path: root/common/VIL/conntrack/rte_cnxn_tracking.h

/*
// Copyright (c) 2017 Intel Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
*/

#ifndef _CNXN_TRACKING_H
#define _CNXN_TRACKING_H

#include <stdlib.h>
#include <string.h>
#include <inttypes.h>
#include <stdbool.h>


#include <rte_hash.h>
#include <rte_ether.h>

#include "rte_ct_tcp.h"


/**
 *  @file
 *  Connection Tracker
 *
 *  A Connection Tracker tracks the status of TCP connections. By remembering
 *  keys pieces of data, such as connection state, sequence numbers seen, and
 *  transmission window size, it can determine if a give packet is valid, or
 *  invalid and should be discarded.
 *
 *  The current interface is designed for use with ip_pipeline code.
 */

/*
 * Opaque type definition for an instance of the connection tracker. It is
 * possible to have multiple instances of connection tracking running, on one
 * or more cores. All traffic for a TCP connection must be run through the same
 * rte_ct_cnxn_tracker.
 */

/*
 * The rte_ct_cnxn_tracker is an instance of a connection tracker.
 */
struct rte_ct_cnxn_tracker  __rte_cache_aligned;

extern int rte_CT_hi_counter_block_in_use;

struct rte_CT_counter_block {
 /* as long as a counter doesn't cross cache line, writes are atomic */
	uint64_t current_active_sessions;
	uint64_t sessions_activated;	/* a SYN packet seen, or UDP */
	/* a SYN packet re-opening a connection */
	uint64_t sessions_reactivated;
	/* SYN, SYN/ACK, ACK established a connection */
	uint64_t sessions_established;
	uint64_t sessions_closed;
	uint64_t sessions_timedout;
	uint64_t pkts_forwarded;
	uint64_t pkts_drop;
	uint64_t pkts_drop_invalid_conn;
	uint64_t pkts_drop_invalid_state;
	uint64_t pkts_drop_invalid_rst;
	uint64_t pkts_drop_outof_window;
} __rte_cache_aligned;

struct rte_synproxy_helper {
	uint64_t reply_pkt_mask;
	uint64_t hijack_mask;
	struct rte_mbuf **buffered_pkts_to_forward;
	uint8_t num_buffered_pkts_to_forward;
};

struct rte_CT_helper {
	uint64_t no_new_cnxn_mask;
	uint64_t reply_pkt_mask;
	uint64_t hijack_mask;
	struct rte_mbuf **buffered_pkts_to_forward;
	uint8_t num_buffered_pkts_to_forward;
};

#define MAX_CT_INSTANCES 24 /* max number fw threads, actual usually less*/

extern struct rte_CT_counter_block rte_CT_counter_table[MAX_CT_INSTANCES]
__rte_cache_aligned;

/**
 * Run the connection tracking for 1 to 64 packets.
 *
 * @param ct
 *   Instance of cnxn tracker to use.
 * @param pkts
 *   Table of pointers to mbufs containing packets for connection tracking.
 *   Any packets which are not TCP/IP will be ignnored. A maximum of 64
 *   packets may be processed in a call.
 * @param pkts_mask
 *   Bit map representing which table elements of "pkts" are valid mbuf
 *   pointers, where the least-significant bit of the map represents table
 *   element 0. There must be at least as many elements in the table as the
 *   highest order bit in the map. Valid table entries with a corresponding
 *   0 in the bitmap will be ignored.
 * @param ct_helper
 *   Pointer to rte_CT_helper structure which hold the connection tracker
 *   tracking information.
 *
 * @return
 *   Returns an updated bitmap that reflects which packets are valid and should
 *   be forwarded.
 *   Any bits representing invalid TCP packets are cleared.
 *   Any packets which are not TCP/IP are considered valid for this purpose.
 */

uint64_t
rte_ct_cnxn_tracker_batch_lookup(
	struct rte_ct_cnxn_tracker *ct,
	struct rte_mbuf **pkts,
	uint64_t pkts_mask,
	struct rte_CT_helper *ct_helper);

void
rte_ct_cnxn_tracker_batch_lookup_type(
	struct rte_ct_cnxn_tracker *ct,
	struct rte_mbuf **pkts,
	uint64_t *pkts_mask,
	struct rte_CT_helper *ct_helper,
	uint8_t ip_hdr_size_bytes);


/**
 * Run the connection tracking for 1 to 64 packets.
 *
 * @param ct
 *   Instance of cnxn tracker to use.
 * @param pkts
 *   Table of pointers to mbufs containing packets for connection tracking.
 *   Any packets which are not TCP/IP will be ignnored. A maximum of 64
 *   packets may be processed in a call.
 * @param pkts_mask
 *   Bit map representing which table elements of "pkts" are valid mbuf
 *   pointers, where the least-significant bit of the map represents table
 *   element 0. There must be at least as many elements in the table as the
 *   highest order bit in the map. Valid table entries with a corresponding
 *   0 in the bitmap will be ignored.
 * @param no_new_cnxn_mask
 *   Bit map representing which table elements of "pkts" are should be
 *   considered valid packets only if there is already an existing connection
 *   for this packet (i.e. same ip addresses, tcp/udp ports, and protocol).
 *   This mask must be a subset of "pkts_mask" (including all or none), and
 *   follows the same format. A 1 means must be existing connection, a 0 means
 *   a new connection setup (e.g. TCP SYN packet) is allowed, or this entry
 *   corresponds to a 0 in pkts_mask.
 *
 * @return
 *   Returns an updated bitmap that reflects which packets are valid and should
 *   be forwarded.
 *   Any bits representing invalid TCP packets are cleared.
 *   Any packets which are not TCP/IP are considered valid for this purpose.
 */

uint64_t
rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control(
	struct rte_ct_cnxn_tracker *ct,
	struct rte_mbuf **pkts,
	uint64_t pkts_mask,
	uint64_t no_new_cnxn_mask);


/**
* Run the connection tracking for 1 to 64 packets, with support for
* synproxy.
*
* @param ct
*   Instance of cnxn tracker to use.
* @param pkts
*   Table of pointers to mbufs containing packets for connection tracking.
*   Any packets which are not TCP/IP will be ignnored. A maximum of 64
*   packets may be processed in a call.
* @param pkts_mask
*   Bit map representing which table elements of "pkts" are valid mbuf pointers,
*   where the least-significant bit of the map represents table element 0. There
*   must be at least as many elements in the table as the highest order bit in
*   the map. Valid table entries with a corresponding 0 in the bitmap will be
*   ignored.
* @param reply_pkt_mask
*   Bit map representing which table elements of "pkts" have been altered to
*   reply messages for synproxy. These packets, or copies of them must be sent
*   back to the originator. IP and TCP headers have been altered, ethernet
*   header has not
* @return
*   Returns an updated bitmap that reflects which packets are valid and should
*   be forwarded.Any bits representing invalid TCP packets are cleared.
*   Any packets which are not TCP/IP are considered valid for this purpose.
*/


uint64_t
rte_ct_cnxn_tracker_batch_lookup_with_synproxy(
	struct rte_ct_cnxn_tracker *ct,
	struct rte_mbuf **pkts,
	uint64_t pkts_mask,
	struct rte_synproxy_helper *sp_helper);





/**
 * Synproxy might need to buffer client-side packets while the
 * server-side of the proxy is still being set up. The packets
 * are released when the server-side connection is complete.
 * This routine is used to retrieve those packets. Packets are
 * also released in a similar manner if there is a timeout
 * during a synproxy setup. This routine should be called before
 * immediately before any timeout handling, to get the list of
 * packets (if any) to forward, and again immediately after timeout
 * handling  to get the list of  packets (if any) to delete.
 * Calling this routine removes the packets from synproxy.
 *
 * @param new_cnxn_tracker
 *   The connection tracker from which to retrieve the packets
 *
 * @return
 *   a linked list of packets to process, in order. The list is
 *   connected via a pointer stored in the mbuf in the offset
 *   given in the "pointer_offset" parameter to the routine:
 *   "rte_ct_initialize_cnxn_tracker_with_synproxy".
 *   If not packets currently available, returns NULL.
 */

struct rte_mbuf *
rte_ct_get_buffered_synproxy_packets(struct rte_ct_cnxn_tracker *ct);


/**
 * Initialize a connection tracker instance before use.
 *
 * @param new_cnxn_tracker
 *   The connection tracker to initialize, allocated by the user.
 * @param max_connection_count
 *   Maximum number of simultaneous connections supported.
 * @param name
 *  A name to give to this connection tracker, for debug purposes
 *
 * @return
 *   - 0 if successful
 *   - negative if unsuccesful
 */

int
rte_ct_initialize_cnxn_tracker_with_synproxy(
	struct rte_ct_cnxn_tracker *new_cnxn_tracker,
	uint32_t max_connection_count,
	char *name,
	uint16_t pointer_offset);

/**
 * Initialize a connection tracker instance before use with synproxy support.
 *
 * @param new_cnxn_tracker
 *   The connection tracker to initialize, allocated by the user.
 * @param max_connection_count
 *   Maximum number of simultaneous connections supported.
 * @param name
 *  A name to give to this connection tracker, for debug purposes
 * @param pointer_offset
 *  An offset into the mbuf where the connection tracker can store two pointers.
 *
 * @return
 *   - 0 if successful
 *   - negative if unsuccesful
 */

int
rte_ct_initialize_cnxn_tracker(
	struct rte_ct_cnxn_tracker *new_cnxn_tracker,
	uint32_t max_connection_count,
	char *name);


/**
 * Free resources allocated by earlier call to rte_ct_initialize_cnxn_tracker()
 *
 * @param old_cnxn_tracker
 *   The connection tracker previously initialized.
 *
 * @return
 *   - 0 if successful
 *   - < 0 if unsuccesful
 */

int
rte_ct_free_cnxn_tracker_resources(
		struct rte_ct_cnxn_tracker *old_cnxn_tracker);


/**
 * Get size of opaque type rte_ct_cnxn_tracker in order to allocate an instance.
 *
 * @return
 *   Size in bytes of rte_ct_cnxn_tracker type
 */

int
rte_ct_get_cnxn_tracker_size(void);

/**
 * Get address of counters kept by this instance.
 *
 * @param ct
 *   Instance of cnxn tracker.
 *
 */

struct rte_CT_counter_block*
rte_ct_get_counter_address(struct rte_ct_cnxn_tracker *ct);


/**
 * Process a configuration option supported in the config file.
 * If a valid name/value pair, update the cnxn tracker.
 *
 * @param ct
 *   Instance of cnxn tracker.
 *
 * @param name
 *   Name of configuration option.
 *
 * @param value
 *   Value of configuration option.
 *
 * @return
 *   - 0 if successful
 *   - < 0 if unsuccesful
 */

int
rte_ct_set_configuration_options(
	struct rte_ct_cnxn_tracker *ct,
	char *name,
	char *value);

/**
 * Check for expired connection tracking timers, and delete any expired
 * connections. This routine must be called in the loop that processes packets,
 * to ensure that timeouts are handled synchronously with packet processing.
 * More frequent calls means more accurate timing but more overhead.
 *
 * @param ct
 *   Instance of cnxn tracker to check timers.
 *
 */

void
rte_ct_handle_expired_timers(struct rte_ct_cnxn_tracker *ct);


int
rte_ct_get_IP_hdr_size(struct rte_mbuf *pkt);

/**
* Enable synproxy for this connection tracker.
*
* @param ct
*   Instance of cnxn tracker to enable.
*
*/

void
rte_ct_enable_synproxy(struct rte_ct_cnxn_tracker *ct);

/**
* Disable synproxy for this connection tracker.
*
* @param ct
*   Instance of cnxn tracker to disable.
*
*/

void
rte_ct_disable_synproxy(struct rte_ct_cnxn_tracker *ct);
int
rte_ct_initialize_default_timeouts(
		struct rte_ct_cnxn_tracker *new_cnxn_tracker);

uint8_t
rte_ct_create_cnxn_hashkey(
	uint32_t *src_addr,
	uint32_t *dst_addr,
	uint16_t src_port,
	uint16_t dst_port,
	uint8_t proto,
	uint32_t *key,
	uint8_t type);

/* To get timer core id from CGNAPT timer thread*/
#ifdef CT_CGNAT
extern uint32_t get_timer_core_id(void);
uint64_t cgnapt_ct_process(
	struct rte_ct_cnxn_tracker *ct,
	struct rte_mbuf **pkts,
	uint64_t pkts_mask,
	struct rte_CT_helper *ct_helper);
#endif
#endif