diff options
Diffstat (limited to 'common/VIL/conntrack/rte_cnxn_tracking.h')
-rw-r--r-- | common/VIL/conntrack/rte_cnxn_tracking.h | 413 |
1 files changed, 413 insertions, 0 deletions
diff --git a/common/VIL/conntrack/rte_cnxn_tracking.h b/common/VIL/conntrack/rte_cnxn_tracking.h new file mode 100644 index 00000000..1efb60ef --- /dev/null +++ b/common/VIL/conntrack/rte_cnxn_tracking.h @@ -0,0 +1,413 @@ +/* +// Copyright (c) 2017 Intel Corporation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +*/ + +#ifndef _CNXN_TRACKING_H +#define _CNXN_TRACKING_H + +#include <stdlib.h> +#include <string.h> +#include <inttypes.h> +#include <stdbool.h> + + +#include <rte_hash.h> +#include <rte_ether.h> + +#include "rte_ct_tcp.h" + + +/** + * @file + * Connection Tracker + * + * A Connection Tracker tracks the status of TCP connections. By remembering + * keys pieces of data, such as connection state, sequence numbers seen, and + * transmission window size, it can determine if a give packet is valid, or + * invalid and should be discarded. + * + * The current interface is designed for use with ip_pipeline code. + */ + +/* + * Opaque type definition for an instance of the connection tracker. It is + * possible to have multiple instances of connection tracking running, on one + * or more cores. All traffic for a TCP connection must be run through the same + * rte_ct_cnxn_tracker. + */ + +/* + * The rte_ct_cnxn_tracker is an instance of a connection tracker. + */ +struct rte_ct_cnxn_tracker __rte_cache_aligned; + +extern int rte_CT_hi_counter_block_in_use; + +struct rte_CT_counter_block { + /* as long as a counter doesn't cross cache line, writes are atomic */ + uint64_t current_active_sessions; + uint64_t sessions_activated; /* a SYN packet seen, or UDP */ + /* a SYN packet re-opening a connection */ + uint64_t sessions_reactivated; + /* SYN, SYN/ACK, ACK established a connection */ + uint64_t sessions_established; + uint64_t sessions_closed; + uint64_t sessions_timedout; + uint64_t pkts_forwarded; + uint64_t pkts_drop; + uint64_t pkts_drop_invalid_conn; + uint64_t pkts_drop_invalid_state; + uint64_t pkts_drop_invalid_rst; + uint64_t pkts_drop_outof_window; +} __rte_cache_aligned; + +struct rte_synproxy_helper { + uint64_t reply_pkt_mask; + uint64_t hijack_mask; + struct rte_mbuf **buffered_pkts_to_forward; + uint8_t num_buffered_pkts_to_forward; +}; + +struct rte_CT_helper { + uint64_t no_new_cnxn_mask; + uint64_t reply_pkt_mask; + uint64_t hijack_mask; + struct rte_mbuf **buffered_pkts_to_forward; + uint8_t num_buffered_pkts_to_forward; +}; + +#define MAX_CT_INSTANCES 24 /* max number fw threads, actual usually less*/ + +extern struct rte_CT_counter_block rte_CT_counter_table[MAX_CT_INSTANCES] +__rte_cache_aligned; + +/** + * Run the connection tracking for 1 to 64 packets. + * + * @param ct + * Instance of cnxn tracker to use. + * @param pkts + * Table of pointers to mbufs containing packets for connection tracking. + * Any packets which are not TCP/IP will be ignnored. A maximum of 64 + * packets may be processed in a call. + * @param pkts_mask + * Bit map representing which table elements of "pkts" are valid mbuf + * pointers, where the least-significant bit of the map represents table + * element 0. There must be at least as many elements in the table as the + * highest order bit in the map. Valid table entries with a corresponding + * 0 in the bitmap will be ignored. + * @param ct_helper + * Pointer to rte_CT_helper structure which hold the connection tracker + * tracking information. + * + * @return + * Returns an updated bitmap that reflects which packets are valid and should + * be forwarded. + * Any bits representing invalid TCP packets are cleared. + * Any packets which are not TCP/IP are considered valid for this purpose. + */ + +uint64_t +rte_ct_cnxn_tracker_batch_lookup( + struct rte_ct_cnxn_tracker *ct, + struct rte_mbuf **pkts, + uint64_t pkts_mask, + struct rte_CT_helper *ct_helper); + +void +rte_ct_cnxn_tracker_batch_lookup_type( + struct rte_ct_cnxn_tracker *ct, + struct rte_mbuf **pkts, + uint64_t *pkts_mask, + struct rte_CT_helper *ct_helper, + uint8_t ip_hdr_size_bytes); + + +/** + * Run the connection tracking for 1 to 64 packets. + * + * @param ct + * Instance of cnxn tracker to use. + * @param pkts + * Table of pointers to mbufs containing packets for connection tracking. + * Any packets which are not TCP/IP will be ignnored. A maximum of 64 + * packets may be processed in a call. + * @param pkts_mask + * Bit map representing which table elements of "pkts" are valid mbuf + * pointers, where the least-significant bit of the map represents table + * element 0. There must be at least as many elements in the table as the + * highest order bit in the map. Valid table entries with a corresponding + * 0 in the bitmap will be ignored. + * @param no_new_cnxn_mask + * Bit map representing which table elements of "pkts" are should be + * considered valid packets only if there is already an existing connection + * for this packet (i.e. same ip addresses, tcp/udp ports, and protocol). + * This mask must be a subset of "pkts_mask" (including all or none), and + * follows the same format. A 1 means must be existing connection, a 0 means + * a new connection setup (e.g. TCP SYN packet) is allowed, or this entry + * corresponds to a 0 in pkts_mask. + * + * @return + * Returns an updated bitmap that reflects which packets are valid and should + * be forwarded. + * Any bits representing invalid TCP packets are cleared. + * Any packets which are not TCP/IP are considered valid for this purpose. + */ + +uint64_t +rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control( + struct rte_ct_cnxn_tracker *ct, + struct rte_mbuf **pkts, + uint64_t pkts_mask, + uint64_t no_new_cnxn_mask); + + +/** +* Run the connection tracking for 1 to 64 packets, with support for +* synproxy. +* +* @param ct +* Instance of cnxn tracker to use. +* @param pkts +* Table of pointers to mbufs containing packets for connection tracking. +* Any packets which are not TCP/IP will be ignnored. A maximum of 64 +* packets may be processed in a call. +* @param pkts_mask +* Bit map representing which table elements of "pkts" are valid mbuf pointers, +* where the least-significant bit of the map represents table element 0. There +* must be at least as many elements in the table as the highest order bit in +* the map. Valid table entries with a corresponding 0 in the bitmap will be +* ignored. +* @param reply_pkt_mask +* Bit map representing which table elements of "pkts" have been altered to +* reply messages for synproxy. These packets, or copies of them must be sent +* back to the originator. IP and TCP headers have been altered, ethernet +* header has not +* @return +* Returns an updated bitmap that reflects which packets are valid and should +* be forwarded.Any bits representing invalid TCP packets are cleared. +* Any packets which are not TCP/IP are considered valid for this purpose. +*/ + + +uint64_t +rte_ct_cnxn_tracker_batch_lookup_with_synproxy( + struct rte_ct_cnxn_tracker *ct, + struct rte_mbuf **pkts, + uint64_t pkts_mask, + struct rte_synproxy_helper *sp_helper); + + + + + +/** + * Synproxy might need to buffer client-side packets while the + * server-side of the proxy is still being set up. The packets + * are released when the server-side connection is complete. + * This routine is used to retrieve those packets. Packets are + * also released in a similar manner if there is a timeout + * during a synproxy setup. This routine should be called before + * immediately before any timeout handling, to get the list of + * packets (if any) to forward, and again immediately after timeout + * handling to get the list of packets (if any) to delete. + * Calling this routine removes the packets from synproxy. + * + * @param new_cnxn_tracker + * The connection tracker from which to retrieve the packets + * + * @return + * a linked list of packets to process, in order. The list is + * connected via a pointer stored in the mbuf in the offset + * given in the "pointer_offset" parameter to the routine: + * "rte_ct_initialize_cnxn_tracker_with_synproxy". + * If not packets currently available, returns NULL. + */ + +struct rte_mbuf * +rte_ct_get_buffered_synproxy_packets(struct rte_ct_cnxn_tracker *ct); + + +/** + * Initialize a connection tracker instance before use. + * + * @param new_cnxn_tracker + * The connection tracker to initialize, allocated by the user. + * @param max_connection_count + * Maximum number of simultaneous connections supported. + * @param name + * A name to give to this connection tracker, for debug purposes + * + * @return + * - 0 if successful + * - negative if unsuccesful + */ + +int +rte_ct_initialize_cnxn_tracker_with_synproxy( + struct rte_ct_cnxn_tracker *new_cnxn_tracker, + uint32_t max_connection_count, + char *name, + uint16_t pointer_offset); + +/** + * Initialize a connection tracker instance before use with synproxy support. + * + * @param new_cnxn_tracker + * The connection tracker to initialize, allocated by the user. + * @param max_connection_count + * Maximum number of simultaneous connections supported. + * @param name + * A name to give to this connection tracker, for debug purposes + * @param pointer_offset + * An offset into the mbuf where the connection tracker can store two pointers. + * + * @return + * - 0 if successful + * - negative if unsuccesful + */ + +int +rte_ct_initialize_cnxn_tracker( + struct rte_ct_cnxn_tracker *new_cnxn_tracker, + uint32_t max_connection_count, + char *name); + + +/** + * Free resources allocated by earlier call to rte_ct_initialize_cnxn_tracker() + * + * @param old_cnxn_tracker + * The connection tracker previously initialized. + * + * @return + * - 0 if successful + * - < 0 if unsuccesful + */ + +int +rte_ct_free_cnxn_tracker_resources( + struct rte_ct_cnxn_tracker *old_cnxn_tracker); + + +/** + * Get size of opaque type rte_ct_cnxn_tracker in order to allocate an instance. + * + * @return + * Size in bytes of rte_ct_cnxn_tracker type + */ + +int +rte_ct_get_cnxn_tracker_size(void); + +/** + * Get address of counters kept by this instance. + * + * @param ct + * Instance of cnxn tracker. + * + */ + +struct rte_CT_counter_block* +rte_ct_get_counter_address(struct rte_ct_cnxn_tracker *ct); + + +/** + * Process a configuration option supported in the config file. + * If a valid name/value pair, update the cnxn tracker. + * + * @param ct + * Instance of cnxn tracker. + * + * @param name + * Name of configuration option. + * + * @param value + * Value of configuration option. + * + * @return + * - 0 if successful + * - < 0 if unsuccesful + */ + +int +rte_ct_set_configuration_options( + struct rte_ct_cnxn_tracker *ct, + char *name, + char *value); + +/** + * Check for expired connection tracking timers, and delete any expired + * connections. This routine must be called in the loop that processes packets, + * to ensure that timeouts are handled synchronously with packet processing. + * More frequent calls means more accurate timing but more overhead. + * + * @param ct + * Instance of cnxn tracker to check timers. + * + */ + +void +rte_ct_handle_expired_timers(struct rte_ct_cnxn_tracker *ct); + + +int +rte_ct_get_IP_hdr_size(struct rte_mbuf *pkt); + +/** +* Enable synproxy for this connection tracker. +* +* @param ct +* Instance of cnxn tracker to enable. +* +*/ + +void +rte_ct_enable_synproxy(struct rte_ct_cnxn_tracker *ct); + +/** +* Disable synproxy for this connection tracker. +* +* @param ct +* Instance of cnxn tracker to disable. +* +*/ + +void +rte_ct_disable_synproxy(struct rte_ct_cnxn_tracker *ct); +int +rte_ct_initialize_default_timeouts( + struct rte_ct_cnxn_tracker *new_cnxn_tracker); + +uint8_t +rte_ct_create_cnxn_hashkey( + uint32_t *src_addr, + uint32_t *dst_addr, + uint16_t src_port, + uint16_t dst_port, + uint8_t proto, + uint32_t *key, + uint8_t type); + +/* To get timer core id from CGNAPT timer thread*/ +#ifdef CT_CGNAT +extern uint32_t get_timer_core_id(void); +uint64_t cgnapt_ct_process( + struct rte_ct_cnxn_tracker *ct, + struct rte_mbuf **pkts, + uint64_t pkts_mask, + struct rte_CT_helper *ct_helper); +#endif +#endif |