From 1c7104514cd40d2377caca36cf40c13b791bc5aa Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Tue, 17 Oct 2017 00:03:13 -0700 Subject: session: rules tables This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras --- src/vnet/ip/ip.c | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) (limited to 'src/vnet/ip/ip.c') diff --git a/src/vnet/ip/ip.c b/src/vnet/ip/ip.c index bd9706b846d..e6d99347dc0 100644 --- a/src/vnet/ip/ip.c +++ b/src/vnet/ip/ip.c @@ -148,6 +148,114 @@ ip_interface_get_first_ip (u32 sw_if_index, u8 is_ip4) return 0; } +void +ip4_address_normalize (ip4_address_t * ip4, u8 preflen) +{ + ASSERT (preflen <= 32); + if (preflen == 0) + ip4->data_u32 = 0; + else + ip4->data_u32 &= clib_net_to_host_u32 (0xffffffff << (32 - preflen)); +} + +void +ip6_address_normalize (ip6_address_t * ip6, u8 preflen) +{ + ASSERT (preflen <= 128); + if (preflen == 0) + { + ip6->as_u64[0] = 0; + ip6->as_u64[1] = 0; + } + else if (preflen <= 64) + { + ip6->as_u64[0] &= + clib_host_to_net_u64 (0xffffffffffffffffL << (64 - preflen)); + ip6->as_u64[1] = 0; + } + else + ip6->as_u64[1] &= + clib_host_to_net_u64 (0xffffffffffffffffL << (128 - preflen)); +} + +void +ip4_preflen_to_mask (u8 pref_len, ip4_address_t * ip) +{ + if (pref_len == 0) + ip->as_u32 = 0; + else + ip->as_u32 = clib_host_to_net_u32 (~((1 << (32 - pref_len)) - 1)); +} + +u32 +ip4_mask_to_preflen (ip4_address_t * mask) +{ + return (32 - log2_first_set (clib_net_to_host_u32 (mask->as_u32))); +} + +void +ip4_prefix_max_address_host_order (ip4_address_t * ip, u8 plen, + ip4_address_t * res) +{ + u32 not_mask; + not_mask = (1 << (32 - plen)) - 1; + res->as_u32 = clib_net_to_host_u32 (ip->as_u32) + not_mask; +} + +void +ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask) +{ + if (pref_len == 0) + { + mask->as_u64[0] = 0; + mask->as_u64[1] = 0; + } + else if (pref_len <= 64) + { + mask->as_u64[0] = + clib_host_to_net_u64 (0xffffffffffffffffL << (64 - pref_len)); + mask->as_u64[1] = 0; + } + else + { + mask->as_u64[1] = + clib_host_to_net_u64 (0xffffffffffffffffL << (128 - pref_len)); + } +} + +void +ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen, + ip6_address_t * res) +{ + u64 not_mask; + if (plen <= 64) + { + not_mask = (1 << (64 - plen)) - 1; + res->as_u64[0] = clib_net_to_host_u64 (ip->as_u64[0]) + not_mask; + res->as_u64[1] = 0xffffffffffffffffL; + } + else + { + not_mask = (1 << (128 - plen)) - 1; + res->as_u64[1] = clib_net_to_host_u64 (ip->as_u64[1]) + not_mask; + } +} + +u32 +ip6_mask_to_preflen (ip6_address_t * mask) +{ + u8 first1, first0; + if (mask->as_u64[0] == 0 && mask->as_u64[1] == 0) + return 128; + first1 = log2_first_set (mask->as_u64[1]); + first0 = log2_first_set (mask->as_u64[0]); + + if (first1 != 0) + return 128 - first1; + else + return 64 - first0; +} + /* * fd.io coding-style-patch-verification: ON * -- cgit 1.2.3-korg