From 9d3a879d9d97a1b96543a942439ec1c3282a5cdd Mon Sep 17 00:00:00 2001 From: "Keith Burns (alagalah)" Date: Tue, 2 Aug 2016 11:57:37 -0700 Subject: VPP-226 - adding UDP TCP to port-range Change-Id: I5f4261279dcdbb03e182b18d05602407c0e55f89 Signed-off-by: Keith Burns (alagalah) --- vpp/vpp-api/api.c | 73 ++++++++++++++++++++++++++++------------------- vpp/vpp-api/custom_dump.c | 16 +++++++++-- vpp/vpp-api/vpe.api | 11 +++++-- 3 files changed, 64 insertions(+), 36 deletions(-) (limited to 'vpp/vpp-api') diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c index 73ecbd72..18999a5f 100644 --- a/vpp/vpp-api/api.c +++ b/vpp/vpp-api/api.c @@ -7380,13 +7380,13 @@ static void vl_api_ip_source_and_port_range_check_add_del_t_handler ( u8 is_add = mp->is_add; u8 mask_length = mp->mask_length; ip4_address_t ip4_addr; - //ip6_address_t ip6_addr; - u16 * low_ports = 0 ; - u16 * high_ports = 0 ; + ip6_address_t ip6_addr; + u16 * low_ports = 0; + u16 * high_ports = 0; + u32 vrf_id; u16 tmp_low, tmp_high; u8 num_ranges ; int i; - u32 vrf_id; // Validate port range num_ranges = mp->number_of_ranges; @@ -7415,8 +7415,8 @@ static void vl_api_ip_source_and_port_range_check_add_del_t_handler ( if (mask_length < 0 || ( is_ipv6 && mask_length > 128) || ( !is_ipv6 && mask_length > 32)) { - rv = VNET_API_ERROR_ADDRESS_LENGTH_MISMATCH; - goto reply; + rv = VNET_API_ERROR_ADDRESS_LENGTH_MISMATCH; + goto reply; } vrf_id = ntohl (mp->vrf_id); @@ -7425,33 +7425,31 @@ static void vl_api_ip_source_and_port_range_check_add_del_t_handler ( rv = VNET_API_ERROR_INVALID_VALUE; goto reply; } - //ip6 + + if (is_ipv6) { - /* clib_memcpy (ip6_addr.as_u8, mp->address, */ - /* sizeof (ip6_addr.as_u8)); */ - /* rv = ip6_source_and_port_range_check_add_del (ip6_addr, */ - /* mask_length, */ - /* vrf_id, */ - /* low_ports, */ - /* high_ports, */ - /* is_add); */ - - //ip4 - } else { - clib_memcpy (ip4_addr.data, mp->address, - sizeof (ip4_addr)); - rv = ip4_source_and_port_range_check_add_del (&ip4_addr, + clib_memcpy (ip6_addr.as_u8, mp->address, + sizeof (ip6_addr.as_u8)); + rv = ip6_source_and_port_range_check_add_del (&ip6_addr, mask_length, vrf_id, low_ports, high_ports, is_add); + } else { + clib_memcpy (ip4_addr.data, mp->address, + sizeof (ip4_addr)); + rv = ip4_source_and_port_range_check_add_del (&ip4_addr, + mask_length, + vrf_id, + low_ports, + high_ports, + is_add); } reply: vec_free (low_ports); vec_free (high_ports); - REPLY_MACRO(VL_API_IP_SOURCE_AND_PORT_RANGE_CHECK_ADD_DEL_REPLY); } @@ -7463,20 +7461,35 @@ vl_api_ip_source_and_port_range_check_interface_add_del_t_handler vl_api_ip_source_and_port_range_check_interface_add_del_reply_t * rmp; ip4_main_t * im = &ip4_main; int rv; - u32 sw_if_index, fib_index, vrf_id; + u32 sw_if_index; + u32 fib_index[IP_SOURCE_AND_PORT_RANGE_CHECK_N_PROTOCOLS]; + u32 vrf_id[IP_SOURCE_AND_PORT_RANGE_CHECK_N_PROTOCOLS]; uword * p = 0; + int i; - vrf_id = ntohl(mp->vrf_id); + vrf_id[IP_SOURCE_AND_PORT_RANGE_CHECK_PROTOCOL_TCP_OUT] = ntohl(mp->tcp_out_vrf_id); + vrf_id[IP_SOURCE_AND_PORT_RANGE_CHECK_PROTOCOL_UDP_OUT] = ntohl(mp->udp_out_vrf_id); + vrf_id[IP_SOURCE_AND_PORT_RANGE_CHECK_PROTOCOL_TCP_IN] = ntohl(mp->tcp_in_vrf_id); + vrf_id[IP_SOURCE_AND_PORT_RANGE_CHECK_PROTOCOL_UDP_IN] = ntohl(mp->udp_in_vrf_id); - p = hash_get (im->fib_index_by_table_id, vrf_id); - if (p == 0) { - rv = VNET_API_ERROR_INVALID_VALUE; - goto reply; - } + for (i = 0; i < IP_SOURCE_AND_PORT_RANGE_CHECK_N_PROTOCOLS; i++) + { + if (vrf_id[i] !=0 && vrf_id[i] != ~0) + { + p = hash_get (im->fib_index_by_table_id, vrf_id[i]); - fib_index = p[0]; + if (p == 0) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto reply; + } + fib_index[i] = p[0]; + } + else + fib_index[i] = ~0; + } sw_if_index = ntohl(mp->sw_if_index); VALIDATE_SW_IF_INDEX(mp); diff --git a/vpp/vpp-api/custom_dump.c b/vpp/vpp-api/custom_dump.c index 51bf81d9..bf02ac43 100644 --- a/vpp/vpp-api/custom_dump.c +++ b/vpp/vpp-api/custom_dump.c @@ -2099,7 +2099,7 @@ static void *vl_api_ip_source_and_port_range_check_add_del_t_print mp->mask_length); for (i = 0; i < mp->number_of_ranges; i++) { - s = format (s, "range %d - %d", mp->low_ports[i], mp->high_ports[i]); + s = format (s, "range %d - %d ", mp->low_ports[i], mp->high_ports[i]); } s = format (s, "vrf %d ", ntohl(mp->vrf_id)); @@ -2117,9 +2117,19 @@ static void *vl_api_ip_source_and_port_range_check_interface_add_del_t_print s = format (0, "SCRIPT: ip_source_and_port_range_check_interface_add_del "); - s = format (s, "%d ", ntohl(mp->sw_if_index)); + s = format (s, "sw_if_index %d ", ntohl(mp->sw_if_index)); - s = format (s, "vrf %d ", ntohl(mp->vrf_id)); + if (mp->tcp_out_vrf_id != ~0) + s = format (s, "tcp-out-vrf %d ", ntohl(mp->tcp_out_vrf_id)); + + if (mp->udp_out_vrf_id != ~0) + s = format (s, "udp-out-vrf %d ", ntohl(mp->udp_out_vrf_id)); + + if (mp->tcp_in_vrf_id != ~0) + s = format (s, "tcp-in-vrf %d ", ntohl(mp->tcp_in_vrf_id)); + + if (mp->udp_in_vrf_id != ~0) + s = format (s, "udp-in-vrf %d ", ntohl(mp->udp_in_vrf_id)); if (mp->is_add == 0) s = format (s, "del "); diff --git a/vpp/vpp-api/vpe.api b/vpp/vpp-api/vpe.api index 67e742e7..4b8aa818 100644 --- a/vpp/vpp-api/vpe.api +++ b/vpp/vpp-api/vpe.api @@ -4342,7 +4342,7 @@ define pg_capture_reply { @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_enabled - 1 if enabling streams, 0 if disabling - @param stream - stream name to be enable/disabled, if not specified handle all streams + @param stream - stream name to be enable/disabled, if not specified handle all streams */ define pg_enable_disable { u32 client_index; @@ -4368,6 +4368,7 @@ define pg_enable_disable_reply { @param is_add - 1 if add, 0 if delete @param mask_length - mask length for address entry @param address - array of address bytes + @param number_of_ranges - length of low_port and high_port arrays (must match) @param low_ports[32] - up to 32 low end of port range entries (must have corresponding high_ports entry) @param high_ports[32] - up to 32 high end of port range entries (must have corresponding low_ports entry) @param vrf_id - fib table/vrf id to associate the source and port-range check with @@ -4399,14 +4400,18 @@ define ip_source_and_port_range_check_add_del_reply { @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param interface_id - interface index - @param vrf_id - VRF associated with source and L4 port-range check + @param tcp_vrf_id - VRF associated with source and TCP port-range check + @param udp_vrf_id - VRF associated with source and TCP port-range check */ define ip_source_and_port_range_check_interface_add_del { u32 client_index; u32 context; u8 is_add; u32 sw_if_index; - u32 vrf_id; + u32 tcp_in_vrf_id; + u32 tcp_out_vrf_id; + u32 udp_in_vrf_id; + u32 udp_out_vrf_id; }; /** \brief Set interface source and L4 port-range response -- cgit 1.2.3-korg