diff options
author | Florin Coras <fcoras@cisco.com> | 2017-11-09 19:30:17 -0800 |
---|---|---|
committer | Dave Wallace <dwallacelf@gmail.com> | 2017-11-10 15:26:48 +0000 |
commit | dbd44561538514f6cfce324419042f2ce69fe214 (patch) | |
tree | 28561c30020319e28d7a5f2f444e5cdea9693912 /src/vnet/session | |
parent | bc3c12623c30cefefb974d3581179be7fb042af3 (diff) |
session: use listener logic for proxy rules
This moves session proxy logic from session rules tables to table/logic
used to manage session listeners in order to avoid overlap of
semantically different rules.
Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session')
-rw-r--r-- | src/vnet/session/application.c | 57 | ||||
-rwxr-xr-x | src/vnet/session/session_cli.c | 30 | ||||
-rw-r--r-- | src/vnet/session/session_lookup.c | 66 | ||||
-rw-r--r-- | src/vnet/session/session_lookup.h | 3 | ||||
-rw-r--r-- | src/vnet/session/session_test.c | 30 |
5 files changed, 133 insertions, 53 deletions
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c index 9cb4cb75615..e7e580863ae 100644 --- a/src/vnet/session/application.c +++ b/src/vnet/session/application.c @@ -535,8 +535,6 @@ static clib_error_t * application_start_stop_proxy_fib_proto (application_t * app, u8 fib_proto, u8 transport_proto, u8 is_start) { - session_rule_add_del_args_t args; - fib_prefix_t lcl_pref, rmt_pref; app_namespace_t *app_ns = app_namespace_get (app->ns_index); u8 is_ip4 = (fib_proto == FIB_PROTOCOL_IP4); session_endpoint_t sep = SESSION_ENDPOINT_NULL; @@ -561,25 +559,13 @@ application_start_stop_proxy_fib_proto (application_t * app, u8 fib_proto, if (!ip_is_zero (&tc->lcl_ip, 1)) { - memset (&args, 0, sizeof (args)); - memset (&lcl_pref, 0, sizeof (lcl_pref)); - ip_copy (&lcl_pref.fp_addr, &tc->lcl_ip, is_ip4); - lcl_pref.fp_len = is_ip4 ? 32 : 128; - lcl_pref.fp_proto = fib_proto; - memset (&rmt_pref, 0, sizeof (rmt_pref)); - rmt_pref.fp_len = 0; - rmt_pref.fp_proto = fib_proto; - - args.table_args.lcl = lcl_pref; - args.table_args.rmt = rmt_pref; - args.table_args.lcl_port = 0; - args.table_args.rmt_port = 0; - args.table_args.action_index = app->index; - args.table_args.is_add = is_start; - args.transport_proto = transport_proto; - args.appns_index = app->ns_index; - args.scope = SESSION_RULE_SCOPE_GLOBAL; - return vnet_session_rule_add_del (&args); + u32 sti; + sep.is_ip4 = is_ip4; + sep.fib_index = app_namespace_get_fib_index (app_ns, fib_proto); + sep.transport_proto = transport_proto; + sep.port = 0; + sti = session_lookup_get_index_for_fib (fib_proto, sep.fib_index); + session_lookup_add_session_endpoint (sti, &sep, s->session_index); } return 0; } @@ -588,25 +574,20 @@ void application_start_stop_proxy (application_t * app, u8 transport_proto, u8 is_start) { - session_rule_add_del_args_t args; - if (application_has_local_scope (app)) { - memset (&args, 0, sizeof (args)); - args.table_args.lcl.fp_proto = FIB_PROTOCOL_IP4; - args.table_args.rmt.fp_proto = FIB_PROTOCOL_IP4; - args.table_args.lcl_port = 0; - args.table_args.rmt_port = 0; - args.table_args.action_index = app->index; - args.table_args.is_add = is_start; - args.transport_proto = transport_proto; - args.appns_index = app->ns_index; - args.scope = SESSION_RULE_SCOPE_LOCAL; - vnet_session_rule_add_del (&args); - - args.table_args.lcl.fp_proto = FIB_PROTOCOL_IP6; - args.table_args.rmt.fp_proto = FIB_PROTOCOL_IP6; - vnet_session_rule_add_del (&args); + session_endpoint_t sep = SESSION_ENDPOINT_NULL; + app_namespace_t *app_ns; + app_ns = app_namespace_get (app->ns_index); + sep.is_ip4 = 1; + sep.transport_proto = transport_proto; + sep.port = 0; + session_lookup_add_session_endpoint (app_ns->local_table_index, &sep, + app->index); + + sep.is_ip4 = 0; + session_lookup_add_session_endpoint (app_ns->local_table_index, &sep, + app->index); } if (application_has_global_scope (app)) diff --git a/src/vnet/session/session_cli.c b/src/vnet/session/session_cli.c index 95fc48d75df..48c431cafa1 100755 --- a/src/vnet/session/session_cli.c +++ b/src/vnet/session/session_cli.c @@ -200,10 +200,10 @@ show_session_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { session_manager_main_t *smm = &session_manager_main; + u8 *str = 0, one_session = 0, do_listeners = 0, sst, *app_name; int verbose = 0, i; - stream_session_t *pool; - stream_session_t *s; - u8 *str = 0, one_session = 0; + stream_session_t *pool, *s; + u32 transport_proto = ~0; if (!smm->is_enabled) { @@ -216,6 +216,9 @@ show_session_command_fn (vlib_main_t * vm, unformat_input_t * input, ; else if (unformat (input, "verbose")) verbose = 1; + else if (unformat (input, "listeners %U", unformat_transport_proto, + &transport_proto)) + do_listeners = 1; else if (unformat (input, "%U", unformat_stream_session, &s)) { one_session = 1; @@ -231,6 +234,27 @@ show_session_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } + if (do_listeners) + { + sst = session_type_from_proto_and_ip (transport_proto, 1); + vlib_cli_output (vm, "There are %d active %U listeners", + pool_elts (smm->listen_sessions[sst]), + format_transport_proto, transport_proto); + if (verbose) + { + vlib_cli_output (vm, "%-40s%-24s%-10s", "Listener", "App", "S-idx"); + /* *INDENT-OFF* */ + pool_foreach (s, smm->listen_sessions[sst], ({ + app_name = application_name_from_index (s->app_index); + vlib_cli_output (vm, "%U%-25v%-10u", format_stream_session, s, 1, + app_name, s->session_index); + vec_free (app_name); + })); + /* *INDENT-ON* */ + } + return 0; + } + for (i = 0; i < vec_len (smm->sessions); i++) { u32 once_per_pool; diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c index f4b26f6d931..30e39132d3a 100644 --- a/src/vnet/session/session_lookup.c +++ b/src/vnet/session/session_lookup.c @@ -113,6 +113,20 @@ make_v4_listener_kv (session_kv4_t * kv, ip4_address_t * lcl, u16 lcl_port, } always_inline void +make_v4_proxy_kv (session_kv4_t * kv, ip4_address_t * lcl, u8 proto) +{ + v4_connection_key_t *key = (v4_connection_key_t *) kv->key; + + key->src.as_u32 = lcl->as_u32; + key->dst.as_u32 = 0; + key->src_port = 0; + key->dst_port = 0; + key->proto = proto; + + kv->value = ~0ULL; +} + +always_inline void make_v4_ss_kv_from_tc (session_kv4_t * kv, transport_connection_t * t) { make_v4_ss_kv (kv, &t->lcl_ip.ip4, &t->rmt_ip.ip4, t->lcl_port, t->rmt_port, @@ -156,6 +170,23 @@ make_v6_listener_kv (session_kv6_t * kv, ip6_address_t * lcl, u16 lcl_port, } always_inline void +make_v6_proxy_kv (session_kv6_t * kv, ip6_address_t * lcl, u8 proto) +{ + v6_connection_key_t *key = (v6_connection_key_t *) kv->key; + + key->src.as_u64[0] = lcl->as_u64[0]; + key->src.as_u64[1] = lcl->as_u64[1]; + key->dst.as_u64[0] = 0; + key->dst.as_u64[1] = 0; + key->src_port = 0; + key->dst_port = 0; + key->proto = proto; + key->unused = 0; + + kv->value = ~0ULL; +} + +always_inline void make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * t) { make_v6_ss_kv (kv, &t->lcl_ip.ip6, &t->rmt_ip.ip6, t->lcl_port, t->rmt_port, @@ -536,6 +567,14 @@ session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep) rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4); if (rv == 0) return (u32) kv4.value; + + /* + * Zero out the port and check if we have proxy + */ + kv4.key[1] = 0; + rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4); + if (rv == 0) + return (u32) kv4.value; } else { @@ -564,6 +603,14 @@ session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep) rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6); if (rv == 0) return (u32) kv6.value; + + /* + * Zero out the port. Same logic as above. + */ + kv6.key[4] = kv6.key[5] = 0; + rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6); + if (rv == 0) + return (u32) kv6.value; } return APP_INVALID_INDEX; } @@ -575,17 +622,30 @@ session_lookup_listener4_i (session_table_t * st, ip4_address_t * lcl, session_kv4_t kv4; int rv; + /* + * First, try a fully formed listener + */ make_v4_listener_kv (&kv4, lcl, lcl_port, proto); rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4); if (rv == 0) return session_manager_get_listener (proto, (u32) kv4.value); - /* Zero out the lcl ip */ + /* + * Zero out the lcl ip and check if any 0/0 port binds have been done + */ kv4.key[0] = 0; rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4); if (rv == 0) return session_manager_get_listener (proto, (u32) kv4.value); + /* + * Zero out port and check if we have a proxy set up for our ip + */ + make_v4_proxy_kv (&kv4, lcl, proto); + rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4); + if (rv == 0) + return session_manager_get_listener (proto, (u32) kv4.value); + return 0; } @@ -618,6 +678,10 @@ session_lookup_listener6_i (session_table_t * st, ip6_address_t * lcl, if (rv == 0) return session_manager_get_listener (proto, (u32) kv6.value); + make_v6_proxy_kv (&kv6, lcl, proto); + rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6); + if (rv == 0) + return session_manager_get_listener (proto, (u32) kv6.value); return 0; } diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h index 3bc70311c6e..00ef19fec5a 100644 --- a/src/vnet/session/session_lookup.h +++ b/src/vnet/session/session_lookup.h @@ -60,7 +60,8 @@ stream_session_t *session_lookup_listener (u32 table_index, int session_lookup_add_connection (transport_connection_t * tc, u64 value); int session_lookup_del_connection (transport_connection_t * tc); u64 session_lookup_endpoint_listener (u32 table_index, - session_endpoint_t * sep, u8 use_rules); + session_endpoint_t * sepi, + u8 use_rules); u32 session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep); stream_session_t *session_lookup_global_session_endpoint (session_endpoint_t *); diff --git a/src/vnet/session/session_test.c b/src/vnet/session/session_test.c index d592487e5ac..8194a313dc2 100644 --- a/src/vnet/session/session_test.c +++ b/src/vnet/session/session_test.c @@ -1112,6 +1112,9 @@ static int session_test_proxy (vlib_main_t * vm, unformat_input_t * input) { u64 options[SESSION_OPTIONS_N_OPTIONS]; + char *show_listeners = "sh session listeners tcp verbose"; + char *show_local_listeners = "sh app ns table default"; + unformat_input_t tmp_input; u32 server_index, app_index; u32 dummy_server_api_index = ~0, sw_if_index = 0; clib_error_t *error = 0; @@ -1189,8 +1192,14 @@ session_test_proxy (vlib_main_t * vm, unformat_input_t * input) server_index = attach_args.app_index; if (verbose) - session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4, - TRANSPORT_PROTO_TCP); + { + unformat_init_string (&tmp_input, show_listeners, + strlen (show_listeners)); + vlib_cli_input (vm, &tmp_input, 0, 0); + unformat_init_string (&tmp_input, show_local_listeners, + strlen (show_local_listeners)); + vlib_cli_input (vm, &tmp_input, 0, 0); + } tc = session_lookup_connection_wt4 (0, &lcl_ip, &rmt_ip, lcl_port, rmt_port, TRANSPORT_PROTO_TCP, 0); @@ -1206,10 +1215,6 @@ session_test_proxy (vlib_main_t * vm, unformat_input_t * input) SESSION_TEST ((tc == 0), "lookup 5.6.7.8 1234 5.6.7.8 4321 should" " not work"); - if (verbose) - session_lookup_dump_local_rules_table (app_ns->local_table_index, - FIB_PROTOCOL_IP4, - TRANSPORT_PROTO_TCP); app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep); SESSION_TEST ((app_index == server_index), "local session endpoint lookup" " should work"); @@ -1220,14 +1225,19 @@ session_test_proxy (vlib_main_t * vm, unformat_input_t * input) vnet_application_detach (&detach_args); if (verbose) - session_lookup_dump_local_rules_table (app_ns->local_table_index, - FIB_PROTOCOL_IP4, - TRANSPORT_PROTO_TCP); + { + unformat_init_string (&tmp_input, show_listeners, + strlen (show_listeners)); + vlib_cli_input (vm, &tmp_input, 0, 0); + unformat_init_string (&tmp_input, show_local_listeners, + strlen (show_local_listeners)); + vlib_cli_input (vm, &tmp_input, 0, 0); + } app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep); SESSION_TEST ((app_index == SESSION_RULES_TABLE_INVALID_INDEX), "local session endpoint lookup should not work after detach"); - + unformat_free (&tmp_input); return 0; } |