diff options
author | Neale Ranns <nranns@cisco.com> | 2019-11-25 13:04:44 +0000 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2019-12-03 19:36:26 +0000 |
commit | 9534696b4637185c9f296375e63c50d8976d153d (patch) | |
tree | 7e5bce5d492b6b376e42f9df175e18202f93af68 /src/vnet/ipip | |
parent | c8972fe506c78530a3e4085453e86a0b85b245ef (diff) |
ipip: Tunnel flags controlling copying data to/from payload/encap
Type: feature
Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: I9467f11775936754406892b8e9e275f989ac9b30
Diffstat (limited to 'src/vnet/ipip')
-rw-r--r-- | src/vnet/ipip/ipip.api | 10 | ||||
-rw-r--r-- | src/vnet/ipip/ipip.c | 69 | ||||
-rw-r--r-- | src/vnet/ipip/ipip.h | 28 | ||||
-rw-r--r-- | src/vnet/ipip/ipip_api.c | 12 | ||||
-rw-r--r-- | src/vnet/ipip/ipip_cli.c | 18 | ||||
-rw-r--r-- | src/vnet/ipip/ipip_types.api | 33 | ||||
-rw-r--r-- | src/vnet/ipip/ipip_types_api.c | 53 | ||||
-rw-r--r-- | src/vnet/ipip/ipip_types_api.h | 41 | ||||
-rw-r--r-- | src/vnet/ipip/node.c | 28 |
9 files changed, 258 insertions, 34 deletions
diff --git a/src/vnet/ipip/ipip.api b/src/vnet/ipip/ipip.api index 8a6e726eba4..baf0e508cf0 100644 --- a/src/vnet/ipip/ipip.api +++ b/src/vnet/ipip/ipip.api @@ -1,3 +1,4 @@ +/* Hey Emacs use -*- mode: C -*- */ /* * Copyright (c) 2018 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -48,9 +49,11 @@ * */ -option version = "1.2.0"; +option version = "2.0.0"; + import "vnet/interface_types.api"; import "vnet/ip/ip_types.api"; +import "vnet/ipip/ipip_types.api"; /** * An IP{v4,v6} over IP{v4,v6} tunnel. @@ -63,8 +66,9 @@ typedef ipip_tunnel vl_api_interface_index_t sw_if_index; /* ignored on create, set in details/dump */ u32 table_id; - u8 tc_tos; /* If ~0, the TOS/TC value is copied from - inner packet, otherwise set to value */ + vl_api_ipip_tunnel_flags_t flags; + vl_api_ip_dscp_t dscp; /* DSCP value for the tunnel encap, + ignored if ECNAP_COPY_DSCP flag is set */ }; /** diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c index 66c945e346e..15f453a8c7e 100644 --- a/src/vnet/ipip/ipip.c +++ b/src/vnet/ipip/ipip.c @@ -75,8 +75,10 @@ ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index, ip4->src_address.as_u32 = t->tunnel_src.ip4.as_u32; ip4->dst_address.as_u32 = t->tunnel_dst.ip4.as_u32; ip4->checksum = ip4_header_checksum (ip4); - if (t->tc_tos != 0xFF) - ip4->tos = t->tc_tos; + if (!(t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP)) + ip4_header_set_dscp (ip4, t->dscp); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_SET_DF) + ip4_header_set_df (ip4); break; case IPIP_TRANSPORT_IP6: @@ -84,14 +86,14 @@ ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index, ip6 = (ip6_header_t *) rewrite; ip6->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32 (6 << 28); - if (t->tc_tos != 0xFF) - ip6_set_traffic_class_network_order (ip6, t->tc_tos); ip6->hop_limit = 64; /* fixup ip6 header length and protocol after-the-fact */ ip6->src_address.as_u64[0] = t->tunnel_src.ip6.as_u64[0]; ip6->src_address.as_u64[1] = t->tunnel_src.ip6.as_u64[1]; ip6->dst_address.as_u64[0] = t->tunnel_dst.ip6.as_u64[0]; ip6->dst_address.as_u64[1] = t->tunnel_dst.ip6.as_u64[1]; + if (!(t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP)) + ip6_set_dscp_network_order (ip6, t->dscp); break; default: @@ -114,15 +116,25 @@ ipip4_fixup (vlib_main_t * vm, ip_adjacency_t * adj, vlib_buffer_t * b, { case VNET_LINK_IP6: ip4->protocol = IP_PROTOCOL_IPV6; - if (t->tc_tos == 0xFF) - ip4->tos = - ip6_traffic_class_network_order ((const ip6_header_t *) (ip4 + 1)); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP) + ip4_header_set_dscp (ip4, + ip6_dscp_network_order ((ip6_header_t *) (ip4 + + 1))); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN) + ip4_header_set_ecn (ip4, + ip6_ecn_network_order ((ip6_header_t *) (ip4 + + 1))); break; case VNET_LINK_IP4: ip4->protocol = IP_PROTOCOL_IP_IN_IP; - if (t->tc_tos == 0xFF) - ip4->tos = ((ip4_header_t *) (ip4 + 1))->tos; + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP) + ip4_header_set_dscp (ip4, ip4_header_get_dscp (ip4 + 1)); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN) + ip4_header_set_ecn (ip4, ip4_header_get_ecn (ip4 + 1)); + if ((t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DF) && + ip4_header_get_df (ip4 + 1)) + ip4_header_set_df (ip4); break; default: @@ -151,17 +163,20 @@ ipip6_fixup (vlib_main_t * vm, ip_adjacency_t * adj, vlib_buffer_t * b, { case VNET_LINK_IP6: ip6->protocol = IP_PROTOCOL_IPV6; - if (t->tc_tos == 0xFF) - ip6_set_traffic_class_network_order (ip6, - ip6_traffic_class_network_order ((const ip6_header_t *) (ip6 + 1))); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP) + ip6_set_dscp_network_order (ip6, ip6_dscp_network_order (ip6 + 1)); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN) + ip6_set_ecn_network_order (ip6, ip6_ecn_network_order (ip6 + 1)); break; case VNET_LINK_IP4: ip6->protocol = IP_PROTOCOL_IP_IN_IP; - if (t->tc_tos == 0xFF) - ip6_set_traffic_class_network_order (ip6, - ((ip4_header_t *) (ip6 + - 1))->tos); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP) + ip6_set_dscp_network_order + (ip6, ip4_header_get_dscp ((ip4_header_t *) (ip6 + 1))); + if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN) + ip6_set_ecn_network_order + (ip6, ip4_header_get_ecn ((ip4_header_t *) (ip6 + 1))); break; default: @@ -250,6 +265,20 @@ ipip_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai) ipip_tunnel_stack (ai); } +u8 * +format_ipip_tunnel_flags (u8 * s, va_list * args) +{ + ipip_tunnel_flags_t f = va_arg (*args, int); + + if (f == IPIP_TUNNEL_FLAG_NONE) + return (format (s, "none")); + +#define _(a,b,c) if (f & IPIP_TUNNEL_FLAG_##a) s = format(s, "%s ", b); + forech_ipip_tunnel_flag +#undef _ + return (s); +} + static u8 * format_ipip_tunnel_name (u8 * s, va_list * args) { @@ -384,7 +413,8 @@ ipip_tunnel_db_remove (ipip_tunnel_t * t) int ipip_add_tunnel (ipip_transport_t transport, u32 instance, ip46_address_t * src, ip46_address_t * dst, - u32 fib_index, u8 tc_tos, u32 * sw_if_indexp) + u32 fib_index, ipip_tunnel_flags_t flags, + ip_dscp_t dscp, u32 * sw_if_indexp) { ipip_main_t *gm = &ipip_main; vnet_main_t *vnm = gm->vnet_main; @@ -430,9 +460,10 @@ ipip_add_tunnel (ipip_transport_t transport, t->hw_if_index = hw_if_index; t->fib_index = fib_index; t->sw_if_index = sw_if_index; - t->tc_tos = tc_tos; - + t->dscp = dscp; + t->flags = flags; t->transport = transport; + vec_validate_init_empty (gm->tunnel_index_by_sw_if_index, sw_if_index, ~0); gm->tunnel_index_by_sw_if_index[sw_if_index] = t_idx; diff --git a/src/vnet/ipip/ipip.h b/src/vnet/ipip/ipip.h index c55d1d7c644..be944507b40 100644 --- a/src/vnet/ipip/ipip.h +++ b/src/vnet/ipip/ipip.h @@ -65,6 +65,28 @@ typedef enum } ipip_mode_t; /** + * Keep these idenitical to those in ipip.api + */ +#define forech_ipip_tunnel_flag \ + _(NONE, "none", 0x0) \ + _(ENCAP_COPY_DF, "encap-copy-df", 0x1) \ + _(ENCAP_SET_DF, "encap-set-df", 0x2) \ + _(ENCAP_COPY_DSCP, "encap-copy-dscp", 0x4) \ + _(ENCAP_COPY_ECN, "encap-copy-ecn", 0x8) \ + _(DECAP_COPY_ECN, "decap-copy-ecn", 0x10) + +typedef enum ipip_tunnel_flags_t_ +{ +#define _(a,b,c) IPIP_TUNNEL_FLAG_##a = c, + forech_ipip_tunnel_flag +#undef _ +} __clib_packed ipip_tunnel_flags_t; + +#define IPIP_TUNNEL_FLAG_MASK (0x1f) + +extern u8 *format_ipip_tunnel_flags (u8 * s, va_list * args); + +/** * @brief A representation of a IPIP tunnel */ typedef struct @@ -82,7 +104,8 @@ typedef struct u32 sw_if_index; u32 dev_instance; /* Real device instance in tunnel vector */ u32 user_instance; /* Instance name being shown to user */ - u8 tc_tos; + ipip_tunnel_flags_t flags; + ip_dscp_t dscp; struct { @@ -143,7 +166,8 @@ sixrd_get_addr_net (const ipip_tunnel_t * t, u64 dal) int ipip_add_tunnel (ipip_transport_t transport, u32 instance, ip46_address_t * src, ip46_address_t * dst, - u32 fib_index, u8 tc_tos, u32 * sw_if_indexp); + u32 fib_index, ipip_tunnel_flags_t flags, + ip_dscp_t dscp, u32 * sw_if_indexp); int ipip_del_tunnel (u32 sw_if_index); int sixrd_add_tunnel (ip6_address_t * ip6_prefix, u8 ip6_prefix_len, ip4_address_t * ip4_prefix, u8 ip4_prefix_len, diff --git a/src/vnet/ipip/ipip_api.c b/src/vnet/ipip/ipip_api.c index da0cb169296..47ff159b703 100644 --- a/src/vnet/ipip/ipip_api.c +++ b/src/vnet/ipip/ipip_api.c @@ -22,6 +22,7 @@ #include <vnet/ipip/ipip.h> #include <vnet/vnet.h> #include <vnet/ip/ip_types_api.h> +#include <vnet/ipip/ipip_types_api.h> #include <vnet/ipip/ipip.api_enum.h> #include <vnet/ipip/ipip.api_types.h> @@ -36,6 +37,7 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp) vl_api_ipip_add_tunnel_reply_t *rmp; int rv = 0; u32 fib_index, sw_if_index = ~0; + ipip_tunnel_flags_t flags; ip46_address_t src, dst; ip46_type_t itype[2]; @@ -54,6 +56,11 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp) goto out; } + rv = ipip_tunnel_flags_decode (mp->tunnel.flags, &flags); + + if (rv) + goto out; + fib_index = fib_table_find (fib_proto_from_ip46 (itype[0]), ntohl (mp->tunnel.table_id)); @@ -67,7 +74,8 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp) IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4), ntohl (mp->tunnel.instance), &src, &dst, - fib_index, mp->tunnel.tc_tos, &sw_if_index); + fib_index, flags, + ip_dscp_decode (mp->tunnel.dscp), &sw_if_index); } out: @@ -110,6 +118,8 @@ send_ipip_tunnel_details (ipip_tunnel_t * t, vl_api_ipip_tunnel_dump_t * mp) rmp->tunnel.table_id = htonl (ft->ft_table_id); rmp->tunnel.instance = htonl (t->user_instance); rmp->tunnel.sw_if_index = htonl (t->sw_if_index); + rmp->tunnel.dscp = ip_dscp_encode(t->dscp); + rmp->tunnel.flags = ipip_tunnel_flags_encode(t->flags); })); /* *INDENT-ON* */ } diff --git a/src/vnet/ipip/ipip_cli.c b/src/vnet/ipip/ipip_cli.c index 58f5b1c3039..e252f3a519e 100644 --- a/src/vnet/ipip/ipip_cli.c +++ b/src/vnet/ipip/ipip_cli.c @@ -82,7 +82,8 @@ static clib_error_t *create_ipip_tunnel_command_fn(vlib_main_t *vm, &src, &dst, fib_index, - 0, + IPIP_TUNNEL_FLAG_NONE, + IP_DSCP_CS0, &sw_if_index); } @@ -175,22 +176,25 @@ static u8 *format_ipip_tunnel(u8 *s, va_list *args) { fib_proto_from_ip46(type)); switch (t->mode) { case IPIP_MODE_6RD: - s = format(s, "[%d] 6rd src %U ip6-pfx %U/%d table-ID %d sw-if-idx %d ", + s = format(s, "[%d] 6rd src %U ip6-pfx %U/%d ", t->dev_instance, format_ip46_address, &t->tunnel_src, type, - format_ip6_address, &t->sixrd.ip6_prefix, t->sixrd.ip6_prefix_len, - table_id, t->sw_if_index); + format_ip6_address, &t->sixrd.ip6_prefix, t->sixrd.ip6_prefix_len); break; case IPIP_MODE_P2P: default: - s = format(s, "[%d] instance %d src %U dst %U table-ID %d sw-if-idx %d ", + s = format(s, "[%d] instance %d src %U dst %U ", t->dev_instance, t->user_instance, format_ip46_address, &t->tunnel_src, type, - format_ip46_address, &t->tunnel_dst, type, - table_id, t->sw_if_index); + format_ip46_address, &t->tunnel_dst, type); break; } + s = format(s, "table-ID %d sw-if-idx %d flags [%U] dscp %U", + table_id, t->sw_if_index, + format_ipip_tunnel_flags, t->flags, + format_ip_dscp, t->dscp); + return s; } diff --git a/src/vnet/ipip/ipip_types.api b/src/vnet/ipip/ipip_types.api new file mode 100644 index 00000000000..3e52fe74c1d --- /dev/null +++ b/src/vnet/ipip/ipip_types.api @@ -0,0 +1,33 @@ +/* Hey Emacs use -*- mode: C -*- */ +/* + * Copyright (c) 2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Flags controlling tunnel behaviour + */ +enum ipip_tunnel_flags : u8 +{ + IPIP_TUNNEL_API_FLAG_NONE = 0, + /** at encap, copy the DF bit of the payload into the tunnel header */ + IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DF = 0x1, + /** at encap, set the DF bit in the tunnel header */ + IPIP_TUNNEL_API_FLAG_ENCAP_SET_DF = 0x2, + /** at encap, copy the DSCP bits of the payload into the tunnel header */ + IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DSCP = 0x4, + /** at encap, copy the ECN bit of the payload into the tunnel header */ + IPIP_TUNNEL_API_FLAG_ENCAP_COPY_ECN = 0x8, + /** at decap, copy the ECN bit of the tunnel header into the payload */ + IPIP_TUNNEL_API_FLAG_DECAP_COPY_ECN = 0x10, +}; diff --git a/src/vnet/ipip/ipip_types_api.c b/src/vnet/ipip/ipip_types_api.c new file mode 100644 index 00000000000..5625b85af68 --- /dev/null +++ b/src/vnet/ipip/ipip_types_api.c @@ -0,0 +1,53 @@ +/* + * ipip_api.c - ipip api + * + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <vnet/api_errno.h> +#include <vnet/ipip/ipip_types_api.h> + +#include <vnet/ipip/ipip_types.api_enum.h> +#include <vnet/ipip/ipip_types.api_types.h> + + +STATIC_ASSERT (sizeof (vl_api_ipip_tunnel_flags_t) == + sizeof (ipip_tunnel_flags_t), + "IPIP tunnel API and internal flags enum size differ"); + +int +ipip_tunnel_flags_decode (vl_api_ipip_tunnel_flags_t f, + ipip_tunnel_flags_t * o) +{ + if (f & ~IPIP_TUNNEL_FLAG_MASK) + /* unknown flags set */ + return (VNET_API_ERROR_INVALID_VALUE_2); + + *o = (ipip_tunnel_flags_t) f; + return (0); +} + +vl_api_ipip_tunnel_flags_t +ipip_tunnel_flags_encode (ipip_tunnel_flags_t f) +{ + return ((vl_api_ipip_tunnel_flags_t) f); +} + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipip/ipip_types_api.h b/src/vnet/ipip/ipip_types_api.h new file mode 100644 index 00000000000..17b1f1bb210 --- /dev/null +++ b/src/vnet/ipip/ipip_types_api.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __IPIP_TYPES_API_H__ +#define __IPIP_TYPES_API_H__ + +/** + * Conversion functions to/from (decode/encode) API types to VPP internal types + */ + +#include <vnet/ipip/ipip.h> +#include <vnet/ipip/ipip.api_types.h> + +/** + * These enum decode/encodes use 'int' as the type for the enum because + * one cannot forward declare an enum + */ +extern int ipip_tunnel_flags_decode (u8 _f, ipip_tunnel_flags_t * out); +extern u8 ipip_tunnel_flags_encode (ipip_tunnel_flags_t f); + +#endif + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c index 0cea4d50895..cd26b8a8b85 100644 --- a/src/vnet/ipip/node.c +++ b/src/vnet/ipip/node.c @@ -158,9 +158,33 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node, vnet_buffer (b0)->sw_if_index[VLIB_RX] = tunnel_sw_if_index; if (inner_protocol0 == IP_PROTOCOL_IPV6) - next0 = IPIP_INPUT_NEXT_IP6_INPUT; + { + next0 = IPIP_INPUT_NEXT_IP6_INPUT; + + if (t0->flags & IPIP_TUNNEL_FLAG_DECAP_COPY_ECN) + { + if (is_ipv6) + ip6_set_ecn_network_order ((ip60 + 1), + ip6_ecn_network_order (ip60)); + else + ip6_set_ecn_network_order ((ip6_header_t *) (ip40 + 1), + ip4_header_get_ecn (ip40)); + } + } else if (inner_protocol0 == IP_PROTOCOL_IP_IN_IP) - next0 = IPIP_INPUT_NEXT_IP4_INPUT; + { + next0 = IPIP_INPUT_NEXT_IP4_INPUT; + if (t0->flags & IPIP_TUNNEL_FLAG_DECAP_COPY_ECN) + { + if (is_ipv6) + ip4_header_set_ecn_w_chksum ((ip4_header_t *) (ip60 + 1), + ip6_ecn_network_order + (ip60)); + else + ip4_header_set_ecn_w_chksum (ip40 + 1, + ip4_header_get_ecn (ip40)); + } + } if (!is_ipv6 && t0->mode == IPIP_MODE_6RD && t0->sixrd.security_check) |