diff options
| author |   Steven Luong <sluong@cisco.com> | 2024-07-30 13:44:01 -0700 |
|---|---|---|
| committer |   Florin Coras <florin.coras@gmail.com> | 2024-09-06 18:26:56 +0000 |
| commit | c4b5d10115d4370488ac14eb0ba7295b049a0615 (patch) | |
| tree | 9c8bdf757de6d995e051959d1c11bded0b9267a6 /src/vnet/session/session.h | |
| parent | 2a5bb3b5ab3e05cee0da6a78b77e67fbc3bdca75 (diff) | |
session: add Source Deny List
With this feature, session enable is now modified to have 3 modes of operation
session enable -- only enable session
session enable rt-backend sdl -- enable session with sdl
session enable rt-backend rule-table -- enable session with rule-table
session rule tables are now created on demand, upon adding first rule
to the rule table.
refactor session table to remove depenency from sesssion rules table. Now
session rules table APIs take srtg_handle and transport
proto instead of srt pointer.
Type: feature
Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14
Signed-off-by: Steven Luong <sluong@cisco.com>
Diffstat (limited to 'src/vnet/session/session.h')
| -rw-r--r-- | src/vnet/session/session.h | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/src/vnet/session/session.h b/src/vnet/session/session.h index 67a182573e4..24150fbbcd1 100644 --- a/src/vnet/session/session.h +++ b/src/vnet/session/session.h @@ -184,6 +184,19 @@ typedef void (*nat44_original_dst_lookup_fn) ( u16 i2o_dst_port, ip_protocol_t proto, u32 *original_dst, u16 *original_dst_port); +#define foreach_rt_engine \ + _ (DISABLE, "disable") \ + _ (RULE_TABLE, "enable with rt-backend rule table") \ + _ (NONE, "enable without rt-backend") \ + _ (SDL, "enable with rt-backend sdl") + +typedef enum +{ +#define _(v, s) RT_BACKEND_ENGINE_##v, + foreach_rt_engine +#undef _ +} session_rt_engine_type_t; + typedef struct session_main_ { /** Worker contexts */ @@ -235,6 +248,9 @@ typedef struct session_main_ /** Enable session manager at startup */ u8 session_enable_asap; + /** Session engine type */ + session_rt_engine_type_t rt_engine_type; + /** Poll session node in main thread */ u8 poll_main; @@ -292,6 +308,12 @@ typedef enum session_q_process_evt_ SESSION_Q_PROCESS_STOP } session_q_process_evt_t; +typedef struct _session_enable_disable_args_t +{ + session_rt_engine_type_t rt_engine_type; + u8 is_en; +} session_enable_disable_args_t; + #define TRANSPORT_PROTO_INVALID (session_main.last_transport_proto_type + 1) #define TRANSPORT_N_PROTOS (session_main.last_transport_proto_type + 1) @@ -812,7 +834,9 @@ session_wrk_update_time (session_worker_t *wrk, f64 now) void session_wrk_enable_adaptive_mode (session_worker_t *wrk); fifo_segment_t *session_main_get_wrk_mqs_segment (void); void session_node_enable_disable (u8 is_en); -clib_error_t *vnet_session_enable_disable (vlib_main_t * vm, u8 is_en); +clib_error_t * +vnet_session_enable_disable (vlib_main_t *vm, + session_enable_disable_args_t *args); void session_wrk_handle_evts_main_rpc (void *); void session_wrk_program_app_wrk_evts (session_worker_t *wrk, u32 app_wrk_index); @@ -921,6 +945,30 @@ pool_program_safe_realloc (void **p, u32 elt_size, u32 align) } \ while (0) +always_inline u8 +session_is_enabled_without_rt_backend (void) +{ + session_main_t *smm = vnet_get_session_main (); + + return (smm->rt_engine_type == RT_BACKEND_ENGINE_NONE); +} + +always_inline u8 +session_sdl_is_enabled (void) +{ + session_main_t *smm = vnet_get_session_main (); + + return (smm->rt_engine_type == RT_BACKEND_ENGINE_SDL); +} + +always_inline u8 +session_rule_table_is_enabled (void) +{ + session_main_t *smm = vnet_get_session_main (); + + return (smm->rt_engine_type == RT_BACKEND_ENGINE_RULE_TABLE); +} + #endif /* __included_session_h__ */ /* |