aboutsummaryrefslogtreecommitdiffstats
path: root/vpp
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2016-02-17 17:52:26 -0500
committerGerrit Code Review <gerrit@fd.io>2016-02-19 11:10:32 +0000
commitc07bf5d5032e2b3ed4a651c8e6b8ff2131bc79c6 (patch)
treebf3ecc39a5ca953865f9daeb1f3e4c5da4e0d495 /vpp
parent3c4869cdfac70001fc5daf3646794cbd81587a33 (diff)
Per-interface, per-address-family fast packet filter
Change-Id: I122aa8edfb16a433a8ccdfb72ee8463c48c56d6d Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'vpp')
-rw-r--r--vpp/api/api.c48
-rw-r--r--vpp/api/custom_dump.c37
-rw-r--r--vpp/api/vpe.api57
-rw-r--r--vpp/vnet/main.c2
4 files changed, 142 insertions, 2 deletions
diff --git a/vpp/api/api.c b/vpp/api/api.c
index 0761a942..1390291b 100644
--- a/vpp/api/api.c
+++ b/vpp/api/api.c
@@ -69,6 +69,7 @@
#include <vnet/nsh-vxlan-gpe/nsh_vxlan_gpe.h>
#include <vnet/lisp-gpe/lisp_gpe.h>
#include <vnet/map/map.h>
+#include <vnet/cop/cop.h>
#undef BIHASH_TYPE
#undef __included_bihash_template_h__
@@ -307,7 +308,9 @@ _(MAP_DEL_DOMAIN, map_del_domain) \
_(MAP_ADD_DEL_RULE, map_add_del_rule) \
_(MAP_DOMAIN_DUMP, map_domain_dump) \
_(MAP_RULE_DUMP, map_rule_dump) \
-_(MAP_SUMMARY_STATS, map_summary_stats)
+_(MAP_SUMMARY_STATS, map_summary_stats) \
+_(COP_INTERFACE_ENABLE_DISABLE, cop_interface_enable_disable) \
+_(COP_WHITELIST_ENABLE_DISABLE, cop_whitelist_enable_disable)
#define QUOTE_(x) #x
#define QUOTE(x) QUOTE_(x)
@@ -4860,6 +4863,49 @@ static void vl_api_ipsec_sa_set_key_t_handler
REPLY_MACRO(VL_API_IPSEC_SA_SET_KEY_REPLY);
}
+static void vl_api_cop_interface_enable_disable_t_handler
+(vl_api_cop_interface_enable_disable_t * mp)
+{
+ vl_api_cop_interface_enable_disable_reply_t * rmp;
+ int rv;
+ u32 sw_if_index = ntohl(mp->sw_if_index);
+ int enable_disable;
+
+ VALIDATE_SW_IF_INDEX(mp);
+
+ enable_disable = (int) mp->enable_disable;
+
+ rv = cop_interface_enable_disable (sw_if_index, enable_disable);
+
+ BAD_SW_IF_INDEX_LABEL;
+
+ REPLY_MACRO(VL_API_COP_INTERFACE_ENABLE_DISABLE_REPLY);
+}
+
+static void vl_api_cop_whitelist_enable_disable_t_handler
+(vl_api_cop_whitelist_enable_disable_t * mp)
+{
+ vl_api_cop_whitelist_enable_disable_reply_t * rmp;
+ cop_whitelist_enable_disable_args_t _a, *a=&_a;
+ u32 sw_if_index = ntohl(mp->sw_if_index);
+ int rv;
+
+ VALIDATE_SW_IF_INDEX(mp);
+
+ a->sw_if_index = sw_if_index;
+ a->ip4 = mp->ip4;
+ a->ip6 = mp->ip6;
+ a->default_cop = mp->default_cop;
+ a->fib_id = ntohl(mp->fib_id);
+
+ rv = cop_whitelist_enable_disable (a);
+
+ BAD_SW_IF_INDEX_LABEL;
+
+ REPLY_MACRO(VL_API_COP_WHITELIST_ENABLE_DISABLE_REPLY);
+}
+
+
#define BOUNCE_HANDLER(nn) \
static void vl_api_##nn##_t_handler ( \
vl_api_##nn##_t *mp) \
diff --git a/vpp/api/custom_dump.c b/vpp/api/custom_dump.c
index 85740eee..6a402ead 100644
--- a/vpp/api/custom_dump.c
+++ b/vpp/api/custom_dump.c
@@ -1694,6 +1694,39 @@ static void * vl_api_ip_dump_t_print
FINISH;
}
+static void * vl_api_cop_interface_enable_disable_t_print
+(vl_api_cop_interface_enable_disable_t * mp, void *handle)
+{
+ u8 * s;
+
+ s = format (0, "SCRIPT: cop_interface_enable_disable ");
+ s = format (s, "sw_if_index %d ", ntohl(mp->sw_if_index));
+ if (mp->enable_disable)
+ s = format (s, "enable ");
+ else
+ s = format (s, "disable ");
+
+ FINISH;
+}
+
+static void * vl_api_cop_whitelist_enable_disable_t_print
+(vl_api_cop_whitelist_enable_disable_t * mp, void *handle)
+{
+ u8 * s;
+
+ s = format (0, "SCRIPT: cop_whitelist_enable_disable ");
+ s = format (s, "sw_if_index %d ", ntohl(mp->sw_if_index));
+ s = format (s, "fib-id %d ", ntohl(mp->fib_id));
+ if (mp->ip4)
+ s = format (s, "ip4 ");
+ if (mp->ip6)
+ s = format (s, "ip6 ");
+ if (mp->default_cop)
+ s = format (s, "default ");
+
+ FINISH;
+}
+
#define foreach_custom_print_function \
_(CREATE_LOOPBACK, create_loopback) \
_(SW_INTERFACE_SET_FLAGS, sw_interface_set_flags) \
@@ -1773,7 +1806,9 @@ _(INPUT_ACL_SET_INTERFACE, input_acl_set_interface) \
_(IP_ADDRESS_DUMP, ip_address_dump) \
_(IP_DUMP, ip_dump) \
_(DELETE_LOOPBACK, delete_loopback) \
-_(BD_IP_MAC_ADD_DEL, bd_ip_mac_add_del)
+_(BD_IP_MAC_ADD_DEL, bd_ip_mac_add_del) \
+_(COP_INTERFACE_ENABLE_DISABLE, cop_interface_enable_disable) \
+_(COP_WHITELIST_ENABLE_DISABLE, cop_whitelist_enable_disable)
void vl_msg_api_custom_dump_configure (api_main_t *am)
{
diff --git a/vpp/api/vpe.api b/vpp/api/vpe.api
index 6b54ab82..bc3e107f 100644
--- a/vpp/api/vpe.api
+++ b/vpp/api/vpe.api
@@ -2752,3 +2752,60 @@ define map_summary_stats_reply {
u64 total_ip4_fragments;
u64 total_security_check[2];
};
+
+/** \brief cop: enable/disable junk filtration features on an interface
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sw_if_inded - desired interface
+ @param enable_disable - 1 => enable, 0 => disable
+*/
+
+define cop_interface_enable_disable {
+ u32 client_index;
+ u32 context;
+ u32 sw_if_index;
+ u8 enable_disable;
+};
+
+/** \brief cop: interface enable/disable junk filtration reply
+ @param context - returned sender context, to match reply w/ request
+ @param retval - return code
+*/
+
+define cop_interface_enable_disable_reply {
+ u32 context;
+ i32 retval;
+};
+
+/** \brief cop: enable/disable whitelist filtration features on an interface
+ Note: the supplied fib_id must match in order to remove the feature!
+
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param sw_if_index - interface handle, physical interfaces only
+ @param fib_id - fib identifier for the whitelist / blacklist fib
+ @param ip4 - 1 => enable ip4 filtration, 0=> disable ip4 filtration
+ @param ip6 - 1 => enable ip6 filtration, 0=> disable ip6 filtration
+ @param default_cop - 1 => enable non-ip4, non-ip6 filtration 0=> disable it
+*/
+
+define cop_whitelist_enable_disable {
+ u32 client_index;
+ u32 context;
+ u32 sw_if_index;
+ u32 fib_id;
+ u8 ip4;
+ u8 ip6;
+ u8 default_cop;
+};
+
+/** \brief cop: interface enable/disable junk filtration reply
+ @param context - returned sender context, to match reply w/ request
+ @param retval - return code
+*/
+
+define cop_whitelist_enable_disable_reply {
+ u32 context;
+ i32 retval;
+};
+
diff --git a/vpp/vnet/main.c b/vpp/vnet/main.c
index 84e071c7..bfd5ad59 100644
--- a/vpp/vnet/main.c
+++ b/vpp/vnet/main.c
@@ -122,6 +122,8 @@ vpe_main_init (vlib_main_t * vm)
#endif
if ((error = vlib_call_init_function (vm, li_init)))
return error;
+ if ((error = vlib_call_init_function (vm, cop_init)))
+ return error;
return error;
}