session: use listener logic for proxy rules
This moves session proxy logic from session rules tables to table/logic
used to manage session listeners in order to avoid overlap of
semantically different rules.
Change-Id: I463522cce91b92d942f6a2086fb14c3366b9f023
Signed-off-by: Florin Coras <fcoras@cisco.com>
diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index 9cb4cb7..e7e5808 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -535,8 +535,6 @@
application_start_stop_proxy_fib_proto (application_t * app, u8 fib_proto,
u8 transport_proto, u8 is_start)
{
- session_rule_add_del_args_t args;
- fib_prefix_t lcl_pref, rmt_pref;
app_namespace_t *app_ns = app_namespace_get (app->ns_index);
u8 is_ip4 = (fib_proto == FIB_PROTOCOL_IP4);
session_endpoint_t sep = SESSION_ENDPOINT_NULL;
@@ -561,25 +559,13 @@
if (!ip_is_zero (&tc->lcl_ip, 1))
{
- memset (&args, 0, sizeof (args));
- memset (&lcl_pref, 0, sizeof (lcl_pref));
- ip_copy (&lcl_pref.fp_addr, &tc->lcl_ip, is_ip4);
- lcl_pref.fp_len = is_ip4 ? 32 : 128;
- lcl_pref.fp_proto = fib_proto;
- memset (&rmt_pref, 0, sizeof (rmt_pref));
- rmt_pref.fp_len = 0;
- rmt_pref.fp_proto = fib_proto;
-
- args.table_args.lcl = lcl_pref;
- args.table_args.rmt = rmt_pref;
- args.table_args.lcl_port = 0;
- args.table_args.rmt_port = 0;
- args.table_args.action_index = app->index;
- args.table_args.is_add = is_start;
- args.transport_proto = transport_proto;
- args.appns_index = app->ns_index;
- args.scope = SESSION_RULE_SCOPE_GLOBAL;
- return vnet_session_rule_add_del (&args);
+ u32 sti;
+ sep.is_ip4 = is_ip4;
+ sep.fib_index = app_namespace_get_fib_index (app_ns, fib_proto);
+ sep.transport_proto = transport_proto;
+ sep.port = 0;
+ sti = session_lookup_get_index_for_fib (fib_proto, sep.fib_index);
+ session_lookup_add_session_endpoint (sti, &sep, s->session_index);
}
return 0;
}
@@ -588,25 +574,20 @@
application_start_stop_proxy (application_t * app, u8 transport_proto,
u8 is_start)
{
- session_rule_add_del_args_t args;
-
if (application_has_local_scope (app))
{
- memset (&args, 0, sizeof (args));
- args.table_args.lcl.fp_proto = FIB_PROTOCOL_IP4;
- args.table_args.rmt.fp_proto = FIB_PROTOCOL_IP4;
- args.table_args.lcl_port = 0;
- args.table_args.rmt_port = 0;
- args.table_args.action_index = app->index;
- args.table_args.is_add = is_start;
- args.transport_proto = transport_proto;
- args.appns_index = app->ns_index;
- args.scope = SESSION_RULE_SCOPE_LOCAL;
- vnet_session_rule_add_del (&args);
+ session_endpoint_t sep = SESSION_ENDPOINT_NULL;
+ app_namespace_t *app_ns;
+ app_ns = app_namespace_get (app->ns_index);
+ sep.is_ip4 = 1;
+ sep.transport_proto = transport_proto;
+ sep.port = 0;
+ session_lookup_add_session_endpoint (app_ns->local_table_index, &sep,
+ app->index);
- args.table_args.lcl.fp_proto = FIB_PROTOCOL_IP6;
- args.table_args.rmt.fp_proto = FIB_PROTOCOL_IP6;
- vnet_session_rule_add_del (&args);
+ sep.is_ip4 = 0;
+ session_lookup_add_session_endpoint (app_ns->local_table_index, &sep,
+ app->index);
}
if (application_has_global_scope (app))
diff --git a/src/vnet/session/session_cli.c b/src/vnet/session/session_cli.c
index 95fc48d..48c431c 100755
--- a/src/vnet/session/session_cli.c
+++ b/src/vnet/session/session_cli.c
@@ -200,10 +200,10 @@
vlib_cli_command_t * cmd)
{
session_manager_main_t *smm = &session_manager_main;
+ u8 *str = 0, one_session = 0, do_listeners = 0, sst, *app_name;
int verbose = 0, i;
- stream_session_t *pool;
- stream_session_t *s;
- u8 *str = 0, one_session = 0;
+ stream_session_t *pool, *s;
+ u32 transport_proto = ~0;
if (!smm->is_enabled)
{
@@ -216,6 +216,9 @@
;
else if (unformat (input, "verbose"))
verbose = 1;
+ else if (unformat (input, "listeners %U", unformat_transport_proto,
+ &transport_proto))
+ do_listeners = 1;
else if (unformat (input, "%U", unformat_stream_session, &s))
{
one_session = 1;
@@ -231,6 +234,27 @@
return 0;
}
+ if (do_listeners)
+ {
+ sst = session_type_from_proto_and_ip (transport_proto, 1);
+ vlib_cli_output (vm, "There are %d active %U listeners",
+ pool_elts (smm->listen_sessions[sst]),
+ format_transport_proto, transport_proto);
+ if (verbose)
+ {
+ vlib_cli_output (vm, "%-40s%-24s%-10s", "Listener", "App", "S-idx");
+ /* *INDENT-OFF* */
+ pool_foreach (s, smm->listen_sessions[sst], ({
+ app_name = application_name_from_index (s->app_index);
+ vlib_cli_output (vm, "%U%-25v%-10u", format_stream_session, s, 1,
+ app_name, s->session_index);
+ vec_free (app_name);
+ }));
+ /* *INDENT-ON* */
+ }
+ return 0;
+ }
+
for (i = 0; i < vec_len (smm->sessions); i++)
{
u32 once_per_pool;
diff --git a/src/vnet/session/session_lookup.c b/src/vnet/session/session_lookup.c
index f4b26f6..30e3913 100644
--- a/src/vnet/session/session_lookup.c
+++ b/src/vnet/session/session_lookup.c
@@ -113,6 +113,20 @@
}
always_inline void
+make_v4_proxy_kv (session_kv4_t * kv, ip4_address_t * lcl, u8 proto)
+{
+ v4_connection_key_t *key = (v4_connection_key_t *) kv->key;
+
+ key->src.as_u32 = lcl->as_u32;
+ key->dst.as_u32 = 0;
+ key->src_port = 0;
+ key->dst_port = 0;
+ key->proto = proto;
+
+ kv->value = ~0ULL;
+}
+
+always_inline void
make_v4_ss_kv_from_tc (session_kv4_t * kv, transport_connection_t * t)
{
make_v4_ss_kv (kv, &t->lcl_ip.ip4, &t->rmt_ip.ip4, t->lcl_port, t->rmt_port,
@@ -156,6 +170,23 @@
}
always_inline void
+make_v6_proxy_kv (session_kv6_t * kv, ip6_address_t * lcl, u8 proto)
+{
+ v6_connection_key_t *key = (v6_connection_key_t *) kv->key;
+
+ key->src.as_u64[0] = lcl->as_u64[0];
+ key->src.as_u64[1] = lcl->as_u64[1];
+ key->dst.as_u64[0] = 0;
+ key->dst.as_u64[1] = 0;
+ key->src_port = 0;
+ key->dst_port = 0;
+ key->proto = proto;
+ key->unused = 0;
+
+ kv->value = ~0ULL;
+}
+
+always_inline void
make_v6_ss_kv_from_tc (session_kv6_t * kv, transport_connection_t * t)
{
make_v6_ss_kv (kv, &t->lcl_ip.ip6, &t->rmt_ip.ip6, t->lcl_port, t->rmt_port,
@@ -536,6 +567,14 @@
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return (u32) kv4.value;
+
+ /*
+ * Zero out the port and check if we have proxy
+ */
+ kv4.key[1] = 0;
+ rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
+ if (rv == 0)
+ return (u32) kv4.value;
}
else
{
@@ -564,6 +603,14 @@
rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
if (rv == 0)
return (u32) kv6.value;
+
+ /*
+ * Zero out the port. Same logic as above.
+ */
+ kv6.key[4] = kv6.key[5] = 0;
+ rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
+ if (rv == 0)
+ return (u32) kv6.value;
}
return APP_INVALID_INDEX;
}
@@ -575,17 +622,30 @@
session_kv4_t kv4;
int rv;
+ /*
+ * First, try a fully formed listener
+ */
make_v4_listener_kv (&kv4, lcl, lcl_port, proto);
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return session_manager_get_listener (proto, (u32) kv4.value);
- /* Zero out the lcl ip */
+ /*
+ * Zero out the lcl ip and check if any 0/0 port binds have been done
+ */
kv4.key[0] = 0;
rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
if (rv == 0)
return session_manager_get_listener (proto, (u32) kv4.value);
+ /*
+ * Zero out port and check if we have a proxy set up for our ip
+ */
+ make_v4_proxy_kv (&kv4, lcl, proto);
+ rv = clib_bihash_search_inline_16_8 (&st->v4_session_hash, &kv4);
+ if (rv == 0)
+ return session_manager_get_listener (proto, (u32) kv4.value);
+
return 0;
}
@@ -618,6 +678,10 @@
if (rv == 0)
return session_manager_get_listener (proto, (u32) kv6.value);
+ make_v6_proxy_kv (&kv6, lcl, proto);
+ rv = clib_bihash_search_inline_48_8 (&st->v6_session_hash, &kv6);
+ if (rv == 0)
+ return session_manager_get_listener (proto, (u32) kv6.value);
return 0;
}
diff --git a/src/vnet/session/session_lookup.h b/src/vnet/session/session_lookup.h
index 3bc7031..00ef19f 100644
--- a/src/vnet/session/session_lookup.h
+++ b/src/vnet/session/session_lookup.h
@@ -60,7 +60,8 @@
int session_lookup_add_connection (transport_connection_t * tc, u64 value);
int session_lookup_del_connection (transport_connection_t * tc);
u64 session_lookup_endpoint_listener (u32 table_index,
- session_endpoint_t * sep, u8 use_rules);
+ session_endpoint_t * sepi,
+ u8 use_rules);
u32 session_lookup_local_endpoint (u32 table_index, session_endpoint_t * sep);
stream_session_t *session_lookup_global_session_endpoint (session_endpoint_t
*);
diff --git a/src/vnet/session/session_test.c b/src/vnet/session/session_test.c
index d592487..8194a31 100644
--- a/src/vnet/session/session_test.c
+++ b/src/vnet/session/session_test.c
@@ -1112,6 +1112,9 @@
session_test_proxy (vlib_main_t * vm, unformat_input_t * input)
{
u64 options[SESSION_OPTIONS_N_OPTIONS];
+ char *show_listeners = "sh session listeners tcp verbose";
+ char *show_local_listeners = "sh app ns table default";
+ unformat_input_t tmp_input;
u32 server_index, app_index;
u32 dummy_server_api_index = ~0, sw_if_index = 0;
clib_error_t *error = 0;
@@ -1189,8 +1192,14 @@
server_index = attach_args.app_index;
if (verbose)
- session_lookup_dump_rules_table (0, FIB_PROTOCOL_IP4,
- TRANSPORT_PROTO_TCP);
+ {
+ unformat_init_string (&tmp_input, show_listeners,
+ strlen (show_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ unformat_init_string (&tmp_input, show_local_listeners,
+ strlen (show_local_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ }
tc = session_lookup_connection_wt4 (0, &lcl_ip, &rmt_ip, lcl_port, rmt_port,
TRANSPORT_PROTO_TCP, 0);
@@ -1206,10 +1215,6 @@
SESSION_TEST ((tc == 0), "lookup 5.6.7.8 1234 5.6.7.8 4321 should"
" not work");
- if (verbose)
- session_lookup_dump_local_rules_table (app_ns->local_table_index,
- FIB_PROTOCOL_IP4,
- TRANSPORT_PROTO_TCP);
app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
SESSION_TEST ((app_index == server_index), "local session endpoint lookup"
" should work");
@@ -1220,14 +1225,19 @@
vnet_application_detach (&detach_args);
if (verbose)
- session_lookup_dump_local_rules_table (app_ns->local_table_index,
- FIB_PROTOCOL_IP4,
- TRANSPORT_PROTO_TCP);
+ {
+ unformat_init_string (&tmp_input, show_listeners,
+ strlen (show_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ unformat_init_string (&tmp_input, show_local_listeners,
+ strlen (show_local_listeners));
+ vlib_cli_input (vm, &tmp_input, 0, 0);
+ }
app_index = session_lookup_local_endpoint (app_ns->local_table_index, &sep);
SESSION_TEST ((app_index == SESSION_RULES_TABLE_INVALID_INDEX),
"local session endpoint lookup should not work after detach");
-
+ unformat_free (&tmp_input);
return 0;
}