summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorFrancois Clad <fclad@cisco.com>2018-01-17 16:08:41 +0100
committerFlorin Coras <florin.coras@gmail.com>2018-01-25 03:22:17 +0000
commit39d91fe248c13699cf58652a1ae40b3a267a049a (patch)
tree2427cfc4589f0910a11cf4bcf31a69520feefef6 /src
parent28227ad31625d780cf759bcf9107314af5dc578f (diff)
SRv6 masquerading proxy plugin
Change-Id: Ia65cf2c7b7fdf84c64e60af4cc815251022c53a9 Signed-off-by: Francois Clad <fclad@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/configure.ac1
-rw-r--r--src/plugins/Makefile.am4
-rw-r--r--src/plugins/srv6-am/am.c249
-rw-r--r--src/plugins/srv6-am/am.h67
-rw-r--r--src/plugins/srv6-am/am_plugin_doc.md91
-rw-r--r--src/plugins/srv6-am/node.c355
-rw-r--r--src/plugins/srv6_am.am22
7 files changed, 789 insertions, 0 deletions
diff --git a/src/configure.ac b/src/configure.ac
index 949901c7518..80a0fb0ad59 100644
--- a/src/configure.ac
+++ b/src/configure.ac
@@ -221,6 +221,7 @@ PLUGIN_ENABLED(marvell)
PLUGIN_ENABLED(memif)
PLUGIN_ENABLED(pppoe)
PLUGIN_ENABLED(sixrd)
+PLUGIN_ENABLED(srv6am)
PLUGIN_ENABLED(srv6as)
PLUGIN_ENABLED(nat)
PLUGIN_ENABLED(stn)
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am
index 1e3f8764218..589262e23df 100644
--- a/src/plugins/Makefile.am
+++ b/src/plugins/Makefile.am
@@ -83,6 +83,10 @@ if ENABLE_SIXRD_PLUGIN
include sixrd.am
endif
+if ENABLE_SRV6AM_PLUGIN
+include srv6_am.am
+endif
+
if ENABLE_SRV6AS_PLUGIN
include srv6_as.am
endif
diff --git a/src/plugins/srv6-am/am.c b/src/plugins/srv6-am/am.c
new file mode 100644
index 00000000000..877b1b3c116
--- /dev/null
+++ b/src/plugins/srv6-am/am.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (c) 2015 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ *------------------------------------------------------------------
+ * am.c - SRv6 Masquerading Proxy (AM) function
+ *------------------------------------------------------------------
+ */
+
+#include <vnet/vnet.h>
+#include <vnet/adj/adj.h>
+#include <vnet/plugin/plugin.h>
+#include <vpp/app/version.h>
+#include <srv6-am/am.h>
+
+unsigned char function_name[] = "SRv6-AM-plugin";
+unsigned char keyword_str[] = "End.AM";
+unsigned char def_str[] = "Endpoint to SR-unaware appliance via masquerading";
+unsigned char params_str[] = "nh <next-hop> oif <iface-out> iif <iface-in>";
+
+
+/*****************************************/
+/* SRv6 LocalSID instantiation and removal functions */
+static int
+srv6_am_localsid_creation_fn (ip6_sr_localsid_t * localsid)
+{
+ srv6_am_main_t *sm = &srv6_am_main;
+ srv6_am_localsid_t *ls_mem = localsid->plugin_mem;
+ adj_index_t nh_adj_index = ADJ_INDEX_INVALID;
+
+ /* Step 1: Prepare xconnect adjacency for sending packets to the VNF */
+
+ /* Retrieve the adjacency corresponding to the (OIF, next_hop) */
+ nh_adj_index = adj_nbr_add_or_lock (FIB_PROTOCOL_IP6,
+ VNET_LINK_IP6, &ls_mem->nh_addr,
+ ls_mem->sw_if_index_out);
+ if (nh_adj_index == ADJ_INDEX_INVALID)
+ return -5;
+
+ localsid->nh_adj = nh_adj_index;
+
+
+ /* Step 2: Prepare inbound policy for packets returning from the VNF */
+
+ /* Sanitise the SW_IF_INDEX */
+ if (pool_is_free_index (sm->vnet_main->interface_main.sw_interfaces,
+ ls_mem->sw_if_index_in))
+ return -3;
+
+ vnet_sw_interface_t *sw = vnet_get_sw_interface (sm->vnet_main,
+ ls_mem->sw_if_index_in);
+ if (sw->type != VNET_SW_INTERFACE_TYPE_HARDWARE)
+ return -3;
+
+ int ret = vnet_feature_enable_disable ("ip6-unicast", "srv6-am-rewrite",
+ ls_mem->sw_if_index_in, 1, 0, 0);
+ if (ret != 0)
+ return -1;
+
+ return 0;
+}
+
+static int
+srv6_am_localsid_removal_fn (ip6_sr_localsid_t * localsid)
+{
+ srv6_am_localsid_t *ls_mem = localsid->plugin_mem;
+
+ /* Remove hardware indirection (from sr_steering.c:137) */
+ int ret = vnet_feature_enable_disable ("ip6-unicast", "srv6-am-rewrite",
+ ls_mem->sw_if_index_in, 0, 0, 0);
+ if (ret != 0)
+ return -1;
+
+ /* Unlock (OIF, NHOP) adjacency (from sr_localsid.c:103) */
+ adj_unlock (localsid->nh_adj);
+
+ /* Clean up local SID memory */
+ clib_mem_free (localsid->plugin_mem);
+
+ return 0;
+}
+
+/**********************************/
+/* SRv6 LocalSID format functions */
+/*
+ * Prints nicely the parameters of a localsid
+ * Example: print "Table 5"
+ */
+u8 *
+format_srv6_am_localsid (u8 * s, va_list * args)
+{
+ srv6_am_localsid_t *ls_mem = va_arg (*args, void *);
+
+ vnet_main_t *vnm = vnet_get_main ();
+
+ return (format (s,
+ "Next-hop:\t%U\n"
+ "\tOutgoing iface: %U\n"
+ "\tIncoming iface: %U",
+ format_ip6_address, &ls_mem->nh_addr.ip6,
+ format_vnet_sw_if_index_name, vnm, ls_mem->sw_if_index_out,
+ format_vnet_sw_if_index_name, vnm, ls_mem->sw_if_index_in));
+}
+
+/*
+ * Process the parameters of a localsid
+ * Example: process from:
+ * sr localsid address cafe::1 behavior new_srv6_localsid 5
+ * everything from behavior on... so in this case 'new_srv6_localsid 5'
+ * Notice that it MUST match the keyword_str and params_str defined above.
+ */
+uword
+unformat_srv6_am_localsid (unformat_input_t * input, va_list * args)
+{
+ void **plugin_mem_p = va_arg (*args, void **);
+ srv6_am_localsid_t *ls_mem;
+
+ vnet_main_t *vnm = vnet_get_main ();
+
+ ip46_address_t nh_addr;
+ u32 sw_if_index_out;
+ u32 sw_if_index_in;
+
+ if (unformat (input, "end.am nh %U oif %U iif %U",
+ unformat_ip6_address, &nh_addr.ip6,
+ unformat_vnet_sw_interface, vnm, &sw_if_index_out,
+ unformat_vnet_sw_interface, vnm, &sw_if_index_in))
+ {
+ /* Allocate a portion of memory */
+ ls_mem = clib_mem_alloc_aligned_at_offset (sizeof *ls_mem, 0, 0, 1);
+
+ /* Set to zero the memory */
+ memset (ls_mem, 0, sizeof *ls_mem);
+
+ /* Our brand-new car is ready */
+ clib_memcpy (&ls_mem->nh_addr.ip6, &nh_addr.ip6,
+ sizeof (ip6_address_t));
+ ls_mem->sw_if_index_out = sw_if_index_out;
+ ls_mem->sw_if_index_in = sw_if_index_in;
+
+ /* Dont forget to add it to the localsid */
+ *plugin_mem_p = ls_mem;
+ return 1;
+ }
+ return 0;
+}
+
+/*************************/
+/* SRv6 LocalSID FIB DPO */
+static u8 *
+format_srv6_am_dpo (u8 * s, va_list * args)
+{
+ index_t index = va_arg (*args, index_t);
+ CLIB_UNUSED (u32 indent) = va_arg (*args, u32);
+
+ return (format (s, "SR: dynamic_proxy_index:[%u]", index));
+}
+
+void
+srv6_am_dpo_lock (dpo_id_t * dpo)
+{
+}
+
+void
+srv6_am_dpo_unlock (dpo_id_t * dpo)
+{
+}
+
+const static dpo_vft_t srv6_am_vft = {
+ .dv_lock = srv6_am_dpo_lock,
+ .dv_unlock = srv6_am_dpo_unlock,
+ .dv_format = format_srv6_am_dpo,
+};
+
+const static char *const srv6_am_ip6_nodes[] = {
+ "srv6-am-localsid",
+ NULL,
+};
+
+const static char *const *const srv6_am_nodes[DPO_PROTO_NUM] = {
+ [DPO_PROTO_IP6] = srv6_am_ip6_nodes,
+};
+
+/**********************/
+static clib_error_t *
+srv6_am_init (vlib_main_t * vm)
+{
+ srv6_am_main_t *sm = &srv6_am_main;
+ int rv = 0;
+
+ sm->vlib_main = vm;
+ sm->vnet_main = vnet_get_main ();
+
+ /* Create DPO */
+ sm->srv6_am_dpo_type = dpo_register_new_type (&srv6_am_vft, srv6_am_nodes);
+
+ /* Register SRv6 LocalSID */
+ rv = sr_localsid_register_function (vm,
+ function_name,
+ keyword_str,
+ def_str,
+ params_str,
+ &sm->srv6_am_dpo_type,
+ format_srv6_am_localsid,
+ unformat_srv6_am_localsid,
+ srv6_am_localsid_creation_fn,
+ srv6_am_localsid_removal_fn);
+ if (rv < 0)
+ clib_error_return (0, "SRv6 LocalSID function could not be registered.");
+ else
+ sm->srv6_localsid_behavior_id = rv;
+
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VNET_FEATURE_INIT (srv6_am_rewrite, static) =
+{
+ .arc_name = "ip6-unicast",
+ .node_name = "srv6-am-rewrite",
+ .runs_before = 0,
+};
+
+VLIB_INIT_FUNCTION (srv6_am_init);
+
+VLIB_PLUGIN_REGISTER () = {
+ .version = VPP_BUILD_VER,
+ .description = "Masquerading SRv6 proxy",
+};
+/* *INDENT-ON* */
+
+/*
+* fd.io coding-style-patch-verification: ON
+*
+* Local Variables:
+* eval: (c-set-style "gnu")
+* End:
+*/
diff --git a/src/plugins/srv6-am/am.h b/src/plugins/srv6-am/am.h
new file mode 100644
index 00000000000..f9c8ba4479a
--- /dev/null
+++ b/src/plugins/srv6-am/am.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2015 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef __included_srv6_am_h__
+#define __included_srv6_am_h__
+
+#include <vnet/vnet.h>
+#include <vnet/ip/ip.h>
+#include <vnet/srv6/sr.h>
+#include <vnet/srv6/sr_packet.h>
+
+#include <vppinfra/error.h>
+#include <vppinfra/elog.h>
+
+typedef struct
+{
+ u16 msg_id_base; /**< API message ID base */
+
+ vlib_main_t *vlib_main; /**< [convenience] vlib main */
+ vnet_main_t *vnet_main; /**< [convenience] vnet main */
+
+ dpo_type_t srv6_am_dpo_type; /**< DPO type */
+
+ u32 srv6_localsid_behavior_id; /**< SRv6 LocalSID behavior number */
+} srv6_am_main_t;
+
+/*
+ * This is the memory that will be stored per each localsid
+ * the user instantiates
+ */
+typedef struct
+{
+ ip46_address_t nh_addr; /**< Proxied device address */
+ u32 sw_if_index_out; /**< Outgoing iface to proxied device */
+ u32 sw_if_index_in; /**< Incoming iface from proxied device */
+} srv6_am_localsid_t;
+
+srv6_am_main_t srv6_am_main;
+
+format_function_t format_srv6_am_localsid;
+unformat_function_t unformat_srv6_am_localsid;
+
+void srv6_am_dpo_lock (dpo_id_t * dpo);
+void srv6_am_dpo_unlock (dpo_id_t * dpo);
+
+extern vlib_node_registration_t srv6_am_localsid_node;
+
+#endif /* __included_srv6_am_h__ */
+
+/*
+* fd.io coding-style-patch-verification: ON
+*
+* Local Variables:
+* eval: (c-set-style "gnu")
+* End:
+*/
diff --git a/src/plugins/srv6-am/am_plugin_doc.md b/src/plugins/srv6-am/am_plugin_doc.md
new file mode 100644
index 00000000000..d5d18cf99f6
--- /dev/null
+++ b/src/plugins/srv6-am/am_plugin_doc.md
@@ -0,0 +1,91 @@
+# SRv6 endpoint to SR-unaware appliance via masquerading (End.AM) {#srv6_am_plugin_doc}
+
+## Overview
+
+The "Endpoint to SR-unaware appliance via masquerading" (End.AM) is a two-parts
+function for processing SRv6 **inserted** traffic on behalf of an SR-unaware
+appliance. The first part decrements the Segments Left value and **replaces the
+IPv6 Destination Address with the last segment in the SRH**, while the second
+restores the IPv6 Destination Address with the active segment in the traffic
+coming back from the appliance.
+
+In this scenario, we assume that the appliance can only inspect, drop or perform
+limited changes to the packets. In particular, the appliance must not change the
+IP Destination Address of the packet, terminate a transport connection nor
+generate arbitrary packets. For example, Firewalls, Intrusion Detection Systems,
+Deep Packet Inspectors are among the appliances that can be supported in this
+scenario.
+
+## Pseudo-code
+
+When instantiating an End.AM SID, the following parameters are required:
+
+- APP-ADDR: IP or Ethernet address of the appliance
+- IFACE-OUT: local interface for sending traffic towards the appliance
+- IFACE-IN: local interface receiving the traffic coming back from the appliance
+
+Packets can be sent to and received from an appliance on the same interface
+(IFACE-IN = IFACE-OUT).
+
+### Masquerading
+
+Upon receiving a packet destined to S, where S is a local End.AM SID, a node N
+does:
+
+ IF NH=SRH & SL > 0 THEN ;; Ref1
+ Decrement SL
+ Write the last SID in the DA
+ Forward the packet on IFACE-OUT
+ ELSE
+ Drop the packet
+
+**Ref1:** an End.AM must not be the last SID.
+
+### De-masquerading
+
+Upon receiving a non-link-local IPv6 packet on IFACE-IN, a node N does:
+
+ IF NH=SRH THEN
+ Replace IP DA with SRH[SL]
+ Lookup DA in the appropriate table and proceed accordingly
+
+De-masquerading is a policy attached to IFACE-IN that intercepts all packets
+coming back from the appliance and restores the destination address. This
+occurs before any lookup on the packet destination address (e.g. in "My Local
+SIDs" table or in the FIB) is performed.
+
+## Benefits
+
+The End.AM masquerading function brings the following benefits:
+
+1. The appliance receives a packet with the source and destination addresses
+respectively set as the original source and the final destination.
+2. The appliance does not try and inspect the SRH, as RFC2460 specifies that
+routing extension headers are not examined or processed by transit nodes.
+
+## Limitations
+
+An End.AM SID may be present in any number of segment lists at the same time.
+
+However, since the returning traffic from the appliance is processed based on
+the receiving interface (IFACE-IN), this interface may only be bound to a single
+End.AM SID at a time.
+
+In the case of a bi-directional service chain, the same End.AM SID and receiving
+interface (IFACE-IN) may be used in both directions.
+
+## Configuration
+
+The following CLI instantiates a new End.AM segment that sends masqueraded
+traffic on interface `IFACE-OUT` towards an appliance at address `APP-ADDR` and
+restores the active segment in the IPv6 header of the packets coming back on
+interface `IFACE-IN`.
+
+ sr localsid address SID behavior end.am nh APP-ADDR oif IFACE-OUT iif IFACE-IN
+
+For example, the following command configures the SID `1::A1` with an End.AM
+function for sending traffic on interface `GigabitEthernet0/8/0` to the appliance at
+address `A1::`, and receiving it back on interface `GigabitEthernet0/9/0`.
+
+ sr localsid address 1::A1 behavior end.am nh A1:: oif GigabitEthernet0/8/0 iif GigabitEthernet0/9/0
+
diff --git a/src/plugins/srv6-am/node.c b/src/plugins/srv6-am/node.c
new file mode 100644
index 00000000000..8643aa42532
--- /dev/null
+++ b/src/plugins/srv6-am/node.c
@@ -0,0 +1,355 @@
+/*
+ * Copyright (c) 2015 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <vlib/vlib.h>
+#include <vnet/vnet.h>
+#include <vppinfra/error.h>
+#include <srv6-am/am.h>
+
+
+/******************************* Packet tracing *******************************/
+
+typedef struct
+{
+ u32 localsid_index;
+} srv6_am_localsid_trace_t;
+
+typedef struct
+{
+ ip6_address_t src, dst;
+} srv6_am_rewrite_trace_t;
+
+static u8 *
+format_srv6_am_localsid_trace (u8 * s, va_list * args)
+{
+ CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
+ CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
+ srv6_am_localsid_trace_t *t = va_arg (*args, srv6_am_localsid_trace_t *);
+
+ return format (s, "SRv6-AM-localsid: localsid_index %d", t->localsid_index);
+}
+
+static u8 *
+format_srv6_am_rewrite_trace (u8 * s, va_list * args)
+{
+ CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
+ CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
+ srv6_am_rewrite_trace_t *t = va_arg (*args, srv6_am_rewrite_trace_t *);
+
+ return format (s, "SRv6-AM-rewrite: src %U dst %U",
+ format_ip6_address, &t->src, format_ip6_address, &t->dst);
+}
+
+
+/***************************** Node registration ******************************/
+
+vlib_node_registration_t srv6_am_rewrite_node;
+
+
+/****************************** Packet counters *******************************/
+
+#define foreach_srv6_am_rewrite_counter \
+_(PROCESSED, "srv6-am rewritten packets") \
+_(NO_SRH, "(Error) No SRH.")
+
+typedef enum
+{
+#define _(sym,str) SRV6_AM_REWRITE_COUNTER_##sym,
+ foreach_srv6_am_rewrite_counter
+#undef _
+ SRV6_AM_REWRITE_N_COUNTERS,
+} srv6_am_rewrite_counters;
+
+static char *srv6_am_rewrite_counter_strings[] = {
+#define _(sym,string) string,
+ foreach_srv6_am_rewrite_counter
+#undef _
+};
+
+
+/********************************* Next nodes *********************************/
+
+typedef enum
+{
+ SRV6_AM_LOCALSID_NEXT_ERROR,
+ SRV6_AM_LOCALSID_NEXT_REWRITE,
+ SRV6_AM_LOCALSID_N_NEXT,
+} srv6_am_localsid_next_t;
+
+typedef enum
+{
+ SRV6_AM_REWRITE_NEXT_ERROR,
+ SRV6_AM_REWRITE_NEXT_LOOKUP,
+ SRV6_AM_REWRITE_N_NEXT,
+} srv6_am_rewrite_next_t;
+
+
+/******************************* Local SID node *******************************/
+
+/**
+ * @brief SRv6 masquerading.
+ */
+static_always_inline void
+end_am_processing (vlib_buffer_t * b0,
+ ip6_header_t * ip0,
+ ip6_sr_header_t * sr0,
+ ip6_sr_localsid_t * ls0, u32 * next0)
+{
+ ip6_address_t *new_dst0;
+
+ if (PREDICT_FALSE (ip0->protocol != IP_PROTOCOL_IPV6_ROUTE ||
+ sr0->type != ROUTING_HEADER_TYPE_SR))
+ {
+ *next0 = SRV6_AM_LOCALSID_NEXT_ERROR;
+ return;
+ }
+
+ if (PREDICT_FALSE (sr0->segments_left == 0))
+ {
+ *next0 = SRV6_AM_LOCALSID_NEXT_ERROR;
+ return;
+ }
+
+ /* Decrement Segments Left */
+ sr0->segments_left -= 1;
+
+ /* Set Destination Address to Last Segment (index 0) */
+ new_dst0 = (ip6_address_t *) (sr0->segments);
+ ip0->dst_address.as_u64[0] = new_dst0->as_u64[0];
+ ip0->dst_address.as_u64[1] = new_dst0->as_u64[1];
+
+ /* Set Xconnect adjacency to VNF */
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX] = ls0->nh_adj;
+}
+
+/**
+ * @brief Graph node for applying SRv6 masquerading.
+ */
+static uword
+srv6_am_localsid_fn (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+ ip6_sr_main_t *sm = &sr_main;
+ u32 n_left_from, next_index, *from, *to_next;
+ u32 cnt_packets = 0;
+
+ from = vlib_frame_vector_args (frame);
+ n_left_from = frame->n_vectors;
+ next_index = node->cached_next_index;
+
+ u32 thread_index = vlib_get_thread_index ();
+
+ while (n_left_from > 0)
+ {
+ u32 n_left_to_next;
+
+ vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
+
+ /* TODO: Dual/quad loop */
+
+ while (n_left_from > 0 && n_left_to_next > 0)
+ {
+ u32 bi0;
+ vlib_buffer_t *b0;
+ ip6_header_t *ip0 = 0;
+ ip6_sr_header_t *sr0;
+ ip6_sr_localsid_t *ls0;
+ u32 next0 = SRV6_AM_LOCALSID_NEXT_REWRITE;
+
+ bi0 = from[0];
+ to_next[0] = bi0;
+ from += 1;
+ to_next += 1;
+ n_left_from -= 1;
+ n_left_to_next -= 1;
+
+ b0 = vlib_get_buffer (vm, bi0);
+ ip0 = vlib_buffer_get_current (b0);
+ sr0 = (ip6_sr_header_t *) (ip0 + 1);
+
+ /* Lookup the SR End behavior based on IP DA (adj) */
+ ls0 = pool_elt_at_index (sm->localsids,
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX]);
+
+ /* SRH processing */
+ end_am_processing (b0, ip0, sr0, ls0, &next0);
+
+ if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
+ {
+ srv6_am_localsid_trace_t *tr =
+ vlib_add_trace (vm, node, b0, sizeof *tr);
+ tr->localsid_index = ls0 - sm->localsids;
+ }
+
+ /* This increments the SRv6 per LocalSID counters. */
+ vlib_increment_combined_counter (((next0 ==
+ SRV6_AM_LOCALSID_NEXT_ERROR) ?
+ &(sm->sr_ls_invalid_counters) :
+ &(sm->sr_ls_valid_counters)),
+ thread_index, ls0 - sm->localsids,
+ 1, vlib_buffer_length_in_chain (vm,
+ b0));
+
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
+ n_left_to_next, bi0, next0);
+
+ cnt_packets++;
+ }
+
+ vlib_put_next_frame (vm, node, next_index, n_left_to_next);
+ }
+
+ return frame->n_vectors;
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (srv6_am_localsid_node) = {
+ .function = srv6_am_localsid_fn,
+ .name = "srv6-am-localsid",
+ .vector_size = sizeof (u32),
+ .format_trace = format_srv6_am_localsid_trace,
+ .type = VLIB_NODE_TYPE_INTERNAL,
+ .n_next_nodes = SRV6_AM_LOCALSID_N_NEXT,
+ .next_nodes = {
+ [SRV6_AM_LOCALSID_NEXT_REWRITE] = "ip6-rewrite",
+ [SRV6_AM_LOCALSID_NEXT_ERROR] = "error-drop",
+ },
+};
+/* *INDENT-ON* */
+
+
+/******************************* Rewriting node *******************************/
+
+/**
+ * @brief SRv6 de-masquerading.
+ */
+static_always_inline void
+end_am_rewriting (vlib_node_runtime_t * node,
+ vlib_buffer_t * b0,
+ ip6_header_t * ip0, ip6_sr_header_t * sr0, u32 * next0)
+{
+ if (PREDICT_FALSE (ip0->protocol != IP_PROTOCOL_IPV6_ROUTE ||
+ sr0->type != ROUTING_HEADER_TYPE_SR))
+ {
+ b0->error = node->errors[SRV6_AM_REWRITE_COUNTER_NO_SRH];
+ *next0 = SRV6_AM_REWRITE_NEXT_ERROR;
+ return;
+ }
+
+ /* Restore Destination Address to active segment (index SL) */
+ if (sr0->segments_left != 0)
+ {
+ ip6_address_t *new_dst0;
+ new_dst0 = (ip6_address_t *) (sr0->segments) + sr0->segments_left;
+ ip0->dst_address.as_u64[0] = new_dst0->as_u64[0];
+ ip0->dst_address.as_u64[1] = new_dst0->as_u64[1];
+ }
+}
+
+/**
+ * @brief Graph node for applying SRv6 de-masquerading.
+ */
+static uword
+srv6_am_rewrite_fn (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+ u32 n_left_from, next_index, *from, *to_next;
+ u32 cnt_packets = 0;
+
+ from = vlib_frame_vector_args (frame);
+ n_left_from = frame->n_vectors;
+ next_index = node->cached_next_index;
+
+ while (n_left_from > 0)
+ {
+ u32 n_left_to_next;
+
+ vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
+
+ /* TODO: Dual/quad loop */
+
+ while (n_left_from > 0 && n_left_to_next > 0)
+ {
+ u32 bi0;
+ vlib_buffer_t *b0;
+ ip6_header_t *ip0 = 0;
+ ip6_sr_header_t *sr0;
+ u32 next0 = SRV6_AM_REWRITE_NEXT_LOOKUP;
+
+ bi0 = from[0];
+ to_next[0] = bi0;
+ from += 1;
+ to_next += 1;
+ n_left_from -= 1;
+ n_left_to_next -= 1;
+
+ b0 = vlib_get_buffer (vm, bi0);
+ ip0 = vlib_buffer_get_current (b0);
+ sr0 = (ip6_sr_header_t *) (ip0 + 1);
+
+ /* SRH processing */
+ end_am_rewriting (node, b0, ip0, sr0, &next0);
+
+ if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE) &&
+ PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
+ {
+ srv6_am_rewrite_trace_t *tr =
+ vlib_add_trace (vm, node, b0, sizeof *tr);
+ clib_memcpy (tr->src.as_u8, ip0->src_address.as_u8,
+ sizeof tr->src.as_u8);
+ clib_memcpy (tr->dst.as_u8, ip0->dst_address.as_u8,
+ sizeof tr->dst.as_u8);
+ }
+
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
+ n_left_to_next, bi0, next0);
+
+ cnt_packets++;
+ }
+
+ vlib_put_next_frame (vm, node, next_index, n_left_to_next);
+ }
+
+ /* Update counters */
+ vlib_node_increment_counter (vm, srv6_am_rewrite_node.index,
+ SRV6_AM_REWRITE_COUNTER_PROCESSED,
+ cnt_packets);
+
+ return frame->n_vectors;
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (srv6_am_rewrite_node) = {
+ .function = srv6_am_rewrite_fn,
+ .name = "srv6-am-rewrite",
+ .vector_size = sizeof (u32),
+ .format_trace = format_srv6_am_rewrite_trace,
+ .type = VLIB_NODE_TYPE_INTERNAL,
+ .n_errors = SRV6_AM_REWRITE_N_COUNTERS,
+ .error_strings = srv6_am_rewrite_counter_strings,
+ .n_next_nodes = SRV6_AM_REWRITE_N_NEXT,
+ .next_nodes = {
+ [SRV6_AM_REWRITE_NEXT_LOOKUP] = "ip6-lookup",
+ [SRV6_AM_REWRITE_NEXT_ERROR] = "error-drop",
+ },
+};
+/* *INDENT-ON* */
+
+/*
+* fd.io coding-style-patch-verification: ON
+*
+* Local Variables:
+* eval: (c-set-style "gnu")
+* End:
+*/
diff --git a/src/plugins/srv6_am.am b/src/plugins/srv6_am.am
new file mode 100644
index 00000000000..5ae7daca55a
--- /dev/null
+++ b/src/plugins/srv6_am.am
@@ -0,0 +1,22 @@
+# Copyright (c) 2016 Cisco Systems, Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+vppplugins_LTLIBRARIES += srv6am_plugin.la
+
+srv6am_plugin_la_SOURCES = \
+ srv6-am/am.c \
+ srv6-am/node.c
+
+noinst_HEADERS += srv6-am/am.h
+
+# vi:syntax=automake