session: rules tables

This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).

The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.

At this time, the only match action supported is to forward packets to
the application identified by the action.

Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>

1 files changed, 26 insertions, 0 deletions

diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h
index 449f8f4e2d2..46af302d12c 100644
--- a/src/vnet/session/session_lookup.h
+++ b/src/vnet/session/session_lookup.h
@@ -85,6 +85,32 @@ int session_lookup_local_listener_parse_handle (u64 handle,
 void session_lookup_show_table_entries (vlib_main_t * vm,
 					session_table_t * table, u8 type,
 					u8 is_local);
+
+enum _session_rule_scope
+{
+  SESSION_RULE_SCOPE_GLOBAL = 1,
+  SESSION_RULE_SCOPE_LOCAL = 2,
+} session_rule_scope_e;
+
+typedef struct _session_rule_add_del_args
+{
+  /**
+   * Actual arguments to adding the rule to a session rules table
+   */
+  session_rule_table_add_del_args_t table_args;
+  /**
+   * Application namespace where rule should be applied. If 0,
+   * default namespace is used.
+   */
+  u32 appns_index;
+  /**
+   * Rule scope flag.
+   */
+  u8 scope;
+} session_rule_add_del_args_t;
+
+clib_error_t *vnet_session_rule_add_del (session_rule_add_del_args_t * args);
+
 void session_lookup_init (void);
 
 #endif /* SRC_VNET_SESSION_SESSION_LOOKUP_H_ */