add classify session action set-sr-policy-index

This allows to use the classifier to steer source routing packets instead of using the "sr steer" command. This way we can steer on anything instead of only the dst ip address. test: * add add_node_next function to the VppPapiProvider class. * add simple test scenario using the classifier to steer packets with dest ip addr == a7::/8 to the source routing insert node. * use new interface indexes (3,4) instead of (0,1) to prevent a cleanup conflict with the other tests which attach a specific fib to the interface. The test creates interfaces sepsrated from the other tests to prevent a conflict in the cleaning of the ip6 fib index 1 which causes vpp not to be able to find a default route on this table. Change-Id: Ibacb30fab3ce53f0dfe848ca6a8cdf0d111d8336 Signed-off-by: Gabriel Ganne <gabriel.ganne@enea.com>
author: Gabriel Ganne <gabriel.ganne@enea.com> 2017-10-02 11:41:24 +0200
committer: Damjan Marion <dmarion.lists@gmail.com> 2017-11-10 20:25:10 +0000
commit: 8527f12b525181b47cc7c0c9e943a743b1a3b19e (patch)
tree: a4a407a2d1b25fc42f80ff06b952271a72f60025 /src/vnet
parent: f616d10d04d5c444e20e617841a54cfb2c58d07d (diff)
5 files changed, 41 insertions, 1 deletions
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api
index de9de773858..9d666ee35a5 100644
--- a/src/vnet/classify/classify.api
+++ b/src/vnet/classify/classify.api
@@ -90,8 +90,13 @@ define classify_add_del_table_reply
            2: Classified IP packets will be looked up from the
               specified ipv6 fib table (configured by metadata as VRF id).
               Only valid for L3 input ACL node
+           3: Classified packet will be steered to source routig policy
+              of given index (in metadata).
+              This is only valid for IPv6 packets redirected to a source
+              routing node.
     @param metadata - valid only if action != 0
            VRF id if action is 1 or 2.
+           sr policy index if action is 3.
     @param match[] - for add, match value for session, required
 */
 autoreply define classify_add_del_session
diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c
index f2fe23b3231..d634550bafd 100644
--- a/src/vnet/classify/vnet_classify.c
+++ b/src/vnet/classify/vnet_classify.c
@@ -373,6 +373,8 @@ vnet_classify_entry_claim_resource (vnet_classify_entry_t *e)
     case CLASSIFY_ACTION_SET_IP6_FIB_INDEX:
         fib_table_lock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY);
         break;
+    case CLASSIFY_ACTION_SET_SR_POLICY_INDEX:
+        break;
     }
 }
 
@@ -387,6 +389,8 @@ vnet_classify_entry_release_resource (vnet_classify_entry_t *e)
     case CLASSIFY_ACTION_SET_IP6_FIB_INDEX:
         fib_table_unlock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY);
         break;
+    case CLASSIFY_ACTION_SET_SR_POLICY_INDEX:
+        break;
     }
 }
 
@@ -2104,6 +2108,8 @@ int vnet_classify_add_del_session (vnet_classify_main_t * cm,
     e->metadata = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
                                                      metadata,
                                                      FIB_SOURCE_CLASSIFY);
+  else if (e->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX)
+    e->metadata = metadata;
   else
     e->metadata = 0;
 
@@ -2172,6 +2178,8 @@ classify_session_command_fn (vlib_main_t * vm,
         action = 1;
       else if (unformat (input, "action set-ip6-fib-id %d", &metadata))
         action = 2;
+      else if (unformat (input, "action set-sr-policy-index %d", &metadata))
+        action = 3;
       else
         {
           /* Try registered opaque-index unformat fns */
@@ -2217,7 +2225,7 @@ VLIB_CLI_COMMAND (classify_session_command, static) = {
     "classify session [hit-next|l2-hit-next|"
     "acl-hit-next <next_index>|policer-hit-next <policer_name>]"
     "\n table-index <nn> match [hex] [l2] [l3 ip4] [opaque-index <index>]"
-    "\n [action set-ip4-fib-id <n>] [action set-ip6-fib-id <n>] [del]",
+    "\n [action set-ip4-fib-id|set-ip6-fib-id|set-sr-policy-index <n>] [del]",
     .function = classify_session_command_fn,
 };
 
diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h
index 1eb5b14d024..c4a5a61364c 100644
--- a/src/vnet/classify/vnet_classify.h
+++ b/src/vnet/classify/vnet_classify.h
@@ -66,6 +66,7 @@ typedef enum vnet_classify_action_t_
 {
   CLASSIFY_ACTION_SET_IP4_FIB_INDEX = 1,
   CLASSIFY_ACTION_SET_IP6_FIB_INDEX = 2,
+  CLASSIFY_ACTION_SET_SR_POLICY_INDEX = 3,
 } __attribute__ ((packed)) vnet_classify_action_t;
 
 struct _vnet_classify_main;
diff --git a/src/vnet/ip/ip_input_acl.c b/src/vnet/ip/ip_input_acl.c
index b0b52ab11c3..1dd5317ee24 100644
--- a/src/vnet/ip/ip_input_acl.c
+++ b/src/vnet/ip/ip_input_acl.c
@@ -288,6 +288,8 @@ ip_inacl_inline (vlib_main_t * vm,
 		  if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX ||
 		      e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
 		    vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata;
+		  else if (e0->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX)
+		    vnet_buffer (b0)->ip.adj_index[VLIB_TX] = e0->metadata;
 		}
 	      else
 		{
diff --git a/src/vnet/srv6/sr_steering.md b/src/vnet/srv6/sr_steering.md
index cf446f8171e..7e91892e0bc 100644
--- a/src/vnet/srv6/sr_steering.md
+++ b/src/vnet/srv6/sr_steering.md
@@ -1,5 +1,7 @@
 # Steering packets into a SR Policy     {#srv6_steering_doc}
 
+## steer packets uging the sr steering policy
+
 To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L2 behaviors), the user needs to create an 'sr steering policy'.
 
     sr steer l3 2001::/64 via sr policy index 1
@@ -9,3 +11,25 @@ To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L
     sr steer l2 TenGE0/1/0 via sr policy bsid cafe::1
 
 Disclaimer: The T.Encaps.L2 will steer L2 frames into an SR Policy. Notice that creating an SR steering policy for L2 frames will actually automatically *put the interface into promiscous mode*.
+
+## steer packets using the classifier
+
+Another way to steer packet is to use the classifier.
+
+First the user need to manually add the source routing node to the list of the
+ip6-inacl next nodes.
+Using the python api this can be donne with:
+
+    # jsonfiles = get list of json api files
+    vpp = VPP(jsonfiles)
+    vpp.add_node_next(node_name='ip6-inacl', next_name='sr-pl-rewrite-insert')
+
+Below is a classifier mask filtering all the packets from the interface
+TenGigabitEthernet5/0/0 on ip version and moving all ipv6 packets to the
+sr-pl-rewrite-insert node (dropping the others) and applying the source routing
+index 2.
+In essence, this means "apply this sr policy to all the packets from this interface)
+
+    vpp# classify table miss-next 0 current-data-flag 1  mask hex f000000000000000 skip 0
+    vpp# classify session acl-hit-next 1 table-index 0 match hex 6000000000000000 action set-sr-policy-index 2
+    vpp# set interface input acl intfc TenGigabitEthernet5/0/0 ip6-table 0
author	Gabriel Ganne <gabriel.ganne@enea.com>	2017-10-02 11:41:24 +0200
committer	Damjan Marion <dmarion.lists@gmail.com>	2017-11-10 20:25:10 +0000
commit	8527f12b525181b47cc7c0c9e943a743b1a3b19e (patch)
tree	a4a407a2d1b25fc42f80ff06b952271a72f60025 /src/vnet
parent	f616d10d04d5c444e20e617841a54cfb2c58d07d (diff)