aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/session/session_lookup.c
AgeCommit message (Collapse)AuthorFilesLines
2024-08-06session: memory leak in show session rulesSteven Luong1-6/+9
Need to vec_free ns_id whenever we return in the function show_session_rules_command_fn in case memory was allocated to it. Type: fix Change-Id: Ifc38d3eb2756a8a128467dd40ad40fe3f0be8fc0 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-08-06session: session_lookup_local_endpoint returns the wrong valueSteven Luong1-1/+1
SESSION_INVALID_INDEX is u32. The function is supposed to return u64. The caller of the function tests the return value to see if it is SESSION_INVALID_HANDLE in ct_session_connect. If it is not, it thinks it is a valid handle and calls listen_session_get_from_handle which causes a crash. Type: fix Change-Id: I4ede6b2dfb95259f3a6071cfa3a77ce0d9cd9edd Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-24session: delete and add application namespace do not create the global ↵Steven Luong1-1/+51
session table When an application namespace is added, we call session_table_is_alloced to see if we need to allocate a new session table. That check returns true even if we removed the session table. The fix is when we delete an application's global session table, we need to invalidate fib_index_to_table_index. Fixed test_vcl test script to run two tests back to back. The 1st test deletes the application namespace at the end. The 2nd test adds the application namespace in the beginning. Type: fix Fixes: 67bae20b05cb46e5f6d19afeaf1f7a52a5309d59 Change-Id: I67f5cc1b726a07659597a9479df011717db08d0a Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-19session: show session rules does not display ip6 entriesSteven Luong1-6/+33
1. Adding an ip6 rule entry session rule add proto tcp ee80::/10 0 ee80::/10 0 action 2 2. show session rules does not display the entry. show session rules tcp 3. However, show session rules for a specific entry shows the entry show session rules tcp ee80::/10 0 ee80::/10 0 Type: fix Change-Id: I65c881665d3698a2a9452a186ed657eee0bf13e0 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-05-21session: remove ipv6 lookup threading assertBrian Morris1-1/+0
This makes session_lookup_connection_wt6 consistent with session_lookup_connection_wt4 - they both just return an error for wrong thread. Type: fix Change-Id: Ide38976e9a7274b53311e65711098e6b22a3f8d5 Signed-off-by: Brian Morris <bmorris2@cisco.com>
2024-03-21session: fix workers race to allocate lookup tableFlorin Coras1-24/+39
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I60600452c91184da571d4630bf2f0d9c24a3e85e
2024-03-12misc: remove GNU Indent directivesDamjan Marion1-6/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-02-02session: guard session lookup table allocsFlorin Coras1-0/+32
Session lookup tables could be allocated from workers, e.g., connects are done from first worker. Make sure consumers are not affected by stopping workers. Type: fix Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2023-11-20session: add session lookup cli for statsFlorin Coras1-0/+79
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I96bff47206ef64ea7369ae92e1b9ff1f74dfd71b
2023-07-26session: use session error type instead of vnet errorFilip Tehlar1-5/+5
Type: improvement Change-Id: Ie0bad9e03ac2e29da23af01ee7f63cb44489ad9c Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
2022-03-22session: use safe realloc for poolsFlorin Coras1-3/+1
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I313c916d268c4b2b448b93e90bc67da341b803e3
2021-09-16session: Add sock_name option to add_nsNathan Skrzypczak1-9/+15
This adds a new API call to add session namespaces It now takes a netns and a sock_name. (1) If no netns is passed, sock_name will be used as socket path. Defaulting to /run/vpp/app_ns_sockets/${ns_id} (2) If a netns is passed, the sock_name has to be abstract (i.e. start with '@'). It will default to `@vpp/session/${ns_id}` and will be created in the provided netns. Type: feature Change-Id: I90e9a8e5ecca2cabe7c05335663e33c8506dc9e7 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-07-08session: allow listen in any fib if default namespaceFlorin Coras1-0/+8
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: If0712f01bdd6f2fc892bcbe4e2cee28affd02520
2020-04-23session: fix session_table_get_or_allocAndreas Schultz1-8/+11
Extending the fib_index_to_table_index could leave entries uninitialized, pointing to the session tables at index 0. That session index exists by default, but it is a IPv4 session table. That would break all IPv6 on the unitilized fib indexes. Type: fix Change-Id: Ie3f0a87a7f829ceb39f75ec06658b0ad1d3813ae Signed-off-by: Andreas Schultz <andreas.schultz@travelping.com>
2020-04-06session udp: shared local endpointsFlorin Coras1-0/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7102355b95eefb233ec7d146e61819051a7bf07
2020-02-26tls session: fix unlistenFlorin Coras1-0/+26
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie3bc31fc3df662e087f7931de6c274eb3608a2d8
2020-01-02session: fix listener global endpoint lookupFlorin Coras1-1/+1
Type: fix Ensure listeners for app transport protocols are added to lookup tables using their session endpoints instead of their transport connections, which can override the network connection id in the transport connection. Change-Id: I56fa3666bb1422c0799fc7143cd099751ff6e2e6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-12-27tcp: Enable TCP timewait port useYu Ping1-4/+4
Improve host stack CPS test, and it help improve 10x performance Type: feature Change-Id: I6af61e0bad7c16ee2d30a1422cc46bb89f1cedb4 Signed-off-by: Yu Ping <ping.yu@intel.com> Signed-off-by: Yuwei Zhang <yuwei1.zhang@intel.com>
2019-09-25session: validate connection in session lookup delFlorin Coras1-1/+1
Type: fix Change-Id: I4e2617f99064c5a96e4debae8b68716ca129ee73 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-08-30session : make sure session layer is enabled when cli operate the sessions.Guanghua Zhang1-0/+4
Type: fix show session rules tcp vpp/src/vnet/session/application_namespace.c:34 (app_namespace_get) assertion `! pool_is_free (app_namespace_pool, _e)' fails Thread 1 "vpp_main" received signal SIGABRT, Aborted. Signed-off-by: Guanghua Zhang <ghzhang@fiberhome.com> Change-Id: I3430339a598a92d0a38826471adeb4547b0b7df4
2019-07-08session: add flag to disable session lookupNathan Skrzypczak1-0/+2
Type: feature Change-Id: I1369859be0a722ea37e5d3ecb35dee5684fc69f8 Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2019-03-13session rule cli add udp session failzhanglimao1-0/+1
current session rule cli can not add session rule of proto is udp. because vnet_session_rule_add_del function's paramter does not include transport_proto element in args struct, but session rule type on the basis of input args's transport_proto when create session rule with vnet_session_rule_add_del function, so just add transport_proto element to vnet_session_rule_add_del function's args that to solve this problem Change-Id: If1a5942b4a0b006d73376e0cb01b97e84c593493 Signed-off-by: zhanglimao <zhanglimao0017@gmail.com>
2019-03-11session: fix ct that match global table entriesFlorin Coras1-0/+21
Change-Id: I42addcd413094a8b6e9b2858ba2a292bd295ec82 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-03-01session: refactor local connectsFlorin Coras1-3/+3
- Switches local connects to cut-thru transport - Removes local sessions as a separate session type Change-Id: I997c6355d8c8e4f2110678f785b0f5d96bba47f7 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-11session: cleanup application interfaceFlorin Coras1-18/+17
Change-Id: I89d240753b3f3c5e984aa303a7c8fa35fa59bf7f Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-06transport: cleanupFlorin Coras1-31/+24
- move transport specific types to transport_types - add transport wrapper functions for interaction with transport protocol vfts Change-Id: I93f70d884585fc2f41c4a605e310c80e8a8972f2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-02-04session: cleanup part 1Florin Coras1-20/+20
Rename core data structures. This will break compatibility for out of tree builtin apps. - stream_session_t to session_t - server_rx/tx_fifo to rx/tx_fifo - stream_session.h to session_types.h - update copyright Change-Id: I414097c6e28bcbea866fbf13b8773c7db3f49325 Signed-off-by: Florin Coras <fcoras@cisco.com>
2019-01-12session: generate wrong thread errors instead of crashingFlorin Coras1-10/+24
Change-Id: I7e59ae718d2722c49d42b22a0874e1645a191e89 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-11-18vcl/session: apps with process workersFlorin Coras1-2/+2
Allow apps to register child processes as app workers. In particular, on fork vcl now registers the child process with vpp as a new worker. Change-Id: I52a65fbc3292962b1f6e1fe0f6153f739e6e0d4a Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-10-23c11 safe string handling supportDave Barach1-9/+9
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
2018-08-24session: add support for multiple app workersFlorin Coras1-6/+10
Refactor session layer to support multiple workers per application. Change-Id: Ie67354688d396449d14bbbb8c56050206e307cd8 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-07-27vcl: use events for epoll/select/read/writeFlorin Coras1-2/+3
Have vcl poll and wait on the event message queues as opposed to constantly polling the session fifos. This also adds event signaling to cut through sessions. On the downside, because we can't wait on multiple condvars, i.e., when we have multiple message queues because of cut-through registrations, we do timed waits. Change-Id: I29ade95dba449659fe46008bb1af502276a7c5fd Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-06-22session: improve session lookup speedsFlorin Coras1-57/+24
It would seem that this avoids using the stack for computing the subsequent crc32 by storing the 2 x u64 ip4 5-tuple key into two registers. Probably the cast to the "convenience" data structure "masks" the fact that the key is 16B. Probably ... :-) "sh run" on an ip4 tcp sender reports that the number of clocks spent in tcp_input, where a session lookup is performed, drops ~25% (from ~100 clocks/packet to ~75 clocks/packet) Change-Id: I50d647115ac72f8407bff7e3b73328ba42f0ddb5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-04-16session: use generic session pool for listenersFlorin Coras1-10/+6
Change-Id: I825f3822910a6ee368b9004e39ca16ac6833e30c Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-03-01session: zero out ips in local endpoint lookup only if localFlorin Coras1-29/+61
Change-Id: I3425b1533b3d31210166e7b3798685464ad1c489 Signed-off-by: Florin Coras <fcoras@cisco.com>
2018-02-14session: support local sessions and deprecate redirectsFlorin Coras1-52/+24
Memfd backed shared memory segments can only be negotiated over sockets. For such scenarios, the existing redirect mechanism that establishes cut-through sessions does not work anymore as the two peer application do not share such a socket. This patch adds support for local sessions, as opposed to sessions backed by a transport connection, in a way that is almost transparent to the two applications by reusing the existing binary api messages. Moreover, all segment allocations are now entirely done through the segment manager valloc, so segment overlaps due to independent allocations previously required for redirects are completely avoided. The one notable characteristic of local sessions (cut-through from app perspective) notification messages is that they carry pointers to two event queues, one for each app peer, instead of one. For transport-backed sessions one of the queues can be inferred but for local session they cannot. Change-Id: Ia443fb63e2d9d8e43490275062a708f039038175 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-22tcp: add builtin server/client transfer testFlorin Coras1-0/+1
Change-Id: Iab0baabf2f27bc7ad7fbf2d2789a493752b07d8a Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-12-11session: generalize handling of network transportsFlorin Coras1-57/+49
- compute session type out of transport and network protos - make session, session lookup and session queue code network protocol agnostic This does not update the session layer to support non-ip network layer protocols Change-Id: Ifc2f92845e158b649d59462eb7d51c12af536691 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-20session/tcp: filtering improvementsFlorin Coras1-70/+82
- make allow action explicit (-3) - add session lookup is_filtered return flag that is set if lookup hit a deny filter - change tcp logic to drop filtered packets when punting is enabled Change-Id: Ic38f294424663a4e108439b7571511f46f8e0be1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-10session: use listener logic for proxy rulesFlorin Coras1-1/+65
This moves session proxy logic from session rules tables to table/logic used to manage session listeners in order to avoid overlap of semantically different rules. Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-09session: lookup/rules table improvements and cleanupFlorin Coras1-155/+250
Change-Id: I5217364220023df34d5bee071cb750df1661b093 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-07session: fix v6 double bindsFlorin Coras1-4/+4
Change-Id: Ie747b490901254e962cf61814491851b891129ee Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-06session: add rule tagsFlorin Coras1-60/+98
Change-Id: Id5ebb410f509ac4c83d60e48efd54e00035e5ce6 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-05session: add api to dump rulesFlorin Coras1-9/+38
Change-Id: Ie42fd77e75e86a45cfe5951768c4638f27fdc3aa Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-03session: support drop action in rules tableFlorin Coras1-28/+38
Change-Id: Ided2980373ed5329c68f958f61be893428bccd31 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-11-01session: add support for proxying appsFlorin Coras1-11/+29
To enable this, applications set the proxy flag in their attach requests and pass the transport protocols they want to act as proxies for as part of the attach options. When proxy is enabled, session rules that point incoming packets to the proxy app are addedd to the local and global session tables, if these scopes are accessible to the app. In particular, in case of the former, the rule accepts packets from all sources and all ports destined to the namespace's supporting interface address on any port. While in case of the latter, a generic any destination and any port rule is addedd. Change-Id: I791f8c1cc083350f02e26a2ac3bdbbfbfa19ece3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-28session: rules tablesFlorin Coras1-8/+362
This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-16udp: refactor udp codeFlorin Coras1-29/+67
Change-Id: I44d5c9df7c49b8d4d5677c6d319033b2da3e6b80 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-10-10session: add support for application namespacingFlorin Coras1-226/+633
Applications are now provided the option to select the namespace they are to be attached to and the scope of their attachement. Application namespaces are meant to: 1) constrain the scope of communication through the network by association with source interfaces and/or fib tables that provide the source ips to be used and limit the scope of routing 2) provide a namespace local scope to session layer communication, as opposed to the global scope provided by 1). That is, sessions can be established without assistance from transport and network layers. Albeit, zero/local-host ip addresses must still be provided in session establishment messages due to existing application idiosyncrasies. This mode of communication uses shared-memory fifos (cut-through sessions) exclusively. If applications request no namespace, they are assigned to the default one, which at its turn uses the default fib. Applications can request access to both local and global scopes for a namespace. If no scope is specified, session layer defaults to the global one. When a sw_if_index is provided for a namespace, zero-ip (INADDR_ANY) binds are converted to binds to the requested interface. Change-Id: Ia0f660bbf7eec7f89673f75b4821fc7c3d58e3d1 Signed-off-by: Florin Coras <fcoras@cisco.com>
2017-09-18Fixes for issues Coverity has reported (VPP-972)Chris Luke1-4/+4
177117: fstat() returns -1 on error; the code is checking for any positive value instead 175142: final return could never be reached; simple refactoring 175235,175236: Warning suppressed with an explicit cast to (void) 174817: Final return couldn't be reached; is is_in_order is 0 then 'rv' is already returned above 172095,172093: If is_is_set does not get set to 1, then return 0 has already been invoked 174405: Re-kill this (nothing sets rv) 171136: Looks like a cmd line flag to set test_bytes was missing; added it, and refactored the argc/argv processing to avoid two other potential segv's 176813: Add range checking for term width/height. First stab at a reasonable range is 1-512 for both. 175350: Fix implicit casting in shift operation 174272: Not a c+p error; try using a coverity annotation to ignore it 174273,175320: Annotated FORWARD_NULL Change-Id: I58d0f860fc2209f59f8d1b6b344d631b8d429ace Signed-off-by: Chris Luke <chrisy@flirble.org>