summaryrefslogtreecommitdiffstats
path: root/src/vnet/session
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2017-11-09 19:30:17 -0800
committerDave Wallace <dwallacelf@gmail.com>2017-11-10 15:26:48 +0000
commitdbd44561538514f6cfce324419042f2ce69fe214 (patch)
tree28561c30020319e28d7a5f2f444e5cdea9693912 /src/vnet/session
parentbc3c12623c30cefefb974d3581179be7fb042af3 (diff)
session: use listener logic for proxy rules
This moves session proxy logic from session rules tables to table/logic used to manage session listeners in order to avoid overlap of semantically different rules. Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023 Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/vnet/session')
-rw-r--r--src/vnet/session/application.c57
-rwxr-xr-xsrc/vnet/session/session_cli.c30
-rw-r--r--src/vnet/session/session_lookup.c66
-rw-r--r--src/vnet/session/session_lookup.h3
-rw-r--r--src/vnet/session/session_test.c30
5 files changed, 133 insertions, 53 deletions
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index 9cb4cb75615..e7e580863ae 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -535,8 +535,6 @@ static clib_error_t *
application_start_stop_proxy_fib_proto (application_t * app, u8 fib_proto,
u8 transport_proto, u8 is_start)
{
- session_rule_add_del_args_t args;
- fib_prefix_t lcl_pref, rmt_pref;
app_namespace_t *app_ns = app_namespace_get (app->ns_index);
u8 is_ip4 = (fib_proto == FIB_PROTOCOL_IP4);
session_endpoint_t sep = SESSION_ENDPOINT_NULL;
@@ -561,25 +559,13 @@ application_start_stop_proxy_fib_proto (application_t * app, u8 fib_proto,
if (!ip_is_zero (&tc->lcl_ip, 1))
{
- memset (&args, 0, sizeof (args));
- memset (&lcl_pref, 0, sizeof (lcl_pref));
- ip_copy (&lcl_pref.fp_addr, &tc->lcl_ip, is_ip4);
- lcl_pref.fp_len = is_ip4 ? 32 : 128;
- lcl_pref.fp_proto = fib_proto;
- memset (&rmt_pref, 0, sizeof (rmt_pref));
- rmt_pref.fp_len = 0;
- rmt_pref.fp_proto = fib_proto;
-
- args.table_args.lcl = lcl_pref;
- args.table_args.rmt = rmt_pref;
- args.table_args.lcl_port = 0;
- args.table_args.rmt_port = 0;
- args.table_args.action_index = app->index;
- args.table_args.is_add = is_start;
- args.transport_proto = transport_proto;
- args.appns_index = app->ns_index;
- args.scope = SESSION_RULE_SCOPE_GLOBAL;
- return vnet_session_rule_add_del (&args);
+ u32 sti;
+ sep.is_ip4 = is_ip4;
+ sep.fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
+ sep.transport_proto = transport_proto;
+ sep.port = 0;
+ sti = session_lookup_get_index_for_fib (fib_proto, sep.fib_index);
+ session_lookup_add_session_endpoint (sti, &sep, s->session_index);
}
return 0;
}
@@ -588,25 +574,20 @@ void
application_start_stop_proxy (application_t * app, u8 transport_proto,
u8 is_start)
{
- session_rule_add_del_args_t args;
-
if (application_has_local_scope (app))
{
- memset (&args, 0, sizeof (args));
- args.table_args.lcl.fp_proto = FIB_PROTOCOL_IP4;
- args.table_args.rmt.fp_proto = FIB_PROTOCOL_IP4;
- args.table_args.lcl_port = 0;
- args.table_args.rmt_port = 0;
- args.table_args.action_index = app->index;
- args.table_args.is_add = is_start;
- args.transport_proto = transport_proto;
- args.appns_index = app->ns_index;
- args.scope = SESSION_RULE_SCOPE_LOCAL;
- vnet_session_rule_add_del (&args);
-
- args.table_args.lcl.fp_proto = FIB_PROTOCOL_IP6;
- args.table_args.rmt.fp_proto = FIB_PROTOCOL_IP6;
- vnet_session_rule_add_del (&args);
+ session_endpoint_t sep = SESSION_ENDPOINT_NULL;
+ app_namespace_t *app_ns;
+ app_ns = app_namespace_get (app->ns_index);
+ sep.is_ip4 = 1;
+ sep.transport_proto = transport_proto;
+ sep.port = 0;
+ session_lookup_add_session_endpoint (app_ns->local_table_index, &sep,
+ app->index);
+
+ sep.is_ip4 = 0;
+ session_lookup_add_session_endpoint (app_ns->local_table_index, &sep,
+ app->index);
}
if (application_has_global_scope (app))
diff --git a/src/vnet/session/session_cli.c b/src/vnet/session/session_cli.c
index 95fc48d75df..48c431cafa1 100755
--- a/src/vnet/session/session_cli.c
+++ b/src/vnet/session/session_cli.c
@@ -200,10 +200,10 @@ show_session_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_command_t * cmd)
{
session_manager_main_t *smm = &session_manager_main;
+ u8 *str = 0, one_session = 0, do_listeners = 0, sst, *app_name;
int verbose = 0, i;
- stream_session_t *pool;
- stream_session_t *s;
- u8 *str = 0, one_session = 0;
+ stream_session_t *pool, *s;
+ u32 transport_proto = ~0;
if (!smm->is_enabled)
{
@@ -216,6 +216,9 @@ show_session_command_fn (vlib_main_t * vm, unformat_input_t * input,
;
else if (unformat (input, "verbose"))
verbose = 1;
+ else if (unformat (input, "listeners %U", unformat_transport_proto,
+ &transport_proto))
+ do_listeners = 1;
else if (unformat (input, "%U", unformat_stream_session, &s))
{
one_session = 1;
@@ -231,6 +234,27 @@ show_session_command_fn (vlib_main_t * vm, unformat_input_t * input,
return 0;
}
+ if (do_listeners)
+ {
+ sst = session_type_from_proto_and_ip (transport_proto, 1);
+ vlib_cli_output (vm, "There are %d active %U listeners",
+ pool_elts (smm->listen_sessions[sst]),
+ format_transport_proto, transport_proto);
+ if (verbose)
+ {
+ vlib_cli_output (vm, "%-40s%-24s%-10s", "Listener", "App", "S-idx");
+ /* *INDENT-OFF* */
+ pool_foreach (s, smm->listen_sessions[sst], ({
+ app_name = application_name_from_index (s->app_index);
+ vlib_cli_output (vm, "%U%-25v%-10u", format_stream_session, s, 1,
+ app_name, s->session_index);
+ vec_free (app_name);
+ }));
+ /* *INDENT-ON* */
+ }
+ return 0;
+ }
+
for (i = 0; i < vec_len (smm->sessions); i++)
{
u32 once_per_pool;
diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c
index f4b26f6d931..30e39132d3a 100644
--- a/src/vnet/session/session_lookup.c
+++ b/src/vnet/session/session_lookup.c
@@ -113,6 +113,20 @@ make_v4_listener_kv (session_kv4_t * kv, ip4_address_t * lcl, u16 lcl_port,
}
always_inline void
+make_v4_proxy_kv (session_kv4_t * kv, ip4_address_t * lcl, u8 proto)
+{
+ v4_connection_key_t *key = (v4_connection_key_t *) kv->key;
+
+ key->src.as_u32 = lcl->as_u32;
+ key->dst.as_u32 = 0;
+ key->src_port = 0;
+ key->dst_port = 0;
+ key->proto = proto;
+
+ kv->value = ~0ULL;
+}
+
+always_inline void
make_v4_ss_kv_from_tc (session_kv4_t * kv, transport_connection_t * t)
{
make_v4_ss_kv (kv, &t->lcl_ip.ip4, &t->rmt_ip.ip4, t->lcl_port, t->rmt_port,
@@ -156,6 +170,23 @@ make_v6_listener_kv (session_kv6_t * kv, ip6_address_t * lcl, u16 lcl_port,
}
always_inline void
+make_v6_proxy_kv (session_kv6_t * kv, ip6_address_t * lcl, u8 proto)
+{
+ v6_connection_key_t *key = (v6_connection_key_t *) kv->key;
+
+ key->src.as_u64[0] = lcl->as_u64[0];
+ key->src.as_u64[1] = lcl->as_u64[1];
+ key->dst.as_u64[0] = 0;
+ key->dst.as_u64[1] = 0;
+ key->src_port = 0;
+ key->dst_port = 0;
+ key->proto = proto;
+ key->unused = 0;
+
+ kv->value = ~0ULL;
+}
+
+always_inline void
make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * t)
{
make_v6_ss_kv (kv, &t->lcl_ip.ip6, &t->rmt_ip.ip6, t->lcl_port, t->rmt_port,
@@ -536,6 +567,14 @@ session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep)
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return (u32) kv4.value;
+
+ /*
+ * Zero out the port and check if we have proxy
+ */
+ kv4.key[1] = 0;
+ rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
+ if (rv == 0)
+ return (u32) kv4.value;
}
else
{
@@ -564,6 +603,14 @@ session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep)
rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
if (rv == 0)
return (u32) kv6.value;
+
+ /*
+ * Zero out the port. Same logic as above.
+ */
+ kv6.key[4] = kv6.key[5] = 0;
+ rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
+ if (rv == 0)
+ return (u32) kv6.value;
}
return APP_INVALID_INDEX;
}
@@ -575,17 +622,30 @@ session_lookup_listener4_i (session_table_t * st, ip4_address_t * lcl,
session_kv4_t kv4;
int rv;
+ /*
+ * First, try a fully formed listener
+ */
make_v4_listener_kv (&kv4, lcl, lcl_port, proto);
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return session_manager_get_listener (proto, (u32) kv4.value);
- /* Zero out the lcl ip */
+ /*
+ * Zero out the lcl ip and check if any 0/0 port binds have been done
+ */
kv4.key[0] = 0;
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return session_manager_get_listener (proto, (u32) kv4.value);
+ /*
+ * Zero out port and check if we have a proxy set up for our ip
+ */
+ make_v4_proxy_kv (&kv4, lcl, proto);
+ rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
+ if (rv == 0)
+ return session_manager_get_listener (proto, (u32) kv4.value);
+
return 0;
}
@@ -618,6 +678,10 @@ session_lookup_listener6_i (session_table_t * st, ip6_address_t * lcl,
if (rv == 0)
return session_manager_get_listener (proto, (u32) kv6.value);
+ make_v6_proxy_kv (&kv6, lcl, proto);
+ rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
+ if (rv == 0)
+ return session_manager_get_listener (proto, (u32) kv6.value);
return 0;
}
diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h
index 3bc70311c6e..00ef19fec5a 100644
--- a/src/vnet/session/session_lookup.h
+++ b/src/vnet/session/session_lookup.h
@@ -60,7 +60,8 @@ stream_session_t *session_lookup_listener (u32 table_index,
int session_lookup_add_connection (transport_connection_t * tc, u64 value);
int session_lookup_del_connection (transport_connection_t * tc);
u64 session_lookup_endpoint_listener (u32 table_index,
- session_endpoint_t * sep, u8 use_rules);
+ session_endpoint_t * sepi,
+ u8 use_rules);
u32 session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep);
stream_session_t *session_lookup_global_session_endpoint (session_endpoint_t
*);
diff --git a/src/vnet/session/session_test.c b/src/vnet/session/session_test.c
index d592487e5ac..8194a313dc2 100644
--- a/src/vnet/session/session_test.c
+++ b/src/vnet/session/session_test.c
@@ -1112,6 +1112,9 @@ static int
session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
{
u64 options[SESSION_OPTIONS_N_OPTIONS];
+ char *show_listeners = "sh session listeners tcp verbose";
+ char *show_local_listeners = "sh app ns table default";
+ unformat_input_t tmp_input;
u32 server_index, app_index;
u32 dummy_server_api_index = ~0, sw_if_index = 0;
clib_error_t *error = 0;
@@ -1189,8 +1192,14 @@ session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
server_index = attach_args.app_index;
if (verbose)
- session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
- TRANSPORT_PROTO_TCP);
+ {
+ unformat_init_string (&tmp_input, show_listeners,
+ strlen (show_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ unformat_init_string (&tmp_input, show_local_listeners,
+ strlen (show_local_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ }
tc = session_lookup_connection_wt4 (0, &lcl_ip, &rmt_ip, lcl_port, rmt_port,
TRANSPORT_PROTO_TCP, 0);
@@ -1206,10 +1215,6 @@ session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
SESSION_TEST ((tc == 0), "lookup 5.6.7.8 1234 5.6.7.8 4321 should"
" not work");
- if (verbose)
- session_lookup_dump_local_rules_table (app_ns->local_table_index,
- FIB_PROTOCOL_IP4,
- TRANSPORT_PROTO_TCP);
app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
SESSION_TEST ((app_index == server_index), "local session endpoint lookup"
" should work");
@@ -1220,14 +1225,19 @@ session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
vnet_application_detach (&detach_args);
if (verbose)
- session_lookup_dump_local_rules_table (app_ns->local_table_index,
- FIB_PROTOCOL_IP4,
- TRANSPORT_PROTO_TCP);
+ {
+ unformat_init_string (&tmp_input, show_listeners,
+ strlen (show_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ unformat_init_string (&tmp_input, show_local_listeners,
+ strlen (show_local_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ }
app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
SESSION_TEST ((app_index == SESSION_RULES_TABLE_INVALID_INDEX),
"local session endpoint lookup should not work after detach");
-
+ unformat_free (&tmp_input);
return 0;
}