diff options
| author |   Florin Coras <fcoras@cisco.com> | 2017-10-17 00:03:13 -0700 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2017-10-28 19:56:39 +0000 |
| commit | 1c7104514cd40d2377caca36cf40c13b791bc5aa (patch) | |
| tree | 2b95bb11dd8658e826ad8cb3fe4d399adbab7e01 /src/vnet/ip | |
| parent | ae5a02f8235b9a243df09b42e932ae5f238e366b (diff) | |
session: rules tables
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/ip')
| -rw-r--r-- | src/vnet/ip/ip.c | 108 | ||||
| -rw-r--r-- | src/vnet/ip/ip.h | 10 |
2 files changed, 118 insertions, 0 deletions
diff --git a/src/vnet/ip/ip.c b/src/vnet/ip/ip.c index bd9706b846d..e6d99347dc0 100644 --- a/src/vnet/ip/ip.c +++ b/src/vnet/ip/ip.c @@ -148,6 +148,114 @@ ip_interface_get_first_ip (u32 sw_if_index, u8 is_ip4) return 0; } +void +ip4_address_normalize (ip4_address_t * ip4, u8 preflen) +{ + ASSERT (preflen <= 32); + if (preflen == 0) + ip4->data_u32 = 0; + else + ip4->data_u32 &= clib_net_to_host_u32 (0xffffffff << (32 - preflen)); +} + +void +ip6_address_normalize (ip6_address_t * ip6, u8 preflen) +{ + ASSERT (preflen <= 128); + if (preflen == 0) + { + ip6->as_u64[0] = 0; + ip6->as_u64[1] = 0; + } + else if (preflen <= 64) + { + ip6->as_u64[0] &= + clib_host_to_net_u64 (0xffffffffffffffffL << (64 - preflen)); + ip6->as_u64[1] = 0; + } + else + ip6->as_u64[1] &= + clib_host_to_net_u64 (0xffffffffffffffffL << (128 - preflen)); +} + +void +ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip) +{ + if (pref_len == 0) + ip->as_u32 = 0; + else + ip->as_u32 = clib_host_to_net_u32 (~((1 << (32 - pref_len)) - 1)); +} + +u32 +ip4_mask_to_preflen (ip4_address_t * mask) +{ + return (32 - log2_first_set (clib_net_to_host_u32 (mask->as_u32))); +} + +void +ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen, + ip4_address_t * res) +{ + u32 not_mask; + not_mask = (1 << (32 - plen)) - 1; + res->as_u32 = clib_net_to_host_u32 (ip->as_u32) + not_mask; +} + +void +ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask) +{ + if (pref_len == 0) + { + mask->as_u64[0] = 0; + mask->as_u64[1] = 0; + } + else if (pref_len <= 64) + { + mask->as_u64[0] = + clib_host_to_net_u64 (0xffffffffffffffffL << (64 - pref_len)); + mask->as_u64[1] = 0; + } + else + { + mask->as_u64[1] = + clib_host_to_net_u64 (0xffffffffffffffffL << (128 - pref_len)); + } +} + +void +ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen, + ip6_address_t * res) +{ + u64 not_mask; + if (plen <= 64) + { + not_mask = (1 << (64 - plen)) - 1; + res->as_u64[0] = clib_net_to_host_u64 (ip->as_u64[0]) + not_mask; + res->as_u64[1] = 0xffffffffffffffffL; + } + else + { + not_mask = (1 << (128 - plen)) - 1; + res->as_u64[1] = clib_net_to_host_u64 (ip->as_u64[1]) + not_mask; + } +} + +u32 +ip6_mask_to_preflen (ip6_address_t * mask) +{ + u8 first1, first0; + if (mask->as_u64[0] == 0 && mask->as_u64[1] == 0) + return 128; + first1 = log2_first_set (mask->as_u64[1]); + first0 = log2_first_set (mask->as_u64[0]); + + if (first1 != 0) + return 128 - first1; + else + return 64 - first0; +} + /* * fd.io coding-style-patch-verification: ON * diff --git a/src/vnet/ip/ip.h b/src/vnet/ip/ip.h index 9387ba39099..2dfa979e70c 100644 --- a/src/vnet/ip/ip.h +++ b/src/vnet/ip/ip.h @@ -199,6 +199,16 @@ u8 ip_interface_has_address (u32 sw_if_index, ip46_address_t * ip, u8 is_ip4); void ip_copy (ip46_address_t * dst, ip46_address_t * src, u8 is_ip4); void ip_set (ip46_address_t * dst, void *src, u8 is_ip4); void *ip_interface_get_first_ip (u32 sw_if_index, u8 is_ip4); +void ip4_address_normalize (ip4_address_t * ip4, u8 preflen); +void ip6_address_normalize (ip6_address_t * ip6, u8 preflen); +void ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip); +u32 ip4_mask_to_preflen (ip4_address_t * mask); +void ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen, + ip4_address_t * res); +void ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen, + ip6_address_t * res); +void ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask); +u32 ip6_mask_to_preflen (ip6_address_t * mask); #endif /* included_ip_main_h */ |