summaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session_rules_table.h
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2017-10-17 00:03:13 -0700
committerDave Barach <openvpp@barachs.net>2017-10-28 19:56:39 +0000
commit1c7104514cd40d2377caca36cf40c13b791bc5aa (patch)
tree2b95bb11dd8658e826ad8cb3fe4d399adbab7e01 /src/vnet/session/session_rules_table.h
parentae5a02f8235b9a243df09b42e932ae5f238e366b (diff)
session: rules tables
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session/session_rules_table.h')
-rw-r--r--src/vnet/session/session_rules_table.h107
1 files changed, 107 insertions, 0 deletions
diff --git a/src/vnet/session/session_rules_table.h b/src/vnet/session/session_rules_table.h
new file mode 100644
index 00000000000..e9d573a3b04
--- /dev/null
+++ b/src/vnet/session/session_rules_table.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
+#define SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
+
+#include <vnet/vnet.h>
+#include <vnet/fib/fib.h>
+#include <vnet/session/transport.h>
+#include <vnet/session/mma_16.h>
+#include <vnet/session/mma_40.h>
+
+/* *INDENT-OFF* */
+typedef CLIB_PACKED (struct
+{
+ union
+ {
+ struct
+ {
+ ip4_address_t rmt_ip;
+ ip4_address_t lcl_ip;
+ u16 rmt_port;
+ u16 lcl_port;
+ };
+ u64 as_u64[2];
+ };
+}) session_mask_or_match_4_t;
+
+typedef CLIB_PACKED (struct
+{
+ union
+ {
+ struct
+ {
+ ip6_address_t rmt_ip;
+ ip6_address_t lcl_ip;
+ u16 rmt_port;
+ u16 lcl_port;
+ };
+ u64 as_u64[5];
+ };
+}) session_mask_or_match_6_t;
+/* *INDENT-ON* */
+
+typedef struct _session_rules_table_add_del_args
+{
+ u8 transport_proto;
+ fib_prefix_t lcl;
+ fib_prefix_t rmt;
+ u16 lcl_port;
+ u16 rmt_port;
+ u32 action_index;
+ u8 is_add;
+} session_rule_table_add_del_args_t;
+
+typedef struct _session_rules_table_t
+{
+ /**
+ * Per fib proto and transport proto session rules tables
+ */
+ mma_rules_table_16_t session_rules_tables_16[TRANSPORT_N_PROTO];
+ mma_rules_table_40_t session_rules_tables_40[TRANSPORT_N_PROTO];
+} session_rules_table_t;
+
+void *session_rules_table_get (session_rules_table_t * srt,
+ u8 transport_proto, u8 fib_proto);
+u32 session_rules_table_lookup4 (session_rules_table_t * srt,
+ u8 transport_proto, ip4_address_t * lcl_ip,
+ ip4_address_t * rmt_ip, u16 lcl_port,
+ u16 rmt_port);
+u32 session_rules_table_lookup6 (session_rules_table_t * srt,
+ u8 transport_proto, ip6_address_t * lcl_ip,
+ ip6_address_t * rmt_ip, u16 lcl_port,
+ u16 rmt_port);
+void session_rules_table_cli_dump (vlib_main_t * vm,
+ session_rules_table_t * srt, u8 fib_proto,
+ u8 transport_proto);
+void session_rules_table_show_rule (vlib_main_t * vm,
+ session_rules_table_t * srt,
+ u8 transport_proto,
+ ip46_address_t * lcl_ip, u16 lcl_port,
+ ip46_address_t * rmt_ip, u16 rmt_port,
+ u8 is_ip4);
+clib_error_t *session_rules_table_add_del (session_rules_table_t * srt,
+ session_rule_table_add_del_args_t *
+ args);
+void session_rules_table_init (session_rules_table_t * srt);
+#endif /* SRC_VNET_SESSION_SESSION_RULES_TABLE_H_ */
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */