Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / fc3464dac99c9e3e56616e6c6bc6d10886b2f567 / . / src / vnet / session / session_rules_table.c
blob: d15df48d7b5e52930449d51d4a16d1348c7ae013 [file] [log] [blame]
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]1/*
Florin Coras288eaab2019-02-03 15:26:14 -0800[diff] [blame]2 * Copyright (c) 2017-2019 Cisco and/or its affiliates.
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14*/
15
16#include <vnet/session/mma_16.h>
17#include <vnet/session/mma_template.c>
18#include <vnet/session/mma_40.h>
19#include <vnet/session/mma_template.c>
20#include <vnet/session/session_rules_table.h>
21#include <vnet/session/transport.h>
22
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]23u32
24session_rule_tag_key_index (u32 ri, u8 is_ip4)
25{
26 return ((ri << 1) | is_ip4);
27}
28
29void
30session_rule_tag_key_index_parse (u32 rti_key, u32 * ri, u8 * is_ip4)
31{
32 *is_ip4 = rti_key & 1;
33 *ri = rti_key >> 1;
34}
35
36u8 *
37session_rules_table_rule_tag (session_rules_table_t * srt, u32 ri, u8 is_ip4)
38{
39 uword *tip;
40 session_rule_tag_t *rt;
41
42 tip =
43 hash_get (srt->tags_by_rules, session_rule_tag_key_index (ri, is_ip4));
44 if (tip)
45 {
46 rt = pool_elt_at_index (srt->rule_tags, *tip);
47 return rt->tag;
48 }
49 return 0;
50}
51
52void
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]53session_rules_table_del_tag (session_rules_table_t * srt, u8 * tag, u8 is_ip4)
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]54{
55 uword *rip, *rtip;
56 session_rule_tag_t *rt;
57 u32 rti_key;
58
59 if (tag == 0)
60 return;
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]61 rip = hash_get_mem (srt->rules_by_tag, tag);
62 if (!rip)
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]63 {
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]64 clib_warning ("tag has no rule associated");
65 return;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]66 }
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]67 rti_key = session_rule_tag_key_index (*rip, is_ip4);
68 rtip = hash_get (srt->tags_by_rules, rti_key);
69 if (!rtip)
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]70 {
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]71 clib_warning ("rule has no tag associated");
72 return;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]73 }
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]74 rt = pool_elt_at_index (srt->rule_tags, *rtip);
75 ASSERT (rt);
76 hash_unset_mem (srt->rules_by_tag, tag);
77 hash_unset (srt->tags_by_rules, rti_key);
Steven Luong99213e02024-07-16 14:23:41 -0700[diff] [blame]78 vec_free (rt->tag);
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]79 pool_put (srt->rule_tags, rt);
80}
81
82void
83session_rules_table_add_tag (session_rules_table_t * srt, u8 * tag,
84 u32 rule_index, u8 is_ip4)
85{
86 uword *rip;
87 session_rule_tag_t *rt;
88 u32 rti_key;
89
90 if (tag == 0)
91 return;
92 rip = hash_get_mem (srt->rules_by_tag, tag);
93 if (rip)
94 session_rules_table_del_tag (srt, tag, is_ip4);
95 pool_get (srt->rule_tags, rt);
96 rt->tag = vec_dup (tag);
97 hash_set_mem (srt->rules_by_tag, rt->tag, rule_index);
98 rti_key = session_rule_tag_key_index (rule_index, is_ip4);
99 hash_set (srt->tags_by_rules, rti_key, rt - srt->rule_tags);
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]100}
101
102u32
103session_rules_table_rule_for_tag (session_rules_table_t * srt, u8 * tag)
104{
105 uword *rp;
106 if (tag == 0)
107 return SESSION_RULES_TABLE_INVALID_INDEX;
108 rp = hash_get_mem (srt->rules_by_tag, tag);
109 return (rp == 0 ? SESSION_RULES_TABLE_INVALID_INDEX : *rp);
110}
111
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]112static void
113fib_pref_normalize (fib_prefix_t * pref)
114{
115 if (pref->fp_proto == FIB_PROTOCOL_IP4)
116 ip4_address_normalize (&pref->fp_addr.ip4, pref->fp_len);
117 else
118 ip6_address_normalize (&pref->fp_addr.ip6, pref->fp_len);
119}
120
121u8 *
122format_session_rule4 (u8 * s, va_list * args)
123{
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]124 session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]125 mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
126 session_mask_or_match_4_t *mask, *match;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]127 mma_rules_table_16_t *srt4;
128 u8 *tag = 0, *null_tag = format (0, "none");
129 u32 ri;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]130 int i;
131
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]132 srt4 = &srt->session_rules_tables_16;
133 ri = mma_rules_table_rule_index_16 (srt4, sr);
134 tag = session_rules_table_rule_tag (srt, ri, 1);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]135 match = (session_mask_or_match_4_t *) & sr->match;
136 mask = (session_mask_or_match_4_t *) & sr->mask;
137
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]138 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
139 format_ip4_address, &match->lcl_ip,
Milan Lenco8b9a5d12017-11-24 17:12:33 +0100[diff] [blame]140 ip4_mask_to_preflen (&mask->lcl_ip),
141 clib_net_to_host_u16 (match->lcl_port), format_ip4_address,
142 &match->rmt_ip, ip4_mask_to_preflen (&mask->rmt_ip),
143 clib_net_to_host_u16 (match->rmt_port), sr->action_index,
144 tag ? tag : null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]145 if (vec_len (sr->next_indices))
146 {
147 s = format (s, "\n children: ");
148 for (i = 0; i < vec_len (sr->next_indices); i++)
149 s = format (s, "%d ", sr->next_indices[i]);
150 }
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]151 vec_free (null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]152 return s;
153}
154
155u8 *
156format_session_rule6 (u8 * s, va_list * args)
157{
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]158 session_rules_table_t *srt = va_arg (*args, session_rules_table_t *);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]159 mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
160 session_mask_or_match_6_t *mask, *match;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]161 mma_rules_table_40_t *srt6;
162 u8 *tag = 0, *null_tag = format (0, "none");
163 u32 ri;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]164 int i;
165
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]166 srt6 = &srt->session_rules_tables_40;
167 ri = mma_rules_table_rule_index_40 (srt6, sr);
168 tag = session_rules_table_rule_tag (srt, ri, 0);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]169 match = (session_mask_or_match_6_t *) & sr->match;
170 mask = (session_mask_or_match_6_t *) & sr->mask;
171
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]172 s = format (s, "[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
173 format_ip6_address, &match->lcl_ip,
Milan Lenco8b9a5d12017-11-24 17:12:33 +0100[diff] [blame]174 ip6_mask_to_preflen (&mask->lcl_ip),
175 clib_net_to_host_u16 (match->lcl_port), format_ip6_address,
176 &match->rmt_ip, ip6_mask_to_preflen (&mask->rmt_ip),
177 clib_net_to_host_u16 (match->rmt_port), sr->action_index,
178 tag ? tag : null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]179 if (vec_len (sr->next_indices))
180 {
181 s = format (s, "\n children: ");
182 for (i = 0; i < vec_len (sr->next_indices); i++)
183 s = format (s, "%d ", sr->next_indices[i]);
184 }
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]185 vec_free (null_tag);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]186 return s;
187}
188
189void *
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]190session_rules_table_get (session_rules_table_t * srt, u8 fib_proto)
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]191{
192 if (fib_proto == FIB_PROTOCOL_IP4)
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]193 return &srt->session_rules_tables_16;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]194 else if (fib_proto == FIB_PROTOCOL_IP6)
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]195 return &srt->session_rules_tables_40;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]196 return 0;
197}
198
199int
200rule_cmp_16 (mma_rule_16_t * rule1, mma_rule_16_t * rule2)
201{
202 session_mask_or_match_4_t *m1, *m2;
203
204 m1 = (session_mask_or_match_4_t *) & rule1->max_match;
205 m2 = (session_mask_or_match_4_t *) & rule2->max_match;
206 if (m1->rmt_ip.as_u32 != m2->rmt_ip.as_u32)
207 return (m1->rmt_ip.as_u32 < m2->rmt_ip.as_u32 ? -1 : 1);
208 if (m1->lcl_ip.as_u32 != m2->lcl_ip.as_u32)
209 return (m1->lcl_ip.as_u32 < m2->lcl_ip.as_u32 ? -1 : 1);
210 if (m1->rmt_port != m2->rmt_port)
211 return (m1->rmt_port < m2->rmt_port ? -1 : 1);
212 if (m1->lcl_port != m2->lcl_port)
213 return (m1->lcl_port < m2->lcl_port ? -1 : 1);
214 return 0;
215}
216
217int
218rule_cmp_40 (mma_rule_40_t * rule1, mma_rule_40_t * rule2)
219{
220 session_mask_or_match_6_t *r1, *r2;
221 r1 = (session_mask_or_match_6_t *) & rule1->max_match;
222 r2 = (session_mask_or_match_6_t *) & rule2->max_match;
223 if (r1->rmt_ip.as_u64[0] != r2->rmt_ip.as_u64[0])
224 return (r1->rmt_ip.as_u64[0] < r2->rmt_ip.as_u64[0] ? -1 : 1);
225 if (r1->rmt_ip.as_u64[1] != r2->rmt_ip.as_u64[1])
226 return (r1->rmt_ip.as_u64[1] < r2->rmt_ip.as_u64[1] ? -1 : 1);
227 if (r1->lcl_ip.as_u64[0] != r2->lcl_ip.as_u64[0])
228 return (r1->lcl_ip.as_u64[0] < r2->lcl_ip.as_u64[0] ? -1 : 1);
229 if (r1->lcl_ip.as_u64[1] != r2->lcl_ip.as_u64[1])
230 return (r1->lcl_ip.as_u64[1] < r2->lcl_ip.as_u64[1]) ? -1 : 1;
231 if (r1->rmt_port != r2->rmt_port)
232 return (r1->rmt_port < r2->rmt_port ? -1 : 1);
233 if (r1->lcl_port != r2->lcl_port)
234 return (r1->lcl_port < r2->lcl_port ? -1 : 1);
235 return 0;
236}
237
238void
239session_rules_table_init_rule_16 (mma_rule_16_t * rule,
240 fib_prefix_t * lcl, u16 lcl_port,
241 fib_prefix_t * rmt, u16 rmt_port)
242{
243 session_mask_or_match_4_t *match, *mask, *max_match;
244 fib_pref_normalize (lcl);
245 fib_pref_normalize (rmt);
246 match = (session_mask_or_match_4_t *) & rule->match;
247 match->lcl_ip.as_u32 = lcl->fp_addr.ip4.as_u32;
248 match->rmt_ip.as_u32 = rmt->fp_addr.ip4.as_u32;
249 match->lcl_port = lcl_port;
250 match->rmt_port = rmt_port;
251 mask = (session_mask_or_match_4_t *) & rule->mask;
252 ip4_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
253 ip4_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
254 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
255 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
256 max_match = (session_mask_or_match_4_t *) & rule->max_match;
257 ip4_prefix_max_address_host_order (&rmt->fp_addr.ip4, rmt->fp_len,
258 &max_match->rmt_ip);
259 ip4_prefix_max_address_host_order (&lcl->fp_addr.ip4, lcl->fp_len,
260 &max_match->lcl_ip);
261 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
262 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
263}
264
265void
266session_rules_table_init_rule_40 (mma_rule_40_t * rule,
267 fib_prefix_t * lcl, u16 lcl_port,
268 fib_prefix_t * rmt, u16 rmt_port)
269{
270 session_mask_or_match_6_t *match, *mask, *max_match;
271 fib_pref_normalize (lcl);
272 fib_pref_normalize (rmt);
273 match = (session_mask_or_match_6_t *) & rule->match;
Dave Barach178cf492018-11-13 16:34:13 -0500[diff] [blame]274 clib_memcpy_fast (&match->lcl_ip, &lcl->fp_addr.ip6,
275 sizeof (match->lcl_ip));
276 clib_memcpy_fast (&match->rmt_ip, &rmt->fp_addr.ip6,
277 sizeof (match->rmt_ip));
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]278 match->lcl_port = lcl_port;
279 match->rmt_port = rmt_port;
280 mask = (session_mask_or_match_6_t *) & rule->mask;
281 ip6_preflen_to_mask (lcl->fp_len, &mask->lcl_ip);
282 ip6_preflen_to_mask (rmt->fp_len, &mask->rmt_ip);
283 mask->lcl_port = lcl_port == 0 ? 0 : (u16) ~ 0;
284 mask->rmt_port = rmt_port == 0 ? 0 : (u16) ~ 0;
285 max_match = (session_mask_or_match_6_t *) & rule->max_match;
286 ip6_prefix_max_address_host_order (&rmt->fp_addr.ip6, rmt->fp_len,
287 &max_match->rmt_ip);
288 ip6_prefix_max_address_host_order (&lcl->fp_addr.ip6, lcl->fp_len,
289 &max_match->lcl_ip);
290 max_match->lcl_port = lcl_port == 0 ? (u16) ~ 0 : lcl_port;
291 max_match->rmt_port = rmt_port == 0 ? (u16) ~ 0 : rmt_port;
292}
293
294mma_rule_16_t *
295session_rules_table_alloc_rule_16 (mma_rules_table_16_t * srt,
296 fib_prefix_t * lcl, u16 lcl_port,
297 fib_prefix_t * rmt, u16 rmt_port)
298{
299 mma_rule_16_t *rule = 0;
300 rule = mma_rules_table_rule_alloc_16 (srt);
301 session_rules_table_init_rule_16 (rule, lcl, lcl_port, rmt, rmt_port);
302 return rule;
303}
304
305mma_rule_40_t *
306session_rules_table_alloc_rule_40 (mma_rules_table_40_t * srt,
307 fib_prefix_t * lcl, u16 lcl_port,
308 fib_prefix_t * rmt, u16 rmt_port)
309{
310 mma_rule_40_t *rule;
311 rule = mma_rules_table_rule_alloc_40 (srt);
312 session_rules_table_init_rule_40 (rule, lcl, lcl_port, rmt, rmt_port);
313 return rule;
314}
315
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]316u32
317session_rules_table_lookup_rule4 (session_rules_table_t * srt,
318 ip4_address_t * lcl_ip,
319 ip4_address_t * rmt_ip, u16 lcl_port,
320 u16 rmt_port)
321{
322 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
323 session_mask_or_match_4_t key = {
324 .lcl_ip.as_u32 = lcl_ip->as_u32,
325 .rmt_ip.as_u32 = rmt_ip->as_u32,
326 .lcl_port = lcl_port,
327 .rmt_port = rmt_port,
328 };
329 return mma_rules_table_lookup_rule_16 (srt4,
330 (mma_mask_or_match_16_t *) & key,
331 srt4->root_index);
332}
333
334u32
335session_rules_table_lookup4 (session_rules_table_t * srt,
336 ip4_address_t * lcl_ip, ip4_address_t * rmt_ip,
337 u16 lcl_port, u16 rmt_port)
338{
339 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
340 session_mask_or_match_4_t key = {
341 .lcl_ip.as_u32 = lcl_ip->as_u32,
342 .rmt_ip.as_u32 = rmt_ip->as_u32,
343 .lcl_port = lcl_port,
344 .rmt_port = rmt_port,
345 };
346 return mma_rules_table_lookup_16 (srt4, (mma_mask_or_match_16_t *) & key,
347 srt4->root_index);
348}
349
350u32
351session_rules_table_lookup_rule6 (session_rules_table_t * srt,
352 ip6_address_t * lcl_ip,
353 ip6_address_t * rmt_ip, u16 lcl_port,
354 u16 rmt_port)
355{
356 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
357 session_mask_or_match_6_t key = {
358 .lcl_port = lcl_port,
359 .rmt_port = rmt_port,
360 };
Dave Barach178cf492018-11-13 16:34:13 -0500[diff] [blame]361 clib_memcpy_fast (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
362 clib_memcpy_fast (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]363 return mma_rules_table_lookup_rule_40 (srt6,
364 (mma_mask_or_match_40_t *) & key,
365 srt6->root_index);
366}
367
368u32
369session_rules_table_lookup6 (session_rules_table_t * srt,
370 ip6_address_t * lcl_ip, ip6_address_t * rmt_ip,
371 u16 lcl_port, u16 rmt_port)
372{
373 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
374 session_mask_or_match_6_t key = {
375 .lcl_port = lcl_port,
376 .rmt_port = rmt_port,
377 };
Dave Barach178cf492018-11-13 16:34:13 -0500[diff] [blame]378 clib_memcpy_fast (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
379 clib_memcpy_fast (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]380 return mma_rules_table_lookup_40 (srt6, (mma_mask_or_match_40_t *) & key,
381 srt6->root_index);
382}
383
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]384/**
385 * Add/delete session rule
386 *
387 * @param srt table where rule should be added
388 * @param args rule arguments
389 *
Filip Tehlar0028e6f2023-06-28 10:47:32 +0200[diff] [blame]390 * @return 0 if success, session_error_t error otherwise
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]391 */
Filip Tehlar0028e6f2023-06-28 10:47:32 +0200[diff] [blame]392session_error_t
393session_rules_table_add_del (session_rules_table_t *srt,
394 session_rule_table_add_del_args_t *args)
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]395{
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]396 u8 fib_proto = args->rmt.fp_proto, *rt;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]397 u32 ri_from_tag, ri;
398 int rv;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]399
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]400 ri_from_tag = session_rules_table_rule_for_tag (srt, args->tag);
401 if (args->is_add && ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
Filip Tehlar0028e6f2023-06-28 10:47:32 +0200[diff] [blame]402 return SESSION_E_INVALID;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]403
404 if (fib_proto == FIB_PROTOCOL_IP4)
405 {
406 mma_rules_table_16_t *srt4;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]407 srt4 = &srt->session_rules_tables_16;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]408 if (args->is_add)
409 {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]410 mma_rule_16_t *rule4;
411 rule4 = session_rules_table_alloc_rule_16 (srt4, &args->lcl,
412 args->lcl_port,
413 &args->rmt,
414 args->rmt_port);
415 rule4->action_index = args->action_index;
416 rv = mma_rules_table_add_rule_16 (srt4, rule4);
417 if (!rv)
418 {
419 ri = mma_rules_table_rule_index_16 (srt4, rule4);
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]420 session_rules_table_add_tag (srt, args->tag, ri, 1);
421 }
422 else
423 {
424 ri = session_rules_table_lookup_rule4 (srt,
425 &args->lcl.fp_addr.ip4,
426 &args->rmt.fp_addr.ip4,
427 args->lcl_port,
428 args->rmt_port);
429 if (ri != SESSION_RULES_TABLE_INVALID_INDEX)
430 {
431 rt = session_rules_table_rule_tag (srt, ri, 1);
432 session_rules_table_del_tag (srt, rt, 1);
433 session_rules_table_add_tag (srt, args->tag, ri, 1);
434 }
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]435 }
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]436 }
437 else
438 {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]439 mma_rule_16_t *rule;
440 if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
441 {
442 rule = mma_rules_table_get_rule_16 (srt4, ri_from_tag);
443 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]444 session_rules_table_del_tag (srt, args->tag, 1);
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]445 }
446 else
447 {
448 mma_rule_16_t _rule;
449 rule = &_rule;
Dave Barachb7b92992018-10-17 10:38:51 -0400[diff] [blame]450 clib_memset (rule, 0, sizeof (*rule));
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]451 session_rules_table_init_rule_16 (rule, &args->lcl,
452 args->lcl_port, &args->rmt,
453 args->rmt_port);
454 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
455 }
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]456 }
457 }
458 else if (fib_proto == FIB_PROTOCOL_IP6)
459 {
460 mma_rules_table_40_t *srt6;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]461 mma_rule_40_t *rule6;
462 srt6 = &srt->session_rules_tables_40;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]463 if (args->is_add)
464 {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]465 rule6 = session_rules_table_alloc_rule_40 (srt6, &args->lcl,
466 args->lcl_port,
467 &args->rmt,
468 args->rmt_port);
469 rule6->action_index = args->action_index;
470 rv = mma_rules_table_add_rule_40 (srt6, rule6);
471 if (!rv)
472 {
473 ri = mma_rules_table_rule_index_40 (srt6, rule6);
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]474 session_rules_table_add_tag (srt, args->tag, ri, 0);
475 }
476 else
477 {
478 ri = session_rules_table_lookup_rule6 (srt,
479 &args->lcl.fp_addr.ip6,
480 &args->rmt.fp_addr.ip6,
481 args->lcl_port,
482 args->rmt_port);
483 if (ri != SESSION_RULES_TABLE_INVALID_INDEX)
484 {
485 rt = session_rules_table_rule_tag (srt, ri, 0);
486 session_rules_table_del_tag (srt, rt, 1);
487 session_rules_table_add_tag (srt, args->tag, ri, 0);
488 }
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]489 }
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]490 }
491 else
492 {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]493 mma_rule_40_t *rule;
494 if (ri_from_tag != SESSION_RULES_TABLE_INVALID_INDEX)
495 {
496 rule = mma_rules_table_get_rule_40 (srt6, ri_from_tag);
497 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
Florin Coras73e4f792017-11-22 19:22:48 -0800[diff] [blame]498 session_rules_table_del_tag (srt, args->tag, 0);
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]499 }
500 else
501 {
502 mma_rule_40_t _rule;
503 rule = &_rule;
Dave Barachb7b92992018-10-17 10:38:51 -0400[diff] [blame]504 clib_memset (rule, 0, sizeof (*rule));
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]505 session_rules_table_init_rule_40 (rule, &args->lcl,
506 args->lcl_port, &args->rmt,
507 args->rmt_port);
508 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
509 }
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]510 }
511 }
512 else
Filip Tehlar0028e6f2023-06-28 10:47:32 +0200[diff] [blame]513 return SESSION_E_INVALID;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]514 return 0;
515}
516
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]517void
Nathan Skrzypczakb3ea73e2021-08-05 10:22:52 +0200[diff] [blame]518session_rules_table_free (session_rules_table_t *srt)
519{
520 mma_rules_table_free_16 (&srt->session_rules_tables_16);
521 mma_rules_table_free_40 (&srt->session_rules_tables_40);
Steven Luongd1aeac52024-07-16 15:33:35 -0700[diff] [blame]522
523 hash_free (srt->tags_by_rules);
524 hash_free (srt->rules_by_tag);
Nathan Skrzypczakb3ea73e2021-08-05 10:22:52 +0200[diff] [blame]525}
526
527void
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]528session_rules_table_init (session_rules_table_t * srt)
529{
530 mma_rules_table_16_t *srt4;
531 mma_rules_table_40_t *srt6;
532 mma_rule_16_t *rule4;
533 mma_rule_40_t *rule6;
534 fib_prefix_t null_prefix;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]535
Dave Barachb7b92992018-10-17 10:38:51 -0400[diff] [blame]536 clib_memset (&null_prefix, 0, sizeof (null_prefix));
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]537
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]538 srt4 = &srt->session_rules_tables_16;
539 rule4 = session_rules_table_alloc_rule_16 (srt4, &null_prefix, 0,
540 &null_prefix, 0);
541 rule4->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
542 srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
543 srt4->rule_cmp_fn = rule_cmp_16;
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]544
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]545 srt6 = &srt->session_rules_tables_40;
546 rule6 = session_rules_table_alloc_rule_40 (srt6, &null_prefix, 0,
547 &null_prefix, 0);
548 rule6->action_index = SESSION_RULES_TABLE_INVALID_INDEX;
549 srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
550 srt6->rule_cmp_fn = rule_cmp_40;
551
552 srt->rules_by_tag = hash_create_vec (0, sizeof (u8), sizeof (uword));
553 srt->tags_by_rules = hash_create (0, sizeof (uword));
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]554}
555
556void
557session_rules_table_show_rule (vlib_main_t * vm, session_rules_table_t * srt,
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]558 ip46_address_t * lcl_ip, u16 lcl_port,
559 ip46_address_t * rmt_ip, u16 rmt_port,
560 u8 is_ip4)
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]561{
562 mma_rules_table_16_t *srt4;
563 mma_rules_table_40_t *srt6;
564 mma_rule_16_t *sr4;
565 mma_rule_40_t *sr6;
566 u32 ri;
567
568 if (is_ip4)
569 {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]570 srt4 = session_rules_table_get (srt, FIB_PROTOCOL_IP4);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]571 session_mask_or_match_4_t key = {
572 .lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
573 .rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
574 .lcl_port = lcl_port,
575 .rmt_port = rmt_port,
576 };
577 ri =
578 mma_rules_table_lookup_rule_16 (srt4,
579 (mma_mask_or_match_16_t *) & key,
580 srt4->root_index);
581 sr4 = mma_rules_table_get_rule_16 (srt4, ri);
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]582 vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]583 }
584 else
585 {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]586 srt6 = session_rules_table_get (srt, FIB_PROTOCOL_IP6);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]587 session_mask_or_match_6_t key = {
588 .lcl_port = lcl_port,
589 .rmt_port = rmt_port,
590 };
Dave Barach178cf492018-11-13 16:34:13 -0500[diff] [blame]591 clib_memcpy_fast (&key.lcl_ip, &lcl_ip->ip6, sizeof (lcl_ip->ip6));
592 clib_memcpy_fast (&key.rmt_ip, &rmt_ip->ip6, sizeof (rmt_ip->ip6));
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]593 ri = mma_rules_table_lookup_rule_40 (srt6,
594 (mma_mask_or_match_40_t *) & key,
595 srt6->root_index);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]596 sr6 = mma_rules_table_get_rule_40 (srt6, ri);
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]597 vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]598 }
599}
600
601void
602session_rules_table_cli_dump (vlib_main_t * vm, session_rules_table_t * srt,
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]603 u8 fib_proto)
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]604{
605 if (fib_proto == FIB_PROTOCOL_IP4)
606 {
607 mma_rules_table_16_t *srt4;
608 mma_rule_16_t *sr4;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]609 srt4 = &srt->session_rules_tables_16;
610 vlib_cli_output (vm, "IP4 rules");
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]611
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]612 pool_foreach (sr4, srt4->rules) {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]613 vlib_cli_output (vm, "%U", format_session_rule4, srt, sr4);
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]614 }
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]615
616 }
617 else if (fib_proto == FIB_PROTOCOL_IP6)
618 {
619 mma_rules_table_40_t *srt6;
620 mma_rule_40_t *sr6;
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]621 srt6 = &srt->session_rules_tables_40;
622 vlib_cli_output (vm, "IP6 rules");
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]623
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]624 pool_foreach (sr6, srt6->rules) {
Florin Corasc97a7392017-11-05 23:07:07 -0800[diff] [blame]625 vlib_cli_output (vm, "%U", format_session_rule6, srt, sr6);
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]626 }
Florin Coras1c710452017-10-17 00:03:13 -0700[diff] [blame]627
628 }
629}
630
631/*
632 * fd.io coding-style-patch-verification: ON
633 *
634 * Local Variables:
635 * eval: (c-set-style "gnu")
636 * End:
637 */