diff options
author | Neale Ranns <nranns@cisco.com> | 2019-06-19 06:25:56 -0700 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2019-07-01 08:37:53 +0000 |
commit | 160c923f99c2adc103495fab1bfcefe965fe7fb8 (patch) | |
tree | a3b33e764c9ec138d519a5a2b4001bdf63eb8dba /src/plugins | |
parent | 5770c916c0cf110ced690ff128b065bbb2c827ca (diff) |
gbp: VRF scoped contracts
Type: feature
Change-Id: I01772cfc3a0118a5c49bf346339788824e6931b2
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/gbp/gbp.api | 5 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_api.c | 13 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_api_print.h | 2 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_bridge_domain.c | 26 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_bridge_domain.h | 15 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_contract.c | 29 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_contract.h | 11 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_endpoint.c | 1 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_policy_dpo.c | 28 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_policy_dpo.h | 6 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_policy_node.c | 24 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_route_domain.c | 18 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_route_domain.h | 3 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_subnet.c | 2 | ||||
-rw-r--r-- | src/plugins/gbp/gbp_types.h | 1 |
15 files changed, 148 insertions, 36 deletions
diff --git a/src/plugins/gbp/gbp.api b/src/plugins/gbp/gbp.api index b0b284fcc3e..f6775e7dcd7 100644 --- a/src/plugins/gbp/gbp.api +++ b/src/plugins/gbp/gbp.api @@ -31,6 +31,7 @@ enum gbp_bridge_domain_flags typedef gbp_bridge_domain { u32 bd_id; + u32 rd_id; vl_api_gbp_bridge_domain_flags_t flags; u32 bvi_sw_if_index; u32 uu_fwd_sw_if_index; @@ -60,6 +61,8 @@ define gbp_bridge_domain_details vl_api_gbp_bridge_domain_t bd; }; +typedef u16 gbp_scope; + typedef gbp_route_domain { u32 rd_id; @@ -67,6 +70,7 @@ typedef gbp_route_domain u32 ip6_table_id; u32 ip4_uu_sw_if_index; u32 ip6_uu_sw_if_index; + vl_api_gbp_scope_t scope; }; manual_print autoreply define gbp_route_domain_add @@ -299,6 +303,7 @@ typedef gbp_rule typedef gbp_contract { + vl_api_gbp_scope_t scope; u16 sclass; u16 dclass; u32 acl_index; diff --git a/src/plugins/gbp/gbp_api.c b/src/plugins/gbp/gbp_api.c index db8c8c69ed6..8155a8ff0f1 100644 --- a/src/plugins/gbp/gbp_api.c +++ b/src/plugins/gbp/gbp_api.c @@ -342,6 +342,7 @@ vl_api_gbp_bridge_domain_add_t_handler (vl_api_gbp_bridge_domain_add_t * mp) int rv = 0; rv = gbp_bridge_domain_add_and_lock (ntohl (mp->bd.bd_id), + ntohl (mp->bd.rd_id), gbp_bridge_domain_flags_from_api (mp->bd.flags), ntohl (mp->bd.bvi_sw_if_index), @@ -369,6 +370,7 @@ vl_api_gbp_route_domain_add_t_handler (vl_api_gbp_route_domain_add_t * mp) int rv = 0; rv = gbp_route_domain_add_and_lock (ntohl (mp->rd.rd_id), + ntohs (mp->rd.scope), ntohl (mp->rd.ip4_table_id), ntohl (mp->rd.ip6_table_id), ntohl (mp->rd.ip4_uu_sw_if_index), @@ -559,6 +561,7 @@ static int gbp_bridge_domain_send_details (gbp_bridge_domain_t * gb, void *args) { vl_api_gbp_bridge_domain_details_t *mp; + gbp_route_domain_t *gr; gbp_walk_ctx_t *ctx; ctx = args; @@ -570,7 +573,10 @@ gbp_bridge_domain_send_details (gbp_bridge_domain_t * gb, void *args) mp->_vl_msg_id = ntohs (VL_API_GBP_BRIDGE_DOMAIN_DETAILS + GBP_MSG_BASE); mp->context = ctx->context; + gr = gbp_route_domain_get (gb->gb_rdi); + mp->bd.bd_id = ntohl (gb->gb_bd_id); + mp->bd.rd_id = ntohl (gr->grd_id); mp->bd.bvi_sw_if_index = ntohl (gb->gb_bvi_sw_if_index); mp->bd.uu_fwd_sw_if_index = ntohl (gb->gb_uu_fwd_sw_if_index); mp->bd.bm_flood_sw_if_index = ntohl (gb->gb_bm_flood_sw_if_index); @@ -961,13 +967,15 @@ vl_api_gbp_contract_add_del_t_handler (vl_api_gbp_contract_add_del_t * mp) allowed_ethertypes[ii] = mp->contract.allowed_ethertypes[ii]; } - rv = gbp_contract_update (ntohs (mp->contract.sclass), + rv = gbp_contract_update (ntohs (mp->contract.scope), + ntohs (mp->contract.sclass), ntohs (mp->contract.dclass), ntohl (mp->contract.acl_index), rules, allowed_ethertypes, &stats_index); } else - rv = gbp_contract_delete (ntohs (mp->contract.sclass), + rv = gbp_contract_delete (ntohs (mp->contract.scope), + ntohs (mp->contract.sclass), ntohs (mp->contract.dclass)); out: @@ -997,6 +1005,7 @@ gbp_contract_send_details (gbp_contract_t * gbpc, void *args) mp->contract.sclass = ntohs (gbpc->gc_key.gck_src); mp->contract.dclass = ntohs (gbpc->gc_key.gck_dst); mp->contract.acl_index = ntohl (gbpc->gc_acl_index); + mp->contract.scope = ntohs (gbpc->gc_key.gck_scope); vl_api_send_msg (ctx->reg, (u8 *) mp); diff --git a/src/plugins/gbp/gbp_api_print.h b/src/plugins/gbp/gbp_api_print.h index 7598306ec5c..67cd30c7da7 100644 --- a/src/plugins/gbp/gbp_api_print.h +++ b/src/plugins/gbp/gbp_api_print.h @@ -32,6 +32,7 @@ vl_api_gbp_bridge_domain_add_t_print (vl_api_gbp_bridge_domain_add_t * a, s = format (s, "SCRIPT: gbp_bridge_domain_add "); s = format (s, "bd_id %d ", ntohl (a->bd.bd_id)); + s = format (s, "rd_id %d ", ntohl (a->bd.rd_id)); s = format (s, "flags %d ", ntohl (a->bd.flags)); s = format (s, "uu-fwd %d ", ntohl (a->bd.uu_fwd_sw_if_index)); s = format (s, "bvi %d ", ntohl (a->bd.bvi_sw_if_index)); @@ -238,6 +239,7 @@ vl_api_gbp_contract_add_del_t_print (vl_api_gbp_contract_add_del_t * a, s = format (s, "add "); else s = format (s, "del "); + s = format (s, "scope %d ", ntohl (a->contract.scope)); s = format (s, "sclass %d ", ntohs (a->contract.sclass)); s = format (s, "dclass %d ", ntohs (a->contract.dclass)); s = format (s, "acl_index %d \n", ntohl (a->contract.acl_index)); diff --git a/src/plugins/gbp/gbp_bridge_domain.c b/src/plugins/gbp/gbp_bridge_domain.c index 53105451d6c..6c14fbcbfdd 100644 --- a/src/plugins/gbp/gbp_bridge_domain.c +++ b/src/plugins/gbp/gbp_bridge_domain.c @@ -14,6 +14,7 @@ */ #include <plugins/gbp/gbp_bridge_domain.h> +#include <plugins/gbp/gbp_route_domain.h> #include <plugins/gbp/gbp_endpoint.h> #include <plugins/gbp/gbp_learn.h> @@ -35,6 +36,11 @@ gbp_bridge_domain_t *gbp_bridge_domain_pool; gbp_bridge_domain_db_t gbp_bridge_domain_db; /** + * Map of BD index to contract scope + */ +gbp_scope_t *gbp_scope_by_bd_index; + +/** * logger */ vlib_log_class_t gb_logger; @@ -170,6 +176,7 @@ format_gbp_bridge_domain (u8 * s, va_list * args) int gbp_bridge_domain_add_and_lock (u32 bd_id, + u32 rd_id, gbp_bridge_domain_flags_t flags, u32 bvi_sw_if_index, u32 uu_fwd_sw_if_index, @@ -182,6 +189,7 @@ gbp_bridge_domain_add_and_lock (u32 bd_id, if (INDEX_INVALID == gbi) { + gbp_route_domain_t *gr; u32 bd_index; bd_index = bd_find_index (&bd_main, bd_id); @@ -205,6 +213,14 @@ gbp_bridge_domain_add_and_lock (u32 bd_id, gb->gb_bm_flood_sw_if_index = bm_flood_sw_if_index; gb->gb_locks = 1; gb->gb_flags = flags; + gb->gb_rdi = gbp_route_domain_find_and_lock (rd_id); + + /* + * set the scope from the BD's RD's scope + */ + gr = gbp_route_domain_get (gb->gb_rdi); + vec_validate (gbp_scope_by_bd_index, gb->gb_bd_index); + gbp_scope_by_bd_index[gb->gb_bd_index] = gr->grd_scope; /* * Set the BVI and uu-flood interfaces into the BD @@ -298,6 +314,7 @@ gbp_bridge_domain_unlock (index_t index) } gbp_bridge_domain_db_remove (gb); + gbp_route_domain_unlock (gb->gb_rdi); pool_put (gbp_bridge_domain_pool, gb); } @@ -344,8 +361,8 @@ gbp_bridge_domain_cli (vlib_main_t * vm, gbp_bridge_domain_flags_t flags; u32 bm_flood_sw_if_index = ~0; u32 uu_fwd_sw_if_index = ~0; + u32 bd_id = ~0, rd_id = ~0; u32 bvi_sw_if_index = ~0; - u32 bd_id = ~0; u8 add = 1; flags = GBP_BD_FLAG_NONE; @@ -369,19 +386,24 @@ gbp_bridge_domain_cli (vlib_main_t * vm, ; else if (unformat (input, "bd %d", &bd_id)) ; + else if (unformat (input, "rd %d", &rd_id)) + ; else break; } if (~0 == bd_id) return clib_error_return (0, "BD-ID must be specified"); + if (~0 == rd_id) + return clib_error_return (0, "RD-ID must be specified"); if (add) { if (~0 == bvi_sw_if_index) return clib_error_return (0, "interface must be specified"); - gbp_bridge_domain_add_and_lock (bd_id, flags, + gbp_bridge_domain_add_and_lock (bd_id, rd_id, + flags, bvi_sw_if_index, uu_fwd_sw_if_index, bm_flood_sw_if_index); diff --git a/src/plugins/gbp/gbp_bridge_domain.h b/src/plugins/gbp/gbp_bridge_domain.h index dd2798fdafa..5bfa099f31d 100644 --- a/src/plugins/gbp/gbp_bridge_domain.h +++ b/src/plugins/gbp/gbp_bridge_domain.h @@ -46,6 +46,12 @@ typedef struct gbp_bridge_domain_t_ u32 gb_bd_index; /** + * Index of the Route-domain this BD is associated with. This is used as the + * 'scope' of the packets for contract matching. + */ + u32 gb_rdi; + + /** * Flags conttrolling behaviour */ gbp_bridge_domain_flags_t gb_flags; @@ -79,6 +85,7 @@ typedef struct gbp_bridge_domain_t_ } gbp_bridge_domain_t; extern int gbp_bridge_domain_add_and_lock (u32 bd_id, + u32 rd_id, gbp_bridge_domain_flags_t flags, u32 bvi_sw_if_index, u32 uu_fwd_sw_if_index, @@ -121,6 +128,14 @@ gbp_bridge_domain_get_by_bd_index (u32 bd_index) (gbp_bridge_domain_db.gbd_by_bd_index[bd_index])); } +extern gbp_scope_t *gbp_scope_by_bd_index; + +always_inline gbp_scope_t +gbp_bridge_domain_get_scope (u32 bd_index) +{ + return (gbp_scope_by_bd_index[bd_index]); +} + #endif /* diff --git a/src/plugins/gbp/gbp_contract.c b/src/plugins/gbp/gbp_contract.c index 552201a684b..f0bb00a0154 100644 --- a/src/plugins/gbp/gbp_contract.c +++ b/src/plugins/gbp/gbp_contract.c @@ -444,7 +444,8 @@ gbp_contract_mk_lbs (index_t * guis) } int -gbp_contract_update (sclass_t sclass, +gbp_contract_update (gbp_scope_t scope, + sclass_t sclass, sclass_t dclass, u32 acl_index, index_t * rules, @@ -457,6 +458,7 @@ gbp_contract_update (sclass_t sclass, uword *p; gbp_contract_key_t key = { + .gck_scope = scope, .gck_src = sclass, .gck_dst = dclass, }; @@ -468,7 +470,7 @@ gbp_contract_update (sclass_t sclass, gm->acl_plugin.register_user_module ("GBP ACL", "src-epg", "dst-epg"); } - p = hash_get (gbp_contract_db.gc_hash, key.as_u32); + p = hash_get (gbp_contract_db.gc_hash, key.as_u64); if (p != NULL) { gci = p[0]; @@ -483,7 +485,7 @@ gbp_contract_update (sclass_t sclass, pool_get_zero (gbp_contract_pool, gc); gc->gc_key = key; gci = gc - gbp_contract_pool; - hash_set (gbp_contract_db.gc_hash, key.as_u32, gci); + hash_set (gbp_contract_db.gc_hash, key.as_u64, gci); vlib_validate_combined_counter (&gbp_contract_drop_counters, gci); vlib_zero_combined_counter (&gbp_contract_drop_counters, gci); @@ -513,16 +515,17 @@ gbp_contract_update (sclass_t sclass, } int -gbp_contract_delete (sclass_t sclass, sclass_t dclass) +gbp_contract_delete (gbp_scope_t scope, sclass_t sclass, sclass_t dclass) { gbp_contract_key_t key = { + .gck_scope = scope, .gck_src = sclass, .gck_dst = dclass, }; gbp_contract_t *gc; uword *p; - p = hash_get (gbp_contract_db.gc_hash, key.as_u32); + p = hash_get (gbp_contract_db.gc_hash, key.as_u64); if (p != NULL) { gc = gbp_contract_get (p[0]); @@ -531,7 +534,7 @@ gbp_contract_delete (sclass_t sclass, sclass_t dclass) gbp_main.acl_plugin.put_lookup_context_index (gc->gc_lc_index); vec_free (gc->gc_allowed_ethertypes); - hash_unset (gbp_contract_db.gc_hash, key.as_u32); + hash_unset (gbp_contract_db.gc_hash, key.as_u64); pool_put (gbp_contract_pool, gc); return (0); @@ -559,7 +562,7 @@ gbp_contract_cli (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { sclass_t sclass = SCLASS_INVALID, dclass = SCLASS_INVALID; - u32 acl_index = ~0, stats_index; + u32 acl_index = ~0, stats_index, scope; u8 add = 1; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) @@ -568,9 +571,11 @@ gbp_contract_cli (vlib_main_t * vm, add = 1; else if (unformat (input, "del")) add = 0; - else if (unformat (input, "src-epg %d", &sclass)) + else if (unformat (input, "scope %d", &scope)) ; - else if (unformat (input, "dst-epg %d", &dclass)) + else if (unformat (input, "sclass %d", &sclass)) + ; + else if (unformat (input, "dclass %d", &dclass)) ; else if (unformat (input, "acl-index %d", &acl_index)) ; @@ -585,12 +590,12 @@ gbp_contract_cli (vlib_main_t * vm, if (add) { - gbp_contract_update (sclass, dclass, acl_index, + gbp_contract_update (scope, sclass, dclass, acl_index, NULL, NULL, &stats_index); } else { - gbp_contract_delete (sclass, dclass); + gbp_contract_delete (scope, sclass, dclass); } return (NULL); @@ -618,7 +623,7 @@ format_gbp_contract_key (u8 * s, va_list * args) { gbp_contract_key_t *gck = va_arg (*args, gbp_contract_key_t *); - s = format (s, "{%d,%d}", gck->gck_src, gck->gck_dst); + s = format (s, "{%d,%d,%d}", gck->gck_scope, gck->gck_src, gck->gck_dst); return (s); } diff --git a/src/plugins/gbp/gbp_contract.h b/src/plugins/gbp/gbp_contract.h index 9de52eb9806..8e621a47d28 100644 --- a/src/plugins/gbp/gbp_contract.h +++ b/src/plugins/gbp/gbp_contract.h @@ -38,13 +38,14 @@ typedef struct gbp_contract_key_t_ { struct { + gbp_scope_t gck_scope; /** * source and destination EPGs for which the ACL applies */ sclass_t gck_src; sclass_t gck_dst; }; - u32 as_u32; + u64 as_u64; }; } gbp_contract_key_t; @@ -149,12 +150,14 @@ typedef struct gbp_contract_db_t_ uword *gc_hash; } gbp_contract_db_t; -extern int gbp_contract_update (sclass_t sclass, +extern int gbp_contract_update (gbp_scope_t scope, + sclass_t sclass, sclass_t dclass, u32 acl_index, index_t * rules, u16 * allowed_ethertypes, u32 * stats_index); -extern int gbp_contract_delete (sclass_t sclass, sclass_t dclass); +extern int gbp_contract_delete (gbp_scope_t scope, sclass_t sclass, + sclass_t dclass); extern index_t gbp_rule_alloc (gbp_rule_action_t action, gbp_hash_mode_t hash_mode, index_t * nhs); @@ -177,7 +180,7 @@ gbp_contract_find (gbp_contract_key_t * key) { uword *p; - p = hash_get (gbp_contract_db.gc_hash, key->as_u32); + p = hash_get (gbp_contract_db.gc_hash, key->as_u64); if (NULL != p) return (p[0]); diff --git a/src/plugins/gbp/gbp_endpoint.c b/src/plugins/gbp/gbp_endpoint.c index 2472199e320..da15b49d81b 100644 --- a/src/plugins/gbp/gbp_endpoint.c +++ b/src/plugins/gbp/gbp_endpoint.c @@ -759,6 +759,7 @@ gbb_endpoint_fwd_recalc (gbp_endpoint_t * ge) * is applied */ gbp_policy_dpo_add_or_lock (fib_proto_to_dpo (pfx->fp_proto), + grd->grd_scope, gg->gg_sclass, ~0, &policy_dpo); fib_table_entry_special_dpo_add (fib_index, pfx, diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c index a7077899fd8..8152315c7b8 100644 --- a/src/plugins/gbp/gbp_policy_dpo.c +++ b/src/plugins/gbp/gbp_policy_dpo.c @@ -93,6 +93,7 @@ gbp_policy_dpo_get_urpf (const dpo_id_t * dpo) void gbp_policy_dpo_add_or_lock (dpo_proto_t dproto, + gbp_scope_t scope, sclass_t sclass, u32 sw_if_index, dpo_id_t * dpo) { gbp_policy_dpo_t *gpd; @@ -103,6 +104,7 @@ gbp_policy_dpo_add_or_lock (dpo_proto_t dproto, gpd->gpd_proto = dproto; gpd->gpd_sw_if_index = sw_if_index; gpd->gpd_sclass = sclass; + gpd->gpd_scope = scope; if (~0 != sw_if_index) { @@ -128,9 +130,9 @@ format_gbp_policy_dpo (u8 * s, va_list * ap) gbp_policy_dpo_t *gpd = gbp_policy_dpo_get (index); vnet_main_t *vnm = vnet_get_main (); - s = format (s, "gbp-policy-dpo: %U, sclass:%d out:%U", + s = format (s, "gbp-policy-dpo: %U, scope:%d sclass:%d out:%U", format_dpo_proto, gpd->gpd_proto, - (int) gpd->gpd_sclass, + gpd->gpd_scope, (int) gpd->gpd_sclass, format_vnet_sw_if_index_name, vnm, gpd->gpd_sw_if_index); s = format (s, "\n%U", format_white_space, indent + 2); s = format (s, "%U", format_dpo_id, &gpd->gpd_dpo, indent + 4); @@ -151,6 +153,7 @@ gbp_policy_dpo_interpose (const dpo_id_t * original, gpd = gbp_policy_dpo_get (original->dpoi_index); gpd_clone->gpd_proto = gpd->gpd_proto; + gpd_clone->gpd_scope = gpd->gpd_scope; gpd_clone->gpd_sclass = gpd->gpd_sclass; gpd_clone->gpd_sw_if_index = gpd->gpd_sw_if_index; @@ -233,11 +236,13 @@ static char *gbp_policy_dpo_error_strings[] = { typedef struct gbp_policy_dpo_trace_t_ { - u32 sclass; - u32 dclass; + gbp_scope_t scope; + sclass_t sclass; + sclass_t dclass; u32 acl_index; u32 flags; u32 action; + u32 gci; } gbp_policy_dpo_trace_t; typedef enum @@ -323,11 +328,13 @@ gbp_policy_dpo_inline (vlib_main_t * vm, if (vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_A) { next0 = gpd0->gpd_dpo.dpoi_next_node; - key0.as_u32 = ~0; + key0.as_u64 = ~0; n_allow_a_bit++; goto trace; } + key0.as_u64 = 0; + key0.gck_scope = gpd0->gpd_scope; key0.gck_src = vnet_buffer2 (b0)->gbp.sclass; key0.gck_dst = gpd0->gpd_sclass; @@ -440,11 +447,14 @@ gbp_policy_dpo_inline (vlib_main_t * vm, gbp_policy_dpo_trace_t *tr; tr = vlib_add_trace (vm, node, b0, sizeof (*tr)); + tr->scope = key0.gck_scope; tr->sclass = key0.gck_src; tr->dclass = key0.gck_dst; tr->acl_index = (gc0 ? gc0->gc_acl_index : ~0); tr->flags = vnet_buffer2 (b0)->gbp.flags; tr->action = action0; + tr->gci = (gc0 ? gc0 - gbp_contract_pool : INDEX_INVALID); + } vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, @@ -472,9 +482,11 @@ format_gbp_policy_dpo_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); gbp_policy_dpo_trace_t *t = va_arg (*args, gbp_policy_dpo_trace_t *); - s = format (s, " sclass:%d dclass:%d acl-index:%d flags:%U action:%d", - t->sclass, t->dclass, t->acl_index, - format_vxlan_gbp_header_gpflags, t->flags, t->action); + s = + format (s, + "scope:%d sclass:%d dclass:%d gci:%d acl-index:%d flags:%U action:%d", + t->scope, t->sclass, t->dclass, t->gci, t->acl_index, + format_vxlan_gbp_header_gpflags, t->flags, t->action); return s; } diff --git a/src/plugins/gbp/gbp_policy_dpo.h b/src/plugins/gbp/gbp_policy_dpo.h index 3a4264d9194..6b4f8c57fd0 100644 --- a/src/plugins/gbp/gbp_policy_dpo.h +++ b/src/plugins/gbp/gbp_policy_dpo.h @@ -38,6 +38,11 @@ typedef struct gbp_policy_dpo_t_ sclass_t gpd_sclass; /** + * sclass scope + */ + gbp_scope_t gpd_scope; + + /** * output sw_if_index */ u32 gpd_sw_if_index; @@ -54,6 +59,7 @@ typedef struct gbp_policy_dpo_t_ } gbp_policy_dpo_t; extern void gbp_policy_dpo_add_or_lock (dpo_proto_t dproto, + gbp_scope_t scope, sclass_t sclass, u32 sw_if_index, dpo_id_t * dpo); diff --git a/src/plugins/gbp/gbp_policy_node.c b/src/plugins/gbp/gbp_policy_node.c index 2cffc79cf2d..26f7e9b8c59 100644 --- a/src/plugins/gbp/gbp_policy_node.c +++ b/src/plugins/gbp/gbp_policy_node.c @@ -15,6 +15,7 @@ #include <plugins/gbp/gbp.h> #include <plugins/gbp/gbp_policy_dpo.h> +#include <plugins/gbp/gbp_bridge_domain.h> #include <vnet/vxlan-gbp/vxlan_gbp_packet.h> #include <vnet/vxlan-gbp/vxlan_gbp.h> @@ -49,8 +50,9 @@ typedef enum typedef struct gbp_policy_trace_t_ { /* per-pkt trace data */ - u32 sclass; - u32 dst_epg; + gbp_scope_t scope; + sclass_t sclass; + sclass_t dclass; u32 acl_index; u32 allowed; u32 flags; @@ -154,6 +156,9 @@ gbp_policy_inline (vlib_main_t * vm, h0 = vlib_buffer_get_current (b0); sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX]; + /* zero out the key to ensure the pad space is clear */ + key0.as_u64 = 0; + /* * Reflection check; in and out on an ivxlan tunnel */ @@ -176,7 +181,7 @@ gbp_policy_inline (vlib_main_t * vm, L2OUTPUT_FEAT_GBP_POLICY_PORT : L2OUTPUT_FEAT_GBP_POLICY_MAC)); n_allow_a_bit++; - key0.as_u32 = ~0; + key0.as_u64 = ~0; goto trace; } @@ -190,7 +195,11 @@ gbp_policy_inline (vlib_main_t * vm, vnet_buffer (b0)->l2.bd_index); if (NULL != ge0) - key0.gck_dst = ge0->ge_fwd.gef_sclass; + { + key0.gck_dst = ge0->ge_fwd.gef_sclass; + key0.gck_scope = + gbp_bridge_domain_get_scope (vnet_buffer (b0)->l2.bd_index); + } else { /* If you cannot determine the destination EP then drop */ @@ -373,7 +382,8 @@ gbp_policy_inline (vlib_main_t * vm, gbp_policy_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sclass = key0.gck_src; - t->dst_epg = key0.gck_dst; + t->dclass = key0.gck_dst; + t->scope = key0.gck_scope; t->acl_index = (gc0 ? gc0->gc_acl_index : ~0); t->allowed = (next0 != GBP_POLICY_NEXT_DROP); t->flags = vnet_buffer2 (b0)->gbp.flags; @@ -422,8 +432,8 @@ format_gbp_policy_trace (u8 * s, va_list * args) gbp_policy_trace_t *t = va_arg (*args, gbp_policy_trace_t *); s = - format (s, "sclass:%d, dst:%d, acl:%d allowed:%d flags:%U", - t->sclass, t->dst_epg, t->acl_index, t->allowed, + format (s, "scope:%d sclass:%d, dclass:%d, acl:%d allowed:%d flags:%U", + t->scope, t->sclass, t->dclass, t->acl_index, t->allowed, format_vxlan_gbp_header_gpflags, t->flags); return s; diff --git a/src/plugins/gbp/gbp_route_domain.c b/src/plugins/gbp/gbp_route_domain.c index 7502a253440..90b0155758d 100644 --- a/src/plugins/gbp/gbp_route_domain.c +++ b/src/plugins/gbp/gbp_route_domain.c @@ -126,6 +126,7 @@ gbp_route_domain_db_remove (gbp_route_domain_t * grd) int gbp_route_domain_add_and_lock (u32 rd_id, + gbp_scope_t scope, u32 ip4_table_id, u32 ip6_table_id, u32 ip4_uu_sw_if_index, u32 ip6_uu_sw_if_index) @@ -142,6 +143,7 @@ gbp_route_domain_add_and_lock (u32 rd_id, pool_get_zero (gbp_route_domain_pool, grd); grd->grd_id = rd_id; + grd->grd_scope = scope; grd->grd_table_id[FIB_PROTOCOL_IP4] = ip4_table_id; grd->grd_table_id[FIB_PROTOCOL_IP6] = ip6_table_id; grd->grd_uu_sw_if_index[FIB_PROTOCOL_IP4] = ip4_uu_sw_if_index; @@ -241,6 +243,16 @@ gbp_route_domain_get_rd_id (index_t grdi) return (grd->grd_id); } +gbp_scope_t +gbp_route_domain_get_scope (index_t grdi) +{ + gbp_route_domain_t *grd; + + grd = gbp_route_domain_get (grdi); + + return (grd->grd_scope); +} + int gbp_route_domain_delete (u32 rd_id) { @@ -296,6 +308,7 @@ gbp_route_domain_cli (vlib_main_t * vm, u32 ip6_uu_sw_if_index = ~0; u32 ip4_table_id = ~0; u32 ip6_table_id = ~0; + u32 scope = ~0; u32 rd_id = ~0; u8 add = 1; @@ -317,6 +330,8 @@ gbp_route_domain_cli (vlib_main_t * vm, add = 0; else if (unformat (input, "rd %d", &rd_id)) ; + else if (unformat (input, "scope %d", &scope)) + ; else break; } @@ -331,7 +346,8 @@ gbp_route_domain_cli (vlib_main_t * vm, if (~0 == ip6_table_id) return clib_error_return (0, "IP6 table-ID must be specified"); - gbp_route_domain_add_and_lock (rd_id, ip4_table_id, + gbp_route_domain_add_and_lock (rd_id, scope, + ip4_table_id, ip6_table_id, ip4_uu_sw_if_index, ip6_uu_sw_if_index); } diff --git a/src/plugins/gbp/gbp_route_domain.h b/src/plugins/gbp/gbp_route_domain.h index b83d598ad38..dd7adf096cf 100644 --- a/src/plugins/gbp/gbp_route_domain.h +++ b/src/plugins/gbp/gbp_route_domain.h @@ -32,6 +32,7 @@ typedef struct gpb_route_domain_t_ * Route-domain ID */ u32 grd_id; + gbp_scope_t grd_scope; u32 grd_fib_index[FIB_PROTOCOL_IP_MAX]; u32 grd_table_id[FIB_PROTOCOL_IP_MAX]; @@ -55,6 +56,7 @@ typedef struct gpb_route_domain_t_ } gbp_route_domain_t; extern int gbp_route_domain_add_and_lock (u32 rd_id, + gbp_scope_t scope, u32 ip4_table_id, u32 ip6_table_id, u32 ip4_uu_sw_if_index, @@ -67,6 +69,7 @@ extern index_t gbp_route_domain_index (const gbp_route_domain_t *); extern int gbp_route_domain_delete (u32 rd_id); extern gbp_route_domain_t *gbp_route_domain_get (index_t i); extern u32 gbp_route_domain_get_rd_id (index_t i); +extern gbp_scope_t gbp_route_domain_get_scope (index_t i); typedef int (*gbp_route_domain_cb_t) (gbp_route_domain_t * gb, void *ctx); extern void gbp_route_domain_walk (gbp_route_domain_cb_t bgpe, void *ctx); diff --git a/src/plugins/gbp/gbp_subnet.c b/src/plugins/gbp/gbp_subnet.c index 2daf0ddc684..e2dfd3799b0 100644 --- a/src/plugins/gbp/gbp_subnet.c +++ b/src/plugins/gbp/gbp_subnet.c @@ -163,6 +163,7 @@ gbp_subnet_external_add (gbp_subnet_t * gs, u32 sw_if_index, sclass_t sclass) gs->gs_stitched_external.gs_sw_if_index = sw_if_index; gbp_policy_dpo_add_or_lock (fib_proto_to_dpo (gs->gs_key->gsk_pfx.fp_proto), + gbp_route_domain_get_scope (gs->gs_rd), gs->gs_stitched_external.gs_sclass, gs->gs_stitched_external.gs_sw_if_index, &gpd); @@ -186,6 +187,7 @@ gbp_subnet_l3_out_add (gbp_subnet_t * gs, sclass_t sclass) gs->gs_l3_out.gs_sclass = sclass; gbp_policy_dpo_add_or_lock (fib_proto_to_dpo (gs->gs_key->gsk_pfx.fp_proto), + gbp_route_domain_get_scope (gs->gs_rd), gs->gs_l3_out.gs_sclass, ~0, &gpd); gs->gs_fei = fib_table_entry_special_dpo_add (gs->gs_key->gsk_fib_index, diff --git a/src/plugins/gbp/gbp_types.h b/src/plugins/gbp/gbp_types.h index 5bd9735e08b..ac983b1cdd2 100644 --- a/src/plugins/gbp/gbp_types.h +++ b/src/plugins/gbp/gbp_types.h @@ -21,6 +21,7 @@ typedef u32 vnid_t; #define VNID_INVALID ((u16)~0) +typedef u16 gbp_scope_t; typedef u16 sclass_t; #define SCLASS_INVALID ((u16)~0) |