aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2018-06-18 13:16:39 -0400
committerFlorin Coras <florin.coras@gmail.com>2018-06-19 22:09:46 +0000
commit7055e26952e0dee3a01422e9ae733f8996e81608 (patch)
tree1fabdf1be5ced372178d279dc22c755a03cded10 /src/plugins
parent8b20bf5ef72a85ed70d7457f33c096f1eef51d0a (diff)
Driver level time-based src mac filter
Change-Id: I062d7653e00d77e73a61d8841e01ab4a159b6404 Signed-off-by: Dave Barach <dbarach@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/Makefile.am4
-rw-r--r--src/plugins/mactime.am36
-rw-r--r--src/plugins/mactime/mactime.api88
-rw-r--r--src/plugins/mactime/mactime.c533
-rw-r--r--src/plugins/mactime/mactime.h113
-rw-r--r--src/plugins/mactime/mactime_all_api_h.h19
-rw-r--r--src/plugins/mactime/mactime_msg_enum.h31
-rw-r--r--src/plugins/mactime/mactime_test.c311
-rw-r--r--src/plugins/mactime/node.c363
9 files changed, 1498 insertions, 0 deletions
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index 971b263a630..9c891c54b3c 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -83,6 +83,10 @@ if ENABLE_LB_PLUGIN
include lb.am
endif
+if ENABLE_MACTIME_PLUGIN
+include mactime.am
+endif
+
if ENABLE_MARVELL_PLUGIN
include marvell.am
endif
diff --git a/src/plugins/mactime.am b/src/plugins/mactime.am
new file mode 100644
index 00000000000..46225f6e3b1
--- /dev/null
+++ b/src/plugins/mactime.am
@@ -0,0 +1,36 @@
+
+# Copyright (c) <current-year> <your-organization>
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+vppapitestplugins_LTLIBRARIES += mactime_test_plugin.la
+vppplugins_LTLIBRARIES += mactime_plugin.la
+
+mactime_plugin_la_SOURCES = \
+ mactime/node.c \
+ mactime/mactime.c \
+ mactime/mactime.h \
+ mactime/mactime_all_api_h.h \
+ mactime/mactime_msg_enum.h
+
+API_FILES += mactime/mactime.api
+
+nobase_apiinclude_HEADERS += \
+ mactime/mactime_all_api_h.h \
+ mactime/mactime_msg_enum.h \
+ mactime/mactime.api.h
+
+mactime_test_plugin_la_SOURCES = \
+ mactime/mactime_test.c \
+ mactime/mactime.api.h
+
+# vi:syntax=automake
diff --git a/src/plugins/mactime/mactime.api b/src/plugins/mactime/mactime.api
new file mode 100644
index 00000000000..7cad7828fe4
--- /dev/null
+++ b/src/plugins/mactime/mactime.api
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/** \file
+ This file defines vpp mactime control-plane API messages
+*/
+option version = "1.0.0";
+
+/** \brief api to enable or disable the time-based src mac filter on
+ an interface
+*/
+
+autoreply define mactime_enable_disable
+{
+ u32 client_index; /**< client index, from api_main */
+ u32 context; /**< application context */
+ u8 enable_disable; /**< enable=1, disable=0 */
+ u32 sw_if_index; /**< the interface handle */
+};
+
+/** \brief a time range structure
+ * times are in double-precision fp seconds since 1/1/1970,
+ * which was a Thursday.
+ */
+typeonly define time_range
+{
+ f64 start; /**< start of the time range */
+ f64 end; /**< end of the time range */
+};
+
+/** \brief configure per src-mac time ranges
+ *
+ * Usage:
+ * to create a static allow entry:
+ * set mac_address, device_name, is_add=1, and allow=1.
+ *
+ * to create a static drop entry:
+ * set mac_address, device_name, is_add=1, and drop=1.
+ *
+ * to create a (time-range-based) dynamic allow entry:
+ * set mac_address, device_name, is_add=1, set allow=1.
+ * set count = number of ranges
+ * set each range start/end in seconds since Sunday began
+ * As in: start/end >= 0.0 && start/end < 7.0 *86400.0
+ *
+ * to create a (time-range-based) dynamic drop entry:
+ * Same procedure to create a dynamic allow entry,
+ * set drop=1 instead of allow=1
+ *
+ * to delete a per src-mac entry (of any kind)
+ * set mac_address, is_add=0
+ * note: deletes all ranges.
+ *
+ * See mactime_test.c:api_mactime_add_del_range(...) for
+ * a working example.
+ */
+
+autoreply define mactime_add_del_range
+{
+ u32 client_index; /**< client index, from api_main */
+ u32 context; /**< application context */
+ u8 is_add; /**< add=1, del=0 */
+ u8 drop; /**< drop flag */
+ u8 allow; /**< allow flag */
+ u8 mac_address[6]; /**< src mac address */
+ u8 device_name[64]; /**< device name */
+ u32 count; /**< number of time ranges to follow */
+ /** time ranges, in seconds since Sunday began */
+ vl_api_time_range_t ranges[count];
+};
+
+/*
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/mactime/mactime.c b/src/plugins/mactime/mactime.c
new file mode 100644
index 00000000000..d442d3ec08c
--- /dev/null
+++ b/src/plugins/mactime/mactime.c
@@ -0,0 +1,533 @@
+/*
+ * mactime.c - time-based src mac address filtration
+ *
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/vnet.h>
+#include <vnet/plugin/plugin.h>
+#include <mactime/mactime.h>
+
+#include <vlibapi/api.h>
+#include <vlibmemory/api.h>
+#include <vpp/app/version.h>
+
+/* define message IDs */
+#include <mactime/mactime_msg_enum.h>
+
+/* define message structures */
+#define vl_typedefs
+#include <mactime/mactime_all_api_h.h>
+#undef vl_typedefs
+
+/* define generated endian-swappers */
+#define vl_endianfun
+#include <mactime/mactime_all_api_h.h>
+#undef vl_endianfun
+
+/* instantiate all the print functions we know about */
+#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
+#define vl_printfun
+#include <mactime/mactime_all_api_h.h>
+#undef vl_printfun
+
+/* Get the API version number */
+#define vl_api_version(n,v) static u32 api_version=(v);
+#include <mactime/mactime_all_api_h.h>
+#undef vl_api_version
+
+#define REPLY_MSG_ID_BASE mm->msg_id_base
+#include <vlibapi/api_helper_macros.h>
+
+mactime_main_t mactime_main;
+
+/** \file time-base src-mac filter device-input feature arc implementation
+ */
+
+/* List of message types that this plugin understands */
+
+#define foreach_mactime_plugin_api_msg \
+_(MACTIME_ENABLE_DISABLE, mactime_enable_disable) \
+_(MACTIME_ADD_DEL_RANGE, mactime_add_del_range)
+
+static void
+feature_init (mactime_main_t * mm)
+{
+ if (mm->feature_initialized == 0)
+ {
+ /* Create the lookup table */
+ clib_bihash_init_8_8 (&mm->lookup_table, "mactime lookup table",
+ mm->lookup_table_num_buckets,
+ mm->lookup_table_memory_size);
+ clib_timebase_init (&mm->timebase, mm->timezone_offset,
+ CLIB_TIMEBASE_DAYLIGHT_USA);
+ mm->allow_counters.name = "allow";
+ mm->allow_counters.stat_segment_name = "/mactime/allow";
+ mm->drop_counters.name = "drop";
+ mm->drop_counters.stat_segment_name = "/mactime/drop";
+ mm->feature_initialized = 1;
+ }
+}
+
+/** Action function shared between message handler and debug CLI
+*/
+int
+mactime_enable_disable (mactime_main_t * mm, u32 sw_if_index,
+ int enable_disable)
+{
+ vnet_sw_interface_t *sw;
+ int rv = 0;
+
+ feature_init (mm);
+
+ /* Utterly wrong? */
+ if (pool_is_free_index (mm->vnet_main->interface_main.sw_interfaces,
+ sw_if_index))
+ return VNET_API_ERROR_INVALID_SW_IF_INDEX;
+
+ /* Not a physical port? */
+ sw = vnet_get_sw_interface (mm->vnet_main, sw_if_index);
+ if (sw->type != VNET_SW_INTERFACE_TYPE_HARDWARE)
+ return VNET_API_ERROR_INVALID_SW_IF_INDEX;
+
+ vnet_feature_enable_disable ("device-input", "mactime",
+ sw_if_index, enable_disable, 0, 0);
+ return rv;
+}
+
+static clib_error_t *
+mactime_enable_disable_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ mactime_main_t *mm = &mactime_main;
+ u32 sw_if_index = ~0;
+ int enable_disable = 1;
+
+ int rv;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "disable"))
+ enable_disable = 0;
+ else if (unformat (input, "%U", unformat_vnet_sw_interface,
+ mm->vnet_main, &sw_if_index))
+ ;
+ else
+ break;
+ }
+
+ if (sw_if_index == ~0)
+ return clib_error_return (0, "Please specify an interface...");
+
+ rv = mactime_enable_disable (mm, sw_if_index, enable_disable);
+
+ switch (rv)
+ {
+ case 0:
+ break;
+
+ case VNET_API_ERROR_INVALID_SW_IF_INDEX:
+ return clib_error_return
+ (0, "Invalid interface, only works on physical ports");
+ break;
+
+ case VNET_API_ERROR_UNIMPLEMENTED:
+ return clib_error_return (0,
+ "Device driver doesn't support redirection");
+ break;
+
+ default:
+ return clib_error_return (0, "mactime_enable_disable returned %d", rv);
+ }
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (mactime_enable_disable_command, static) =
+{
+ .path = "mactime enable-disable",
+ .short_help =
+ "mactime enable-disable <interface-name> [disable]",
+ .function = mactime_enable_disable_command_fn,
+};
+/* *INDENT-ON* */
+
+
+/** Enable / disable time-base src mac filtration on an interface
+ */
+
+static void vl_api_mactime_enable_disable_t_handler
+ (vl_api_mactime_enable_disable_t * mp)
+{
+ vl_api_mactime_enable_disable_reply_t *rmp;
+ mactime_main_t *mm = &mactime_main;
+ int rv;
+
+ rv = mactime_enable_disable (mm, ntohl (mp->sw_if_index),
+ (int) (mp->enable_disable));
+
+ REPLY_MACRO (VL_API_MACTIME_ENABLE_DISABLE_REPLY);
+}
+
+/** Add or delete static / dynamic accept/drop configuration for a src mac
+ */
+
+static void vl_api_mactime_add_del_range_t_handler
+ (vl_api_mactime_add_del_range_t * mp)
+{
+ mactime_main_t *mm = &mactime_main;
+ vl_api_mactime_add_del_range_reply_t *rmp;
+ mactime_device_t *dp;
+ clib_bihash_kv_8_8_t kv;
+ int found = 1;
+ clib_bihash_8_8_t *lut = &mm->lookup_table;
+ int i, rv = 0;
+
+ feature_init (mm);
+
+ memset (&kv, 0, sizeof (kv));
+ memcpy (&kv.key, mp->mac_address, sizeof (mp->mac_address));
+
+ /* See if we have a lookup table entry for this src mac address */
+ if (clib_bihash_search_8_8 (lut, &kv, &kv) < 0)
+ found = 0;
+
+ /* Add an entry? */
+ if (mp->is_add)
+ {
+ /* Create the device entry? */
+ if (found == 0)
+ {
+ pool_get (mm->devices, dp);
+ memset (dp, 0, sizeof (*dp));
+ vlib_validate_simple_counter (&mm->allow_counters,
+ dp - mm->devices);
+ vlib_zero_simple_counter (&mm->allow_counters, dp - mm->devices);
+ vlib_validate_simple_counter (&mm->drop_counters, dp - mm->devices);
+ vlib_zero_simple_counter (&mm->drop_counters, dp - mm->devices);
+ mp->device_name[ARRAY_LEN (mp->device_name) - 1] = 0;
+ dp->device_name = format (0, "%s", mp->device_name);
+ memcpy (dp->mac_address, mp->mac_address, sizeof (mp->mac_address));
+ for (i = 0; i < clib_net_to_host_u32 (mp->count); i++)
+ {
+ clib_timebase_range_t _r, *r = &_r;
+ r->start = mp->ranges[i].start;
+ r->end = mp->ranges[i].end;
+ vec_add1 (dp->ranges, r[0]);
+ }
+ /* If we found some time ranges */
+ if (i)
+ {
+ /* Set allow/drop based on msg flags */
+ if (mp->drop)
+ dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_DROP;
+ if (mp->allow)
+ dp->flags = MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW;
+ }
+ else
+ {
+ /* no ranges, it's a static allow/drop */
+ if (mp->drop)
+ dp->flags = MACTIME_DEVICE_FLAG_STATIC_DROP;
+ if (mp->allow)
+ dp->flags = MACTIME_DEVICE_FLAG_STATIC_ALLOW;
+ }
+
+ /* Add the hash table entry */
+ kv.value = dp - mm->devices;
+ clib_bihash_add_del_8_8 (lut, &kv, 1 /* is_add */ );
+ }
+ else /* add more ranges */
+ {
+ dp = pool_elt_at_index (mm->devices, kv.value);
+ for (i = 0; i < clib_net_to_host_u32 (mp->count); i++)
+ {
+ clib_timebase_range_t _r, *r = &_r;
+ r->start = mp->ranges[i].start;
+ r->end = mp->ranges[i].end;
+ vec_add1 (dp->ranges, r[0]);
+ }
+ }
+ }
+ else /* delete case */
+ {
+ if (found == 0)
+ {
+ rv = VNET_API_ERROR_NO_SUCH_ENTRY;
+ goto reply;
+ }
+
+ /* find the device entry */
+ dp = pool_elt_at_index (mm->devices, kv.value);
+
+ /* Remove it from the lookup table */
+ clib_bihash_add_del_8_8 (lut, &kv, 0 /* is_add */ );
+ vec_free (dp->ranges);
+ pool_put (mm->devices, dp);
+ }
+
+reply:
+ REPLY_MACRO (VL_API_MACTIME_ADD_DEL_RANGE_REPLY);
+}
+
+/* Set up the API message handling tables */
+static clib_error_t *
+mactime_plugin_api_hookup (vlib_main_t * vm)
+{
+ mactime_main_t *mm = &mactime_main;
+#define _(N,n) \
+ vl_msg_api_set_handlers((VL_API_##N + mm->msg_id_base), \
+ #n, \
+ vl_api_##n##_t_handler, \
+ vl_noop_handler, \
+ vl_api_##n##_t_endian, \
+ vl_api_##n##_t_print, \
+ sizeof(vl_api_##n##_t), 1);
+ foreach_mactime_plugin_api_msg;
+#undef _
+
+ return 0;
+}
+
+#define vl_msg_name_crc_list
+#include <mactime/mactime_all_api_h.h>
+#undef vl_msg_name_crc_list
+
+static void
+setup_message_id_table (mactime_main_t * mm, api_main_t * am)
+{
+#define _(id,n,crc) vl_msg_api_add_msg_name_crc (am, #n #crc, id + mm->msg_id_base);
+ foreach_vl_msg_name_crc_mactime;
+#undef _
+}
+
+static clib_error_t *
+mactime_init (vlib_main_t * vm)
+{
+ mactime_main_t *mm = &mactime_main;
+ clib_error_t *error = 0;
+ u8 *name;
+
+ mm->vlib_main = vm;
+ mm->vnet_main = vnet_get_main ();
+
+ name = format (0, "mactime_%08x%c", api_version, 0);
+
+ /* Ask for a correctly-sized block of API message decode slots */
+ mm->msg_id_base = vl_msg_api_get_msg_ids
+ ((char *) name, VL_MSG_FIRST_AVAILABLE);
+
+ error = mactime_plugin_api_hookup (vm);
+
+ /* Add our API messages to the global name_crc hash table */
+ setup_message_id_table (mm, &api_main);
+
+ vec_free (name);
+
+ mm->lookup_table_num_buckets = MACTIME_NUM_BUCKETS;
+ mm->lookup_table_memory_size = MACTIME_MEMORY_SIZE;
+ mm->timezone_offset = -5; /* US EST / EDT */
+ return error;
+}
+
+VLIB_INIT_FUNCTION (mactime_init);
+
+static clib_error_t *
+mactime_config (vlib_main_t * vm, unformat_input_t * input)
+{
+ mactime_main_t *mm = &mactime_main;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "lookup-table-buckets %u",
+ &mm->lookup_table_num_buckets))
+ ;
+ else if (unformat (input, "lookup-table-memory %U",
+ unformat_memory_size, &mm->lookup_table_memory_size))
+ ;
+ else if (unformat (input, "timezone_offset %d", &mm->timezone_offset))
+ ;
+ else
+ {
+ return clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, input);
+ }
+ }
+ return 0;
+}
+
+VLIB_CONFIG_FUNCTION (mactime_config, "mactime");
+
+/* *INDENT-OFF* */
+VNET_FEATURE_INIT (mactime, static) =
+{
+ .arc_name = "device-input",
+ .node_name = "mactime",
+ .runs_before = VNET_FEATURES ("ethernet-input"),
+};
+/* *INDENT-ON */
+
+/* *INDENT-OFF* */
+VLIB_PLUGIN_REGISTER () =
+{
+ .version = VPP_BUILD_VER,
+ .description = "Time-based MAC source-address filter",
+};
+/* *INDENT-ON* */
+
+static u8 *
+format_mac_address (u8 * s, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
+ a[0], a[1], a[2], a[3], a[4], a[5]);
+}
+
+static clib_error_t *
+show_mactime_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ mactime_main_t *mm = &mactime_main;
+ mactime_device_t *dp;
+ u8 *macstring = 0;
+ char *status_string;
+ u32 *pool_indices = 0;
+ int verbose = 0;
+ int current_status = 99;
+ int i;
+ f64 now;
+ u64 allow, drop;
+
+ now = clib_timebase_now (&mm->timebase);
+
+ if (PREDICT_FALSE ((now - mm->sunday_midnight) > 86400.0 * 7.0))
+ mm->sunday_midnight = clib_timebase_find_sunday_midnight (now);
+
+ if (unformat (input, "verbose %d", &verbose))
+ ;
+
+ if (unformat (input, "verbose"))
+ verbose = 1;
+
+ if (verbose)
+ vlib_cli_output (vm, "Time now: %U", format_clib_timebase_time, now);
+
+ /* *INDENT-OFF* */
+ pool_foreach (dp, mm->devices,
+ ({
+ vec_add1 (pool_indices, dp - mm->devices);
+ }));
+ /* *INDENT-ON* */
+
+ vlib_cli_output (vm, "%-15s %20s %16s %10s %10s",
+ "Device Name", "MAC address", "Current Status", "Allow",
+ "Drop");
+
+ for (i = 0; i < vec_len (pool_indices); i++)
+ {
+ dp = pool_elt_at_index (mm->devices, pool_indices[i]);
+
+ /* Check dynamic ranges */
+ for (i = 0; i < vec_len (dp->ranges); i++)
+ {
+ clib_timebase_range_t *r = dp->ranges + i;
+ f64 start0, end0;
+
+ start0 = r->start + mm->sunday_midnight;
+ end0 = r->end + mm->sunday_midnight;
+ if (verbose > 1)
+ vlib_cli_output (vm, " Range %d: %U - %U", i,
+ format_clib_timebase_time, start0,
+ format_clib_timebase_time, end0);
+
+ if (now >= start0 && now <= end0)
+ {
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW)
+ current_status = 3;
+ else
+ current_status = 2;
+ if (verbose)
+ {
+ vlib_cli_output (vm, " Time in range %d:", i);
+ vlib_cli_output (vm, " %U - %U",
+ format_clib_timebase_time, start0,
+ format_clib_timebase_time, end0);
+ }
+ goto print;
+ }
+ }
+ if (verbose && i)
+ vlib_cli_output (vm, " No range match.");
+ if (dp->flags & MACTIME_DEVICE_FLAG_STATIC_DROP)
+ current_status = 0;
+ if (dp->flags & MACTIME_DEVICE_FLAG_STATIC_ALLOW)
+ current_status = 1;
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW)
+ current_status = 2;
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_DROP)
+ current_status = 3;
+
+ print:
+ vec_reset_length (macstring);
+ macstring = format (0, "%U", format_mac_address, dp->mac_address);
+ switch (current_status)
+ {
+ case 0:
+ status_string = "static drop";
+ break;
+ case 1:
+ status_string = "static allow";
+ break;
+ case 2:
+ status_string = "dynamic drop";
+ break;
+ case 3:
+ status_string = "dynamic allow";
+ break;
+ default:
+ status_string = "code bug!";
+ break;
+ }
+ allow = vlib_get_simple_counter (&mm->allow_counters, dp - mm->devices);
+ drop = vlib_get_simple_counter (&mm->drop_counters, dp - mm->devices);
+ vlib_cli_output (vm, "%-15s %20s %16s %10lld %10lld",
+ dp->device_name, macstring, status_string,
+ allow, drop);
+ }
+
+ vec_free (macstring);
+ vec_free (pool_indices);
+
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (show_mactime_command, static) =
+{
+ .path = "show mactime",
+ .short_help = "show mactime [verbose]",
+ .function = show_mactime_command_fn,
+};
+/* *INDENT-ON* */
+
+
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/mactime/mactime.h b/src/plugins/mactime/mactime.h
new file mode 100644
index 00000000000..6890ca286c3
--- /dev/null
+++ b/src/plugins/mactime/mactime.h
@@ -0,0 +1,113 @@
+
+/*
+ * mactime.h - time-based src mac address filtration
+ *
+ * Copyright (c) <current-year> <your-organization>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __included_mactime_h__
+#define __included_mactime_h__
+
+#include <vnet/vnet.h>
+#include <vnet/ip/ip.h>
+#include <vnet/ethernet/ethernet.h>
+#include <vlib/counter.h>
+
+#include <vppinfra/hash.h>
+#include <vppinfra/error.h>
+#include <vppinfra/time_range.h>
+#include <vppinfra/bihash_8_8.h>
+
+#define MACTIME_RANGE_TYPE_DROP 0
+#define MACTIME_RANGE_TYPE_ALLOW 1
+
+typedef struct
+{
+ u8 *device_name;
+ u8 mac_address[6];
+ u32 flags;
+ clib_timebase_range_t *ranges;
+} mactime_device_t;
+
+/** Always drop packets from this device */
+#define MACTIME_DEVICE_FLAG_STATIC_DROP (1<<0)
+#define MACTIME_DEVICE_FLAG_STATIC_ALLOW (1<<1)
+#define MACTIME_DEVICE_FLAG_DYNAMIC_DROP (1<<2)
+#define MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW (1<<3)
+
+typedef struct
+{
+ union
+ {
+ u8 mac_address[6];
+ u64 as_u64;
+ };
+} mactime_key_t;
+
+typedef struct
+{
+ /* API message ID base */
+ u16 msg_id_base;
+
+ /* Timebase */
+ clib_timebase_t timebase;
+
+ /* cached sunday midnight */
+ f64 sunday_midnight;
+
+ /* Lookup table */
+ clib_bihash_8_8_t lookup_table;
+
+ /* Device table */
+ mactime_device_t *devices;
+
+ /* Counters */
+ vlib_simple_counter_main_t allow_counters;
+ vlib_simple_counter_main_t drop_counters;
+
+ /* config parameters */
+ u32 lookup_table_num_buckets;
+ uword lookup_table_memory_size;
+ i32 timezone_offset;
+
+ /* Once-only data structure create flag */
+ int feature_initialized;
+
+ /* convenience */
+ vlib_main_t *vlib_main;
+ vnet_main_t *vnet_main;
+ ethernet_main_t *ethernet_main;
+} mactime_main_t;
+
+/* size for an hgw use-case */
+#define MACTIME_NUM_BUCKETS 128
+#define MACTIME_MEMORY_SIZE (256<<10)
+
+extern mactime_main_t mactime_main;
+
+extern vlib_node_registration_t mactime_node;
+
+/* Periodic function events */
+#define MACTIME_EVENT1 1
+#define MACTIME_EVENT2 2
+#define MACTIME_EVENT_PERIODIC_ENABLE_DISABLE 3
+
+#endif /* __included_mactime_h__ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/mactime/mactime_all_api_h.h b/src/plugins/mactime/mactime_all_api_h.h
new file mode 100644
index 00000000000..f3bd6731ecb
--- /dev/null
+++ b/src/plugins/mactime/mactime_all_api_h.h
@@ -0,0 +1,19 @@
+
+/*
+ * mactime_all_api_h.h - skeleton vpp engine plug-in api #include file
+ *
+ * Copyright (c) <current-year> <your-organization>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* Include the generated file, see BUILT_SOURCES in Makefile.am */
+#include <mactime/mactime.api.h>
diff --git a/src/plugins/mactime/mactime_msg_enum.h b/src/plugins/mactime/mactime_msg_enum.h
new file mode 100644
index 00000000000..2a2bc81139a
--- /dev/null
+++ b/src/plugins/mactime/mactime_msg_enum.h
@@ -0,0 +1,31 @@
+
+/*
+ * mactime_msg_enum.h - skeleton vpp engine plug-in message enumeration
+ *
+ * Copyright (c) <current-year> <your-organization>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef included_mactime_msg_enum_h
+#define included_mactime_msg_enum_h
+
+#include <vppinfra/byte_order.h>
+
+#define vl_msg_id(n,h) n,
+typedef enum {
+#include <mactime/mactime_all_api_h.h>
+ /* We'll want to know how many messages IDs we need... */
+ VL_MSG_FIRST_AVAILABLE,
+} vl_msg_id_t;
+#undef vl_msg_id
+
+#endif /* included_mactime_msg_enum_h */
diff --git a/src/plugins/mactime/mactime_test.c b/src/plugins/mactime/mactime_test.c
new file mode 100644
index 00000000000..9ba28da2fc3
--- /dev/null
+++ b/src/plugins/mactime/mactime_test.c
@@ -0,0 +1,311 @@
+/*
+ * mactime.c - skeleton vpp-api-test plug-in
+ *
+ * Copyright (c) <current-year> <your-organization>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <vat/vat.h>
+#include <vlibapi/api.h>
+#include <vlibmemory/api.h>
+#include <vppinfra/error.h>
+#include <vppinfra/time_range.h>
+
+uword vat_unformat_sw_if_index (unformat_input_t * input, va_list * args);
+
+/* Declare message IDs */
+#include <mactime/mactime_msg_enum.h>
+
+/* define message structures */
+#define vl_typedefs
+#include <mactime/mactime_all_api_h.h>
+#undef vl_typedefs
+
+/* declare message handlers for each api */
+
+#define vl_endianfun /* define message structures */
+#include <mactime/mactime_all_api_h.h>
+#undef vl_endianfun
+
+/* instantiate all the print functions we know about */
+#define vl_print(handle, ...)
+#define vl_printfun
+#include <mactime/mactime_all_api_h.h>
+#undef vl_printfun
+
+/* Get the API version number. */
+#define vl_api_version(n,v) static u32 api_version=(v);
+#include <mactime/mactime_all_api_h.h>
+#undef vl_api_version
+
+typedef struct
+{
+ /* API message ID base */
+ u16 msg_id_base;
+ vat_main_t *vat_main;
+} mactime_test_main_t;
+
+mactime_test_main_t mactime_test_main;
+
+#define __plugin_msg_base mactime_test_main.msg_id_base
+#include <vlibapi/vat_helper_macros.h>
+
+#define foreach_standard_reply_retval_handler \
+_(mactime_enable_disable_reply) \
+_(mactime_add_del_range_reply)
+
+#define _(n) \
+ static void vl_api_##n##_t_handler \
+ (vl_api_##n##_t * mp) \
+ { \
+ vat_main_t * vam = mactime_test_main.vat_main; \
+ i32 retval = ntohl(mp->retval); \
+ if (vam->async_mode) { \
+ vam->async_errors += (retval < 0); \
+ } else { \
+ vam->retval = retval; \
+ vam->result_ready = 1; \
+ } \
+ }
+foreach_standard_reply_retval_handler;
+#undef _
+
+static u8 *
+format_mac_address (u8 * s, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
+ a[0], a[1], a[2], a[3], a[4], a[5]);
+}
+
+static uword
+unformat_mac_address (unformat_input_t * input, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ return unformat (input, "%x:%x:%x:%x:%x:%x", &a[0], &a[1], &a[2], &a[3],
+ &a[4], &a[5]);
+}
+
+/*
+ * Table of message reply handlers, must include boilerplate handlers
+ * we just generated
+ */
+#define foreach_vpe_api_reply_msg \
+_(MACTIME_ENABLE_DISABLE_REPLY, mactime_enable_disable_reply) \
+_(MACTIME_ADD_DEL_RANGE_REPLY, mactime_add_del_range_reply)
+
+static int
+api_mactime_enable_disable (vat_main_t * vam)
+{
+ unformat_input_t *i = vam->input;
+ int enable_disable = 1;
+ u32 sw_if_index = ~0;
+ vl_api_mactime_enable_disable_t *mp;
+ int ret;
+
+ /* Parse args required to build the message */
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index))
+ ;
+ else if (unformat (i, "sw_if_index %d", &sw_if_index))
+ ;
+ else if (unformat (i, "disable"))
+ enable_disable = 0;
+ else
+ break;
+ }
+
+ if (sw_if_index == ~0)
+ {
+ errmsg ("missing interface name / explicit sw_if_index number \n");
+ return -99;
+ }
+
+ /* Construct the API message */
+ M (MACTIME_ENABLE_DISABLE, mp);
+ mp->sw_if_index = ntohl (sw_if_index);
+ mp->enable_disable = enable_disable;
+
+ /* send it... */
+ S (mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+static int
+api_mactime_add_del_range (vat_main_t * vam)
+{
+ unformat_input_t *i = vam->input;
+ vl_api_mactime_add_del_range_t *mp;
+ u8 mac_address[8];
+ u8 *device_name = 0;
+ clib_timebase_range_t *rp = 0;
+ int name_set = 0;
+ int mac_set = 0;
+ u8 is_add = 1;
+ u8 allow = 0;
+ u8 drop = 0;
+ int ret;
+ int ii;
+
+ /* Parse args required to build the message */
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "name %s", &device_name))
+ {
+ vec_add1 (device_name, 0);
+ name_set = 1;
+ }
+ else if (unformat (i, "allow-range %U",
+ unformat_clib_timebase_range_vector, &rp))
+ allow = 1;
+ else if (unformat (i, "drop-range %U",
+ unformat_clib_timebase_range_vector, &rp))
+ drop = 1;
+ else if (unformat (i, "allow-static"))
+ allow = 1;
+ else if (unformat (i, "drop-static"))
+ drop = 1;
+ else if (unformat (i, "mac %U", unformat_mac_address, mac_address))
+ mac_set = 1;
+ else if (unformat (i, "del"))
+ is_add = 0;
+ else
+ break;
+ }
+
+ /* Sanity checks */
+ if (mac_set == 0)
+ {
+ vec_free (rp);
+ vec_free (device_name);
+ errmsg ("mac address required, not set\n");
+ return -99;
+ }
+
+ /* allow-range / drop-range parse errors cause this condition */
+ if (is_add && allow == 0 && drop == 0)
+ {
+ vec_free (rp);
+ vec_free (device_name);
+ errmsg ("neither allow nor drop set, parse error...\n");
+ }
+
+ /* Unlikely, but check anyhow */
+ if (vec_len (device_name) > ARRAY_LEN (mp->device_name))
+ {
+ vec_free (rp);
+ vec_free (device_name);
+ errmsg ("device name too long, max %d\n", ARRAY_LEN (mp->device_name));
+ return -99;
+ }
+
+ /* Cough up a device name if none set */
+ if (name_set == 0)
+ {
+ device_name = format (0, "mac %U%c", format_mac_address,
+ mac_address, 0);
+ }
+
+ /* Construct the API message */
+ M2 (MACTIME_ADD_DEL_RANGE, mp, sizeof (rp[0]) * vec_len (rp));
+ mp->is_add = is_add;
+ mp->drop = drop;
+ mp->allow = allow;
+ memcpy (mp->mac_address, mac_address, sizeof (mp->mac_address));
+ memcpy (mp->device_name, device_name, vec_len (device_name));
+ mp->count = clib_host_to_net_u32 (vec_len (rp));
+
+ for (ii = 0; ii < vec_len (rp); ii++)
+ {
+ mp->ranges[ii].start = rp[ii].start;
+ mp->ranges[ii].end = rp[ii].end;
+ }
+
+ vec_free (rp);
+ vec_free (device_name);
+
+ /* send it... */
+ S (mp);
+
+ /* Wait for a reply... */
+ W (ret);
+ return ret;
+}
+
+/*
+ * List of messages that the api test plugin sends,
+ * and that the data plane plugin processes
+ */
+#define foreach_vpe_api_msg \
+_(mactime_enable_disable, "<intfc> [disable]") \
+_(mactime_add_del_range, \
+ "name <devname> mac <mac-addr> allow drop\n" \
+ "allow-range Mon - Fri 9:00 - 17:00")
+
+static void
+mactime_api_hookup (vat_main_t * vam)
+{
+ mactime_test_main_t *sm = &mactime_test_main;
+ /* Hook up handlers for replies from the data plane plug-in */
+#define _(N,n) \
+ vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
+ #n, \
+ vl_api_##n##_t_handler, \
+ vl_noop_handler, \
+ vl_api_##n##_t_endian, \
+ vl_api_##n##_t_print, \
+ sizeof(vl_api_##n##_t), 1);
+ foreach_vpe_api_reply_msg;
+#undef _
+
+ /* API messages we can send */
+#define _(n,h) hash_set_mem (vam->function_by_name, #n, api_##n);
+ foreach_vpe_api_msg;
+#undef _
+
+ /* Help strings */
+#define _(n,h) hash_set_mem (vam->help_by_name, #n, h);
+ foreach_vpe_api_msg;
+#undef _
+}
+
+clib_error_t *
+vat_plugin_register (vat_main_t * vam)
+{
+ mactime_test_main_t *sm = &mactime_test_main;
+ u8 *name;
+
+ sm->vat_main = vam;
+
+ /* Ask the vpp engine for the first assigned message-id */
+ name = format (0, "mactime_%08x%c", api_version, 0);
+ sm->msg_id_base = vl_client_get_first_plugin_msg_id ((char *) name);
+
+ if (sm->msg_id_base != (u16) ~ 0)
+ mactime_api_hookup (vam);
+
+ vec_free (name);
+
+ return 0;
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/plugins/mactime/node.c b/src/plugins/mactime/node.c
new file mode 100644
index 00000000000..b112a7251cf
--- /dev/null
+++ b/src/plugins/mactime/node.c
@@ -0,0 +1,363 @@
+/*
+ * node.c - skeleton vpp engine plug-in dual-loop node skeleton
+ *
+ * Copyright (c) <current-year> <your-organization>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <vlib/vlib.h>
+#include <vnet/vnet.h>
+#include <vnet/pg/pg.h>
+#include <vppinfra/error.h>
+#include <mactime/mactime.h>
+
+typedef struct
+{
+ u32 next_index;
+ u32 device_index;
+ u8 src_mac[6];
+ u8 device_name[64];
+} mactime_trace_t;
+
+static u8 *
+format_mac_address (u8 * s, va_list * args)
+{
+ u8 *a = va_arg (*args, u8 *);
+ return format (s, "%02x:%02x:%02x:%02x:%02x:%02x",
+ a[0], a[1], a[2], a[3], a[4], a[5]);
+}
+
+vlib_node_registration_t mactime_node;
+
+#define foreach_mactime_error \
+_(DROP, "Dropped packets") \
+_(OK, "Permitted packets")
+
+typedef enum
+{
+#define _(sym,str) MACTIME_ERROR_##sym,
+ foreach_mactime_error
+#undef _
+ MACTIME_N_ERROR,
+} mactime_error_t;
+
+static char *mactime_error_strings[] = {
+#define _(sym,string) string,
+ foreach_mactime_error
+#undef _
+};
+
+typedef enum
+{
+ MACTIME_NEXT_ETHERNET_INPUT,
+ MACTIME_NEXT_DROP,
+ MACTIME_N_NEXT,
+} mactime_next_t;
+
+/* packet trace format function */
+static u8 *
+format_mactime_trace (u8 * s, va_list * args)
+{
+ CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
+ CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
+ mactime_trace_t *t = va_arg (*args, mactime_trace_t *);
+
+ s = format (s, "MACTIME: src mac %U device %s result %s\n",
+ format_mac_address, t->src_mac,
+ (t->device_index != ~0) ? t->device_name : (u8 *) "unknown",
+ t->next_index == MACTIME_NEXT_ETHERNET_INPUT ? "pass" : "drop");
+ return s;
+}
+
+static uword
+mactime_node_fn (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+ u32 n_left_from, *from, *to_next;
+ mactime_next_t next_index;
+ mactime_main_t *mm = &mactime_main;
+ mactime_device_t *dp;
+ clib_bihash_kv_8_8_t kv;
+ clib_bihash_8_8_t *lut = &mm->lookup_table;
+ u32 packets_ok = 0, packets_dropped = 0;
+ f64 now;
+ u32 thread_index = vm->thread_index;
+
+ now = clib_timebase_now (&mm->timebase);
+
+ if (PREDICT_FALSE ((now - mm->sunday_midnight) > 86400.0 * 7.0))
+ mm->sunday_midnight = clib_timebase_find_sunday_midnight (now);
+
+ from = vlib_frame_vector_args (frame);
+ n_left_from = frame->n_vectors;
+ next_index = node->cached_next_index;
+
+ while (n_left_from > 0)
+ {
+ u32 n_left_to_next;
+
+ vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
+
+#if 0
+ while (n_left_from >= 4 && n_left_to_next >= 2)
+ {
+ u32 next0 = MACTIME_NEXT_INTERFACE_OUTPUT;
+ u32 next1 = MACTIME_NEXT_INTERFACE_OUTPUT;
+ u32 sw_if_index0, sw_if_index1;
+ u8 tmp0[6], tmp1[6];
+ ethernet_header_t *en0, *en1;
+ u32 bi0, bi1;
+ vlib_buffer_t *b0, *b1;
+
+ /* Prefetch next iteration. */
+ {
+ vlib_buffer_t *p2, *p3;
+
+ p2 = vlib_get_buffer (vm, from[2]);
+ p3 = vlib_get_buffer (vm, from[3]);
+
+ vlib_prefetch_buffer_header (p2, LOAD);
+ vlib_prefetch_buffer_header (p3, LOAD);
+
+ CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
+ CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE);
+ }
+
+ /* speculatively enqueue b0 and b1 to the current next frame */
+ to_next[0] = bi0 = from[0];
+ to_next[1] = bi1 = from[1];
+ from += 2;
+ to_next += 2;
+ n_left_from -= 2;
+ n_left_to_next -= 2;
+
+ b0 = vlib_get_buffer (vm, bi0);
+ b1 = vlib_get_buffer (vm, bi1);
+
+ ASSERT (b0->current_data == 0);
+ ASSERT (b1->current_data == 0);
+
+ en0 = vlib_buffer_get_current (b0);
+ en1 = vlib_buffer_get_current (b1);
+
+ sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
+ sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX];
+
+ /* Send pkt back out the RX interface */
+ vnet_buffer (b0)->sw_if_index[VLIB_TX] = sw_if_index0;
+ vnet_buffer (b1)->sw_if_index[VLIB_TX] = sw_if_index1;
+
+ if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
+ {
+ if (b0->flags & VLIB_BUFFER_IS_TRACED)
+ {
+ mactime_trace_t *t =
+ vlib_add_trace (vm, node, b0, sizeof (*t));
+ t->sw_if_index = sw_if_index0;
+ t->next_index = next0;
+ clib_memcpy (t->new_src_mac, en0->src_address,
+ sizeof (t->new_src_mac));
+ clib_memcpy (t->new_dst_mac, en0->dst_address,
+ sizeof (t->new_dst_mac));
+ }
+ if (b1->flags & VLIB_BUFFER_IS_TRACED)
+ {
+ mactime_trace_t *t =
+ vlib_add_trace (vm, node, b1, sizeof (*t));
+ t->sw_if_index = sw_if_index1;
+ t->next_index = next1;
+ clib_memcpy (t->new_src_mac, en1->src_address,
+ sizeof (t->new_src_mac));
+ clib_memcpy (t->new_dst_mac, en1->dst_address,
+ sizeof (t->new_dst_mac));
+ }
+ }
+
+ /* verify speculative enqueues, maybe switch current next frame */
+ vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
+ to_next, n_left_to_next,
+ bi0, bi1, next0, next1);
+ }
+#endif /* dual loop */
+
+ while (n_left_from > 0 && n_left_to_next > 0)
+ {
+ u32 bi0;
+ vlib_buffer_t *b0;
+ u32 next0 = MACTIME_NEXT_ETHERNET_INPUT;
+ u32 device_index0;
+ ethernet_header_t *en0;
+ int i;
+
+ /* speculatively enqueue b0 to the current next frame */
+ bi0 = from[0];
+ to_next[0] = bi0;
+ from += 1;
+ to_next += 1;
+ n_left_from -= 1;
+ n_left_to_next -= 1;
+
+ b0 = vlib_get_buffer (vm, bi0);
+
+ vlib_buffer_advance (b0, -(word) vnet_buffer (b0)->l2_hdr_offset);
+
+ en0 = vlib_buffer_get_current (b0);
+ kv.key = 0;
+ clib_memcpy (&kv.key, en0->src_address, 6);
+
+
+ /* Lookup the src mac address */
+ if (clib_bihash_search_8_8 (lut, &kv, &kv) < 0)
+ {
+ device_index0 = ~0;
+ dp = 0;
+ goto trace0;
+ }
+ else
+ device_index0 = kv.value;
+
+ dp = pool_elt_at_index (mm->devices, device_index0);
+
+ /* Static drop / allow? */
+ if (PREDICT_FALSE
+ (dp->flags &
+ (MACTIME_DEVICE_FLAG_STATIC_DROP
+ | MACTIME_DEVICE_FLAG_STATIC_ALLOW)))
+ {
+ if (dp->flags & MACTIME_DEVICE_FLAG_STATIC_DROP)
+ {
+ next0 = MACTIME_NEXT_DROP;
+ vlib_increment_simple_counter
+ (&mm->drop_counters, thread_index, dp - mm->devices, 1);
+ packets_dropped++;
+ }
+ else /* note next0 set to allow */
+ {
+ vlib_increment_simple_counter
+ (&mm->allow_counters, thread_index, dp - mm->devices, 1);
+ packets_ok++;
+ }
+ goto trace0;
+ }
+
+ /* Known device, see if traffic allowed at the moment */
+ for (i = 0; i < vec_len (dp->ranges); i++)
+ {
+ clib_timebase_range_t *r = dp->ranges + i;
+ f64 start0, end0;
+
+ start0 = r->start + mm->sunday_midnight;
+ end0 = r->end + mm->sunday_midnight;
+ /* Packet within time range */
+ if (now >= start0 && now <= end0)
+ {
+ /* And it's a drop range, drop it */
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_DROP)
+ {
+ vlib_increment_simple_counter
+ (&mm->drop_counters, thread_index,
+ dp - mm->devices, 1);
+ packets_dropped++;
+ next0 = MACTIME_NEXT_DROP;
+ }
+ else /* it's an allow range, allow it */
+ {
+ vlib_increment_simple_counter
+ (&mm->allow_counters, thread_index,
+ dp - mm->devices, 1);
+ packets_ok++;
+ }
+ goto trace0;
+ }
+ }
+ /*
+ * Didn't hit a range, so *drop* if allow configured, or
+ * *allow* if drop configured.
+ */
+ if (dp->flags & MACTIME_DEVICE_FLAG_DYNAMIC_ALLOW)
+ {
+ next0 = MACTIME_NEXT_DROP;
+ vlib_increment_simple_counter
+ (&mm->drop_counters, thread_index, dp - mm->devices, 1);
+ packets_dropped++;
+ }
+ else
+ {
+ vlib_increment_simple_counter
+ (&mm->allow_counters, thread_index, dp - mm->devices, 1);
+ packets_ok++;
+ }
+
+ trace0:
+ if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
+ && (b0->flags & VLIB_BUFFER_IS_TRACED)))
+ {
+ mactime_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
+ clib_memcpy (t->src_mac, en0->src_address, sizeof (t->src_mac));
+
+ t->next_index = next0;
+ t->device_index = device_index0;
+
+ if (dp)
+ {
+ clib_memcpy (t->device_name, dp->device_name,
+ ARRAY_LEN (t->device_name));
+ t->device_name[ARRAY_LEN (t->device_name) - 1] = 0;
+ }
+ }
+
+ /* verify speculative enqueue, maybe switch current next frame */
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
+ to_next, n_left_to_next,
+ bi0, next0);
+ }
+
+ vlib_put_next_frame (vm, node, next_index, n_left_to_next);
+ }
+
+ vlib_node_increment_counter (vm, mactime_node.index,
+ MACTIME_ERROR_DROP, packets_dropped);
+ vlib_node_increment_counter (vm, mactime_node.index,
+ MACTIME_ERROR_OK, packets_ok);
+ return frame->n_vectors;
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (mactime_node) =
+{
+ .function = mactime_node_fn,
+ .name = "mactime",
+ .vector_size = sizeof (u32),
+ .format_trace = format_mactime_trace,
+ .type = VLIB_NODE_TYPE_INTERNAL,
+
+ .n_errors = ARRAY_LEN(mactime_error_strings),
+ .error_strings = mactime_error_strings,
+
+ .n_next_nodes = MACTIME_N_NEXT,
+
+ /* edit / add dispositions here */
+ .next_nodes =
+ {
+ [MACTIME_NEXT_ETHERNET_INPUT] = "ethernet-input",
+ [MACTIME_NEXT_DROP] = "error-drop",
+ },
+};
+/* *INDENT-ON* */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */