transport_proto, &lcl6,
429 &sep->ip.ip6, 0, sep->port);
430 if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
431 return session_lookup_action_to_session (ai);
433 return SESSION_INVALID_HANDLE;
437 session_lookup_global_session_endpoint (session_endpoint_t * sep)
448 fib_proto = session_endpoint_fib_proto (sep);
449 table_index = session_lookup_get_index_for_fib (fib_proto, sep->fib_index);
450 st = session_table_get (table_index);
455 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
456 sep->transport_proto);
457 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
459 return session_get_from_handle (kv4.value);
460 memset (&lcl4, 0, sizeof (lcl4));
461 return session_lookup_rules_table4 (&st->session_rules,
462 sep->transport_proto, &lcl4, 0,
463 &sep->ip.ip4, sep->port);
467 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
468 sep->transport_proto);
469 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
471 return session_get_from_handle (kv6.value);
472 memset (&lcl6, 0, sizeof (lcl6));
473 return session_lookup_rules_table6 (&st->session_rules,
474 sep->transport_proto, &lcl6, 0,
475 &sep->ip.ip6, sep->port);
480 session_lookup_local_session_endpoint (u32 table_index,
481 session_endpoint_t * sep)
491 st = session_table_get (table_index);
493 return SESSION_INVALID_INDEX;
496 make_v4_listener_kv (&kv4, &sep->ip.ip4, sep->port,
497 sep->transport_proto);
498 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
500 return (u32) kv4.value;
503 * Zero out the ip. Logic is that connect to local ips, say
504 * 127.0.0.1:port, can match 0.0.0.0:port
507 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
509 return (u32) kv4.value;
511 memset (&lcl4, 0, sizeof (lcl4));
512 ai = session_rules_table_lookup4 (&st->session_rules,
513 sep->transport_proto, &lcl4,
514 &sep->ip.ip4, 0, sep->port);
515 if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
516 return session_lookup_action_to_session (ai);
520 make_v6_listener_kv (&kv6, &sep->ip.ip6, sep->port,
521 sep->transport_proto);
522 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
524 return (u32) kv6.value;
527 * Zero out the ip. Same logic as above.
529 kv6.key[0] = kv6.key[1] = 0;
530 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
532 return (u32) kv6.value;
534 memset (&lcl6, 0, sizeof (lcl6));
535 ai = session_rules_table_lookup6 (&st->session_rules,
536 sep->transport_proto, &lcl6,
537 &sep->ip.ip6, 0, sep->port);
538 if (ai != SESSION_RULES_TABLE_INVALID_INDEX)
539 return session_lookup_action_to_session (ai);
541 return SESSION_INVALID_INDEX;
544 static stream_session_t *
545 session_lookup_listener4_i (session_table_t * st, ip4_address_t * lcl,
546 u16 lcl_port, u8 proto)
551 make_v4_listener_kv (&kv4, lcl, lcl_port, proto);
552 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
554 return session_manager_get_listener (proto, (u32) kv4.value);
556 /* Zero out the lcl ip */
558 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
560 return session_manager_get_listener (proto, (u32) kv4.value);
566 session_lookup_listener4 (u32 fib_index, ip4_address_t * lcl, u16 lcl_port,
570 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
573 return session_lookup_listener4_i (st, lcl, lcl_port, proto);
576 static stream_session_t *
577 session_lookup_listener6_i (session_table_t * st, ip6_address_t * lcl,
578 u16 lcl_port, u8 proto)
583 make_v6_listener_kv (&kv6, lcl, lcl_port, proto);
584 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
586 return session_manager_get_listener (proto, (u32) kv6.value);
588 /* Zero out the lcl ip */
589 kv6.key[0] = kv6.key[1] = 0;
590 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
592 return session_manager_get_listener (proto, (u32) kv6.value);
598 session_lookup_listener6 (u32 fib_index, ip6_address_t * lcl, u16 lcl_port,
602 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
605 return session_lookup_listener6_i (st, lcl, lcl_port, proto);
609 session_lookup_listener (u32 table_index, session_endpoint_t * sep)
612 st = session_table_get (table_index);
616 return session_lookup_listener4_i (st, &sep->ip.ip4, sep->port,
617 sep->transport_proto);
619 return session_lookup_listener6_i (st, &sep->ip.ip6, sep->port,
620 sep->transport_proto);
625 session_lookup_add_half_open (transport_connection_t * tc, u64 value)
631 st = session_table_get_or_alloc_for_connection (tc);
636 make_v4_ss_kv_from_tc (&kv4, tc);
638 return clib_bihash_add_del_16_8 (&st->v4_half_open_hash, &kv4,
643 make_v6_ss_kv_from_tc (&kv6, tc);
645 return clib_bihash_add_del_48_8 (&st->v6_half_open_hash, &kv6,
651 session_lookup_del_half_open (transport_connection_t * tc)
657 st = session_table_get_for_connection (tc);
662 make_v4_ss_kv_from_tc (&kv4, tc);
663 return clib_bihash_add_del_16_8 (&st->v4_half_open_hash, &kv4,
668 make_v6_ss_kv_from_tc (&kv6, tc);
669 return clib_bihash_add_del_48_8 (&st->v6_half_open_hash, &kv6,
675 session_lookup_half_open_handle (transport_connection_t * tc)
682 st = session_table_get_for_fib_index (transport_connection_fib_proto (tc),
685 return HALF_OPEN_LOOKUP_INVALID_VALUE;
688 make_v4_ss_kv (&kv4, &tc->lcl_ip.ip4, &tc->rmt_ip.ip4, tc->lcl_port,
689 tc->rmt_port, tc->proto);
690 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
696 make_v6_ss_kv (&kv6, &tc->lcl_ip.ip6, &tc->rmt_ip.ip6, tc->lcl_port,
697 tc->rmt_port, tc->proto);
698 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
702 return HALF_OPEN_LOOKUP_INVALID_VALUE;
705 transport_connection_t *
706 session_lookup_half_open_connection (u64 handle, u8 proto, u8 is_ip4)
710 if (handle != HALF_OPEN_LOOKUP_INVALID_VALUE)
712 sst = session_type_from_proto_and_ip (proto, is_ip4);
713 return tp_vfts[sst].get_half_open (handle & 0xFFFFFFFF);
718 transport_connection_t *
719 session_lookup_rules_table_connection4 (session_rules_table_t * srt, u8 proto,
720 ip4_address_t * lcl, u16 lcl_port,
721 ip4_address_t * rmt, u16 rmt_port)
724 s = session_lookup_rules_table4 (srt, proto, lcl, lcl_port, rmt, rmt_port);
726 return tp_vfts[s->session_type].get_listener (s->connection_index);
730 transport_connection_t *
731 session_lookup_rules_table_connection6 (session_rules_table_t * srt, u8 proto,
732 ip6_address_t * lcl, u16 lcl_port,
733 ip6_address_t * rmt, u16 rmt_port)
736 s = session_lookup_rules_table6 (srt, proto, lcl, lcl_port, rmt, rmt_port);
738 return tp_vfts[s->session_type].get_listener (s->connection_index);
743 * Lookup connection with ip4 and transport layer information
745 * This is used on the fast path so it needs to be fast. Thereby,
746 * duplication of code and 'hacks' allowed.
748 * The lookup is incremental and returns whenever something is matched. The
750 * - Try to find an established session
751 * - Try to find a fully-formed or local source wildcarded (listener bound to
752 * all interfaces) listener session
753 * - Try to find a half-open connection
754 * - Try session rules table
757 * @param fib_index index of fib wherein the connection was received
758 * @param lcl local ip4 address
759 * @param rmt remote ip4 address
760 * @param lcl_port local port
761 * @param rmt_port remote port
762 * @param proto transport protocol (e.g., tcp, udp)
763 * @param thread_index thread index for request
765 * @return pointer to transport connection, if one is found, 0 otherwise
767 transport_connection_t *
768 session_lookup_connection_wt4 (u32 fib_index, ip4_address_t * lcl,
769 ip4_address_t * rmt, u16 lcl_port,
770 u16 rmt_port, u8 proto, u32 thread_index)
777 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
778 if (PREDICT_FALSE (!st))
781 /* Lookup session amongst established ones */
782 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
783 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
786 ASSERT ((u32) (kv4.value >> 32) == thread_index);
787 s = session_get (kv4.value & 0xFFFFFFFFULL, thread_index);
788 return tp_vfts[s->session_type].get_connection (s->connection_index,
792 /* If nothing is found, check if any listener is available */
793 s = session_lookup_listener4_i (st, lcl, lcl_port, proto);
795 return tp_vfts[s->session_type].get_listener (s->connection_index);
797 /* Try half-open connections */
798 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
801 u32 sst = session_type_from_proto_and_ip (proto, 1);
802 return tp_vfts[sst].get_half_open (kv4.value & 0xFFFFFFFF);
805 /* Check the session rules table */
806 return session_lookup_rules_table_connection4 (&st->session_rules, proto,
812 * Lookup connection with ip4 and transport layer information
814 * Not optimized. This is used on the fast path so it needs to be fast.
815 * Thereby, duplication of code and 'hacks' allowed. Lookup logic is identical
816 * to that of @ref session_lookup_connection_wt4
818 * @param fib_index index of the fib wherein the connection was received
819 * @param lcl local ip4 address
820 * @param rmt remote ip4 address
821 * @param lcl_port local port
822 * @param rmt_port remote port
823 * @param proto transport protocol (e.g., tcp, udp)
825 * @return pointer to transport connection, if one is found, 0 otherwise
827 transport_connection_t *
828 session_lookup_connection4 (u32 fib_index, ip4_address_t * lcl,
829 ip4_address_t * rmt, u16 lcl_port, u16 rmt_port,
837 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
838 if (PREDICT_FALSE (!st))
841 /* Lookup session amongst established ones */
842 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
843 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
846 s = session_get_from_handle (kv4.value);
847 return tp_vfts[s->session_type].get_connection (s->connection_index,
851 /* If nothing is found, check if any listener is available */
852 s = session_lookup_listener4_i (st, lcl, lcl_port, proto);
854 return tp_vfts[s->session_type].get_listener (s->connection_index);
856 /* Finally, try half-open connections */
857 rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
860 u32 sst = session_type_from_proto_and_ip (proto, 1);
861 return tp_vfts[sst].get_half_open (kv4.value & 0xFFFFFFFF);
863 /* Check the session rules table */
864 return session_lookup_rules_table_connection4 (&st->session_rules, proto,
870 * Lookup session with ip4 and transport layer information
872 * Important note: this may look into another thread's pool table and
873 * register as 'peeker'. Caller should call @ref session_pool_remove_peeker as
874 * if needed as soon as possible.
876 * Lookup logic is similar to that of @ref session_lookup_connection_wt4 but
877 * this returns a session as opposed to a transport connection and it does not
878 * try to lookup half-open sessions.
880 * Typically used by dgram connections
883 session_lookup_safe4 (u32 fib_index, ip4_address_t * lcl, ip4_address_t * rmt,
884 u16 lcl_port, u16 rmt_port, u8 proto)
891 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP4, fib_index);
892 if (PREDICT_FALSE (!st))
895 /* Lookup session amongst established ones */
896 make_v4_ss_kv (&kv4, lcl, rmt, lcl_port, rmt_port, proto);
897 rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
899 return session_get_from_handle_safe (kv4.value);
901 /* If nothing is found, check if any listener is available */
902 if ((s = session_lookup_listener4_i (st, lcl, lcl_port, proto)))
904 return session_lookup_rules_table4 (&st->session_rules, proto, lcl,
905 lcl_port, rmt, rmt_port);
909 * Lookup connection with ip6 and transport layer information
911 * This is used on the fast path so it needs to be fast. Thereby,
912 * duplication of code and 'hacks' allowed.
914 * The lookup is incremental and returns whenever something is matched. The
916 * - Try to find an established session
917 * - Try to find a fully-formed or local source wildcarded (listener bound to
918 * all interfaces) listener session
919 * - Try to find a half-open connection
920 * - Try session rules table
923 * @param fib_index index of the fib wherein the connection was received
924 * @param lcl local ip6 address
925 * @param rmt remote ip6 address
926 * @param lcl_port local port
927 * @param rmt_port remote port
928 * @param proto transport protocol (e.g., tcp, udp)
929 * @param thread_index thread index for request
931 * @return pointer to transport connection, if one is found, 0 otherwise
933 transport_connection_t *
934 session_lookup_connection_wt6 (u32 fib_index, ip6_address_t * lcl,
935 ip6_address_t * rmt, u16 lcl_port,
936 u16 rmt_port, u8 proto, u32 thread_index)
943 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
944 if (PREDICT_FALSE (!st))
947 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
948 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
951 ASSERT ((u32) (kv6.value >> 32) == thread_index);
952 s = session_get (kv6.value & 0xFFFFFFFFULL, thread_index);
953 return tp_vfts[s->session_type].get_connection (s->connection_index,
957 /* If nothing is found, check if any listener is available */
958 s = session_lookup_listener6_i (st, lcl, lcl_port, proto);
960 return tp_vfts[s->session_type].get_listener (s->connection_index);
962 /* Finally, try half-open connections */
963 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
966 u32 sst = session_type_from_proto_and_ip (proto, 1);
967 return tp_vfts[sst].get_half_open (kv6.value & 0xFFFFFFFF);
970 return session_lookup_rules_table_connection6 (&st->session_rules, proto,
976 * Lookup connection with ip6 and transport layer information
978 * Not optimized. This is used on the fast path so it needs to be fast.
979 * Thereby, duplication of code and 'hacks' allowed. Lookup logic is identical
980 * to that of @ref session_lookup_connection_wt4
982 * @param fib_index index of the fib wherein the connection was received
983 * @param lcl local ip6 address
984 * @param rmt remote ip6 address
985 * @param lcl_port local port
986 * @param rmt_port remote port
987 * @param proto transport protocol (e.g., tcp, udp)
989 * @return pointer to transport connection, if one is found, 0 otherwise
991 transport_connection_t *
992 session_lookup_connection6 (u32 fib_index, ip6_address_t * lcl,
993 ip6_address_t * rmt, u16 lcl_port, u16 rmt_port,
1001 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1002 if (PREDICT_FALSE (!st))
1005 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1006 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1009 s = session_get_from_handle (kv6.value);
1010 return tp_vfts[s->session_type].get_connection (s->connection_index,
1014 /* If nothing is found, check if any listener is available */
1015 s = session_lookup_listener6 (fib_index, lcl, lcl_port, proto);
1017 return tp_vfts[s->session_type].get_listener (s->connection_index);
1019 /* Finally, try half-open connections */
1020 rv = clib_bihash_search_inline_48_8 (&st->v6_half_open_hash, &kv6);
1023 u32 sst = session_type_from_proto_and_ip (proto, 1);
1024 return tp_vfts[sst].get_half_open (kv6.value & 0xFFFFFFFF);
1027 return session_lookup_rules_table_connection6 (&st->session_rules, proto,
1033 * Lookup session with ip6 and transport layer information
1035 * Important note: this may look into another thread's pool table and
1036 * register as 'peeker'. Caller should call @ref session_pool_remove_peeker as
1037 * if needed as soon as possible.
1039 * Lookup logic is similar to that of @ref session_lookup_connection_wt6 but
1040 * this returns a session as opposed to a transport connection and it does not
1041 * try to lookup half-open sessions.
1043 * Typically used by dgram connections
1046 session_lookup_safe6 (u32 fib_index, ip6_address_t * lcl, ip6_address_t * rmt,
1047 u16 lcl_port, u16 rmt_port, u8 proto)
1049 session_table_t *st;
1051 stream_session_t *s;
1054 st = session_table_get_for_fib_index (FIB_PROTOCOL_IP6, fib_index);
1055 if (PREDICT_FALSE (!st))
1058 make_v6_ss_kv (&kv6, lcl, rmt, lcl_port, rmt_port, proto);
1059 rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
1061 return session_get_from_handle_safe (kv6.value);
1063 /* If nothing is found, check if any listener is available */
1064 if ((s = session_lookup_listener6_i (st, lcl, lcl_port, proto)))
1066 return session_lookup_rules_table6 (&st->session_rules, proto, lcl,
1067 lcl_port, rmt, rmt_port);
1071 session_lookup_local_listener_make_handle (session_endpoint_t * sep)
1073 return ((u64) SESSION_LOCAL_TABLE_PREFIX << 32
1074 | (u32) sep->port << 16 | (u32) sep->transport_proto << 8
1075 | (u32) sep->is_ip4);
1079 session_lookup_local_is_handle (u64 handle)
1081 if (handle >> 32 == SESSION_LOCAL_TABLE_PREFIX)
1087 session_lookup_local_listener_parse_handle (u64 handle,
1088 session_endpoint_t * sep)
1090 u32 local_table_handle;
1091 if (handle >> 32 != SESSION_LOCAL_TABLE_PREFIX)
1093 local_table_handle = handle & 0xFFFFFFFFULL;
1094 sep->is_ip4 = local_table_handle & 0xff;
1095 local_table_handle >>= 8;
1096 sep->transport_proto = local_table_handle & 0xff;
1097 sep->port = local_table_handle >> 8;
1102 vnet_session_rule_add_del (session_rule_add_del_args_t * args)
1104 app_namespace_t *app_ns = app_namespace_get (args->appns_index);
1105 session_table_t *st;
1108 clib_error_t *error;
1111 return clib_error_return_code (0, VNET_API_ERROR_APP_INVALID_NS, 0,
1113 if (args->scope > 3)
1114 return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
1116 if ((args->scope & SESSION_RULE_SCOPE_GLOBAL) || args->scope == 0)
1118 fib_proto = args->table_args.rmt.fp_proto;
1119 fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
1120 st = session_table_get_for_fib_index (fib_proto, fib_index);
1121 if ((error = session_rules_table_add_del (&st->session_rules,
1122 &args->table_args)))
1125 if (args->scope & SESSION_RULE_SCOPE_LOCAL)
1127 st = app_namespace_get_local_table (app_ns);
1128 error = session_rules_table_add_del (&st->session_rules,
1135 format_ip4_session_lookup_kvp (u8 * s, va_list * args)
1137 clib_bihash_kv_16_8_t *kvp = va_arg (*args, clib_bihash_kv_16_8_t *);
1138 u32 is_local = va_arg (*args, u32);
1139 u8 *app_name, *str = 0;
1140 stream_session_t *session;
1141 v4_connection_key_t *key = (v4_connection_key_t *) kvp->key;
1143 char *proto = key->proto == TRANSPORT_PROTO_TCP ? "T" : "U";
1146 session = session_get_from_handle (kvp->value);
1147 app_name = application_name_from_index (session->app_index);
1148 str = format (0, "[%s] %U:%d->%U:%d", proto, format_ip4_address,
1149 &key->src, clib_net_to_host_u16 (key->src_port),
1150 format_ip4_address, &key->dst,
1151 clib_net_to_host_u16 (key->dst_port));
1152 s = format (s, "%-40v%-30v", str, app_name);
1156 app_name = application_name_from_index (kvp->value);
1157 str = format (0, "[%s] %U:%d", proto, format_ip4_address,
1158 &key->src, clib_net_to_host_u16 (key->src_port));
1159 s = format (s, "%-30v%-30v", str, app_name);
1161 vec_free (app_name);
1165 typedef struct _ip4_session_table_show_ctx_t
1169 } ip4_session_table_show_ctx_t;
1172 ip4_session_table_show (clib_bihash_kv_16_8_t * kvp, void *arg)
1174 ip4_session_table_show_ctx_t *ctx = arg;
1175 vlib_cli_output (ctx->vm, "%U", format_ip4_session_lookup_kvp, kvp,
1181 session_lookup_show_table_entries (vlib_main_t * vm, session_table_t * table,
1182 u8 type, u8 is_local)
1184 ip4_session_table_show_ctx_t ctx = {
1186 .is_local = is_local,
1189 vlib_cli_output (vm, "%-40s%-30s", "Session", "Application");
1191 vlib_cli_output (vm, "%-30s%-30s", "Listener", "Application");
1196 ip4_session_table_walk (&table->v4_session_hash, ip4_session_table_show,
1200 clib_warning ("not supported");
1204 static clib_error_t *
1205 session_rule_command_fn (vlib_main_t * vm, unformat_input_t * input,
1206 vlib_cli_command_t * cmd)
1208 u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen, rmt_plen;
1209 u32 appns_index, scope = 0;
1210 ip46_address_t lcl_ip, rmt_ip;
1211 u8 is_ip4 = 1, conn_set = 0;
1212 u8 fib_proto, is_add = 1, *ns_id = 0;
1213 app_namespace_t *app_ns;
1215 memset (&lcl_ip, 0, sizeof (lcl_ip));
1216 memset (&rmt_ip, 0, sizeof (rmt_ip));
1217 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1219 if (unformat (input, "del"))
1221 else if (unformat (input, "add"))
1223 else if (unformat (input, "appns %_%v%_", &ns_id))
1225 else if (unformat (input, "scope global"))
1226 scope = SESSION_RULE_SCOPE_GLOBAL;
1227 else if (unformat (input, "scope local"))
1228 scope = SESSION_RULE_SCOPE_LOCAL;
1229 else if (unformat (input, "scope all"))
1230 scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
1231 else if (unformat (input, "proto %U", unformat_transport_proto, &proto))
1233 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
1234 &lcl_ip.ip4, &lcl_plen, &lcl_port,
1235 unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
1241 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
1242 &lcl_ip.ip6, &lcl_plen, &lcl_port,
1243 unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
1249 else if (unformat (input, "action %d", &action))
1252 return clib_error_return (0, "unknown input `%U'",
1253 format_unformat_error, input);
1256 if (proto == ~0 || !conn_set || action == ~0)
1257 return clib_error_return (0, "proto, connection and action must be set");
1261 app_ns = app_namespace_get_from_id (ns_id);
1263 return clib_error_return (0, "namespace %v does not exist", ns_id);
1267 app_ns = app_namespace_get_default ();
1269 appns_index = app_namespace_index (app_ns);
1271 fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
1272 session_rule_add_del_args_t args = {
1273 .table_args.lcl.fp_addr = lcl_ip,
1274 .table_args.lcl.fp_len = lcl_plen,
1275 .table_args.lcl.fp_proto = fib_proto,
1276 .table_args.rmt.fp_addr = rmt_ip,
1277 .table_args.rmt.fp_len = rmt_plen,
1278 .table_args.rmt.fp_proto = fib_proto,
1279 .table_args.lcl_port = lcl_port,
1280 .table_args.rmt_port = rmt_port,
1281 .table_args.action_index = action,
1282 .table_args.is_add = is_add,
1283 .appns_index = appns_index,
1286 return vnet_session_rule_add_del (&args);
1290 VLIB_CLI_COMMAND (session_rule_command, static) =
1292 .path = "session rule",
1293 .short_help = "session rule [add|del] appns <ns_id> proto <proto> "
1294 "<lcl-ip/plen> <lcl-port> <rmt-ip/plen> <rmt-port> action <action>",
1295 .function = session_rule_command_fn,
1300 session_lookup_dump_rules_table (u32 fib_index, u8 fib_proto,
1303 vlib_main_t *vm = vlib_get_main ();
1304 session_table_t *st;
1305 st = session_table_get_for_fib_index (fib_index, fib_proto);
1306 session_rules_table_cli_dump (vm, &st->session_rules, fib_proto,
1311 session_lookup_dump_local_rules_table (u32 table_index, u8 fib_proto,
1314 vlib_main_t *vm = vlib_get_main ();
1315 session_table_t *st;
1316 st = session_table_get (table_index);
1317 session_rules_table_cli_dump (vm, &st->session_rules, fib_proto,
1321 static clib_error_t *
1322 show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input,
1323 vlib_cli_command_t * cmd)
1325 u32 transport_proto = ~0, lcl_port, rmt_port, lcl_plen, rmt_plen;
1326 u32 fib_index, scope = 0;
1327 ip46_address_t lcl_ip, rmt_ip;
1328 u8 is_ip4 = 1, show_one = 0;
1329 app_namespace_t *app_ns;
1330 session_table_t *st;
1331 u8 *ns_id = 0, fib_proto;
1333 memset (&lcl_ip, 0, sizeof (lcl_ip));
1334 memset (&rmt_ip, 0, sizeof (rmt_ip));
1335 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1337 if (unformat (input, "%U", unformat_transport_proto, &transport_proto))
1339 else if (unformat (input, "appns %_%v%_", &ns_id))
1341 else if (unformat (input, "scope global"))
1343 else if (unformat (input, "scope local"))
1345 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
1346 &lcl_ip.ip4, &lcl_plen, &lcl_port,
1347 unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
1353 else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
1354 &lcl_ip.ip6, &lcl_plen, &lcl_port,
1355 unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
1362 return clib_error_return (0, "unknown input `%U'",
1363 format_unformat_error, input);
1366 if (transport_proto == ~0)
1368 vlib_cli_output (vm, "transport proto must be set");
1374 app_ns = app_namespace_get_from_id (ns_id);
1377 vlib_cli_output (vm, "appns %v doesn't exist", ns_id);
1383 app_ns = app_namespace_get_default ();
1386 if (scope == 1 || scope == 0)
1388 fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
1389 fib_index = is_ip4 ? app_ns->ip4_fib_index : app_ns->ip6_fib_index;
1390 st = session_table_get_for_fib_index (fib_proto, fib_index);
1394 st = app_namespace_get_local_table (app_ns);
1399 session_rules_table_show_rule (vm, &st->session_rules, transport_proto,
1400 &lcl_ip, lcl_port, &rmt_ip, rmt_port,
1405 session_rules_table_cli_dump (vm, &st->session_rules, FIB_PROTOCOL_IP4,
1407 session_rules_table_cli_dump (vm, &st->session_rules, FIB_PROTOCOL_IP6,
1415 VLIB_CLI_COMMAND (show_session_rules_command, static) =
1417 .path = "show session rules",
1418 .short_help = "show session rules [appns <id> proto <proto> <lcl-ip/plen>"
1419 " <lcl-port> <rmt-ip/plen> <rmt-port>]",
1420 .function = show_session_rules_command_fn,
1425 session_lookup_init (void)
1428 * Allocate default table and map it to fib_index 0
1430 session_table_t *st = session_table_alloc ();
1431 vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP4], 0);
1432 fib_index_to_table_index[FIB_PROTOCOL_IP4][0] = session_table_index (st);
1433 session_table_init (st);
1434 st = session_table_alloc ();
1435 vec_validate (fib_index_to_table_index[FIB_PROTOCOL_IP6], 0);
1436 fib_index_to_table_index[FIB_PROTOCOL_IP6][0] = session_table_index (st);
1437 session_table_init (st);
1441 * fd.io coding-style-patch-verification: ON
1444 * eval: (c-set-style "gnu")