diff options
author | Florin Coras <fcoras@cisco.com> | 2017-10-17 00:03:13 -0700 |
---|---|---|
committer | Dave Barach <openvpp@barachs.net> | 2017-10-28 19:56:39 +0000 |
commit | 1c7104514cd40d2377caca36cf40c13b791bc5aa (patch) | |
tree | 2b95bb11dd8658e826ad8cb3fe4d399adbab7e01 /src/vat/api_format.c | |
parent | ae5a02f8235b9a243df09b42e932ae5f238e366b (diff) |
session: rules tables
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vat/api_format.c')
-rw-r--r-- | src/vat/api_format.c | 99 |
1 files changed, 96 insertions, 3 deletions
diff --git a/src/vat/api_format.c b/src/vat/api_format.c index dd3cbf72660..c6b6317ef18 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -5183,7 +5183,8 @@ _(sw_interface_set_lldp_reply) \ _(tcp_configure_src_addresses_reply) \ _(app_namespace_add_del_reply) \ _(dns_enable_disable_reply) \ -_(dns_name_server_add_del_reply) +_(dns_name_server_add_del_reply) \ +_(session_rule_add_del_reply) #define _(n) \ static void vl_api_##n##_t_handler \ @@ -5494,7 +5495,8 @@ _(APP_NAMESPACE_ADD_DEL_REPLY, app_namespace_add_del_reply) \ _(DNS_ENABLE_DISABLE_REPLY, dns_enable_disable_reply) \ _(DNS_NAME_SERVER_ADD_DEL_REPLY, dns_name_server_add_del_reply) \ _(DNS_RESOLVE_NAME_REPLY, dns_resolve_name_reply) \ -_(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply) +_(DNS_RESOLVE_IP_REPLY, dns_resolve_ip_reply) \ +_(SESSION_RULE_ADD_DEL_REPLY, session_rule_add_del_reply) #define foreach_standalone_reply_msg \ _(SW_INTERFACE_EVENT, sw_interface_event) \ @@ -21189,6 +21191,93 @@ api_dns_name_server_add_del (vat_main_t * vam) return ret; } +static int +api_session_rule_add_del (vat_main_t * vam) +{ + vl_api_session_rule_add_del_t *mp; + unformat_input_t *i = vam->input; + u32 proto = ~0, lcl_port, rmt_port, action = 0, lcl_plen, rmt_plen; + u32 appns_index = 0, scope = 0; + ip4_address_t lcl_ip4, rmt_ip4; + ip6_address_t lcl_ip6, rmt_ip6; + u8 is_ip4 = 1, conn_set = 0; + u8 is_add = 1; + int ret; + + while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) + { + if (unformat (i, "del")) + is_add = 0; + else if (unformat (i, "add")) + ; + else if (unformat (i, "proto tcp")) + proto = 0; + else if (unformat (i, "proto udp")) + proto = 1; + else if (unformat (i, "appns %d", &appns_index)) + ; + else if (unformat (i, "scope %d", &scope)) + ; + else + if (unformat + (i, "%U/%d %d %U/%d %d", unformat_ip4_address, &lcl_ip4, + &lcl_plen, &lcl_port, unformat_ip4_address, &rmt_ip4, &rmt_plen, + &rmt_port)) + { + is_ip4 = 1; + conn_set = 1; + } + else + if (unformat + (i, "%U/%d %d %U/%d %d", unformat_ip6_address, &lcl_ip6, + &lcl_plen, &lcl_port, unformat_ip6_address, &rmt_ip6, &rmt_plen, + &rmt_port)) + { + is_ip4 = 0; + conn_set = 1; + } + else if (unformat (i, "action %d", &action)) + ; + else + break; + } + if (proto == ~0 || !conn_set || action == ~0) + { + errmsg ("transport proto, connection and action must be set"); + return -99; + } + + if (scope > 3) + { + errmsg ("scope should be 0-3"); + return -99; + } + + M (SESSION_RULE_ADD_DEL, mp); + + mp->is_ip4 = is_ip4; + mp->transport_proto = proto; + mp->lcl_plen = clib_host_to_net_u16 (lcl_plen); + mp->rmt_plen = clib_host_to_net_u16 (rmt_plen); + mp->action_index = clib_host_to_net_u32 (action); + mp->appns_index = clib_host_to_net_u32 (appns_index); + mp->scope = scope; + mp->is_add = is_add; + if (is_ip4) + { + clib_memcpy (mp->lcl_ip, &lcl_ip4, sizeof (lcl_ip4)); + clib_memcpy (mp->rmt_ip, &rmt_ip4, sizeof (rmt_ip4)); + } + else + { + clib_memcpy (mp->lcl_ip, &lcl_ip6, sizeof (lcl_ip6)); + clib_memcpy (mp->rmt_ip, &rmt_ip6, sizeof (rmt_ip6)); + } + + S (mp); + W (ret); + return ret; +} static int q_or_quit (vat_main_t * vam) @@ -21987,7 +22076,11 @@ _(app_namespace_add_del, "[add] id <ns-id> secret <nn> sw_if_index <nn>")\ _(dns_enable_disable, "[enable][disable]") \ _(dns_name_server_add_del, "<ip-address> [del]") \ _(dns_resolve_name, "<hostname>") \ -_(dns_resolve_ip, "<ip4|ip6>") +_(dns_resolve_ip, "<ip4|ip6>") \ +_(dns_name_server_add_del, "<ip-address> [del]") \ +_(dns_resolve_name, "<hostname>") \ +_(session_rule_add_del, "[add|del] proto <tcp/udp> <lcl-ip>/<plen> " \ + "<lcl-port> <rmt-ip>/<plen> <rmt-port> action <nn>") \ /* List of command functions, CLI names map directly to functions */ #define foreach_cli_function \ |