summaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session.api
AgeCommit message (Collapse)AuthorFilesLines
2024-09-06session: add Source Deny ListSteven Luong1-1/+59
With this feature, session enable is now modified to have 3 modes of operation session enable -- only enable session session enable rt-backend sdl -- enable session with sdl session enable rt-backend rule-table -- enable session with rule-table session rule tables are now created on demand, upon adding first rule to the rule table. refactor session table to remove depenency from sesssion rules table. Now session rules table APIs take srtg_handle and transport proto instead of srt pointer. Type: feature Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14 Signed-off-by: Steven Luong <sluong@cisco.com>
2023-04-28session: update due to clib_socket refactoringNathan Skrzypczak1-0/+43
After the clib_socket_init syntax changed, the behavior of VCL socket creation was broken. This patch introduces app_namespace_add_del_v4 to address the behavioral change. Type: refactor Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-03-24api: Remove deprecated message from APIOndrej Fabry1-32/+0
Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
2021-10-05session: Add session_sapi_enable_disableNathan Skrzypczak1-0/+12
Type: feature This adds an API message to do the switch at runtime. Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-16session: Add sock_name option to add_nsNathan Skrzypczak1-0/+35
This adds a new API call to add session namespaces It now takes a netns and a sock_name. (1) If no netns is passed, sock_name will be used as socket path. Defaulting to /run/vpp/app_ns_sockets/${ns_id} (2) If a netns is passed, the sock_name has to be abstract (i.e. start with '@'). It will default to `@vpp/session/${ns_id}` and will be created in the provided netns. Type: feature Change-Id: I90e9a8e5ecca2cabe7c05335663e33c8506dc9e7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-23session vcl: support abstract sockets for app nsFlorin Coras1-0/+39
App namespaces can now be associated to a linux ip netns, e.g.: app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns> If session layer's app sock api is enabled, this triggers the creation of an abstract listening socket in the netns that has been configured. For the example above that would be @vpp/session/<ns_id>. Consequently, vcl, or other apps attaching to vpp, can connect to said abstract socket from an ip netns without the need to share unix domain socket files. In particular, for vcl it's enough to set app-socket-api to @vpp/session/<ns_id> in the conf file. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
2021-01-07vcl session: switch to generic cert key apisFlorin Coras1-1/+3
Remove the deprecated tls apis. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
2020-05-05session: improve .api comments slightlyVratko Polak1-3/+3
Type: style Change-Id: Iccd2c205059abcdf121093ff03da603fe3dda1f7 Signed-off-by: Vratko Polak <vrpolak@cisco.com>
2020-05-04session: add option to preallocate fifo headersFlorin Coras1-2/+2
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie47546ef36590b90ed481b14cf812afbecf7981c
2020-04-28tests: move defaults from defaultmapping to .api filesPaul Vinciguerra1-1/+1
facilitates use of papi beyond the tests. Type: improvement Change-Id: I3d502d9130b81a7fb65ee69bb06fe55802b28a27 Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>
2020-04-10udp: remove connected udp transport protoFlorin Coras1-2/+1
Type: refactor To reproduce functionality, use udp in combination with TRANSPORT_CFG_F_CONNECTED transport flag set in connect and listen parameters. Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id88470c38326f8168b9646b0de49a674e0f4266f
2020-04-03session: remove obsolete apisFlorin Coras1-253/+10
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia14800710aca7c1bc315b6da3c69d623f79a5b63
2020-03-25session: api to add new transport typesFlorin Coras1-1/+0
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If4dee6dba1ea942daa921d566b35cdecdda680ee
2020-03-05session: API cleanupJakub Grajciar1-60/+61
Use consistent API types. Type: fix Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com> Change-Id: Ib752a3425c076eb53bc5255a48039cbb74b1fcce Signed-off-by: Jakub Grajciar <jgrajcia@cisco.com>
2020-02-25svm: minimal initial fifoFlorin Coras1-2/+2
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I4ee46a6c3c53c58199c275e20702f7fd11b60d9a
2019-12-21session: move add/del segment msg to mqFlorin Coras1-0/+2
Type: refactor Change-Id: I32234173ebd69f80acb1afa4039fffbd19157f6d Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-10-09session: Add certificate storeNathan Skrzypczak1-0/+40
Type: feature This changes the behavior of both API calls APPLICATION_TLS_CERT_ADD & APPLICATION_TLS_KEY_ADD certificates and keys aren't bound to an app, they are passed to it via connect / listen using the message queue. This should be followed by a per protocol (QUIC/TLS) crypto_context store to save devrived structs Change-Id: I36873bc8b63b5c72776c69e8cd9febc9cae31882 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-09-03api: enforce vla is last and fixed string typeOle Troan1-1/+1
Enforce that variable length fields are the last element of API messages. Add a 'fixed' version of string type, since dealing with multiple variable length strings turned out too painful for the C language bindings. The string type is now: { string name[64]; // NUL terminated C-string. Essentially decays to u8 name[64] string name[]; // Variable length string with embedded len field (vl_api_string_t) }; The latter notation could be made available to other types as well. e.g. { vl_api_address_t addresses[]; } instead of { u32 n_addr; vl_api_address_t addresses[n_addr]; }; Type: fix Change-Id: I18fa17ef47227633752ab50453e8d20a652a9f9b Signed-off-by: Ole Troan <ot@cisco.com>
2019-08-27session: move ctrl messages from bapi to mqFlorin Coras1-18/+76
Type:refactor Moves connect, disconnect, bind, unbind and app detach to message queue from binary api. Simplifies app/vcl interaction with the session layer since all session control messages are now handled over the mq. Add/del segment messages require internal C api changes which affect all builtin applications. They'll be moved in a different patch and might not be back portable to 19.08. Change-Id: I93f6d18e551b024effa75d47f5ff25f23ba8aff5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-07-19session: Use parent_handle instead of transport_optsNathan Skrzypczak1-2/+2
Type: feature This is mostly used for quic in the case of a stream creation (i.e. connect on an already established QUIC session). We want do default parent_handle to INVALID to be able to distinguish it from parent_handle = 0 Change-Id: Id5ac0b0155a3c44e51334231b711e4fd87a96a10 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-05-16Add transport_opts to connect_sock bapiNathan Skrzypczak1-0/+2
Needed by QUIC to distinguish Q/Ssessions Change-Id: Idcc9e46f86f54a7d06ce6d870edec1766e95c82d Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-02session: remove deprecated binary apisFlorin Coras1-177/+21
Change-Id: Ia1a628498fa3b639b6b1508f65c6aea1806f73ec Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-30vcl: wait for segments with segment handleFlorin Coras1-1/+3
Instead of waiting for notification from binary api. Change-Id: I5ecab857d6bcdbed62d6bb06709570c4cf6b19ea Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-30session: segment handle in accept/connect notificationsFlorin Coras1-3/+8
Change-Id: I03884b6cde9d4c38ae13d1994fd8d37d44016ef0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-21session: cleanup use of api_client_indexFlorin Coras1-3/+5
Change-Id: I8a680be62ab91d2ccb144641981a635506973a49 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-14session: mark apis for deprecationFlorin Coras1-2/+9
Change-Id: I913ffc963928b74cf4753b6b9a0eed4436887e04 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-09-06session: support multiple worker bindsFlorin Coras1-0/+2
Allows app workers to listen on the same session endpoint. Incoming connects are spread across the workers in a round-robin fashion Change-Id: Ib5f5817230d9abc6127a85cdbdcad70d980c0f7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-30vcl: add support for multi-worker appsFlorin Coras1-0/+2
Add basic support for app registration of multiple workers. LDP does not work with multi-worker apps. Change-Id: I3fc421a2a591a077b275827463f874b261415a63 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-24session: add support for multiple app workersFlorin Coras1-1/+46
Refactor session layer to support multiple workers per application. Change-Id: Ie67354688d396449d14bbbb8c56050206e307cd8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-08-15Remove client_index field from replies in APIOndrej Fabry1-3/+0
- replies should not need to contain client_index since it is used to identify sender of requests to VPP Change-Id: Iece3853b3f020054ee1652b149d0cf8d9580db4e Signed-off-by: Ondrej Fabry <ofabry@cisco.com>
2018-08-10vcl: support for eventfd mq signalingFlorin Coras1-2/+32
- support eventfd based mq signaling. Based on configuration, vcl epoll/select can use either condvars or epoll on mq eventfds. - add vcl support for memfd segments - vpp explicitly registers cut-through segments with apps/vcl - if using eventfd, make ldp allow one call to libc_epoll_create. Needed for the message queue epfd - update svm_queue_t to allow blocking calls with eventfd signaling. Change-Id: I064151ac370bbe29bb16c968bf4e3659c8286bea Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-04-18udp/session: refactor to support dgram modeFlorin Coras1-5/+23
- adds session layer support for datagram based protocols - updates udp to work in pure connectionless and datagram mode. The existing connected mode is now 'accessible' for apps as a dummy UDPC, as in, connected udp, protocol. - updates udp_echo, echo client, echo server code to work in datagram mode. Change-Id: I2960c0d2d246cb166005f545794ec31fe0d546dd Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-07tls: enforce certificate verificationFlorin Coras1-1/+6
- add option to use test certificate in the ca chain - add hostname to extended session endpoint fields and connect api parameters. If hostname is present, certificate validation is enforced. - use /etc/ssl/certs/ca-certificates.crt to bootstrap CA cert. A different path can be provided via startup config Change-Id: I046f9c6ff3ae6a9c2d71220cb62eca8f7b10e5fb Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-02session: first approximation implementation of tlsFlorin Coras1-0/+28
It consists of two main parts. First, add an application transport type whereby applications can offer transport to other applications. For instance, a tls app can offer transport services to other applications. And second, a tls transport app that leverages the mbedtls library for tls protocol implementation. Change-Id: I616996c6e6539a9e2368fab8a1ac874d7c5d9838 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-14session: support local sessions and deprecate redirectsFlorin Coras1-4/+19
Memfd backed shared memory segments can only be negotiated over sockets. For such scenarios, the existing redirect mechanism that establishes cut-through sessions does not work anymore as the two peer application do not share such a socket. This patch adds support for local sessions, as opposed to sessions backed by a transport connection, in a way that is almost transparent to the two applications by reusing the existing binary api messages. Moreover, all segment allocations are now entirely done through the segment manager valloc, so segment overlaps due to independent allocations previously required for redirects are completely avoided. The one notable characteristic of local sessions (cut-through from app perspective) notification messages is that they carry pointers to two event queues, one for each app peer, instead of one. For transport-backed sessions one of the queues can be inferred but for local session they cannot. Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-01-23VPPAPIGEN: vppapigen replacement in Python PLY.Ole Troan1-1/+1
This is a version of the VPP API generator in Python PLY. It supports the existing language, and has a plugin architecture for generators. Currently C and JSON are supported. Changes: - vl_api_version to option version = "major.minor.patch" - enum support - Added error checking and reporting - import support (removed the C pre-processor) - services (tying request/reply together) Version: option version = "1.0.0"; Enum: enum colours { RED, BLUE = 50, }; define foo { vl_api_colours_t colours; }; Services: service { rpc foo returns foo_reply; rpc foo_dump returns stream foo_details; rpc want_stats returns want_stats_reply events ip4_counters, ip6_counters; }; Future planned features: - unions - bool, text - array support (including length) - proto3 output plugin - Refactor C/C++ generator as a plugin - Refactor Java generator as a plugin Change-Id: Ifa289966c790e1b1a8e2938a91e69331e3a58bdf Signed-off-by: Ole Troan <ot@cisco.com>
2017-11-17vppcom: improve listener session handlingFlorin Coras1-0/+3
Change-Id: I86b2e2c5a655e53a915fbf62ff04ee23c86de234 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-10session: add app ns index to ns create apiFlorin Coras1-1/+13
Change-Id: I86bfe4e8b0a899cc54c9b37eeb5eec701d0baf3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-06session: add rule tagsFlorin Coras1-0/+2
Change-Id: Id5ebb410f509ac4c83d60e48efd54e00035e5ce6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-05session: add api to dump rulesFlorin Coras1-0/+44
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras1-0/+38
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-17session: return local transport endpoint in connect replyFlorin Coras1-0/+6
Change-Id: I7794d5a0774017da4c1c15f45783a18754994ac8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10session: add support for application namespacingFlorin Coras1-12/+39
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-09vppapigen: support per-file (major,minor,patch) version stampsDave Barach1-1/+3
Add one of these statements to foo.api: vl_api_version 1.2.3 to generate a version tuple stanza in foo.api.h: /****** Version tuple *****/ vl_api_version_tuple(foo, 1, 2, 3) Change-Id: Ic514439e4677999daa8463a94f948f76b132ff15 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Ole Troan <ot@cisco.com>
2017-09-07Fix session connect_* api message handling.Dave Wallace1-32/+13
Change-Id: If7fd125989c90240de12953658d10007b9eb4f07 Signed-off-by: Dave Wallace <dwallacelf@gmail.com>
2017-06-07Small update to session APIFlorin Coras1-0/+4
Change-Id: I6a566d1dc9531b790bdcb00edc73516f86daeb72 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-04-25"autoreply" flag: autogenerate standard xxx_reply_t messagesDave Barach1-61/+7
Change-Id: I72298aaae7d172082ece3a8edea4217c11b28d79 Signed-off-by: Dave Barach <dave@barachs.net>
2017-04-13Session layer refactoringFlorin Coras1-144/+93
Major refactoring of the session layer api - Add attatch api for application binding to the the session layer - Simplify listen/connect calls - Update application CLI - Add transport endpoint to accept callback - Associate segment manager to application and allow for multiple binds/connects per app Additional: - svm fifo cleanup - add fifo free, format fns - add fifo offset enqueue unit test Change-Id: Id93a65047de61afc2bf3d58c9b544339c02065af Signed-off-by: Florin Coras <fcoras@cisco.com> Signed-off-by: Dave Barach <dave@barachs.net>
2017-03-04Cleanup URI code and TCP bugfixingFlorin Coras1-0/+22
- Add CLI/API to enable session layer, by default it's disabled - Improve rcv wnd computation - Improvements to tx path - URI code cleanup - Builtin test tcp server - Improve src port allocation Change-Id: I2ace498e76a0771d4c31a8075cc14fe33d7dfa38 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-03-01VPP-598: tcp stack initial commitDave Barach1-0/+429
Change-Id: I49e5ce0aae6e4ff634024387ceaf7dbc432a0351 Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: Florin Coras <fcoras@cisco.com>