VPP-521: Classify API enhancement to redirect traffic to pre-defined VRF

Ingress packets are punted to the “Input ACL node” where traffic is classified based on n-tuple keys. If no matched session is found from the classify tables, then it will be passed to “the lookup node” for normal packet forwarding. If a classify session is hit from one of classify tables, then packet vnet buffer field sw_if_index[VLIB_TX] will be updated to the new FIB index used for subsequent IP lookup for this packet. Change-Id: Ifdea63196ddb81c2d5c43b8c98e11ddbf5b11858 Signed-off-by: Steve Shin <jonshin@cisco.com>
author: Steve Shin <jonshin@cisco.com> 2016-11-08 10:47:10 -0800
committer: John Lo <loj@cisco.com> 2016-11-16 02:29:44 +0000
commit: 25e26dc5136137c771715145dd5b2884060ff9eb (patch)
tree: 9279b106952a9a603060a185bda6b9f2e89ec8f4 /vnet/vnet/ip/ip_input_acl.c
parent: 9c6ae5f43b1f3141d37d6d7b3963926302826f08 (diff)
1 files changed, 34 insertions, 4 deletions
diff --git a/vnet/vnet/ip/ip_input_acl.c b/vnet/vnet/ip/ip_input_acl.c
index 6331cf4fa6b..93a580ce47c 100644
--- a/vnet/vnet/ip/ip_input_acl.c
+++ b/vnet/vnet/ip/ip_input_acl.c
@@ -115,11 +115,9 @@ ip_inacl_inline (vlib_main_t * vm,
 
       bi0 = from[0];
       b0 = vlib_get_buffer (vm, bi0);
-      h0 = b0->data;
 
       bi1 = from[1];
       b1 = vlib_get_buffer (vm, bi1);
-      h1 = b1->data;
 
       sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
       table_index0 = am->classify_table_index_by_sw_if_index[tid][sw_if_index0];
@@ -131,11 +129,21 @@ ip_inacl_inline (vlib_main_t * vm,
 
       t1 = pool_elt_at_index (vcm->tables, table_index1);
 
+      if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+        h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+      else
+        h0 = b0->data;
+
       vnet_buffer(b0)->l2_classify.hash =
         vnet_classify_hash_packet (t0, (u8 *) h0);
 
       vnet_classify_prefetch_bucket (t0, vnet_buffer(b0)->l2_classify.hash);
 
+      if (t1->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+        h1 = (void *)vlib_buffer_get_current (b1) + t1->current_data_offset;
+      else
+        h1 = b1->data;
+
       vnet_buffer(b1)->l2_classify.hash =
         vnet_classify_hash_packet (t1, (u8 *) h1);
 
@@ -160,12 +168,17 @@ ip_inacl_inline (vlib_main_t * vm,
 
       bi0 = from[0];
       b0 = vlib_get_buffer (vm, bi0);
-      h0 = b0->data;
 
       sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
       table_index0 = am->classify_table_index_by_sw_if_index[tid][sw_if_index0];
 
       t0 = pool_elt_at_index (vcm->tables, table_index0);
+
+      if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+        h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+      else
+        h0 = b0->data;
+
       vnet_buffer(b0)->l2_classify.hash =
         vnet_classify_hash_packet (t0, (u8 *) h0);
 
@@ -227,7 +240,6 @@ ip_inacl_inline (vlib_main_t * vm,
           n_left_to_next -= 1;
 
           b0 = vlib_get_buffer (vm, bi0);
-          h0 = b0->data;
           table_index0 = vnet_buffer(b0)->l2_classify.table_index;
           e0 = 0;
           t0 = 0;
@@ -243,6 +255,11 @@ ip_inacl_inline (vlib_main_t * vm,
               hash0 = vnet_buffer(b0)->l2_classify.hash;
               t0 = pool_elt_at_index (vcm->tables, table_index0);
 
+              if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+                h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+              else
+                h0 = b0->data;
+
               e0 = vnet_classify_find_entry (t0, (u8 *) h0, hash0,
                                              now);
               if (e0)
@@ -263,6 +280,10 @@ ip_inacl_inline (vlib_main_t * vm,
                     error0 = (next0 == ACL_NEXT_INDEX_DENY)?
                       IP6_ERROR_INACL_SESSION_DENY:IP6_ERROR_NONE;
                   b0->error = error_node->errors[error0];
+
+                  if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX ||
+                      e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
+                    vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata;
                 }
               else
                 {
@@ -288,6 +309,11 @@ ip_inacl_inline (vlib_main_t * vm,
                           break;
                         }
 
+                      if (t0->current_data_flag == CLASSIFY_FLAG_USE_CURR_DATA)
+                        h0 = (void *)vlib_buffer_get_current (b0) + t0->current_data_offset;
+                      else
+                        h0 = b0->data;
+
                       hash0 = vnet_classify_hash_packet (t0, (u8 *) h0);
                       e0 = vnet_classify_find_entry
                         (t0, (u8 *) h0, hash0, now);
@@ -308,6 +334,10 @@ ip_inacl_inline (vlib_main_t * vm,
                             error0 = (next0 == ACL_NEXT_INDEX_DENY)?
                               IP6_ERROR_INACL_SESSION_DENY:IP6_ERROR_NONE;
                           b0->error = error_node->errors[error0];
+
+                          if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX ||
+                              e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
+                            vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata;
                           break;
                         }
                     }
author	Steve Shin <jonshin@cisco.com>	2016-11-08 10:47:10 -0800
committer	John Lo <loj@cisco.com>	2016-11-16 02:29:44 +0000
commit	25e26dc5136137c771715145dd5b2884060ff9eb (patch)
tree	9279b106952a9a603060a185bda6b9f2e89ec8f4 /vnet/vnet/ip/ip_input_acl.c
parent	9c6ae5f43b1f3141d37d6d7b3963926302826f08 (diff)