1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/*
* Copyright (c) 2017-2019 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
#define SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
#include <vnet/vnet.h>
#include <vnet/fib/fib.h>
#include <vnet/session/session_types.h>
#include <vnet/session/transport.h>
#include <vnet/session/mma_16.h>
#include <vnet/session/mma_40.h>
typedef CLIB_PACKED (struct
{
union
{
struct
{
ip4_address_t rmt_ip;
ip4_address_t lcl_ip;
u16 rmt_port;
u16 lcl_port;
};
u64 as_u64[2];
};
}) session_mask_or_match_4_t;
typedef CLIB_PACKED (struct
{
union
{
struct
{
ip6_address_t rmt_ip;
ip6_address_t lcl_ip;
u16 rmt_port;
u16 lcl_port;
};
u64 as_u64[5];
};
}) session_mask_or_match_6_t;
#define SESSION_RULE_TAG_MAX_LEN 64
#define SESSION_RULES_TABLE_INVALID_INDEX MMA_TABLE_INVALID_INDEX
#define SESSION_RULES_TABLE_ACTION_DROP (MMA_TABLE_INVALID_INDEX - 1)
#define SESSION_RULES_TABLE_ACTION_ALLOW (MMA_TABLE_INVALID_INDEX - 2)
typedef struct _session_rules_table_add_del_args
{
fib_prefix_t lcl;
fib_prefix_t rmt;
u16 lcl_port;
u16 rmt_port;
u32 action_index;
u8 *tag;
u8 is_add;
} session_rule_table_add_del_args_t;
typedef struct _rule_tag
{
u8 *tag;
} session_rule_tag_t;
typedef struct _session_rules_table_t
{
/**
* Per fib proto session rules tables
*/
mma_rules_table_16_t session_rules_tables_16;
mma_rules_table_40_t session_rules_tables_40;
/**
* Hash table that maps tags to rules
*/
uword *rules_by_tag;
/**
* Pool of rules tags
*/
session_rule_tag_t *rule_tags;
/**
* Hash table that maps rule indices to tags
*/
uword *tags_by_rules;
} session_rules_table_t;
u32 session_rules_table_lookup4 (session_rules_table_t * srt,
ip4_address_t * lcl_ip,
ip4_address_t * rmt_ip, u16 lcl_port,
u16 rmt_port);
u32 session_rules_table_lookup6 (session_rules_table_t * srt,
ip6_address_t * lcl_ip,
ip6_address_t * rmt_ip, u16 lcl_port,
u16 rmt_port);
void session_rules_table_cli_dump (vlib_main_t * vm,
session_rules_table_t * srt, u8 fib_proto);
void session_rules_table_show_rule (vlib_main_t * vm,
session_rules_table_t * srt,
ip46_address_t * lcl_ip, u16 lcl_port,
ip46_address_t * rmt_ip, u16 rmt_port,
u8 is_ip4);
session_error_t
session_rules_table_add_del (session_rules_table_t *srt,
session_rule_table_add_del_args_t *args);
u8 *session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri,
u8 is_ip4);
void session_rules_table_init (session_rules_table_t * srt);
void session_rules_table_free (session_rules_table_t *srt);
#endif /* SRC_VNET_SESSION_SESSION_RULES_TABLE_H_ */
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/
|