diff options
author | Steve Shin <jonshin@cisco.com> | 2016-11-08 10:47:10 -0800 |
---|---|---|
committer | John Lo <loj@cisco.com> | 2016-11-16 02:29:44 +0000 |
commit | 25e26dc5136137c771715145dd5b2884060ff9eb (patch) | |
tree | 9279b106952a9a603060a185bda6b9f2e89ec8f4 /vnet/vnet/ip/ip_input_acl.c | |
parent | 9c6ae5f43b1f3141d37d6d7b3963926302826f08 (diff) |
VPP-521: Classify API enhancement to redirect traffic to pre-defined VRF
Ingress packets are punted to the “Input ACL node” where traffic is
classified based on n-tuple keys. If no matched session is found from
the classify tables, then it will be passed to “the lookup node” for
normal packet forwarding. If a classify session is hit from one of
classify tables, then packet vnet buffer field sw_if_index[VLIB_TX]
will be updated to the new FIB index used for subsequent IP lookup
for this packet.
Change-Id: Ifdea63196ddb81c2d5c43b8c98e11ddbf5b11858
Signed-off-by: Steve Shin <jonshin@cisco.com>
Diffstat (limited to 'vnet/vnet/ip/ip_input_acl.c')
-rw-r--r-- | vnet/vnet/ip/ip_input_acl.c | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/vnet/vnet/ip/ip_input_acl.c b/vnet/vnet/ip/ip_input_acl.c index 6331cf4fa6b..93a580ce47c 100644 --- a/vnet/vnet/ip/ip_input_acl.c +++ b/vnet/vnet/ip/ip_input_acl.c @@ -115,11 +115,9 @@ ip_inacl_inline (vlib_main_t * vm, bi0 = from[0]; b0 = vlib_get_buffer (vm, bi0); - h0 = b0->data; bi1 = from[1]; b1 = vlib_get_buffer (vm, bi1); - h1 = b1->data; sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; table_index0 = am->classify_table_index_by_sw_if_index[tid][sw_if_index0]; @@ -131,11 +129,21 @@ ip_inacl_inline (vlib_main_t * vm, t1 = pool_elt_at_index (vcm->tables, table_index1); + if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA) + h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset; + else + h0 = b0->data; + vnet_buffer(b0)->l2_classify.hash = vnet_classify_hash_packet (t0, (u8 *) h0); vnet_classify_prefetch_bucket (t0, vnet_buffer(b0)->l2_classify.hash); + if (t1->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA) + h1 = (void *)vlib_buffer_get_current (b1) + t1->current_data_offset; + else + h1 = b1->data; + vnet_buffer(b1)->l2_classify.hash = vnet_classify_hash_packet (t1, (u8 *) h1); @@ -160,12 +168,17 @@ ip_inacl_inline (vlib_main_t * vm, bi0 = from[0]; b0 = vlib_get_buffer (vm, bi0); - h0 = b0->data; sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; table_index0 = am->classify_table_index_by_sw_if_index[tid][sw_if_index0]; t0 = pool_elt_at_index (vcm->tables, table_index0); + + if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA) + h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset; + else + h0 = b0->data; + vnet_buffer(b0)->l2_classify.hash = vnet_classify_hash_packet (t0, (u8 *) h0); @@ -227,7 +240,6 @@ ip_inacl_inline (vlib_main_t * vm, n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); - h0 = b0->data; table_index0 = vnet_buffer(b0)->l2_classify.table_index; e0 = 0; t0 = 0; @@ -243,6 +255,11 @@ ip_inacl_inline (vlib_main_t * vm, hash0 = vnet_buffer(b0)->l2_classify.hash; t0 = pool_elt_at_index (vcm->tables, table_index0); + if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA) + h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset; + else + h0 = b0->data; + e0 = vnet_classify_find_entry (t0, (u8 *) h0, hash0, now); if (e0) @@ -263,6 +280,10 @@ ip_inacl_inline (vlib_main_t * vm, error0 = (next0 == ACL_NEXT_INDEX_DENY)? IP6_ERROR_INACL_SESSION_DENY:IP6_ERROR_NONE; b0->error = error_node->errors[error0]; + + if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX || + e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX) + vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata; } else { @@ -288,6 +309,11 @@ ip_inacl_inline (vlib_main_t * vm, break; } + if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA) + h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset; + else + h0 = b0->data; + hash0 = vnet_classify_hash_packet (t0, (u8 *) h0); e0 = vnet_classify_find_entry (t0, (u8 *) h0, hash0, now); @@ -308,6 +334,10 @@ ip_inacl_inline (vlib_main_t * vm, error0 = (next0 == ACL_NEXT_INDEX_DENY)? IP6_ERROR_INACL_SESSION_DENY:IP6_ERROR_NONE; b0->error = error_node->errors[error0]; + + if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX || + e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX) + vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata; break; } } |