_(tcp_configure_src_addresses_reply) \
_(app_namespace_add_del_reply) \
_(dns_enable_disable_reply) \
-_(dns_name_server_add_del_reply)
+_(dns_name_server_add_del_reply) \
+_(session_rule_add_del_reply)
#define _(n) \
static void vl_api_##n##_t_handler \
_(DNS_ENABLE_DISABLE_REPLY, dns_enable_disable_reply) \
_(DNS_NAME_SERVER_ADD_DEL_REPLY, dns_name_server_add_del_reply) \
_(DNS_RESOLVE_NAME_REPLY, dns_resolve_name_reply) \
-_(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply)
+_(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply) \
+_(SESSION_RULE_ADD_DEL_REPLY, session_rule_add_del_reply)
#define foreach_standalone_reply_msg \
_(SW_INTERFACE_EVENT, sw_interface_event) \
return ret;
}
+static int
+api_session_rule_add_del (vat_main_t * vam)
+{
+ vl_api_session_rule_add_del_t *mp;
+ unformat_input_t *i = vam->input;
+ u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen, rmt_plen;
+ u32 appns_index = 0, scope = 0;
+ ip4_address_t lcl_ip4, rmt_ip4;
+ ip6_address_t lcl_ip6, rmt_ip6;
+ u8 is_ip4 = 1, conn_set = 0;
+ u8 is_add = 1;
+ int ret;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "del"))
+ is_add = 0;
+ else if (unformat (i, "add"))
+ ;
+ else if (unformat (i, "proto tcp"))
+ proto = 0;
+ else if (unformat (i, "proto udp"))
+ proto = 1;
+ else if (unformat (i, "appns %d", &appns_index))
+ ;
+ else if (unformat (i, "scope %d", &scope))
+ ;
+ else
+ if (unformat
+ (i, "%U/%d %d %U/%d %d", unformat_ip4_address, &lcl_ip4,
+ &lcl_plen, &lcl_port, unformat_ip4_address, &rmt_ip4, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 1;
+ conn_set = 1;
+ }
+ else
+ if (unformat
+ (i, "%U/%d %d %U/%d %d", unformat_ip6_address, &lcl_ip6,
+ &lcl_plen, &lcl_port, unformat_ip6_address, &rmt_ip6, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 0;
+ conn_set = 1;
+ }
+ else if (unformat (i, "action %d", &action))
+ ;
+ else
+ break;
+ }
+ if (proto == ~0 || !conn_set || action == ~0)
+ {
+ errmsg ("transport proto, connection and action must be set");
+ return -99;
+ }
+
+ if (scope > 3)
+ {
+ errmsg ("scope should be 0-3");
+ return -99;
+ }
+
+ M (SESSION_RULE_ADD_DEL, mp);
+
+ mp->is_ip4 = is_ip4;
+ mp->transport_proto = proto;
+ mp->lcl_plen = clib_host_to_net_u16 (lcl_plen);
+ mp->rmt_plen = clib_host_to_net_u16 (rmt_plen);
+ mp->action_index = clib_host_to_net_u32 (action);
+ mp->appns_index = clib_host_to_net_u32 (appns_index);
+ mp->scope = scope;
+ mp->is_add = is_add;
+ if (is_ip4)
+ {
+ clib_memcpy (mp->lcl_ip, &lcl_ip4, sizeof (lcl_ip4));
+ clib_memcpy (mp->rmt_ip, &rmt_ip4, sizeof (rmt_ip4));
+ }
+ else
+ {
+ clib_memcpy (mp->lcl_ip, &lcl_ip6, sizeof (lcl_ip6));
+ clib_memcpy (mp->rmt_ip, &rmt_ip6, sizeof (rmt_ip6));
+ }
+
+ S (mp);
+ W (ret);
+ return ret;
+}
static int
q_or_quit (vat_main_t * vam)
_(dns_enable_disable, "[enable][disable]") \
_(dns_name_server_add_del, "<ip-address> [del]") \
_(dns_resolve_name, "<hostname>") \
-_(dns_resolve_ip, "<ip4|ip6>")
+_(dns_resolve_ip, "<ip4|ip6>") \
+_(dns_name_server_add_del, "<ip-address> [del]") \
+_(dns_resolve_name, "<hostname>") \
+_(session_rule_add_del, "[add|del] proto <tcp/udp> <lcl-ip>/<plen> " \
+ "<lcl-port> <rmt-ip>/<plen> <rmt-port> action <nn>") \
/* List of command functions, CLI names map directly to functions */
#define foreach_cli_function \
libvnet_la_SOURCES += \
vnet/session/session.c \
vnet/session/session_table.c \
+ vnet/session/session_rules_table.c \
vnet/session/session_lookup.c \
vnet/session/session_node.c \
vnet/session/transport.c \
nobase_include_HEADERS += \
vnet/session/session.h \
vnet/session/session_table.h \
+ vnet/session/session_rules_table.h \
vnet/session/stream_session.h \
vnet/session/session_lookup.h \
vnet/session/application.h \
vnet/session/application_namespace.h \
vnet/session/session_debug.h \
vnet/session/segment_manager.h \
+ vnet/session/mma_template.h \
+ vnet/session/mma_template.c \
+ vnet/session/mma_16.h \
+ vnet/session/mma_40.h \
vnet/session/session.api.h
API_FILES += vnet/session/session.api
return 0;
}
+void
+ip4_address_normalize (ip4_address_t * ip4, u8 preflen)
+{
+ ASSERT (preflen <= 32);
+ if (preflen == 0)
+ ip4->data_u32 = 0;
+ else
+ ip4->data_u32 &= clib_net_to_host_u32 (0xffffffff << (32 - preflen));
+}
+
+void
+ip6_address_normalize (ip6_address_t * ip6, u8 preflen)
+{
+ ASSERT (preflen <= 128);
+ if (preflen == 0)
+ {
+ ip6->as_u64[0] = 0;
+ ip6->as_u64[1] = 0;
+ }
+ else if (preflen <= 64)
+ {
+ ip6->as_u64[0] &=
+ clib_host_to_net_u64 (0xffffffffffffffffL << (64 - preflen));
+ ip6->as_u64[1] = 0;
+ }
+ else
+ ip6->as_u64[1] &=
+ clib_host_to_net_u64 (0xffffffffffffffffL << (128 - preflen));
+}
+
+void
+ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip)
+{
+ if (pref_len == 0)
+ ip->as_u32 = 0;
+ else
+ ip->as_u32 = clib_host_to_net_u32 (~((1 << (32 - pref_len)) - 1));
+}
+
+u32
+ip4_mask_to_preflen (ip4_address_t * mask)
+{
+ return (32 - log2_first_set (clib_net_to_host_u32 (mask->as_u32)));
+}
+
+void
+ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen,
+ ip4_address_t * res)
+{
+ u32 not_mask;
+ not_mask = (1 << (32 - plen)) - 1;
+ res->as_u32 = clib_net_to_host_u32 (ip->as_u32) + not_mask;
+}
+
+void
+ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask)
+{
+ if (pref_len == 0)
+ {
+ mask->as_u64[0] = 0;
+ mask->as_u64[1] = 0;
+ }
+ else if (pref_len <= 64)
+ {
+ mask->as_u64[0] =
+ clib_host_to_net_u64 (0xffffffffffffffffL << (64 - pref_len));
+ mask->as_u64[1] = 0;
+ }
+ else
+ {
+ mask->as_u64[1] =
+ clib_host_to_net_u64 (0xffffffffffffffffL << (128 - pref_len));
+ }
+}
+
+void
+ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen,
+ ip6_address_t * res)
+{
+ u64 not_mask;
+ if (plen <= 64)
+ {
+ not_mask = (1 << (64 - plen)) - 1;
+ res->as_u64[0] = clib_net_to_host_u64 (ip->as_u64[0]) + not_mask;
+ res->as_u64[1] = 0xffffffffffffffffL;
+ }
+ else
+ {
+ not_mask = (1 << (128 - plen)) - 1;
+ res->as_u64[1] = clib_net_to_host_u64 (ip->as_u64[1]) + not_mask;
+ }
+}
+
+u32
+ip6_mask_to_preflen (ip6_address_t * mask)
+{
+ u8 first1, first0;
+ if (mask->as_u64[0] == 0 && mask->as_u64[1] == 0)
+ return 128;
+ first1 = log2_first_set (mask->as_u64[1]);
+ first0 = log2_first_set (mask->as_u64[0]);
+
+ if (first1 != 0)
+ return 128 - first1;
+ else
+ return 64 - first0;
+}
+
/*
* fd.io coding-style-patch-verification: ON
*
void ip_copy (ip46_address_t * dst, ip46_address_t * src, u8 is_ip4);
void ip_set (ip46_address_t * dst, void *src, u8 is_ip4);
void *ip_interface_get_first_ip (u32 sw_if_index, u8 is_ip4);
+void ip4_address_normalize (ip4_address_t * ip4, u8 preflen);
+void ip6_address_normalize (ip6_address_t * ip6, u8 preflen);
+void ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip);
+u32 ip4_mask_to_preflen (ip4_address_t * mask);
+void ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen,
+ ip4_address_t * res);
+void ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen,
+ ip6_address_t * res);
+void ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask);
+u32 ip6_mask_to_preflen (ip6_address_t * mask);
#endif /* included_ip_main_h */
return app->flags & APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
}
+u32
+application_n_listeners (application_t * app)
+{
+ return hash_elts (app->listeners_table);
+}
+
+stream_session_t *
+application_first_listener (application_t * app)
+{
+ u64 handle;
+ u32 sm_index;
+
+ /* *INDENT-OFF* */
+ hash_foreach (handle, sm_index, app->listeners_table, ({
+ return listen_session_get_from_handle (handle);
+ }));
+ /* *INDENT-ON* */
+
+ return 0;
+}
+
u8 *
format_application_listener (u8 * s, va_list * args)
{
vlib_cli_output (vm, "%U", format_application_listener,
0 /* header */ , 0, 0,
verbose);
- /* *INDENT-OFF* */
+ /* *INDENT-OFF* */
pool_foreach (app, app_pool,
({
/* App's listener sessions */
u8 application_has_local_scope (application_t * app);
u8 application_has_global_scope (application_t * app);
-
+u32 application_n_listeners (application_t * app);
+stream_session_t *application_first_listener (application_t * app);
#endif /* SRC_VNET_SESSION_APPLICATION_H_ */
/*
return app_namespace_id (app_ns);
}
+u32
+app_namespace_get_fib_index (app_namespace_t * app_ns, u8 fib_proto)
+{
+ return fib_proto == FIB_PROTOCOL_IP4 ?
+ app_ns->ip4_fib_index : app_ns->ip6_fib_index;
+}
+
+session_table_t *
+app_namespace_get_local_table (app_namespace_t * app_ns)
+{
+ return session_table_get (app_ns->local_table_index);
+}
+
void
app_namespaces_init (void)
{
*/
#include <vnet/vnet.h>
+#include <vnet/session/session_table.h>
#ifndef SRC_VNET_SESSION_APPLICATION_NAMESPACE_H_
#define SRC_VNET_SESSION_APPLICATION_NAMESPACE_H_
void app_namespaces_init (void);
clib_error_t *vnet_app_namespace_add_del (vnet_app_namespace_add_del_args_t *
a);
+u32 app_namespace_get_fib_index (app_namespace_t * app_ns, u8 fib_proto);
+session_table_t *app_namespace_get_local_table (app_namespace_t * app_ns);
+
+always_inline app_namespace_t *
+app_namespace_get_default (void)
+{
+ return app_namespace_get (0);
+}
#endif /* SRC_VNET_SESSION_APPLICATION_NAMESPACE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+#undef MMA_RT_TYPE
+#define MMA_RT_TYPE 16
+
+#ifndef SRC_VNET_SESSION_MMA_TABLE_16_H_
+#define SRC_VNET_SESSION_MMA_TABLE_16_H_
+
+#undef SRC_VNET_SESSION_MMA_TEMPLATE_H_
+#include <vnet/session/mma_template.h>
+
+#endif /* SRC_VNET_SESSION_MMA_TABLE_16_H_ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#undef MMA_RT_TYPE
+#define MMA_RT_TYPE 40
+
+#ifndef SRC_VNET_SESSION_MMA_TABLE_40_H_
+#define SRC_VNET_SESSION_MMA_TABLE_40_H_
+
+#undef SRC_VNET_SESSION_MMA_TEMPLATE_H_
+#include <vnet/session/mma_template.h>
+
+#endif /* SRC_VNET_SESSION_MMA_TABLE_40_H_ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+#include <vppinfra/error.h>
+
+u8 RT (rule_is_exact_match) (RTT (mma_rule) * key, RTT (mma_rule) * r)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_LEN (key->match.as_u64); i++)
+ {
+ if (key->match.as_u64[i] != r->match.as_u64[i])
+ return 0;
+ }
+ for (i = 0; i < ARRAY_LEN (key->mask.as_u64); i++)
+ {
+ if (key->mask.as_u64[i] != r->mask.as_u64[i])
+ return 0;
+ }
+ return 1;
+}
+
+u8
+RT (rule_is_match_for_key) (RTT (mma_mask_or_match) * key, RTT (mma_rule) * r)
+{
+ RTT (mma_mask_or_match) _tmp_key, *tkp = &_tmp_key;
+ int i;
+
+ *tkp = *key;
+ for (i = 0; i < ARRAY_LEN (tkp->as_u64); i++)
+ tkp->as_u64[i] &= r->mask.as_u64[i];
+ for (i = 0; i < ARRAY_LEN (tkp->as_u64); i++)
+ {
+ if (tkp->as_u64[i] != r->match.as_u64[i])
+ return 0;
+ }
+ return 1;
+}
+
+RTT (mma_rule) * RT (mma_rules_table_rule_alloc) (RTT (mma_rules_table) * srt)
+{
+ RTT (mma_rule) * rule;
+ pool_get (srt->rules, rule);
+ memset (rule, 0, sizeof (*rule));
+ return rule;
+}
+
+RTT (mma_rule) *
+RT (mma_rule_free) (RTT (mma_rules_table) * srt, RTT (mma_rule) * rule)
+{
+ pool_put (srt->rules, rule);
+ memset (rule, 0xfa, sizeof (*rule));
+ return rule;
+}
+
+RTT (mma_rule) *
+RT (mma_rules_table_get_rule) (RTT (mma_rules_table) * srt, u32 srt_index)
+{
+ if (!pool_is_free_index (srt->rules, srt_index))
+ return (srt->rules + srt_index);
+ return 0;
+}
+
+u32
+RT (mma_rules_table_rule_index) (RTT (mma_rules_table) * srt,
+ RTT (mma_rule) * sr)
+{
+ ASSERT (sr);
+ return (sr - srt->rules);
+}
+
+/**
+ * Lookup key in table
+ *
+ * This should be optimized .. eventually
+ */
+u32
+RT (mma_rules_table_lookup) (RTT (mma_rules_table) * srt,
+ RTT (mma_mask_or_match) * key, u32 rule_index)
+{
+ RTT (mma_rule) * rp;
+ u32 rv;
+ int i;
+
+ ASSERT (rule_index != SESSION_RULES_TABLE_INVALID_INDEX);
+ rp = RT (mma_rules_table_get_rule) (srt, rule_index);
+ ASSERT (rp);
+
+ if (!RT (rule_is_match_for_key) (key, rp))
+ return ~0;
+ for (i = 0; i < vec_len (rp->next_indices); i++)
+ {
+ rv = RT (mma_rules_table_lookup) (srt, key, rp->next_indices[i]);
+ if (rv != ~0)
+ return (rv);
+ }
+ return (rp->action_index);
+}
+
+u32
+RT (mma_rules_table_lookup_rule) (RTT (mma_rules_table) * srt,
+ RTT (mma_mask_or_match) * key,
+ u32 rule_index)
+{
+ RTT (mma_rule) * rp;
+ u32 rv;
+ int i;
+
+ ASSERT (rule_index != SESSION_RULES_TABLE_INVALID_INDEX);
+ rp = RT (mma_rules_table_get_rule) (srt, rule_index);
+ ASSERT (rp);
+
+ if (!RT (rule_is_match_for_key) (key, rp))
+ return ~0;
+ for (i = 0; i < vec_len (rp->next_indices); i++)
+ {
+ rv = RT (mma_rules_table_lookup_rule) (srt, key, rp->next_indices[i]);
+ if (rv != ~0)
+ return (rv);
+ }
+ return rule_index;
+}
+
+static
+RTT (mma_rules_table) *
+RTT (sort_srt);
+
+ int RT (mma_sort_indices) (void *e1, void *e2)
+{
+ u32 *ri1 = e1, *ri2 = e2;
+ RTT (mma_rule) * rule1, *rule2;
+ rule1 = RT (mma_rules_table_get_rule) (RTT (sort_srt), *ri1);
+ rule2 = RT (mma_rules_table_get_rule) (RTT (sort_srt), *ri2);
+ return RTT (sort_srt)->rule_cmp_fn (rule1, rule2);
+}
+
+void RT (mma_sort) (RTT (mma_rules_table) * srt, u32 * next_indices)
+{
+ RTT (sort_srt) = srt;
+ vec_sort_with_function (next_indices, RT (mma_sort_indices));
+}
+
+int
+RT (mma_rules_table_add_rule) (RTT (mma_rules_table) * srt,
+ RTT (mma_rule) * rule)
+{
+ u32 parent_index, i, *next_indices = 0, added = 0, rule_index;
+ RTT (mma_rule) * parent, *child;
+
+ rule_index = RT (mma_rules_table_rule_index) (srt, rule);
+ parent_index = RT (mma_rules_table_lookup_rule) (srt, &rule->match,
+ srt->root_index);
+ parent = RT (mma_rules_table_get_rule) (srt, parent_index);
+ if (RT (rule_is_exact_match) (rule, parent))
+ {
+ parent->action_index = rule->action_index;
+ RT (mma_rule_free) (srt, rule);
+ return -1;
+ }
+
+ if (vec_len (parent->next_indices) == 0)
+ {
+ vec_add1 (parent->next_indices, rule_index);
+ return 0;
+ }
+
+ /* Check if new rule is parent of some of the existing children */
+ for (i = 0; i < vec_len (parent->next_indices); i++)
+ {
+ child = RT (mma_rules_table_get_rule) (srt, parent->next_indices[i]);
+ if (RT (rule_is_match_for_key) (&child->match, rule))
+ {
+ vec_add1 (rule->next_indices, parent->next_indices[i]);
+ if (!added)
+ {
+ vec_add1 (next_indices, rule_index);
+ added = 1;
+ }
+ }
+ else
+ {
+ if (!added && srt->rule_cmp_fn (rule, child) < 0)
+ {
+ vec_add1 (next_indices, rule_index);
+ added = 1;
+ }
+ vec_add1 (next_indices, parent->next_indices[i]);
+ }
+ }
+ if (!added)
+ vec_add1 (next_indices, rule_index);
+ vec_free (parent->next_indices);
+ parent->next_indices = next_indices;
+ return 0;
+}
+
+int
+RT (mma_rules_table_del_rule) (RTT (mma_rules_table) * srt,
+ RTT (mma_rule) * rule, u32 rule_index)
+{
+ RTT (mma_rule) * rp;
+ u32 rv;
+ int i;
+
+ ASSERT (rule_index != SESSION_RULES_TABLE_INVALID_INDEX);
+ rp = RT (mma_rules_table_get_rule) (srt, rule_index);
+
+ if (!RT (rule_is_match_for_key) (&rule->match, rp))
+ return ~0;
+ if (RT (rule_is_exact_match) (rule, rp))
+ return 1;
+ for (i = 0; i < vec_len (rp->next_indices); i++)
+ {
+ rv = RT (mma_rules_table_del_rule) (srt, rule, rp->next_indices[i]);
+ if (rv == 1)
+ {
+ RTT (mma_rule) * child;
+ u32 *next_indices = 0, *new_elts, left_to_add;
+ child = RT (mma_rules_table_get_rule) (srt, rp->next_indices[i]);
+ ASSERT (RT (rule_is_exact_match) (rule, child));
+
+ if (i != 0)
+ {
+ vec_add2 (next_indices, new_elts, i);
+ clib_memcpy (new_elts, rp->next_indices, i * sizeof (u32));
+ }
+ if (vec_len (child->next_indices))
+ vec_append (next_indices, child->next_indices);
+ left_to_add = vec_len (rp->next_indices) - i - 1;
+ if (left_to_add)
+ {
+ vec_add2 (next_indices, new_elts, left_to_add);
+ clib_memcpy (new_elts, &rp->next_indices[i + 1],
+ left_to_add * sizeof (u32));
+ }
+ RT (mma_rule_free) (srt, child);
+ vec_free (rp->next_indices);
+ rp->next_indices = next_indices;
+ return 0;
+ }
+ else if (rv == 0)
+ return rv;
+ }
+ return ~0;
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+#ifndef SRC_VNET_SESSION_MMA_TEMPLATE_H_
+#define SRC_VNET_SESSION_MMA_TEMPLATE_H_
+
+#include <vppinfra/pool.h>
+
+#ifndef MMA_RT_TYPE
+#error MMA_RT_TYPE not defined
+#endif
+
+#define _rt(a,b) a##_##b
+#define __rt(a, b) _rt(a,b)
+#define RT(a) __rt(a, MMA_RT_TYPE)
+
+#define _rtt(a,b) a##_##b##_t
+#define __rtt(a, b) _rtt(a,b)
+#define RTT(a) __rtt(a, MMA_RT_TYPE)
+
+#define SESSION_RULES_TABLE_INVALID_INDEX ((u32)~0)
+
+typedef struct
+{
+ u64 as_u64[MMA_RT_TYPE / 8];
+} RTT (mma_mask_or_match);
+
+typedef struct
+{
+ u32 action_index;
+ u32 *next_indices;
+ /* *INDENT-OFF* */
+ RTT (mma_mask_or_match) mask;
+ RTT (mma_mask_or_match) match;
+ RTT (mma_mask_or_match) max_match;
+ /* *INDENT-ON* */
+} RTT (mma_rule);
+
+typedef int (*RTT (rule_cmp_fn)) (RTT (mma_rule) * rule1,
+ RTT (mma_rule) * rule2);
+typedef struct
+{
+ /** Root for rules tree */
+ u32 root_index;
+
+ /** Rules pool */
+ RTT (mma_rule) * rules;
+
+ RTT (rule_cmp_fn) rule_cmp_fn;
+} RTT (mma_rules_table);
+
+u32
+RT (mma_table_lookup) (RTT (mma_rules_table) * srt,
+ RTT (mma_mask_or_match) * key, u32 rule_index);
+u32
+RT (mma_table_lookup_rule) (RTT (mma_rules_table) * srt,
+ RTT (mma_mask_or_match) * key, u32 rule_index);
+int
+RT (mma_table_add_rule) (RTT (mma_rules_table) * srt, RTT (mma_rule) * rule);
+int
+RT (mma_table_del_rule) (RTT (mma_rules_table) * srt,
+ RTT (mma_rule) * rule, u32 rule_index);
+RTT (mma_rule) *
+RT (mma_rules_table_rule_alloc) (RTT (mma_rules_table) * srt);
+RTT (mma_rule) *
+RT (session_rule_free) (RTT (mma_rules_table) * srt, RTT (mma_rule) * rule);
+RTT (mma_rule) *
+RT (mma_table_get_rule) (RTT (mma_rules_table) * srt, u32 srt_index);
+u32
+RT (mma_table_rule_index) (RTT (mma_rules_table) * srt, RTT (mma_rule) * sr);
+#endif /* SRC_VNET_SESSION_MMA_TEMPLATE_H_ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
u8 namespace_id[64];
};
+/** \brief add/del session rule
+ @param client_index - opaque cookie to identify the sender
+ client to vpp direction only
+ @param context - sender context, to match reply w/ request
+ @param transport_proto - transport protocol (0 - tcp 1 - udp)
+ @param is_ip4 - flag to indicate if ip addresses are ip4 or 6
+ @param lcl_ip - local ip
+ @param lcl_plen - local prefix length
+ @param rmt_ip - remote ip
+ @param rmt_ple - remote prefix length
+ @param lcl_port - local port
+ @param rmt_port - remote port
+ @param action_index - the only action defined now is forward to
+ application with index action_index
+ @param is_add - flag to indicate if add or del
+ @param appns_index - application namespace where rule is to be applied
+ to
+ @param scope - flag that indicates scope of the rule: global or local.
+ If 0, default is global, 1 is global 2 is local, 3 is
+ both
+*/
+autoreply define session_rule_add_del {
+ u32 client_index;
+ u32 context;
+ u8 transport_proto;
+ u8 is_ip4;
+ u8 lcl_ip[16];
+ u8 lcl_plen;
+ u8 rmt_ip[16];
+ u8 rmt_plen;
+ u16 lcl_port;
+ u16 rmt_port;
+ u32 action_index;
+ u8 is_add;
+ u32 appns_index;
+ u8 scope;
+};
+
/*
* Local Variables:
* eval: (c-set-style "gnu")
#include <vnet/vnet.h>
#include <vlibmemory/api.h>
#include <vnet/session/application.h>
+#include <vnet/session/application_interface.h>
+#include <vnet/session/session_rules_table.h>
#include <vnet/vnet_msg_enum.h>
-#include "application_interface.h"
#define vl_typedefs /* define message structures */
#include <vnet/vnet_all_api_h.h>
_(CONNECT_SOCK, connect_sock) \
_(SESSION_ENABLE_DISABLE, session_enable_disable) \
_(APP_NAMESPACE_ADD_DEL, app_namespace_add_del) \
+_(SESSION_RULE_ADD_DEL, session_rule_add_del) \
static int
send_add_segment_callback (u32 api_client_index, const u8 * segment_name,
REPLY_MACRO (VL_API_APP_NAMESPACE_ADD_DEL_REPLY);
}
+static void
+vl_api_session_rule_add_del_t_handler (vl_api_session_rule_add_del_t * mp)
+{
+ vl_api_session_rule_add_del_reply_t *rmp;
+ session_rule_add_del_args_t args;
+ session_rule_table_add_del_args_t *table_args = &args.table_args;
+ clib_error_t *error;
+ u8 fib_proto;
+ int rv = 0;
+
+ fib_proto = mp->is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
+
+ table_args->lcl.fp_len = mp->lcl_plen;
+ table_args->lcl.fp_proto = fib_proto;
+ table_args->rmt.fp_len = mp->rmt_plen;
+ table_args->rmt.fp_proto = fib_proto;
+ table_args->lcl_port = clib_net_to_host_u16 (mp->lcl_port);
+ table_args->rmt_port = clib_net_to_host_u16 (mp->rmt_port);
+ table_args->action_index = clib_net_to_host_u32 (mp->action_index);
+ table_args->is_add = mp->is_add;
+ args.appns_index = clib_net_to_host_u32 (mp->appns_index);
+ args.scope = mp->scope;
+
+ memset (&table_args->lcl.fp_addr, 0, sizeof (table_args->lcl.fp_addr));
+ memset (&table_args->rmt.fp_addr, 0, sizeof (table_args->rmt.fp_addr));
+ ip_set (&table_args->lcl.fp_addr, mp->lcl_ip, mp->is_ip4);
+ ip_set (&table_args->rmt.fp_addr, mp->rmt_ip, mp->is_ip4);
+ error = vnet_session_rule_add_del (&args);
+ if (error)
+ {
+ rv = clib_error_get_code (error);
+ clib_error_report (error);
+ }
+ REPLY_MACRO (VL_API_SESSION_RULE_ADD_DEL_REPLY);
+}
+
static clib_error_t *
application_reaper_cb (u32 client_index)
{
return session_lookup_del_connection (ts);
}
+static stream_session_t *
+session_lookup_app_listen_session (u32 app_index)
+{
+ application_t *app;
+ app = application_get (app_index);
+ if (!app)
+ return 0;
+
+ if (application_n_listeners (app) != 1)
+ {
+ clib_warning ("there should be one and only one listener %d",
+ hash_elts (app->listeners_table));
+ return 0;
+ }
+
+ return application_first_listener (app);
+}
+
+stream_session_t *
+session_lookup_rules_table4 (session_rules_table_t * srt, u8 proto,
+ ip4_address_t * lcl, u16 lcl_port,
+ ip4_address_t * rmt, u16 rmt_port)
+{
+ u32 action_index;
+ action_index = session_rules_table_lookup4 (srt, proto, lcl, rmt, lcl_port,
+ rmt_port);
+ /* Nothing sophisticated for now, action index is app index */
+ return session_lookup_app_listen_session (action_index);
+}
+
+stream_session_t *
+session_lookup_rules_table6 (session_rules_table_t * srt, u8 proto,
+ ip6_address_t * lcl, u16 lcl_port,
+ ip6_address_t * rmt, u16 rmt_port)
+{
+ u32 action_index;
+ action_index = session_rules_table_lookup6 (srt, proto, lcl, rmt, lcl_port,
+ rmt_port);
+ return session_lookup_app_listen_session (action_index);
+}
+
u64
session_lookup_session_endpoint (u32 table_index, session_endpoint_t * sep)
{
session_table_t *st;
session_kv4_t kv4;
session_kv6_t kv6;
+ ip4_address_t lcl4;
+ ip6_address_t lcl6;
+ u32 si;
int rv;
st = session_table_get (table_index);
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return kv4.value;
+
+ memset (&lcl4, 0, sizeof (lcl4));
+ si =
+ session_rules_table_lookup4 (&st->session_rules, sep->transport_proto,
+ &lcl4, &sep->ip.ip4, 0, sep->port);
+ if (si != SESSION_RULES_TABLE_INVALID_INDEX)
+ return si;
}
else
{
rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
if (rv == 0)
return kv6.value;
+
+ memset (&lcl6, 0, sizeof (lcl6));
+ si =
+ session_rules_table_lookup6 (&st->session_rules, sep->transport_proto,
+ &lcl6, &sep->ip.ip6, 0, sep->port);
+ if (si != SESSION_RULES_TABLE_INVALID_INDEX)
+ return si;
}
return SESSION_INVALID_HANDLE;
}
session_table_t *st;
session_kv4_t kv4;
session_kv6_t kv6;
+ ip4_address_t lcl4;
+ ip6_address_t lcl6;
u8 fib_proto;
u32 table_index;
int rv;
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return session_get_from_handle (kv4.value);
+ memset (&lcl4, 0, sizeof (lcl4));
+ return session_lookup_rules_table4 (&st->session_rules,
+ sep->transport_proto, &lcl4, 0,
+ &sep->ip.ip4, sep->port);
}
else
{
rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
if (rv == 0)
return session_get_from_handle (kv6.value);
+ memset (&lcl6, 0, sizeof (lcl6));
+ return session_lookup_rules_table6 (&st->session_rules,
+ sep->transport_proto, &lcl6, 0,
+ &sep->ip.ip6, sep->port);
}
- return 0;
}
u32
session_table_t *st;
session_kv4_t kv4;
session_kv6_t kv6;
+ ip4_address_t lcl4;
+ ip6_address_t lcl6;
+ u32 si;
int rv;
st = session_table_get (table_index);
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return (u32) kv4.value;
+
+ memset (&lcl4, 0, sizeof (lcl4));
+ si =
+ session_rules_table_lookup4 (&st->session_rules, sep->transport_proto,
+ &lcl4, &sep->ip.ip4, 0, sep->port);
+ if (si != SESSION_RULES_TABLE_INVALID_INDEX)
+ return si;
}
else
{
rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
if (rv == 0)
return (u32) kv6.value;
+
+ memset (&lcl6, 0, sizeof (lcl6));
+ si =
+ session_rules_table_lookup6 (&st->session_rules, sep->transport_proto,
+ &lcl6, &sep->ip.ip6, 0, sep->port);
+ if (si != SESSION_RULES_TABLE_INVALID_INDEX)
+ return si;
}
return SESSION_INVALID_INDEX;
}
return 0;
}
+transport_connection_t *
+session_lookup_rules_table_connection4 (session_rules_table_t * srt, u8 proto,
+ ip4_address_t * lcl, u16 lcl_port,
+ ip4_address_t * rmt, u16 rmt_port)
+{
+ stream_session_t *s;
+ s = session_lookup_rules_table4 (srt, proto, lcl, lcl_port, rmt, rmt_port);
+ if (s)
+ return tp_vfts[s->session_type].get_listener (s->connection_index);
+ return 0;
+}
+
+transport_connection_t *
+session_lookup_rules_table_connection6 (session_rules_table_t * srt, u8 proto,
+ ip6_address_t * lcl, u16 lcl_port,
+ ip6_address_t * rmt, u16 rmt_port)
+{
+ stream_session_t *s;
+ s = session_lookup_rules_table6 (srt, proto, lcl, lcl_port, rmt, rmt_port);
+ if (s)
+ return tp_vfts[s->session_type].get_listener (s->connection_index);
+ return 0;
+}
+
/**
* Lookup connection with ip4 and transport layer information
*
* - Try to find a fully-formed or local source wildcarded (listener bound to
* all interfaces) listener session
* - Try to find a half-open connection
+ * - Try session rules table
* - return 0
*
* @param fib_index index of fib wherein the connection was received
if (s)
return tp_vfts[s->session_type].get_listener (s->connection_index);
- /* Finally, try half-open connections */
+ /* Try half-open connections */
rv = clib_bihash_search_inline_16_8 (&st->v4_half_open_hash, &kv4);
if (rv == 0)
{
u32 sst = session_type_from_proto_and_ip (proto, 1);
return tp_vfts[sst].get_half_open (kv4.value & 0xFFFFFFFF);
}
- return 0;
+
+ /* Check the session rules table */
+ return session_lookup_rules_table_connection4 (&st->session_rules, proto,
+ lcl, lcl_port, rmt,
+ rmt_port);
}
/**
u32 sst = session_type_from_proto_and_ip (proto, 1);
return tp_vfts[sst].get_half_open (kv4.value & 0xFFFFFFFF);
}
- return 0;
+ /* Check the session rules table */
+ return session_lookup_rules_table_connection4 (&st->session_rules, proto,
+ lcl, lcl_port, rmt,
+ rmt_port);
}
/**
/* If nothing is found, check if any listener is available */
if ((s = session_lookup_listener4_i (st, lcl, lcl_port, proto)))
return s;
- return 0;
+ return session_lookup_rules_table4 (&st->session_rules, proto, lcl,
+ lcl_port, rmt, rmt_port);
}
/**
* - Try to find a fully-formed or local source wildcarded (listener bound to
* all interfaces) listener session
* - Try to find a half-open connection
+ * - Try session rules table
* - return 0
*
* @param fib_index index of the fib wherein the connection was received
return tp_vfts[sst].get_half_open (kv6.value & 0xFFFFFFFF);
}
- return 0;
+ return session_lookup_rules_table_connection6 (&st->session_rules, proto,
+ lcl, lcl_port, rmt,
+ rmt_port);
}
/**
return tp_vfts[sst].get_half_open (kv6.value & 0xFFFFFFFF);
}
- return 0;
+ return session_lookup_rules_table_connection6 (&st->session_rules, proto,
+ lcl, lcl_port, rmt,
+ rmt_port);
}
/**
/* If nothing is found, check if any listener is available */
if ((s = session_lookup_listener6_i (st, lcl, lcl_port, proto)))
return s;
- return 0;
+ return session_lookup_rules_table6 (&st->session_rules, proto, lcl,
+ lcl_port, rmt, rmt_port);
}
u64
return 0;
}
+clib_error_t *
+vnet_session_rule_add_del (session_rule_add_del_args_t * args)
+{
+ app_namespace_t *app_ns = app_namespace_get (args->appns_index);
+ session_table_t *st;
+ u32 fib_index;
+ u8 fib_proto;
+ clib_error_t *error;
+
+ if (!app_ns)
+ return clib_error_return_code (0, VNET_API_ERROR_APP_INVALID_NS, 0,
+ "invalid app ns");
+ if (args->scope > 3)
+ return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
+ "invalid scope");
+ if ((args->scope & SESSION_RULE_SCOPE_GLOBAL) || args->scope == 0)
+ {
+ fib_proto = args->table_args.rmt.fp_proto;
+ fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
+ st = session_table_get_for_fib_index (fib_proto, fib_index);
+ if ((error = session_rules_table_add_del (&st->session_rules,
+ &args->table_args)))
+ return error;
+ }
+ if (args->scope & SESSION_RULE_SCOPE_LOCAL)
+ {
+ st = app_namespace_get_local_table (app_ns);
+ error =
+ session_rules_table_add_del (&st->session_rules, &args->table_args);
+ }
+ return error;
+}
+
u8 *
format_ip4_session_lookup_kvp (u8 * s, va_list * args)
{
}
}
+static clib_error_t *
+session_rule_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen, rmt_plen;
+ u32 appns_index, scope = 0;
+ ip46_address_t lcl_ip, rmt_ip;
+ u8 is_ip4 = 1, conn_set = 0;
+ u8 fib_proto, is_add = 1, *ns_id = 0;
+ app_namespace_t *app_ns;
+
+ memset (&lcl_ip, 0, sizeof (lcl_ip));
+ memset (&rmt_ip, 0, sizeof (rmt_ip));
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "del"))
+ is_add = 0;
+ else if (unformat (input, "add"))
+ ;
+ else if (unformat (input, "appns %_%v%_", &ns_id))
+ ;
+ else if (unformat (input, "scope global"))
+ scope = SESSION_RULE_SCOPE_GLOBAL;
+ else if (unformat (input, "scope local"))
+ scope = SESSION_RULE_SCOPE_LOCAL;
+ else if (unformat (input, "scope all"))
+ scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
+ else if (unformat (input, "proto %U", unformat_transport_proto, &proto))
+ ;
+ else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
+ &lcl_ip.ip4, &lcl_plen, &lcl_port,
+ unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 1;
+ conn_set = 1;
+ }
+ else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
+ &lcl_ip.ip6, &lcl_plen, &lcl_port,
+ unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 0;
+ conn_set = 1;
+ }
+ else if (unformat (input, "action %d", &action))
+ ;
+ else
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, input);
+ }
+
+ if (proto == ~0 || !conn_set || action == ~0)
+ return clib_error_return (0, "proto, connection and action must be set");
+
+ if (ns_id)
+ {
+ app_ns = app_namespace_get_from_id (ns_id);
+ if (!app_ns)
+ return clib_error_return (0, "namespace %v does not exist", ns_id);
+ }
+ else
+ {
+ app_ns = app_namespace_get_default ();
+ }
+ appns_index = app_namespace_index (app_ns);
+
+ fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
+ session_rule_add_del_args_t args = {
+ .table_args.lcl.fp_addr = lcl_ip,
+ .table_args.lcl.fp_len = lcl_plen,
+ .table_args.lcl.fp_proto = fib_proto,
+ .table_args.rmt.fp_addr = rmt_ip,
+ .table_args.rmt.fp_len = rmt_plen,
+ .table_args.rmt.fp_proto = fib_proto,
+ .table_args.lcl_port = lcl_port,
+ .table_args.rmt_port = rmt_port,
+ .table_args.action_index = action,
+ .table_args.is_add = is_add,
+ .appns_index = appns_index,
+ .scope = scope,
+ };
+ return vnet_session_rule_add_del (&args);
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (session_rule_command, static) =
+{
+ .path = "session rule",
+ .short_help = "session rule [add|del] appns <ns_id> proto <proto> "
+ "<lcl-ip/plen> <lcl-port> <rmt-ip/plen> <rmt-port> action <action>",
+ .function = session_rule_command_fn,
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+show_session_rules_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ u32 transport_proto = ~0, lcl_port, rmt_port, lcl_plen, rmt_plen;
+ u32 fib_index, scope = 0;
+ ip46_address_t lcl_ip, rmt_ip;
+ u8 is_ip4 = 1, show_one = 0;
+ app_namespace_t *app_ns;
+ session_table_t *st;
+ u8 *ns_id = 0, fib_proto;
+
+ memset (&lcl_ip, 0, sizeof (lcl_ip));
+ memset (&rmt_ip, 0, sizeof (rmt_ip));
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "%U", unformat_transport_proto, &transport_proto))
+ ;
+ else if (unformat (input, "appns %_%v%_", &ns_id))
+ ;
+ else if (unformat (input, "scope global"))
+ scope = 1;
+ else if (unformat (input, "scope local"))
+ scope = 2;
+ else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip4_address,
+ &lcl_ip.ip4, &lcl_plen, &lcl_port,
+ unformat_ip4_address, &rmt_ip.ip4, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 1;
+ show_one = 1;
+ }
+ else if (unformat (input, "%U/%d %d %U/%d %d", unformat_ip6_address,
+ &lcl_ip.ip6, &lcl_plen, &lcl_port,
+ unformat_ip6_address, &rmt_ip.ip6, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 0;
+ show_one = 1;
+ }
+ else
+ return clib_error_return (0, "unknown input `%U'",
+ format_unformat_error, input);
+ }
+
+ if (transport_proto == ~0)
+ {
+ vlib_cli_output (vm, "transport proto must be set");
+ return 0;
+ }
+
+ if (ns_id)
+ {
+ app_ns = app_namespace_get_from_id (ns_id);
+ if (!app_ns)
+ {
+ vlib_cli_output (vm, "appns %v doesn't exist", ns_id);
+ return 0;
+ }
+ }
+ else
+ {
+ app_ns = app_namespace_get_default ();
+ }
+
+ if (scope == 1 || scope == 0)
+ {
+ fib_proto = is_ip4 ? FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6;
+ fib_index = is_ip4 ? app_ns->ip4_fib_index : app_ns->ip6_fib_index;
+ st = session_table_get_for_fib_index (fib_proto, fib_index);
+ }
+ else
+ {
+ st = app_namespace_get_local_table (app_ns);
+ }
+
+ if (show_one)
+ {
+ session_rules_table_show_rule (vm, &st->session_rules, transport_proto,
+ &lcl_ip, lcl_port, &rmt_ip, rmt_port,
+ is_ip4);
+ return 0;
+ }
+
+ session_rules_table_cli_dump (vm, &st->session_rules, FIB_PROTOCOL_IP4,
+ transport_proto);
+ session_rules_table_cli_dump (vm, &st->session_rules, FIB_PROTOCOL_IP6,
+ transport_proto);
+
+ vec_free (ns_id);
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (show_session_rules_command, static) =
+{
+ .path = "show session rules",
+ .short_help = "show session rules [appns <id> proto <proto> <lcl-ip/plen>"
+ " <lcl-port> <rmt-ip/plen> <rmt-port>]",
+ .function = show_session_rules_command_fn,
+};
+/* *INDENT-ON* */
+
void
session_lookup_init (void)
{
void session_lookup_show_table_entries (vlib_main_t * vm,
session_table_t * table, u8 type,
u8 is_local);
+
+enum _session_rule_scope
+{
+ SESSION_RULE_SCOPE_GLOBAL = 1,
+ SESSION_RULE_SCOPE_LOCAL = 2,
+} session_rule_scope_e;
+
+typedef struct _session_rule_add_del_args
+{
+ /**
+ * Actual arguments to adding the rule to a session rules table
+ */
+ session_rule_table_add_del_args_t table_args;
+ /**
+ * Application namespace where rule should be applied. If 0,
+ * default namespace is used.
+ */
+ u32 appns_index;
+ /**
+ * Rule scope flag.
+ */
+ u8 scope;
+} session_rule_add_del_args_t;
+
+clib_error_t *vnet_session_rule_add_del (session_rule_add_del_args_t * args);
+
void session_lookup_init (void);
#endif /* SRC_VNET_SESSION_SESSION_LOOKUP_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+#include <vnet/session/mma_16.h>
+#include <vnet/session/mma_template.c>
+#include <vnet/session/mma_40.h>
+#include <vnet/session/mma_template.c>
+#include <vnet/session/session_rules_table.h>
+#include <vnet/session/transport.h>
+
+static void
+fib_pref_normalize (fib_prefix_t * pref)
+{
+ if (pref->fp_proto == FIB_PROTOCOL_IP4)
+ ip4_address_normalize (&pref->fp_addr.ip4, pref->fp_len);
+ else
+ ip6_address_normalize (&pref->fp_addr.ip6, pref->fp_len);
+}
+
+u8 *
+format_session_rule4 (u8 * s, va_list * args)
+{
+ mma_rules_table_16_t *srt = va_arg (*args, mma_rules_table_16_t *);
+ mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
+ session_mask_or_match_4_t *mask, *match;
+ int i;
+
+ match = (session_mask_or_match_4_t *) & sr->match;
+ mask = (session_mask_or_match_4_t *) & sr->mask;
+
+ s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d",
+ mma_rules_table_rule_index_16 (srt, sr), format_ip4_address,
+ &match->lcl_ip,
+ ip4_mask_to_preflen (&mask->lcl_ip),
+ match->lcl_port, format_ip4_address, &match->rmt_ip,
+ ip4_mask_to_preflen (&mask->rmt_ip),
+ match->rmt_port, sr->action_index);
+ if (vec_len (sr->next_indices))
+ {
+ s = format (s, "\n children: ");
+ for (i = 0; i < vec_len (sr->next_indices); i++)
+ s = format (s, "%d ", sr->next_indices[i]);
+ }
+ return s;
+}
+
+u8 *
+format_session_rule6 (u8 * s, va_list * args)
+{
+ mma_rules_table_40_t *srt = va_arg (*args, mma_rules_table_40_t *);
+ mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
+ session_mask_or_match_6_t *mask, *match;
+ int i;
+
+ match = (session_mask_or_match_6_t *) & sr->match;
+ mask = (session_mask_or_match_6_t *) & sr->mask;
+
+ s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d",
+ mma_rules_table_rule_index_40 (srt, sr), format_ip6_address,
+ &match->lcl_ip, ip6_mask_to_preflen (&mask->lcl_ip),
+ match->lcl_port, format_ip6_address, &match->rmt_ip,
+ ip6_mask_to_preflen (&mask->rmt_ip), match->rmt_port,
+ sr->action_index);
+ if (vec_len (sr->next_indices))
+ {
+ s = format (s, "\n children: ");
+ for (i = 0; i < vec_len (sr->next_indices); i++)
+ s = format (s, "%d ", sr->next_indices[i]);
+ }
+ return s;
+}
+
+void *
+session_rules_table_get (session_rules_table_t * srt, u8 transport_proto,
+ u8 fib_proto)
+{
+ if (fib_proto == FIB_PROTOCOL_IP4)
+ return &srt->session_rules_tables_16[transport_proto];
+ else if (fib_proto == FIB_PROTOCOL_IP6)
+ return &srt->session_rules_tables_40[transport_proto];
+ return 0;
+}
+
+int
+rule_cmp_16 (mma_rule_16_t * rule1, mma_rule_16_t * rule2)
+{
+ session_mask_or_match_4_t *m1, *m2;
+
+ m1 = (session_mask_or_match_4_t *) & rule1->max_match;
+ m2 = (session_mask_or_match_4_t *) & rule2->max_match;
+ if (m1->rmt_ip.as_u32 != m2->rmt_ip.as_u32)
+ return (m1->rmt_ip.as_u32 < m2->rmt_ip.as_u32 ? -1 : 1);
+ if (m1->lcl_ip.as_u32 != m2->lcl_ip.as_u32)
+ return (m1->lcl_ip.as_u32 < m2->lcl_ip.as_u32 ? -1 : 1);
+ if (m1->rmt_port != m2->rmt_port)
+ return (m1->rmt_port < m2->rmt_port ? -1 : 1);
+ if (m1->lcl_port != m2->lcl_port)
+ return (m1->lcl_port < m2->lcl_port ? -1 : 1);
+ return 0;
+}
+
+int
+rule_cmp_40 (mma_rule_40_t * rule1, mma_rule_40_t * rule2)
+{
+ session_mask_or_match_6_t *r1, *r2;
+ r1 = (session_mask_or_match_6_t *) & rule1->max_match;
+ r2 = (session_mask_or_match_6_t *) & rule2->max_match;
+ if (r1->rmt_ip.as_u64[0] != r2->rmt_ip.as_u64[0])
+ return (r1->rmt_ip.as_u64[0] < r2->rmt_ip.as_u64[0] ? -1 : 1);
+ if (r1->rmt_ip.as_u64[1] != r2->rmt_ip.as_u64[1])
+ return (r1->rmt_ip.as_u64[1] < r2->rmt_ip.as_u64[1] ? -1 : 1);
+ if (r1->lcl_ip.as_u64[0] != r2->lcl_ip.as_u64[0])
+ return (r1->lcl_ip.as_u64[0] < r2->lcl_ip.as_u64[0] ? -1 : 1);
+ if (r1->lcl_ip.as_u64[1] != r2->lcl_ip.as_u64[1])
+ return (r1->lcl_ip.as_u64[1] < r2->lcl_ip.as_u64[1]) ? -1 : 1;
+ if (r1->rmt_port != r2->rmt_port)
+ return (r1->rmt_port < r2->rmt_port ? -1 : 1);
+ if (r1->lcl_port != r2->lcl_port)
+ return (r1->lcl_port < r2->lcl_port ? -1 : 1);
+ return 0;
+}
+
+void
+session_rules_table_init_rule_16 (mma_rule_16_t * rule,
+ fib_prefix_t * lcl, u16 lcl_port,
+ fib_prefix_t * rmt, u16 rmt_port)
+{
+ session_mask_or_match_4_t *match, *mask, *max_match;
+ fib_pref_normalize (lcl);
+ fib_pref_normalize (rmt);
+ match = (session_mask_or_match_4_t *) & rule->match;
+ match->lcl_ip.as_u32 = lcl->fp_addr.ip4.as_u32;
+ match->rmt_ip.as_u32 = rmt->fp_addr.ip4.as_u32;
+ match->lcl_port = lcl_port;
+ match->rmt_port = rmt_port;
+ mask = (session_mask_or_match_4_t *) & rule->mask;
+ ip4_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
+ ip4_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
+ mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
+ mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
+ max_match = (session_mask_or_match_4_t *) & rule->max_match;
+ ip4_prefix_max_address_host_order (&rmt->fp_addr.ip4, rmt->fp_len,
+ &max_match->rmt_ip);
+ ip4_prefix_max_address_host_order (&lcl->fp_addr.ip4, lcl->fp_len,
+ &max_match->lcl_ip);
+ max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
+ max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
+}
+
+void
+session_rules_table_init_rule_40 (mma_rule_40_t * rule,
+ fib_prefix_t * lcl, u16 lcl_port,
+ fib_prefix_t * rmt, u16 rmt_port)
+{
+ session_mask_or_match_6_t *match, *mask, *max_match;
+ fib_pref_normalize (lcl);
+ fib_pref_normalize (rmt);
+ match = (session_mask_or_match_6_t *) & rule->match;
+ clib_memcpy (&match->lcl_ip, &lcl->fp_addr.ip6, sizeof (match->lcl_ip));
+ clib_memcpy (&match->rmt_ip, &rmt->fp_addr.ip6, sizeof (match->rmt_ip));
+ match->lcl_port = lcl_port;
+ match->rmt_port = rmt_port;
+ mask = (session_mask_or_match_6_t *) & rule->mask;
+ ip6_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
+ ip6_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
+ mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
+ mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
+ max_match = (session_mask_or_match_6_t *) & rule->max_match;
+ ip6_prefix_max_address_host_order (&rmt->fp_addr.ip6, rmt->fp_len,
+ &max_match->rmt_ip);
+ ip6_prefix_max_address_host_order (&lcl->fp_addr.ip6, lcl->fp_len,
+ &max_match->lcl_ip);
+ max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
+ max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
+}
+
+mma_rule_16_t *
+session_rules_table_alloc_rule_16 (mma_rules_table_16_t * srt,
+ fib_prefix_t * lcl, u16 lcl_port,
+ fib_prefix_t * rmt, u16 rmt_port)
+{
+ mma_rule_16_t *rule = 0;
+ rule = mma_rules_table_rule_alloc_16 (srt);
+ session_rules_table_init_rule_16 (rule, lcl, lcl_port, rmt, rmt_port);
+ return rule;
+}
+
+mma_rule_40_t *
+session_rules_table_alloc_rule_40 (mma_rules_table_40_t * srt,
+ fib_prefix_t * lcl, u16 lcl_port,
+ fib_prefix_t * rmt, u16 rmt_port)
+{
+ mma_rule_40_t *rule;
+ rule = mma_rules_table_rule_alloc_40 (srt);
+ session_rules_table_init_rule_40 (rule, lcl, lcl_port, rmt, rmt_port);
+ return rule;
+}
+
+clib_error_t *
+session_rules_table_add_del (session_rules_table_t * srt,
+ session_rule_table_add_del_args_t * args)
+{
+ u8 fib_proto = args->rmt.fp_proto;
+
+ if (args->transport_proto != TRANSPORT_PROTO_TCP
+ && args->transport_proto != TRANSPORT_PROTO_UDP)
+ return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
+ "invalid transport proto");
+
+ if (fib_proto == FIB_PROTOCOL_IP4)
+ {
+ mma_rules_table_16_t *srt4;
+ srt4 = &srt->session_rules_tables_16[args->transport_proto];
+ if (args->is_add)
+ {
+ mma_rule_16_t *rule;
+ rule = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
+ args->lcl_port,
+ &args->rmt,
+ args->rmt_port);
+ rule->action_index = args->action_index;
+ mma_rules_table_add_rule_16 (srt4, rule);
+ }
+ else
+ {
+ mma_rule_16_t rule;
+ memset (&rule, 0, sizeof (rule));
+ session_rules_table_init_rule_16 (&rule, &args->lcl, args->lcl_port,
+ &args->rmt, args->rmt_port);
+ mma_rules_table_del_rule_16 (srt4, &rule, srt4->root_index);
+ }
+ }
+ else if (fib_proto == FIB_PROTOCOL_IP6)
+ {
+ mma_rules_table_40_t *srt6;
+ mma_rule_40_t *rule;
+ srt6 = &srt->session_rules_tables_40[args->transport_proto];
+ if (args->is_add)
+ {
+ rule = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
+ args->lcl_port,
+ &args->rmt,
+ args->rmt_port);
+ rule->action_index = args->action_index;
+ mma_rules_table_add_rule_40 (srt6, rule);
+ }
+ else
+ {
+ mma_rule_40_t rule;
+ memset (&rule, 0, sizeof (rule));
+ session_rules_table_init_rule_40 (&rule, &args->lcl, args->lcl_port,
+ &args->rmt, args->rmt_port);
+ mma_rules_table_del_rule_40 (srt6, &rule, srt6->root_index);
+ }
+ }
+ else
+ return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE_2, 0,
+ "invalid fib proto");
+ return 0;
+}
+
+u32
+session_rules_table_lookup4 (session_rules_table_t * srt, u8 transport_proto,
+ ip4_address_t * lcl_ip, ip4_address_t * rmt_ip,
+ u16 lcl_port, u16 rmt_port)
+{
+ mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16[transport_proto];
+ session_mask_or_match_4_t key = {
+ .lcl_ip.as_u32 = lcl_ip->as_u32,
+ .rmt_ip.as_u32 = rmt_ip->as_u32,
+ .lcl_port = lcl_port,
+ .rmt_port = rmt_port,
+ };
+ return mma_rules_table_lookup_16 (srt4,
+ (mma_mask_or_match_16_t *) & key,
+ srt4->root_index);
+}
+
+u32
+session_rules_table_lookup6 (session_rules_table_t * srt, u8 transport_proto,
+ ip6_address_t * lcl_ip, ip6_address_t * rmt_ip,
+ u16 lcl_port, u16 rmt_port)
+{
+ mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40[transport_proto];
+ session_mask_or_match_6_t key = {
+ .lcl_port = lcl_port,
+ .rmt_port = rmt_port,
+ };
+ clib_memcpy (&key.lcl_ip, &lcl_ip, sizeof (&lcl_ip));
+ clib_memcpy (&key.rmt_ip, &rmt_ip, sizeof (&rmt_ip));
+ return mma_rules_table_lookup_40 (srt6,
+ (mma_mask_or_match_40_t *) & key,
+ srt6->root_index);
+}
+
+void
+session_rules_table_init (session_rules_table_t * srt)
+{
+ mma_rules_table_16_t *srt4;
+ mma_rules_table_40_t *srt6;
+ mma_rule_16_t *rule4;
+ mma_rule_40_t *rule6;
+ fib_prefix_t null_prefix;
+ int i;
+
+ memset (&null_prefix, 0, sizeof (null_prefix));
+
+ for (i = 0; i < TRANSPORT_N_PROTO; i++)
+ {
+ srt4 = &srt->session_rules_tables_16[i];
+ rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
+ &null_prefix, 0);
+ rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
+ srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
+ srt4->rule_cmp_fn = rule_cmp_16;
+ }
+
+ for (i = 0; i < TRANSPORT_N_PROTO; i++)
+ {
+ srt6 = &srt->session_rules_tables_40[i];;
+ rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
+ &null_prefix, 0);
+ rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
+ srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
+ srt6->rule_cmp_fn = rule_cmp_40;
+ }
+}
+
+void
+session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
+ u8 transport_proto, ip46_address_t * lcl_ip,
+ u16 lcl_port, ip46_address_t * rmt_ip,
+ u16 rmt_port, u8 is_ip4)
+{
+ mma_rules_table_16_t *srt4;
+ mma_rules_table_40_t *srt6;
+ mma_rule_16_t *sr4;
+ mma_rule_40_t *sr6;
+ u32 ri;
+
+ if (is_ip4)
+ {
+ srt4 = session_rules_table_get (srt, transport_proto, FIB_PROTOCOL_IP4);
+ session_mask_or_match_4_t key = {
+ .lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
+ .rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
+ .lcl_port = lcl_port,
+ .rmt_port = rmt_port,
+ };
+ ri =
+ mma_rules_table_lookup_rule_16 (srt4,
+ (mma_mask_or_match_16_t *) & key,
+ srt4->root_index);
+ sr4 = mma_rules_table_get_rule_16 (srt4, ri);
+ vlib_cli_output (vm, "%U", format_session_rule4, srt4, sr4);
+ }
+ else
+ {
+ srt6 = session_rules_table_get (srt, transport_proto, FIB_PROTOCOL_IP6);
+ session_mask_or_match_6_t key = {
+ .lcl_port = lcl_port,
+ .rmt_port = rmt_port,
+ };
+ clib_memcpy (&key.lcl_ip, &lcl_ip->ip6, sizeof (&lcl_ip->ip6));
+ clib_memcpy (&key.rmt_ip, &rmt_ip->ip6, sizeof (&rmt_ip->ip6));
+ ri =
+ mma_rules_table_lookup_rule_40 (srt6,
+ (mma_mask_or_match_40_t *) &
+ key, srt6->root_index);
+ sr6 = mma_rules_table_get_rule_40 (srt6, ri);
+ vlib_cli_output (vm, "%U", format_session_rule6, srt6, sr6);
+ }
+}
+
+void
+session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
+ u8 fib_proto, u8 transport_proto)
+{
+ if (fib_proto == FIB_PROTOCOL_IP4)
+ {
+ mma_rules_table_16_t *srt4;
+ mma_rule_16_t *sr4;
+ srt4 = &srt->session_rules_tables_16[transport_proto];
+ vlib_cli_output (vm, "%U IP4 rules table", format_transport_proto,
+ transport_proto);
+
+ /* *INDENT-OFF* */
+ pool_foreach(sr4, srt4->rules, ({
+ vlib_cli_output (vm, "%U", format_session_rule4, srt4, sr4);
+ }));
+ /* *INDENT-ON* */
+
+ }
+ else if (fib_proto == FIB_PROTOCOL_IP6)
+ {
+ mma_rules_table_40_t *srt6;
+ mma_rule_40_t *sr6;
+ srt6 = &srt->session_rules_tables_40[transport_proto];
+ vlib_cli_output (vm, "\n%U IP6 rules table", format_transport_proto,
+ transport_proto);
+
+ /* *INDENT-OFF* */
+ pool_foreach(sr6, srt6->rules, ({
+ vlib_cli_output (vm, "%U", format_session_rule6, srt6, sr6);
+ }));
+ /* *INDENT-ON* */
+
+ }
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
+#define SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
+
+#include <vnet/vnet.h>
+#include <vnet/fib/fib.h>
+#include <vnet/session/transport.h>
+#include <vnet/session/mma_16.h>
+#include <vnet/session/mma_40.h>
+
+/* *INDENT-OFF* */
+typedef CLIB_PACKED (struct
+{
+ union
+ {
+ struct
+ {
+ ip4_address_t rmt_ip;
+ ip4_address_t lcl_ip;
+ u16 rmt_port;
+ u16 lcl_port;
+ };
+ u64 as_u64[2];
+ };
+}) session_mask_or_match_4_t;
+
+typedef CLIB_PACKED (struct
+{
+ union
+ {
+ struct
+ {
+ ip6_address_t rmt_ip;
+ ip6_address_t lcl_ip;
+ u16 rmt_port;
+ u16 lcl_port;
+ };
+ u64 as_u64[5];
+ };
+}) session_mask_or_match_6_t;
+/* *INDENT-ON* */
+
+typedef struct _session_rules_table_add_del_args
+{
+ u8 transport_proto;
+ fib_prefix_t lcl;
+ fib_prefix_t rmt;
+ u16 lcl_port;
+ u16 rmt_port;
+ u32 action_index;
+ u8 is_add;
+} session_rule_table_add_del_args_t;
+
+typedef struct _session_rules_table_t
+{
+ /**
+ * Per fib proto and transport proto session rules tables
+ */
+ mma_rules_table_16_t session_rules_tables_16[TRANSPORT_N_PROTO];
+ mma_rules_table_40_t session_rules_tables_40[TRANSPORT_N_PROTO];
+} session_rules_table_t;
+
+void *session_rules_table_get (session_rules_table_t * srt,
+ u8 transport_proto, u8 fib_proto);
+u32 session_rules_table_lookup4 (session_rules_table_t * srt,
+ u8 transport_proto, ip4_address_t * lcl_ip,
+ ip4_address_t * rmt_ip, u16 lcl_port,
+ u16 rmt_port);
+u32 session_rules_table_lookup6 (session_rules_table_t * srt,
+ u8 transport_proto, ip6_address_t * lcl_ip,
+ ip6_address_t * rmt_ip, u16 lcl_port,
+ u16 rmt_port);
+void session_rules_table_cli_dump (vlib_main_t * vm,
+ session_rules_table_t * srt, u8 fib_proto,
+ u8 transport_proto);
+void session_rules_table_show_rule (vlib_main_t * vm,
+ session_rules_table_t * srt,
+ u8 transport_proto,
+ ip46_address_t * lcl_ip, u16 lcl_port,
+ ip46_address_t * rmt_ip, u16 rmt_port,
+ u8 is_ip4);
+clib_error_t *session_rules_table_add_del (session_rules_table_t * srt,
+ session_rule_table_add_del_args_t *
+ args);
+void session_rules_table_init (session_rules_table_t * srt);
+#endif /* SRC_VNET_SESSION_SESSION_RULES_TABLE_H_ */
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
clib_bihash_init_48_8 (&slt->v6_half_open_hash, "v6 half-open table",
configured_v6_halfopen_table_buckets,
configured_v6_halfopen_table_memory);
+
+ session_rules_table_init (&slt->session_rules);
}
typedef struct _ip4_session_table_walk_ctx_t
#include <vppinfra/bihash_16_8.h>
#include <vppinfra/bihash_48_8.h>
+#include <vnet/session/session_rules_table.h>
typedef struct _session_lookup_table
{
*/
clib_bihash_16_8_t v4_half_open_hash;
clib_bihash_48_8_t v6_half_open_hash;
+
+ /**
+ * Per fib proto and transport proto session rules tables
+ */
+ session_rules_table_t session_rules;
} session_table_t;
#define SESSION_TABLE_INVALID_INDEX ((u32)~0)
#include <vnet/session/application_interface.h>
#include <vnet/session/application.h>
#include <vnet/session/session.h>
+#include <vnet/session/session_rules_table.h>
#define SESSION_TEST_I(_cond, _comment, _args...) \
({ \
return 0;
}
+static int
+session_test_rule_table (vlib_main_t * vm, unformat_input_t * input)
+{
+ session_rules_table_t _srt, *srt = &_srt;
+ u16 lcl_port = 1234, rmt_port = 4321;
+ u32 action_index = 1, res;
+ ip4_address_t lcl_lkup, rmt_lkup;
+ clib_error_t *error;
+ int verbose = 0;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "verbose"))
+ verbose = 1;
+ else
+ {
+ vlib_cli_output (vm, "parse error: '%U'", format_unformat_error,
+ input);
+ return -1;
+ }
+ }
+
+ memset (srt, 0, sizeof (*srt));
+ session_rules_table_init (srt);
+
+ ip4_address_t lcl_ip = {
+ .as_u32 = clib_host_to_net_u32 (0x01020304),
+ };
+ ip4_address_t rmt_ip = {
+ .as_u32 = clib_host_to_net_u32 (0x05060708),
+ };
+ ip4_address_t lcl_ip2 = {
+ .as_u32 = clib_host_to_net_u32 (0x02020202),
+ };
+ ip4_address_t rmt_ip2 = {
+ .as_u32 = clib_host_to_net_u32 (0x06060606),
+ };
+ ip4_address_t lcl_ip3 = {
+ .as_u32 = clib_host_to_net_u32 (0x03030303),
+ };
+ ip4_address_t rmt_ip3 = {
+ .as_u32 = clib_host_to_net_u32 (0x07070707),
+ };
+ fib_prefix_t lcl_pref = {
+ .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
+ .fp_len = 16,
+ .fp_proto = FIB_PROTOCOL_IP4,
+ };
+ fib_prefix_t rmt_pref = {
+ .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
+ .fp_len = 16,
+ .fp_proto = FIB_PROTOCOL_IP4,
+ };
+
+ session_rule_table_add_del_args_t args = {
+ .lcl = lcl_pref,
+ .rmt = rmt_pref,
+ .lcl_port = lcl_port,
+ .rmt_port = rmt_port,
+ .action_index = action_index++,
+ .is_add = 1,
+ };
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
+ action_index - 1);
+
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 1),
+ "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 1: %d",
+ res);
+
+ /*
+ * Add 1.2.3.4/24 1234 5.6.7.8/16 4321 and 1.2.3.4/24 1234 5.6.7.8/24 4321
+ */
+ args.lcl.fp_addr.ip4 = lcl_ip;
+ args.lcl.fp_len = 24;
+ args.action_index = action_index++;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/16 4321 action %d",
+ action_index - 1);
+ args.rmt.fp_addr.ip4 = rmt_ip;
+ args.rmt.fp_len = 24;
+ args.action_index = action_index++;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1234 5.6.7.8/24 4321 action %d",
+ action_index - 1);
+
+ /*
+ * Add 2.2.2.2/24 1234 6.6.6.6/16 4321 and 3.3.3.3/24 1234 7.7.7.7/16 4321
+ */
+ args.lcl.fp_addr.ip4 = lcl_ip2;
+ args.lcl.fp_len = 24;
+ args.rmt.fp_addr.ip4 = rmt_ip2;
+ args.rmt.fp_len = 16;
+ args.action_index = action_index++;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 2.2.2.2/24 1234 6.6.6.6/16 4321 action %d",
+ action_index - 1);
+ args.lcl.fp_addr.ip4 = lcl_ip3;
+ args.rmt.fp_addr.ip4 = rmt_ip3;
+ args.action_index = action_index++;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 3.3.3.3/24 1234 7.7.7.7/16 4321 action %d",
+ action_index - 1);
+
+ /*
+ * Add again 3.3.3.3/24 1234 7.7.7.7/16 4321
+ */
+ args.lcl.fp_addr.ip4 = lcl_ip3;
+ args.rmt.fp_addr.ip4 = rmt_ip3;
+ args.action_index = action_index++;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "overwrite 3.3.3.3/24 1234 7.7.7.7/16 4321 "
+ "action %d", action_index - 1);
+
+ /*
+ * Lookup 1.2.3.4/32 1234 5.6.7.8/32 4321, 1.2.2.4/32 1234 5.6.7.9/32 4321
+ * and 3.3.3.3 1234 7.7.7.7 4321
+ */
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 3),
+ "Lookup 1.2.3.4 1234 5.6.7.8 4321 action " "should be 3: %d",
+ res);
+
+ lcl_lkup.as_u32 = clib_host_to_net_u32 (0x01020204);
+ rmt_lkup.as_u32 = clib_host_to_net_u32 (0x05060709);
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_lkup,
+ &rmt_lkup, lcl_port, rmt_port);
+ SESSION_TEST ((res == 1),
+ "Lookup 1.2.2.4 1234 5.6.7.9 4321, action " "should be 1: %d",
+ res);
+
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip3, &rmt_ip3,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 6),
+ "Lookup 3.3.3.3 1234 7.7.7.7 4321, action "
+ "should be 6 (updated): %d", res);
+
+ /*
+ * Add 1.2.3.4/24 * 5.6.7.8/24 *
+ * Lookup 1.2.3.4 1234 5.6.7.8 4321 and 1.2.3.4 1235 5.6.7.8 4321
+ */
+ args.lcl.fp_addr.ip4 = lcl_ip;
+ args.rmt.fp_addr.ip4 = rmt_ip;
+ args.lcl.fp_len = 24;
+ args.rmt.fp_len = 24;
+ args.lcl_port = 0;
+ args.rmt_port = 0;
+ args.action_index = action_index++;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/24 * 5.6.7.8/24 * action %d",
+ action_index - 1);
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 7),
+ "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should"
+ " be 7 (lpm dst): %d", res);
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port + 1, rmt_port);
+ SESSION_TEST ((res == 7),
+ "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 7: %d",
+ res);
+
+ /*
+ * Del 1.2.3.4/24 * 5.6.7.8/24 *
+ * Add 1.2.3.4/16 * 5.6.7.8/16 * and 1.2.3.4/24 1235 5.6.7.8/24 4321
+ * Lookup 1.2.3.4 1234 5.6.7.8 4321, 1.2.3.4 1235 5.6.7.8 4321 and
+ * 1.2.3.4 1235 5.6.7.8 4322
+ */
+ args.is_add = 0;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Del 1.2.3.4/24 * 5.6.7.8/24 *");
+
+ args.lcl.fp_addr.ip4 = lcl_ip;
+ args.rmt.fp_addr.ip4 = rmt_ip;
+ args.lcl.fp_len = 16;
+ args.rmt.fp_len = 16;
+ args.lcl_port = 0;
+ args.rmt_port = 0;
+ args.action_index = action_index++;
+ args.is_add = 1;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 * action %d",
+ action_index - 1);
+
+ args.lcl.fp_addr.ip4 = lcl_ip;
+ args.rmt.fp_addr.ip4 = rmt_ip;
+ args.lcl.fp_len = 24;
+ args.rmt.fp_len = 24;
+ args.lcl_port = lcl_port + 1;
+ args.rmt_port = rmt_port;
+ args.action_index = action_index++;
+ args.is_add = 1;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/24 1235 5.6.7.8/24 4321 action %d",
+ action_index - 1);
+
+ if (verbose)
+ session_rules_table_cli_dump (vm, srt, FIB_PROTOCOL_IP4,
+ TRANSPORT_PROTO_TCP);
+
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 3),
+ "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
+ res);
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port + 1, rmt_port);
+ SESSION_TEST ((res == 9),
+ "Lookup 1.2.3.4 1235 5.6.7.8 4321, action should " "be 9: %d",
+ res);
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port + 1, rmt_port + 1);
+ SESSION_TEST ((res == 8),
+ "Lookup 1.2.3.4 1235 5.6.7.8 4322, action should " "be 8: %d",
+ res);
+
+ /*
+ * Delete 1.2.0.0/16 1234 5.6.0.0/16 4321 and 1.2.0.0/16 * 5.6.0.0/16 *
+ * Lookup 1.2.3.4 1234 5.6.7.8 4321
+ */
+ args.lcl_port = 1234;
+ args.rmt_port = 4321;
+ args.lcl.fp_len = 16;
+ args.rmt.fp_len = 16;
+ args.is_add = 0;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Del 1.2.0.0/16 1234 5.6.0.0/16 4321");
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 3),
+ "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
+ res);
+
+ args.lcl_port = 0;
+ args.rmt_port = 0;
+ args.is_add = 0;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Del 1.2.0.0/16 * 5.6.0.0/16 *");
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 3),
+ "Lookup 1.2.3.4 1234 5.6.7.8 4321, action should " "be 3: %d",
+ res);
+
+ /*
+ * Delete 1.2.3.4/24 1234 5.6.7.5/24
+ */
+ args.lcl.fp_addr.ip4 = lcl_ip;
+ args.rmt.fp_addr.ip4 = rmt_ip;
+ args.lcl.fp_len = 24;
+ args.rmt.fp_len = 24;
+ args.lcl_port = 1234;
+ args.rmt_port = 4321;
+ args.is_add = 0;
+ error = session_rules_table_add_del (srt, &args);
+ SESSION_TEST ((error == 0), "Del 1.2.3.4/24 1234 5.6.7.5/24");
+ res =
+ session_rules_table_lookup4 (srt, TRANSPORT_PROTO_TCP, &lcl_ip, &rmt_ip,
+ lcl_port, rmt_port);
+ SESSION_TEST ((res == 2), "Action should be 2: %d", res);
+
+ return 0;
+}
+
+static int
+session_test_rules (vlib_main_t * vm, unformat_input_t * input)
+{
+ session_endpoint_t server_sep = SESSION_ENDPOINT_NULL;
+ u64 options[SESSION_OPTIONS_N_OPTIONS];
+ u16 lcl_port = 1234, rmt_port = 4321;
+ u32 server_index, app_index;
+ u32 dummy_server_api_index = ~0;
+ transport_connection_t *tc;
+ u32 dummy_port = 1111;
+ clib_error_t *error = 0;
+ u8 segment_name[128];
+ stream_session_t *listener, *s;
+ app_namespace_t *default_ns = app_namespace_get_default ();
+ u32 local_ns_index = default_ns->local_table_index;
+
+ server_sep.is_ip4 = 1;
+ server_sep.port = dummy_port;
+ memset (options, 0, sizeof (options));
+
+ vnet_app_attach_args_t attach_args = {
+ .api_client_index = ~0,
+ .options = options,
+ .namespace_id = 0,
+ .session_cb_vft = &dummy_session_cbs,
+ .segment_name = segment_name,
+ };
+
+ vnet_bind_args_t bind_args = {
+ .sep = server_sep,
+ .app_index = 0,
+ };
+
+ /*
+ * Attach server with global and local default scope
+ */
+ options[APP_OPTIONS_FLAGS] = APP_OPTIONS_FLAGS_BUILTIN_APP;
+ options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_ACCEPT_REDIRECT;
+ options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_GLOBAL_SCOPE;
+ options[APP_OPTIONS_FLAGS] |= APP_OPTIONS_FLAGS_USE_LOCAL_SCOPE;
+ attach_args.namespace_id = 0;
+ attach_args.api_client_index = dummy_server_api_index;
+ error = vnet_application_attach (&attach_args);
+ SESSION_TEST ((error == 0), "server attached");
+ server_index = attach_args.app_index;
+
+ bind_args.app_index = server_index;
+ error = vnet_bind (&bind_args);
+ SESSION_TEST ((error == 0), "server bound to %U/%d", format_ip46_address,
+ &server_sep.ip, 1, server_sep.port);
+ listener = listen_session_get_from_handle (bind_args.handle);
+ ip4_address_t lcl_ip = {
+ .as_u32 = clib_host_to_net_u32 (0x01020304),
+ };
+ ip4_address_t rmt_ip = {
+ .as_u32 = clib_host_to_net_u32 (0x05060708),
+ };
+ fib_prefix_t lcl_pref = {
+ .fp_addr.ip4.as_u32 = lcl_ip.as_u32,
+ .fp_len = 16,
+ .fp_proto = FIB_PROTOCOL_IP4,
+ };
+ fib_prefix_t rmt_pref = {
+ .fp_addr.ip4.as_u32 = rmt_ip.as_u32,
+ .fp_len = 16,
+ .fp_proto = FIB_PROTOCOL_IP4,
+ };
+
+ tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port,
+ rmt_port, TRANSPORT_PROTO_TCP, 0);
+ SESSION_TEST ((tc == 0), "optimized lookup should not work (port)");
+
+ /*
+ * Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action server_index
+ */
+ session_rule_add_del_args_t args = {
+ .table_args.lcl = lcl_pref,
+ .table_args.rmt = rmt_pref,
+ .table_args.lcl_port = lcl_port,
+ .table_args.rmt_port = rmt_port,
+ .table_args.action_index = server_index,
+ .table_args.is_add = 1,
+ .appns_index = 0,
+ };
+ error = vnet_session_rule_add_del (&args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/16 1234 5.6.7.8/16 4321 action %d",
+ args.table_args.action_index);
+
+ tc = session_lookup_connection4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port, rmt_port,
+ TRANSPORT_PROTO_TCP);
+ SESSION_TEST ((tc->c_index == listener->connection_index),
+ "optimized lookup should return the listener");
+ tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port,
+ rmt_port, TRANSPORT_PROTO_TCP, 0);
+ SESSION_TEST ((tc->c_index == listener->connection_index),
+ "lookup should return the listener");
+ s = session_lookup_safe4 (0, &lcl_pref.fp_addr.ip4, &rmt_pref.fp_addr.ip4,
+ lcl_port, rmt_port, TRANSPORT_PROTO_TCP);
+ SESSION_TEST ((s->connection_index == listener->connection_index),
+ "safe lookup should return the listener");
+ session_endpoint_t sep = {
+ .ip = rmt_pref.fp_addr,
+ .is_ip4 = 1,
+ .port = rmt_port,
+ .transport_proto = TRANSPORT_PROTO_TCP,
+ };
+ app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
+ SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
+ "should not work (global scope)");
+
+ tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port + 1,
+ rmt_port, TRANSPORT_PROTO_TCP, 0);
+ SESSION_TEST ((tc == 0),
+ "optimized lookup for wrong lcl port + 1 should not" " work");
+
+ /*
+ * Add 1.2.3.4/16 * 5.6.7.8/16 4321
+ */
+ args.table_args.lcl_port = 0;
+ args.scope = SESSION_RULE_SCOPE_LOCAL | SESSION_RULE_SCOPE_GLOBAL;
+ error = vnet_session_rule_add_del (&args);
+ SESSION_TEST ((error == 0), "Add 1.2.3.4/16 * 5.6.7.8/16 4321 action %d",
+ args.table_args.action_index);
+ tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port + 1,
+ rmt_port, TRANSPORT_PROTO_TCP, 0);
+ SESSION_TEST ((tc->c_index == listener->connection_index),
+ "optimized lookup for lcl port + 1 should work");
+ app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
+ SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
+ "should not work (constrained lcl ip)");
+
+ /*
+ * Add local scope rule for 0/0 * 5.6.7.8/16 4321 action server_index
+ */
+ args.table_args.lcl.fp_len = 0;
+ error = vnet_session_rule_add_del (&args);
+ SESSION_TEST ((error == 0), "Add * * 5.6.7.8/16 4321 action %d",
+ args.table_args.action_index);
+ app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
+ SESSION_TEST ((app_index == server_index), "local session endpoint lookup "
+ "should work");
+
+ /*
+ * Delete 0/0 * 5.6.7.8/16 4321, 1.2.3.4/16 * 5.6.7.8/16 4321 and
+ * 1.2.3.4/16 1234 5.6.7.8/16 4321
+ */
+ args.table_args.is_add = 0;
+ error = vnet_session_rule_add_del (&args);
+ SESSION_TEST ((error == 0), "Del 0/0 * 5.6.7.8/16 4321");
+ app_index = session_lookup_local_session_endpoint (local_ns_index, &sep);
+ SESSION_TEST ((app_index != server_index), "local session endpoint lookup "
+ "should not work (removed)");
+
+ args.table_args.is_add = 0;
+ args.table_args.lcl = lcl_pref;
+ error = vnet_session_rule_add_del (&args);
+ SESSION_TEST ((error == 0), "Del 1.2.3.4/16 * 5.6.7.8/16 4321");
+ tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port + 1,
+ rmt_port, TRANSPORT_PROTO_TCP, 0);
+ SESSION_TEST ((tc == 0), "optimized lookup for lcl port + 1 should not "
+ "work (del)");
+
+ args.table_args.is_add = 0;
+ args.table_args.lcl_port = 1234;
+ error = vnet_session_rule_add_del (&args);
+ SESSION_TEST ((error == 0), "Del 1.2.3.4/16 1234 5.6.7.8/16 4321");
+ tc = session_lookup_connection_wt4 (0, &lcl_pref.fp_addr.ip4,
+ &rmt_pref.fp_addr.ip4, lcl_port,
+ rmt_port, TRANSPORT_PROTO_TCP, 0);
+ SESSION_TEST ((tc == 0), "optimized lookup should not work (del)");
+ return 0;
+}
+
static clib_error_t *
session_test (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd_arg)
{
res = session_test_namespace (vm, input);
}
+ else if (unformat (input, "rules-table"))
+ res = session_test_rule_table (vm, input);
+ else if (unformat (input, "rules"))
+ res = session_test_rules (vm, input);
else
break;
}
*/
static clib_spinlock_t local_endpoints_lock;
+u8 *
+format_transport_proto (u8 * s, va_list * args)
+{
+ u32 transport_proto = va_arg (*args, u32);
+ switch (transport_proto)
+ {
+ case TRANSPORT_PROTO_TCP:
+ s = format (s, "TCP");
+ break;
+ case TRANSPORT_PROTO_UDP:
+ s = format (s, "UDP");
+ break;
+ }
+ return s;
+}
+
+uword
+unformat_transport_proto (unformat_input_t * input, va_list * args)
+{
+ u32 *proto = va_arg (*args, u32 *);
+ if (unformat (input, "tcp"))
+ *proto = TRANSPORT_PROTO_TCP;
+ else if (unformat (input, "TCP"))
+ *proto = TRANSPORT_PROTO_TCP;
+ else if (unformat (input, "udp"))
+ *proto = TRANSPORT_PROTO_UDP;
+ else if (unformat (input, "UDP"))
+ *proto = TRANSPORT_PROTO_UDP;
+ else
+ return 0;
+ return 1;
+}
u32
transport_endpoint_lookup (transport_endpoint_table_t * ht, u8 proto,
TRANSPORT_N_PROTO
} transport_proto_t;
+u8 *format_transport_proto (u8 * s, va_list * args);
+uword unformat_transport_proto (unformat_input_t * input, va_list * args);
+
#define foreach_transport_connection_fields \
_(u32, sw_if_index) /**< interface endpoint is associated with */ \
_(ip46_address_t, ip) /**< ip address */ \
/* Create child session and send SYN-ACK */
child0 = tcp_connection_new (my_thread_index);
- child0->c_lcl_port = lc0->c_lcl_port;
+ child0->c_lcl_port = th0->dst_port;
child0->c_rmt_port = th0->src_port;
child0->c_is_ip4 = is_ip4;
child0->state = TCP_STATE_SYN_RCVD;
FINISH;
}
+static void *vl_api_session_rule_add_del_t_print
+ (vl_api_session_rule_add_del_t * mp, void *handle)
+{
+ u8 *s;
+ char *proto = mp->transport_proto == 0 ? "tcp" : "udp";
+ s = format (0, "SCRIPT: session_rule_add_del ");
+ if (mp->is_ip4)
+ s = format (s, "appns %d scope %d %s %U/%d %d %U/%d %d action %u",
+ mp->appns_index, mp->scope, proto, format_ip4_address,
+ (ip4_address_t *) mp->lcl_ip, mp->lcl_plen,
+ format_ip4_address, (ip4_address_t *) mp->rmt_ip,
+ mp->rmt_plen, mp->action_index);
+ else
+ s = format (s, "appns %d scope %d %s %U/%d %d %U/%d %d action %u",
+ mp->appns_index, mp->scope, proto, format_ip6_address,
+ (ip6_address_t *) mp->lcl_ip, mp->lcl_plen,
+ format_ip6_address, (ip6_address_t *) mp->rmt_ip,
+ mp->rmt_plen, mp->action_index);
+ FINISH;
+}
+
#define foreach_custom_print_no_arg_function \
_(lisp_eid_table_vni_dump) \
_(lisp_map_resolver_dump) \
_(DNS_ENABLE_DISABLE, dns_enable_disable) \
_(DNS_NAME_SERVER_ADD_DEL, dns_name_server_add_del) \
_(DNS_RESOLVE_NAME, dns_resolve_name) \
-_(DNS_RESOLVE_IP, dns_resolve_ip)
+_(DNS_RESOLVE_IP, dns_resolve_ip) \
+_(SESSION_RULE_ADD_DEL, session_rule_add_del)
void
vl_msg_api_custom_dump_configure (api_main_t * am)
{
Code Review / vpp.git / commitdiff