aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2017-10-17 00:03:13 -0700
committerDave Barach <openvpp@barachs.net>2017-10-28 19:56:39 +0000
commit1c7104514cd40d2377caca36cf40c13b791bc5aa (patch)
tree2b95bb11dd8658e826ad8cb3fe4d399adbab7e01 /src/vnet/ip
parentae5a02f8235b9a243df09b42e932ae5f238e366b (diff)
session: rules tables
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/ip')
-rw-r--r--src/vnet/ip/ip.c108
-rw-r--r--src/vnet/ip/ip.h10
2 files changed, 118 insertions, 0 deletions
diff --git a/src/vnet/ip/ip.c b/src/vnet/ip/ip.c
index bd9706b846d..e6d99347dc0 100644
--- a/src/vnet/ip/ip.c
+++ b/src/vnet/ip/ip.c
@@ -148,6 +148,114 @@ ip_interface_get_first_ip (u32 sw_if_index, u8 is_ip4)
return 0;
}
+void
+ip4_address_normalize (ip4_address_t * ip4, u8 preflen)
+{
+ ASSERT (preflen <= 32);
+ if (preflen == 0)
+ ip4->data_u32 = 0;
+ else
+ ip4->data_u32 &= clib_net_to_host_u32 (0xffffffff << (32 - preflen));
+}
+
+void
+ip6_address_normalize (ip6_address_t * ip6, u8 preflen)
+{
+ ASSERT (preflen <= 128);
+ if (preflen == 0)
+ {
+ ip6->as_u64[0] = 0;
+ ip6->as_u64[1] = 0;
+ }
+ else if (preflen <= 64)
+ {
+ ip6->as_u64[0] &=
+ clib_host_to_net_u64 (0xffffffffffffffffL << (64 - preflen));
+ ip6->as_u64[1] = 0;
+ }
+ else
+ ip6->as_u64[1] &=
+ clib_host_to_net_u64 (0xffffffffffffffffL << (128 - preflen));
+}
+
+void
+ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip)
+{
+ if (pref_len == 0)
+ ip->as_u32 = 0;
+ else
+ ip->as_u32 = clib_host_to_net_u32 (~((1 << (32 - pref_len)) - 1));
+}
+
+u32
+ip4_mask_to_preflen (ip4_address_t * mask)
+{
+ return (32 - log2_first_set (clib_net_to_host_u32 (mask->as_u32)));
+}
+
+void
+ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen,
+ ip4_address_t * res)
+{
+ u32 not_mask;
+ not_mask = (1 << (32 - plen)) - 1;
+ res->as_u32 = clib_net_to_host_u32 (ip->as_u32) + not_mask;
+}
+
+void
+ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask)
+{
+ if (pref_len == 0)
+ {
+ mask->as_u64[0] = 0;
+ mask->as_u64[1] = 0;
+ }
+ else if (pref_len <= 64)
+ {
+ mask->as_u64[0] =
+ clib_host_to_net_u64 (0xffffffffffffffffL << (64 - pref_len));
+ mask->as_u64[1] = 0;
+ }
+ else
+ {
+ mask->as_u64[1] =
+ clib_host_to_net_u64 (0xffffffffffffffffL << (128 - pref_len));
+ }
+}
+
+void
+ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen,
+ ip6_address_t * res)
+{
+ u64 not_mask;
+ if (plen <= 64)
+ {
+ not_mask = (1 << (64 - plen)) - 1;
+ res->as_u64[0] = clib_net_to_host_u64 (ip->as_u64[0]) + not_mask;
+ res->as_u64[1] = 0xffffffffffffffffL;
+ }
+ else
+ {
+ not_mask = (1 << (128 - plen)) - 1;
+ res->as_u64[1] = clib_net_to_host_u64 (ip->as_u64[1]) + not_mask;
+ }
+}
+
+u32
+ip6_mask_to_preflen (ip6_address_t * mask)
+{
+ u8 first1, first0;
+ if (mask->as_u64[0] == 0 && mask->as_u64[1] == 0)
+ return 128;
+ first1 = log2_first_set (mask->as_u64[1]);
+ first0 = log2_first_set (mask->as_u64[0]);
+
+ if (first1 != 0)
+ return 128 - first1;
+ else
+ return 64 - first0;
+}
+
/*
* fd.io coding-style-patch-verification: ON
*
diff --git a/src/vnet/ip/ip.h b/src/vnet/ip/ip.h
index 9387ba39099..2dfa979e70c 100644
--- a/src/vnet/ip/ip.h
+++ b/src/vnet/ip/ip.h
@@ -199,6 +199,16 @@ u8 ip_interface_has_address (u32 sw_if_index, ip46_address_t * ip, u8 is_ip4);
void ip_copy (ip46_address_t * dst, ip46_address_t * src, u8 is_ip4);
void ip_set (ip46_address_t * dst, void *src, u8 is_ip4);
void *ip_interface_get_first_ip (u32 sw_if_index, u8 is_ip4);
+void ip4_address_normalize (ip4_address_t * ip4, u8 preflen);
+void ip6_address_normalize (ip6_address_t * ip6, u8 preflen);
+void ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip);
+u32 ip4_mask_to_preflen (ip4_address_t * mask);
+void ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen,
+ ip4_address_t * res);
+void ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen,
+ ip6_address_t * res);
+void ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask);
+u32 ip6_mask_to_preflen (ip6_address_t * mask);
#endif /* included_ip_main_h */