aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session_api.c
AgeCommit message (Collapse)AuthorFilesLines
2024-09-06session: add Source Deny ListSteven Luong1-11/+238
With this feature, session enable is now modified to have 3 modes of operation session enable -- only enable session session enable rt-backend sdl -- enable session with sdl session enable rt-backend rule-table -- enable session with rule-table session rule tables are now created on demand, upon adding first rule to the rule table. refactor session table to remove depenency from sesssion rules table. Now session rules table APIs take srtg_handle and transport proto instead of srt pointer. Type: feature Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-08-13session: problem in session_rules_details APISteven Luong1-0/+4
Backend needs to return protocol to indicate if the prefix is ip4 or ip6. Type: fix Change-Id: If827c2e8b2a58051298968fa4d69de71ce9c4fcc Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-15session: crash in session_rule_add_del if session is not enableSteven Luong1-0/+7
Invoking the API session_rule_add_del to add a rule causes VPP to crash if session is not enable. Type: fix Change-Id: If8de83f1064bc60d20461e87889b7c3393ad2af1 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-03-29session: fix api coverity warningsFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb4e9d9e39b937ad4c7316b3955b3ca296f0a191
2024-03-12misc: remove GNU Indent directivesDamjan Marion1-14/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-01session: add api cb for listen and unlistenFlorin Coras1-4/+11
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
2024-01-09session: support for cl port reuseFlorin Coras1-10/+11
Adds support for connectionless listener port reuse. Until now, cl listeners had fifos allocated to them and therefore only one app worker could ever listen, i.e., a session cannot have multiple fifos. To circumvent the limitation, this separates the fifos from the listener by allocating new cl sessions for each app worker that reuses the app listener. Flows are hashed to app worker cl sessions but, for now, this is not a consistent/fixed hash. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
2023-12-02session: no segment handle on worker delFlorin Coras1-2/+2
Coverity report. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3ce06634b30688d2a9581b50d462092daa8b4cac
2023-11-29session: no reply on app del worker with sapiFlorin Coras1-0/+4
With socket api, applications should not expect reply after worker del msg. VCL in particular closes the socket after it enqueues the message. Found by ASAN. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1be02a0cde6b96a96edb709f3fe30bbc01ff2d24
2023-11-22session: per app wrk client ct segment handleFlorin Coras1-14/+3
Make sure ct client segment handles do not collide if multi worker application establishes cut-through sessions to only one server segment manager. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I905379f9ed73c64d57a826a3e97d53dab3a87517
2023-08-09session: async rx event notificationsFlorin Coras1-0/+50
Move from synchronous flushing of io and ctrl events from transports to applications to an async model via a new session_input input node that runs in interrupt mode. Events are coalesced per application worker. On the one hand, this helps by minimizing message queue locking churn. And on the other, it opens the possibility for further optimizations of event message generation, obviates need for rx rescheduling rpcs and is a first step towards a fully async data/io rx path. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6bebcb65fc9feef8aa02ddf1af6d9ba6f6745ce
2023-07-26session: use session error type instead of vnet errorFilip Tehlar1-6/+25
Type: improvement Change-Id: Ie0bad9e03ac2e29da23af01ee7f63cb44489ad9c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2023-07-21vcl: ldp support SO_ORIGINAL_DSTqinyang1-0/+7
Type: improvement Support SO_ORIGINAL_DST socket option to get original dst_ip4 and dst_port if nat44 rule enabled. Change-Id: If00e00d03e48f3b78a23a68f1b078954d79dd0f7 Signed-off-by: qinyang <qiny@yusur.tech>
2023-04-28session: update due to clib_socket refactoringNathan Skrzypczak1-34/+76
After the clib_socket_init syntax changed, the behavior of VCL socket creation was broken. This patch introduces app_namespace_add_del_v4 to address the behavioral change. Type: refactor Change-Id: Ice016bdb372233fd3317f166d45625e086e9b4df Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2023-03-24api: Remove deprecated message from APIOndrej Fabry1-13/+0
Type: refactor Signed-off-by: Ondrej Fabry <ofabry@cisco.com> Change-Id: Ib80a4d1f8bac5dc27db1aafe65165cbb509b4edf
2023-03-14session vcl: refactor builtin tx event for main txFlorin Coras1-0/+2
Rename unused SESSION_IO_EVT_BUILTIN_TX to SESSION_IO_EVT_TX_MAIN and leverage it for non-connected udp tx. Non-connected udp sessions are listeners and are therefore allocated on main thread. Consequently, whenever session queue node is not polling main, tx events generated by external applications might be missed or processed with some delay. To solve this, request that apps use SESSION_IO_EVT_TX_MAIN tx events as opposed to SESSION_IO_EVT_TX and send that to first worker as opposed to main. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I5df5ac3dc80c0f192b2eefb1d465e9deefe8786b
2022-03-11session: fix crash during client detachFilip Tehlar1-1/+3
This fixes a crash caused by client closing socket before adding worker. During detach vpp tries to delete worker based on invalid worker index. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I3242bcbb116ef5fd1d4c449f5bcf907e4e2f8f30
2022-02-24session: fix session layer socket readFilip Tehlar1-2/+27
This fixes an issue caused by session layer reading expected part of data (cert + key) before the client actually sends it. Type: fix Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: I6ddddb08f9576211b302e814d7c2b040383e5fb7
2021-12-16session: app mq congestion detectionFlorin Coras1-224/+43
Detect mq congestion and handle it by queueing messages in a fifo and postponing handling via rpcs. App workers with congested mqs cannot accept nor connect additional sessions. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I401d971a1a53896758b88fc60f158cbc31e0c7cb
2021-12-08api: improve REPLY_MACRO safetyKlement Sekera1-35/+41
Improve vppapigen to generate per-message #define indicating whether said message is dynamically sized (due to VLA or string) or not. Use these #defines in REPLY_MACROs to prevent improper usage. Fix existing improper REPLY_MACRO* usage. Type: improvement Change-Id: Ia77aaf9f6cf3ed68ea21075a4cc8deda78a68651 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2021-10-05session: Add session_sapi_enable_disableNathan Skrzypczak1-0/+11
Type: feature This adds an API message to do the switch at runtime. Change-Id: Ice6b69c57f0bfbf5668182e25593362ff4133615 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-21session: implement app_ns deletionNathan Skrzypczak1-2/+19
Type: feature Change-Id: If0edbb21a0283d66c648a9e190d238c8cfa56353 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-16session: Add sock_name option to add_nsNathan Skrzypczak1-11/+70
This adds a new API call to add session namespaces It now takes a netns and a sock_name. (1) If no netns is passed, sock_name will be used as socket path. Defaulting to /run/vpp/app_ns_sockets/${ns_id} (2) If a netns is passed, the sock_name has to be abstract (i.e. start with '@'). It will default to `@vpp/session/${ns_id}` and will be created in the provided netns. Type: feature Change-Id: I90e9a8e5ecca2cabe7c05335663e33c8506dc9e7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-09-09session: fix non-NULL terminated stringBenoît Ganne1-18/+7
vlib_unix_recursive_mkdir () expects a NULL-terminated C-string. Type: fix Change-Id: I412b48443d0792307d611c466747c0aa5e423417 Signed-off-by: Benoît Ganne <bganne@cisco.com>
2021-08-30session: close app wrk socket on deleteFlorin Coras1-6/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I54fa6e8f12bb52988888e7019a88d6891017944c
2021-08-12session vcl: cert key add/del with socket apiFlorin Coras1-0/+80
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I70791285cbf427479d2dcbf70ffdce2253add2fb
2021-07-24session: avoid vpp deadlock due to app crashliuyacan1-0/+6
In high traffic scenarios, if app crashed or hang on somewhere, app_mq will quickly accumulate to full, after which vpp worker will try 100 times before giving up allocating slot for every msg. This will cause vpp main thread barrier sync to fail. Type: fix Signed-off-by: liuyacan <liuyacan@corp.netease.com> Change-Id: I2b2bf2b272c5b3ca7e4a56af179af12bbcde149d
2021-07-23session vcl: support abstract sockets for app nsFlorin Coras1-3/+56
App namespaces can now be associated to a linux ip netns, e.g.: app ns add id <ns_id> secret <n> sw_if_index <n> netns <netns> If session layer's app sock api is enabled, this triggers the creation of an abstract listening socket in the netns that has been configured. For the example above that would be @vpp/session/<ns_id>. Consequently, vcl, or other apps attaching to vpp, can connect to said abstract socket from an ip netns without the need to share unix domain socket files. In particular, for vcl it's enough to set app-socket-api to @vpp/session/<ns_id> in the conf file. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I26fdc626a760a3f423c5b8be4251623f6e9cd73a
2021-07-22session vcl: explit mq indices in ctrl messagesFlorin Coras1-0/+3
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I8e80252b85dda9a8f5699109264dc1b913581442
2021-07-12session: api cleanupFilip Tehlar1-73/+33
Use autogenerated code. Does not change API definitions. Type: improvement Signed-off-by: Filip Tehlar <ftehlar@cisco.com> Change-Id: Iacc58d27ac51c8a1c571087f98297e046b3477c2
2021-06-03session: lcl transport info on acceptFlorin Coras1-0/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia46b0b8afed30f84b244c06f0457303f9e8832cd
2021-04-23session: set connected session index for ctFlorin Coras1-2/+5
Set connected session index for ct as well. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id82ffcf5572b6a9d2769c0e685c7a0b4d1ea9e9f
2021-04-23session: set fifo's session index before vcl attachliuyacan1-0/+2
Current implementation may have timing issue: 1. The TCP 3-way-handshake is completed but the app is busy and does not process the CONNECTED event. 2. VPP receive some data from peer and try to send a RX event to VCL, but the fifo's client session index is not initialized yet. So this event will be sent to incorrect session 0. Type: fix Change-Id: I54f222232968bfaea5f4745284a1cfacc89482a9 Signed-off-by: liuyacan <liuyacan@corp.netease.com>
2021-03-29svm session vcl: per app rx message queuesFlorin Coras1-34/+73
Add option to use per app private segments for app to vpp message queues, as opposed to exposing internal message queues segment. When so configured, internal message queues are still polled by the session queue node but external app message queues are handled by a new input node (appsl-rx-mqs-input) that runs in interrupt state. Signaling of the node, when mqs receive new messages, is done through eventfds epolled by worker epoll input nodes. Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iffe8ce5a9944a56a14e6d0f492a850cb9e392d16
2021-03-10session: check if fifo exists in cl bound notificationFlorin Coras1-1/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I316575a4b199916920cad6be8f9b49025d6ccc2d
2021-02-24session: init ctrl msg without mq lockFlorin Coras1-102/+96
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I755e6da1fcf6f3bf3c72d6d36c4243b0919b7209
2021-02-10vcl: validate seg handle on migrate only if neededFlorin Coras1-1/+1
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c15a465f84f2ceb6bd5f1c459899824d4bc1c90
2021-01-25svm: add custom q implementation for mqFlorin Coras1-4/+4
Add separate queue implementation for the message queue as it's custom tailored for fifo segments as opposed to binary api. Also move eventfds to the private data structures. Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I6df0c824ecd94c7904516373f92a9fffc6b04736
2021-01-07vcl session: switch to generic cert key apisFlorin Coras1-75/+4
Remove the deprecated tls apis. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
2020-12-29svm vcl: allow random offsets for fifo segments in appsFlorin Coras1-10/+10
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1658a9c19d8eae4c9a42c0a111d4ad343b8eb8a4
2020-12-29svm: allow mq attachments at random offsetsFlorin Coras1-35/+47
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic373cd2c11272da539eb4b0db27227f36f2f9688
2020-12-28session: convert evt q segment to fifo segmentFlorin Coras1-4/+5
Type: refactor Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I63a44e11322f6fe27255820524e022f6d710b083
2020-12-24svm: split fifo into private and shared structsFlorin Coras1-12/+14
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id8e77e8b2623be719fd43a95e181eaa5b7df2b6e
2020-12-14misc: move to new pool_foreach macrosDamjan Marion1-4/+4
Type: refactor Change-Id: Ie67dc579e88132ddb1ee4a34cb69f96920101772 Signed-off-by: Damjan Marion <damarion@cisco.com>
2020-11-09session: remove support for shm bapi attachmentFlorin Coras1-1/+6
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I21bda0c46406aff54ad8fe5e44491e8e332de170
2020-10-27session: per worker state for ct sessionsFlorin Coras1-2/+2
Type: feature Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id6f7b2b969eb50eb7611e4e9ca77b7ef0e0519a1
2020-09-25vppinfra session: file platform independent private dataFlorin Coras1-2/+2
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id43b0b6db2b42ee5801236df0bd7f7225e1e081c
2020-09-23session: fix sapi coverity warningFlorin Coras1-0/+2
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ib00ac02eabb06a300d01697b89d97b26dd3c4330
2020-09-22lisp: Move to pluginNeale Ranns1-1/+1
Type: refactor Change-Id: I54df533a8f863c4e49742903cf2457f18b4fc506 Signed-off-by: Neale Ranns <nranns@cisco.com>
2020-09-18session: grab worker barrier for sapi msgsFlorin Coras1-0/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7cdbcfeb6f77a720e190daf9fe555320e586bba8