session: rules tables
This introduces 5-tuple lookup tables that may be used to implement
custom session layer actions at connection establishment time (session
layer perspective).
The rules table build mask-match-action lookup trees that for a given
5-tuple key return the action for the first longest match. If rules
overlap, ordering is established by tuple longest match with the
following descending priority: remote ip, local ip, remote port, local
port.
At this time, the only match action supported is to forward packets to
the application identified by the action.
Change-Id: Icbade6fac720fa3979820d50cd7d6137f8b635c3
Signed-off-by: Florin Coras <fcoras@cisco.com>
diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h
index 449f8f4..46af302 100644
--- a/src/vnet/session/session_lookup.h
+++ b/src/vnet/session/session_lookup.h
@@ -85,6 +85,32 @@
void session_lookup_show_table_entries (vlib_main_t * vm,
session_table_t * table, u8 type,
u8 is_local);
+
+enum _session_rule_scope
+{
+ SESSION_RULE_SCOPE_GLOBAL = 1,
+ SESSION_RULE_SCOPE_LOCAL = 2,
+} session_rule_scope_e;
+
+typedef struct _session_rule_add_del_args
+{
+ /**
+ * Actual arguments to adding the rule to a session rules table
+ */
+ session_rule_table_add_del_args_t table_args;
+ /**
+ * Application namespace where rule should be applied. If 0,
+ * default namespace is used.
+ */
+ u32 appns_index;
+ /**
+ * Rule scope flag.
+ */
+ u8 scope;
+} session_rule_add_del_args_t;
+
+clib_error_t *vnet_session_rule_add_del (session_rule_add_del_args_t * args);
+
void session_lookup_init (void);
#endif /* SRC_VNET_SESSION_SESSION_LOOKUP_H_ */