26 return ((ri << 1) | is_ip4);
32 *is_ip4 = rti_key & 1;
68 rtip =
hash_get (srt->tags_by_rules, rti_key);
83 u32 rule_index,
u8 is_ip4)
98 hash_set (srt->tags_by_rules, rti_key, rt - srt->rule_tags);
124 mma_rule_16_t *sr = va_arg (*args, mma_rule_16_t *);
125 session_mask_or_match_4_t *mask, *match;
126 mma_rules_table_16_t *srt4;
127 u8 *tag = 0, *null_tag =
format (0,
"none");
131 srt4 = &srt->session_rules_tables_16;
132 ri = mma_rules_table_rule_index_16 (srt4, sr);
134 match = (session_mask_or_match_4_t *) & sr->match;
135 mask = (session_mask_or_match_4_t *) & sr->mask;
137 s =
format (s,
"[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
142 clib_net_to_host_u16 (match->rmt_port), sr->action_index,
143 tag ? tag : null_tag);
144 if (
vec_len (sr->next_indices))
146 s =
format (s,
"\n children: ");
147 for (i = 0; i <
vec_len (sr->next_indices); i++)
148 s =
format (s,
"%d ", sr->next_indices[i]);
158 mma_rule_40_t *sr = va_arg (*args, mma_rule_40_t *);
159 session_mask_or_match_6_t *mask, *match;
160 mma_rules_table_40_t *srt6;
161 u8 *tag = 0, *null_tag =
format (0,
"none");
165 srt6 = &srt->session_rules_tables_40;
166 ri = mma_rules_table_rule_index_40 (srt6, sr);
168 match = (session_mask_or_match_6_t *) & sr->match;
169 mask = (session_mask_or_match_6_t *) & sr->mask;
171 s =
format (s,
"[%d] rule: %U/%d %d %U/%d %d action: %d tag: %v", ri,
176 clib_net_to_host_u16 (match->rmt_port), sr->action_index,
177 tag ? tag : null_tag);
178 if (
vec_len (sr->next_indices))
180 s =
format (s,
"\n children: ");
181 for (i = 0; i <
vec_len (sr->next_indices); i++)
182 s =
format (s,
"%d ", sr->next_indices[i]);
192 return &srt->session_rules_tables_16;
194 return &srt->session_rules_tables_40;
201 session_mask_or_match_4_t *m1, *m2;
203 m1 = (session_mask_or_match_4_t *) & rule1->max_match;
204 m2 = (session_mask_or_match_4_t *) & rule2->max_match;
205 if (m1->rmt_ip.as_u32 != m2->rmt_ip.as_u32)
206 return (m1->rmt_ip.as_u32 < m2->rmt_ip.as_u32 ? -1 : 1);
207 if (m1->lcl_ip.as_u32 != m2->lcl_ip.as_u32)
208 return (m1->lcl_ip.as_u32 < m2->lcl_ip.as_u32 ? -1 : 1);
209 if (m1->rmt_port != m2->rmt_port)
210 return (m1->rmt_port < m2->rmt_port ? -1 : 1);
211 if (m1->lcl_port != m2->lcl_port)
212 return (m1->lcl_port < m2->lcl_port ? -1 : 1);
219 session_mask_or_match_6_t *r1, *r2;
220 r1 = (session_mask_or_match_6_t *) & rule1->max_match;
221 r2 = (session_mask_or_match_6_t *) & rule2->max_match;
222 if (r1->rmt_ip.as_u64[0] != r2->rmt_ip.as_u64[0])
223 return (r1->rmt_ip.as_u64[0] < r2->rmt_ip.as_u64[0] ? -1 : 1);
224 if (r1->rmt_ip.as_u64[1] != r2->rmt_ip.as_u64[1])
225 return (r1->rmt_ip.as_u64[1] < r2->rmt_ip.as_u64[1] ? -1 : 1);
226 if (r1->lcl_ip.as_u64[0] != r2->lcl_ip.as_u64[0])
227 return (r1->lcl_ip.as_u64[0] < r2->lcl_ip.as_u64[0] ? -1 : 1);
228 if (r1->lcl_ip.as_u64[1] != r2->lcl_ip.as_u64[1])
229 return (r1->lcl_ip.as_u64[1] < r2->lcl_ip.as_u64[1]) ? -1 : 1;
230 if (r1->rmt_port != r2->rmt_port)
231 return (r1->rmt_port < r2->rmt_port ? -1 : 1);
232 if (r1->lcl_port != r2->lcl_port)
233 return (r1->lcl_port < r2->lcl_port ? -1 : 1);
242 session_mask_or_match_4_t *match, *mask, *max_match;
245 match = (session_mask_or_match_4_t *) & rule->match;
246 match->lcl_ip.as_u32 = lcl->
fp_addr.ip4.as_u32;
247 match->rmt_ip.as_u32 = rmt->
fp_addr.ip4.as_u32;
248 match->lcl_port = lcl_port;
249 match->rmt_port = rmt_port;
250 mask = (session_mask_or_match_4_t *) & rule->mask;
253 mask->lcl_port = lcl_port == 0 ? 0 : (
u16) ~ 0;
254 mask->rmt_port = rmt_port == 0 ? 0 : (
u16) ~ 0;
255 max_match = (session_mask_or_match_4_t *) & rule->max_match;
260 max_match->lcl_port = lcl_port == 0 ? (
u16) ~ 0 : lcl_port;
261 max_match->rmt_port = rmt_port == 0 ? (
u16) ~ 0 : rmt_port;
269 session_mask_or_match_6_t *match, *mask, *max_match;
272 match = (session_mask_or_match_6_t *) & rule->match;
275 match->lcl_port = lcl_port;
276 match->rmt_port = rmt_port;
277 mask = (session_mask_or_match_6_t *) & rule->mask;
280 mask->lcl_port = lcl_port == 0 ? 0 : (
u16) ~ 0;
281 mask->rmt_port = rmt_port == 0 ? 0 : (
u16) ~ 0;
282 max_match = (session_mask_or_match_6_t *) & rule->max_match;
287 max_match->lcl_port = lcl_port == 0 ? (
u16) ~ 0 : lcl_port;
288 max_match->rmt_port = rmt_port == 0 ? (
u16) ~ 0 : rmt_port;
296 mma_rule_16_t *rule = 0;
297 rule = mma_rules_table_rule_alloc_16 (srt);
308 rule = mma_rules_table_rule_alloc_40 (srt);
319 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
320 session_mask_or_match_4_t key = {
321 .lcl_ip.as_u32 = lcl_ip->
as_u32,
322 .rmt_ip.as_u32 = rmt_ip->
as_u32,
323 .lcl_port = lcl_port,
324 .rmt_port = rmt_port,
326 return mma_rules_table_lookup_rule_16 (srt4,
327 (mma_mask_or_match_16_t *) & key,
334 u16 lcl_port,
u16 rmt_port)
336 mma_rules_table_16_t *srt4 = &srt->session_rules_tables_16;
337 session_mask_or_match_4_t key = {
338 .lcl_ip.as_u32 = lcl_ip->
as_u32,
339 .rmt_ip.as_u32 = rmt_ip->
as_u32,
340 .lcl_port = lcl_port,
341 .rmt_port = rmt_port,
343 return mma_rules_table_lookup_16 (srt4, (mma_mask_or_match_16_t *) & key,
353 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
354 session_mask_or_match_6_t key = {
355 .lcl_port = lcl_port,
356 .rmt_port = rmt_port,
358 clib_memcpy (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
359 clib_memcpy (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
360 return mma_rules_table_lookup_rule_40 (srt6,
361 (mma_mask_or_match_40_t *) & key,
368 u16 lcl_port,
u16 rmt_port)
370 mma_rules_table_40_t *srt6 = &srt->session_rules_tables_40;
371 session_mask_or_match_6_t key = {
372 .lcl_port = lcl_port,
373 .rmt_port = rmt_port,
375 clib_memcpy (&key.lcl_ip, lcl_ip, sizeof (*lcl_ip));
376 clib_memcpy (&key.rmt_ip, rmt_ip, sizeof (*rmt_ip));
377 return mma_rules_table_lookup_40 (srt6, (mma_mask_or_match_40_t *) & key,
393 u8 fib_proto = args->rmt.fp_proto, *rt;
404 mma_rules_table_16_t *srt4;
405 srt4 = &srt->session_rules_tables_16;
408 mma_rule_16_t *rule4;
413 rule4->action_index = args->action_index;
414 rv = mma_rules_table_add_rule_16 (srt4, rule4);
417 ri = mma_rules_table_rule_index_16 (srt4, rule4);
423 &args->lcl.fp_addr.ip4,
424 &args->rmt.fp_addr.ip4,
440 rule = mma_rules_table_get_rule_16 (srt4, ri_from_tag);
441 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
448 memset (rule, 0,
sizeof (*rule));
450 args->lcl_port, &args->rmt,
452 mma_rules_table_del_rule_16 (srt4, rule, srt4->root_index);
458 mma_rules_table_40_t *srt6;
459 mma_rule_40_t *rule6;
460 srt6 = &srt->session_rules_tables_40;
467 rule6->action_index = args->action_index;
468 rv = mma_rules_table_add_rule_40 (srt6, rule6);
471 ri = mma_rules_table_rule_index_40 (srt6, rule6);
477 &args->lcl.fp_addr.ip6,
478 &args->rmt.fp_addr.ip6,
494 rule = mma_rules_table_get_rule_40 (srt6, ri_from_tag);
495 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
502 memset (rule, 0,
sizeof (*rule));
504 args->lcl_port, &args->rmt,
506 mma_rules_table_del_rule_40 (srt6, rule, srt6->root_index);
512 "invalid fib proto");
519 mma_rules_table_16_t *srt4;
520 mma_rules_table_40_t *srt6;
521 mma_rule_16_t *rule4;
522 mma_rule_40_t *rule6;
525 memset (&null_prefix, 0,
sizeof (null_prefix));
527 srt4 = &srt->session_rules_tables_16;
531 srt4->root_index = mma_rules_table_rule_index_16 (srt4, rule4);
534 srt6 = &srt->session_rules_tables_40;
538 srt6->root_index = mma_rules_table_rule_index_40 (srt6, rule6);
547 ip46_address_t * lcl_ip,
u16 lcl_port,
548 ip46_address_t * rmt_ip,
u16 rmt_port,
551 mma_rules_table_16_t *srt4;
552 mma_rules_table_40_t *srt6;
560 session_mask_or_match_4_t key = {
561 .lcl_ip.as_u32 = lcl_ip->ip4.as_u32,
562 .rmt_ip.as_u32 = rmt_ip->ip4.as_u32,
563 .lcl_port = lcl_port,
564 .rmt_port = rmt_port,
567 mma_rules_table_lookup_rule_16 (srt4,
568 (mma_mask_or_match_16_t *) & key,
570 sr4 = mma_rules_table_get_rule_16 (srt4, ri);
576 session_mask_or_match_6_t key = {
577 .lcl_port = lcl_port,
578 .rmt_port = rmt_port,
580 clib_memcpy (&key.lcl_ip, &lcl_ip->ip6, sizeof (lcl_ip->ip6));
581 clib_memcpy (&key.rmt_ip, &rmt_ip->ip6, sizeof (rmt_ip->ip6));
582 ri = mma_rules_table_lookup_rule_40 (srt6,
583 (mma_mask_or_match_40_t *) & key,
585 sr6 = mma_rules_table_get_rule_40 (srt6, ri);
596 mma_rules_table_16_t *srt4;
598 srt4 = &srt->session_rules_tables_16;
603 vlib_cli_output (vm,
"%U", format_session_rule4, srt, sr4);
610 mma_rules_table_40_t *srt6;
612 srt6 = &srt->session_rules_tables_40;
617 vlib_cli_output (vm,
"%U", format_session_rule6, srt, sr6);
fib_protocol_t fp_proto
protocol type
void session_rules_table_add_tag(session_rules_table_t *srt, u8 *tag, u32 rule_index, u8 is_ip4)
mma_rule_40_t * session_rules_table_alloc_rule_40(mma_rules_table_40_t *srt, fib_prefix_t *lcl, u16 lcl_port, fib_prefix_t *rmt, u16 rmt_port)
void session_rules_table_init(session_rules_table_t *srt)
void ip6_preflen_to_mask(u8 pref_len, ip6_address_t *mask)
#define hash_set(h, key, value)
void ip4_preflen_to_mask(u8 pref_len, ip4_address_t *ip)
void session_rules_table_cli_dump(vlib_main_t *vm, session_rules_table_t *srt, u8 fib_proto)
#define hash_unset(h, key)
struct _session_rules_table_t session_rules_table_t
clib_error_t * session_rules_table_add_del(session_rules_table_t *srt, session_rule_table_add_del_args_t *args)
Add/delete session rule.
int rule_cmp_16(mma_rule_16_t *rule1, mma_rule_16_t *rule2)
u8 * session_rules_table_rule_tag(session_rules_table_t *srt, u32 ri, u8 is_ip4)
static void fib_pref_normalize(fib_prefix_t *pref)
#define hash_set_mem(h, key, value)
u32 session_rules_table_lookup4(session_rules_table_t *srt, ip4_address_t *lcl_ip, ip4_address_t *rmt_ip, u16 lcl_port, u16 rmt_port)
mma_rule_16_t * session_rules_table_alloc_rule_16(mma_rules_table_16_t *srt, fib_prefix_t *lcl, u16 lcl_port, fib_prefix_t *rmt, u16 rmt_port)
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
u32 session_rules_table_rule_for_tag(session_rules_table_t *srt, u8 *tag)
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
void * session_rules_table_get(session_rules_table_t *srt, u8 fib_proto)
void ip6_prefix_max_address_host_order(ip6_address_t *ip, u8 plen, ip6_address_t *res)
void ip4_address_normalize(ip4_address_t *ip4, u8 preflen)
Aggregrate type for a prefix.
void session_rules_table_init_rule_16(mma_rule_16_t *rule, fib_prefix_t *lcl, u16 lcl_port, fib_prefix_t *rmt, u16 rmt_port)
u16 fp_len
The mask length.
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
#define hash_unset_mem(h, key)
ip46_address_t fp_addr
The address type is not deriveable from the fp_addr member.
struct _rule_tag session_rule_tag_t
void ip6_address_normalize(ip6_address_t *ip6, u8 preflen)
#define pool_put(P, E)
Free an object E in pool P.
#define vec_dup(V)
Return copy of vector (no header, no alignment)
u32 session_rules_table_lookup_rule4(session_rules_table_t *srt, ip4_address_t *lcl_ip, ip4_address_t *rmt_ip, u16 lcl_port, u16 rmt_port)
int rule_cmp_40(mma_rule_40_t *rule1, mma_rule_40_t *rule2)
u32 ip6_mask_to_preflen(ip6_address_t *mask)
u32 session_rules_table_lookup6(session_rules_table_t *srt, ip6_address_t *lcl_ip, ip6_address_t *rmt_ip, u16 lcl_port, u16 rmt_port)
void session_rule_tag_key_index_parse(u32 rti_key, u32 *ri, u8 *is_ip4)
u8 * format_session_rule6(u8 *s, va_list *args)
#define SESSION_RULES_TABLE_INVALID_INDEX
#define vec_free(V)
Free vector's memory (no header).
#define clib_warning(format, args...)
#define clib_memcpy(a, b, c)
u32 ip4_mask_to_preflen(ip4_address_t *mask)
u8 * format_session_rule4(u8 *s, va_list *args)
#define hash_create(elts, value_bytes)
u32 session_rule_tag_key_index(u32 ri, u8 is_ip4)
u32 session_rules_table_lookup_rule6(session_rules_table_t *srt, ip6_address_t *lcl_ip, ip6_address_t *rmt_ip, u16 lcl_port, u16 rmt_port)
void session_rules_table_show_rule(vlib_main_t *vm, session_rules_table_t *srt, ip46_address_t *lcl_ip, u16 lcl_port, ip46_address_t *rmt_ip, u16 rmt_port, u8 is_ip4)
#define hash_create_vec(elts, key_bytes, value_bytes)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
void ip4_prefix_max_address_host_order(ip4_address_t *ip, u8 plen, ip4_address_t *res)
#define hash_get_mem(h, key)
struct _session_rules_table_add_del_args session_rule_table_add_del_args_t
#define clib_error_return_code(e, code, flags, args...)
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
void session_rules_table_init_rule_40(mma_rule_40_t *rule, fib_prefix_t *lcl, u16 lcl_port, fib_prefix_t *rmt, u16 rmt_port)
void session_rules_table_del_tag(session_rules_table_t *srt, u8 *tag, u8 is_ip4)