1 files changed, 413 insertions, 0 deletions
diff --git a/common/VIL/conntrack/rte_cnxn_tracking.h b/common/VIL/conntrack/rte_cnxn_tracking.h
new file mode 100644
index 00000000..1efb60ef
--- /dev/null
+++ b/common/VIL/conntrack/rte_cnxn_tracking.h
@@ -0,0 +1,413 @@
+/*
+// Copyright (c) 2017 Intel Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+*/
+
+#ifndef _CNXN_TRACKING_H
+#define _CNXN_TRACKING_H
+
+#include <stdlib.h>
+#include <string.h>
+#include <inttypes.h>
+#include <stdbool.h>
+
+
+#include <rte_hash.h>
+#include <rte_ether.h>
+
+#include "rte_ct_tcp.h"
+
+
+/**
+ *  @file
+ *  Connection Tracker
+ *
+ *  A Connection Tracker tracks the status of TCP connections. By remembering
+ *  keys pieces of data, such as connection state, sequence numbers seen, and
+ *  transmission window size, it can determine if a give packet is valid, or
+ *  invalid and should be discarded.
+ *
+ *  The current interface is designed for use with ip_pipeline code.
+ */
+
+/*
+ * Opaque type definition for an instance of the connection tracker. It is
+ * possible to have multiple instances of connection tracking running, on one
+ * or more cores. All traffic for a TCP connection must be run through the same
+ * rte_ct_cnxn_tracker.
+ */
+
+/*
+ * The rte_ct_cnxn_tracker is an instance of a connection tracker.
+ */
+struct rte_ct_cnxn_tracker  __rte_cache_aligned;
+
+extern int rte_CT_hi_counter_block_in_use;
+
+struct rte_CT_counter_block {
+ /* as long as a counter doesn't cross cache line, writes are atomic */
+	uint64_t current_active_sessions;
+	uint64_t sessions_activated;	/* a SYN packet seen, or UDP */
+	/* a SYN packet re-opening a connection */
+	uint64_t sessions_reactivated;
+	/* SYN, SYN/ACK, ACK established a connection */
+	uint64_t sessions_established;
+	uint64_t sessions_closed;
+	uint64_t sessions_timedout;
+	uint64_t pkts_forwarded;
+	uint64_t pkts_drop;
+	uint64_t pkts_drop_invalid_conn;
+	uint64_t pkts_drop_invalid_state;
+	uint64_t pkts_drop_invalid_rst;
+	uint64_t pkts_drop_outof_window;
+} __rte_cache_aligned;
+
+struct rte_synproxy_helper {
+	uint64_t reply_pkt_mask;
+	uint64_t hijack_mask;
+	struct rte_mbuf **buffered_pkts_to_forward;
+	uint8_t num_buffered_pkts_to_forward;
+};
+
+struct rte_CT_helper {
+	uint64_t no_new_cnxn_mask;
+	uint64_t reply_pkt_mask;
+	uint64_t hijack_mask;
+	struct rte_mbuf **buffered_pkts_to_forward;
+	uint8_t num_buffered_pkts_to_forward;
+};
+
+#define MAX_CT_INSTANCES 24 /* max number fw threads, actual usually less*/
+
+extern struct rte_CT_counter_block rte_CT_counter_table[MAX_CT_INSTANCES]
+__rte_cache_aligned;
+
+/**
+ * Run the connection tracking for 1 to 64 packets.
+ *
+ * @param ct
+ *   Instance of cnxn tracker to use.
+ * @param pkts
+ *   Table of pointers to mbufs containing packets for connection tracking.
+ *   Any packets which are not TCP/IP will be ignnored. A maximum of 64
+ *   packets may be processed in a call.
+ * @param pkts_mask
+ *   Bit map representing which table elements of "pkts" are valid mbuf
+ *   pointers, where the least-significant bit of the map represents table
+ *   element 0. There must be at least as many elements in the table as the
+ *   highest order bit in the map. Valid table entries with a corresponding
+ *   0 in the bitmap will be ignored.
+ * @param ct_helper
+ *   Pointer to rte_CT_helper structure which hold the connection tracker
+ *   tracking information.
+ *
+ * @return
+ *   Returns an updated bitmap that reflects which packets are valid and should
+ *   be forwarded.
+ *   Any bits representing invalid TCP packets are cleared.
+ *   Any packets which are not TCP/IP are considered valid for this purpose.
+ */
+
+uint64_t
+rte_ct_cnxn_tracker_batch_lookup(
+	struct rte_ct_cnxn_tracker *ct,
+	struct rte_mbuf **pkts,
+	uint64_t pkts_mask,
+	struct rte_CT_helper *ct_helper);
+
+void
+rte_ct_cnxn_tracker_batch_lookup_type(
+	struct rte_ct_cnxn_tracker *ct,
+	struct rte_mbuf **pkts,
+	uint64_t *pkts_mask,
+	struct rte_CT_helper *ct_helper,
+	uint8_t ip_hdr_size_bytes);
+
+
+/**
+ * Run the connection tracking for 1 to 64 packets.
+ *
+ * @param ct
+ *   Instance of cnxn tracker to use.
+ * @param pkts
+ *   Table of pointers to mbufs containing packets for connection tracking.
+ *   Any packets which are not TCP/IP will be ignnored. A maximum of 64
+ *   packets may be processed in a call.
+ * @param pkts_mask
+ *   Bit map representing which table elements of "pkts" are valid mbuf
+ *   pointers, where the least-significant bit of the map represents table
+ *   element 0. There must be at least as many elements in the table as the
+ *   highest order bit in the map. Valid table entries with a corresponding
+ *   0 in the bitmap will be ignored.
+ * @param no_new_cnxn_mask
+ *   Bit map representing which table elements of "pkts" are should be
+ *   considered valid packets only if there is already an existing connection
+ *   for this packet (i.e. same ip addresses, tcp/udp ports, and protocol).
+ *   This mask must be a subset of "pkts_mask" (including all or none), and
+ *   follows the same format. A 1 means must be existing connection, a 0 means
+ *   a new connection setup (e.g. TCP SYN packet) is allowed, or this entry
+ *   corresponds to a 0 in pkts_mask.
+ *
+ * @return
+ *   Returns an updated bitmap that reflects which packets are valid and should
+ *   be forwarded.
+ *   Any bits representing invalid TCP packets are cleared.
+ *   Any packets which are not TCP/IP are considered valid for this purpose.
+ */
+
+uint64_t
+rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control(
+	struct rte_ct_cnxn_tracker *ct,
+	struct rte_mbuf **pkts,
+	uint64_t pkts_mask,
+	uint64_t no_new_cnxn_mask);
+
+
+/**
+* Run the connection tracking for 1 to 64 packets, with support for
+* synproxy.
+*
+* @param ct
+*   Instance of cnxn tracker to use.
+* @param pkts
+*   Table of pointers to mbufs containing packets for connection tracking.
+*   Any packets which are not TCP/IP will be ignnored. A maximum of 64
+*   packets may be processed in a call.
+* @param pkts_mask
+*   Bit map representing which table elements of "pkts" are valid mbuf pointers,
+*   where the least-significant bit of the map represents table element 0. There
+*   must be at least as many elements in the table as the highest order bit in
+*   the map. Valid table entries with a corresponding 0 in the bitmap will be
+*   ignored.
+* @param reply_pkt_mask
+*   Bit map representing which table elements of "pkts" have been altered to
+*   reply messages for synproxy. These packets, or copies of them must be sent
+*   back to the originator. IP and TCP headers have been altered, ethernet
+*   header has not
+* @return
+*   Returns an updated bitmap that reflects which packets are valid and should
+*   be forwarded.Any bits representing invalid TCP packets are cleared.
+*   Any packets which are not TCP/IP are considered valid for this purpose.
+*/
+
+
+uint64_t
+rte_ct_cnxn_tracker_batch_lookup_with_synproxy(
+	struct rte_ct_cnxn_tracker *ct,
+	struct rte_mbuf **pkts,
+	uint64_t pkts_mask,
+	struct rte_synproxy_helper *sp_helper);
+
+
+
+
+
+/**
+ * Synproxy might need to buffer client-side packets while the
+ * server-side of the proxy is still being set up. The packets
+ * are released when the server-side connection is complete.
+ * This routine is used to retrieve those packets. Packets are
+ * also released in a similar manner if there is a timeout
+ * during a synproxy setup. This routine should be called before
+ * immediately before any timeout handling, to get the list of
+ * packets (if any) to forward, and again immediately after timeout
+ * handling  to get the list of  packets (if any) to delete.
+ * Calling this routine removes the packets from synproxy.
+ *
+ * @param new_cnxn_tracker
+ *   The connection tracker from which to retrieve the packets
+ *
+ * @return
+ *   a linked list of packets to process, in order. The list is
+ *   connected via a pointer stored in the mbuf in the offset
+ *   given in the "pointer_offset" parameter to the routine:
+ *   "rte_ct_initialize_cnxn_tracker_with_synproxy".
+ *   If not packets currently available, returns NULL.
+ */
+
+struct rte_mbuf *
+rte_ct_get_buffered_synproxy_packets(struct rte_ct_cnxn_tracker *ct);
+
+
+/**
+ * Initialize a connection tracker instance before use.
+ *
+ * @param new_cnxn_tracker
+ *   The connection tracker to initialize, allocated by the user.
+ * @param max_connection_count
+ *   Maximum number of simultaneous connections supported.
+ * @param name
+ *  A name to give to this connection tracker, for debug purposes
+ *
+ * @return
+ *   - 0 if successful
+ *   - negative if unsuccesful
+ */
+
+int
+rte_ct_initialize_cnxn_tracker_with_synproxy(
+	struct rte_ct_cnxn_tracker *new_cnxn_tracker,
+	uint32_t max_connection_count,
+	char *name,
+	uint16_t pointer_offset);
+
+/**
+ * Initialize a connection tracker instance before use with synproxy support.
+ *
+ * @param new_cnxn_tracker
+ *   The connection tracker to initialize, allocated by the user.
+ * @param max_connection_count
+ *   Maximum number of simultaneous connections supported.
+ * @param name
+ *  A name to give to this connection tracker, for debug purposes
+ * @param pointer_offset
+ *  An offset into the mbuf where the connection tracker can store two pointers.
+ *
+ * @return
+ *   - 0 if successful
+ *   - negative if unsuccesful
+ */
+
+int
+rte_ct_initialize_cnxn_tracker(
+	struct rte_ct_cnxn_tracker *new_cnxn_tracker,
+	uint32_t max_connection_count,
+	char *name);
+
+
+/**
+ * Free resources allocated by earlier call to rte_ct_initialize_cnxn_tracker()
+ *
+ * @param old_cnxn_tracker
+ *   The connection tracker previously initialized.
+ *
+ * @return
+ *   - 0 if successful
+ *   - < 0 if unsuccesful
+ */
+
+int
+rte_ct_free_cnxn_tracker_resources(
+		struct rte_ct_cnxn_tracker *old_cnxn_tracker);
+
+
+/**
+ * Get size of opaque type rte_ct_cnxn_tracker in order to allocate an instance.
+ *
+ * @return
+ *   Size in bytes of rte_ct_cnxn_tracker type
+ */
+
+int
+rte_ct_get_cnxn_tracker_size(void);
+
+/**
+ * Get address of counters kept by this instance.
+ *
+ * @param ct
+ *   Instance of cnxn tracker.
+ *
+ */
+
+struct rte_CT_counter_block*
+rte_ct_get_counter_address(struct rte_ct_cnxn_tracker *ct);
+
+
+/**
+ * Process a configuration option supported in the config file.
+ * If a valid name/value pair, update the cnxn tracker.
+ *
+ * @param ct
+ *   Instance of cnxn tracker.
+ *
+ * @param name
+ *   Name of configuration option.
+ *
+ * @param value
+ *   Value of configuration option.
+ *
+ * @return
+ *   - 0 if successful
+ *   - < 0 if unsuccesful
+ */
+
+int
+rte_ct_set_configuration_options(
+	struct rte_ct_cnxn_tracker *ct,
+	char *name,
+	char *value);
+
+/**
+ * Check for expired connection tracking timers, and delete any expired
+ * connections. This routine must be called in the loop that processes packets,
+ * to ensure that timeouts are handled synchronously with packet processing.
+ * More frequent calls means more accurate timing but more overhead.
+ *
+ * @param ct
+ *   Instance of cnxn tracker to check timers.
+ *
+ */
+
+void
+rte_ct_handle_expired_timers(struct rte_ct_cnxn_tracker *ct);
+
+
+int
+rte_ct_get_IP_hdr_size(struct rte_mbuf *pkt);
+
+/**
+* Enable synproxy for this connection tracker.
+*
+* @param ct
+*   Instance of cnxn tracker to enable.
+*
+*/
+
+void
+rte_ct_enable_synproxy(struct rte_ct_cnxn_tracker *ct);
+
+/**
+* Disable synproxy for this connection tracker.
+*
+* @param ct
+*   Instance of cnxn tracker to disable.
+*
+*/
+
+void
+rte_ct_disable_synproxy(struct rte_ct_cnxn_tracker *ct);
+int
+rte_ct_initialize_default_timeouts(
+		struct rte_ct_cnxn_tracker *new_cnxn_tracker);
+
+uint8_t
+rte_ct_create_cnxn_hashkey(
+	uint32_t *src_addr,
+	uint32_t *dst_addr,
+	uint16_t src_port,
+	uint16_t dst_port,
+	uint8_t proto,
+	uint32_t *key,
+	uint8_t type);
+
+/* To get timer core id from CGNAPT timer thread*/
+#ifdef CT_CGNAT
+extern uint32_t get_timer_core_id(void);
+uint64_t cgnapt_ct_process(
+	struct rte_ct_cnxn_tracker *ct,
+	struct rte_mbuf **pkts,
+	uint64_t pkts_mask,
+	struct rte_CT_helper *ct_helper);
+#endif
+#endif