summaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session_rules_table.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/session/session_rules_table.c')
-rw-r--r--src/vnet/session/session_rules_table.c317
1 files changed, 222 insertions, 95 deletions
diff --git a/src/vnet/session/session_rules_table.c b/src/vnet/session/session_rules_table.c
index 685871d46ed..fa8a056fbf0 100644
--- a/src/vnet/session/session_rules_table.c
+++ b/src/vnet/session/session_rules_table.c
@@ -20,6 +20,86 @@
#include <vnet/session/session_rules_table.h>
#include <vnet/session/transport.h>
+u32
+session_rule_tag_key_index (u32 ri, u8 is_ip4)
+{
+ return ((ri << 1) | is_ip4);
+}
+
+void
+session_rule_tag_key_index_parse (u32 rti_key, u32 * ri, u8 * is_ip4)
+{
+ *is_ip4 = rti_key & 1;
+ *ri = rti_key >> 1;
+}
+
+u8 *
+session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri, u8 is_ip4)
+{
+ uword *tip;
+ session_rule_tag_t *rt;
+
+ tip =
+ hash_get (srt->tags_by_rules, session_rule_tag_key_index (ri, is_ip4));
+ if (tip)
+ {
+ rt = pool_elt_at_index (srt->rule_tags, *tip);
+ return rt->tag;
+ }
+ return 0;
+}
+
+void
+session_rules_table_add_del_tag (session_rules_table_t * srt, u8 * tag,
+ u32 rule_index, u8 is_ip4, u8 is_add)
+{
+ uword *rip, *rtip;
+ session_rule_tag_t *rt;
+ u32 rti_key;
+
+ if (tag == 0)
+ return;
+ if (is_add)
+ {
+ pool_get (srt->rule_tags, rt);
+ rt->tag = vec_dup (tag);
+ hash_set_mem (srt->rules_by_tag, rt->tag, rule_index);
+ rti_key = session_rule_tag_key_index (rule_index, is_ip4);
+ hash_set (srt->tags_by_rules, rti_key, rt - srt->rule_tags);
+ }
+ else
+ {
+ rip = hash_get_mem (srt->rules_by_tag, tag);
+ if (!rip)
+ {
+ clib_warning ("tag has no rule associated");
+ return;
+ }
+ rti_key = session_rule_tag_key_index (*rip, is_ip4);
+ rtip = hash_get (srt->tags_by_rules, rti_key);
+ if (!rtip)
+ {
+ clib_warning ("rule has no tag associated");
+ return;
+ }
+ rt = pool_elt_at_index (srt->rule_tags, *rtip);
+ ASSERT (rt);
+ hash_unset_mem (srt->rules_by_tag, tag);
+ hash_unset (srt->tags_by_rules, rti_key);
+ pool_put (srt->rule_tags, rt);
+ }
+}
+
+u32
+session_rules_table_rule_for_tag (session_rules_table_t * srt, u8 * tag)
+{
+ uword *rp;
+ if (tag == 0)
+ return SESSION_RULES_TABLE_INVALID_INDEX;
+ rp = hash_get_mem (srt->rules_by_tag, tag);
+ return (rp == 0 ? SESSION_RULES_TABLE_INVALID_INDEX : *rp);
+}
+
static void
fib_pref_normalize (fib_prefix_t * pref)
{
@@ -32,64 +112,76 @@ fib_pref_normalize (fib_prefix_t * pref)
u8 *
format_session_rule4 (u8 * s, va_list * args)
{
- mma_rules_table_16_t *srt = va_arg (*args, mma_rules_table_16_t *);
+ session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
session_mask_or_match_4_t *mask, *match;
+ mma_rules_table_16_t *srt4;
+ u8 *tag = 0, *null_tag = format (0, "none");
+ u32 ri;
int i;
+ srt4 = &srt->session_rules_tables_16;
+ ri = mma_rules_table_rule_index_16 (srt4, sr);
+ tag = session_rules_table_rule_tag (srt, ri, 1);
match = (session_mask_or_match_4_t *) & sr->match;
mask = (session_mask_or_match_4_t *) & sr->mask;
- s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d",
- mma_rules_table_rule_index_16 (srt, sr), format_ip4_address,
- &match->lcl_ip,
- ip4_mask_to_preflen (&mask->lcl_ip),
- match->lcl_port, format_ip4_address, &match->rmt_ip,
- ip4_mask_to_preflen (&mask->rmt_ip),
- match->rmt_port, sr->action_index);
+ s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
+ format_ip4_address, &match->lcl_ip,
+ ip4_mask_to_preflen (&mask->lcl_ip), match->lcl_port,
+ format_ip4_address, &match->rmt_ip,
+ ip4_mask_to_preflen (&mask->rmt_ip), match->rmt_port,
+ sr->action_index, tag ? tag : null_tag);
if (vec_len (sr->next_indices))
{
s = format (s, "\n children: ");
for (i = 0; i < vec_len (sr->next_indices); i++)
s = format (s, "%d ", sr->next_indices[i]);
}
+ vec_free (null_tag);
return s;
}
u8 *
format_session_rule6 (u8 * s, va_list * args)
{
- mma_rules_table_40_t *srt = va_arg (*args, mma_rules_table_40_t *);
+ session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
session_mask_or_match_6_t *mask, *match;
+ mma_rules_table_40_t *srt6;
+ u8 *tag = 0, *null_tag = format (0, "none");
+ u32 ri;
int i;
+ srt6 = &srt->session_rules_tables_40;
+ ri = mma_rules_table_rule_index_40 (srt6, sr);
+ tag = session_rules_table_rule_tag (srt, ri, 0);
match = (session_mask_or_match_6_t *) & sr->match;
mask = (session_mask_or_match_6_t *) & sr->mask;
- s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d",
- mma_rules_table_rule_index_40 (srt, sr), format_ip6_address,
- &match->lcl_ip, ip6_mask_to_preflen (&mask->lcl_ip),
- match->lcl_port, format_ip6_address, &match->rmt_ip,
+ s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
+ format_ip6_address, &match->lcl_ip,
+ ip6_mask_to_preflen (&mask->lcl_ip), match->lcl_port,
+ format_ip6_address, &match->rmt_ip,
ip6_mask_to_preflen (&mask->rmt_ip), match->rmt_port,
- sr->action_index);
+ sr->action_index, tag ? tag : null_tag);
if (vec_len (sr->next_indices))
{
s = format (s, "\n children: ");
for (i = 0; i < vec_len (sr->next_indices); i++)
s = format (s, "%d ", sr->next_indices[i]);
}
+ vec_free (null_tag);
return s;
}
void *
-session_rules_table_get (session_rules_table_t * srt, u8 transport_proto,
- u8 fib_proto)
+session_rules_table_get (session_rules_table_t * srt, u8 fib_proto)
{
if (fib_proto == FIB_PROTOCOL_IP4)
- return &srt->session_rules_tables_16[transport_proto];
+ return &srt->session_rules_tables_16;
else if (fib_proto == FIB_PROTOCOL_IP6)
- return &srt->session_rules_tables_40[transport_proto];
+ return &srt->session_rules_tables_40;
return 0;
}
@@ -208,61 +300,105 @@ session_rules_table_alloc_rule_40 (mma_rules_table_40_t * srt,
return rule;
}
+/**
+ * Add/delete session rule
+ *
+ * @param srt table where rule should be added
+ * @param args rule arguments
+ *
+ * @return 0 if success, clib_error_t error otherwise
+ */
clib_error_t *
session_rules_table_add_del (session_rules_table_t * srt,
session_rule_table_add_del_args_t * args)
{
u8 fib_proto = args->rmt.fp_proto;
+ u32 ri_from_tag, ri;
+ int rv;
- if (args->transport_proto != TRANSPORT_PROTO_TCP
- && args->transport_proto != TRANSPORT_PROTO_UDP)
+ ri_from_tag = session_rules_table_rule_for_tag (srt, args->tag);
+ if (args->is_add && ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
return clib_error_return_code (0, VNET_API_ERROR_INVALID_VALUE, 0,
- "invalid transport proto");
+ "tag exists");
if (fib_proto == FIB_PROTOCOL_IP4)
{
mma_rules_table_16_t *srt4;
- srt4 = &srt->session_rules_tables_16[args->transport_proto];
+ srt4 = &srt->session_rules_tables_16;
if (args->is_add)
{
- mma_rule_16_t *rule;
- rule = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
- args->lcl_port,
- &args->rmt,
- args->rmt_port);
- rule->action_index = args->action_index;
- mma_rules_table_add_rule_16 (srt4, rule);
+ mma_rule_16_t *rule4;
+ rule4 = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
+ args->lcl_port,
+ &args->rmt,
+ args->rmt_port);
+ rule4->action_index = args->action_index;
+ rv = mma_rules_table_add_rule_16 (srt4, rule4);
+ if (!rv)
+ {
+ ri = mma_rules_table_rule_index_16 (srt4, rule4);
+ session_rules_table_add_del_tag (srt, args->tag, ri, 1, 1);
+ }
}
else
{
- mma_rule_16_t rule;
- memset (&rule, 0, sizeof (rule));
- session_rules_table_init_rule_16 (&rule, &args->lcl, args->lcl_port,
- &args->rmt, args->rmt_port);
- mma_rules_table_del_rule_16 (srt4, &rule, srt4->root_index);
+ mma_rule_16_t *rule;
+ if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
+ {
+ rule = mma_rules_table_get_rule_16 (srt4, ri_from_tag);
+ mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
+ session_rules_table_add_del_tag (srt, args->tag, 0, 1, 0);
+ }
+ else
+ {
+ mma_rule_16_t _rule;
+ rule = &_rule;
+ memset (rule, 0, sizeof (*rule));
+ session_rules_table_init_rule_16 (rule, &args->lcl,
+ args->lcl_port, &args->rmt,
+ args->rmt_port);
+ mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
+ }
}
}
else if (fib_proto == FIB_PROTOCOL_IP6)
{
mma_rules_table_40_t *srt6;
- mma_rule_40_t *rule;
- srt6 = &srt->session_rules_tables_40[args->transport_proto];
+ mma_rule_40_t *rule6;
+ srt6 = &srt->session_rules_tables_40;
if (args->is_add)
{
- rule = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
- args->lcl_port,
- &args->rmt,
- args->rmt_port);
- rule->action_index = args->action_index;
- mma_rules_table_add_rule_40 (srt6, rule);
+ rule6 = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
+ args->lcl_port,
+ &args->rmt,
+ args->rmt_port);
+ rule6->action_index = args->action_index;
+ rv = mma_rules_table_add_rule_40 (srt6, rule6);
+ if (!rv)
+ {
+ ri = mma_rules_table_rule_index_40 (srt6, rule6);
+ session_rules_table_add_del_tag (srt, args->tag, ri, 0, 1);
+ }
}
else
{
- mma_rule_40_t rule;
- memset (&rule, 0, sizeof (rule));
- session_rules_table_init_rule_40 (&rule, &args->lcl, args->lcl_port,
- &args->rmt, args->rmt_port);
- mma_rules_table_del_rule_40 (srt6, &rule, srt6->root_index);
+ mma_rule_40_t *rule;
+ if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
+ {
+ rule = mma_rules_table_get_rule_40 (srt6, ri_from_tag);
+ mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
+ session_rules_table_add_del_tag (srt, args->tag, 0, 0, 0);
+ }
+ else
+ {
+ mma_rule_40_t _rule;
+ rule = &_rule;
+ memset (rule, 0, sizeof (*rule));
+ session_rules_table_init_rule_40 (rule, &args->lcl,
+ args->lcl_port, &args->rmt,
+ args->rmt_port);
+ mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
+ }
}
}
else
@@ -272,36 +408,34 @@ session_rules_table_add_del (session_rules_table_t * srt,
}
u32
-session_rules_table_lookup4 (session_rules_table_t * srt, u8 transport_proto,
+session_rules_table_lookup4 (session_rules_table_t * srt,
ip4_address_t * lcl_ip, ip4_address_t * rmt_ip,
u16 lcl_port, u16 rmt_port)
{
- mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16[transport_proto];
+ mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
session_mask_or_match_4_t key = {
.lcl_ip.as_u32 = lcl_ip->as_u32,
.rmt_ip.as_u32 = rmt_ip->as_u32,
.lcl_port = lcl_port,
.rmt_port = rmt_port,
};
- return mma_rules_table_lookup_16 (srt4,
- (mma_mask_or_match_16_t *) & key,
+ return mma_rules_table_lookup_16 (srt4, (mma_mask_or_match_16_t *) & key,
srt4->root_index);
}
u32
-session_rules_table_lookup6 (session_rules_table_t * srt, u8 transport_proto,
+session_rules_table_lookup6 (session_rules_table_t * srt,
ip6_address_t * lcl_ip, ip6_address_t * rmt_ip,
u16 lcl_port, u16 rmt_port)
{
- mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40[transport_proto];
+ mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
session_mask_or_match_6_t key = {
.lcl_port = lcl_port,
.rmt_port = rmt_port,
};
clib_memcpy (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
clib_memcpy (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
- return mma_rules_table_lookup_40 (srt6,
- (mma_mask_or_match_40_t *) & key,
+ return mma_rules_table_lookup_40 (srt6, (mma_mask_or_match_40_t *) & key,
srt6->root_index);
}
@@ -313,36 +447,32 @@ session_rules_table_init (session_rules_table_t * srt)
mma_rule_16_t *rule4;
mma_rule_40_t *rule6;
fib_prefix_t null_prefix;
- int i;
memset (&null_prefix, 0, sizeof (null_prefix));
- for (i = 0; i < TRANSPORT_N_PROTO; i++)
- {
- srt4 = &srt->session_rules_tables_16[i];
- rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
- &null_prefix, 0);
- rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
- srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
- srt4->rule_cmp_fn = rule_cmp_16;
- }
-
- for (i = 0; i < TRANSPORT_N_PROTO; i++)
- {
- srt6 = &srt->session_rules_tables_40[i];;
- rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
- &null_prefix, 0);
- rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
- srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
- srt6->rule_cmp_fn = rule_cmp_40;
- }
+ srt4 = &srt->session_rules_tables_16;
+ rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
+ &null_prefix, 0);
+ rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
+ srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
+ srt4->rule_cmp_fn = rule_cmp_16;
+
+ srt6 = &srt->session_rules_tables_40;
+ rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
+ &null_prefix, 0);
+ rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
+ srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
+ srt6->rule_cmp_fn = rule_cmp_40;
+
+ srt->rules_by_tag = hash_create_vec (0, sizeof (u8), sizeof (uword));
+ srt->tags_by_rules = hash_create (0, sizeof (uword));
}
void
session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
- u8 transport_proto, ip46_address_t * lcl_ip,
- u16 lcl_port, ip46_address_t * rmt_ip,
- u16 rmt_port, u8 is_ip4)
+ ip46_address_t * lcl_ip, u16 lcl_port,
+ ip46_address_t * rmt_ip, u16 rmt_port,
+ u8 is_ip4)
{
mma_rules_table_16_t *srt4;
mma_rules_table_40_t *srt6;
@@ -352,7 +482,7 @@ session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
if (is_ip4)
{
- srt4 = session_rules_table_get (srt, transport_proto, FIB_PROTOCOL_IP4);
+ srt4 = session_rules_table_get (srt, FIB_PROTOCOL_IP4);
session_mask_or_match_4_t key = {
.lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
.rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
@@ -364,41 +494,39 @@ session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
(mma_mask_or_match_16_t *) & key,
srt4->root_index);
sr4 = mma_rules_table_get_rule_16 (srt4, ri);
- vlib_cli_output (vm, "%U", format_session_rule4, srt4, sr4);
+ vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
}
else
{
- srt6 = session_rules_table_get (srt, transport_proto, FIB_PROTOCOL_IP6);
+ srt6 = session_rules_table_get (srt, FIB_PROTOCOL_IP6);
session_mask_or_match_6_t key = {
.lcl_port = lcl_port,
.rmt_port = rmt_port,
};
clib_memcpy (&key.lcl_ip, &lcl_ip->ip6, sizeof (lcl_ip->ip6));
clib_memcpy (&key.rmt_ip, &rmt_ip->ip6, sizeof (rmt_ip->ip6));
- ri =
- mma_rules_table_lookup_rule_40 (srt6,
- (mma_mask_or_match_40_t *) &
- key, srt6->root_index);
+ ri = mma_rules_table_lookup_rule_40 (srt6,
+ (mma_mask_or_match_40_t *) & key,
+ srt6->root_index);
sr6 = mma_rules_table_get_rule_40 (srt6, ri);
- vlib_cli_output (vm, "%U", format_session_rule6, srt6, sr6);
+ vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
}
}
void
session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
- u8 fib_proto, u8 transport_proto)
+ u8 fib_proto)
{
if (fib_proto == FIB_PROTOCOL_IP4)
{
mma_rules_table_16_t *srt4;
mma_rule_16_t *sr4;
- srt4 = &srt->session_rules_tables_16[transport_proto];
- vlib_cli_output (vm, "%U IP4 rules table", format_transport_proto,
- transport_proto);
+ srt4 = &srt->session_rules_tables_16;
+ vlib_cli_output (vm, "IP4 rules");
/* *INDENT-OFF* */
pool_foreach(sr4, srt4->rules, ({
- vlib_cli_output (vm, "%U", format_session_rule4, srt4, sr4);
+ vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
}));
/* *INDENT-ON* */
@@ -407,13 +535,12 @@ session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
{
mma_rules_table_40_t *srt6;
mma_rule_40_t *sr6;
- srt6 = &srt->session_rules_tables_40[transport_proto];
- vlib_cli_output (vm, "\n%U IP6 rules table", format_transport_proto,
- transport_proto);
+ srt6 = &srt->session_rules_tables_40;
+ vlib_cli_output (vm, "IP6 rules");
/* *INDENT-OFF* */
pool_foreach(sr6, srt6->rules, ({
- vlib_cli_output (vm, "%U", format_session_rule6, srt6, sr6);
+ vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
}));
/* *INDENT-ON* */