summaryrefslogtreecommitdiffstats
path: root/plugins/acl-plugin/acl/l2sess.h
blob: 285dba9981c847c7a11348cba3b476f9a8dbed70 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
/*
 * Copyright (c) 2016 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#ifndef __included_l2sess_h__
#define __included_l2sess_h__

#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>

#include <vppinfra/hash.h>
#include <vppinfra/error.h>
#include <vppinfra/elog.h>
#include <vppinfra/timing_wheel.h>

#include <vnet/l2/l2_output.h>
#include <vnet/l2/l2_input.h>

#define _(node_name, node_var, is_out, is_ip6, is_track)
#undef _
#define foreach_l2sess_node \
  _("aclp-l2s-input-ip4-add", l2sess_in_ip4_add, 0, 0, 0)  \
  _("aclp-l2s-input-ip6-add", l2sess_in_ip6_add, 0, 1, 0)  \
  _("aclp-l2s-output-ip4-add", l2sess_out_ip4_add, 1, 0, 0) \
  _("aclp-l2s-output-ip6-add", l2sess_out_ip6_add, 1, 1, 0) \
  _("aclp-l2s-input-ip4-track", l2sess_in_ip4_track, 0, 0, 1) \
  _("aclp-l2s-input-ip6-track", l2sess_in_ip6_track, 0, 1, 1) \
  _("aclp-l2s-output-ip4-track",l2sess_out_ip4_track, 1, 0, 1) \
  _("aclp-l2s-output-ip6-track", l2sess_out_ip6_track, 1, 1, 1)

#define _(node_name, node_var, is_out, is_ip6, is_track)  \
  extern vlib_node_registration_t node_var;
foreach_l2sess_node
#undef _

#define TCP_FLAG_FIN    0x01
#define TCP_FLAG_SYN    0x02
#define TCP_FLAG_RST    0x04
#define TCP_FLAG_PUSH   0x08
#define TCP_FLAG_ACK    0x10
#define TCP_FLAG_URG    0x20
#define TCP_FLAG_ECE    0x40
#define TCP_FLAG_CWR    0x80
#define TCP_FLAGS_RSTFINACKSYN (TCP_FLAG_RST + TCP_FLAG_FIN + TCP_FLAG_SYN + TCP_FLAG_ACK)
#define TCP_FLAGS_ACKSYN (TCP_FLAG_SYN + TCP_FLAG_ACK)

typedef struct {
  ip46_address_t addr;
  u64 active_time;
  u64 n_packets;
  u64 n_bytes;
  u16 port;
} l2s_session_side_t;

enum {
  L2S_SESSION_SIDE_IN = 0,
  L2S_SESSION_SIDE_OUT,
  L2S_N_SESSION_SIDES
};

typedef struct {
  u64 create_time;
  l2s_session_side_t side[L2S_N_SESSION_SIDES];
  u8 l4_proto;
  u8 is_ip6;
  u16 tcp_flags_seen; /* u16 because of two sides */
} l2s_session_t;

#define PROD
#ifdef PROD
#define UDP_SESSION_IDLE_TIMEOUT_SEC 600
#define TCP_SESSION_IDLE_TIMEOUT_SEC (3600*24)
#define TCP_SESSION_TRANSIENT_TIMEOUT_SEC 120
#else
#define UDP_SESSION_IDLE_TIMEOUT_SEC 15
#define TCP_SESSION_IDLE_TIMEOUT_SEC 15
#define TCP_SESSION_TRANSIENT_TIMEOUT_SEC 5
#endif

typedef struct {
    /*
     * the next two fields are present for all nodes, but
     *  only one of them is used per node - depending
     * on whether the node is an input or output one.
     */
#define _(node_name, node_var, is_out, is_ip6, is_track) \
    u32 node_var ## _feat_next_node_index[32];
foreach_l2sess_node
#undef _
    l2_output_next_nodes_st output_next_nodes;

    /* Next indices of the tracker nodes */
    u32 next_slot_track_node_by_is_ip6_is_out[2][2];

    /* 
     * Pairing of "forward" and "reverse" tables by table index.
     * Each relationship has two entries - for one and the other table,
     * so it is bidirectional.
     */
     
    u32 *fwd_to_rev_by_table_index;

    /*
     * The vector of per-interface session pools
     */

    l2s_session_t *sessions;

    /* The session timeouts */
    u64 tcp_session_transient_timeout;
    u64 tcp_session_idle_timeout;
    u64 udp_session_idle_timeout;

    /* Timing wheel to time out the idle sessions */
    timing_wheel_t timing_wheel;
    u32 *data_from_advancing_timing_wheel;
    u64 timer_wheel_next_expiring_time;
    u64 timer_wheel_tick;

    /* convenience */
    vlib_main_t * vlib_main;
    vnet_main_t * vnet_main;
    ethernet_main_t * ethernet_main;

    /* Counter(s) */
    u64 counter_attempted_delete_free_session;
} l2sess_main_t;

l2sess_main_t l2sess_main;

/* Just exposed for acl.c */

void
l2sess_vlib_plugin_register (vlib_main_t * vm, void * hh,
                      int from_early_init);


#endif /* __included_l2sess_h__ */