2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/session/mma_16.h>
17 #include <vnet/session/mma_template.c>
18 #include <vnet/session/mma_40.h>
19 #include <vnet/session/mma_template.c>
20 #include <vnet/session/session_rules_table.h>
21 #include <vnet/session/transport.h>
24 fib_pref_normalize (fib_prefix_t * pref)
26 if (pref->fp_proto == FIB_PROTOCOL_IP4)
27 ip4_address_normalize (&pref->fp_addr.ip4, pref->fp_len);
29 ip6_address_normalize (&pref->fp_addr.ip6, pref->fp_len);
33 format_session_rule4 (u8 * s, va_list * args)
35 mma_rules_table_16_t *srt = va_arg (*args, mma_rules_table_16_t *);
36 mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
37 session_mask_or_match_4_t *mask, *match;
40 match = (session_mask_or_match_4_t *) & sr->match;
41 mask = (session_mask_or_match_4_t *) & sr->mask;
43 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d",
44 mma_rules_table_rule_index_16 (srt, sr), format_ip4_address,
46 ip4_mask_to_preflen (&mask->lcl_ip),
47 match->lcl_port, format_ip4_address, &match->rmt_ip,
48 ip4_mask_to_preflen (&mask->rmt_ip),
49 match->rmt_port, sr->action_index);
50 if (vec_len (sr->next_indices))
52 s = format (s, "\n children: ");
53 for (i = 0; i < vec_len (sr->next_indices); i++)
54 s = format (s, "%d ", sr->next_indices[i]);
60 format_session_rule6 (u8 * s, va_list * args)
62 mma_rules_table_40_t *srt = va_arg (*args, mma_rules_table_40_t *);
63 mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
64 session_mask_or_match_6_t *mask, *match;
67 match = (session_mask_or_match_6_t *) & sr->match;
68 mask = (session_mask_or_match_6_t *) & sr->mask;
70 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d",
71 mma_rules_table_rule_index_40 (srt, sr), format_ip6_address,
72 &match->lcl_ip, ip6_mask_to_preflen (&mask->lcl_ip),
73 match->lcl_port, format_ip6_address, &match->rmt_ip,
74 ip6_mask_to_preflen (&mask->rmt_ip), match->rmt_port,
76 if (vec_len (sr->next_indices))
78 s = format (s, "\n children: ");
79 for (i = 0; i < vec_len (sr->next_indices); i++)
80 s = format (s, "%d ", sr->next_indices[i]);
86 session_rules_table_get (session_rules_table_t * srt, u8 transport_proto,
89 if (fib_proto == FIB_PROTOCOL_IP4)
90 return &srt->session_rules_tables_16[transport_proto];
91 else if (fib_proto == FIB_PROTOCOL_IP6)
92 return &srt->session_rules_tables_40[transport_proto];
97 rule_cmp_16 (mma_rule_16_t * rule1, mma_rule_16_t * rule2)
99 session_mask_or_match_4_t *m1, *m2;
101 m1 = (session_mask_or_match_4_t *) & rule1->max_match;
102 m2 = (session_mask_or_match_4_t *) & rule2->max_match;
103 if (m1->rmt_ip.as_u32 != m2->rmt_ip.as_u32)
104 return (m1->rmt_ip.as_u32 < m2->rmt_ip.as_u32 ? -1 : 1);
105 if (m1->lcl_ip.as_u32 != m2->lcl_ip.as_u32)
106 return (m1->lcl_ip.as_u32 < m2->lcl_ip.as_u32 ? -1 : 1);
107 if (m1->rmt_port != m2->rmt_port)
108 return (m1->rmt_port < m2->rmt_port ? -1 : 1);
109 if (m1->lcl_port != m2->lcl_port)
110 return (m1->lcl_port < m2->lcl_port ? -1 : 1);
115 rule_cmp_40 (mma_rule_40_t * rule1, mma_rule_40_t * rule2)
117 session_mask_or_match_6_t *r1, *r2;
118 r1 = (session_mask_or_match_6_t *) & rule1->max_match;
119 r2 = (session_mask_or_match_6_t *) & rule2->max_match;
120 if (r1->rmt_ip.as_u64[0] != r2->rmt_ip.as_u64[0])
121 return (r1->rmt_ip.as_u64[0] < r2->rmt_ip.as_u64[0] ? -1 : 1);
122 if (r1->rmt_ip.as_u64[1] != r2->rmt_ip.as_u64[1])
123 return (r1->rmt_ip.as_u64[1] < r2->rmt_ip.as_u64[1] ? -1 : 1);
124 if (r1->lcl_ip.as_u64[0] != r2->lcl_ip.as_u64[0])
125 return (r1->lcl_ip.as_u64[0] < r2->lcl_ip.as_u64[0] ? -1 : 1);
126 if (r1->lcl_ip.as_u64[1] != r2->lcl_ip.as_u64[1])
127 return (r1->lcl_ip.as_u64[1] < r2->lcl_ip.as_u64[1]) ? -1 : 1;
128 if (r1->rmt_port != r2->rmt_port)
129 return (r1->rmt_port < r2->rmt_port ? -1 : 1);
130 if (r1->lcl_port != r2->lcl_port)
131 return (r1->lcl_port < r2->lcl_port ? -1 : 1);
136 session_rules_table_init_rule_16 (mma_rule_16_t * rule,
137 fib_prefix_t * lcl, u16 lcl_port,
138 fib_prefix_t * rmt, u16 rmt_port)
140 session_mask_or_match_4_t *match, *mask, *max_match;
141 fib_pref_normalize (lcl);
142 fib_pref_normalize (rmt);
143 match = (session_mask_or_match_4_t *) & rule->match;
144 match->lcl_ip.as_u32 = lcl->fp_addr.ip4.as_u32;
145 match->rmt_ip.as_u32 = rmt->fp_addr.ip4.as_u32;
146 match->lcl_port = lcl_port;
147 match->rmt_port = rmt_port;
148 mask = (session_mask_or_match_4_t *) & rule->mask;
149 ip4_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
150 ip4_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
151 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
152 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
153 max_match = (session_mask_or_match_4_t *) & rule->max_match;
154 ip4_prefix_max_address_host_order (&rmt->fp_addr.ip4, rmt->fp_len,
156 ip4_prefix_max_address_host_order (&lcl->fp_addr.ip4, lcl->fp_len,
158 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
159 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
163 session_rules_table_init_rule_40 (mma_rule_40_t * rule,
164 fib_prefix_t * lcl, u16 lcl_port,
165 fib_prefix_t * rmt, u16 rmt_port)
167 session_mask_or_match_6_t *match, *mask, *max_match;
168 fib_pref_normalize (lcl);
169 fib_pref_normalize (rmt);
170 match = (session_mask_or_match_6_t *) & rule->match;
171 clib_memcpy (&match->lcl_ip, &lcl->fp_addr.ip6, sizeof (match->lcl_ip));
172 clib_memcpy (&match->rmt_ip, &rmt->fp_addr.ip6, sizeof (match->rmt_ip));
173 match->lcl_port = lcl_port;
174 match->rmt_port = rmt_port;
175 mask = (session_mask_or_match_6_t *) & rule->mask;
176 ip6_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
177 ip6_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
178 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
179 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
180 max_match = (session_mask_or_match_6_t *) & rule->max_match;
181 ip6_prefix_max_address_host_order (&rmt->fp_addr.ip6, rmt->fp_len,
183 ip6_prefix_max_address_host_order (&lcl->fp_addr.ip6, lcl->fp_len,
185 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
186 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
190 session_rules_table_alloc_rule_16 (mma_rules_table_16_t * srt,
191 fib_prefix_t * lcl, u16 lcl_port,
192 fib_prefix_t * rmt, u16 rmt_port)
194 mma_rule_16_t *rule = 0;
195 rule = mma_rules_table_rule_alloc_16 (srt);
196 session_rules_table_init_rule_16 (rule, lcl, lcl_port, rmt, rmt_port);
201 session_rules_table_alloc_rule_40 (mma_rules_table_40_t * srt,
202 fib_prefix_t * lcl, u16 lcl_port,
203 fib_prefix_t * rmt, u16 rmt_port)
206 rule = mma_rules_table_rule_alloc_40 (srt);
207 session_rules_table_init_rule_40 (rule, lcl, lcl_port, rmt, rmt_port);
212 session_rules_table_add_del (session_rules_table_t * srt,
213 session_rule_table_add_del_args_t * args)
215 u8 fib_proto = args->rmt.fp_proto;
217 if (args->transport_proto != TRANSPORT_PROTO_TCP
218 && args->transport_proto != TRANSPORT_PROTO_UDP)
219 return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
220 "invalid transport proto");
222 if (fib_proto == FIB_PROTOCOL_IP4)
224 mma_rules_table_16_t *srt4;
225 srt4 = &srt->session_rules_tables_16[args->transport_proto];
229 rule = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
233 rule->action_index = args->action_index;
234 mma_rules_table_add_rule_16 (srt4, rule);
239 memset (&rule, 0, sizeof (rule));
240 session_rules_table_init_rule_16 (&rule, &args->lcl, args->lcl_port,
241 &args->rmt, args->rmt_port);
242 mma_rules_table_del_rule_16 (srt4, &rule, srt4->root_index);
245 else if (fib_proto == FIB_PROTOCOL_IP6)
247 mma_rules_table_40_t *srt6;
249 srt6 = &srt->session_rules_tables_40[args->transport_proto];
252 rule = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
256 rule->action_index = args->action_index;
257 mma_rules_table_add_rule_40 (srt6, rule);
262 memset (&rule, 0, sizeof (rule));
263 session_rules_table_init_rule_40 (&rule, &args->lcl, args->lcl_port,
264 &args->rmt, args->rmt_port);
265 mma_rules_table_del_rule_40 (srt6, &rule, srt6->root_index);
269 return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE_2, 0,
270 "invalid fib proto");
275 session_rules_table_lookup4 (session_rules_table_t * srt, u8 transport_proto,
276 ip4_address_t * lcl_ip, ip4_address_t * rmt_ip,
277 u16 lcl_port, u16 rmt_port)
279 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16[transport_proto];
280 session_mask_or_match_4_t key = {
281 .lcl_ip.as_u32 = lcl_ip->as_u32,
282 .rmt_ip.as_u32 = rmt_ip->as_u32,
283 .lcl_port = lcl_port,
284 .rmt_port = rmt_port,
286 return mma_rules_table_lookup_16 (srt4,
287 (mma_mask_or_match_16_t *) & key,
292 session_rules_table_lookup6 (session_rules_table_t * srt, u8 transport_proto,
293 ip6_address_t * lcl_ip, ip6_address_t * rmt_ip,
294 u16 lcl_port, u16 rmt_port)
296 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40[transport_proto];
297 session_mask_or_match_6_t key = {
298 .lcl_port = lcl_port,
299 .rmt_port = rmt_port,
301 clib_memcpy (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
302 clib_memcpy (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
303 return mma_rules_table_lookup_40 (srt6,
304 (mma_mask_or_match_40_t *) & key,
309 session_rules_table_init (session_rules_table_t * srt)
311 mma_rules_table_16_t *srt4;
312 mma_rules_table_40_t *srt6;
313 mma_rule_16_t *rule4;
314 mma_rule_40_t *rule6;
315 fib_prefix_t null_prefix;
318 memset (&null_prefix, 0, sizeof (null_prefix));
320 for (i = 0; i < TRANSPORT_N_PROTO; i++)
322 srt4 = &srt->session_rules_tables_16[i];
323 rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
325 rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
326 srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
327 srt4->rule_cmp_fn = rule_cmp_16;
330 for (i = 0; i < TRANSPORT_N_PROTO; i++)
332 srt6 = &srt->session_rules_tables_40[i];;
333 rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
335 rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
336 srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
337 srt6->rule_cmp_fn = rule_cmp_40;
342 session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
343 u8 transport_proto, ip46_address_t * lcl_ip,
344 u16 lcl_port, ip46_address_t * rmt_ip,
345 u16 rmt_port, u8 is_ip4)
347 mma_rules_table_16_t *srt4;
348 mma_rules_table_40_t *srt6;
355 srt4 = session_rules_table_get (srt, transport_proto, FIB_PROTOCOL_IP4);
356 session_mask_or_match_4_t key = {
357 .lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
358 .rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
359 .lcl_port = lcl_port,
360 .rmt_port = rmt_port,
363 mma_rules_table_lookup_rule_16 (srt4,
364 (mma_mask_or_match_16_t *) & key,
366 sr4 = mma_rules_table_get_rule_16 (srt4, ri);
367 vlib_cli_output (vm, "%U", format_session_rule4, srt4, sr4);
371 srt6 = session_rules_table_get (srt, transport_proto, FIB_PROTOCOL_IP6);
372 session_mask_or_match_6_t key = {
373 .lcl_port = lcl_port,
374 .rmt_port = rmt_port,
376 clib_memcpy (&key.lcl_ip, &lcl_ip->ip6, sizeof (lcl_ip->ip6));
377 clib_memcpy (&key.rmt_ip, &rmt_ip->ip6, sizeof (rmt_ip->ip6));
379 mma_rules_table_lookup_rule_40 (srt6,
380 (mma_mask_or_match_40_t *) &
381 key, srt6->root_index);
382 sr6 = mma_rules_table_get_rule_40 (srt6, ri);
383 vlib_cli_output (vm, "%U", format_session_rule6, srt6, sr6);
388 session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
389 u8 fib_proto, u8 transport_proto)
391 if (fib_proto == FIB_PROTOCOL_IP4)
393 mma_rules_table_16_t *srt4;
395 srt4 = &srt->session_rules_tables_16[transport_proto];
396 vlib_cli_output (vm, "%U IP4 rules table", format_transport_proto,
400 pool_foreach(sr4, srt4->rules, ({
401 vlib_cli_output (vm, "%U", format_session_rule4, srt4, sr4);
406 else if (fib_proto == FIB_PROTOCOL_IP6)
408 mma_rules_table_40_t *srt6;
410 srt6 = &srt->session_rules_tables_40[transport_proto];
411 vlib_cli_output (vm, "\n%U IP6 rules table", format_transport_proto,
415 pool_foreach(sr6, srt6->rules, ({
416 vlib_cli_output (vm, "%U", format_session_rule6, srt6, sr6);
424 * fd.io coding-style-patch-verification: ON
427 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob