Change keep-state with record-state in whole project

In YANET the keep-state directive only stores the state of packets,
similar to ipfw's record-state, and does not include an implicit
check-state for all packets like in ipfw.

So we rename keep-state to record-state to accurately reflect its function.

Closes #166

autotest/units/001_one_port/036_firewall_keepstate/firewall.txt

@@ -3,6 +3,6 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow udp from 11.0.0.0/24 to any 53 keep-state
-add allow udp from any to 2a03:6b8:ff1c:2030::/60 53 keep-state
+add allow udp from 11.0.0.0/24 to any 53 record-state
+add allow udp from any to 2a03:6b8:ff1c:2030::/60 53 record-state
 add deny ip from any to any

autotest/units/001_one_port/037_firewall_keepstate_with_sync/firewall.txt

@@ -3,6 +3,6 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow udp from 10.0.0.0/24 to any 53 keep-state
-add allow udp from any to 2121:bbb8:ff1c:2030::/60 53 keep-state
+add allow udp from 10.0.0.0/24 to any 53 record-state
+add allow udp from any to 2121:bbb8:ff1c:2030::/60 53 record-state
 add deny ip from any to any

autotest/units/001_one_port/039_firewall_keepstate_with_sync_tcp/firewall.txt

@@ -3,6 +3,6 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow tcp from 12.0.0.0/24 to any 12345 keep-state
-add allow tcp from any to 2a22:6b8:ff1c:2030::/60 12345 keep-state
+add allow tcp from 12.0.0.0/24 to any 12345 record-state
+add allow tcp from any to 2a22:6b8:ff1c:2030::/60 12345 record-state
 add deny ip from any to any

autotest/units/001_one_port/040_firewall_keepstate_with_sync_mixed/firewall.txt

@@ -3,7 +3,7 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow ip from 13.0.0.0/24 to any keep-state
-add allow ip from any to 2332:898:ff1c:2030::/64 keep-state
-add allow tcp from 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: to 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: 10053 keep-state
+add allow ip from 13.0.0.0/24 to any record-state
+add allow ip from any to 2332:898:ff1c:2030::/64 record-state
+add allow tcp from 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: to 2332:898:ffee:0:0:5678::/ffff:ffff:ffff:0000:ffff:ffff:: 10053 record-state
 add deny ip from any to any

autotest/units/001_one_port/045_firewall_out/firewall.txt

@@ -38,7 +38,7 @@ add deny ip from any to any
 :SKP2
 add allow tcp from f805@2222:898:c00::/40 to { 2222:898:bf00:400::1 } 443
 
-add allow tcp from f805@2222:898:c00::/40 to { 2222:898:bf00:400::2 } 443 keep-state
+add allow tcp from f805@2222:898:c00::/40 to { 2222:898:bf00:400::2 } 443 record-state
 
 add allow ip from any to any frag
 add deny tcp from any to any tcpflags rst

autotest/units/001_one_port/050_firewall_state_resend/firewall.txt

@@ -3,6 +3,6 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow udp from 10.0.0.0/24 to any 53 keep-state
-add allow udp from any to 2020:ddd:ff1c:2030::/60 53 keep-state
+add allow udp from 10.0.0.0/24 to any 53 record-state
+add allow udp from any to 2020:ddd:ff1c:2030::/60 53 record-state
 add deny ip from any to any

autotest/units/001_one_port/051_firewall_keepstate_with_sync_unicast/firewall.txt

@@ -3,6 +3,6 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow tcp from 12.0.0.0/24 to any 12345 keep-state
-add allow tcp from any to 2220:ddd:ff1c:2030::/60 12345 keep-state
+add allow tcp from 12.0.0.0/24 to any 12345 record-state
+add allow tcp from any to 2220:ddd:ff1c:2030::/60 12345 record-state
 add deny ip from any to any

autotest/units/001_one_port/052_firewall_samples/firewall.txt

@@ -3,6 +3,6 @@ add skipto :IN ip from any to any in
 
 :IN
 add check-state
-add allow tcp from 11.0.0.0/24 to any 53 keep-state
-add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 keep-state
+add allow tcp from 11.0.0.0/24 to any 53 record-state
+add allow tcp from any to 2111:aaa:ff1c:2030::/60 53 record-state
 add deny ip from any to any

autotest/units/001_one_port/059_firewall_tablearg/firewall.conf.txt

@@ -35,5 +35,5 @@ add deny log logamount 500 all from any to any
 :TUN64_SKP5
 add deny tcp from any to any setup
 add allow udp from any src-port 53 to any dst-port 1025-65535
-add allow ip from any to any keep-state in
+add allow ip from any to any record-state in
 add deny log logamount 500 all from any to any

cli/acl.h

@@ -25,7 +25,7 @@ void unwind(const std::string& in_module,
             std::optional<std::string> transport_source,
             std::optional<std::string> transport_destination,
             std::optional<std::string> transport_flags,
-            std::optional<std::string> keepstate)
+            std::optional<std::string> recordstate)
 {
 	std::optional<std::string> module = in_module;
 
@@ -38,7 +38,7 @@ void unwind(const std::string& in_module,
 	optional_helper(transport_source);
 	optional_helper(transport_destination);
 	optional_helper(transport_flags);
-	optional_helper(keepstate);
+	optional_helper(recordstate);
 
 	interface::controlPlane controlplane;
 	auto response = controlplane.acl_unwind({module,
@@ -50,7 +50,7 @@ void unwind(const std::string& in_module,
 	                                         transport_source,
 	                                         transport_destination,
 	                                         transport_flags,
-	                                         keepstate});
+	                                         recordstate});
 
 	table_t table({.optional_null = "any"});
 	table.insert("module",
@@ -62,12 +62,12 @@ void unwind(const std::string& in_module,
 	             "transport_source",
 	             "transport_destination",
 	             "transport_flags",
-	             "keepstate",
+	             "recordstate",
 	             "next_module",
 	             "ids",
 	             "log");
 
-	for (const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, keepstate, next_module, ids, log] : response)
+	for (const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, recordstate, next_module, ids, log] : response)
 	{
 		table.insert(module,
 		             direction,
@@ -78,7 +78,7 @@ void unwind(const std::string& in_module,
 		             transport_source,
 		             transport_destination,
 		             transport_flags,
-		             keepstate,
+		             recordstate,
 		             next_module,
 		             ids,
 		             log);

cli/main.cpp

@@ -39,7 +39,7 @@ std::vector<std::tuple<std::string,
                     {},
                     {"physicalPort", "", [](const auto& args) { call(show::physicalPort, args); }},
                     {"logicalPort", "", [](const auto& args) { call(show::logicalPort, args); }},
-                    {"acl unwind", "[module] <direction{any|in|out}> <network_source> <network_destination> <fragment{any|frag}> <protocol> <transport_source> <transport_destination> <transport_flags> <keepstate{any|true|false}>", [](const auto& args) { call(acl::unwind, args); }},
+                    {"acl unwind", "[module] <direction{any|in|out}> <network_source> <network_destination> <fragment{any|frag}> <protocol> <transport_source> <transport_destination> <transport_flags> <recordstate{any|true|false}>", [](const auto& args) { call(acl::unwind, args); }},
                     {"acl lookup", "<module> <any|in|out> <network_source> <network_destination> <protocol> <transport_source> <transport_destination>", [](const auto& args) { call(acl::lookup, args); }},
                     {"decap", "", [](const auto& args) { call(show::decap::summary, args); }},
                     {"decap announce", "", [](const auto& args) { call(show::decap::announce, args); }},

common/icp.h

@@ -724,7 +724,7 @@ using request = std::tuple<std::optional<std::string>, ///< module
                            std::optional<std::string>, ///< transport_source
                            std::optional<std::string>, ///< transport_destination
                            std::optional<std::string>, ///< transport_flags
-                           std::optional<std::string>>; ///< keepstate
+                           std::optional<std::string>>; ///< recordstate
 
 using response = std::vector<std::tuple<std::optional<std::string>,
                                         std::optional<std::string>,

common/type.h

@@ -2273,7 +2273,7 @@ inline const char* eFlowType_toString(eFlowType t)
 
 enum class eFlowFlags : uint8_t
 {
-	keepstate = 1,
+	recordstate = 1,
 	log = 2,
 };
 

controlplane/acl.cpp

@@ -569,7 +569,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
                      const std::optional<std::string>& transport_source,
                      const std::optional<std::string>& transport_destination,
                      const std::optional<std::string>& transport_flags,
-                     const std::optional<std::string>& in_keepstate)
+                     const std::optional<std::string>& in_recordstate)
 {
 	(void)module;
 
@@ -664,7 +664,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
 				std::string transport_source = "any";
 				std::string transport_destination = "any";
 				std::string transport_flags = "any";
-				std::string keepstate = "false";
+				std::string recordstate = "false";
 				std::string next_module = "any";
 				std::string log = rule.log ? "true" : "false";
 
@@ -719,13 +719,13 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
 						}
 					}
 
-					if (rule.filter->keepstate)
+					if (rule.filter->recordstate)
 					{
-						keepstate = "true";
+						recordstate = "true";
 					}
 
-					if (in_keepstate &&
-					    keepstate != *in_keepstate)
+					if (in_recordstate &&
+					    recordstate != *in_recordstate)
 					{
 						continue;
 					}
@@ -754,7 +754,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
 				                    transport_source,
 				                    transport_destination,
 				                    transport_flags,
-				                    keepstate,
+				                    recordstate,
 				                    next_module,
 				                    ids,
 				                    log);
@@ -893,9 +893,9 @@ std::vector<rule_t> unwind_used_rules(const std::map<std::string, controlplane::
 				{
 					auto& flow = std::get<common::globalBase::tFlow>(rule.action);
 
-					if (rule.filter->keepstate)
+					if (rule.filter->recordstate)
 					{
-						flow.flags |= (int)common::globalBase::eFlowFlags::keepstate;
+						flow.flags |= (int)common::globalBase::eFlowFlags::recordstate;
 					}
 					if (rule.log)
 					{

controlplane/acl.h

@@ -67,7 +67,7 @@ unwind_result unwind(const std::map<std::string, controlplane::base::acl_t>& acl
                      const std::optional<std::string>& transport_source,
                      const std::optional<std::string>& transport_destination,
                      const std::optional<std::string>& transport_flags,
-                     const std::optional<std::string>& keepstate);
+                     const std::optional<std::string>& recordstate);
 
 std::set<uint32_t> lookup(const std::map<std::string, controlplane::base::acl_t>& acls,
                           const acl::iface_map_t& ifaces,

controlplane/acl/rule.h

@@ -850,22 +850,22 @@ struct filter_t : filter_base_t
 	ref_t<filter_prm8_t> flags;
 	ref_t<filter_proto_t> proto;
 	ref_t<filter_id_t> dir;
-	ref_t<filter_bool_t> keepstate;
+	ref_t<filter_bool_t> recordstate;
 
 	filter_t(const ref_t<filter_id_t>& _acl_id,
 	         const ref_t<filter_network_t>& _src,
 	         const ref_t<filter_network_t>& _dst,
 	         const ref_t<filter_prm8_t>& _flags,
 	         const ref_t<filter_proto_t>& _proto,
 	         const ref_t<filter_id_t>& _dir,
-	         const ref_t<filter_bool_t>& keepstate) :
+	         const ref_t<filter_bool_t>& recordstate) :
 	        acl_id(_acl_id),
 	        src(_src),
 	        dst(_dst),
 	        flags(_flags),
 	        proto(_proto),
 	        dir(_dir),
-	        keepstate(keepstate)
+	        recordstate(recordstate)
 	{}
 
 	filter_t(ipfw::rule_ptr_t rulep)
@@ -919,15 +919,15 @@ struct filter_t : filter_base_t
 				dir = new filter_id_t(1);
 				break;
 		}
-		if (rulep->keepstate)
+		if (rulep->recordstate)
 		{
-			keepstate = new filter_bool_t(true);
+			recordstate = new filter_bool_t(true);
 		}
 	}
 
 	virtual bool is_none() const
 	{
-		return acl_id.is_none() || src.is_none() || dst.is_none() || proto.is_none() || dir.is_none() || keepstate.is_none();
+		return acl_id.is_none() || src.is_none() || dst.is_none() || proto.is_none() || dir.is_none() || recordstate.is_none();
 	}
 
 	virtual std::string to_string() const
@@ -954,9 +954,9 @@ struct filter_t : filter_base_t
 		{
 			ret += " frag " + frag_to_string(flags);
 		}
-		if (keepstate)
+		if (recordstate)
 		{
-			ret += " keepstate";
+			ret += " recordstate";
 		}
 
 		if (acl_id)
@@ -969,7 +969,7 @@ struct filter_t : filter_base_t
 
 	bool operator==(const filter_t& o) const
 	{
-		return src == o.src && dst == o.dst && flags == o.flags && proto == o.proto && dir == o.dir && keepstate == o.keepstate;
+		return src == o.src && dst == o.dst && flags == o.flags && proto == o.proto && dir == o.dir && recordstate == o.recordstate;
 	}
 };
 
@@ -1024,7 +1024,7 @@ inline ref_t<filter_t> and_op(const ref_t<filter_t>& a, const ref_t<filter_t>& b
 	                    a.filter->flags & b.filter->flags,
 	                    a.filter->proto & b.filter->proto,
 	                    a.filter->dir & b.filter->dir,
-	                    a.filter->keepstate & b.filter->keepstate);
+	                    a.filter->recordstate & b.filter->recordstate);
 }
 
 const int64_t DISPATCHER = -1;
@@ -1345,7 +1345,7 @@ struct hash<acl::filter_t>
 	size_t operator()(const acl::filter_t& f) const noexcept
 	{
 		size_t h = 0;
-		hash_combine(h, f.src, f.dst, f.flags, f.proto, f.dir, f.keepstate);
+		hash_combine(h, f.src, f.dst, f.flags, f.proto, f.dir, f.recordstate);
 
 		return h;
 	}

controlplane/controlplane.cpp

@@ -411,7 +411,7 @@ common::icp::limit_summary::response cControlPlane::limit_summary() const
 
 common::icp::acl_unwind::response cControlPlane::acl_unwind(const common::icp::acl_unwind::request& request) const
 {
-	const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, keepstate] = request;
+	const auto& [module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, recordstate] = request;
 
 	generations.current_lock();
 	std::map<std::string, controlplane::base::acl_t> acls = generations.current().acls;
@@ -430,7 +430,7 @@ common::icp::acl_unwind::response cControlPlane::acl_unwind(const common::icp::a
 		acls.swap(acls_next);
 	}
 
-	return acl::unwind(acls, iface_map, module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, keepstate);
+	return acl::unwind(acls, iface_map, module, direction, network_source, network_destination, fragment, protocol, transport_source, transport_destination, transport_flags, recordstate);
 }
 
 common::icp::acl_lookup::response cControlPlane::acl_lookup(const common::icp::acl_lookup::request& request) const

controlplane/unittest/parser.cpp

@@ -172,10 +172,10 @@ add allow udp from { _CNETS_ or _DNETS_ } dst-port 3784,4784 to { _CNETS_ or _DN
 	EXPECT_FALSE(parse_rules(rules));
 }
 
-TEST(Parser, 017_KeepStateOption)
+TEST(Parser, 017_RecordStateOption)
 {
 	const auto rules = R"IPFW(
-add allow icmp from me to any icmptypes 8 out keep-state
+add allow icmp from me to any icmptypes 8 out record-state
 )IPFW";
 	EXPECT_TRUE(parse_rules(rules));
 }
@@ -220,7 +220,7 @@ TEST(Parser, 020_IgnoredOptions)
 	const auto rules = R"IPFW(
 # just ignore antispoof, diverted, logamount, tag, tagged,
 add allow tcp from 10.0.0.0/8 to 10.0.0.0/8 80 in antispoof
-add 65534 allow ip from any to any diverted keep-state
+add 65534 allow ip from any to any diverted record-state
 add deny log logamount 500 all from any to any
 add allow tag 653 ip4 from { 10.0.0.0/8 } to me
 add allow ip from any to any tagged 31000

dataplane/action_dispatcher.h

@@ -111,9 +111,9 @@ struct ActionDispatcher
 		{
 			worker->acl_log(mbuf, action.flow, acl_id);
 		}
-		if (action.flow.flags & (uint8_t)common::globalBase::eFlowFlags::keepstate)
+		if (action.flow.flags & (uint8_t)common::globalBase::eFlowFlags::recordstate)
 		{
-			worker->acl_create_keepstate(mbuf, acl_id, action.flow);
+			worker->acl_create_state(mbuf, acl_id, action.flow);
 		}
 
 		if constexpr (Direction == FlowDirection::Egress)

dataplane/worker.cpp

@@ -4828,7 +4828,7 @@ inline cWorker::FlowFromState cWorker::acl_checkstate(rte_mbuf* mbuf,
 	return {flow};
 }
 
-inline void cWorker::acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow)
+inline void cWorker::acl_create_state(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow)
 {
 	dataplane::metadata* metadata = YADECAP_METADATA(mbuf);
 

dataplane/worker.h

@@ -188,7 +188,7 @@ class cWorker
 	inline FlowFromState acl_checkstate(rte_mbuf* mbuf, dataplane::globalBase::fw_state_value_t* value, dataplane::spinlock_nonrecursive_t* locker);
 	inline FlowFromState acl_egress_checkstate(rte_mbuf* mbuf);
 	inline FlowFromState acl_egress_checkstate(rte_mbuf* mbuf, dataplane::globalBase::fw_state_value_t* value, dataplane::spinlock_nonrecursive_t* locker);
-	inline void acl_create_keepstate(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow);
+	inline void acl_create_state(rte_mbuf* mbuf, tAclId aclId, const common::globalBase::tFlow& flow);
 	inline void acl_state_emit(tAclId aclId, const dataplane::globalBase::fw_state_sync_frame_t& frame);
 
 	inline void acl_egress_entry(rte_mbuf* mbuf, tAclId aclId);

libfwparser/fw_config.cpp

@@ -832,8 +832,8 @@ void fw_config_t::add_rule_opcode(const rule_t::opcode_arg_t& value)
 		case rule_t::opcode_t::DIRECTION:
 			m_curr_rule->direction |= std::get<uint32_t>(value);
 			break;
-		case rule_t::opcode_t::KEEPSTATE:
-			m_curr_rule->keepstate = true;
+		case rule_t::opcode_t::RECORDSTATE:
+			m_curr_rule->recordstate = true;
 			break;
 		case rule_t::opcode_t::IPID:
 			break;