aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/session/application_namespace.c
AgeCommit message (Collapse)AuthorFilesLines
2017-11-22session: more rules unit tests and cli improvementsFlorin Coras1-5/+4
Change-Id: I7e5545297ab9f2db8d7d07e44c744bdb0a0874a7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-20session/tcp: filtering improvementsFlorin Coras1-3/+5
- make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: fix app ns list cli dumpFlorin Coras1-4/+8
Change-Id: I9b0a4676d088bc7587d12023fc3a3ea53aeaba20 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-08session: fix show app ns table cliFlorin Coras1-10/+15
Change-Id: I188e0471636683345bd9daa779c3680a616c2244 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-05session: add api to dump rulesFlorin Coras1-1/+4
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras1-0/+13
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-27session: instantiate appns lookup table only onceFlorin Coras1-7/+10
Change-Id: I39d634b7691a524e5221c28997a737102298c281 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-26VCL: add session namespace support.Dave Wallace1-11/+24
Change-Id: I04f1b63e66260d99c0dd180b0295a55a9b750df7 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-10-10session: add support for application namespacingFlorin Coras1-0/+293
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>