blob: 5108c00d7281b0fa2cb1fa8aa5b68e22a777c2a6 [file] [log] [blame]
Florin Coras1c710452017-10-17 00:03:13 -07001/*
Florin Coras288eaab2019-02-03 15:26:14 -08002 * Copyright (c) 2017-2019 Cisco and/or its affiliates.
Florin Coras1c710452017-10-17 00:03:13 -07003 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14*/
15
16#include <vnet/session/mma_16.h>
17#include <vnet/session/mma_template.c>
18#include <vnet/session/mma_40.h>
19#include <vnet/session/mma_template.c>
20#include <vnet/session/session_rules_table.h>
21#include <vnet/session/transport.h>
22
Florin Corasc97a7392017-11-05 23:07:07 -080023u32
24session_rule_tag_key_index (u32 ri, u8 is_ip4)
25{
26 return ((ri << 1) | is_ip4);
27}
28
29void
30session_rule_tag_key_index_parse (u32 rti_key, u32 * ri, u8 * is_ip4)
31{
32 *is_ip4 = rti_key & 1;
33 *ri = rti_key >> 1;
34}
35
36u8 *
37session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri, u8 is_ip4)
38{
39 uword *tip;
40 session_rule_tag_t *rt;
41
42 tip =
43 hash_get (srt->tags_by_rules, session_rule_tag_key_index (ri, is_ip4));
44 if (tip)
45 {
46 rt = pool_elt_at_index (srt->rule_tags, *tip);
47 return rt->tag;
48 }
49 return 0;
50}
51
52void
Florin Coras73e4f792017-11-22 19:22:48 -080053session_rules_table_del_tag (session_rules_table_t * srt, u8 * tag, u8 is_ip4)
Florin Corasc97a7392017-11-05 23:07:07 -080054{
55 uword *rip, *rtip;
56 session_rule_tag_t *rt;
57 u32 rti_key;
58
59 if (tag == 0)
60 return;
Florin Coras73e4f792017-11-22 19:22:48 -080061 rip = hash_get_mem (srt->rules_by_tag, tag);
62 if (!rip)
Florin Corasc97a7392017-11-05 23:07:07 -080063 {
Florin Coras73e4f792017-11-22 19:22:48 -080064 clib_warning ("tag has no rule associated");
65 return;
Florin Corasc97a7392017-11-05 23:07:07 -080066 }
Florin Coras73e4f792017-11-22 19:22:48 -080067 rti_key = session_rule_tag_key_index (*rip, is_ip4);
68 rtip = hash_get (srt->tags_by_rules, rti_key);
69 if (!rtip)
Florin Corasc97a7392017-11-05 23:07:07 -080070 {
Florin Coras73e4f792017-11-22 19:22:48 -080071 clib_warning ("rule has no tag associated");
72 return;
Florin Corasc97a7392017-11-05 23:07:07 -080073 }
Florin Coras73e4f792017-11-22 19:22:48 -080074 rt = pool_elt_at_index (srt->rule_tags, *rtip);
75 ASSERT (rt);
76 hash_unset_mem (srt->rules_by_tag, tag);
77 hash_unset (srt->tags_by_rules, rti_key);
78 pool_put (srt->rule_tags, rt);
79}
80
81void
82session_rules_table_add_tag (session_rules_table_t * srt, u8 * tag,
83 u32 rule_index, u8 is_ip4)
84{
85 uword *rip;
86 session_rule_tag_t *rt;
87 u32 rti_key;
88
89 if (tag == 0)
90 return;
91 rip = hash_get_mem (srt->rules_by_tag, tag);
92 if (rip)
93 session_rules_table_del_tag (srt, tag, is_ip4);
94 pool_get (srt->rule_tags, rt);
95 rt->tag = vec_dup (tag);
96 hash_set_mem (srt->rules_by_tag, rt->tag, rule_index);
97 rti_key = session_rule_tag_key_index (rule_index, is_ip4);
98 hash_set (srt->tags_by_rules, rti_key, rt - srt->rule_tags);
Florin Corasc97a7392017-11-05 23:07:07 -080099}
100
101u32
102session_rules_table_rule_for_tag (session_rules_table_t * srt, u8 * tag)
103{
104 uword *rp;
105 if (tag == 0)
106 return SESSION_RULES_TABLE_INVALID_INDEX;
107 rp = hash_get_mem (srt->rules_by_tag, tag);
108 return (rp == 0 ? SESSION_RULES_TABLE_INVALID_INDEX : *rp);
109}
110
Florin Coras1c710452017-10-17 00:03:13 -0700111static void
112fib_pref_normalize (fib_prefix_t * pref)
113{
114 if (pref->fp_proto == FIB_PROTOCOL_IP4)
115 ip4_address_normalize (&pref->fp_addr.ip4, pref->fp_len);
116 else
117 ip6_address_normalize (&pref->fp_addr.ip6, pref->fp_len);
118}
119
120u8 *
121format_session_rule4 (u8 * s, va_list * args)
122{
Florin Corasc97a7392017-11-05 23:07:07 -0800123 session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
Florin Coras1c710452017-10-17 00:03:13 -0700124 mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
125 session_mask_or_match_4_t *mask, *match;
Florin Corasc97a7392017-11-05 23:07:07 -0800126 mma_rules_table_16_t *srt4;
127 u8 *tag = 0, *null_tag = format (0, "none");
128 u32 ri;
Florin Coras1c710452017-10-17 00:03:13 -0700129 int i;
130
Florin Corasc97a7392017-11-05 23:07:07 -0800131 srt4 = &srt->session_rules_tables_16;
132 ri = mma_rules_table_rule_index_16 (srt4, sr);
133 tag = session_rules_table_rule_tag (srt, ri, 1);
Florin Coras1c710452017-10-17 00:03:13 -0700134 match = (session_mask_or_match_4_t *) & sr->match;
135 mask = (session_mask_or_match_4_t *) & sr->mask;
136
Florin Corasc97a7392017-11-05 23:07:07 -0800137 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
138 format_ip4_address, &match->lcl_ip,
Milan Lenco8b9a5d12017-11-24 17:12:33 +0100139 ip4_mask_to_preflen (&mask->lcl_ip),
140 clib_net_to_host_u16 (match->lcl_port), format_ip4_address,
141 &match->rmt_ip, ip4_mask_to_preflen (&mask->rmt_ip),
142 clib_net_to_host_u16 (match->rmt_port), sr->action_index,
143 tag ? tag : null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700144 if (vec_len (sr->next_indices))
145 {
146 s = format (s, "\n children: ");
147 for (i = 0; i < vec_len (sr->next_indices); i++)
148 s = format (s, "%d ", sr->next_indices[i]);
149 }
Florin Corasc97a7392017-11-05 23:07:07 -0800150 vec_free (null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700151 return s;
152}
153
154u8 *
155format_session_rule6 (u8 * s, va_list * args)
156{
Florin Corasc97a7392017-11-05 23:07:07 -0800157 session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
Florin Coras1c710452017-10-17 00:03:13 -0700158 mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
159 session_mask_or_match_6_t *mask, *match;
Florin Corasc97a7392017-11-05 23:07:07 -0800160 mma_rules_table_40_t *srt6;
161 u8 *tag = 0, *null_tag = format (0, "none");
162 u32 ri;
Florin Coras1c710452017-10-17 00:03:13 -0700163 int i;
164
Florin Corasc97a7392017-11-05 23:07:07 -0800165 srt6 = &srt->session_rules_tables_40;
166 ri = mma_rules_table_rule_index_40 (srt6, sr);
167 tag = session_rules_table_rule_tag (srt, ri, 0);
Florin Coras1c710452017-10-17 00:03:13 -0700168 match = (session_mask_or_match_6_t *) & sr->match;
169 mask = (session_mask_or_match_6_t *) & sr->mask;
170
Florin Corasc97a7392017-11-05 23:07:07 -0800171 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
172 format_ip6_address, &match->lcl_ip,
Milan Lenco8b9a5d12017-11-24 17:12:33 +0100173 ip6_mask_to_preflen (&mask->lcl_ip),
174 clib_net_to_host_u16 (match->lcl_port), format_ip6_address,
175 &match->rmt_ip, ip6_mask_to_preflen (&mask->rmt_ip),
176 clib_net_to_host_u16 (match->rmt_port), sr->action_index,
177 tag ? tag : null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700178 if (vec_len (sr->next_indices))
179 {
180 s = format (s, "\n children: ");
181 for (i = 0; i < vec_len (sr->next_indices); i++)
182 s = format (s, "%d ", sr->next_indices[i]);
183 }
Florin Corasc97a7392017-11-05 23:07:07 -0800184 vec_free (null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700185 return s;
186}
187
188void *
Florin Corasc97a7392017-11-05 23:07:07 -0800189session_rules_table_get (session_rules_table_t * srt, u8 fib_proto)
Florin Coras1c710452017-10-17 00:03:13 -0700190{
191 if (fib_proto == FIB_PROTOCOL_IP4)
Florin Corasc97a7392017-11-05 23:07:07 -0800192 return &srt->session_rules_tables_16;
Florin Coras1c710452017-10-17 00:03:13 -0700193 else if (fib_proto == FIB_PROTOCOL_IP6)
Florin Corasc97a7392017-11-05 23:07:07 -0800194 return &srt->session_rules_tables_40;
Florin Coras1c710452017-10-17 00:03:13 -0700195 return 0;
196}
197
198int
199rule_cmp_16 (mma_rule_16_t * rule1, mma_rule_16_t * rule2)
200{
201 session_mask_or_match_4_t *m1, *m2;
202
203 m1 = (session_mask_or_match_4_t *) & rule1->max_match;
204 m2 = (session_mask_or_match_4_t *) & rule2->max_match;
205 if (m1->rmt_ip.as_u32 != m2->rmt_ip.as_u32)
206 return (m1->rmt_ip.as_u32 < m2->rmt_ip.as_u32 ? -1 : 1);
207 if (m1->lcl_ip.as_u32 != m2->lcl_ip.as_u32)
208 return (m1->lcl_ip.as_u32 < m2->lcl_ip.as_u32 ? -1 : 1);
209 if (m1->rmt_port != m2->rmt_port)
210 return (m1->rmt_port < m2->rmt_port ? -1 : 1);
211 if (m1->lcl_port != m2->lcl_port)
212 return (m1->lcl_port < m2->lcl_port ? -1 : 1);
213 return 0;
214}
215
216int
217rule_cmp_40 (mma_rule_40_t * rule1, mma_rule_40_t * rule2)
218{
219 session_mask_or_match_6_t *r1, *r2;
220 r1 = (session_mask_or_match_6_t *) & rule1->max_match;
221 r2 = (session_mask_or_match_6_t *) & rule2->max_match;
222 if (r1->rmt_ip.as_u64[0] != r2->rmt_ip.as_u64[0])
223 return (r1->rmt_ip.as_u64[0] < r2->rmt_ip.as_u64[0] ? -1 : 1);
224 if (r1->rmt_ip.as_u64[1] != r2->rmt_ip.as_u64[1])
225 return (r1->rmt_ip.as_u64[1] < r2->rmt_ip.as_u64[1] ? -1 : 1);
226 if (r1->lcl_ip.as_u64[0] != r2->lcl_ip.as_u64[0])
227 return (r1->lcl_ip.as_u64[0] < r2->lcl_ip.as_u64[0] ? -1 : 1);
228 if (r1->lcl_ip.as_u64[1] != r2->lcl_ip.as_u64[1])
229 return (r1->lcl_ip.as_u64[1] < r2->lcl_ip.as_u64[1]) ? -1 : 1;
230 if (r1->rmt_port != r2->rmt_port)
231 return (r1->rmt_port < r2->rmt_port ? -1 : 1);
232 if (r1->lcl_port != r2->lcl_port)
233 return (r1->lcl_port < r2->lcl_port ? -1 : 1);
234 return 0;
235}
236
237void
238session_rules_table_init_rule_16 (mma_rule_16_t * rule,
239 fib_prefix_t * lcl, u16 lcl_port,
240 fib_prefix_t * rmt, u16 rmt_port)
241{
242 session_mask_or_match_4_t *match, *mask, *max_match;
243 fib_pref_normalize (lcl);
244 fib_pref_normalize (rmt);
245 match = (session_mask_or_match_4_t *) & rule->match;
246 match->lcl_ip.as_u32 = lcl->fp_addr.ip4.as_u32;
247 match->rmt_ip.as_u32 = rmt->fp_addr.ip4.as_u32;
248 match->lcl_port = lcl_port;
249 match->rmt_port = rmt_port;
250 mask = (session_mask_or_match_4_t *) & rule->mask;
251 ip4_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
252 ip4_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
253 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
254 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
255 max_match = (session_mask_or_match_4_t *) & rule->max_match;
256 ip4_prefix_max_address_host_order (&rmt->fp_addr.ip4, rmt->fp_len,
257 &max_match->rmt_ip);
258 ip4_prefix_max_address_host_order (&lcl->fp_addr.ip4, lcl->fp_len,
259 &max_match->lcl_ip);
260 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
261 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
262}
263
264void
265session_rules_table_init_rule_40 (mma_rule_40_t * rule,
266 fib_prefix_t * lcl, u16 lcl_port,
267 fib_prefix_t * rmt, u16 rmt_port)
268{
269 session_mask_or_match_6_t *match, *mask, *max_match;
270 fib_pref_normalize (lcl);
271 fib_pref_normalize (rmt);
272 match = (session_mask_or_match_6_t *) & rule->match;
Dave Barach178cf492018-11-13 16:34:13 -0500273 clib_memcpy_fast (&match->lcl_ip, &lcl->fp_addr.ip6,
274 sizeof (match->lcl_ip));
275 clib_memcpy_fast (&match->rmt_ip, &rmt->fp_addr.ip6,
276 sizeof (match->rmt_ip));
Florin Coras1c710452017-10-17 00:03:13 -0700277 match->lcl_port = lcl_port;
278 match->rmt_port = rmt_port;
279 mask = (session_mask_or_match_6_t *) & rule->mask;
280 ip6_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
281 ip6_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
282 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
283 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
284 max_match = (session_mask_or_match_6_t *) & rule->max_match;
285 ip6_prefix_max_address_host_order (&rmt->fp_addr.ip6, rmt->fp_len,
286 &max_match->rmt_ip);
287 ip6_prefix_max_address_host_order (&lcl->fp_addr.ip6, lcl->fp_len,
288 &max_match->lcl_ip);
289 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
290 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
291}
292
293mma_rule_16_t *
294session_rules_table_alloc_rule_16 (mma_rules_table_16_t * srt,
295 fib_prefix_t * lcl, u16 lcl_port,
296 fib_prefix_t * rmt, u16 rmt_port)
297{
298 mma_rule_16_t *rule = 0;
299 rule = mma_rules_table_rule_alloc_16 (srt);
300 session_rules_table_init_rule_16 (rule, lcl, lcl_port, rmt, rmt_port);
301 return rule;
302}
303
304mma_rule_40_t *
305session_rules_table_alloc_rule_40 (mma_rules_table_40_t * srt,
306 fib_prefix_t * lcl, u16 lcl_port,
307 fib_prefix_t * rmt, u16 rmt_port)
308{
309 mma_rule_40_t *rule;
310 rule = mma_rules_table_rule_alloc_40 (srt);
311 session_rules_table_init_rule_40 (rule, lcl, lcl_port, rmt, rmt_port);
312 return rule;
313}
314
Florin Coras73e4f792017-11-22 19:22:48 -0800315u32
316session_rules_table_lookup_rule4 (session_rules_table_t * srt,
317 ip4_address_t * lcl_ip,
318 ip4_address_t * rmt_ip, u16 lcl_port,
319 u16 rmt_port)
320{
321 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
322 session_mask_or_match_4_t key = {
323 .lcl_ip.as_u32 = lcl_ip->as_u32,
324 .rmt_ip.as_u32 = rmt_ip->as_u32,
325 .lcl_port = lcl_port,
326 .rmt_port = rmt_port,
327 };
328 return mma_rules_table_lookup_rule_16 (srt4,
329 (mma_mask_or_match_16_t *) & key,
330 srt4->root_index);
331}
332
333u32
334session_rules_table_lookup4 (session_rules_table_t * srt,
335 ip4_address_t * lcl_ip, ip4_address_t * rmt_ip,
336 u16 lcl_port, u16 rmt_port)
337{
338 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
339 session_mask_or_match_4_t key = {
340 .lcl_ip.as_u32 = lcl_ip->as_u32,
341 .rmt_ip.as_u32 = rmt_ip->as_u32,
342 .lcl_port = lcl_port,
343 .rmt_port = rmt_port,
344 };
345 return mma_rules_table_lookup_16 (srt4, (mma_mask_or_match_16_t *) & key,
346 srt4->root_index);
347}
348
349u32
350session_rules_table_lookup_rule6 (session_rules_table_t * srt,
351 ip6_address_t * lcl_ip,
352 ip6_address_t * rmt_ip, u16 lcl_port,
353 u16 rmt_port)
354{
355 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
356 session_mask_or_match_6_t key = {
357 .lcl_port = lcl_port,
358 .rmt_port = rmt_port,
359 };
Dave Barach178cf492018-11-13 16:34:13 -0500360 clib_memcpy_fast (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
361 clib_memcpy_fast (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
Florin Coras73e4f792017-11-22 19:22:48 -0800362 return mma_rules_table_lookup_rule_40 (srt6,
363 (mma_mask_or_match_40_t *) & key,
364 srt6->root_index);
365}
366
367u32
368session_rules_table_lookup6 (session_rules_table_t * srt,
369 ip6_address_t * lcl_ip, ip6_address_t * rmt_ip,
370 u16 lcl_port, u16 rmt_port)
371{
372 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
373 session_mask_or_match_6_t key = {
374 .lcl_port = lcl_port,
375 .rmt_port = rmt_port,
376 };
Dave Barach178cf492018-11-13 16:34:13 -0500377 clib_memcpy_fast (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
378 clib_memcpy_fast (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
Florin Coras73e4f792017-11-22 19:22:48 -0800379 return mma_rules_table_lookup_40 (srt6, (mma_mask_or_match_40_t *) & key,
380 srt6->root_index);
381}
382
Florin Corasc97a7392017-11-05 23:07:07 -0800383/**
384 * Add/delete session rule
385 *
386 * @param srt table where rule should be added
387 * @param args rule arguments
388 *
389 * @return 0 if success, clib_error_t error otherwise
390 */
Florin Corasc1a42652019-02-08 18:27:29 -0800391int
Florin Coras1c710452017-10-17 00:03:13 -0700392session_rules_table_add_del (session_rules_table_t * srt,
393 session_rule_table_add_del_args_t * args)
394{
Florin Coras73e4f792017-11-22 19:22:48 -0800395 u8 fib_proto = args->rmt.fp_proto, *rt;
Florin Corasc97a7392017-11-05 23:07:07 -0800396 u32 ri_from_tag, ri;
397 int rv;
Florin Coras1c710452017-10-17 00:03:13 -0700398
Florin Corasc97a7392017-11-05 23:07:07 -0800399 ri_from_tag = session_rules_table_rule_for_tag (srt, args->tag);
400 if (args->is_add && ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
Florin Corasc1a42652019-02-08 18:27:29 -0800401 return VNET_API_ERROR_INVALID_VALUE;
Florin Coras1c710452017-10-17 00:03:13 -0700402
403 if (fib_proto == FIB_PROTOCOL_IP4)
404 {
405 mma_rules_table_16_t *srt4;
Florin Corasc97a7392017-11-05 23:07:07 -0800406 srt4 = &srt->session_rules_tables_16;
Florin Coras1c710452017-10-17 00:03:13 -0700407 if (args->is_add)
408 {
Florin Corasc97a7392017-11-05 23:07:07 -0800409 mma_rule_16_t *rule4;
410 rule4 = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
411 args->lcl_port,
412 &args->rmt,
413 args->rmt_port);
414 rule4->action_index = args->action_index;
415 rv = mma_rules_table_add_rule_16 (srt4, rule4);
416 if (!rv)
417 {
418 ri = mma_rules_table_rule_index_16 (srt4, rule4);
Florin Coras73e4f792017-11-22 19:22:48 -0800419 session_rules_table_add_tag (srt, args->tag, ri, 1);
420 }
421 else
422 {
423 ri = session_rules_table_lookup_rule4 (srt,
424 &args->lcl.fp_addr.ip4,
425 &args->rmt.fp_addr.ip4,
426 args->lcl_port,
427 args->rmt_port);
428 if (ri != SESSION_RULES_TABLE_INVALID_INDEX)
429 {
430 rt = session_rules_table_rule_tag (srt, ri, 1);
431 session_rules_table_del_tag (srt, rt, 1);
432 session_rules_table_add_tag (srt, args->tag, ri, 1);
433 }
Florin Corasc97a7392017-11-05 23:07:07 -0800434 }
Florin Coras1c710452017-10-17 00:03:13 -0700435 }
436 else
437 {
Florin Corasc97a7392017-11-05 23:07:07 -0800438 mma_rule_16_t *rule;
439 if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
440 {
441 rule = mma_rules_table_get_rule_16 (srt4, ri_from_tag);
442 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
Florin Coras73e4f792017-11-22 19:22:48 -0800443 session_rules_table_del_tag (srt, args->tag, 1);
Florin Corasc97a7392017-11-05 23:07:07 -0800444 }
445 else
446 {
447 mma_rule_16_t _rule;
448 rule = &_rule;
Dave Barachb7b92992018-10-17 10:38:51 -0400449 clib_memset (rule, 0, sizeof (*rule));
Florin Corasc97a7392017-11-05 23:07:07 -0800450 session_rules_table_init_rule_16 (rule, &args->lcl,
451 args->lcl_port, &args->rmt,
452 args->rmt_port);
453 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
454 }
Florin Coras1c710452017-10-17 00:03:13 -0700455 }
456 }
457 else if (fib_proto == FIB_PROTOCOL_IP6)
458 {
459 mma_rules_table_40_t *srt6;
Florin Corasc97a7392017-11-05 23:07:07 -0800460 mma_rule_40_t *rule6;
461 srt6 = &srt->session_rules_tables_40;
Florin Coras1c710452017-10-17 00:03:13 -0700462 if (args->is_add)
463 {
Florin Corasc97a7392017-11-05 23:07:07 -0800464 rule6 = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
465 args->lcl_port,
466 &args->rmt,
467 args->rmt_port);
468 rule6->action_index = args->action_index;
469 rv = mma_rules_table_add_rule_40 (srt6, rule6);
470 if (!rv)
471 {
472 ri = mma_rules_table_rule_index_40 (srt6, rule6);
Florin Coras73e4f792017-11-22 19:22:48 -0800473 session_rules_table_add_tag (srt, args->tag, ri, 0);
474 }
475 else
476 {
477 ri = session_rules_table_lookup_rule6 (srt,
478 &args->lcl.fp_addr.ip6,
479 &args->rmt.fp_addr.ip6,
480 args->lcl_port,
481 args->rmt_port);
482 if (ri != SESSION_RULES_TABLE_INVALID_INDEX)
483 {
484 rt = session_rules_table_rule_tag (srt, ri, 0);
485 session_rules_table_del_tag (srt, rt, 1);
486 session_rules_table_add_tag (srt, args->tag, ri, 0);
487 }
Florin Corasc97a7392017-11-05 23:07:07 -0800488 }
Florin Coras1c710452017-10-17 00:03:13 -0700489 }
490 else
491 {
Florin Corasc97a7392017-11-05 23:07:07 -0800492 mma_rule_40_t *rule;
493 if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
494 {
495 rule = mma_rules_table_get_rule_40 (srt6, ri_from_tag);
496 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
Florin Coras73e4f792017-11-22 19:22:48 -0800497 session_rules_table_del_tag (srt, args->tag, 0);
Florin Corasc97a7392017-11-05 23:07:07 -0800498 }
499 else
500 {
501 mma_rule_40_t _rule;
502 rule = &_rule;
Dave Barachb7b92992018-10-17 10:38:51 -0400503 clib_memset (rule, 0, sizeof (*rule));
Florin Corasc97a7392017-11-05 23:07:07 -0800504 session_rules_table_init_rule_40 (rule, &args->lcl,
505 args->lcl_port, &args->rmt,
506 args->rmt_port);
507 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
508 }
Florin Coras1c710452017-10-17 00:03:13 -0700509 }
510 }
511 else
Florin Corasc1a42652019-02-08 18:27:29 -0800512 return VNET_API_ERROR_INVALID_VALUE_2;
Florin Coras1c710452017-10-17 00:03:13 -0700513 return 0;
514}
515
Florin Coras1c710452017-10-17 00:03:13 -0700516void
Nathan Skrzypczakb3ea73e2021-08-05 10:22:52 +0200517session_rules_table_free (session_rules_table_t *srt)
518{
519 mma_rules_table_free_16 (&srt->session_rules_tables_16);
520 mma_rules_table_free_40 (&srt->session_rules_tables_40);
521}
522
523void
Florin Coras1c710452017-10-17 00:03:13 -0700524session_rules_table_init (session_rules_table_t * srt)
525{
526 mma_rules_table_16_t *srt4;
527 mma_rules_table_40_t *srt6;
528 mma_rule_16_t *rule4;
529 mma_rule_40_t *rule6;
530 fib_prefix_t null_prefix;
Florin Coras1c710452017-10-17 00:03:13 -0700531
Dave Barachb7b92992018-10-17 10:38:51 -0400532 clib_memset (&null_prefix, 0, sizeof (null_prefix));
Florin Coras1c710452017-10-17 00:03:13 -0700533
Florin Corasc97a7392017-11-05 23:07:07 -0800534 srt4 = &srt->session_rules_tables_16;
535 rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
536 &null_prefix, 0);
537 rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
538 srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
539 srt4->rule_cmp_fn = rule_cmp_16;
Florin Coras1c710452017-10-17 00:03:13 -0700540
Florin Corasc97a7392017-11-05 23:07:07 -0800541 srt6 = &srt->session_rules_tables_40;
542 rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
543 &null_prefix, 0);
544 rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
545 srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
546 srt6->rule_cmp_fn = rule_cmp_40;
547
548 srt->rules_by_tag = hash_create_vec (0, sizeof (u8), sizeof (uword));
549 srt->tags_by_rules = hash_create (0, sizeof (uword));
Florin Coras1c710452017-10-17 00:03:13 -0700550}
551
552void
553session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
Florin Corasc97a7392017-11-05 23:07:07 -0800554 ip46_address_t * lcl_ip, u16 lcl_port,
555 ip46_address_t * rmt_ip, u16 rmt_port,
556 u8 is_ip4)
Florin Coras1c710452017-10-17 00:03:13 -0700557{
558 mma_rules_table_16_t *srt4;
559 mma_rules_table_40_t *srt6;
560 mma_rule_16_t *sr4;
561 mma_rule_40_t *sr6;
562 u32 ri;
563
564 if (is_ip4)
565 {
Florin Corasc97a7392017-11-05 23:07:07 -0800566 srt4 = session_rules_table_get (srt, FIB_PROTOCOL_IP4);
Florin Coras1c710452017-10-17 00:03:13 -0700567 session_mask_or_match_4_t key = {
568 .lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
569 .rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
570 .lcl_port = lcl_port,
571 .rmt_port = rmt_port,
572 };
573 ri =
574 mma_rules_table_lookup_rule_16 (srt4,
575 (mma_mask_or_match_16_t *) & key,
576 srt4->root_index);
577 sr4 = mma_rules_table_get_rule_16 (srt4, ri);
Florin Corasc97a7392017-11-05 23:07:07 -0800578 vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
Florin Coras1c710452017-10-17 00:03:13 -0700579 }
580 else
581 {
Florin Corasc97a7392017-11-05 23:07:07 -0800582 srt6 = session_rules_table_get (srt, FIB_PROTOCOL_IP6);
Florin Coras1c710452017-10-17 00:03:13 -0700583 session_mask_or_match_6_t key = {
584 .lcl_port = lcl_port,
585 .rmt_port = rmt_port,
586 };
Dave Barach178cf492018-11-13 16:34:13 -0500587 clib_memcpy_fast (&key.lcl_ip, &lcl_ip->ip6, sizeof (lcl_ip->ip6));
588 clib_memcpy_fast (&key.rmt_ip, &rmt_ip->ip6, sizeof (rmt_ip->ip6));
Florin Corasc97a7392017-11-05 23:07:07 -0800589 ri = mma_rules_table_lookup_rule_40 (srt6,
590 (mma_mask_or_match_40_t *) & key,
591 srt6->root_index);
Florin Coras1c710452017-10-17 00:03:13 -0700592 sr6 = mma_rules_table_get_rule_40 (srt6, ri);
Florin Corasc97a7392017-11-05 23:07:07 -0800593 vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
Florin Coras1c710452017-10-17 00:03:13 -0700594 }
595}
596
597void
598session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
Florin Corasc97a7392017-11-05 23:07:07 -0800599 u8 fib_proto)
Florin Coras1c710452017-10-17 00:03:13 -0700600{
601 if (fib_proto == FIB_PROTOCOL_IP4)
602 {
603 mma_rules_table_16_t *srt4;
604 mma_rule_16_t *sr4;
Florin Corasc97a7392017-11-05 23:07:07 -0800605 srt4 = &srt->session_rules_tables_16;
606 vlib_cli_output (vm, "IP4 rules");
Florin Coras1c710452017-10-17 00:03:13 -0700607
608 /* *INDENT-OFF* */
Damjan Marionb2c31b62020-12-13 21:47:40 +0100609 pool_foreach (sr4, srt4->rules) {
Florin Corasc97a7392017-11-05 23:07:07 -0800610 vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
Damjan Marionb2c31b62020-12-13 21:47:40 +0100611 }
Florin Coras1c710452017-10-17 00:03:13 -0700612 /* *INDENT-ON* */
613
614 }
615 else if (fib_proto == FIB_PROTOCOL_IP6)
616 {
617 mma_rules_table_40_t *srt6;
618 mma_rule_40_t *sr6;
Florin Corasc97a7392017-11-05 23:07:07 -0800619 srt6 = &srt->session_rules_tables_40;
620 vlib_cli_output (vm, "IP6 rules");
Florin Coras1c710452017-10-17 00:03:13 -0700621
622 /* *INDENT-OFF* */
Damjan Marionb2c31b62020-12-13 21:47:40 +0100623 pool_foreach (sr6, srt6->rules) {
Florin Corasc97a7392017-11-05 23:07:07 -0800624 vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
Damjan Marionb2c31b62020-12-13 21:47:40 +0100625 }
Florin Coras1c710452017-10-17 00:03:13 -0700626 /* *INDENT-ON* */
627
628 }
629}
630
631/*
632 * fd.io coding-style-patch-verification: ON
633 *
634 * Local Variables:
635 * eval: (c-set-style "gnu")
636 * End:
637 */