summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-11-25 13:04:44 +0000
committerOle Trøan <otroan@employees.org>2019-12-03 19:36:26 +0000
commit9534696b4637185c9f296375e63c50d8976d153d (patch)
tree7e5bce5d492b6b376e42f9df175e18202f93af68 /src
parentc8972fe506c78530a3e4085453e86a0b85b245ef (diff)
ipip: Tunnel flags controlling copying data to/from payload/encap
Type: feature Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I9467f11775936754406892b8e9e275f989ac9b30
Diffstat (limited to 'src')
-rw-r--r--src/plugins/ikev2/ikev2.c3
-rw-r--r--src/vnet/CMakeLists.txt7
-rw-r--r--src/vnet/ip/ip.c17
-rw-r--r--src/vnet/ip/ip4_format.c4
-rw-r--r--src/vnet/ip/ip4_packet.h64
-rw-r--r--src/vnet/ip/ip6_packet.h34
-rw-r--r--src/vnet/ip/ip_packet.h29
-rw-r--r--src/vnet/ipip/ipip.api10
-rw-r--r--src/vnet/ipip/ipip.c69
-rw-r--r--src/vnet/ipip/ipip.h28
-rw-r--r--src/vnet/ipip/ipip_api.c12
-rw-r--r--src/vnet/ipip/ipip_cli.c18
-rw-r--r--src/vnet/ipip/ipip_types.api33
-rw-r--r--src/vnet/ipip/ipip_types_api.c53
-rw-r--r--src/vnet/ipip/ipip_types_api.h41
-rw-r--r--src/vnet/ipip/node.c28
-rw-r--r--src/vnet/ipsec/ipsec_api.c3
-rw-r--r--src/vnet/ipsec/ipsec_cli.c4
18 files changed, 416 insertions, 41 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index b6202aeec6a..a260bb16617 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1542,7 +1542,8 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
int rv;
rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0,
- &a->local_ip, &a->remote_ip, 0, 0, &sw_if_index);
+ &a->local_ip, &a->remote_ip, 0,
+ IPIP_TUNNEL_FLAG_NONE, IP_DSCP_CS0, &sw_if_index);
rv |= ipsec_sa_add_and_lock (a->local_sa_id,
a->local_spi,
diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt
index 18898e152d1..658e8d9a696 100644
--- a/src/vnet/CMakeLists.txt
+++ b/src/vnet/CMakeLists.txt
@@ -722,6 +722,7 @@ list(APPEND VNET_SOURCES
ipip/sixrd.c
ipip/ipip_api.c
ipip/ipip_cli.c
+ ipip/ipip_types_api.c
)
list(APPEND VNET_MULTIARCH_SOURCES
@@ -730,9 +731,13 @@ list(APPEND VNET_MULTIARCH_SOURCES
list(APPEND VNET_HEADERS
ipip/ipip.h
+ ipip/ipip_types_api.h
)
-list(APPEND VNET_API_FILES ipip/ipip.api)
+list(APPEND VNET_API_FILES
+ ipip/ipip_types.api
+ ipip/ipip.api
+)
##############################################################################
# Tunnel protocol: l2tpv3
diff --git a/src/vnet/ip/ip.c b/src/vnet/ip/ip.c
index 785cd491b57..88eff4f4d59 100644
--- a/src/vnet/ip/ip.c
+++ b/src/vnet/ip/ip.c
@@ -312,6 +312,23 @@ format_ip_dscp (u8 * s, va_list * va)
return (format (s, "unknown"));
}
+u8 *
+format_ip_ecn (u8 * s, va_list * va)
+{
+ ip_ecn_t ecn = va_arg (*va, u32); // int promotion of u8
+
+ switch (ecn)
+ {
+#define _(n,v) \
+ case IP_ECN_##v: \
+ return (format (s, "%s", #v));
+ foreach_ip_ecn
+#undef _
+ }
+
+ return (format (s, "unknown"));
+}
+
/*
* fd.io coding-style-patch-verification: ON
*
diff --git a/src/vnet/ip/ip4_format.c b/src/vnet/ip/ip4_format.c
index eebd5ad8bd3..786a01d396b 100644
--- a/src/vnet/ip/ip4_format.c
+++ b/src/vnet/ip/ip4_format.c
@@ -155,6 +155,10 @@ format_ip4_header (u8 * s, va_list * args)
s = format (s, " (should be 0x%04x)", clib_net_to_host_u16 (c));
}
+ s = format (s, " dscp %U ecn %U",
+ format_ip_dscp, ip4_header_get_dscp (ip),
+ format_ip_ecn, ip4_header_get_ecn (ip));
+
{
u32 f = clib_net_to_host_u16 (ip->flags_and_fragment_offset);
u32 o;
diff --git a/src/vnet/ip/ip4_packet.h b/src/vnet/ip/ip4_packet.h
index c1852fc3ff2..79cf22c4d70 100644
--- a/src/vnet/ip/ip4_packet.h
+++ b/src/vnet/ip/ip4_packet.h
@@ -264,6 +264,70 @@ ip4_header_checksum (ip4_header_t * i)
return csum;
}
+always_inline void
+ip4_header_set_dscp (ip4_header_t * ip4, ip_dscp_t dscp)
+{
+ ip4->tos &= ~0xfc;
+ /* not masking the dscp value to save th instruction
+ * it shouldn't b necessary since the argument is an enum
+ * whose range is therefore constrained in the CP. in the
+ * DP it will have been taken from another packet, so again
+ * constrained in value */
+ ip4->tos |= dscp << IP_PACKET_TC_FIELD_DSCP_BIT_SHIFT;
+}
+
+always_inline void
+ip4_header_set_ecn (ip4_header_t * ip4, ip_ecn_t ecn)
+{
+ ip4->tos &= ~IP_PACKET_TC_FIELD_ECN_MASK;
+ ip4->tos |= ecn;
+}
+
+always_inline void
+ip4_header_set_ecn_w_chksum (ip4_header_t * ip4, ip_ecn_t ecn)
+{
+ ip_csum_t sum = ip4->checksum;
+ u8 old = ip4->tos;
+ u8 new = (old & ~IP_PACKET_TC_FIELD_ECN_MASK) | ecn;
+
+ sum = ip_csum_update (sum, old, new, ip4_header_t, tos);
+ ip4->checksum = ip_csum_fold (sum);
+ ip4->tos = new;
+}
+
+always_inline ip_dscp_t
+ip4_header_get_dscp (const ip4_header_t * ip4)
+{
+ return (ip4->tos >> IP_PACKET_TC_FIELD_DSCP_BIT_SHIFT);
+}
+
+always_inline ip_ecn_t
+ip4_header_get_ecn (const ip4_header_t * ip4)
+{
+ return (ip4->tos & IP_PACKET_TC_FIELD_ECN_MASK);
+}
+
+always_inline void
+ip4_header_set_df (ip4_header_t * ip4)
+{
+ ip4->flags_and_fragment_offset |=
+ clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
+}
+
+always_inline void
+ip4_header_clear_df (ip4_header_t * ip4)
+{
+ ip4->flags_and_fragment_offset &=
+ ~clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
+}
+
+always_inline u8
+ip4_header_get_df (ip4_header_t * ip4)
+{
+ return (! !(ip4->flags_and_fragment_offset &
+ clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT)));
+}
+
static inline uword
ip4_header_checksum_is_valid (ip4_header_t * i)
{
diff --git a/src/vnet/ip/ip6_packet.h b/src/vnet/ip/ip6_packet.h
index ed96ece1e7f..8c0698440e3 100644
--- a/src/vnet/ip/ip6_packet.h
+++ b/src/vnet/ip/ip6_packet.h
@@ -396,6 +396,20 @@ ip6_traffic_class_network_order (const ip6_header_t * ip6)
& 0x0ff00000) >> 20;
}
+static_always_inline ip_dscp_t
+ip6_dscp_network_order (const ip6_header_t * ip6)
+{
+ return (clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label)
+ & 0x0fc00000) >> 22;
+}
+
+static_always_inline ip_ecn_t
+ip6_ecn_network_order (const ip6_header_t * ip6)
+{
+ return (clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label)
+ & 0x00300000) >> 20;
+}
+
static_always_inline void
ip6_set_traffic_class_network_order (ip6_header_t * ip6, ip_dscp_t dscp)
{
@@ -406,6 +420,26 @@ ip6_set_traffic_class_network_order (ip6_header_t * ip6, ip_dscp_t dscp)
ip6->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32 (tmp);
}
+static_always_inline void
+ip6_set_dscp_network_order (ip6_header_t * ip6, ip_dscp_t dscp)
+{
+ u32 tmp =
+ clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label);
+ tmp &= 0xf03fffff;
+ tmp |= (dscp << 22);
+ ip6->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32 (tmp);
+}
+
+static_always_inline void
+ip6_set_ecn_network_order (ip6_header_t * ip6, ip_ecn_t ecn)
+{
+ u32 tmp =
+ clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label);
+ tmp &= 0xffcfffff;
+ tmp |= (ecn << 20);
+ ip6->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32 (tmp);
+}
+
always_inline void *
ip6_next_header (ip6_header_t * i)
{
diff --git a/src/vnet/ip/ip_packet.h b/src/vnet/ip/ip_packet.h
index 63a59f87668..9a55d5f644e 100644
--- a/src/vnet/ip/ip_packet.h
+++ b/src/vnet/ip/ip_packet.h
@@ -118,10 +118,35 @@ typedef enum ip_dscp_t_
#undef _
} __clib_packed ip_dscp_t;
-STATIC_ASSERT_SIZEOF (ip_dscp_t, 1);
-
extern u8 *format_ip_dscp (u8 * s, va_list * va);
+/**
+ * IP DSCP bit shift
+ * The ECN occupies the 2 least significant bits of the TC field
+ */
+#define IP_PACKET_TC_FIELD_DSCP_BIT_SHIFT 2
+#define IP_PACKET_TC_FIELD_ECN_MASK 0x03
+
+/**
+ * The set of RFC defined DSCP values.
+ */
+#define foreach_ip_ecn \
+ _(0, NON_ECN) \
+ _(1, ECT_0) \
+ _(2, ECT_1) \
+ _(3, CE)
+
+typedef enum ip_ecn_t_
+{
+#define _(n,f) IP_ECN_##f = n,
+ foreach_ip_ecn
+#undef _
+} __clib_packed ip_ecn_t;
+
+STATIC_ASSERT_SIZEOF (ip_ecn_t, 1);
+
+extern u8 *format_ip_ecn (u8 * s, va_list * va);
+
/* IP checksum support. */
static_always_inline u16
diff --git a/src/vnet/ipip/ipip.api b/src/vnet/ipip/ipip.api
index 8a6e726eba4..baf0e508cf0 100644
--- a/src/vnet/ipip/ipip.api
+++ b/src/vnet/ipip/ipip.api
@@ -1,3 +1,4 @@
+/* Hey Emacs use -*- mode: C -*- */
/*
* Copyright (c) 2018 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,9 +49,11 @@
*
*/
-option version = "1.2.0";
+option version = "2.0.0";
+
import "vnet/interface_types.api";
import "vnet/ip/ip_types.api";
+import "vnet/ipip/ipip_types.api";
/**
* An IP{v4,v6} over IP{v4,v6} tunnel.
@@ -63,8 +66,9 @@ typedef ipip_tunnel
vl_api_interface_index_t sw_if_index; /* ignored on create, set in
details/dump */
u32 table_id;
- u8 tc_tos; /* If ~0, the TOS/TC value is copied from
- inner packet, otherwise set to value */
+ vl_api_ipip_tunnel_flags_t flags;
+ vl_api_ip_dscp_t dscp; /* DSCP value for the tunnel encap,
+ ignored if ECNAP_COPY_DSCP flag is set */
};
/**
diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c
index 66c945e346e..15f453a8c7e 100644
--- a/src/vnet/ipip/ipip.c
+++ b/src/vnet/ipip/ipip.c
@@ -75,8 +75,10 @@ ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index,
ip4->src_address.as_u32 = t->tunnel_src.ip4.as_u32;
ip4->dst_address.as_u32 = t->tunnel_dst.ip4.as_u32;
ip4->checksum = ip4_header_checksum (ip4);
- if (t->tc_tos != 0xFF)
- ip4->tos = t->tc_tos;
+ if (!(t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP))
+ ip4_header_set_dscp (ip4, t->dscp);
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_SET_DF)
+ ip4_header_set_df (ip4);
break;
case IPIP_TRANSPORT_IP6:
@@ -84,14 +86,14 @@ ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index,
ip6 = (ip6_header_t *) rewrite;
ip6->ip_version_traffic_class_and_flow_label =
clib_host_to_net_u32 (6 << 28);
- if (t->tc_tos != 0xFF)
- ip6_set_traffic_class_network_order (ip6, t->tc_tos);
ip6->hop_limit = 64;
/* fixup ip6 header length and protocol after-the-fact */
ip6->src_address.as_u64[0] = t->tunnel_src.ip6.as_u64[0];
ip6->src_address.as_u64[1] = t->tunnel_src.ip6.as_u64[1];
ip6->dst_address.as_u64[0] = t->tunnel_dst.ip6.as_u64[0];
ip6->dst_address.as_u64[1] = t->tunnel_dst.ip6.as_u64[1];
+ if (!(t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP))
+ ip6_set_dscp_network_order (ip6, t->dscp);
break;
default:
@@ -114,15 +116,25 @@ ipip4_fixup (vlib_main_t * vm, ip_adjacency_t * adj, vlib_buffer_t * b,
{
case VNET_LINK_IP6:
ip4->protocol = IP_PROTOCOL_IPV6;
- if (t->tc_tos == 0xFF)
- ip4->tos =
- ip6_traffic_class_network_order ((const ip6_header_t *) (ip4 + 1));
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP)
+ ip4_header_set_dscp (ip4,
+ ip6_dscp_network_order ((ip6_header_t *) (ip4 +
+ 1)));
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN)
+ ip4_header_set_ecn (ip4,
+ ip6_ecn_network_order ((ip6_header_t *) (ip4 +
+ 1)));
break;
case VNET_LINK_IP4:
ip4->protocol = IP_PROTOCOL_IP_IN_IP;
- if (t->tc_tos == 0xFF)
- ip4->tos = ((ip4_header_t *) (ip4 + 1))->tos;
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP)
+ ip4_header_set_dscp (ip4, ip4_header_get_dscp (ip4 + 1));
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN)
+ ip4_header_set_ecn (ip4, ip4_header_get_ecn (ip4 + 1));
+ if ((t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DF) &&
+ ip4_header_get_df (ip4 + 1))
+ ip4_header_set_df (ip4);
break;
default:
@@ -151,17 +163,20 @@ ipip6_fixup (vlib_main_t * vm, ip_adjacency_t * adj, vlib_buffer_t * b,
{
case VNET_LINK_IP6:
ip6->protocol = IP_PROTOCOL_IPV6;
- if (t->tc_tos == 0xFF)
- ip6_set_traffic_class_network_order (ip6,
- ip6_traffic_class_network_order ((const ip6_header_t *) (ip6 + 1)));
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP)
+ ip6_set_dscp_network_order (ip6, ip6_dscp_network_order (ip6 + 1));
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN)
+ ip6_set_ecn_network_order (ip6, ip6_ecn_network_order (ip6 + 1));
break;
case VNET_LINK_IP4:
ip6->protocol = IP_PROTOCOL_IP_IN_IP;
- if (t->tc_tos == 0xFF)
- ip6_set_traffic_class_network_order (ip6,
- ((ip4_header_t *) (ip6 +
- 1))->tos);
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_DSCP)
+ ip6_set_dscp_network_order
+ (ip6, ip4_header_get_dscp ((ip4_header_t *) (ip6 + 1)));
+ if (t->flags & IPIP_TUNNEL_FLAG_ENCAP_COPY_ECN)
+ ip6_set_ecn_network_order
+ (ip6, ip4_header_get_ecn ((ip4_header_t *) (ip6 + 1)));
break;
default:
@@ -250,6 +265,20 @@ ipip_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
ipip_tunnel_stack (ai);
}
+u8 *
+format_ipip_tunnel_flags (u8 * s, va_list * args)
+{
+ ipip_tunnel_flags_t f = va_arg (*args, int);
+
+ if (f == IPIP_TUNNEL_FLAG_NONE)
+ return (format (s, "none"));
+
+#define _(a,b,c) if (f & IPIP_TUNNEL_FLAG_##a) s = format(s, "%s ", b);
+ forech_ipip_tunnel_flag
+#undef _
+ return (s);
+}
+
static u8 *
format_ipip_tunnel_name (u8 * s, va_list * args)
{
@@ -384,7 +413,8 @@ ipip_tunnel_db_remove (ipip_tunnel_t * t)
int
ipip_add_tunnel (ipip_transport_t transport,
u32 instance, ip46_address_t * src, ip46_address_t * dst,
- u32 fib_index, u8 tc_tos, u32 * sw_if_indexp)
+ u32 fib_index, ipip_tunnel_flags_t flags,
+ ip_dscp_t dscp, u32 * sw_if_indexp)
{
ipip_main_t *gm = &ipip_main;
vnet_main_t *vnm = gm->vnet_main;
@@ -430,9 +460,10 @@ ipip_add_tunnel (ipip_transport_t transport,
t->hw_if_index = hw_if_index;
t->fib_index = fib_index;
t->sw_if_index = sw_if_index;
- t->tc_tos = tc_tos;
-
+ t->dscp = dscp;
+ t->flags = flags;
t->transport = transport;
+
vec_validate_init_empty (gm->tunnel_index_by_sw_if_index, sw_if_index, ~0);
gm->tunnel_index_by_sw_if_index[sw_if_index] = t_idx;
diff --git a/src/vnet/ipip/ipip.h b/src/vnet/ipip/ipip.h
index c55d1d7c644..be944507b40 100644
--- a/src/vnet/ipip/ipip.h
+++ b/src/vnet/ipip/ipip.h
@@ -65,6 +65,28 @@ typedef enum
} ipip_mode_t;
/**
+ * Keep these idenitical to those in ipip.api
+ */
+#define forech_ipip_tunnel_flag \
+ _(NONE, "none", 0x0) \
+ _(ENCAP_COPY_DF, "encap-copy-df", 0x1) \
+ _(ENCAP_SET_DF, "encap-set-df", 0x2) \
+ _(ENCAP_COPY_DSCP, "encap-copy-dscp", 0x4) \
+ _(ENCAP_COPY_ECN, "encap-copy-ecn", 0x8) \
+ _(DECAP_COPY_ECN, "decap-copy-ecn", 0x10)
+
+typedef enum ipip_tunnel_flags_t_
+{
+#define _(a,b,c) IPIP_TUNNEL_FLAG_##a = c,
+ forech_ipip_tunnel_flag
+#undef _
+} __clib_packed ipip_tunnel_flags_t;
+
+#define IPIP_TUNNEL_FLAG_MASK (0x1f)
+
+extern u8 *format_ipip_tunnel_flags (u8 * s, va_list * args);
+
+/**
* @brief A representation of a IPIP tunnel
*/
typedef struct
@@ -82,7 +104,8 @@ typedef struct
u32 sw_if_index;
u32 dev_instance; /* Real device instance in tunnel vector */
u32 user_instance; /* Instance name being shown to user */
- u8 tc_tos;
+ ipip_tunnel_flags_t flags;
+ ip_dscp_t dscp;
struct
{
@@ -143,7 +166,8 @@ sixrd_get_addr_net (const ipip_tunnel_t * t, u64 dal)
int ipip_add_tunnel (ipip_transport_t transport, u32 instance,
ip46_address_t * src, ip46_address_t * dst,
- u32 fib_index, u8 tc_tos, u32 * sw_if_indexp);
+ u32 fib_index, ipip_tunnel_flags_t flags,
+ ip_dscp_t dscp, u32 * sw_if_indexp);
int ipip_del_tunnel (u32 sw_if_index);
int sixrd_add_tunnel (ip6_address_t * ip6_prefix, u8 ip6_prefix_len,
ip4_address_t * ip4_prefix, u8 ip4_prefix_len,
diff --git a/src/vnet/ipip/ipip_api.c b/src/vnet/ipip/ipip_api.c
index da0cb169296..47ff159b703 100644
--- a/src/vnet/ipip/ipip_api.c
+++ b/src/vnet/ipip/ipip_api.c
@@ -22,6 +22,7 @@
#include <vnet/ipip/ipip.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip_types_api.h>
+#include <vnet/ipip/ipip_types_api.h>
#include <vnet/ipip/ipip.api_enum.h>
#include <vnet/ipip/ipip.api_types.h>
@@ -36,6 +37,7 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp)
vl_api_ipip_add_tunnel_reply_t *rmp;
int rv = 0;
u32 fib_index, sw_if_index = ~0;
+ ipip_tunnel_flags_t flags;
ip46_address_t src, dst;
ip46_type_t itype[2];
@@ -54,6 +56,11 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp)
goto out;
}
+ rv = ipip_tunnel_flags_decode (mp->tunnel.flags, &flags);
+
+ if (rv)
+ goto out;
+
fib_index = fib_table_find (fib_proto_from_ip46 (itype[0]),
ntohl (mp->tunnel.table_id));
@@ -67,7 +74,8 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp)
IPIP_TRANSPORT_IP6 :
IPIP_TRANSPORT_IP4),
ntohl (mp->tunnel.instance), &src, &dst,
- fib_index, mp->tunnel.tc_tos, &sw_if_index);
+ fib_index, flags,
+ ip_dscp_decode (mp->tunnel.dscp), &sw_if_index);
}
out:
@@ -110,6 +118,8 @@ send_ipip_tunnel_details (ipip_tunnel_t * t, vl_api_ipip_tunnel_dump_t * mp)
rmp->tunnel.table_id = htonl (ft->ft_table_id);
rmp->tunnel.instance = htonl (t->user_instance);
rmp->tunnel.sw_if_index = htonl (t->sw_if_index);
+ rmp->tunnel.dscp = ip_dscp_encode(t->dscp);
+ rmp->tunnel.flags = ipip_tunnel_flags_encode(t->flags);
}));
/* *INDENT-ON* */
}
diff --git a/src/vnet/ipip/ipip_cli.c b/src/vnet/ipip/ipip_cli.c
index 58f5b1c3039..e252f3a519e 100644
--- a/src/vnet/ipip/ipip_cli.c
+++ b/src/vnet/ipip/ipip_cli.c
@@ -82,7 +82,8 @@ static clib_error_t *create_ipip_tunnel_command_fn(vlib_main_t *vm,
&src,
&dst,
fib_index,
- 0,
+ IPIP_TUNNEL_FLAG_NONE,
+ IP_DSCP_CS0,
&sw_if_index);
}
@@ -175,22 +176,25 @@ static u8 *format_ipip_tunnel(u8 *s, va_list *args) {
fib_proto_from_ip46(type));
switch (t->mode) {
case IPIP_MODE_6RD:
- s = format(s, "[%d] 6rd src %U ip6-pfx %U/%d table-ID %d sw-if-idx %d ",
+ s = format(s, "[%d] 6rd src %U ip6-pfx %U/%d ",
t->dev_instance,
format_ip46_address, &t->tunnel_src, type,
- format_ip6_address, &t->sixrd.ip6_prefix, t->sixrd.ip6_prefix_len,
- table_id, t->sw_if_index);
+ format_ip6_address, &t->sixrd.ip6_prefix, t->sixrd.ip6_prefix_len);
break;
case IPIP_MODE_P2P:
default:
- s = format(s, "[%d] instance %d src %U dst %U table-ID %d sw-if-idx %d ",
+ s = format(s, "[%d] instance %d src %U dst %U ",
t->dev_instance, t->user_instance,
format_ip46_address, &t->tunnel_src, type,
- format_ip46_address, &t->tunnel_dst, type,
- table_id, t->sw_if_index);
+ format_ip46_address, &t->tunnel_dst, type);
break;
}
+ s = format(s, "table-ID %d sw-if-idx %d flags [%U] dscp %U",
+ table_id, t->sw_if_index,
+ format_ipip_tunnel_flags, t->flags,
+ format_ip_dscp, t->dscp);
+
return s;
}
diff --git a/src/vnet/ipip/ipip_types.api b/src/vnet/ipip/ipip_types.api
new file mode 100644
index 00000000000..3e52fe74c1d
--- /dev/null
+++ b/src/vnet/ipip/ipip_types.api
@@ -0,0 +1,33 @@
+/* Hey Emacs use -*- mode: C -*- */
+/*
+ * Copyright (c) 2019 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Flags controlling tunnel behaviour
+ */
+enum ipip_tunnel_flags : u8
+{
+ IPIP_TUNNEL_API_FLAG_NONE = 0,
+ /** at encap, copy the DF bit of the payload into the tunnel header */
+ IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DF = 0x1,
+ /** at encap, set the DF bit in the tunnel header */
+ IPIP_TUNNEL_API_FLAG_ENCAP_SET_DF = 0x2,
+ /** at encap, copy the DSCP bits of the payload into the tunnel header */
+ IPIP_TUNNEL_API_FLAG_ENCAP_COPY_DSCP = 0x4,
+ /** at encap, copy the ECN bit of the payload into the tunnel header */
+ IPIP_TUNNEL_API_FLAG_ENCAP_COPY_ECN = 0x8,
+ /** at decap, copy the ECN bit of the tunnel header into the payload */
+ IPIP_TUNNEL_API_FLAG_DECAP_COPY_ECN = 0x10,
+};
diff --git a/src/vnet/ipip/ipip_types_api.c b/src/vnet/ipip/ipip_types_api.c
new file mode 100644
index 00000000000..5625b85af68
--- /dev/null
+++ b/src/vnet/ipip/ipip_types_api.c
@@ -0,0 +1,53 @@
+/*
+ * ipip_api.c - ipip api
+ *
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/api_errno.h>
+#include <vnet/ipip/ipip_types_api.h>
+
+#include <vnet/ipip/ipip_types.api_enum.h>
+#include <vnet/ipip/ipip_types.api_types.h>
+
+
+STATIC_ASSERT (sizeof (vl_api_ipip_tunnel_flags_t) ==
+ sizeof (ipip_tunnel_flags_t),
+ "IPIP tunnel API and internal flags enum size differ");
+
+int
+ipip_tunnel_flags_decode (vl_api_ipip_tunnel_flags_t f,
+ ipip_tunnel_flags_t * o)
+{
+ if (f & ~IPIP_TUNNEL_FLAG_MASK)
+ /* unknown flags set */
+ return (VNET_API_ERROR_INVALID_VALUE_2);
+
+ *o = (ipip_tunnel_flags_t) f;
+ return (0);
+}
+
+vl_api_ipip_tunnel_flags_t
+ipip_tunnel_flags_encode (ipip_tunnel_flags_t f)
+{
+ return ((vl_api_ipip_tunnel_flags_t) f);
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/ipip/ipip_types_api.h b/src/vnet/ipip/ipip_types_api.h
new file mode 100644
index 00000000000..17b1f1bb210
--- /dev/null
+++ b/src/vnet/ipip/ipip_types_api.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __IPIP_TYPES_API_H__
+#define __IPIP_TYPES_API_H__
+
+/**
+ * Conversion functions to/from (decode/encode) API types to VPP internal types
+ */
+
+#include <vnet/ipip/ipip.h>
+#include <vnet/ipip/ipip.api_types.h>
+
+/**
+ * These enum decode/encodes use 'int' as the type for the enum because
+ * one cannot forward declare an enum
+ */
+extern int ipip_tunnel_flags_decode (u8 _f, ipip_tunnel_flags_t * out);
+extern u8 ipip_tunnel_flags_encode (ipip_tunnel_flags_t f);
+
+#endif
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c
index 0cea4d50895..cd26b8a8b85 100644
--- a/src/vnet/ipip/node.c
+++ b/src/vnet/ipip/node.c
@@ -158,9 +158,33 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node,
vnet_buffer (b0)->sw_if_index[VLIB_RX] = tunnel_sw_if_index;
if (inner_protocol0 == IP_PROTOCOL_IPV6)
- next0 = IPIP_INPUT_NEXT_IP6_INPUT;
+ {
+ next0 = IPIP_INPUT_NEXT_IP6_INPUT;
+
+ if (t0->flags & IPIP_TUNNEL_FLAG_DECAP_COPY_ECN)
+ {
+ if (is_ipv6)
+ ip6_set_ecn_network_order ((ip60 + 1),
+ ip6_ecn_network_order (ip60));
+ else
+ ip6_set_ecn_network_order ((ip6_header_t *) (ip40 + 1),
+ ip4_header_get_ecn (ip40));
+ }
+ }
else if (inner_protocol0 == IP_PROTOCOL_IP_IN_IP)
- next0 = IPIP_INPUT_NEXT_IP4_INPUT;
+ {
+ next0 = IPIP_INPUT_NEXT_IP4_INPUT;
+ if (t0->flags & IPIP_TUNNEL_FLAG_DECAP_COPY_ECN)
+ {
+ if (is_ipv6)
+ ip4_header_set_ecn_w_chksum ((ip4_header_t *) (ip60 + 1),
+ ip6_ecn_network_order
+ (ip60));
+ else
+ ip4_header_set_ecn_w_chksum (ip40 + 1,
+ ip4_header_get_ecn (ip40));
+ }
+ }
if (!is_ipv6 && t0->mode == IPIP_MODE_6RD
&& t0->sixrd.security_check)
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 893eee45ac9..ed79193906a 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -645,7 +645,8 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
rv = ipip_add_tunnel (transport,
(mp->renumber ? ntohl (mp->show_instance) : ~0),
&local_ip,
- &remote_ip, fib_index, 0, &sw_if_index);
+ &remote_ip, fib_index,
+ IPIP_TUNNEL_FLAG_NONE, IP_DSCP_CS0, &sw_if_index);
if (rv)
goto done;
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 5385a0f15c8..b304458d565 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -840,8 +840,8 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
/* create an ip-ip tunnel, then the two SA, then bind them */
rv =
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
- instance, &local_ip, &remote_ip, fib_index, 0,
- &sw_if_index);
+ instance, &local_ip, &remote_ip, fib_index,
+ IPIP_TUNNEL_FLAG_NONE, IP_DSCP_CS0, &sw_if_index);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,