diff options
author | Billy McFall <bmcfall@redhat.com> | 2016-10-13 08:27:31 -0400 |
---|---|---|
committer | Billy McFall <bmcfall@redhat.com> | 2016-10-13 08:29:02 -0400 |
commit | 0683c9cc130d45f1246be78fa4ebf3f8d7f322bb (patch) | |
tree | 3c1699fea0d758343c7d61572d50c0fe0ba66aad /vnet/vnet/ip/ip4_source_check.c | |
parent | 10eb1ea468496807432734814f264139fe3299dc (diff) |
VPP-286: Add CLI Command documentation via doxygen comments for vnet/vnet/ip.
Change-Id: Ie1be9dc057d07c250852952ea159ed3c44c25f5f
Signed-off-by: Billy McFall <bmcfall@redhat.com>
Diffstat (limited to 'vnet/vnet/ip/ip4_source_check.c')
-rw-r--r-- | vnet/vnet/ip/ip4_source_check.c | 90 |
1 files changed, 71 insertions, 19 deletions
diff --git a/vnet/vnet/ip/ip4_source_check.c b/vnet/vnet/ip/ip4_source_check.c index 97d470316a7..b7913845bac 100644 --- a/vnet/vnet/ip/ip4_source_check.c +++ b/vnet/vnet/ip/ip4_source_check.c @@ -42,6 +42,14 @@ #include <vnet/fib/fib_urpf_list.h> #include <vnet/dpo/load_balance.h> +/** + * @file + * @brief IPv4 Unicast Source Check. + * + * This file contains the IPv4 interface unicast source check. + */ + + typedef struct { u8 packet_data[64]; index_t urpf; @@ -380,25 +388,68 @@ set_ip_source_check (vlib_main_t * vm, return error; } -/* *INDENT-OFF* */ /*? - * Add the unicast RPF check feature to an input interface - * - * @cliexpar - * @cliexstart{set interface ip source-check} - * Two flavours are supported; - * loose: accept ingress packet if there is a route to reach the source - * strict: accept ingress packet if it arrived on an interface which + * This command adds the 'ip4-source-check-via-rx' graph node for + * a given interface. By adding the IPv4 source check graph node to + * an interface, the code verifies that the source address of incoming + * unicast packets are reachable over the incoming interface. Two flavours + * are supported (the default is strict): + * - loose: accept ingress packet if there is a route to reach the source + * - strict: accept ingress packet if it arrived on an interface which * the route to the source uses. i.e. an interface that the source * is reachable via. - * the deafult is strict. * + * @cliexpar + * @parblock + * Example of graph node before range checking is enabled: + * @cliexstart{show vlib graph ip4-source-check-via-rx} + * Name Next Previous + * ip4-source-check-via-rx error-drop [0] + * @cliexend + * + * Example of how to enable unicast source checking on an interface: + * @cliexcmd{set interface ip source-check GigabitEthernet2/0/0 loose} + * + * Example of graph node after range checking is enabled: + * @cliexstart{show vlib graph ip4-source-check-via-rx} + * Name Next Previous + * ip4-source-check-via-rx error-drop [0] ip4-input-no-checksum + * ip4-source-and-port-range- ip4-input * @cliexend + * + * Example of how to display the feature enabed on an interface: + * @cliexstart{show ip interface features GigabitEthernet2/0/0} + * IP feature paths configured on GigabitEthernet2/0/0... + * + * ipv4 unicast: + * ip4-source-check-via-rx + * ip4-lookup + * + * ipv4 multicast: + * ip4-lookup-multicast + * + * ipv4 multicast: + * interface-output + * + * ipv6 unicast: + * ip6-lookup + * + * ipv6 multicast: + * ip6-lookup + * + * ipv6 multicast: + * interface-output + * @cliexend + * + * Example of how to disable unicast source checking on an interface: + * @cliexcmd{set interface ip source-check GigabitEthernet2/0/0 del} + * @endparblock ?*/ +/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_interface_ip_source_check_command, static) = { .path = "set interface ip source-check", .function = set_ip_source_check, - .short_help = "Set IP4/IP6 interface unicast source check", + .short_help = "set interface ip source-check <interface> [strict|loose] [del]", }; /* *INDENT-ON* */ @@ -476,22 +527,23 @@ done: return (error); } -/* *INDENT-OFF* */ /*? - * Add an exemption for a prefix to pass the uRPF loose check. Testing purposes only. + * Add an exemption for a prefix to pass the Unicast Reverse Path + * Forwarding (uRPF) loose check. This is for testing purposes only. + * If the '<em>table</em>' is not enter it is defaulted to 0. Default + * is to '<em>add</em>'. VPP always performs a loose uRPF check for + * for-us traffic. * * @cliexpar - * @cliexstart{ip rpf-accept} - * - * Add an exception for a prefix to pass the loose RPF tests. This is usefull - * for testing purposes. - * VPP always performs a loose uRPF check for for-us traffic. - * @cliexend + * Example of how to add a uRPF exception to a FIB table to pass the + * loose RPF tests: + * @cliexcmd{ip urpf-accept table 7 add} ?*/ +/* *INDENT-OFF* */ VLIB_CLI_COMMAND (ip_source_check_accept_command, static) = { .path = "ip urpf-accept", .function = ip_source_check_accept, - .short_help = "Add a loose uRPF check exemption", + .short_help = "ip urpf-accept [table <table-id>] [add|del]", }; /* *INDENT-ON* */ |