diff options
author | Neale Ranns <neale.ranns@cisco.com> | 2018-04-24 07:45:33 -0700 |
---|---|---|
committer | Damjan Marion <dmarion.lists@gmail.com> | 2018-04-25 14:00:46 +0000 |
commit | 4a6d02337b9058182172f19df894ad2e18e6ac68 (patch) | |
tree | 60e1da4bfef3226dcac74c1c041e4387e2a0120e /src | |
parent | 99ed486d1edf5d3eb6550179f3c379b1e9d4cafe (diff) |
GBPv6: NAT66 actions for GBP
Change-Id: I379150a88f2d53d6281be41e8bad6fc4f4e88a71
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/gbp/gbp_policy_dpo.c | 13 | ||||
-rw-r--r-- | src/vnet/fib/fib_path.c | 2 | ||||
-rw-r--r-- | src/vpp-api/vom/nat_binding.cpp | 66 | ||||
-rw-r--r-- | src/vpp-api/vom/nat_binding_cmds.cpp | 120 | ||||
-rw-r--r-- | src/vpp-api/vom/nat_binding_cmds.hpp | 118 |
5 files changed, 185 insertions, 134 deletions
diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c index bfe5974f807..0f62fb3445d 100644 --- a/src/plugins/gbp/gbp_policy_dpo.c +++ b/src/plugins/gbp/gbp_policy_dpo.c @@ -92,6 +92,16 @@ gbp_policy_dpo_unlock (dpo_id_t * dpo) } } +static u32 +gbp_policy_dpo_get_urpf (const dpo_id_t * dpo) +{ + gbp_policy_dpo_t *gpd; + + gpd = gbp_policy_dpo_get_from_dpo (dpo); + + return (gpd->gpd_sw_if_index); +} + void gbp_policy_dpo_add_or_lock (dpo_proto_t dproto, epg_id_t epg, u32 sw_if_index, dpo_id_t * dpo) @@ -138,6 +148,7 @@ const static dpo_vft_t gbp_policy_dpo_vft = { .dv_lock = gbp_policy_dpo_lock, .dv_unlock = gbp_policy_dpo_unlock, .dv_format = format_gbp_policy_dpo, + .dv_get_urpf = gbp_policy_dpo_get_urpf, }; /** @@ -499,7 +510,7 @@ VLIB_NODE_FUNCTION_MULTIARCH (gbp_ip4_lpm_classify_node, gbp_ip4_lpm_classify); VLIB_REGISTER_NODE (gbp_ip6_lpm_classify_node) = { .function = gbp_ip6_lpm_classify, - .name = "ip6-gpb-lpm-classify", + .name = "ip6-gbp-lpm-classify", .vector_size = sizeof (u32), .format_trace = format_gbp_classify_trace, .type = VLIB_NODE_TYPE_INTERNAL, diff --git a/src/vnet/fib/fib_path.c b/src/vnet/fib/fib_path.c index e974e31e959..687e7167312 100644 --- a/src/vnet/fib/fib_path.c +++ b/src/vnet/fib/fib_path.c @@ -2072,7 +2072,7 @@ fib_path_get_resolving_interface (fib_node_index_t path_index) case FIB_PATH_TYPE_BIER_IMP: break; } - return (~0); + return (dpo_get_urpf(&path->fp_dpo)); } index_t diff --git a/src/vpp-api/vom/nat_binding.cpp b/src/vpp-api/vom/nat_binding.cpp index eca3f9041f0..64b7a1007ac 100644 --- a/src/vpp-api/vom/nat_binding.cpp +++ b/src/vpp-api/vom/nat_binding.cpp @@ -85,11 +85,20 @@ nat_binding::sweep() { if (m_binding) { if (direction_t::INPUT == m_dir) { - HW::enqueue(new nat_binding_cmds::unbind_44_input_cmd( - m_binding, m_itf->handle(), m_zone)); + if (l3_proto_t::IPV4 == m_proto) { + HW::enqueue(new nat_binding_cmds::unbind_44_input_cmd( + m_binding, m_itf->handle(), m_zone)); + } else { + HW::enqueue(new nat_binding_cmds::unbind_66_input_cmd( + m_binding, m_itf->handle(), m_zone)); + } } else { - HW::enqueue(new nat_binding_cmds::unbind_44_output_cmd( - m_binding, m_itf->handle(), m_zone)); + if (l3_proto_t::IPV4 == m_proto) { + HW::enqueue(new nat_binding_cmds::unbind_44_output_cmd( + m_binding, m_itf->handle(), m_zone)); + } else { + VOM_LOG(log_level_t::ERROR) << "NAT 66 output feature not supported"; + } } } HW::write(); @@ -100,11 +109,20 @@ nat_binding::replay() { if (m_binding) { if (direction_t::INPUT == m_dir) { - HW::enqueue(new nat_binding_cmds::bind_44_input_cmd( - m_binding, m_itf->handle(), m_zone)); + if (l3_proto_t::IPV4 == m_proto) { + HW::enqueue(new nat_binding_cmds::bind_44_input_cmd( + m_binding, m_itf->handle(), m_zone)); + } else { + HW::enqueue(new nat_binding_cmds::bind_66_input_cmd( + m_binding, m_itf->handle(), m_zone)); + } } else { - HW::enqueue(new nat_binding_cmds::bind_44_output_cmd( - m_binding, m_itf->handle(), m_zone)); + if (l3_proto_t::IPV4 == m_proto) { + HW::enqueue(new nat_binding_cmds::bind_44_output_cmd( + m_binding, m_itf->handle(), m_zone)); + } else { + VOM_LOG(log_level_t::ERROR) << "NAT 66 output feature not supported"; + } } } } @@ -117,11 +135,20 @@ nat_binding::update(const nat_binding& desired) */ if (!m_binding) { if (direction_t::INPUT == m_dir) { - HW::enqueue(new nat_binding_cmds::bind_44_input_cmd( - m_binding, m_itf->handle(), m_zone)); + if (l3_proto_t::IPV4 == m_proto) { + HW::enqueue(new nat_binding_cmds::bind_44_input_cmd( + m_binding, m_itf->handle(), m_zone)); + } else { + HW::enqueue(new nat_binding_cmds::bind_66_input_cmd( + m_binding, m_itf->handle(), m_zone)); + } } else { - HW::enqueue(new nat_binding_cmds::bind_44_output_cmd( - m_binding, m_itf->handle(), m_zone)); + if (l3_proto_t::IPV4 == m_proto) { + HW::enqueue(new nat_binding_cmds::bind_44_output_cmd( + m_binding, m_itf->handle(), m_zone)); + } else { + VOM_LOG(log_level_t::ERROR) << "NAT 66 output feature not supported"; + } } } } @@ -214,6 +241,21 @@ nat_binding::event_handler::handle_populate(const client_db::key_t& key) zone_t::from_vpp(payload.is_inside)); OM::commit(key, nb); } + + std::shared_ptr<nat_binding_cmds::dump_input_66_cmd> i6cmd = + std::make_shared<nat_binding_cmds::dump_input_66_cmd>(); + + HW::enqueue(i6cmd); + HW::write(); + + for (auto& record : *i6cmd) { + auto& payload = record.get_payload(); + + std::shared_ptr<interface> itf = interface::find(payload.sw_if_index); + nat_binding nb(*itf, direction_t::INPUT, l3_proto_t::IPV6, + zone_t::from_vpp(payload.is_inside)); + OM::commit(key, nb); + } } dependency_t diff --git a/src/vpp-api/vom/nat_binding_cmds.cpp b/src/vpp-api/vom/nat_binding_cmds.cpp index 66b2827abc2..4d98268249a 100644 --- a/src/vpp-api/vom/nat_binding_cmds.cpp +++ b/src/vpp-api/vom/nat_binding_cmds.cpp @@ -214,7 +214,7 @@ dump_input_44_cmd::issue(connection& con) std::string dump_input_44_cmd::to_string() const { - return ("nat-input-binding-dump"); + return ("nat-44-input-binding-dump"); } dump_output_44_cmd::dump_output_44_cmd() @@ -246,7 +246,123 @@ dump_output_44_cmd::issue(connection& con) std::string dump_output_44_cmd::to_string() const { - return ("nat-output-binding-dump"); + return ("nat-44-output-binding-dump"); +} + +bind_66_input_cmd::bind_66_input_cmd(HW::item<bool>& item, + const handle_t& itf, + const nat_binding::zone_t& zone) + : rpc_cmd(item) + , m_itf(itf) + , m_zone(zone) +{ +} + +bool +bind_66_input_cmd::operator==(const bind_66_input_cmd& other) const +{ + return ((m_itf == other.m_itf) && (m_zone == other.m_zone)); +} + +rc_t +bind_66_input_cmd::issue(connection& con) +{ + msg_t req(con.ctx(), std::ref(*this)); + + auto& payload = req.get_request().get_payload(); + payload.is_add = 1; + payload.is_inside = (nat_binding::zone_t::INSIDE == m_zone ? 1 : 0); + payload.sw_if_index = m_itf.value(); + + VAPI_CALL(req.execute()); + + m_hw_item.set(wait()); + + return rc_t::OK; +} + +std::string +bind_66_input_cmd::to_string() const +{ + std::ostringstream s; + s << "nat-66-input-binding-create: " << m_hw_item.to_string() + << " itf:" << m_itf << " " << m_zone.to_string(); + + return (s.str()); +} + +unbind_66_input_cmd::unbind_66_input_cmd(HW::item<bool>& item, + const handle_t& itf, + const nat_binding::zone_t& zone) + : rpc_cmd(item) + , m_itf(itf) + , m_zone(zone) +{ +} + +bool +unbind_66_input_cmd::operator==(const unbind_66_input_cmd& other) const +{ + return ((m_itf == other.m_itf) && (m_zone == other.m_zone)); +} + +rc_t +unbind_66_input_cmd::issue(connection& con) +{ + msg_t req(con.ctx(), std::ref(*this)); + + auto& payload = req.get_request().get_payload(); + payload.is_add = 0; + payload.is_inside = (nat_binding::zone_t::INSIDE == m_zone ? 1 : 0); + payload.sw_if_index = m_itf.value(); + + VAPI_CALL(req.execute()); + + m_hw_item.set(wait()); + + return rc_t::OK; +} + +std::string +unbind_66_input_cmd::to_string() const +{ + std::ostringstream s; + s << "nat-66-input-binding-create: " << m_hw_item.to_string() + << " itf:" << m_itf << " " << m_zone.to_string(); + + return (s.str()); +} + +dump_input_66_cmd::dump_input_66_cmd() +{ +} + +dump_input_66_cmd::dump_input_66_cmd(const dump_input_66_cmd& d) +{ +} + +bool +dump_input_66_cmd::operator==(const dump_input_66_cmd& other) const +{ + return (true); +} + +rc_t +dump_input_66_cmd::issue(connection& con) +{ + m_dump.reset(new msg_t(con.ctx(), std::ref(*this))); + + VAPI_CALL(m_dump->execute()); + + wait(); + + return rc_t::OK; +} + +std::string +dump_input_66_cmd::to_string() const +{ + return ("nat-66-input-binding-dump"); } }; // namespace nat_binding_cmds diff --git a/src/vpp-api/vom/nat_binding_cmds.hpp b/src/vpp-api/vom/nat_binding_cmds.hpp index 1b51192a73c..aa5a200515e 100644 --- a/src/vpp-api/vom/nat_binding_cmds.hpp +++ b/src/vpp-api/vom/nat_binding_cmds.hpp @@ -337,90 +337,6 @@ private: }; /** - * A functor class that binds a NAT configuration to an output interface - */ -/* class bind_66_output_cmd */ -/* : public rpc_cmd<HW::item<bool>, */ -/* rc_t, */ -/* vapi::Nat66_interface_add_del_output_feature> */ -/* { */ -/* public: */ -/* /\** */ -/* * Constructor */ -/* *\/ */ -/* bind_66_output_cmd(HW::item<bool>& item, */ -/* const handle_t& itf, */ -/* const nat_binding::zone_t& zone); */ - -/* /\** */ -/* * Issue the command to VPP/HW */ -/* *\/ */ -/* rc_t issue(connection& con); */ -/* /\** */ -/* * convert to string format for debug purposes */ -/* *\/ */ -/* std::string to_string() const; */ - -/* /\** */ -/* * Comparison operator - only used for UT */ -/* *\/ */ -/* bool operator==(const bind_66_output_cmd& i) const; */ - -/* private: */ -/* /\** */ -/* * The interface to bind */ -/* *\/ */ -/* const handle_t m_itf; */ - -/* /\** */ -/* * The zone the interface is in */ -/* *\/ */ -/* const nat_binding::zone_t m_zone; */ -/* }; */ - -/* /\** */ -/* * A cmd class that unbinds a NAT configuration from an output interface */ -/* *\/ */ -/* class unbind_66_output_cmd */ -/* : public rpc_cmd<HW::item<bool>, */ -/* rc_t, */ -/* vapi::Nat66_interface_add_del_output_feature> */ -/* { */ -/* public: */ -/* /\** */ -/* * Constructor */ -/* *\/ */ -/* unbind_66_output_cmd(HW::item<bool>& item, */ -/* const handle_t& itf, */ -/* const nat_binding::zone_t& zone); */ - -/* /\** */ -/* * Issue the command to VPP/HW */ -/* *\/ */ -/* rc_t issue(connection& con); */ -/* /\** */ -/* * convert to string format for debug purposes */ -/* *\/ */ -/* std::string to_string() const; */ - -/* /\** */ -/* * Comparison operator - only used for UT */ -/* *\/ */ -/* bool operator==(const unbind_66_output_cmd& i) const; */ - -/* private: */ -/* /\** */ -/* * The interface to bind */ -/* *\/ */ -/* const handle_t m_itf; */ - -/* /\** */ -/* * The zone the interface is in */ -/* *\/ */ -/* const nat_binding::zone_t m_zone; */ -/* }; */ - -/** * A cmd class that Dumps all the nat_statics */ class dump_input_66_cmd : public dump_cmd<vapi::Nat66_interface_dump> @@ -453,40 +369,6 @@ private: HW::item<bool> item; }; -/** - * A cmd class that Dumps all the nat_statics - */ -/* class dump_output_66_cmd */ -/* : public dump_cmd<vapi::Nat66_interface_output_feature_dump> */ -/* { */ -/* public: */ -/* /\** */ -/* * Constructor */ -/* *\/ */ -/* dump_output_66_cmd(); */ -/* dump_output_66_cmd(const dump_output_66_cmd& d); */ - -/* /\** */ -/* * Issue the command to VPP/HW */ -/* *\/ */ -/* rc_t issue(connection& con); */ -/* /\** */ -/* * convert to string format for debug purposes */ -/* *\/ */ -/* std::string to_string() const; */ - -/* /\** */ -/* * Comparison operator - only used for UT */ -/* *\/ */ -/* bool operator==(const dump_output_66_cmd& i) const; */ - -/* private: */ -/* /\** */ -/* * HW reutrn code */ -/* *\/ */ -/* HW::item<bool> item; */ -/* }; */ - }; // namespace nat_binding_cmds }; // namespace VOM |