VPP-521: Classify API enhancement to redirect traffic to pre-defined VRF

Ingress packets are punted to the “Input ACL node” where traffic is
classified based on n-tuple keys. If no matched session is found from
the classify tables, then it will be passed to “the lookup node” for
normal packet forwarding. If a classify session is hit from one of
classify tables, then packet vnet buffer field sw_if_index[VLIB_TX]
will be updated to the new FIB index used for subsequent IP lookup
for this packet.

Change-Id: Ifdea63196ddb81c2d5c43b8c98e11ddbf5b11858
Signed-off-by: Steve Shin <jonshin@cisco.com>

3 files changed, 56 insertions, 10 deletions

diff --git a/vpp/vpp-api/api.c b/vpp/vpp-api/api.c
index 1ecd148186b..b29757602c9 100644
--- a/vpp/vpp-api/api.c
+++ b/vpp/vpp-api/api.c
@@ -3922,7 +3922,9 @@ _(memory_size)                                  \
 _(skip_n_vectors)                               \
 _(match_n_vectors)                              \
 _(next_table_index)                             \
-_(miss_next_index)
+_(miss_next_index)                              \
+_(current_data_flag)                            \
+_(current_data_offset)
 
 static void vl_api_classify_add_del_table_t_handler
   (vl_api_classify_add_del_table_t * mp)
@@ -3941,17 +3943,25 @@ static void vl_api_classify_add_del_table_t_handler
 #undef _
 
   /* The underlying API fails silently, on purpose, so check here */
-  if (mp->is_add == 0)
-    if (pool_is_free_index (cm->tables, table_index))
-      {
-	rv = VNET_API_ERROR_NO_SUCH_TABLE;
-	goto out;
-      }
+  if (mp->is_add == 0)		/* delete */
+    {
+      if (pool_is_free_index (cm->tables, table_index))
+	{
+	  rv = VNET_API_ERROR_NO_SUCH_TABLE;
+	  goto out;
+	}
+    }
+  else				/* add or update */
+    {
+      if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
+	table_index = ~0;
+    }
 
   rv = vnet_classify_add_del_table
     (cm, mp->mask, nbuckets, memory_size,
      skip_n_vectors, match_n_vectors,
-     next_table_index, miss_next_index, &table_index, mp->is_add);
+     next_table_index, miss_next_index, &table_index,
+     current_data_flag, current_data_offset, mp->is_add);
 
 out:
   /* *INDENT-OFF* */
@@ -3980,17 +3990,20 @@ static void vl_api_classify_add_del_session_t_handler
   vnet_classify_main_t *cm = &vnet_classify_main;
   vl_api_classify_add_del_session_reply_t *rmp;
   int rv;
-  u32 table_index, hit_next_index, opaque_index;
+  u32 table_index, hit_next_index, opaque_index, metadata;
   i32 advance;
+  u8 action;
 
   table_index = ntohl (mp->table_index);
   hit_next_index = ntohl (mp->hit_next_index);
   opaque_index = ntohl (mp->opaque_index);
   advance = ntohl (mp->advance);
+  action = mp->action;
+  metadata = ntohl (mp->metadata);
 
   rv = vnet_classify_add_del_session
     (cm, table_index, mp->match, hit_next_index, opaque_index,
-     advance, mp->is_add);
+     advance, action, metadata, mp->is_add);
 
   REPLY_MACRO (VL_API_CLASSIFY_ADD_DEL_SESSION_REPLY);
 }
diff --git a/vpp/vpp-api/custom_dump.c b/vpp/vpp-api/custom_dump.c
index b42130d6972..1dc96650aec 100644
--- a/vpp/vpp-api/custom_dump.c
+++ b/vpp/vpp-api/custom_dump.c
@@ -1222,6 +1222,10 @@ static void *vl_api_classify_add_del_table_t_print
       s = format (s, "match %d ", ntohl (mp->match_n_vectors));
       s = format (s, "next-table %d ", ntohl (mp->next_table_index));
       s = format (s, "miss-next %d ", ntohl (mp->miss_next_index));
+      s = format (s, "current-data-flag %d ", ntohl (mp->current_data_flag));
+      if (mp->current_data_flag)
+	s = format (s, "current-data-offset %d ",
+		    ntohl (mp->current_data_offset));
       s = format (s, "mask hex ");
       for (i = 0; i < ntohl (mp->match_n_vectors) * sizeof (u32x4); i++)
 	s = format (s, "%02x", mp->mask[i]);
@@ -1243,6 +1247,9 @@ static void *vl_api_classify_add_del_session_t_print
   s = format (s, "hit_next_index %d ", ntohl (mp->hit_next_index));
   s = format (s, "opaque_index %d ", ntohl (mp->opaque_index));
   s = format (s, "advance %d ", ntohl (mp->advance));
+  s = format (s, "action %d ", mp->action);
+  if (mp->action)
+    s = format (s, "metadata %d ", ntohl (mp->metadata));
   if (mp->is_add == 0)
     s = format (s, "del ");
 
diff --git a/vpp/vpp-api/vpe.api b/vpp/vpp-api/vpe.api
index e69979c64fa..8a7fac67604 100644
--- a/vpp/vpp-api/vpe.api
+++ b/vpp/vpp-api/vpe.api
@@ -1766,6 +1766,17 @@ define bd_ip_mac_add_del_reply
     @param match_n_vectors - number of match vectors
     @param next_table_index - index of next table
     @param miss_next_index - index of miss table
+    @param current_data_flag - option to use current node's packet payload
+            as the starting point from where packets are classified,
+            This option is only valid for L2/L3 input ACL for now.
+            0: by default, classify data from the buffer's start location
+            1: classify packets from VPP node’s current data pointer
+    @param current_data_offset - a signed value to shift the start location of
+            the packet to be classified
+            For example, if input IP ACL node is used, L2 header’s first byte
+            can be accessible by configuring current_data_offset to -14
+            if there is no vlan tag.
+            This is valid only if current_data_flag is set to 1.
     @param mask[] - match mask
 */
 define classify_add_del_table
@@ -1780,6 +1791,8 @@ define classify_add_del_table
   u32 match_n_vectors;
   u32 next_table_index;
   u32 miss_next_index;
+  u32 current_data_flag;
+  i32 current_data_offset;
   u8 mask[0];
 };
 
@@ -1807,6 +1820,17 @@ define classify_add_del_table_reply
     @param hit_next_index - for add, hit_next_index of new session, required
     @param opaque_index - for add, opaque_index of new session
     @param advance -for add, advance value for session
+    @param action -
+           0: no action (by default)
+              metadata is not used.
+           1: Classified IP packets will be looked up from the
+              specified ipv4 fib table (configured by metadata as VRF id).
+              Only valid for L3 input ACL node
+           2: Classified IP packets will be looked up from the
+              specified ipv6 fib table (configured by metadata as VRF id).
+              Only valid for L3 input ACL node
+    @param metadata - valid only if action != 0
+           VRF id if action is 1 or 2.
     @param match[] - for add, match value for session, required
 */
 define classify_add_del_session
@@ -1818,6 +1842,8 @@ define classify_add_del_session
   u32 hit_next_index;
   u32 opaque_index;
   i32 advance;
+  u8 action;
+  u32 metadata;
   u8 match[0];
 };