aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/gbp
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-06-19 06:25:56 -0700
committerDamjan Marion <dmarion@me.com>2019-07-01 08:37:53 +0000
commit160c923f99c2adc103495fab1bfcefe965fe7fb8 (patch)
treea3b33e764c9ec138d519a5a2b4001bdf63eb8dba /src/plugins/gbp
parent5770c916c0cf110ced690ff128b065bbb2c827ca (diff)
gbp: VRF scoped contracts
Type: feature Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2 Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/plugins/gbp')
-rw-r--r--src/plugins/gbp/gbp.api5
-rw-r--r--src/plugins/gbp/gbp_api.c13
-rw-r--r--src/plugins/gbp/gbp_api_print.h2
-rw-r--r--src/plugins/gbp/gbp_bridge_domain.c26
-rw-r--r--src/plugins/gbp/gbp_bridge_domain.h15
-rw-r--r--src/plugins/gbp/gbp_contract.c29
-rw-r--r--src/plugins/gbp/gbp_contract.h11
-rw-r--r--src/plugins/gbp/gbp_endpoint.c1
-rw-r--r--src/plugins/gbp/gbp_policy_dpo.c28
-rw-r--r--src/plugins/gbp/gbp_policy_dpo.h6
-rw-r--r--src/plugins/gbp/gbp_policy_node.c24
-rw-r--r--src/plugins/gbp/gbp_route_domain.c18
-rw-r--r--src/plugins/gbp/gbp_route_domain.h3
-rw-r--r--src/plugins/gbp/gbp_subnet.c2
-rw-r--r--src/plugins/gbp/gbp_types.h1
15 files changed, 148 insertions, 36 deletions
diff --git a/src/plugins/gbp/gbp.api b/src/plugins/gbp/gbp.api
index b0b284fcc3e..f6775e7dcd7 100644
--- a/src/plugins/gbp/gbp.api
+++ b/src/plugins/gbp/gbp.api
@@ -31,6 +31,7 @@ enum gbp_bridge_domain_flags
typedef gbp_bridge_domain
{
u32 bd_id;
+ u32 rd_id;
vl_api_gbp_bridge_domain_flags_t flags;
u32 bvi_sw_if_index;
u32 uu_fwd_sw_if_index;
@@ -60,6 +61,8 @@ define gbp_bridge_domain_details
vl_api_gbp_bridge_domain_t bd;
};
+typedef u16 gbp_scope;
+
typedef gbp_route_domain
{
u32 rd_id;
@@ -67,6 +70,7 @@ typedef gbp_route_domain
u32 ip6_table_id;
u32 ip4_uu_sw_if_index;
u32 ip6_uu_sw_if_index;
+ vl_api_gbp_scope_t scope;
};
manual_print autoreply define gbp_route_domain_add
@@ -299,6 +303,7 @@ typedef gbp_rule
typedef gbp_contract
{
+ vl_api_gbp_scope_t scope;
u16 sclass;
u16 dclass;
u32 acl_index;
diff --git a/src/plugins/gbp/gbp_api.c b/src/plugins/gbp/gbp_api.c
index db8c8c69ed6..8155a8ff0f1 100644
--- a/src/plugins/gbp/gbp_api.c
+++ b/src/plugins/gbp/gbp_api.c
@@ -342,6 +342,7 @@ vl_api_gbp_bridge_domain_add_t_handler (vl_api_gbp_bridge_domain_add_t * mp)
int rv = 0;
rv = gbp_bridge_domain_add_and_lock (ntohl (mp->bd.bd_id),
+ ntohl (mp->bd.rd_id),
gbp_bridge_domain_flags_from_api
(mp->bd.flags),
ntohl (mp->bd.bvi_sw_if_index),
@@ -369,6 +370,7 @@ vl_api_gbp_route_domain_add_t_handler (vl_api_gbp_route_domain_add_t * mp)
int rv = 0;
rv = gbp_route_domain_add_and_lock (ntohl (mp->rd.rd_id),
+ ntohs (mp->rd.scope),
ntohl (mp->rd.ip4_table_id),
ntohl (mp->rd.ip6_table_id),
ntohl (mp->rd.ip4_uu_sw_if_index),
@@ -559,6 +561,7 @@ static int
gbp_bridge_domain_send_details (gbp_bridge_domain_t * gb, void *args)
{
vl_api_gbp_bridge_domain_details_t *mp;
+ gbp_route_domain_t *gr;
gbp_walk_ctx_t *ctx;
ctx = args;
@@ -570,7 +573,10 @@ gbp_bridge_domain_send_details (gbp_bridge_domain_t * gb, void *args)
mp->_vl_msg_id = ntohs (VL_API_GBP_BRIDGE_DOMAIN_DETAILS + GBP_MSG_BASE);
mp->context = ctx->context;
+ gr = gbp_route_domain_get (gb->gb_rdi);
+
mp->bd.bd_id = ntohl (gb->gb_bd_id);
+ mp->bd.rd_id = ntohl (gr->grd_id);
mp->bd.bvi_sw_if_index = ntohl (gb->gb_bvi_sw_if_index);
mp->bd.uu_fwd_sw_if_index = ntohl (gb->gb_uu_fwd_sw_if_index);
mp->bd.bm_flood_sw_if_index = ntohl (gb->gb_bm_flood_sw_if_index);
@@ -961,13 +967,15 @@ vl_api_gbp_contract_add_del_t_handler (vl_api_gbp_contract_add_del_t * mp)
allowed_ethertypes[ii] = mp->contract.allowed_ethertypes[ii];
}
- rv = gbp_contract_update (ntohs (mp->contract.sclass),
+ rv = gbp_contract_update (ntohs (mp->contract.scope),
+ ntohs (mp->contract.sclass),
ntohs (mp->contract.dclass),
ntohl (mp->contract.acl_index),
rules, allowed_ethertypes, &stats_index);
}
else
- rv = gbp_contract_delete (ntohs (mp->contract.sclass),
+ rv = gbp_contract_delete (ntohs (mp->contract.scope),
+ ntohs (mp->contract.sclass),
ntohs (mp->contract.dclass));
out:
@@ -997,6 +1005,7 @@ gbp_contract_send_details (gbp_contract_t * gbpc, void *args)
mp->contract.sclass = ntohs (gbpc->gc_key.gck_src);
mp->contract.dclass = ntohs (gbpc->gc_key.gck_dst);
mp->contract.acl_index = ntohl (gbpc->gc_acl_index);
+ mp->contract.scope = ntohs (gbpc->gc_key.gck_scope);
vl_api_send_msg (ctx->reg, (u8 *) mp);
diff --git a/src/plugins/gbp/gbp_api_print.h b/src/plugins/gbp/gbp_api_print.h
index 7598306ec5c..67cd30c7da7 100644
--- a/src/plugins/gbp/gbp_api_print.h
+++ b/src/plugins/gbp/gbp_api_print.h
@@ -32,6 +32,7 @@ vl_api_gbp_bridge_domain_add_t_print (vl_api_gbp_bridge_domain_add_t * a,
s = format (s, "SCRIPT: gbp_bridge_domain_add ");
s = format (s, "bd_id %d ", ntohl (a->bd.bd_id));
+ s = format (s, "rd_id %d ", ntohl (a->bd.rd_id));
s = format (s, "flags %d ", ntohl (a->bd.flags));
s = format (s, "uu-fwd %d ", ntohl (a->bd.uu_fwd_sw_if_index));
s = format (s, "bvi %d ", ntohl (a->bd.bvi_sw_if_index));
@@ -238,6 +239,7 @@ vl_api_gbp_contract_add_del_t_print (vl_api_gbp_contract_add_del_t * a,
s = format (s, "add ");
else
s = format (s, "del ");
+ s = format (s, "scope %d ", ntohl (a->contract.scope));
s = format (s, "sclass %d ", ntohs (a->contract.sclass));
s = format (s, "dclass %d ", ntohs (a->contract.dclass));
s = format (s, "acl_index %d \n", ntohl (a->contract.acl_index));
diff --git a/src/plugins/gbp/gbp_bridge_domain.c b/src/plugins/gbp/gbp_bridge_domain.c
index 53105451d6c..6c14fbcbfdd 100644
--- a/src/plugins/gbp/gbp_bridge_domain.c
+++ b/src/plugins/gbp/gbp_bridge_domain.c
@@ -14,6 +14,7 @@
*/
#include <plugins/gbp/gbp_bridge_domain.h>
+#include <plugins/gbp/gbp_route_domain.h>
#include <plugins/gbp/gbp_endpoint.h>
#include <plugins/gbp/gbp_learn.h>
@@ -35,6 +36,11 @@ gbp_bridge_domain_t *gbp_bridge_domain_pool;
gbp_bridge_domain_db_t gbp_bridge_domain_db;
/**
+ * Map of BD index to contract scope
+ */
+gbp_scope_t *gbp_scope_by_bd_index;
+
+/**
* logger
*/
vlib_log_class_t gb_logger;
@@ -170,6 +176,7 @@ format_gbp_bridge_domain (u8 * s, va_list * args)
int
gbp_bridge_domain_add_and_lock (u32 bd_id,
+ u32 rd_id,
gbp_bridge_domain_flags_t flags,
u32 bvi_sw_if_index,
u32 uu_fwd_sw_if_index,
@@ -182,6 +189,7 @@ gbp_bridge_domain_add_and_lock (u32 bd_id,
if (INDEX_INVALID == gbi)
{
+ gbp_route_domain_t *gr;
u32 bd_index;
bd_index = bd_find_index (&bd_main, bd_id);
@@ -205,6 +213,14 @@ gbp_bridge_domain_add_and_lock (u32 bd_id,
gb->gb_bm_flood_sw_if_index = bm_flood_sw_if_index;
gb->gb_locks = 1;
gb->gb_flags = flags;
+ gb->gb_rdi = gbp_route_domain_find_and_lock (rd_id);
+
+ /*
+ * set the scope from the BD's RD's scope
+ */
+ gr = gbp_route_domain_get (gb->gb_rdi);
+ vec_validate (gbp_scope_by_bd_index, gb->gb_bd_index);
+ gbp_scope_by_bd_index[gb->gb_bd_index] = gr->grd_scope;
/*
* Set the BVI and uu-flood interfaces into the BD
@@ -298,6 +314,7 @@ gbp_bridge_domain_unlock (index_t index)
}
gbp_bridge_domain_db_remove (gb);
+ gbp_route_domain_unlock (gb->gb_rdi);
pool_put (gbp_bridge_domain_pool, gb);
}
@@ -344,8 +361,8 @@ gbp_bridge_domain_cli (vlib_main_t * vm,
gbp_bridge_domain_flags_t flags;
u32 bm_flood_sw_if_index = ~0;
u32 uu_fwd_sw_if_index = ~0;
+ u32 bd_id = ~0, rd_id = ~0;
u32 bvi_sw_if_index = ~0;
- u32 bd_id = ~0;
u8 add = 1;
flags = GBP_BD_FLAG_NONE;
@@ -369,19 +386,24 @@ gbp_bridge_domain_cli (vlib_main_t * vm,
;
else if (unformat (input, "bd %d", &bd_id))
;
+ else if (unformat (input, "rd %d", &rd_id))
+ ;
else
break;
}
if (~0 == bd_id)
return clib_error_return (0, "BD-ID must be specified");
+ if (~0 == rd_id)
+ return clib_error_return (0, "RD-ID must be specified");
if (add)
{
if (~0 == bvi_sw_if_index)
return clib_error_return (0, "interface must be specified");
- gbp_bridge_domain_add_and_lock (bd_id, flags,
+ gbp_bridge_domain_add_and_lock (bd_id, rd_id,
+ flags,
bvi_sw_if_index,
uu_fwd_sw_if_index,
bm_flood_sw_if_index);
diff --git a/src/plugins/gbp/gbp_bridge_domain.h b/src/plugins/gbp/gbp_bridge_domain.h
index dd2798fdafa..5bfa099f31d 100644
--- a/src/plugins/gbp/gbp_bridge_domain.h
+++ b/src/plugins/gbp/gbp_bridge_domain.h
@@ -46,6 +46,12 @@ typedef struct gbp_bridge_domain_t_
u32 gb_bd_index;
/**
+ * Index of the Route-domain this BD is associated with. This is used as the
+ * 'scope' of the packets for contract matching.
+ */
+ u32 gb_rdi;
+
+ /**
* Flags conttrolling behaviour
*/
gbp_bridge_domain_flags_t gb_flags;
@@ -79,6 +85,7 @@ typedef struct gbp_bridge_domain_t_
} gbp_bridge_domain_t;
extern int gbp_bridge_domain_add_and_lock (u32 bd_id,
+ u32 rd_id,
gbp_bridge_domain_flags_t flags,
u32 bvi_sw_if_index,
u32 uu_fwd_sw_if_index,
@@ -121,6 +128,14 @@ gbp_bridge_domain_get_by_bd_index (u32 bd_index)
(gbp_bridge_domain_db.gbd_by_bd_index[bd_index]));
}
+extern gbp_scope_t *gbp_scope_by_bd_index;
+
+always_inline gbp_scope_t
+gbp_bridge_domain_get_scope (u32 bd_index)
+{
+ return (gbp_scope_by_bd_index[bd_index]);
+}
+
#endif
/*
diff --git a/src/plugins/gbp/gbp_contract.c b/src/plugins/gbp/gbp_contract.c
index 552201a684b..f0bb00a0154 100644
--- a/src/plugins/gbp/gbp_contract.c
+++ b/src/plugins/gbp/gbp_contract.c
@@ -444,7 +444,8 @@ gbp_contract_mk_lbs (index_t * guis)
}
int
-gbp_contract_update (sclass_t sclass,
+gbp_contract_update (gbp_scope_t scope,
+ sclass_t sclass,
sclass_t dclass,
u32 acl_index,
index_t * rules,
@@ -457,6 +458,7 @@ gbp_contract_update (sclass_t sclass,
uword *p;
gbp_contract_key_t key = {
+ .gck_scope = scope,
.gck_src = sclass,
.gck_dst = dclass,
};
@@ -468,7 +470,7 @@ gbp_contract_update (sclass_t sclass,
gm->acl_plugin.register_user_module ("GBP ACL", "src-epg", "dst-epg");
}
- p = hash_get (gbp_contract_db.gc_hash, key.as_u32);
+ p = hash_get (gbp_contract_db.gc_hash, key.as_u64);
if (p != NULL)
{
gci = p[0];
@@ -483,7 +485,7 @@ gbp_contract_update (sclass_t sclass,
pool_get_zero (gbp_contract_pool, gc);
gc->gc_key = key;
gci = gc - gbp_contract_pool;
- hash_set (gbp_contract_db.gc_hash, key.as_u32, gci);
+ hash_set (gbp_contract_db.gc_hash, key.as_u64, gci);
vlib_validate_combined_counter (&gbp_contract_drop_counters, gci);
vlib_zero_combined_counter (&gbp_contract_drop_counters, gci);
@@ -513,16 +515,17 @@ gbp_contract_update (sclass_t sclass,
}
int
-gbp_contract_delete (sclass_t sclass, sclass_t dclass)
+gbp_contract_delete (gbp_scope_t scope, sclass_t sclass, sclass_t dclass)
{
gbp_contract_key_t key = {
+ .gck_scope = scope,
.gck_src = sclass,
.gck_dst = dclass,
};
gbp_contract_t *gc;
uword *p;
- p = hash_get (gbp_contract_db.gc_hash, key.as_u32);
+ p = hash_get (gbp_contract_db.gc_hash, key.as_u64);
if (p != NULL)
{
gc = gbp_contract_get (p[0]);
@@ -531,7 +534,7 @@ gbp_contract_delete (sclass_t sclass, sclass_t dclass)
gbp_main.acl_plugin.put_lookup_context_index (gc->gc_lc_index);
vec_free (gc->gc_allowed_ethertypes);
- hash_unset (gbp_contract_db.gc_hash, key.as_u32);
+ hash_unset (gbp_contract_db.gc_hash, key.as_u64);
pool_put (gbp_contract_pool, gc);
return (0);
@@ -559,7 +562,7 @@ gbp_contract_cli (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
sclass_t sclass = SCLASS_INVALID, dclass = SCLASS_INVALID;
- u32 acl_index = ~0, stats_index;
+ u32 acl_index = ~0, stats_index, scope;
u8 add = 1;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
@@ -568,9 +571,11 @@ gbp_contract_cli (vlib_main_t * vm,
add = 1;
else if (unformat (input, "del"))
add = 0;
- else if (unformat (input, "src-epg %d", &sclass))
+ else if (unformat (input, "scope %d", &scope))
;
- else if (unformat (input, "dst-epg %d", &dclass))
+ else if (unformat (input, "sclass %d", &sclass))
+ ;
+ else if (unformat (input, "dclass %d", &dclass))
;
else if (unformat (input, "acl-index %d", &acl_index))
;
@@ -585,12 +590,12 @@ gbp_contract_cli (vlib_main_t * vm,
if (add)
{
- gbp_contract_update (sclass, dclass, acl_index,
+ gbp_contract_update (scope, sclass, dclass, acl_index,
NULL, NULL, &stats_index);
}
else
{
- gbp_contract_delete (sclass, dclass);
+ gbp_contract_delete (scope, sclass, dclass);
}
return (NULL);
@@ -618,7 +623,7 @@ format_gbp_contract_key (u8 * s, va_list * args)
{
gbp_contract_key_t *gck = va_arg (*args, gbp_contract_key_t *);
- s = format (s, "{%d,%d}", gck->gck_src, gck->gck_dst);
+ s = format (s, "{%d,%d,%d}", gck->gck_scope, gck->gck_src, gck->gck_dst);
return (s);
}
diff --git a/src/plugins/gbp/gbp_contract.h b/src/plugins/gbp/gbp_contract.h
index 9de52eb9806..8e621a47d28 100644
--- a/src/plugins/gbp/gbp_contract.h
+++ b/src/plugins/gbp/gbp_contract.h
@@ -38,13 +38,14 @@ typedef struct gbp_contract_key_t_
{
struct
{
+ gbp_scope_t gck_scope;
/**
* source and destination EPGs for which the ACL applies
*/
sclass_t gck_src;
sclass_t gck_dst;
};
- u32 as_u32;
+ u64 as_u64;
};
} gbp_contract_key_t;
@@ -149,12 +150,14 @@ typedef struct gbp_contract_db_t_
uword *gc_hash;
} gbp_contract_db_t;
-extern int gbp_contract_update (sclass_t sclass,
+extern int gbp_contract_update (gbp_scope_t scope,
+ sclass_t sclass,
sclass_t dclass,
u32 acl_index,
index_t * rules,
u16 * allowed_ethertypes, u32 * stats_index);
-extern int gbp_contract_delete (sclass_t sclass, sclass_t dclass);
+extern int gbp_contract_delete (gbp_scope_t scope, sclass_t sclass,
+ sclass_t dclass);
extern index_t gbp_rule_alloc (gbp_rule_action_t action,
gbp_hash_mode_t hash_mode, index_t * nhs);
@@ -177,7 +180,7 @@ gbp_contract_find (gbp_contract_key_t * key)
{
uword *p;
- p = hash_get (gbp_contract_db.gc_hash, key->as_u32);
+ p = hash_get (gbp_contract_db.gc_hash, key->as_u64);
if (NULL != p)
return (p[0]);
diff --git a/src/plugins/gbp/gbp_endpoint.c b/src/plugins/gbp/gbp_endpoint.c
index 2472199e320..da15b49d81b 100644
--- a/src/plugins/gbp/gbp_endpoint.c
+++ b/src/plugins/gbp/gbp_endpoint.c
@@ -759,6 +759,7 @@ gbb_endpoint_fwd_recalc (gbp_endpoint_t * ge)
* is applied
*/
gbp_policy_dpo_add_or_lock (fib_proto_to_dpo (pfx->fp_proto),
+ grd->grd_scope,
gg->gg_sclass, ~0, &policy_dpo);
fib_table_entry_special_dpo_add (fib_index, pfx,
diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c
index a7077899fd8..8152315c7b8 100644
--- a/src/plugins/gbp/gbp_policy_dpo.c
+++ b/src/plugins/gbp/gbp_policy_dpo.c
@@ -93,6 +93,7 @@ gbp_policy_dpo_get_urpf (const dpo_id_t * dpo)
void
gbp_policy_dpo_add_or_lock (dpo_proto_t dproto,
+ gbp_scope_t scope,
sclass_t sclass, u32 sw_if_index, dpo_id_t * dpo)
{
gbp_policy_dpo_t *gpd;
@@ -103,6 +104,7 @@ gbp_policy_dpo_add_or_lock (dpo_proto_t dproto,
gpd->gpd_proto = dproto;
gpd->gpd_sw_if_index = sw_if_index;
gpd->gpd_sclass = sclass;
+ gpd->gpd_scope = scope;
if (~0 != sw_if_index)
{
@@ -128,9 +130,9 @@ format_gbp_policy_dpo (u8 * s, va_list * ap)
gbp_policy_dpo_t *gpd = gbp_policy_dpo_get (index);
vnet_main_t *vnm = vnet_get_main ();
- s = format (s, "gbp-policy-dpo: %U, sclass:%d out:%U",
+ s = format (s, "gbp-policy-dpo: %U, scope:%d sclass:%d out:%U",
format_dpo_proto, gpd->gpd_proto,
- (int) gpd->gpd_sclass,
+ gpd->gpd_scope, (int) gpd->gpd_sclass,
format_vnet_sw_if_index_name, vnm, gpd->gpd_sw_if_index);
s = format (s, "\n%U", format_white_space, indent + 2);
s = format (s, "%U", format_dpo_id, &gpd->gpd_dpo, indent + 4);
@@ -151,6 +153,7 @@ gbp_policy_dpo_interpose (const dpo_id_t * original,
gpd = gbp_policy_dpo_get (original->dpoi_index);
gpd_clone->gpd_proto = gpd->gpd_proto;
+ gpd_clone->gpd_scope = gpd->gpd_scope;
gpd_clone->gpd_sclass = gpd->gpd_sclass;
gpd_clone->gpd_sw_if_index = gpd->gpd_sw_if_index;
@@ -233,11 +236,13 @@ static char *gbp_policy_dpo_error_strings[] = {
typedef struct gbp_policy_dpo_trace_t_
{
- u32 sclass;
- u32 dclass;
+ gbp_scope_t scope;
+ sclass_t sclass;
+ sclass_t dclass;
u32 acl_index;
u32 flags;
u32 action;
+ u32 gci;
} gbp_policy_dpo_trace_t;
typedef enum
@@ -323,11 +328,13 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
if (vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_A)
{
next0 = gpd0->gpd_dpo.dpoi_next_node;
- key0.as_u32 = ~0;
+ key0.as_u64 = ~0;
n_allow_a_bit++;
goto trace;
}
+ key0.as_u64 = 0;
+ key0.gck_scope = gpd0->gpd_scope;
key0.gck_src = vnet_buffer2 (b0)->gbp.sclass;
key0.gck_dst = gpd0->gpd_sclass;
@@ -440,11 +447,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
gbp_policy_dpo_trace_t *tr;
tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
+ tr->scope = key0.gck_scope;
tr->sclass = key0.gck_src;
tr->dclass = key0.gck_dst;
tr->acl_index = (gc0 ? gc0->gc_acl_index : ~0);
tr->flags = vnet_buffer2 (b0)->gbp.flags;
tr->action = action0;
+ tr->gci = (gc0 ? gc0 - gbp_contract_pool : INDEX_INVALID);
+
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
@@ -472,9 +482,11 @@ format_gbp_policy_dpo_trace (u8 * s, va_list * args)
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
gbp_policy_dpo_trace_t *t = va_arg (*args, gbp_policy_dpo_trace_t *);
- s = format (s, " sclass:%d dclass:%d acl-index:%d flags:%U action:%d",
- t->sclass, t->dclass, t->acl_index,
- format_vxlan_gbp_header_gpflags, t->flags, t->action);
+ s =
+ format (s,
+ "scope:%d sclass:%d dclass:%d gci:%d acl-index:%d flags:%U action:%d",
+ t->scope, t->sclass, t->dclass, t->gci, t->acl_index,
+ format_vxlan_gbp_header_gpflags, t->flags, t->action);
return s;
}
diff --git a/src/plugins/gbp/gbp_policy_dpo.h b/src/plugins/gbp/gbp_policy_dpo.h
index 3a4264d9194..6b4f8c57fd0 100644
--- a/src/plugins/gbp/gbp_policy_dpo.h
+++ b/src/plugins/gbp/gbp_policy_dpo.h
@@ -38,6 +38,11 @@ typedef struct gbp_policy_dpo_t_
sclass_t gpd_sclass;
/**
+ * sclass scope
+ */
+ gbp_scope_t gpd_scope;
+
+ /**
* output sw_if_index
*/
u32 gpd_sw_if_index;
@@ -54,6 +59,7 @@ typedef struct gbp_policy_dpo_t_
} gbp_policy_dpo_t;
extern void gbp_policy_dpo_add_or_lock (dpo_proto_t dproto,
+ gbp_scope_t scope,
sclass_t sclass,
u32 sw_if_index, dpo_id_t * dpo);
diff --git a/src/plugins/gbp/gbp_policy_node.c b/src/plugins/gbp/gbp_policy_node.c
index 2cffc79cf2d..26f7e9b8c59 100644
--- a/src/plugins/gbp/gbp_policy_node.c
+++ b/src/plugins/gbp/gbp_policy_node.c
@@ -15,6 +15,7 @@
#include <plugins/gbp/gbp.h>
#include <plugins/gbp/gbp_policy_dpo.h>
+#include <plugins/gbp/gbp_bridge_domain.h>
#include <vnet/vxlan-gbp/vxlan_gbp_packet.h>
#include <vnet/vxlan-gbp/vxlan_gbp.h>
@@ -49,8 +50,9 @@ typedef enum
typedef struct gbp_policy_trace_t_
{
/* per-pkt trace data */
- u32 sclass;
- u32 dst_epg;
+ gbp_scope_t scope;
+ sclass_t sclass;
+ sclass_t dclass;
u32 acl_index;
u32 allowed;
u32 flags;
@@ -154,6 +156,9 @@ gbp_policy_inline (vlib_main_t * vm,
h0 = vlib_buffer_get_current (b0);
sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX];
+ /* zero out the key to ensure the pad space is clear */
+ key0.as_u64 = 0;
+
/*
* Reflection check; in and out on an ivxlan tunnel
*/
@@ -176,7 +181,7 @@ gbp_policy_inline (vlib_main_t * vm,
L2OUTPUT_FEAT_GBP_POLICY_PORT :
L2OUTPUT_FEAT_GBP_POLICY_MAC));
n_allow_a_bit++;
- key0.as_u32 = ~0;
+ key0.as_u64 = ~0;
goto trace;
}
@@ -190,7 +195,11 @@ gbp_policy_inline (vlib_main_t * vm,
vnet_buffer (b0)->l2.bd_index);
if (NULL != ge0)
- key0.gck_dst = ge0->ge_fwd.gef_sclass;
+ {
+ key0.gck_dst = ge0->ge_fwd.gef_sclass;
+ key0.gck_scope =
+ gbp_bridge_domain_get_scope (vnet_buffer (b0)->l2.bd_index);
+ }
else
{
/* If you cannot determine the destination EP then drop */
@@ -373,7 +382,8 @@ gbp_policy_inline (vlib_main_t * vm,
gbp_policy_trace_t *t =
vlib_add_trace (vm, node, b0, sizeof (*t));
t->sclass = key0.gck_src;
- t->dst_epg = key0.gck_dst;
+ t->dclass = key0.gck_dst;
+ t->scope = key0.gck_scope;
t->acl_index = (gc0 ? gc0->gc_acl_index : ~0);
t->allowed = (next0 != GBP_POLICY_NEXT_DROP);
t->flags = vnet_buffer2 (b0)->gbp.flags;
@@ -422,8 +432,8 @@ format_gbp_policy_trace (u8 * s, va_list * args)
gbp_policy_trace_t *t = va_arg (*args, gbp_policy_trace_t *);
s =
- format (s, "sclass:%d, dst:%d, acl:%d allowed:%d flags:%U",
- t->sclass, t->dst_epg, t->acl_index, t->allowed,
+ format (s, "scope:%d sclass:%d, dclass:%d, acl:%d allowed:%d flags:%U",
+ t->scope, t->sclass, t->dclass, t->acl_index, t->allowed,
format_vxlan_gbp_header_gpflags, t->flags);
return s;
diff --git a/src/plugins/gbp/gbp_route_domain.c b/src/plugins/gbp/gbp_route_domain.c
index 7502a253440..90b0155758d 100644
--- a/src/plugins/gbp/gbp_route_domain.c
+++ b/src/plugins/gbp/gbp_route_domain.c
@@ -126,6 +126,7 @@ gbp_route_domain_db_remove (gbp_route_domain_t * grd)
int
gbp_route_domain_add_and_lock (u32 rd_id,
+ gbp_scope_t scope,
u32 ip4_table_id,
u32 ip6_table_id,
u32 ip4_uu_sw_if_index, u32 ip6_uu_sw_if_index)
@@ -142,6 +143,7 @@ gbp_route_domain_add_and_lock (u32 rd_id,
pool_get_zero (gbp_route_domain_pool, grd);
grd->grd_id = rd_id;
+ grd->grd_scope = scope;
grd->grd_table_id[FIB_PROTOCOL_IP4] = ip4_table_id;
grd->grd_table_id[FIB_PROTOCOL_IP6] = ip6_table_id;
grd->grd_uu_sw_if_index[FIB_PROTOCOL_IP4] = ip4_uu_sw_if_index;
@@ -241,6 +243,16 @@ gbp_route_domain_get_rd_id (index_t grdi)
return (grd->grd_id);
}
+gbp_scope_t
+gbp_route_domain_get_scope (index_t grdi)
+{
+ gbp_route_domain_t *grd;
+
+ grd = gbp_route_domain_get (grdi);
+
+ return (grd->grd_scope);
+}
+
int
gbp_route_domain_delete (u32 rd_id)
{
@@ -296,6 +308,7 @@ gbp_route_domain_cli (vlib_main_t * vm,
u32 ip6_uu_sw_if_index = ~0;
u32 ip4_table_id = ~0;
u32 ip6_table_id = ~0;
+ u32 scope = ~0;
u32 rd_id = ~0;
u8 add = 1;
@@ -317,6 +330,8 @@ gbp_route_domain_cli (vlib_main_t * vm,
add = 0;
else if (unformat (input, "rd %d", &rd_id))
;
+ else if (unformat (input, "scope %d", &scope))
+ ;
else
break;
}
@@ -331,7 +346,8 @@ gbp_route_domain_cli (vlib_main_t * vm,
if (~0 == ip6_table_id)
return clib_error_return (0, "IP6 table-ID must be specified");
- gbp_route_domain_add_and_lock (rd_id, ip4_table_id,
+ gbp_route_domain_add_and_lock (rd_id, scope,
+ ip4_table_id,
ip6_table_id,
ip4_uu_sw_if_index, ip6_uu_sw_if_index);
}
diff --git a/src/plugins/gbp/gbp_route_domain.h b/src/plugins/gbp/gbp_route_domain.h
index b83d598ad38..dd7adf096cf 100644
--- a/src/plugins/gbp/gbp_route_domain.h
+++ b/src/plugins/gbp/gbp_route_domain.h
@@ -32,6 +32,7 @@ typedef struct gpb_route_domain_t_
* Route-domain ID
*/
u32 grd_id;
+ gbp_scope_t grd_scope;
u32 grd_fib_index[FIB_PROTOCOL_IP_MAX];
u32 grd_table_id[FIB_PROTOCOL_IP_MAX];
@@ -55,6 +56,7 @@ typedef struct gpb_route_domain_t_
} gbp_route_domain_t;
extern int gbp_route_domain_add_and_lock (u32 rd_id,
+ gbp_scope_t scope,
u32 ip4_table_id,
u32 ip6_table_id,
u32 ip4_uu_sw_if_index,
@@ -67,6 +69,7 @@ extern index_t gbp_route_domain_index (const gbp_route_domain_t *);
extern int gbp_route_domain_delete (u32 rd_id);
extern gbp_route_domain_t *gbp_route_domain_get (index_t i);
extern u32 gbp_route_domain_get_rd_id (index_t i);
+extern gbp_scope_t gbp_route_domain_get_scope (index_t i);
typedef int (*gbp_route_domain_cb_t) (gbp_route_domain_t * gb, void *ctx);
extern void gbp_route_domain_walk (gbp_route_domain_cb_t bgpe, void *ctx);
diff --git a/src/plugins/gbp/gbp_subnet.c b/src/plugins/gbp/gbp_subnet.c
index 2daf0ddc684..e2dfd3799b0 100644
--- a/src/plugins/gbp/gbp_subnet.c
+++ b/src/plugins/gbp/gbp_subnet.c
@@ -163,6 +163,7 @@ gbp_subnet_external_add (gbp_subnet_t * gs, u32 sw_if_index, sclass_t sclass)
gs->gs_stitched_external.gs_sw_if_index = sw_if_index;
gbp_policy_dpo_add_or_lock (fib_proto_to_dpo (gs->gs_key->gsk_pfx.fp_proto),
+ gbp_route_domain_get_scope (gs->gs_rd),
gs->gs_stitched_external.gs_sclass,
gs->gs_stitched_external.gs_sw_if_index, &gpd);
@@ -186,6 +187,7 @@ gbp_subnet_l3_out_add (gbp_subnet_t * gs, sclass_t sclass)
gs->gs_l3_out.gs_sclass = sclass;
gbp_policy_dpo_add_or_lock (fib_proto_to_dpo (gs->gs_key->gsk_pfx.fp_proto),
+ gbp_route_domain_get_scope (gs->gs_rd),
gs->gs_l3_out.gs_sclass, ~0, &gpd);
gs->gs_fei = fib_table_entry_special_dpo_add (gs->gs_key->gsk_fib_index,
diff --git a/src/plugins/gbp/gbp_types.h b/src/plugins/gbp/gbp_types.h
index 5bd9735e08b..ac983b1cdd2 100644
--- a/src/plugins/gbp/gbp_types.h
+++ b/src/plugins/gbp/gbp_types.h
@@ -21,6 +21,7 @@
typedef u32 vnid_t;
#define VNID_INVALID ((u16)~0)
+typedef u16 gbp_scope_t;
typedef u16 sclass_t;
#define SCLASS_INVALID ((u16)~0)