2 // Copyright (c) 2017 Intel Corporation
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
17 #ifndef _CNXN_TRACKING_H
18 #define _CNXN_TRACKING_H
27 #include <rte_ether.h>
29 #include "rte_ct_tcp.h"
36 * A Connection Tracker tracks the status of TCP connections. By remembering
37 * keys pieces of data, such as connection state, sequence numbers seen, and
38 * transmission window size, it can determine if a give packet is valid, or
39 * invalid and should be discarded.
41 * The current interface is designed for use with ip_pipeline code.
45 * Opaque type definition for an instance of the connection tracker. It is
46 * possible to have multiple instances of connection tracking running, on one
47 * or more cores. All traffic for a TCP connection must be run through the same
48 * rte_ct_cnxn_tracker.
52 * The rte_ct_cnxn_tracker is an instance of a connection tracker.
54 struct rte_ct_cnxn_tracker __rte_cache_aligned;
56 extern int rte_CT_hi_counter_block_in_use;
58 struct rte_CT_counter_block {
59 /* as long as a counter doesn't cross cache line, writes are atomic */
60 uint64_t current_active_sessions;
61 uint64_t sessions_activated; /* a SYN packet seen, or UDP */
62 /* a SYN packet re-opening a connection */
63 uint64_t sessions_reactivated;
64 /* SYN, SYN/ACK, ACK established a connection */
65 uint64_t sessions_established;
66 uint64_t sessions_closed;
67 uint64_t sessions_timedout;
68 uint64_t pkts_forwarded;
70 uint64_t pkts_drop_invalid_conn;
71 uint64_t pkts_drop_invalid_state;
72 uint64_t pkts_drop_invalid_rst;
73 uint64_t pkts_drop_outof_window;
74 } __rte_cache_aligned;
76 struct rte_synproxy_helper {
77 uint64_t reply_pkt_mask;
79 struct rte_mbuf **buffered_pkts_to_forward;
80 uint8_t num_buffered_pkts_to_forward;
83 struct rte_CT_helper {
84 uint64_t no_new_cnxn_mask;
85 uint64_t reply_pkt_mask;
87 struct rte_mbuf **buffered_pkts_to_forward;
88 uint8_t num_buffered_pkts_to_forward;
91 #define MAX_CT_INSTANCES 24 /* max number fw threads, actual usually less*/
93 extern struct rte_CT_counter_block rte_CT_counter_table[MAX_CT_INSTANCES]
97 * Run the connection tracking for 1 to 64 packets.
100 * Instance of cnxn tracker to use.
102 * Table of pointers to mbufs containing packets for connection tracking.
103 * Any packets which are not TCP/IP will be ignnored. A maximum of 64
104 * packets may be processed in a call.
106 * Bit map representing which table elements of "pkts" are valid mbuf
107 * pointers, where the least-significant bit of the map represents table
108 * element 0. There must be at least as many elements in the table as the
109 * highest order bit in the map. Valid table entries with a corresponding
110 * 0 in the bitmap will be ignored.
112 * Pointer to rte_CT_helper structure which hold the connection tracker
113 * tracking information.
116 * Returns an updated bitmap that reflects which packets are valid and should
118 * Any bits representing invalid TCP packets are cleared.
119 * Any packets which are not TCP/IP are considered valid for this purpose.
123 rte_ct_cnxn_tracker_batch_lookup(
124 struct rte_ct_cnxn_tracker *ct,
125 struct rte_mbuf **pkts,
127 struct rte_CT_helper *ct_helper);
130 rte_ct_cnxn_tracker_batch_lookup_type(
131 struct rte_ct_cnxn_tracker *ct,
132 struct rte_mbuf **pkts,
134 struct rte_CT_helper *ct_helper,
135 uint8_t ip_hdr_size_bytes);
139 * Run the connection tracking for 1 to 64 packets.
142 * Instance of cnxn tracker to use.
144 * Table of pointers to mbufs containing packets for connection tracking.
145 * Any packets which are not TCP/IP will be ignnored. A maximum of 64
146 * packets may be processed in a call.
148 * Bit map representing which table elements of "pkts" are valid mbuf
149 * pointers, where the least-significant bit of the map represents table
150 * element 0. There must be at least as many elements in the table as the
151 * highest order bit in the map. Valid table entries with a corresponding
152 * 0 in the bitmap will be ignored.
153 * @param no_new_cnxn_mask
154 * Bit map representing which table elements of "pkts" are should be
155 * considered valid packets only if there is already an existing connection
156 * for this packet (i.e. same ip addresses, tcp/udp ports, and protocol).
157 * This mask must be a subset of "pkts_mask" (including all or none), and
158 * follows the same format. A 1 means must be existing connection, a 0 means
159 * a new connection setup (e.g. TCP SYN packet) is allowed, or this entry
160 * corresponds to a 0 in pkts_mask.
163 * Returns an updated bitmap that reflects which packets are valid and should
165 * Any bits representing invalid TCP packets are cleared.
166 * Any packets which are not TCP/IP are considered valid for this purpose.
170 rte_ct_cnxn_tracker_batch_lookup_with_new_cnxn_control(
171 struct rte_ct_cnxn_tracker *ct,
172 struct rte_mbuf **pkts,
174 uint64_t no_new_cnxn_mask);
178 * Run the connection tracking for 1 to 64 packets, with support for
182 * Instance of cnxn tracker to use.
184 * Table of pointers to mbufs containing packets for connection tracking.
185 * Any packets which are not TCP/IP will be ignnored. A maximum of 64
186 * packets may be processed in a call.
188 * Bit map representing which table elements of "pkts" are valid mbuf pointers,
189 * where the least-significant bit of the map represents table element 0. There
190 * must be at least as many elements in the table as the highest order bit in
191 * the map. Valid table entries with a corresponding 0 in the bitmap will be
193 * @param reply_pkt_mask
194 * Bit map representing which table elements of "pkts" have been altered to
195 * reply messages for synproxy. These packets, or copies of them must be sent
196 * back to the originator. IP and TCP headers have been altered, ethernet
199 * Returns an updated bitmap that reflects which packets are valid and should
200 * be forwarded.Any bits representing invalid TCP packets are cleared.
201 * Any packets which are not TCP/IP are considered valid for this purpose.
206 rte_ct_cnxn_tracker_batch_lookup_with_synproxy(
207 struct rte_ct_cnxn_tracker *ct,
208 struct rte_mbuf **pkts,
210 struct rte_synproxy_helper *sp_helper);
217 * Synproxy might need to buffer client-side packets while the
218 * server-side of the proxy is still being set up. The packets
219 * are released when the server-side connection is complete.
220 * This routine is used to retrieve those packets. Packets are
221 * also released in a similar manner if there is a timeout
222 * during a synproxy setup. This routine should be called before
223 * immediately before any timeout handling, to get the list of
224 * packets (if any) to forward, and again immediately after timeout
225 * handling to get the list of packets (if any) to delete.
226 * Calling this routine removes the packets from synproxy.
228 * @param new_cnxn_tracker
229 * The connection tracker from which to retrieve the packets
232 * a linked list of packets to process, in order. The list is
233 * connected via a pointer stored in the mbuf in the offset
234 * given in the "pointer_offset" parameter to the routine:
235 * "rte_ct_initialize_cnxn_tracker_with_synproxy".
236 * If not packets currently available, returns NULL.
240 rte_ct_get_buffered_synproxy_packets(struct rte_ct_cnxn_tracker *ct);
244 * Initialize a connection tracker instance before use.
246 * @param new_cnxn_tracker
247 * The connection tracker to initialize, allocated by the user.
248 * @param max_connection_count
249 * Maximum number of simultaneous connections supported.
251 * A name to give to this connection tracker, for debug purposes
255 * - negative if unsuccesful
259 rte_ct_initialize_cnxn_tracker_with_synproxy(
260 struct rte_ct_cnxn_tracker *new_cnxn_tracker,
261 uint32_t max_connection_count,
263 uint16_t pointer_offset);
266 * Initialize a connection tracker instance before use with synproxy support.
268 * @param new_cnxn_tracker
269 * The connection tracker to initialize, allocated by the user.
270 * @param max_connection_count
271 * Maximum number of simultaneous connections supported.
273 * A name to give to this connection tracker, for debug purposes
274 * @param pointer_offset
275 * An offset into the mbuf where the connection tracker can store two pointers.
279 * - negative if unsuccesful
283 rte_ct_initialize_cnxn_tracker(
284 struct rte_ct_cnxn_tracker *new_cnxn_tracker,
285 uint32_t max_connection_count,
290 * Free resources allocated by earlier call to rte_ct_initialize_cnxn_tracker()
292 * @param old_cnxn_tracker
293 * The connection tracker previously initialized.
297 * - < 0 if unsuccesful
301 rte_ct_free_cnxn_tracker_resources(
302 struct rte_ct_cnxn_tracker *old_cnxn_tracker);
306 * Get size of opaque type rte_ct_cnxn_tracker in order to allocate an instance.
309 * Size in bytes of rte_ct_cnxn_tracker type
313 rte_ct_get_cnxn_tracker_size(void);
316 * Get address of counters kept by this instance.
319 * Instance of cnxn tracker.
323 struct rte_CT_counter_block*
324 rte_ct_get_counter_address(struct rte_ct_cnxn_tracker *ct);
328 * Process a configuration option supported in the config file.
329 * If a valid name/value pair, update the cnxn tracker.
332 * Instance of cnxn tracker.
335 * Name of configuration option.
338 * Value of configuration option.
342 * - < 0 if unsuccesful
346 rte_ct_set_configuration_options(
347 struct rte_ct_cnxn_tracker *ct,
352 * Check for expired connection tracking timers, and delete any expired
353 * connections. This routine must be called in the loop that processes packets,
354 * to ensure that timeouts are handled synchronously with packet processing.
355 * More frequent calls means more accurate timing but more overhead.
358 * Instance of cnxn tracker to check timers.
363 rte_ct_handle_expired_timers(struct rte_ct_cnxn_tracker *ct);
367 rte_ct_get_IP_hdr_size(struct rte_mbuf *pkt);
370 * Enable synproxy for this connection tracker.
373 * Instance of cnxn tracker to enable.
378 rte_ct_enable_synproxy(struct rte_ct_cnxn_tracker *ct);
381 * Disable synproxy for this connection tracker.
384 * Instance of cnxn tracker to disable.
389 rte_ct_disable_synproxy(struct rte_ct_cnxn_tracker *ct);
391 rte_ct_initialize_default_timeouts(
392 struct rte_ct_cnxn_tracker *new_cnxn_tracker);
395 rte_ct_create_cnxn_hashkey(
404 /* To get timer core id from CGNAPT timer thread*/
406 extern uint32_t get_timer_core_id(void);
407 uint64_t cgnapt_ct_process(
408 struct rte_ct_cnxn_tracker *ct,
409 struct rte_mbuf **pkts,
411 struct rte_CT_helper *ct_helper);