diff options
| author |   Steven Luong <sluong@cisco.com> | 2024-07-30 13:44:01 -0700 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2024-09-06 18:26:56 +0000 |
| commit | c4b5d10115d4370488ac14eb0ba7295b049a0615 (patch) | |
| tree | 9c8bdf757de6d995e051959d1c11bded0b9267a6 /src/vnet/session/session.c | |
| parent | 2a5bb3b5ab3e05cee0da6a78b77e67fbc3bdca75 (diff) | |
session: add Source Deny List
With this feature, session enable is now modified to have 3 modes of operation
session enable -- only enable session
session enable rt-backend sdl -- enable session with sdl
session enable rt-backend rule-table -- enable session with rule-table
session rule tables are now created on demand, upon adding first rule
to the rule table.
refactor session table to remove depenency from sesssion rules table. Now
session rules table APIs take srtg_handle and transport
proto instead of srt pointer.
Type: feature
Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14
Signed-off-by: Steven Luong <sluong@cisco.com>
Diffstat (limited to 'src/vnet/session/session.c')
| -rw-r--r-- | src/vnet/session/session.c | 48 |
1 files changed, 38 insertions, 10 deletions
diff --git a/src/vnet/session/session.c b/src/vnet/session/session.c index c1becf2c5ea..ac02281cf5c 100644 --- a/src/vnet/session/session.c +++ b/src/vnet/session/session.c @@ -24,6 +24,7 @@ #include <vnet/fib/ip4_fib.h> #include <vlib/stats/stats.h> #include <vlib/dma/dma.h> +#include <vnet/session/session_rules_table.h> session_main_t session_main; @@ -1996,7 +1997,8 @@ session_stats_collector_init (void) } static clib_error_t * -session_manager_main_enable (vlib_main_t * vm) +session_manager_main_enable (vlib_main_t *vm, + session_rt_engine_type_t rt_engine_type) { session_main_t *smm = &session_main; vlib_thread_main_t *vtm = vlib_get_thread_main (); @@ -2004,6 +2006,9 @@ session_manager_main_enable (vlib_main_t * vm) session_worker_t *wrk; int i; + if (session_rt_backend_enable_disable (rt_engine_type)) + return clib_error_return (0, "error on enable backend engine"); + /* We only initialize once and do not de-initialized on disable */ if (smm->is_initialized) goto done; @@ -2082,9 +2087,11 @@ done: } static void -session_manager_main_disable (vlib_main_t * vm) +session_manager_main_disable (vlib_main_t *vm, + session_rt_engine_type_t rt_engine_type) { transport_enable_disable (vm, 0 /* is_en */ ); + session_rt_backend_enable_disable (rt_engine_type); } /* in this new callback, cookie hint the index */ @@ -2221,22 +2228,24 @@ session_node_enable_disable (u8 is_en) } clib_error_t * -vnet_session_enable_disable (vlib_main_t * vm, u8 is_en) +vnet_session_enable_disable (vlib_main_t *vm, + session_enable_disable_args_t *args) { clib_error_t *error = 0; - if (is_en) + + if (args->is_en) { if (session_main.is_enabled) return 0; - error = session_manager_main_enable (vm); - session_node_enable_disable (is_en); + error = session_manager_main_enable (vm, args->rt_engine_type); + session_node_enable_disable (1); } else { session_main.is_enabled = 0; - session_manager_main_disable (vm); - session_node_enable_disable (is_en); + session_manager_main_disable (vm, args->rt_engine_type); + session_node_enable_disable (0); } return error; @@ -2263,10 +2272,15 @@ static clib_error_t * session_main_loop_init (vlib_main_t * vm) { session_main_t *smm = &session_main; + if (smm->session_enable_asap) { + session_enable_disable_args_t args = { .is_en = 1, + .rt_engine_type = + smm->rt_engine_type }; + vlib_worker_thread_barrier_sync (vm); - vnet_session_enable_disable (vm, 1 /* is_en */ ); + vnet_session_enable_disable (vm, &args); vlib_worker_thread_barrier_release (vm); } return 0; @@ -2356,8 +2370,22 @@ session_config_fn (vlib_main_t * vm, unformat_input_t * input) smm->port_allocator_min_src_port = tmp; else if (unformat (input, "max-src-port %d", &tmp)) smm->port_allocator_max_src_port = tmp; + else if (unformat (input, "enable rt-backend rule-table")) + { + smm->rt_engine_type = RT_BACKEND_ENGINE_RULE_TABLE; + smm->session_enable_asap = 1; + } + else if (unformat (input, "enable rt-backend sdl")) + { + smm->rt_engine_type = RT_BACKEND_ENGINE_SDL; + smm->session_enable_asap = 1; + } else if (unformat (input, "enable")) - smm->session_enable_asap = 1; + { + /* enable session without rt-backend */ + smm->rt_engine_type = RT_BACKEND_ENGINE_NONE; + smm->session_enable_asap = 1; + } else if (unformat (input, "use-app-socket-api")) (void) appns_sapi_enable_disable (1 /* is_enable */); else if (unformat (input, "poll-main")) |