blob: 010d50a6398e6012dceb9f8527e73b9181d52ac7 [file] [log] [blame]
Florin Coras1c710452017-10-17 00:03:13 -07001/*
Florin Coras288eaab2019-02-03 15:26:14 -08002 * Copyright (c) 2017-2019 Cisco and/or its affiliates.
Florin Coras1c710452017-10-17 00:03:13 -07003 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
17#define SRC_VNET_SESSION_SESSION_RULES_TABLE_H_
18
19#include <vnet/vnet.h>
20#include <vnet/fib/fib.h>
Filip Tehlar0028e6f2023-06-28 10:47:32 +020021#include <vnet/session/session_types.h>
Florin Coras1c710452017-10-17 00:03:13 -070022#include <vnet/session/transport.h>
23#include <vnet/session/mma_16.h>
24#include <vnet/session/mma_40.h>
25
Florin Coras1c710452017-10-17 00:03:13 -070026typedef CLIB_PACKED (struct
27{
28 union
29 {
30 struct
31 {
32 ip4_address_t rmt_ip;
33 ip4_address_t lcl_ip;
34 u16 rmt_port;
35 u16 lcl_port;
36 };
37 u64 as_u64[2];
38 };
39}) session_mask_or_match_4_t;
40
41typedef CLIB_PACKED (struct
42{
43 union
44 {
45 struct
46 {
47 ip6_address_t rmt_ip;
48 ip6_address_t lcl_ip;
49 u16 rmt_port;
50 u16 lcl_port;
51 };
52 u64 as_u64[5];
53 };
54}) session_mask_or_match_6_t;
Florin Coras1c710452017-10-17 00:03:13 -070055
Florin Corasc97a7392017-11-05 23:07:07 -080056#define SESSION_RULE_TAG_MAX_LEN 64
Florin Corasc97a7392017-11-05 23:07:07 -080057#define SESSION_RULES_TABLE_INVALID_INDEX MMA_TABLE_INVALID_INDEX
Florin Corasdff48db2017-11-19 18:06:58 -080058#define SESSION_RULES_TABLE_ACTION_DROP (MMA_TABLE_INVALID_INDEX - 1)
59#define SESSION_RULES_TABLE_ACTION_ALLOW (MMA_TABLE_INVALID_INDEX - 2)
Florin Corasc97a7392017-11-05 23:07:07 -080060
Florin Coras1c710452017-10-17 00:03:13 -070061typedef struct _session_rules_table_add_del_args
62{
Florin Coras1c710452017-10-17 00:03:13 -070063 fib_prefix_t lcl;
64 fib_prefix_t rmt;
65 u16 lcl_port;
66 u16 rmt_port;
67 u32 action_index;
Florin Corasc97a7392017-11-05 23:07:07 -080068 u8 *tag;
Florin Coras1c710452017-10-17 00:03:13 -070069 u8 is_add;
70} session_rule_table_add_del_args_t;
71
Florin Corasc97a7392017-11-05 23:07:07 -080072typedef struct _rule_tag
73{
74 u8 *tag;
75} session_rule_tag_t;
Florin Corasf0c1c962017-11-02 21:31:46 -070076
Florin Coras1c710452017-10-17 00:03:13 -070077typedef struct _session_rules_table_t
78{
79 /**
Florin Corasc97a7392017-11-05 23:07:07 -080080 * Per fib proto session rules tables
Florin Coras1c710452017-10-17 00:03:13 -070081 */
Florin Corasc97a7392017-11-05 23:07:07 -080082 mma_rules_table_16_t session_rules_tables_16;
83 mma_rules_table_40_t session_rules_tables_40;
84 /**
85 * Hash table that maps tags to rules
86 */
87 uword *rules_by_tag;
88 /**
89 * Pool of rules tags
90 */
91 session_rule_tag_t *rule_tags;
92 /**
93 * Hash table that maps rule indices to tags
94 */
95 uword *tags_by_rules;
Florin Coras1c710452017-10-17 00:03:13 -070096} session_rules_table_t;
97
Florin Coras1c710452017-10-17 00:03:13 -070098u32 session_rules_table_lookup4 (session_rules_table_t * srt,
Florin Corasc97a7392017-11-05 23:07:07 -080099 ip4_address_t * lcl_ip,
Florin Coras1c710452017-10-17 00:03:13 -0700100 ip4_address_t * rmt_ip, u16 lcl_port,
101 u16 rmt_port);
102u32 session_rules_table_lookup6 (session_rules_table_t * srt,
Florin Corasc97a7392017-11-05 23:07:07 -0800103 ip6_address_t * lcl_ip,
Florin Coras1c710452017-10-17 00:03:13 -0700104 ip6_address_t * rmt_ip, u16 lcl_port,
105 u16 rmt_port);
106void session_rules_table_cli_dump (vlib_main_t * vm,
Florin Corasc97a7392017-11-05 23:07:07 -0800107 session_rules_table_t * srt, u8 fib_proto);
Florin Coras1c710452017-10-17 00:03:13 -0700108void session_rules_table_show_rule (vlib_main_t * vm,
109 session_rules_table_t * srt,
Florin Coras1c710452017-10-17 00:03:13 -0700110 ip46_address_t * lcl_ip, u16 lcl_port,
111 ip46_address_t * rmt_ip, u16 rmt_port,
112 u8 is_ip4);
Filip Tehlar0028e6f2023-06-28 10:47:32 +0200113session_error_t
114session_rules_table_add_del (session_rules_table_t *srt,
115 session_rule_table_add_del_args_t *args);
Florin Corasc97a7392017-11-05 23:07:07 -0800116u8 *session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri,
117 u8 is_ip4);
Florin Coras1c710452017-10-17 00:03:13 -0700118void session_rules_table_init (session_rules_table_t * srt);
Nathan Skrzypczakb3ea73e2021-08-05 10:22:52 +0200119void session_rules_table_free (session_rules_table_t *srt);
Florin Coras1c710452017-10-17 00:03:13 -0700120#endif /* SRC_VNET_SESSION_SESSION_RULES_TABLE_H_ */
121/*
122 * fd.io coding-style-patch-verification: ON
123 *
124 * Local Variables:
125 * eval: (c-set-style "gnu")
126 * End:
127 */