aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2021-05-28 09:06:51 -0700
committerDave Wallace <dwallacelf@gmail.com>2021-06-03 19:08:42 +0000
commitafb0194b5aba63184edb3ddc34288b5aad4560e2 (patch)
tree11570a187274a3b75f4f31e428aaa0bbdd865231
parent27777bd89016a057e995b4c3d0447eecebb7b345 (diff)
srtp: cleanup build and default to disabled
Type: fix Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I62fb56257445a05105e556d1ea6cc6280b5eeccc (cherry picked from commit 427feb6fdd8aee373405dbd3a59f69440107b046)
Diffstat
-rw-r--r--src/plugins/srtp/CMakeLists.txt11
-rw-r--r--src/plugins/srtp/srtp.c2
2 files changed, 1 insertions, 12 deletions
diff --git a/src/plugins/srtp/CMakeLists.txt b/src/plugins/srtp/CMakeLists.txt
index acbdf3177d8..5771ad2dc36 100644
--- a/src/plugins/srtp/CMakeLists.txt
+++ b/src/plugins/srtp/CMakeLists.txt
@@ -11,15 +11,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-include (CheckFunctionExists)
-
vpp_plugin_find_library(srtp SRTP_LIB libsrtp2.a)
-
-if (NOT SRTP_LIB)
- message(WARNING "srtp plugin - srtp2 lib not found - plugin disabled")
- return()
-endif()
-
vpp_find_path(SRTP_INCLUDE_DIR NAMES srtp2/srtp.h)
if (NOT SRTP_INCLUDE_DIR)
@@ -29,9 +21,6 @@ endif()
include_directories (${SRTP_INCLUDE_DIR})
-set(CMAKE_REQUIRED_FLAGS "-fPIC -shared -pthread -Wno-unused-command-line-argument ${SRTP_LIB}")
-set(CMAKE_REQUIRED_INCLUDES "${SRTP_INCLUDE_DIR}")
-
add_vpp_plugin(srtp
SOURCES
srtp.c
diff --git a/src/plugins/srtp/srtp.c b/src/plugins/srtp/srtp.c
index 98bf9085da3..58a35c31606 100644
--- a/src/plugins/srtp/srtp.c
+++ b/src/plugins/srtp/srtp.c
@@ -982,7 +982,7 @@ VLIB_INIT_FUNCTION (srtp_transport_init);
VLIB_PLUGIN_REGISTER () = {
.version = VPP_BUILD_VER,
.description = "Secure Real-time Transport Protocol (SRTP)",
- /* .default_disabled = 1, */
+ .default_disabled = 1,
};
/*
13'>213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 
/*
 * Copyright (c) 2016 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
#include <vnet/cop/cop.h>
#include <vnet/fib/ip6_fib.h>
#include <vnet/dpo/load_balance.h>

typedef struct {
  u32 next_index;
  u32 sw_if_index;
} ip6_cop_whitelist_trace_t;

/* packet trace format function */
static u8 * format_ip6_cop_whitelist_trace (u8 * s, va_list * args)
{
  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
  ip6_cop_whitelist_trace_t * t = va_arg (*args, ip6_cop_whitelist_trace_t *);
  
  s = format (s, "IP6_COP_WHITELIST: sw_if_index %d, next index %d",
              t->sw_if_index, t->next_index);
  return s;
}

vlib_node_registration_t ip6_cop_whitelist_node;

#define foreach_ip6_cop_whitelist_error                         \
_(DROPPED, "ip6 cop whitelist packets dropped")

typedef enum {
#define _(sym,str) IP6_COP_WHITELIST_ERROR_##sym,
  foreach_ip6_cop_whitelist_error
#undef _
  IP6_COP_WHITELIST_N_ERROR,
} ip6_cop_whitelist_error_t;

static char * ip6_cop_whitelist_error_strings[] = {
#define _(sym,string) string,
  foreach_ip6_cop_whitelist_error
#undef _
};

static uword
ip6_cop_whitelist_node_fn (vlib_main_t * vm,
		  vlib_node_runtime_t * node,
		  vlib_frame_t * frame)
{
  u32 n_left_from, * from, * to_next;
  cop_feature_type_t next_index;
  cop_main_t *cm = &cop_main;
  ip6_main_t * im6 = &ip6_main;
  vlib_combined_counter_main_t * vcm = &load_balance_main.lbm_via_counters;
  u32 thread_index = vm->thread_index;

  from = vlib_frame_vector_args (frame);
  n_left_from = frame->n_vectors;
  next_index = node->cached_next_index;

  while (n_left_from > 0)
    {
      u32 n_left_to_next;

      vlib_get_next_frame (vm, node, next_index,
			   to_next, n_left_to_next);

      while (n_left_from >= 4 && n_left_to_next >= 2)
	{
          u32 bi0, bi1;
          vlib_buffer_t * b0, * b1;
          u32 next0, next1;
          u32 sw_if_index0, sw_if_index1;
          ip6_header_t * ip0, * ip1;
          cop_config_main_t * ccm0, * ccm1;
          cop_config_data_t * c0, * c1;
          u32 lb_index0, lb_index1;
          const load_balance_t * lb0, *lb1;
          const dpo_id_t *dpo0, *dpo1;
         
	  /* Prefetch next iteration. */
	  {
	    vlib_buffer_t * p2, * p3;
            
	    p2 = vlib_get_buffer (vm, from[2]);
	    p3 = vlib_get_buffer (vm, from[3]);
            
	    vlib_prefetch_buffer_header (p2, LOAD);
	    vlib_prefetch_buffer_header (p3, LOAD);

	    CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
	    CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE);
	  }

          /* speculatively enqueue b0 and b1 to the current next frame */
	  to_next[0] = bi0 = from[0];
	  to_next[1] = bi1 = from[1];
	  from += 2;
	  to_next += 2;
	  n_left_from -= 2;
	  n_left_to_next -= 2;

	  b0 = vlib_get_buffer (vm, bi0);
          sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];

	  ip0 = vlib_buffer_get_current (b0);

	  ccm0 = cm->cop_config_mains + VNET_COP_IP6;

	  c0 = vnet_get_config_data 
              (&ccm0->config_main,
               &vnet_buffer (b0)->cop.current_config_index,
               &next0,
               sizeof (c0[0]));

          lb_index0 = ip6_fib_table_fwding_lookup (im6, c0->fib_index, 
						    &ip0->src_address);
	  lb0 = load_balance_get (lb_index0);
          dpo0 = load_balance_get_bucket_i(lb0, 0);

          if (PREDICT_FALSE(dpo0->dpoi_type != DPO_RECEIVE))
            {
              b0->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
              next0 = RX_COP_DROP;
            }

	  b1 = vlib_get_buffer (vm, bi1);
          sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX];

	  ip1 = vlib_buffer_get_current (b1);

	  ccm1 = cm->cop_config_mains + VNET_COP_IP6;

	  c1 = vnet_get_config_data 
              (&ccm1->config_main,
               &vnet_buffer (b1)->cop.current_config_index,
               &next1,
               sizeof (c1[0]));

          lb_index1 = ip6_fib_table_fwding_lookup (im6, c1->fib_index, 
						    &ip1->src_address);

	  lb1 = load_balance_get (lb_index1);
          dpo1 = load_balance_get_bucket_i(lb1, 0);

          vlib_increment_combined_counter 
              (vcm, thread_index, lb_index0, 1,
               vlib_buffer_length_in_chain (vm, b0) 
               + sizeof(ethernet_header_t));

          vlib_increment_combined_counter 
              (vcm, thread_index, lb_index1, 1,
               vlib_buffer_length_in_chain (vm, b1)
               + sizeof(ethernet_header_t));

          if (PREDICT_FALSE(dpo1->dpoi_type != DPO_RECEIVE))
            {
              b1->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
              next1 = RX_COP_DROP;
            }

          if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) 
                            && (b0->flags & VLIB_BUFFER_IS_TRACED))) 
            {
              ip6_cop_whitelist_trace_t *t = 
                 vlib_add_trace (vm, node, b0, sizeof (*t));
              t->sw_if_index = sw_if_index0;
              t->next_index = next0;
            }

          if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) 
                            && (b1->flags & VLIB_BUFFER_IS_TRACED))) 
            {
              ip6_cop_whitelist_trace_t *t = 
                 vlib_add_trace (vm, node, b1, sizeof (*t));
              t->sw_if_index = sw_if_index1;
              t->next_index = next1;
            }

          /* verify speculative enqueues, maybe switch current next frame */
          vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
                                           to_next, n_left_to_next,
                                           bi0, bi1, next0, next1);
        }

      while (n_left_from > 0 && n_left_to_next > 0)
	{
          u32 bi0;
	  vlib_buffer_t * b0;
          u32 next0;
          u32 sw_if_index0;
          ip6_header_t * ip0;
          cop_config_main_t *ccm0;
          cop_config_data_t *c0;
          u32 lb_index0;
          const load_balance_t * lb0;
          const dpo_id_t *dpo0;

          /* speculatively enqueue b0 to the current next frame */
	  bi0 = from[0];
	  to_next[0] = bi0;
	  from += 1;
	  to_next += 1;
	  n_left_from -= 1;
	  n_left_to_next -= 1;

	  b0 = vlib_get_buffer (vm, bi0);
          sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];

	  ip0 = vlib_buffer_get_current (b0);

	  ccm0 = cm->cop_config_mains + VNET_COP_IP6;

	  c0 = vnet_get_config_data 
              (&ccm0->config_main,
               &vnet_buffer (b0)->cop.current_config_index,
               &next0,
               sizeof (c0[0]));

          lb_index0 = ip6_fib_table_fwding_lookup (im6, c0->fib_index, 
						    &ip0->src_address);

	  lb0 = load_balance_get (lb_index0);
          dpo0 = load_balance_get_bucket_i(lb0, 0);

          vlib_increment_combined_counter 
              (vcm, thread_index, lb_index0, 1,
               vlib_buffer_length_in_chain (vm, b0) 
               + sizeof(ethernet_header_t));

          if (PREDICT_FALSE(dpo0->dpoi_type != DPO_RECEIVE))
            {
              b0->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
              next0 = RX_COP_DROP;
            }

          if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) 
                            && (b0->flags & VLIB_BUFFER_IS_TRACED))) 
            {
              ip6_cop_whitelist_trace_t *t = 
                 vlib_add_trace (vm, node, b0, sizeof (*t));
              t->sw_if_index = sw_if_index0;
              t->next_index = next0;
            }
            
          /* verify speculative enqueue, maybe switch current next frame */
	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
					   to_next, n_left_to_next,
					   bi0, next0);
	}

      vlib_put_next_frame (vm, node, next_index, n_left_to_next);
    }
  return frame->n_vectors;
}

VLIB_REGISTER_NODE (ip6_cop_whitelist_node) = {
  .function = ip6_cop_whitelist_node_fn,
  .name = "ip6-cop-whitelist",
  .vector_size = sizeof (u32),
  .format_trace = format_ip6_cop_whitelist_trace,
  .type = VLIB_NODE_TYPE_INTERNAL,
  
  .n_errors = ARRAY_LEN(ip6_cop_whitelist_error_strings),
  .error_strings = ip6_cop_whitelist_error_strings,

  .n_next_nodes = COP_RX_N_FEATURES,

  /* edit / add dispositions here */
  .next_nodes = {
    [IP4_RX_COP_WHITELIST] = "ip4-cop-whitelist",
    [IP6_RX_COP_WHITELIST] = "ip6-cop-whitelist",
    [DEFAULT_RX_COP_WHITELIST] = "default-cop-whitelist",
    [IP4_RX_COP_INPUT] = "ip4-input",
    [IP6_RX_COP_INPUT] = "ip6-input",
    [DEFAULT_RX_COP_INPUT] = "ethernet-input",
    [RX_COP_DROP] = "error-drop",
  },
};

VLIB_NODE_FUNCTION_MULTIARCH (ip6_cop_whitelist_node, ip6_cop_whitelist_node_fn)

static clib_error_t *
ip6_whitelist_init (vlib_main_t * vm)
{
  return 0;
}

VLIB_INIT_FUNCTION (ip6_whitelist_init);