L3 proxy FIB source for container networking

Change-Id: I4164c4c19c8dbfd73e6ddf94a12056325cc093b9 Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Andrew Yourtchenko <ayourtch@gmail.com>
author: Andrew Yourtchenko <ayourtch@gmail.com> 2017-10-25 05:50:37 -0700
committer: Ole Trøan <otroan@employees.org> 2017-10-25 16:28:03 +0000
commit: 5f3fcb96296a4769f55f60270e10c6294c604db9 (patch)
tree: 028293ba04f669187b8d41cd72f34f195e12e81b /src/vnet/dpo
parent: 36ea2d6d3a67a60534a7c2b58551688858a1ce7f (diff)
4 files changed, 270 insertions, 3 deletions
diff --git a/src/vnet/dpo/dpo.c b/src/vnet/dpo/dpo.c
index e94f347466e..7658132d47a 100644
--- a/src/vnet/dpo/dpo.c
+++ b/src/vnet/dpo/dpo.c
@@ -41,6 +41,7 @@
 #include <vnet/dpo/interface_tx_dpo.h>
 #include <vnet/dpo/mpls_disposition.h>
 #include <vnet/dpo/l2_bridge_dpo.h>
+#include <vnet/dpo/l3_proxy_dpo.h>
 
 /**
  * Array of char* names for the DPO types and protos
@@ -345,6 +346,17 @@ dpo_unlock (dpo_id_t *dpo)
     dpo_vfts[dpo->dpoi_type].dv_unlock(dpo);
 }
 
+u32
+dpo_get_urpf(const dpo_id_t *dpo)
+{
+    if (dpo_id_is_valid(dpo) &&
+        (NULL != dpo_vfts[dpo->dpoi_type].dv_get_urpf))
+    {
+        return (dpo_vfts[dpo->dpoi_type].dv_get_urpf(dpo));
+    }
+
+    return (~0);
+}
 
 static u32
 dpo_get_next_node (dpo_type_t child_type,
@@ -525,6 +537,7 @@ dpo_module_init (vlib_main_t * vm)
     interface_tx_dpo_module_init();
     mpls_disp_dpo_module_init();
     l2_bridge_dpo_module_init();
+    l3_proxy_dpo_module_init();
 
     return (NULL);
 }
diff --git a/src/vnet/dpo/dpo.h b/src/vnet/dpo/dpo.h
index d1309c19031..304b4331495 100644
--- a/src/vnet/dpo/dpo.h
+++ b/src/vnet/dpo/dpo.h
@@ -115,6 +115,7 @@ typedef enum dpo_type_t_ {
     DPO_INTERFACE_RX,
     DPO_INTERFACE_TX,
     DPO_L2_BRIDGE,
+    DPO_L3_PROXY,
     DPO_LAST,
 } __attribute__((packed)) dpo_type_t;
 
@@ -142,7 +143,8 @@ typedef enum dpo_type_t_ {
     [DPO_MFIB_ENTRY] = "dpo-mfib_entry", \
     [DPO_INTERFACE_RX] = "dpo-interface-rx",	\
     [DPO_INTERFACE_TX] = "dpo-interface-tx",	\
-    [DPO_L2_BRIDGE] = "dpo-l2-bridge"	\
+    [DPO_L2_BRIDGE] = "dpo-l2-bridge",	\
+    [DPO_L3_PROXY] = "dpo-l3-proxy",	\
 }
 
 /**
@@ -310,10 +312,10 @@ extern void dpo_stack(dpo_type_t child_type,
  * @param child_node
  *  The VLIB grpah node index to create an arc from to the parent
  *
- * @parem dpo
+ * @param dpo
  *  This is the DPO to stack and set.
  *
- * @paren parent_dpo
+ * @param parent_dpo
  *  The parent DPO to stack onto.
  */ 
 extern void dpo_stack_from_node(u32 child_node,
@@ -321,6 +323,16 @@ extern void dpo_stack_from_node(u32 child_node,
                                 const dpo_id_t *parent);
 
 /**
+ * Get a uRPF interface for the DPO
+ *
+ * @param dpo
+ *  The DPO from which to get the uRPF interface
+ *
+ * @return valid SW interface index or ~0
+ */
+extern u32 dpo_get_urpf(const dpo_id_t *dpo);
+
+/**
  * @brief  A lock function registered for a DPO type
  */
 typedef void (*dpo_lock_fn_t)(dpo_id_t *dpo);
@@ -342,6 +354,12 @@ typedef void (*dpo_mem_show_t)(void);
 typedef u32* (*dpo_get_next_node_t)(const dpo_id_t *dpo);
 
 /**
+ * @brief Given a DPO instance return an interface that can
+ * be used in an uRPF check
+ */
+typedef u32 (*dpo_get_urpf_t)(const dpo_id_t *dpo);
+
+/**
  * @brief A virtual function table regisitered for a DPO type
  */
 typedef struct dpo_vft_t_
@@ -369,6 +387,10 @@ typedef struct dpo_vft_t_
      * function
      */
     dpo_get_next_node_t dv_get_next_node;
+    /**
+     * Get uRPF interface
+     */
+    dpo_get_urpf_t dv_get_urpf;
 } dpo_vft_t;
 
 
diff --git a/src/vnet/dpo/l3_proxy_dpo.c b/src/vnet/dpo/l3_proxy_dpo.c
new file mode 100644
index 00000000000..ea3db7151d0
--- /dev/null
+++ b/src/vnet/dpo/l3_proxy_dpo.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @brief
+ * The data-path object representing l3_proxying the packet, i.e. it's for-us
+ */
+#include <vlib/vlib.h>
+#include <vnet/ip/ip.h>
+#include <vnet/dpo/l3_proxy_dpo.h>
+
+/**
+ * @brief pool of all l3_proxy DPOs
+ */
+l3_proxy_dpo_t *l3_proxy_dpo_pool;
+
+static l3_proxy_dpo_t *
+l3_proxy_dpo_alloc (void)
+{
+    l3_proxy_dpo_t *l3p;
+
+    pool_get_aligned(l3_proxy_dpo_pool, l3p, CLIB_CACHE_LINE_BYTES);
+    memset(l3p, 0, sizeof(*l3p));
+
+    return (l3p);
+}
+
+static l3_proxy_dpo_t *
+l3_proxy_dpo_get_from_dpo (const dpo_id_t *dpo)
+{
+    ASSERT(DPO_L3_PROXY == dpo->dpoi_type);
+
+    return (l3_proxy_dpo_get(dpo->dpoi_index));
+}
+
+
+/*
+ * l3_proxy_dpo_add_or_lock
+ *
+ * The next_hop address here is used for source address selection in the DP.
+ * The local adj is added to an interface's l3_proxy prefix, the next-hop
+ * passed here is the local prefix on the same interface.
+ */
+void
+l3_proxy_dpo_add_or_lock (dpo_proto_t proto,
+                          u32 sw_if_index,
+                          dpo_id_t *dpo)
+{
+    l3_proxy_dpo_t *l3p;
+
+    l3p = l3_proxy_dpo_alloc();
+
+    l3p->l3p_sw_if_index = sw_if_index;
+
+    dpo_set(dpo, DPO_L3_PROXY, proto, (l3p - l3_proxy_dpo_pool));
+}
+
+static void
+l3_proxy_dpo_lock (dpo_id_t *dpo)
+{
+    l3_proxy_dpo_t *l3p;
+
+    l3p = l3_proxy_dpo_get_from_dpo(dpo);
+    l3p->l3p_locks++;
+}
+
+static void
+l3_proxy_dpo_unlock (dpo_id_t *dpo)
+{
+    l3_proxy_dpo_t *l3p;
+
+    l3p = l3_proxy_dpo_get_from_dpo(dpo);
+    l3p->l3p_locks--;
+
+    if (0 == l3p->l3p_locks)
+    {
+        pool_put(l3_proxy_dpo_pool, l3p);
+    }
+}
+
+static u32
+l3_proxy_dpo_get_urpf (const dpo_id_t *dpo)
+{
+    l3_proxy_dpo_t *l3p;
+
+    l3p = l3_proxy_dpo_get_from_dpo(dpo);
+
+    return (l3p->l3p_sw_if_index);
+}
+
+static u8*
+format_l3_proxy_dpo (u8 *s, va_list *ap)
+{
+    CLIB_UNUSED(index_t index) = va_arg(*ap, index_t);
+    CLIB_UNUSED(u32 indent) = va_arg(*ap, u32);
+    vnet_main_t * vnm = vnet_get_main();
+    l3_proxy_dpo_t *l3p;
+
+    if (pool_is_free_index(l3_proxy_dpo_pool, index))
+    {
+        return (format(s, "dpo-l3_proxy DELETED"));
+    }
+
+    l3p = l3_proxy_dpo_get(index);
+
+    if (~0 != l3p->l3p_sw_if_index)
+    {
+        return (format(s, "dpo-l3_proxy: %U",
+                       format_vnet_sw_interface_name, vnm,
+                       vnet_get_sw_interface(vnm, l3p->l3p_sw_if_index)));
+    }
+    else
+    {
+        return (format(s, "dpo-l3-proxy"));
+    }
+}
+
+static void
+l3_proxy_dpo_mem_show (void)
+{
+    fib_show_memory_usage("L3 Proxy",
+			  pool_elts(l3_proxy_dpo_pool),
+			  pool_len(l3_proxy_dpo_pool),
+			  sizeof(l3_proxy_dpo_t));
+}
+
+const static dpo_vft_t l3_proxy_vft = {
+    .dv_lock = l3_proxy_dpo_lock,
+    .dv_unlock = l3_proxy_dpo_unlock,
+    .dv_format = format_l3_proxy_dpo,
+    .dv_get_urpf = l3_proxy_dpo_get_urpf,
+    .dv_mem_show = l3_proxy_dpo_mem_show,
+};
+
+/**
+ * @brief The per-protocol VLIB graph nodes that are assigned to a l3_proxy
+ *        object.
+ *
+ * this means that these graph nodes are ones from which a l3_proxy is the
+ * parent object in the DPO-graph.
+ */
+const static char* const l3_proxy_ip4_nodes[] =
+{
+    "ip4-local",
+    NULL,
+};
+const static char* const l3_proxy_ip6_nodes[] =
+{
+    "ip6-local",
+    NULL,
+};
+
+const static char* const * const l3_proxy_nodes[DPO_PROTO_NUM] =
+{
+    [DPO_PROTO_IP4]  = l3_proxy_ip4_nodes,
+    [DPO_PROTO_IP6]  = l3_proxy_ip6_nodes,
+    [DPO_PROTO_MPLS] = NULL,
+};
+
+void
+l3_proxy_dpo_module_init (void)
+{
+    dpo_register(DPO_L3_PROXY, &l3_proxy_vft, l3_proxy_nodes);
+}
diff --git a/src/vnet/dpo/l3_proxy_dpo.h b/src/vnet/dpo/l3_proxy_dpo.h
new file mode 100644
index 00000000000..f17ace50876
--- /dev/null
+++ b/src/vnet/dpo/l3_proxy_dpo.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @brief
+ * The data-path object representing L3 proxy. An L3 proxy is when VPP has
+ * an address in the FIB that is also assigned to an attached host.
+ */
+
+#ifndef __L3_PROXY_DPO_H__
+#define __L3_PROXY_DPO_H__
+
+#include <vnet/dpo/dpo.h>
+#include <vnet/ip/ip6.h>
+
+typedef struct l3_proxy_dpo_t_
+{
+    /**
+     * The Software interface index on which traffic is l3_proxyd
+     */
+    u32 l3p_sw_if_index;
+
+    /**
+     * number oflocks.
+     */
+    u16 l3p_locks;
+} l3_proxy_dpo_t;
+
+extern void l3_proxy_dpo_add_or_lock (dpo_proto_t proto,
+                                      u32 sw_if_index,
+                                      dpo_id_t *dpo);
+
+extern void l3_proxy_dpo_module_init(void);
+
+/**
+ * @brief pool of all l3_proxy DPOs
+ */
+l3_proxy_dpo_t *l3_proxy_dpo_pool;
+
+static inline l3_proxy_dpo_t *
+l3_proxy_dpo_get (index_t index)
+{
+    return (pool_elt_at_index(l3_proxy_dpo_pool, index));
+}
+
+#endif
author	Andrew Yourtchenko <ayourtch@gmail.com>	2017-10-25 05:50:37 -0700
committer	Ole Trøan <otroan@employees.org>	2017-10-25 16:28:03 +0000
commit	5f3fcb96296a4769f55f60270e10c6294c604db9 (patch)
tree	028293ba04f669187b8d41cd72f34f195e12e81b /src/vnet/dpo
parent	36ea2d6d3a67a60534a7c2b58551688858a1ce7f (diff)