From 1c7104514cd40d2377caca36cf40c13b791bc5aa Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Tue, 17 Oct 2017 00:03:13 -0700 Subject: session: rules tables This introduces 5-tuple lookup tables that may be used to implement custom session layer actions at connection establishment time (session layer perspective). The rules table build mask-match-action lookup trees that for a given 5-tuple key return the action for the first longest match. If rules overlap, ordering is established by tuple longest match with the following descending priority: remote ip, local ip, remote port, local port. At this time, the only match action supported is to forward packets to the application identified by the action. Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3 Signed-off-by: Florin Coras --- src/vnet/session/mma_template.h | 91 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 src/vnet/session/mma_template.h (limited to 'src/vnet/session/mma_template.h') diff --git a/src/vnet/session/mma_template.h b/src/vnet/session/mma_template.h new file mode 100644 index 00000000000..8b6fd75e69c --- /dev/null +++ b/src/vnet/session/mma_template.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +#ifndef SRC_VNET_SESSION_MMA_TEMPLATE_H_ +#define SRC_VNET_SESSION_MMA_TEMPLATE_H_ + +#include + +#ifndef MMA_RT_TYPE +#error MMA_RT_TYPE not defined +#endif + +#define _rt(a,b) a##_##b +#define __rt(a, b) _rt(a,b) +#define RT(a) __rt(a, MMA_RT_TYPE) + +#define _rtt(a,b) a##_##b##_t +#define __rtt(a, b) _rtt(a,b) +#define RTT(a) __rtt(a, MMA_RT_TYPE) + +#define SESSION_RULES_TABLE_INVALID_INDEX ((u32)~0) + +typedef struct +{ + u64 as_u64[MMA_RT_TYPE / 8]; +} RTT (mma_mask_or_match); + +typedef struct +{ + u32 action_index; + u32 *next_indices; + /* *INDENT-OFF* */ + RTT (mma_mask_or_match) mask; + RTT (mma_mask_or_match) match; + RTT (mma_mask_or_match) max_match; + /* *INDENT-ON* */ +} RTT (mma_rule); + +typedef int (*RTT (rule_cmp_fn)) (RTT (mma_rule) * rule1, + RTT (mma_rule) * rule2); +typedef struct +{ + /** Root for rules tree */ + u32 root_index; + + /** Rules pool */ + RTT (mma_rule) * rules; + + RTT (rule_cmp_fn) rule_cmp_fn; +} RTT (mma_rules_table); + +u32 +RT (mma_table_lookup) (RTT (mma_rules_table) * srt, + RTT (mma_mask_or_match) * key, u32 rule_index); +u32 +RT (mma_table_lookup_rule) (RTT (mma_rules_table) * srt, + RTT (mma_mask_or_match) * key, u32 rule_index); +int +RT (mma_table_add_rule) (RTT (mma_rules_table) * srt, RTT (mma_rule) * rule); +int +RT (mma_table_del_rule) (RTT (mma_rules_table) * srt, + RTT (mma_rule) * rule, u32 rule_index); +RTT (mma_rule) * +RT (mma_rules_table_rule_alloc) (RTT (mma_rules_table) * srt); +RTT (mma_rule) * +RT (session_rule_free) (RTT (mma_rules_table) * srt, RTT (mma_rule) * rule); +RTT (mma_rule) * +RT (mma_table_get_rule) (RTT (mma_rules_table) * srt, u32 srt_index); +u32 +RT (mma_table_rule_index) (RTT (mma_rules_table) * srt, RTT (mma_rule) * sr); +#endif /* SRC_VNET_SESSION_MMA_TEMPLATE_H_ */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ -- cgit 1.2.3-korg