summaryrefslogtreecommitdiffstats
path: root/src/vnet/session
AgeCommit message (Collapse)AuthorFilesLines
2024-09-06session: add Source Deny ListSteven Luong16-263/+1885
With this feature, session enable is now modified to have 3 modes of operation session enable -- only enable session session enable rt-backend sdl -- enable session with sdl session enable rt-backend rule-table -- enable session with rule-table session rule tables are now created on demand, upon adding first rule to the rule table. refactor session table to remove depenency from sesssion rules table. Now session rules table APIs take srtg_handle and transport proto instead of srt pointer. Type: feature Change-Id: Idde6a9b2f46b29bb931f9039636562575572aa14 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-08-13session: problem in session_rules_details APISteven Luong1-0/+4
Backend needs to return protocol to indicate if the prefix is ip4 or ip6. Type: fix Change-Id: If827c2e8b2a58051298968fa4d69de71ce9c4fcc Signed-off-by: Steven Luong <sluong@cisco.com>
2024-08-06session: memory leak in show session rulesSteven Luong1-6/+9
Need to vec_free ns_id whenever we return in the function show_session_rules_command_fn in case memory was allocated to it. Type: fix Change-Id: Ifc38d3eb2756a8a128467dd40ad40fe3f0be8fc0 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-08-06session: session_lookup_local_endpoint returns the wrong valueSteven Luong1-1/+1
SESSION_INVALID_INDEX is u32. The function is supposed to return u64. The caller of the function tests the return value to see if it is SESSION_INVALID_HANDLE in ct_session_connect. If it is not, it thinks it is a valid handle and calls listen_session_get_from_handle which causes a crash. Type: fix Change-Id: I4ede6b2dfb95259f3a6071cfa3a77ce0d9cd9edd Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-24session: delete and add application namespace do not create the global ↵Steven Luong4-65/+56
session table When an application namespace is added, we call session_table_is_alloced to see if we need to allocate a new session table. That check returns true even if we removed the session table. The fix is when we delete an application's global session table, we need to invalidate fib_index_to_table_index. Fixed test_vcl test script to run two tests back to back. The 1st test deletes the application namespace at the end. The 2nd test adds the application namespace in the beginning. Type: fix Fixes: 67bae20b05cb46e5f6d19afeaf1f7a52a5309d59 Change-Id: I67f5cc1b726a07659597a9479df011717db08d0a Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-19session: show session rules does not display ip6 entriesSteven Luong1-6/+33
1. Adding an ip6 rule entry session rule add proto tcp ee80::/10 0 ee80::/10 0 action 2 2. show session rules does not display the entry. show session rules tcp 3. However, show session rules for a specific entry shows the entry show session rules tcp ee80::/10 0 ee80::/10 0 Type: fix Change-Id: I65c881665d3698a2a9452a186ed657eee0bf13e0 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-17session: memory leak on rule tagSteven Luong1-0/+1
Type: fix Change-Id: If07a6a420d467e6305f166ed250f84befe9f983d Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-16session: memory leaks on rule tag hash tablesSteven Luong1-0/+3
Type: fix Change-Id: Id8542ad74389eca4cc7903cd455f556743a5e0cf Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-15session: crash in session_rule_add_del if session is not enableSteven Luong1-0/+7
Invoking the API session_rule_add_del to add a rule causes VPP to crash if session is not enable. Type: fix Change-Id: If8de83f1064bc60d20461e87889b7c3393ad2af1 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-15session: application namespace may reference a deleted vrf tableSteven Luong1-5/+68
lock the vrf table when adding an application namespace and unlock the vrf table when deleting an application namespace. Free the session table when no more application namespace uses it anymore to avoid memory leaks. Type: fix Change-Id: I10422c9a3b549bd4403962c925e29dd61a058eb0 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-10session: deleting an application namespace cleaning up the wrong applicationSteven Luong1-1/+1
We call application_namespace_cleanup to remove the application which has a reference to the application namespace when deleting an application namespace. When we find the matching application namespace, we queue the ns_index instead of app_index to look for the application. This may lead to a crash. Type: fix Change-Id: I89c7f8d1681b4c7c1bcb16641217230a26dbe582 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-07-08session: add api to program rx io evtsFlorin Coras2-0/+17
Type: improvement Change-Id: I5a4a33604ecb8a29ef6932cc5826835d3bec7f23 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-07-08session: improve enable and disable handlingFlorin Coras3-14/+23
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3c79d16f6a19767d990e8a4683c296219b559ccd
2024-07-08session: handle multiple attempts to mark mq congestedFlorin Coras1-2/+5
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Iadc6ec58f5fc7fbff62e4fd31d509557b60395cb
2024-07-02session: session disable crash if not enableSteven Luong1-1/+2
If session is not enable, type in the CLI session disable cause VPP to crash. Type: fix Change-Id: Ib55b7430b7ce521a40025d58fa18b765f5129fd5 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-06-28session: memory leaks on various transports when session disable and enableSteven Luong1-3/+11
When toggling session disable and enable, memory leaks found on various transports. Don't create the timer wheels on enable when they are already creaded. Don't create the spin locks when they are already created. Add session enable disable test in session unit test. Type: fix Change-Id: I08988a96bbf2d67a67c743b50b63f5b1e27402a3 Signed-off-by: Steven Luong <sluong@cisco.com>
2024-06-25session: memory leak in mma rule tableSteven Luong1-0/+3
When the rule table is allocated, the root node is allocated. But it cannot be deleted by the add_del API, or the table is useless. When the table is free, the root node is not free and there is memory leak. Let's add pool_flush when the rule table is free. Type: fix Change-Id: I58c3e040cd101c7db501d99a373ad78d85321b8f Signed-off-by: Steven Luong <sluong@cisco.com>
2024-06-12session: fix ho cleanup on forced resetFlorin Coras1-1/+2
Avoid double free if app forces reset while half-open is cleaning up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I2311fb763076aa8a263c193f5967793402eedb6a
2024-06-12session: fix ho cleanup on active and passive closeFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I9e7011ff45f14e17fc0d0d63800184f404c29093
2024-05-21session: remove ipv6 lookup threading assertBrian Morris1-1/+0
This makes session_lookup_connection_wt6 consistent with session_lookup_connection_wt4 - they both just return an error for wrong thread. Type: fix Change-Id: Ide38976e9a7274b53311e65711098e6b22a3f8d5 Signed-off-by: Brian Morris <bmorris2@cisco.com>
2024-04-24misc: fix int/enum mismatch errors reported by gcc-14Damjan Marion2-3/+3
Type: fix Change-Id: I80e90cab8e2e9fef837779e36e0256baf791b801 Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-04-17session: force session cleanups on app detachFlorin Coras1-6/+23
Force transport and session cleanup on session detach if transport is already closing. This should also avoid races between transport initiated session cleanups and pending session control events. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I83a947a0c01f5af8ac70aa31fee660276f1d1c60
2024-04-10session: add api to detach session from appFlorin Coras3-4/+17
Type: improvement Change-Id: Ib824d0ca9efc7d8967e043db69017655b2dcf6b5 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-05session: fix cleanup for refused sessionsFlorin Coras1-6/+7
Type: fix Change-Id: I739b7129c7e5a3fccefcdeeaf7f4a298223dd8eb Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-04-02session: fix closing ntfs handling for refused sessionsFlorin Coras1-0/+6
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1464e93cd3020eaa26068df558924e39dd255ccb
2024-03-29session: fix api coverity warningsFlorin Coras1-2/+4
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ieb4e9d9e39b937ad4c7316b3955b3ca296f0a191
2024-03-29session: add new api for enq tx io eventsFlorin Coras2-2/+10
Type: improvement Change-Id: Iefe5c2e610a26241a88ca783ac548fd8f2317bb0 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-29session: use custom types for session flags and stateFlorin Coras1-16/+16
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I04f836d09a1cbd5a5b55dc64359d2d761dfc4988
2024-03-29session: improve use of session handlesFlorin Coras5-71/+70
First step towards moving to an 8 byte struct instead of u64. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Idd0b95520ab7158e175b9af1702fc09c0613a4bb
2024-03-21session: fix workers race to allocate lookup tableFlorin Coras1-24/+39
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I60600452c91184da571d4630bf2f0d9c24a3e85e
2024-03-12misc: remove GNU Indent directivesDamjan Marion18-116/+0
Type: refactor Change-Id: I5235bf3e9aff58af6ba2c14e8c6529c4fc9ec86c Signed-off-by: Damjan Marion <damarion@cisco.com>
2024-03-10session: use no for ports in transport port allocatorFlorin Coras1-8/+14
Type: improvement Change-Id: Ia1d8aaa3c51938cfa15dd09102471f52ebe67a3d Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-09session: fix port alloc for fixed lcl port reuseFlorin Coras1-2/+3
Type: fix Change-Id: If30d1aa8aa752ae4bddde776832a3009ebc7e316 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-03-01session: add api cb for listen and unlistenFlorin Coras4-17/+24
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I28ccebf4d2f0728dd174ab3ee77a0d7ad4b90951
2024-02-27session: fix transport closed and disconnect raceFlorin Coras1-4/+7
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ie7ff4bac22e9dbb449610072b52d1ec4e46fe757
2024-02-15session: postpone ct cleanup if rx evt pendingFlorin Coras1-3/+4
Type: fix Change-Id: I8cfaa62abd38d5356263b0ffd428638d1a027617 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-02-02session: guard session lookup table allocsFlorin Coras2-0/+37
Session lookup tables could be allocated from workers, e.g., connects are done from first worker. Make sure consumers are not affected by stopping workers. Type: fix Change-Id: I63b53c58b41ce91b08f50a2325c69c9f9fd25ed3 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-22session: flag instead of state for filtering ntfFlorin Coras1-2/+2
Avoid situations when notifications are delayed for long enough for transports to start closing/cleaning up. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Id35b0099adb5242108154a5e19d5ee15e6ca0058
2024-01-15session: avoid spurious disconnect and reset ntfsFlorin Coras1-2/+4
Type: fix Change-Id: Icdc9d1c8b7b29827ce17920dae64a365bb8a4e40 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-12session: fix app wrk free leakFlorin Coras1-1/+1
Type: fix Change-Id: I9c48b163f174b824df1a76e75c272dc985386bf2 Signed-off-by: Florin Coras <fcoras@cisco.com>
2024-01-09session: make app listener pool globalFlorin Coras6-54/+45
One less pointer chase when accepting sessions. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I20dbb21d15d4a703f76e3b12f04a6f5b5d2a3cd8
2024-01-09session: support for cl port reuseFlorin Coras6-24/+147
Adds support for connectionless listener port reuse. Until now, cl listeners had fifos allocated to them and therefore only one app worker could ever listen, i.e., a session cannot have multiple fifos. To circumvent the limitation, this separates the fifos from the listener by allocating new cl sessions for each app worker that reuses the app listener. Flows are hashed to app worker cl sessions but, for now, this is not a consistent/fixed hash. Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ic6533cd47f2765903669f88c288bd592fb17a19e
2024-01-09session: avoid spurious closed notificationsFlorin Coras1-0/+3
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: Ia98556e7ae61547cf153c78ec085cd4248bee74a
2023-12-22session: add flag to track cless sessionsFlorin Coras2-4/+13
Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I0bb6aba26f1cd974d6bb3b5fe6234aacfee0d30c
2023-12-22session: unset fifo evt to enqueue ack evt on tcp timewaitemmanuel1-3/+6
Incase the ack for the fin is lost twice or want to dup ack packets with incorrect ack/seq # at different times and session state is already closed, this fifo event is set for the first ack that went out and prevents queuing of further events. Type: fix Change-Id: I102019fca26918a51e055a751db7209011bd43ad Signed-off-by: emmanuel <emmanuelscaria11@gmail.com>
2023-12-15session: add forced reset api to ct transportFlorin Coras2-1/+14
Type: improvement Change-Id: Iebf9ee8275a92e962679e3d0d22d33ed0bd8b3ab Signed-off-by: Florin Coras <fcoras@cisco.com>
2023-12-02session: no segment handle on worker delFlorin Coras1-2/+2
Coverity report. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I3ce06634b30688d2a9581b50d462092daa8b4cac
2023-11-29session: no reply on app del worker with sapiFlorin Coras1-0/+4
With socket api, applications should not expect reply after worker del msg. VCL in particular closes the socket after it enqueues the message. Found by ASAN. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.com> Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I1be02a0cde6b96a96edb709f3fe30bbc01ff2d24
2023-11-28session: fix asan failureGeorgy Borodin1-2/+5
fix asan failure when params number is less then 3: functions that are set as format_half_open pointer values have different number of arguments Type: fix Fixes: de9a849a18514f0b09bb5f57a73f6a57ee425c76 Change-Id: I6b6e1adf4ffc0c1ec847613f00fe269af640d42b Signed-off-by: Georgy Borodin <bor1-go@yandex-team.ru>
2023-11-22session: per app wrk client ct segment handleFlorin Coras3-19/+22
Make sure ct client segment handles do not collide if multi worker application establishes cut-through sessions to only one server segment manager. Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I905379f9ed73c64d57a826a3e97d53dab3a87517