From c07bf5d5032e2b3ed4a651c8e6b8ff2131bc79c6 Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Wed, 17 Feb 2016 17:52:26 -0500 Subject: Per-interface, per-address-family fast packet filter Change-Id: I122aa8edfb16a433a8ccdfb72ee8463c48c56d6d Signed-off-by: Dave Barach --- vpp/api/api.c | 48 ++++++++++++++++++++++++++++++++++++++++++- vpp/api/custom_dump.c | 37 ++++++++++++++++++++++++++++++++- vpp/api/vpe.api | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++ vpp/vnet/main.c | 2 ++ 4 files changed, 142 insertions(+), 2 deletions(-) (limited to 'vpp') diff --git a/vpp/api/api.c b/vpp/api/api.c index 0761a942..1390291b 100644 --- a/vpp/api/api.c +++ b/vpp/api/api.c @@ -69,6 +69,7 @@ #include #include #include +#include #undef BIHASH_TYPE #undef __included_bihash_template_h__ @@ -307,7 +308,9 @@ _(MAP_DEL_DOMAIN, map_del_domain) \ _(MAP_ADD_DEL_RULE, map_add_del_rule) \ _(MAP_DOMAIN_DUMP, map_domain_dump) \ _(MAP_RULE_DUMP, map_rule_dump) \ -_(MAP_SUMMARY_STATS, map_summary_stats) +_(MAP_SUMMARY_STATS, map_summary_stats) \ +_(COP_INTERFACE_ENABLE_DISABLE, cop_interface_enable_disable) \ +_(COP_WHITELIST_ENABLE_DISABLE, cop_whitelist_enable_disable) #define QUOTE_(x) #x #define QUOTE(x) QUOTE_(x) @@ -4860,6 +4863,49 @@ static void vl_api_ipsec_sa_set_key_t_handler REPLY_MACRO(VL_API_IPSEC_SA_SET_KEY_REPLY); } +static void vl_api_cop_interface_enable_disable_t_handler +(vl_api_cop_interface_enable_disable_t * mp) +{ + vl_api_cop_interface_enable_disable_reply_t * rmp; + int rv; + u32 sw_if_index = ntohl(mp->sw_if_index); + int enable_disable; + + VALIDATE_SW_IF_INDEX(mp); + + enable_disable = (int) mp->enable_disable; + + rv = cop_interface_enable_disable (sw_if_index, enable_disable); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO(VL_API_COP_INTERFACE_ENABLE_DISABLE_REPLY); +} + +static void vl_api_cop_whitelist_enable_disable_t_handler +(vl_api_cop_whitelist_enable_disable_t * mp) +{ + vl_api_cop_whitelist_enable_disable_reply_t * rmp; + cop_whitelist_enable_disable_args_t _a, *a=&_a; + u32 sw_if_index = ntohl(mp->sw_if_index); + int rv; + + VALIDATE_SW_IF_INDEX(mp); + + a->sw_if_index = sw_if_index; + a->ip4 = mp->ip4; + a->ip6 = mp->ip6; + a->default_cop = mp->default_cop; + a->fib_id = ntohl(mp->fib_id); + + rv = cop_whitelist_enable_disable (a); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO(VL_API_COP_WHITELIST_ENABLE_DISABLE_REPLY); +} + + #define BOUNCE_HANDLER(nn) \ static void vl_api_##nn##_t_handler ( \ vl_api_##nn##_t *mp) \ diff --git a/vpp/api/custom_dump.c b/vpp/api/custom_dump.c index 85740eee..6a402ead 100644 --- a/vpp/api/custom_dump.c +++ b/vpp/api/custom_dump.c @@ -1694,6 +1694,39 @@ static void * vl_api_ip_dump_t_print FINISH; } +static void * vl_api_cop_interface_enable_disable_t_print +(vl_api_cop_interface_enable_disable_t * mp, void *handle) +{ + u8 * s; + + s = format (0, "SCRIPT: cop_interface_enable_disable "); + s = format (s, "sw_if_index %d ", ntohl(mp->sw_if_index)); + if (mp->enable_disable) + s = format (s, "enable "); + else + s = format (s, "disable "); + + FINISH; +} + +static void * vl_api_cop_whitelist_enable_disable_t_print +(vl_api_cop_whitelist_enable_disable_t * mp, void *handle) +{ + u8 * s; + + s = format (0, "SCRIPT: cop_whitelist_enable_disable "); + s = format (s, "sw_if_index %d ", ntohl(mp->sw_if_index)); + s = format (s, "fib-id %d ", ntohl(mp->fib_id)); + if (mp->ip4) + s = format (s, "ip4 "); + if (mp->ip6) + s = format (s, "ip6 "); + if (mp->default_cop) + s = format (s, "default "); + + FINISH; +} + #define foreach_custom_print_function \ _(CREATE_LOOPBACK, create_loopback) \ _(SW_INTERFACE_SET_FLAGS, sw_interface_set_flags) \ @@ -1773,7 +1806,9 @@ _(INPUT_ACL_SET_INTERFACE, input_acl_set_interface) \ _(IP_ADDRESS_DUMP, ip_address_dump) \ _(IP_DUMP, ip_dump) \ _(DELETE_LOOPBACK, delete_loopback) \ -_(BD_IP_MAC_ADD_DEL, bd_ip_mac_add_del) +_(BD_IP_MAC_ADD_DEL, bd_ip_mac_add_del) \ +_(COP_INTERFACE_ENABLE_DISABLE, cop_interface_enable_disable) \ +_(COP_WHITELIST_ENABLE_DISABLE, cop_whitelist_enable_disable) void vl_msg_api_custom_dump_configure (api_main_t *am) { diff --git a/vpp/api/vpe.api b/vpp/api/vpe.api index 6b54ab82..bc3e107f 100644 --- a/vpp/api/vpe.api +++ b/vpp/api/vpe.api @@ -2752,3 +2752,60 @@ define map_summary_stats_reply { u64 total_ip4_fragments; u64 total_security_check[2]; }; + +/** \brief cop: enable/disable junk filtration features on an interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param sw_if_inded - desired interface + @param enable_disable - 1 => enable, 0 => disable +*/ + +define cop_interface_enable_disable { + u32 client_index; + u32 context; + u32 sw_if_index; + u8 enable_disable; +}; + +/** \brief cop: interface enable/disable junk filtration reply + @param context - returned sender context, to match reply w/ request + @param retval - return code +*/ + +define cop_interface_enable_disable_reply { + u32 context; + i32 retval; +}; + +/** \brief cop: enable/disable whitelist filtration features on an interface + Note: the supplied fib_id must match in order to remove the feature! + + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param sw_if_index - interface handle, physical interfaces only + @param fib_id - fib identifier for the whitelist / blacklist fib + @param ip4 - 1 => enable ip4 filtration, 0=> disable ip4 filtration + @param ip6 - 1 => enable ip6 filtration, 0=> disable ip6 filtration + @param default_cop - 1 => enable non-ip4, non-ip6 filtration 0=> disable it +*/ + +define cop_whitelist_enable_disable { + u32 client_index; + u32 context; + u32 sw_if_index; + u32 fib_id; + u8 ip4; + u8 ip6; + u8 default_cop; +}; + +/** \brief cop: interface enable/disable junk filtration reply + @param context - returned sender context, to match reply w/ request + @param retval - return code +*/ + +define cop_whitelist_enable_disable_reply { + u32 context; + i32 retval; +}; + diff --git a/vpp/vnet/main.c b/vpp/vnet/main.c index 84e071c7..bfd5ad59 100644 --- a/vpp/vnet/main.c +++ b/vpp/vnet/main.c @@ -122,6 +122,8 @@ vpe_main_init (vlib_main_t * vm) #endif if ((error = vlib_call_init_function (vm, li_init))) return error; + if ((error = vlib_call_init_function (vm, cop_init))) + return error; return error; } -- cgit 1.2.3-korg