summaryrefslogtreecommitdiffstats
path: root/src/vat/api_format.c
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2017-10-17 00:03:13 -0700
committerDave Barach <openvpp@barachs.net>2017-10-28 19:56:39 +0000
commit1c7104514cd40d2377caca36cf40c13b791bc5aa (patch)
tree2b95bb11dd8658e826ad8cb3fe4d399adbab7e01 /src/vat/api_format.c
parentae5a02f8235b9a243df09b42e932ae5f238e366b (diff)
session: rules tables
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vat/api_format.c')
-rw-r--r--src/vat/api_format.c99
1 files changed, 96 insertions, 3 deletions
diff --git a/src/vat/api_format.c b/src/vat/api_format.c
index dd3cbf72660..c6b6317ef18 100644
--- a/src/vat/api_format.c
+++ b/src/vat/api_format.c
@@ -5183,7 +5183,8 @@ _(sw_interface_set_lldp_reply) \
_(tcp_configure_src_addresses_reply) \
_(app_namespace_add_del_reply) \
_(dns_enable_disable_reply) \
-_(dns_name_server_add_del_reply)
+_(dns_name_server_add_del_reply) \
+_(session_rule_add_del_reply)
#define _(n) \
static void vl_api_##n##_t_handler \
@@ -5494,7 +5495,8 @@ _(APP_NAMESPACE_ADD_DEL_REPLY, app_namespace_add_del_reply) \
_(DNS_ENABLE_DISABLE_REPLY, dns_enable_disable_reply) \
_(DNS_NAME_SERVER_ADD_DEL_REPLY, dns_name_server_add_del_reply) \
_(DNS_RESOLVE_NAME_REPLY, dns_resolve_name_reply) \
-_(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply)
+_(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply) \
+_(SESSION_RULE_ADD_DEL_REPLY, session_rule_add_del_reply)
#define foreach_standalone_reply_msg \
_(SW_INTERFACE_EVENT, sw_interface_event) \
@@ -21189,6 +21191,93 @@ api_dns_name_server_add_del (vat_main_t * vam)
return ret;
}
+static int
+api_session_rule_add_del (vat_main_t * vam)
+{
+ vl_api_session_rule_add_del_t *mp;
+ unformat_input_t *i = vam->input;
+ u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen, rmt_plen;
+ u32 appns_index = 0, scope = 0;
+ ip4_address_t lcl_ip4, rmt_ip4;
+ ip6_address_t lcl_ip6, rmt_ip6;
+ u8 is_ip4 = 1, conn_set = 0;
+ u8 is_add = 1;
+ int ret;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "del"))
+ is_add = 0;
+ else if (unformat (i, "add"))
+ ;
+ else if (unformat (i, "proto tcp"))
+ proto = 0;
+ else if (unformat (i, "proto udp"))
+ proto = 1;
+ else if (unformat (i, "appns %d", &appns_index))
+ ;
+ else if (unformat (i, "scope %d", &scope))
+ ;
+ else
+ if (unformat
+ (i, "%U/%d %d %U/%d %d", unformat_ip4_address, &lcl_ip4,
+ &lcl_plen, &lcl_port, unformat_ip4_address, &rmt_ip4, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 1;
+ conn_set = 1;
+ }
+ else
+ if (unformat
+ (i, "%U/%d %d %U/%d %d", unformat_ip6_address, &lcl_ip6,
+ &lcl_plen, &lcl_port, unformat_ip6_address, &rmt_ip6, &rmt_plen,
+ &rmt_port))
+ {
+ is_ip4 = 0;
+ conn_set = 1;
+ }
+ else if (unformat (i, "action %d", &action))
+ ;
+ else
+ break;
+ }
+ if (proto == ~0 || !conn_set || action == ~0)
+ {
+ errmsg ("transport proto, connection and action must be set");
+ return -99;
+ }
+
+ if (scope > 3)
+ {
+ errmsg ("scope should be 0-3");
+ return -99;
+ }
+
+ M (SESSION_RULE_ADD_DEL, mp);
+
+ mp->is_ip4 = is_ip4;
+ mp->transport_proto = proto;
+ mp->lcl_plen = clib_host_to_net_u16 (lcl_plen);
+ mp->rmt_plen = clib_host_to_net_u16 (rmt_plen);
+ mp->action_index = clib_host_to_net_u32 (action);
+ mp->appns_index = clib_host_to_net_u32 (appns_index);
+ mp->scope = scope;
+ mp->is_add = is_add;
+ if (is_ip4)
+ {
+ clib_memcpy (mp->lcl_ip, &lcl_ip4, sizeof (lcl_ip4));
+ clib_memcpy (mp->rmt_ip, &rmt_ip4, sizeof (rmt_ip4));
+ }
+ else
+ {
+ clib_memcpy (mp->lcl_ip, &lcl_ip6, sizeof (lcl_ip6));
+ clib_memcpy (mp->rmt_ip, &rmt_ip6, sizeof (rmt_ip6));
+ }
+
+ S (mp);
+ W (ret);
+ return ret;
+}
static int
q_or_quit (vat_main_t * vam)
@@ -21987,7 +22076,11 @@ _(app_namespace_add_del, "[add] id <ns-id> secret <nn> sw_if_index <nn>")\
_(dns_enable_disable, "[enable][disable]") \
_(dns_name_server_add_del, "<ip-address> [del]") \
_(dns_resolve_name, "<hostname>") \
-_(dns_resolve_ip, "<ip4|ip6>")
+_(dns_resolve_ip, "<ip4|ip6>") \
+_(dns_name_server_add_del, "<ip-address> [del]") \
+_(dns_resolve_name, "<hostname>") \
+_(session_rule_add_del, "[add|del] proto <tcp/udp> <lcl-ip>/<plen> " \
+ "<lcl-port> <rmt-ip>/<plen> <rmt-port> action <nn>") \
/* List of command functions, CLI names map directly to functions */
#define foreach_cli_function \