diff options
Diffstat (limited to 'src/plugins/ioam')
34 files changed, 554 insertions, 630 deletions
diff --git a/src/plugins/ioam/analyse/ioam_summary_export.c b/src/plugins/ioam/analyse/ioam_summary_export.c index 032272f5ec7..6856bcc2200 100644 --- a/src/plugins/ioam/analyse/ioam_summary_export.c +++ b/src/plugins/ioam/analyse/ioam_summary_export.c @@ -20,11 +20,9 @@ #include <ioam/analyse/ip6/ip6_ioam_analyse.h> u8 * -ioam_template_rewrite (flow_report_main_t * frm, flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, u16 collector_port, - ipfix_report_element_t * elts, - u32 n_elts, u32 * stream_index) +ioam_template_rewrite (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, ipfix_report_element_t *elts, + u32 n_elts, u32 *stream_index) { ip4_header_t *ip; udp_header_t *udp; @@ -39,7 +37,7 @@ ioam_template_rewrite (flow_report_main_t * frm, flow_report_t * fr, u32 field_index = 0; flow_report_stream_t *stream; - stream = &frm->streams[fr->stream_index]; + stream = &exp->streams[fr->stream_index]; /* Determine field count */ #define _(field,mask,item,length) \ @@ -74,8 +72,8 @@ ioam_template_rewrite (flow_report_main_t * frm, flow_report_t * fr, ip->ip_version_and_header_length = 0x45; ip->ttl = 254; ip->protocol = IP_PROTOCOL_UDP; - ip->src_address.as_u32 = src_address->as_u32; - ip->dst_address.as_u32 = collector_address->as_u32; + ip->src_address.as_u32 = exp->src_address.ip.ip4.as_u32; + ip->dst_address.as_u32 = exp->ipfix_collector.ip.ip4.as_u32; udp->src_port = clib_host_to_net_u16 (collector_port); udp->dst_port = clib_host_to_net_u16 (UDP_DST_PORT_ipfix); udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip)); @@ -264,8 +262,9 @@ ioam_analyse_add_ipfix_record (flow_report_t * fr, } vlib_frame_t * -ioam_send_flows (flow_report_main_t * frm, flow_report_t * fr, - vlib_frame_t * f, u32 * to_next, u32 node_index) +ioam_send_flows (flow_report_main_t *frm, ipfix_exporter_t *exp, + flow_report_t *fr, vlib_frame_t *f, u32 *to_next, + u32 node_index) { vlib_buffer_t *b0 = NULL; u32 next_offset = 0; @@ -276,17 +275,16 @@ ioam_send_flows (flow_report_main_t * frm, flow_report_t * fr, ipfix_set_header_t *s = NULL; ip4_header_t *ip; udp_header_t *udp; - u32 records_this_buffer; u16 new_l0, old_l0; ip_csum_t sum0; - vlib_main_t *vm = frm->vlib_main; + vlib_main_t *vm = vlib_get_main (); ip6_address_t temp; ioam_analyser_data_t *record = NULL; flow_report_stream_t *stream; ioam_analyser_data_t *aggregated_data; u16 data_len; - stream = &frm->streams[fr->stream_index]; + stream = &exp->streams[fr->stream_index]; clib_memset (&temp, 0, sizeof (ip6_address_t)); @@ -330,16 +328,14 @@ ioam_send_flows (flow_report_main_t * frm, flow_report_t * fr, h->sequence_number = stream->sequence_number++; h->sequence_number = clib_host_to_net_u32 (h->sequence_number); next_offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp); - records_this_buffer = 0; } next_offset = ioam_analyse_add_ipfix_record (fr, record, b0, next_offset, &temp, &temp, 0, 0); - records_this_buffer++; /* Flush data if packet len is about to reach path mtu */ - if (next_offset > (frm->path_mtu - 250)) + if (next_offset > (exp->path_mtu - 250)) flush = 1; } @@ -366,7 +362,7 @@ ioam_send_flows (flow_report_main_t * frm, flow_report_t * fr, udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); - if (frm->udp_checksum) + if (exp->udp_checksum) { /* RFC 7011 section 10.3.2. */ udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip); @@ -399,7 +395,7 @@ ioam_flow_create (u8 del) vnet_flow_report_add_del_args_t args; int rv; u32 domain_id = 0; - flow_report_main_t *frm = &flow_report_main; + ipfix_exporter_t *exp = &flow_report_main.exporters[0]; u16 template_id; clib_memset (&args, 0, sizeof (args)); @@ -408,7 +404,7 @@ ioam_flow_create (u8 del) del ? (args.is_add = 0) : (args.is_add = 1); args.domain_id = domain_id; - rv = vnet_flow_report_add_del (frm, &args, &template_id); + rv = vnet_flow_report_add_del (exp, &args, &template_id); switch (rv) { @@ -430,12 +426,10 @@ ioam_flow_report_init (vlib_main_t * vm) return 0; } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (ioam_flow_report_init) = { .runs_after = VLIB_INITS("flow_report_init"), }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/analyse/ioam_summary_export.h b/src/plugins/ioam/analyse/ioam_summary_export.h index 99890ad43d9..7d1c5d00829 100644 --- a/src/plugins/ioam/analyse/ioam_summary_export.h +++ b/src/plugins/ioam/analyse/ioam_summary_export.h @@ -65,11 +65,9 @@ typedef struct clib_error_t *ioam_flow_create (u8 del); -u8 *ioam_template_rewrite (flow_report_main_t * frm, flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, u16 collector_port, - ipfix_report_element_t * elts, - u32 n_elts, u32 * stream_index); +u8 *ioam_template_rewrite (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, ipfix_report_element_t *elts, + u32 n_elts, u32 *stream_index); u16 ioam_analyse_add_ipfix_record (flow_report_t * fr, ioam_analyser_data_t * record, diff --git a/src/plugins/ioam/analyse/ip6/ip6_ioam_analyse.c b/src/plugins/ioam/analyse/ip6/ip6_ioam_analyse.c index 99ba3295d44..9db0485da61 100644 --- a/src/plugins/ioam/analyse/ip6/ip6_ioam_analyse.c +++ b/src/plugins/ioam/analyse/ip6/ip6_ioam_analyse.c @@ -94,13 +94,11 @@ set_ioam_analyse_command_fn (vlib_main_t * vm, unformat_input_t * input, return (ioam_analyse_enable_disable (vm, is_add, is_export, remote_listen)); } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_ioam_analyse_command, static) = { .path = "set ioam analyse", .short_help = "set ioam analyse [export-ipfix-collector] [disable] [listen-ipfix]", .function = set_ioam_analyse_command_fn, }; -/* *INDENT-ON* */ static clib_error_t * show_ioam_analyse_cmd_fn (vlib_main_t * vm, unformat_input_t * input, @@ -130,13 +128,11 @@ show_ioam_analyse_cmd_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (ip6_show_ioam_ipfix_cmd, static) = { .path = "show ioam analyse ", .short_help = "show ioam analyser information", .function = show_ioam_analyse_cmd_fn, }; -/* *INDENT-ON* */ static clib_error_t * ioam_analyse_init (vlib_main_t * vm) diff --git a/src/plugins/ioam/analyse/ip6/node.c b/src/plugins/ioam/analyse/ip6/node.c index ef35d0a9134..67895aa6486 100644 --- a/src/plugins/ioam/analyse/ip6/node.c +++ b/src/plugins/ioam/analyse/ip6/node.c @@ -466,7 +466,6 @@ ip6_ioam_analyse_unregister_handlers () ip6_ioam_analyse_unregister_hbh_handler (HBH_OPTION_TYPE_IOAM_EDGE_TO_EDGE); } -/* *INDENT-OFF* */ /* * Node for IP6 analyse - packets @@ -507,7 +506,6 @@ VLIB_REGISTER_NODE (analyse_node_remote) = }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/encap/ip6_ioam_e2e.c b/src/plugins/ioam/encap/ip6_ioam_e2e.c index a3dd048c659..0a811da6105 100644 --- a/src/plugins/ioam/encap/ip6_ioam_e2e.c +++ b/src/plugins/ioam/encap/ip6_ioam_e2e.c @@ -205,9 +205,7 @@ ioam_e2e_init (vlib_main_t * vm) * Init function for the E2E lib. * ip6_hop_by_hop_ioam_e2e_init gets called during init. */ -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (ioam_e2e_init) = { .runs_after = VLIB_INITS("ip6_hop_by_hop_ioam_init"), }; -/* *INDENT-ON* */ diff --git a/src/plugins/ioam/encap/ip6_ioam_e2e.h b/src/plugins/ioam/encap/ip6_ioam_e2e.h index fb83403da8f..f958e17669b 100644 --- a/src/plugins/ioam/encap/ip6_ioam_e2e.h +++ b/src/plugins/ioam/encap/ip6_ioam_e2e.h @@ -19,12 +19,10 @@ #include <ioam/lib-e2e/e2e_util.h> #include "ip6_ioam_seqno.h" -/* *INDENT-OFF* */ typedef CLIB_PACKED(struct { ip6_hop_by_hop_option_t hdr; ioam_e2e_packet_t e2e_hdr; }) ioam_e2e_option_t; -/* *INDENT-ON* */ typedef struct ioam_e2e_data_t_ { u32 flow_ctx; diff --git a/src/plugins/ioam/encap/ip6_ioam_pot.c b/src/plugins/ioam/encap/ip6_ioam_pot.c index 99c21b571a3..54d748455d2 100644 --- a/src/plugins/ioam/encap/ip6_ioam_pot.c +++ b/src/plugins/ioam/encap/ip6_ioam_pot.c @@ -255,9 +255,7 @@ ip6_hop_by_hop_ioam_pot_init (vlib_main_t * vm) return (0); } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (ip6_hop_by_hop_ioam_pot_init) = { .runs_after = VLIB_INITS("ip6_hop_by_hop_ioam_init"), }; -/* *INDENT-OFF* */ diff --git a/src/plugins/ioam/encap/ip6_ioam_pot.h b/src/plugins/ioam/encap/ip6_ioam_pot.h index 01ce4ac590f..ef6f4c7344c 100644 --- a/src/plugins/ioam/encap/ip6_ioam_pot.h +++ b/src/plugins/ioam/encap/ip6_ioam_pot.h @@ -18,7 +18,6 @@ #include <vnet/ip/ip6_hop_by_hop_packet.h> -/* *INDENT-OFF* */ typedef CLIB_PACKED (struct { ip6_hop_by_hop_option_t hdr; u8 pot_type; @@ -27,7 +26,6 @@ typedef CLIB_PACKED (struct { u64 random; u64 cumulative; }) ioam_pot_option_t; -/* *INDENT-ON* */ #endif /* PLUGINS_IOAM_PLUGIN_IOAM_ENCAP_IP6_IOAM_POT_H_ */ diff --git a/src/plugins/ioam/encap/ip6_ioam_trace.c b/src/plugins/ioam/encap/ip6_ioam_trace.c index ea496610433..b244af56a6b 100644 --- a/src/plugins/ioam/encap/ip6_ioam_trace.c +++ b/src/plugins/ioam/encap/ip6_ioam_trace.c @@ -399,20 +399,16 @@ ip6_show_ioam_trace_cmd_fn (vlib_main_t * vm, } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (ip6_show_ioam_trace_cmd, static) = { .path = "show ioam trace", .short_help = "iOAM trace statistics", .function = ip6_show_ioam_trace_cmd_fn, }; -/* *INDENT-ON* */ -/* *INDENT-OFF* */ VLIB_PLUGIN_REGISTER () = { .version = VPP_BUILD_VER, .description = "Inbound Operations, Administration, and Maintenance (OAM)", }; -/* *INDENT-ON* */ static clib_error_t * ip6_hop_by_hop_ioam_trace_init (vlib_main_t * vm) @@ -443,13 +439,11 @@ ip6_hop_by_hop_ioam_trace_init (vlib_main_t * vm) return (0); } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (ip6_hop_by_hop_ioam_trace_init) = { .runs_after = VLIB_INITS ("ip_main_init", "ip6_lookup_init", "ip6_hop_by_hop_ioam_init"), }; -/* *INDENT-ON* */ int ip6_trace_profile_cleanup (void) diff --git a/src/plugins/ioam/encap/ip6_ioam_trace.h b/src/plugins/ioam/encap/ip6_ioam_trace.h index 4eda6110d24..25693dfc6cd 100644 --- a/src/plugins/ioam/encap/ip6_ioam_trace.h +++ b/src/plugins/ioam/encap/ip6_ioam_trace.h @@ -21,12 +21,10 @@ #include <vnet/ip/ip6_hop_by_hop_packet.h> #include <ioam/lib-trace/trace_util.h> -/* *INDENT-OFF* */ typedef CLIB_PACKED(struct { ip6_hop_by_hop_option_t hdr; ioam_trace_hdr_t trace_hdr; }) ioam_trace_option_t; -/* *INDENT-ON* */ always_inline void ip6_hbh_ioam_trace_set_bit (ioam_trace_option_t * trace, u8 trace_bit) diff --git a/src/plugins/ioam/export-common/ioam_export.h b/src/plugins/ioam/export-common/ioam_export.h index f242ad7a788..1b764f66b15 100644 --- a/src/plugins/ioam/export-common/ioam_export.h +++ b/src/plugins/ioam/export-common/ioam_export.h @@ -287,7 +287,7 @@ ioam_export_header_create (ioam_export_main_t * em, (DEFAULT_EXPORT_RECORDS * DEFAULT_EXPORT_SIZE)); ip->checksum = ip4_header_checksum (ip); - _vec_len (rewrite) = sizeof (ip4_ipfix_data_packet_t); + vec_set_len (rewrite, sizeof (ip4_ipfix_data_packet_t)); em->record_header = rewrite; return (1); } diff --git a/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export.c b/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export.c index f802a049365..1606f72224f 100644 --- a/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export.c +++ b/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export.c @@ -158,14 +158,12 @@ set_vxlan_gpe_ioam_export_ipfix_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_vxlan_gpe_ioam_ipfix_command, static) = { .path = "set vxlan-gpe-ioam export ipfix", .short_help = "set vxlan-gpe-ioam export ipfix collector <ip4-address> src <ip4-address>", .function = set_vxlan_gpe_ioam_export_ipfix_command_fn, }; -/* *INDENT-ON* */ #include <ioam/export-vxlan-gpe/vxlan_gpe_ioam_export.api.c> static clib_error_t * diff --git a/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export_thread.c b/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export_thread.c index 7d66bd45849..5de10ba47f3 100644 --- a/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export_thread.c +++ b/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_ioam_export_thread.c @@ -33,14 +33,12 @@ vxlan_gpe_ioam_export_process (vlib_main_t * vm, } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (vxlan_gpe_ioam_export_process_node, static) = { .function = vxlan_gpe_ioam_export_process, .type = VLIB_NODE_TYPE_PROCESS, .name = "vxlan-gpe-ioam-export-process", }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_node.c b/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_node.c index f8d90332d5c..839fd80b443 100644 --- a/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_node.c +++ b/src/plugins/ioam/export-vxlan-gpe/vxlan_gpe_node.c @@ -144,7 +144,6 @@ vxlan_gpe_export_node_fn (vlib_main_t * vm, /* * Node for VXLAN-GPE export */ -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (vxlan_export_node) = { .function = vxlan_gpe_export_node_fn, @@ -159,7 +158,6 @@ VLIB_REGISTER_NODE (vxlan_export_node) = .next_nodes = {[EXPORT_NEXT_VXLAN_GPE_INPUT] = "vxlan-gpe-pop-ioam-v4"}, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/export/ioam_export.c b/src/plugins/ioam/export/ioam_export.c index 21695af3368..f38281182c8 100644 --- a/src/plugins/ioam/export/ioam_export.c +++ b/src/plugins/ioam/export/ioam_export.c @@ -137,13 +137,11 @@ set_ioam_export_ipfix_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_ipfix_command, static) = { .path = "set ioam export ipfix",.short_help = "set ioam export ipfix collector <ip4-address> src <ip4-address>",. function = set_ioam_export_ipfix_command_fn,}; -/* *INDENT-ON* */ #include <ioam/export/ioam_export.api.c> static clib_error_t * diff --git a/src/plugins/ioam/ioam_plugin_doc.md b/src/plugins/ioam/ioam_plugin_doc.md deleted file mode 100644 index 343abcf73d8..00000000000 --- a/src/plugins/ioam/ioam_plugin_doc.md +++ /dev/null @@ -1,464 +0,0 @@ -## VPP Inband OAM (iOAM) {#ioam_plugin_doc} - -In-band OAM (iOAM) is an implementation study to record operational -information in the packet while the packet traverses a path between -two points in the network. - -Overview of iOAM can be found in [iOAM-Devnet] page. -The following IETF drafts detail the motivation and mechanism for -recording operational information: - - [iOAM-ietf-requirements] - Describes motivation and usecases for iOAM - - [iOAM-ietf-data] - Describes data records that can be collected using iOAM - - [iOAM-ietf-transport] - Lists out the transport protocols - and mechanism to carry iOAM data records - - [iOAM-ietf-proof-of-transit] - Describes the idea of Proof of Transit (POT) - and mechanisms to operationalize the idea - -## Terminology -In-band OAM is expected to be deployed in a specific domain rather -than on the overall Internet. The part of the network which employs in-band OAM -is referred to as **"in-band OAM-domain"**. - -In-band OAM data is added to a packet on entering the in-band OAM-domain -and is removed from the packet when exiting the domain. -Within the in-band OAM-domain, network nodes that the packet traverses -may update the in-band OAM data records. - -- The node which adds in-band OAM data to the packet is called the -**"in-band OAM encapsulating node"**. - -- The node which removes the in-band OAM data is referred to as the -**"in-band OAM decapsulating node"**. - -- Nodes within the domain which are aware of in-band OAM data and read -and/or write or process the in-band OAM data are called -**"in-band OAM transit nodes"**. - -## Features supported in the current release -VPP can function as in-band OAM encapsulating, transit and decapsulating node. -In this version of VPP in-band OAM data is transported as options in an -IPv6 hop-by-hop extension header. Hence in-band OAM can be enabled -for IPv6 traffic. - -The following iOAM features are supported: - -- **In-band OAM Tracing** : In-band OAM supports multiple data records to be -recorded in the packet as the packet traverses the network. -These data records offer insights into the operational behavior of the network. -The following information can be collected in the tracing -data from the nodes a packet traverses: - - Node ID - - Ingress interface ID - - Egress interface ID - - Timestamp - - Pre-configured application data - -- **In-band OAM Proof of Transit (POT)**: Proof of transit iOAM data is -added to every packet for verifying that a packet traverses a specific -set of nodes. -In-band OAM data is updated at every node that is enabled with iOAM -proof of transit and is used to verify whether a packet traversed -all the specified nodes. When the verifier receives each packet, -it can validate whether the packet traversed the specified nodes. - - -## Configuration -Configuring iOAM involves: -- Selecting the packets for which iOAM data must be inserted, updated or removed - - Selection of packets for iOAM data insertion on iOAM encapsulating node. - Selection of packets is done by 5-tuple based classification - - Selection of packets for updating iOAM data is implicitly done on the - presence of iOAM options in the packet - - Selection of packets for removing the iOAM data is done on 5-tuple - based classification -- The kind of data to be collected - - Tracing data - - Proof of transit -- Additional details for processing iOAM data to be collected - - For trace data - trace type, number of nodes to be recorded in the trace, - time stamp precision, etc. - - For POT data - configuration of POT profile required to process the POT data - -The CLI for configuring iOAM is explained here followed by detailed steps -and examples to deploy iOAM on VPP as an encapsulating, transit or -decapsulating iOAM node in the subsequent sub-sections. - -VPP iOAM configuration for enabling trace and POT is as follows: - - set ioam rewrite trace-type <0x1f|0x7|0x9|0x11|0x19> - trace-elts <number of trace elements> trace-tsp <0|1|2|3> - node-id <node ID in hex> app-data <application data in hex> [pot] - -A description of each of the options of the CLI follows: -- trace-type : An entry in the "Node data List" array of the trace option -can have different formats, following the needs of the a deployment. -For example: Some deployments might only be interested -in recording the node identifiers, whereas others might be interested -in recording node identifier and timestamp. -The following types are currently supported: - - 0x1f : Node data to include hop limit (8 bits), node ID (24 bits), - ingress and egress interface IDs (16 bits each), timestamp (32 bits), - application data (32 bits) - - 0x7 : Node data to include hop limit (8 bits), node ID (24 bits), - ingress and egress interface IDs (16 bits each) - - 0x9 : Node data to include hop limit (8 bits), node ID (24 bits), - timestamp (32 bits) - - 0x11: Node data to include hop limit (8 bits), node ID (24 bits), - application data (32 bits) - - 0x19: Node data to include hop limit (8 bits), node ID (24 bits), - timestamp (32 bits), application data (32 bits) -- trace-elts : Defines the length of the node data array in the trace option. -- trace-tsp : Defines the timestamp precision to use with the enumerated value - for precision as follows: - - 0 : 32bits timestamp in seconds - - 1 : 32bits timestamp in milliseconds - - 2 : 32bits timestamp in microseconds - - 3 : 32bits timestamp in nanoseconds -- node-id : Unique identifier for the node, included in the node ID - field of the node data in trace option. -- app-data : The value configured here is included as is in -application data field of node data in trace option. -- pot : Enables POT option to be included in the iOAM options. - -### Trace configuration - -#### On in-band OAM encapsulating node - - **Configure classifier and apply ACL** to select packets for - iOAM data insertion - - Example to enable iOAM data insertion for all the packets - towards IPv6 address db06::06: - - vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst - - vpp# classify session acl-hit-next node ip6-add-hop-by-hop - table-index 0 match l3 ip6 dst db06::06 - - vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - - - **Enable tracing** : Specify node ID, maximum number of nodes for which - trace data should be recorded, type of data to be included for recording, - optionally application data to be included - - Example to enable tracing with a maximum of 4 nodes recorded - and the data to be recorded to include - hop limit, node id, - ingress and egress interface IDs, timestamp (millisecond precision), - application data (0x1234): - - - vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 - node-id 0x1 app-data 0x1234 - - - -#### On in-band OAM transit node -- The transit node requires trace type, timestamp precision, node ID and -optionally application data to be configured, -to update its node data in the trace option. - -Example: - - vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 - node-id 0x2 app-data 0x1234 - -#### On the In-band OAM decapsulating node -- The decapsulating node similar to encapsulating node requires -**classification** of the packets to remove iOAM data from. - - Example to decapsulate iOAM data for packets towards - db06::06, configure classifier and enable it as an ACL as follows: - - - vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst - - vpp# classify session acl-hit-next node ip6-lookup table-index 0 - match l3 ip6 dst db06::06 opaque-index 100 - - vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - - -- Decapsulating node requires trace type, timestamp precision, -node ID and optionally application data to be configured, -to update its node data in the trace option before it is decapsulated. - -Example: - - vpp# set ioam rewrite trace-type 0x1f trace-elts 4 - trace-tsp 1 node-id 0x3 app-data 0x1234 - - -### Proof of Transit configuration - -For details on proof-of-transit, -see the IETF draft [iOAM-ietf-proof-of-transit]. -To enable Proof of Transit all the nodes that participate -and hence are verified for transit need a proof of transit profile. -A script to generate a proof of transit profile as per the mechanism -described in [iOAM-ietf-proof-of-transit] will be available at [iOAM-Devnet]. - -The Proof of transit mechanism implemented here is based on -Shamir's Secret Sharing algorithm. -The overall algorithm uses two polynomials -POLY-1 and POLY-2. The degree of polynomials depends on number of nodes -to be verified for transit. -POLY-1 is secret and constant. Each node gets a point on POLY-1 -at setup-time and keeps it secret. -POLY-2 is public, random and per packet. -Each node is assigned a point on POLY-1 and POLY-2 with the same x index. -Each node derives its point on POLY-2 each time a packet arrives at it. -A node then contributes its points on POLY-1 and POLY-2 to construct -POLY-3 (POLY-3 = POLY-1 + POLY-2) using lagrange extrapolation and -forwards it towards the verifier by updating POT data in the packet. -The verifier constructs POLY-3 from the accumulated value from all the nodes -and its own points on POLY-1 and POLY-2 and verifies whether -POLY-3 = POLY-1 + POLY-2. Only the verifier knows POLY-1. -The solution leverages finite field arithmetic in a field of size "prime number" -for reasons explained in description of Shamir's secret sharing algorithm. - -Here is an explanation of POT profile list and profile configuration CLI to -realize the above mechanism. -It is best to use the script provided at [iOAM-Devnet] to generate -this configuration. -- **Create POT profile** : set pot profile name <string> id [0-1] -[validator-key 0xu64] prime-number 0xu64 secret_share 0xu64 -lpc 0xu64 polynomial2 0xu64 bits-in-random [0-64] - - name : Profile list name. - - id : Profile id, it can be 0 or 1. - A maximum of two profiles can be configured per profile list. - - validator-key : Secret key configured only on the - verifier/decapsulating node used to compare and verify proof of transit. - - prime-number : Prime number for finite field arithmetic as required by the - proof of transit mechanism. - - secret_share : Unique point for each node on the secret polynomial POLY-1. - - lpc : Lagrange Polynomial Constant(LPC) calculated per node based on - its point (x value used for evaluating the points on the polynomial) - on the polynomial used in lagrange extrapolation - for reconstructing polynomial (POLY-3). - - polynomial2 : Is the pre-evaluated value of the point on - 2nd polynomial(POLY-2). This is unique for each node. - It is pre-evaluated for all the coefficients of POLY-2 except - for the constant part of the polynomial that changes per packet - and is received as part of the POT data in the packet. - - bits-in-random : To control the size of the random number to be - generated. This number has to match the other numbers generated and used - in the profile as per the algorithm. - -- **Set a configured profile as active/in-use** : -set pot profile-active name <string> ID [0-1] - - name : Name of the profile list to be used for computing - POT data per packet. - - ID : Identifier of the profile within the list to be used. - -#### On In-band OAM encapsulating node - - Configure the classifier and apply ACL to select packets for iOAM data insertion. - - Example to enable iOAM data insertion for all the packet towards - IPv6 address db06::06 - - - - vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst - - vpp# classify session acl-hit-next node - ip6-add-hop-by-hop table-index 0 match l3 ip6 dst db06::06 - - vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - - - - Configure the proof of transit profile list with profiles. -Each profile list referred to by a name can contain 2 profiles, -only one is in use for updating proof of transit data at any time. - - Example profile list example with a profile generated from the - script to verify transit through 3 nodes is: - - - vpp# set pot profile name example id 0 prime-number 0x7fff0000fa884685 - secret_share 0x6c22eff0f45ec56d lpc 0x7fff0000fa884682 - polynomial2 0xffb543d4a9c bits-in-random 63 - - - Enable one of the profiles from the configured profile list as active - so that is will be used for calculating proof of transit - -Example enable profile ID 0 from profile list example configured above: - - - vpp# set pot profile-active name example ID 0 - - - - Enable POT option to be inserted - - - vpp# set ioam rewrite pot - - -#### On in-band OAM transit node - - Configure the proof of transit profile list with profiles for transit node. -Example: - - - vpp# set pot profile name example id 0 prime-number 0x7fff0000fa884685 - secret_share 0x564cdbdec4eb625d lpc 0x1 - polynomial2 0x23f3a227186a bits-in-random 63 - -#### On in-band OAM decapsulating node / verifier -- The decapsulating node, similar to the encapsulating node requires -classification of the packets to remove iOAM data from. - - Example to decapsulate iOAM data for packets towards db06::06 - configure classifier and enable it as an ACL as follows: - - - vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst - - vpp# classify session acl-hit-next node ip6-lookup table-index 0 - match l3 ip6 dst db06::06 opaque-index 100 - - vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 - -- To update and verify the proof of transit, POT profile list should be configured. - - Example POT profile list configured as follows: - - vpp# set pot profile name example id 0 validate-key 0x7fff0000fa88465d - prime-number 0x7fff0000fa884685 secret_share 0x7a08fbfc5b93116d lpc 0x3 - polynomial2 0x3ff738597ce bits-in-random 63 - -## Operational data - -Following CLIs are available to check iOAM operation: -- To check iOAM configuration that are effective use "show ioam summary" - -Example: - - vpp# show ioam summary - REWRITE FLOW CONFIGS - Not configured - HOP BY HOP OPTIONS - TRACE CONFIG - - Trace Type : 0x1f (31) - Trace timestamp precision : 1 (Milliseconds) - Num of trace nodes : 4 - Node-id : 0x2 (2) - App Data : 0x1234 (4660) - POT OPTION - 1 (Enabled) - Try 'show ioam pot and show pot profile' for more information - -- To find statistics about packets for which iOAM options were -added (encapsulating node) and removed (decapsulating node) execute -*show errors* - -Example on encapsulating node: - - - vpp# show error - Count Node Reason - 1208804706 ip6-inacl input ACL hits - 1208804706 ip6-add-hop-by-hop Pkts w/ added ip6 hop-by-hop options - -Example on decapsulating node: - - vpp# show error - Count Node Reason - 69508569 ip6-inacl input ACL hits - 69508569 ip6-pop-hop-by-hop Pkts w/ removed ip6 hop-by-hop options - -- To check the POT profiles use "show pot profile" - -Example: - - vpp# show pot profile - Profile list in use : example - POT Profile at index: 0 - ID : 0 - Validator : False (0) - Secret share : 0x564cdbdec4eb625d (6218586935324795485) - Prime number : 0x7fff0000fa884685 (9223090566081300101) - 2nd polynomial(eval) : 0x23f3a227186a (39529304496234) - LPC : 0x1 (1) - Bit mask : 0x7fffffffffffffff (9223372036854775807) - Profile index in use: 0 - Pkts passed : 0x36 (54) - -- To get statistics of POT for packets use "show ioam pot" - -Example at encapsulating or transit node: - - vpp# show ioam pot - Pkts with ip6 hop-by-hop POT options - 54 - Pkts with ip6 hop-by-hop POT options but no profile set - 0 - Pkts with POT in Policy - 0 - Pkts with POT out of Policy - 0 - - -Example at decapsulating/verification node: - - - vpp# show ioam pot - Pkts with ip6 hop-by-hop POT options - 54 - Pkts with ip6 hop-by-hop POT options but no profile set - 0 - Pkts with POT in Policy - 54 - Pkts with POT out of Policy - 0 - -- Tracing - enable trace of IPv6 packets to view the data inserted and -collected. - -Example when the nodes are receiving data over a DPDK interface: -Enable tracing using "trace add dpdk-input 20" and -execute "show trace" to view the iOAM data collected: - - - vpp# trace add dpdk-input 20 - - vpp# show trace - - ------------------- Start of thread 0 vpp_main ------------------- - - Packet 1 - - 00:00:19:294697: dpdk-input - GigabitEthernetb/0/0 rx queue 0 - buffer 0x10e6b: current data 0, length 214, free-list 0, totlen-nifb 0, trace 0x0 - PKT MBUF: port 0, nb_segs 1, pkt_len 214 - buf_len 2176, data_len 214, ol_flags 0x0, data_off 128, phys_addr 0xe9a35a00 - packet_type 0x0 - IP6: 00:50:56:9c:df:72 -> 00:50:56:9c:be:55 - IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 - tos 0x00, flow label 0x0, hop limit 63, payload length 160 - 00:00:19:294737: ethernet-input - IP6: 00:50:56:9c:df:72 -> 00:50:56:9c:be:55 - 00:00:19:294753: ip6-input - IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 - tos 0x00, flow label 0x0, hop limit 63, payload length 160 - 00:00:19:294757: ip6-lookup - fib 0 adj-idx 15 : indirect via db05::2 flow hash: 0x00000000 - IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 - tos 0x00, flow label 0x0, hop limit 63, payload length 160 - 00:00:19:294802: ip6-hop-by-hop - IP6_HOP_BY_HOP: next index 5 len 96 traced 96 Trace Type 0x1f , 1 elts left - [0] ttl 0x0 node ID 0x0 ingress 0x0 egress 0x0 ts 0x0 - app 0x0 - [1] ttl 0x3e node ID 0x3 ingress 0x1 egress 0x2 ts 0xb68c2213 - app 0x1234 - [2] ttl 0x3f node ID 0x2 ingress 0x1 egress 0x2 ts 0xb68c2204 - app 0x1234 - [3] ttl 0x40 node ID 0x1 ingress 0x5 egress 0x6 ts 0xb68c2200 - app 0x1234 - POT opt present - random = 0x577a916946071950, Cumulative = 0x10b46e78a35a392d, Index = 0x0 - 00:00:19:294810: ip6-rewrite - tx_sw_if_index 1 adj-idx 14 : GigabitEthernetb/0/0 - IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 flow hash: 0x00000000 - IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 - IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 - tos 0x00, flow label 0x0, hop limit 62, payload length 160 - 00:00:19:294814: GigabitEthernetb/0/0-output - GigabitEthernetb/0/0 - IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 - IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 - tos 0x00, flow label 0x0, hop limit 62, payload length 160 - 00:00:19:294820: GigabitEthernetb/0/0-tx - GigabitEthernetb/0/0 tx queue 0 - buffer 0x10e6b: current data 0, length 214, free-list 0, totlen-nifb 0, trace 0x0 - IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 - - IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 - - tos 0x00, flow label 0x0, hop limit 62, payload length 160 - - -[iOAM-Devnet]: <https://github.com/ciscodevnet/iOAM> -[iOAM-ietf-requirements]:<https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-01> -[iOAM-ietf-transport]:<https://tools.ietf.org/html/draft-brockners-inband-oam-transport-01> -[iOAM-ietf-data]:<https://tools.ietf.org/html/draft-brockners-inband-oam-data-01> -[iOAM-ietf-proof-of-transit]:<https://tools.ietf.org/html/draft-brockners-proof-of-transit-01> diff --git a/src/plugins/ioam/ioam_plugin_doc.rst b/src/plugins/ioam/ioam_plugin_doc.rst new file mode 100644 index 00000000000..0f84d5f7a36 --- /dev/null +++ b/src/plugins/ioam/ioam_plugin_doc.rst @@ -0,0 +1,490 @@ +Inband OAM (iOAM) +================= + +In-band OAM (iOAM) is an implementation study to record operational +information in the packet while the packet traverses a path between two +points in the network. + +Overview of iOAM can be found in +`iOAM-Devnet <https://github.com/ciscodevnet/iOAM>`__ page. The +following IETF drafts detail the motivation and mechanism for recording +operational information: - +`iOAM-ietf-requirements <https://tools.ietf.org/html/draft-brockners-inband-oam-requirements-01>`__ +- Describes motivation and usecases for iOAM - +`iOAM-ietf-data <https://tools.ietf.org/html/draft-brockners-inband-oam-data-01>`__ +- Describes data records that can be collected using iOAM - +`iOAM-ietf-transport <https://tools.ietf.org/html/draft-brockners-inband-oam-transport-01>`__ +- Lists out the transport protocols and mechanism to carry iOAM data +records - +`iOAM-ietf-proof-of-transit <https://tools.ietf.org/html/draft-brockners-proof-of-transit-01>`__ +- Describes the idea of Proof of Transit (POT) and mechanisms to +operationalize the idea + +Terminology +----------- + +In-band OAM is expected to be deployed in a specific domain rather than +on the overall Internet. The part of the network which employs in-band +OAM is referred to as **“in-band OAM-domain”**. + +In-band OAM data is added to a packet on entering the in-band OAM-domain +and is removed from the packet when exiting the domain. Within the +in-band OAM-domain, network nodes that the packet traverses may update +the in-band OAM data records. + +- The node which adds in-band OAM data to the packet is called the + **“in-band OAM encapsulating node”**. + +- The node which removes the in-band OAM data is referred to as the + **“in-band OAM decapsulating node”**. + +- Nodes within the domain which are aware of in-band OAM data and read + and/or write or process the in-band OAM data are called **“in-band + OAM transit nodes”**. + +Features supported in the current release +----------------------------------------- + +VPP can function as in-band OAM encapsulating, transit and decapsulating +node. In this version of VPP in-band OAM data is transported as options +in an IPv6 hop-by-hop extension header. Hence in-band OAM can be enabled +for IPv6 traffic. + +The following iOAM features are supported: + +- **In-band OAM Tracing** : In-band OAM supports multiple data records + to be recorded in the packet as the packet traverses the network. + These data records offer insights into the operational behavior of + the network. The following information can be collected in the + tracing data from the nodes a packet traverses: + + - Node ID + - Ingress interface ID + - Egress interface ID + - Timestamp + - Pre-configured application data + +- **In-band OAM Proof of Transit (POT)**: Proof of transit iOAM data is + added to every packet for verifying that a packet traverses a + specific set of nodes. In-band OAM data is updated at every node that + is enabled with iOAM proof of transit and is used to verify whether a + packet traversed all the specified nodes. When the verifier receives + each packet, it can validate whether the packet traversed the + specified nodes. + +Configuration +------------- + +Configuring iOAM involves: - Selecting the packets for which iOAM data +must be inserted, updated or removed - Selection of packets for iOAM +data insertion on iOAM encapsulating node. Selection of packets is done +by 5-tuple based classification - Selection of packets for updating iOAM +data is implicitly done on the presence of iOAM options in the packet - +Selection of packets for removing the iOAM data is done on 5-tuple based +classification - The kind of data to be collected - Tracing data - Proof +of transit - Additional details for processing iOAM data to be collected +- For trace data - trace type, number of nodes to be recorded in the +trace, time stamp precision, etc. - For POT data - configuration of POT +profile required to process the POT data + +The CLI for configuring iOAM is explained here followed by detailed +steps and examples to deploy iOAM on VPP as an encapsulating, transit or +decapsulating iOAM node in the subsequent sub-sections. + +VPP iOAM configuration for enabling trace and POT is as follows: + +:: + + set ioam rewrite trace-type <0x1f|0x7|0x9|0x11|0x19> + trace-elts <number of trace elements> trace-tsp <0|1|2|3> + node-id <node ID in hex> app-data <application data in hex> [pot] + +A description of each of the options of the CLI follows: - trace-type : +An entry in the “Node data List” array of the trace option can have +different formats, following the needs of the a deployment. For example: +Some deployments might only be interested in recording the node +identifiers, whereas others might be interested in recording node +identifier and timestamp. The following types are currently supported: - +0x1f : Node data to include hop limit (8 bits), node ID (24 bits), +ingress and egress interface IDs (16 bits each), timestamp (32 bits), +application data (32 bits) - 0x7 : Node data to include hop limit (8 +bits), node ID (24 bits), ingress and egress interface IDs (16 bits +each) - 0x9 : Node data to include hop limit (8 bits), node ID (24 +bits), timestamp (32 bits) - 0x11: Node data to include hop limit (8 +bits), node ID (24 bits), application data (32 bits) - 0x19: Node data +to include hop limit (8 bits), node ID (24 bits), timestamp (32 bits), +application data (32 bits) - trace-elts : Defines the length of the node +data array in the trace option. - trace-tsp : Defines the timestamp +precision to use with the enumerated value for precision as follows: - 0 +: 32bits timestamp in seconds - 1 : 32bits timestamp in milliseconds - 2 +: 32bits timestamp in microseconds - 3 : 32bits timestamp in nanoseconds +- node-id : Unique identifier for the node, included in the node ID +field of the node data in trace option. - app-data : The value +configured here is included as is in application data field of node data +in trace option. - pot : Enables POT option to be included in the iOAM +options. + +Trace configuration +~~~~~~~~~~~~~~~~~~~ + +On in-band OAM encapsulating node +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- **Configure classifier and apply ACL** to select packets for iOAM + data insertion + + - Example to enable iOAM data insertion for all the packets towards + IPv6 address db06::06: + + vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst + + vpp# classify session acl-hit-next node ip6-add-hop-by-hop + table-index 0 match l3 ip6 dst db06::06 + + vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 + +- **Enable tracing** : Specify node ID, maximum number of nodes for + which trace data should be recorded, type of data to be included for + recording, optionally application data to be included + + - Example to enable tracing with a maximum of 4 nodes recorded and + the data to be recorded to include - hop limit, node id, ingress + and egress interface IDs, timestamp (millisecond precision), + application data (0x1234): + + vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 + node-id 0x1 app-data 0x1234 + +On in-band OAM transit node +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- The transit node requires trace type, timestamp precision, node ID + and optionally application data to be configured, to update its node + data in the trace option. + +Example: + +:: + + vpp# set ioam rewrite trace-type 0x1f trace-elts 4 trace-tsp 1 + node-id 0x2 app-data 0x1234 + +On the In-band OAM decapsulating node +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- The decapsulating node similar to encapsulating node requires + **classification** of the packets to remove iOAM data from. + + - Example to decapsulate iOAM data for packets towards db06::06, + configure classifier and enable it as an ACL as follows: + + vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst + + vpp# classify session acl-hit-next node ip6-lookup table-index 0 + match l3 ip6 dst db06::06 opaque-index 100 + + vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 + +- Decapsulating node requires trace type, timestamp precision, node ID + and optionally application data to be configured, to update its node + data in the trace option before it is decapsulated. + +Example: + +:: + + vpp# set ioam rewrite trace-type 0x1f trace-elts 4 + trace-tsp 1 node-id 0x3 app-data 0x1234 + +Proof of Transit configuration +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For details on proof-of-transit, see the IETF draft +`iOAM-ietf-proof-of-transit <https://tools.ietf.org/html/draft-brockners-proof-of-transit-01>`__. +To enable Proof of Transit all the nodes that participate and hence are +verified for transit need a proof of transit profile. A script to +generate a proof of transit profile as per the mechanism described in +`iOAM-ietf-proof-of-transit <https://tools.ietf.org/html/draft-brockners-proof-of-transit-01>`__ +will be available at +`iOAM-Devnet <https://github.com/ciscodevnet/iOAM>`__. + +The Proof of transit mechanism implemented here is based on Shamir’s +Secret Sharing algorithm. The overall algorithm uses two polynomials +POLY-1 and POLY-2. The degree of polynomials depends on number of nodes +to be verified for transit. POLY-1 is secret and constant. Each node +gets a point on POLY-1 at setup-time and keeps it secret. POLY-2 is +public, random and per packet. Each node is assigned a point on POLY-1 +and POLY-2 with the same x index. Each node derives its point on POLY-2 +each time a packet arrives at it. A node then contributes its points on +POLY-1 and POLY-2 to construct POLY-3 (POLY-3 = POLY-1 + POLY-2) using +lagrange extrapolation and forwards it towards the verifier by updating +POT data in the packet. The verifier constructs POLY-3 from the +accumulated value from all the nodes and its own points on POLY-1 and +POLY-2 and verifies whether POLY-3 = POLY-1 + POLY-2. Only the verifier +knows POLY-1. The solution leverages finite field arithmetic in a field +of size “prime number” for reasons explained in description of Shamir’s +secret sharing algorithm. + +| Here is an explanation of POT profile list and profile configuration + CLI to realize the above mechanism. It is best to use the script + provided at `iOAM-Devnet <https://github.com/ciscodevnet/iOAM>`__ to + generate this configuration. - **Create POT profile** : set pot + profile name id [0-1] +| [validator-key 0xu64] prime-number 0xu64 secret_share 0xu64 +| lpc 0xu64 polynomial2 0xu64 bits-in-random [0-64] +| - name : Profile list name. - id : Profile id, it can be 0 or 1. A + maximum of two profiles can be configured per profile list. - + validator-key : Secret key configured only on the + verifier/decapsulating node used to compare and verify proof of + transit. - prime-number : Prime number for finite field arithmetic as + required by the proof of transit mechanism. - secret_share : Unique + point for each node on the secret polynomial POLY-1. - lpc : Lagrange + Polynomial Constant(LPC) calculated per node based on its point (x + value used for evaluating the points on the polynomial) on the + polynomial used in lagrange extrapolation for reconstructing + polynomial (POLY-3). - polynomial2 : Is the pre-evaluated value of the + point on 2nd polynomial(POLY-2). This is unique for each node. It is + pre-evaluated for all the coefficients of POLY-2 except for the + constant part of the polynomial that changes per packet and is + received as part of the POT data in the packet. - bits-in-random : To + control the size of the random number to be generated. This number has + to match the other numbers generated and used in the profile as per + the algorithm. + +- **Set a configured profile as active/in-use** : + set pot profile-active name ID [0-1] + + - name : Name of the profile list to be used for computing POT data + per packet. + - ID : Identifier of the profile within the list to be used. + +.. _on-in-band-oam-encapsulating-node-1: + +On In-band OAM encapsulating node +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- Configure the classifier and apply ACL to select packets for iOAM + data insertion. + + - Example to enable iOAM data insertion for all the packet towards + IPv6 address db06::06 - + + vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst + + vpp# classify session acl-hit-next node ip6-add-hop-by-hop + table-index 0 match l3 ip6 dst db06::06 + + vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 + +- Configure the proof of transit profile list with profiles. Each + profile list referred to by a name can contain 2 profiles, only one + is in use for updating proof of transit data at any time. + + - Example profile list example with a profile generated from the + script to verify transit through 3 nodes is: + + vpp# set pot profile name example id 0 prime-number + 0x7fff0000fa884685 secret_share 0x6c22eff0f45ec56d lpc + 0x7fff0000fa884682 polynomial2 0xffb543d4a9c bits-in-random 63 + +- Enable one of the profiles from the configured profile list as active + so that is will be used for calculating proof of transit + +Example enable profile ID 0 from profile list example configured above: + +:: + + vpp# set pot profile-active name example ID 0 + +- Enable POT option to be inserted + + vpp# set ioam rewrite pot + +.. _on-in-band-oam-transit-node-1: + +On in-band OAM transit node +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- Configure the proof of transit profile list with profiles for transit + node. Example: + + vpp# set pot profile name example id 0 prime-number + 0x7fff0000fa884685 secret_share 0x564cdbdec4eb625d lpc 0x1 + polynomial2 0x23f3a227186a bits-in-random 63 + +On in-band OAM decapsulating node / verifier +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- The decapsulating node, similar to the encapsulating node requires + classification of the packets to remove iOAM data from. + + - Example to decapsulate iOAM data for packets towards db06::06 + configure classifier and enable it as an ACL as follows: + + vpp# classify table miss-next node ip6-lookup mask l3 ip6 dst + + vpp# classify session acl-hit-next node ip6-lookup table-index 0 + match l3 ip6 dst db06::06 opaque-index 100 + + vpp# set int input acl intfc GigabitEthernet0/0/0 ip6-table 0 + +- To update and verify the proof of transit, POT profile list should be + configured. + + - Example POT profile list configured as follows: + + vpp# set pot profile name example id 0 validate-key + 0x7fff0000fa88465d prime-number 0x7fff0000fa884685 secret_share + 0x7a08fbfc5b93116d lpc 0x3 polynomial2 0x3ff738597ce bits-in-random + 63 + +Operational data +---------------- + +Following CLIs are available to check iOAM operation: - To check iOAM +configuration that are effective use “show ioam summary” + +Example: + +:: + + vpp# show ioam summary + REWRITE FLOW CONFIGS - Not configured + HOP BY HOP OPTIONS - TRACE CONFIG - + Trace Type : 0x1f (31) + Trace timestamp precision : 1 (Milliseconds) + Num of trace nodes : 4 + Node-id : 0x2 (2) + App Data : 0x1234 (4660) + POT OPTION - 1 (Enabled) + Try 'show ioam pot and show pot profile' for more information + +- To find statistics about packets for which iOAM options were added + (encapsulating node) and removed (decapsulating node) execute *show + errors* + +Example on encapsulating node: + +:: + + vpp# show error + Count Node Reason + 1208804706 ip6-inacl input ACL hits + 1208804706 ip6-add-hop-by-hop Pkts w/ added ip6 hop-by-hop options + +Example on decapsulating node: + +:: + + vpp# show error + Count Node Reason + 69508569 ip6-inacl input ACL hits + 69508569 ip6-pop-hop-by-hop Pkts w/ removed ip6 hop-by-hop options + +- To check the POT profiles use “show pot profile” + +Example: + +:: + + vpp# show pot profile + Profile list in use : example + POT Profile at index: 0 + ID : 0 + Validator : False (0) + Secret share : 0x564cdbdec4eb625d (6218586935324795485) + Prime number : 0x7fff0000fa884685 (9223090566081300101) + 2nd polynomial(eval) : 0x23f3a227186a (39529304496234) + LPC : 0x1 (1) + Bit mask : 0x7fffffffffffffff (9223372036854775807) + Profile index in use: 0 + Pkts passed : 0x36 (54) + +- To get statistics of POT for packets use “show ioam pot” + +Example at encapsulating or transit node: + +:: + + vpp# show ioam pot + Pkts with ip6 hop-by-hop POT options - 54 + Pkts with ip6 hop-by-hop POT options but no profile set - 0 + Pkts with POT in Policy - 0 + Pkts with POT out of Policy - 0 + +Example at decapsulating/verification node: + +:: + + vpp# show ioam pot + Pkts with ip6 hop-by-hop POT options - 54 + Pkts with ip6 hop-by-hop POT options but no profile set - 0 + Pkts with POT in Policy - 54 + Pkts with POT out of Policy - 0 + +- Tracing - enable trace of IPv6 packets to view the data inserted and + collected. + +Example when the nodes are receiving data over a DPDK interface: Enable +tracing using “trace add dpdk-input 20” and execute “show trace” to view +the iOAM data collected: + +:: + + vpp# trace add dpdk-input 20 + + vpp# show trace + + ------------------- Start of thread 0 vpp_main ------------------- + + Packet 1 + + 00:00:19:294697: dpdk-input + GigabitEthernetb/0/0 rx queue 0 + buffer 0x10e6b: current data 0, length 214, free-list 0, totlen-nifb 0, trace 0x0 + PKT MBUF: port 0, nb_segs 1, pkt_len 214 + buf_len 2176, data_len 214, ol_flags 0x0, data_off 128, phys_addr 0xe9a35a00 + packet_type 0x0 + IP6: 00:50:56:9c:df:72 -> 00:50:56:9c:be:55 + IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 + tos 0x00, flow label 0x0, hop limit 63, payload length 160 + 00:00:19:294737: ethernet-input + IP6: 00:50:56:9c:df:72 -> 00:50:56:9c:be:55 + 00:00:19:294753: ip6-input + IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 + tos 0x00, flow label 0x0, hop limit 63, payload length 160 + 00:00:19:294757: ip6-lookup + fib 0 adj-idx 15 : indirect via db05::2 flow hash: 0x00000000 + IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 + tos 0x00, flow label 0x0, hop limit 63, payload length 160 + 00:00:19:294802: ip6-hop-by-hop + IP6_HOP_BY_HOP: next index 5 len 96 traced 96 Trace Type 0x1f , 1 elts left + [0] ttl 0x0 node ID 0x0 ingress 0x0 egress 0x0 ts 0x0 + app 0x0 + [1] ttl 0x3e node ID 0x3 ingress 0x1 egress 0x2 ts 0xb68c2213 + app 0x1234 + [2] ttl 0x3f node ID 0x2 ingress 0x1 egress 0x2 ts 0xb68c2204 + app 0x1234 + [3] ttl 0x40 node ID 0x1 ingress 0x5 egress 0x6 ts 0xb68c2200 + app 0x1234 + POT opt present + random = 0x577a916946071950, Cumulative = 0x10b46e78a35a392d, Index = 0x0 + 00:00:19:294810: ip6-rewrite + tx_sw_if_index 1 adj-idx 14 : GigabitEthernetb/0/0 + IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 flow hash: 0x00000000 + IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 + IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 + tos 0x00, flow label 0x0, hop limit 62, payload length 160 + 00:00:19:294814: GigabitEthernetb/0/0-output + GigabitEthernetb/0/0 + IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 + IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 + tos 0x00, flow label 0x0, hop limit 62, payload length 160 + 00:00:19:294820: GigabitEthernetb/0/0-tx + GigabitEthernetb/0/0 tx queue 0 + buffer 0x10e6b: current data 0, length 214, free-list 0, totlen-nifb 0, trace 0x0 + IP6: 00:50:56:9c:be:55 -> 00:50:56:9c:df:72 + + IP6_HOP_BY_HOP_OPTIONS: db05::2 -> db06::6 + + tos 0x00, flow label 0x0, hop limit 62, payload length 160 diff --git a/src/plugins/ioam/ip6/ioam_cache.h b/src/plugins/ioam/ip6/ioam_cache.h index b85172e8ac1..8c1b6291707 100644 --- a/src/plugins/ioam/ip6/ioam_cache.h +++ b/src/plugins/ioam/ip6/ioam_cache.h @@ -608,17 +608,20 @@ ioam_cache_ts_table_destroy (vlib_main_t * vm) int i; /* free pool and hash table */ - for (i = 0; i < no_of_threads; i++) + if (cm->ioam_ts_pool) { - pool_foreach (entry, cm->ioam_ts_pool[i]) - { - ioam_cache_ts_entry_free (i, entry, cm->error_node_index); - } - pool_free (cm->ioam_ts_pool[i]); - cm->ioam_ts_pool = 0; - tw_timer_wheel_free_16t_2w_512sl (&cm->timer_wheels[i]); + for (i = 0; i < no_of_threads; i++) + { + pool_foreach (entry, cm->ioam_ts_pool[i]) + { + ioam_cache_ts_entry_free (i, entry, cm->error_node_index); + } + pool_free (cm->ioam_ts_pool[i]); + cm->ioam_ts_pool[i] = 0; + tw_timer_wheel_free_16t_2w_512sl (&cm->timer_wheels[i]); + } + vec_free (cm->ioam_ts_pool); } - vec_free (cm->ioam_ts_pool); return (0); } diff --git a/src/plugins/ioam/ip6/ioam_cache_node.c b/src/plugins/ioam/ip6/ioam_cache_node.c index 6a5465b86aa..9859ee6fbf0 100644 --- a/src/plugins/ioam/ip6/ioam_cache_node.c +++ b/src/plugins/ioam/ip6/ioam_cache_node.c @@ -179,7 +179,6 @@ ip6_ioam_cache_node_fn (vlib_main_t * vm, /* * Node for IP6 iOAM header cache */ -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ioam_cache_node) = { .function = ip6_ioam_cache_node_fn, @@ -196,7 +195,6 @@ VLIB_REGISTER_NODE (ioam_cache_node) = [IOAM_CACHE_NEXT_POP_HBYH] = "ip6-pop-hop-by-hop" }, }; -/* *INDENT-ON* */ typedef struct { @@ -386,7 +384,6 @@ VLIB_NODE_FN (ip6_add_from_cache_hbh_node) (vlib_main_t * vm, processed); return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ip6_add_from_cache_hbh_node) = { .name = "ip6-add-from-cache-hop-by-hop", @@ -404,7 +401,6 @@ VLIB_REGISTER_NODE (ip6_add_from_cache_hbh_node) = #undef _ }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/ip6/ioam_cache_tunnel_select_node.c b/src/plugins/ioam/ip6/ioam_cache_tunnel_select_node.c index d2c7f20a778..61476ebd85c 100644 --- a/src/plugins/ioam/ip6/ioam_cache_tunnel_select_node.c +++ b/src/plugins/ioam/ip6/ioam_cache_tunnel_select_node.c @@ -235,7 +235,6 @@ ip6_ioam_cache_ts_node_fn (vlib_main_t * vm, /* * Node for IP6 iOAM header cache */ -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ioam_cache_ts_node) = { .function = ip6_ioam_cache_ts_node_fn, @@ -253,7 +252,6 @@ VLIB_REGISTER_NODE (ioam_cache_ts_node) = [IOAM_CACHE_TS_ERROR_NEXT_DROP] = "error-drop", }, }; -/* *INDENT-ON* */ typedef struct { @@ -623,7 +621,6 @@ VLIB_NODE_FN (ip6_reset_ts_hbh_node) (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ip6_reset_ts_hbh_node) = { .name = "ip6-add-syn-hop-by-hop", @@ -642,7 +639,6 @@ VLIB_REGISTER_NODE (ip6_reset_ts_hbh_node) = }, }; -/* *INDENT-ON* */ #ifndef CLIB_MARCH_VARIANT vlib_node_registration_t ioam_cache_ts_timer_tick_node; @@ -738,7 +734,6 @@ ioam_cache_ts_timer_tick_node_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ioam_cache_ts_timer_tick_node) = { .function = ioam_cache_ts_timer_tick_node_fn, .name = "ioam-cache-ts-timer-tick", @@ -757,7 +752,6 @@ VLIB_REGISTER_NODE (ioam_cache_ts_timer_tick_node) = { [0] = "error-drop", }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/ipfixcollector/node.c b/src/plugins/ioam/ipfixcollector/node.c index 098029d6ad6..73d7b57fab5 100644 --- a/src/plugins/ioam/ipfixcollector/node.c +++ b/src/plugins/ioam/ipfixcollector/node.c @@ -271,7 +271,6 @@ ipfix_collector_node_fn (vlib_main_t * vm, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (ipfix_collector_node) = { .function = ipfix_collector_node_fn, .name = "ipfix-collector", @@ -289,7 +288,6 @@ VLIB_REGISTER_NODE (ipfix_collector_node) = { [IPFIX_COLLECTOR_NEXT_DROP] = "error-drop", }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/lib-e2e/e2e_util.h b/src/plugins/ioam/lib-e2e/e2e_util.h index f8a4ebd4797..a72b4030b2c 100644 --- a/src/plugins/ioam/lib-e2e/e2e_util.h +++ b/src/plugins/ioam/lib-e2e/e2e_util.h @@ -18,13 +18,11 @@ #include <ioam/lib-e2e/ioam_seqno_lib.h> -/* *INDENT-OFF* */ typedef CLIB_PACKED(struct { u8 e2e_type; u8 reserved; u32 e2e_data; }) ioam_e2e_packet_t; -/* *INDENT-ON* */ #endif /* PLUGINS_IOAM_PLUGIN_IOAM_LIB_E2E_E2E_UTIL_H_ */ diff --git a/src/plugins/ioam/lib-pot/math64.h b/src/plugins/ioam/lib-pot/math64.h index 4c608a37de4..2084c25fa58 100644 --- a/src/plugins/ioam/lib-pot/math64.h +++ b/src/plugins/ioam/lib-pot/math64.h @@ -51,23 +51,23 @@ static inline void mul64by64(u64 a, u64 b, u64 * hi, u64 * lo) static inline u64 mod128by64(u64 x, u64 y, u64 m, double di) { - u64 q1, q2, q; - u64 p1, p0; - double dq; + u64 q1, q2; + u64 p1, p0; + double dq; - /* calculate quotient first pass 53 bits */ - dq = (TWO64 * (double)x + (double)y) * di; + /* calculate quotient first pass 53 bits */ + dq = (TWO64 * (double) x + (double) y) * di; - if (dq >= TWO64) - q1 = 0xfffffffffffff800L; - else - q1 = dq; + if (dq >= TWO64) + q1 = 0xfffffffffffff800L; + else + q1 = dq; - /* q1 * m to compare the product to the dividend. */ - mul64by64(q1, m, &p1, &p0); + /* q1 * m to compare the product to the dividend. */ + mul64by64 (q1, m, &p1, &p0); - /* Adjust quotient. is it > actual result: */ - if (x < p1 || (x == p1 && y < p0)) + /* Adjust quotient. is it > actual result: */ + if (x < p1 || (x == p1 && y < p0)) { /* q1 > quotient. calculate abs remainder */ x = p1 - (x + (p0 < y)); @@ -77,7 +77,6 @@ static inline u64 mod128by64(u64 x, u64 y, u64 m, double di) q2 = (u64) ((TWO64 * (double)x + (double)y) * di); mul64by64(q2, m, &p1, &p0); - q = q1 - q2; if (x < p1 || (x == p1 && y <= p0)) { y = p0 - y; @@ -86,7 +85,6 @@ static inline u64 mod128by64(u64 x, u64 y, u64 m, double di) { y = p0 - y; y += m; - q--; } } else @@ -97,12 +95,10 @@ static inline u64 mod128by64(u64 x, u64 y, u64 m, double di) q2 = (u64) ((TWO64 * (double)x + (double)y) * di); mul64by64(q2, m, &p1, &p0); - q = q1 + q2; if (x < p1 || (x == p1 && y < p0)) { y = y - p0; y += m; - q--; } else { @@ -110,7 +106,6 @@ static inline u64 mod128by64(u64 x, u64 y, u64 m, double di) if (y >= m) { y -= m; - q++; } } } diff --git a/src/plugins/ioam/lib-trace/trace_util.c b/src/plugins/ioam/lib-trace/trace_util.c index d935543cf23..31fbb2b7446 100644 --- a/src/plugins/ioam/lib-trace/trace_util.c +++ b/src/plugins/ioam/lib-trace/trace_util.c @@ -98,14 +98,12 @@ clear_trace_profiles (void) clear_trace_profile_command_fn (0, 0, 0); } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND(clear_trace_profile_command) = { .path = "clear ioam-trace profile", .short_help = "clear ioam-trace profile [<index>|all]", .function = clear_trace_profile_command_fn, }; -/* *INDENT-ON* */ static clib_error_t * set_trace_profile_command_fn (vlib_main_t * vm, @@ -137,7 +135,6 @@ set_trace_profile_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_trace_profile_command, static) = { .path = "set ioam-trace profile", @@ -146,7 +143,6 @@ VLIB_CLI_COMMAND (set_trace_profile_command, static) = node-id <node id in hex> app-data <app_data in hex>", .function = set_trace_profile_command_fn, }; -/* *INDENT-ON* */ static clib_error_t * show_trace_profile_command_fn (vlib_main_t * vm, @@ -189,14 +185,12 @@ show_trace_profile_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_trace_profile_command, static) = { .path = "show ioam-trace profile", .short_help = "show ioam-trace profile", .function = show_trace_profile_command_fn, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/ioam/lib-trace/trace_util.h b/src/plugins/ioam/lib-trace/trace_util.h index 61f18d9173a..869ea717cf8 100644 --- a/src/plugins/ioam/lib-trace/trace_util.h +++ b/src/plugins/ioam/lib-trace/trace_util.h @@ -75,14 +75,12 @@ int trace_profile_create (trace_profile * profile, u8 trace_type, u8 num_elts, void clear_trace_profiles (void); -/* *INDENT-OFF* */ typedef CLIB_PACKED (struct { u8 ioam_trace_type; u8 data_list_elts_left; u32 elts[0]; /* Variable type. So keep it generic */ }) ioam_trace_hdr_t; -/* *INDENT-ON* */ diff --git a/src/plugins/ioam/lib-vxlan-gpe/ioam_decap.c b/src/plugins/ioam/lib-vxlan-gpe/ioam_decap.c index 87e57d3605e..801faa98066 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/ioam_decap.c +++ b/src/plugins/ioam/lib-vxlan-gpe/ioam_decap.c @@ -193,7 +193,6 @@ vxlan_gpe_decap_ioam_v4 (vlib_main_t * vm, } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (vxlan_gpe_decap_ioam_v4_node) = { .function = vxlan_gpe_decap_ioam_v4, .name = "vxlan-gpe-decap-ioam-v4", @@ -211,7 +210,6 @@ VLIB_REGISTER_NODE (vxlan_gpe_decap_ioam_v4_node) = { [VXLAN_GPE_DECAP_IOAM_V4_NEXT_DROP] = "error-drop", }, }; -/* *INDENT-ON* */ /* diff --git a/src/plugins/ioam/lib-vxlan-gpe/ioam_encap.c b/src/plugins/ioam/lib-vxlan-gpe/ioam_encap.c index 1d15654464d..de375df4f7c 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/ioam_encap.c +++ b/src/plugins/ioam/lib-vxlan-gpe/ioam_encap.c @@ -164,7 +164,6 @@ vxlan_gpe_encap_ioam_v4 (vlib_main_t * vm, -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (vxlan_gpe_encap_ioam_v4_node) = { .function = vxlan_gpe_encap_ioam_v4, .name = "vxlan-gpe-encap-ioam-v4", @@ -182,7 +181,6 @@ VLIB_REGISTER_NODE (vxlan_gpe_encap_ioam_v4_node) = { [VXLAN_GPE_ENCAP_IOAM_V4_NEXT_DROP] = "error-drop", }, }; -/* *INDENT-ON* */ /* diff --git a/src/plugins/ioam/lib-vxlan-gpe/ioam_pop.c b/src/plugins/ioam/lib-vxlan-gpe/ioam_pop.c index 84900eb7e01..2fa0aa29450 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/ioam_pop.c +++ b/src/plugins/ioam/lib-vxlan-gpe/ioam_pop.c @@ -321,7 +321,6 @@ vxlan_gpe_pop_ioam_v4 (vlib_main_t * vm, return vxlan_gpe_pop_ioam (vm, node, from_frame, 0); } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (vxlan_gpe_pop_ioam_v4_node) = { .function = vxlan_gpe_pop_ioam_v4, .name = "vxlan-gpe-pop-ioam-v4", @@ -340,7 +339,6 @@ VLIB_REGISTER_NODE (vxlan_gpe_pop_ioam_v4_node) = { #undef _ }, }; -/* *INDENT-ON* */ diff --git a/src/plugins/ioam/lib-vxlan-gpe/ioam_transit.c b/src/plugins/ioam/lib-vxlan-gpe/ioam_transit.c index 215f14b74bc..e3c82725e26 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/ioam_transit.c +++ b/src/plugins/ioam/lib-vxlan-gpe/ioam_transit.c @@ -51,14 +51,12 @@ typedef enum } vxlan_gpe_transit_ioam_next_t; -/* *INDENT-OFF* */ VNET_FEATURE_INIT (vxlan_gpe_transit_ioam, static) = { .arc_name = "ip4-output", .node_name = "vxlan-gpe-transit-ioam", .runs_before = VNET_FEATURES ("interface-output"), }; -/* *INDENT-ON* */ static uword vxlan_gpe_transit_ioam (vlib_main_t * vm, @@ -156,7 +154,6 @@ vxlan_gpe_transit_ioam (vlib_main_t * vm, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (vxlan_gpe_transit_ioam_node) = { .function = vxlan_gpe_transit_ioam, .name = "vxlan-gpe-transit-ioam", @@ -175,7 +172,6 @@ VLIB_REGISTER_NODE (vxlan_gpe_transit_ioam_node) = { }, }; -/* *INDENT-ON* */ /* diff --git a/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_api.c b/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_api.c index 9f6d181f0b1..d61832d975a 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_api.c +++ b/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_api.c @@ -27,6 +27,7 @@ #include <vlibmemory/api.h> #include <vnet/format_fns.h> #include <vnet/ip/ip_types_api.h> +#include <vnet/udp/udp_local.h> /* define message IDs */ #include <ioam/lib-vxlan-gpe/ioam_vxlan_gpe.api_enum.h> @@ -92,7 +93,7 @@ static void vl_api_vxlan_gpe_ioam_vni_enable_t_handler clib_memcpy (&key4.remote, &mp->remote.un.ip4, sizeof (key4.remote)); vni = clib_net_to_host_u32 (mp->vni); key4.vni = clib_host_to_net_u32 (vni << 8); - key4.pad = 0; + key4.port = clib_host_to_net_u16 (UDP_DST_PORT_VXLAN_GPE); p = hash_get_mem (gm->vxlan4_gpe_tunnel_by_key, &key4); } @@ -141,7 +142,7 @@ static void vl_api_vxlan_gpe_ioam_vni_disable_t_handler clib_memcpy (&key4.remote, &mp->remote, sizeof (key4.remote)); vni = clib_net_to_host_u32 (mp->vni); key4.vni = clib_host_to_net_u32 (vni << 8); - key4.pad = 0; + key4.port = clib_host_to_net_u16 (UDP_DST_PORT_VXLAN_GPE); p = hash_get_mem (gm->vxlan4_gpe_tunnel_by_key, &key4); } diff --git a/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam.c b/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam.c index 108b0c0765b..327afc3fb61 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam.c +++ b/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam.c @@ -19,6 +19,7 @@ #include <vnet/dpo/load_balance.h> #include <vnet/fib/ip4_fib.h> #include <vnet/fib/fib_entry.h> +#include <vnet/udp/udp_local.h> vxlan_gpe_ioam_main_t vxlan_gpe_ioam_main; @@ -478,7 +479,7 @@ vxlan_gpe_set_ioam_rewrite_command_fn (vlib_main_t * key4.local = local.ip4.as_u32; key4.remote = remote.ip4.as_u32; key4.vni = clib_host_to_net_u32 (vni << 8); - key4.pad = 0; + key4.port = clib_host_to_net_u16 (UDP_DST_PORT_VXLAN_GPE); p = hash_get_mem (gm->vxlan4_gpe_tunnel_by_key, &key4); } else @@ -488,6 +489,7 @@ vxlan_gpe_set_ioam_rewrite_command_fn (vlib_main_t * key6.remote.as_u64[0] = remote.ip6.as_u64[0]; key6.remote.as_u64[1] = remote.ip6.as_u64[1]; key6.vni = clib_host_to_net_u32 (vni << 8); + key6.port = clib_host_to_net_u16 (UDP_DST_PORT_VXLAN6_GPE); p = hash_get_mem (gm->vxlan6_gpe_tunnel_by_key, &key6); } @@ -508,13 +510,11 @@ vxlan_gpe_set_ioam_rewrite_command_fn (vlib_main_t * } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (vxlan_gpe_set_ioam_rewrite_cmd, static) = { .path = "set vxlan-gpe-ioam", .short_help = "set vxlan-gpe-ioam vxlan <src-ip> <dst_ip> <vnid> [disable]", .function = vxlan_gpe_set_ioam_rewrite_command_fn, }; -/* *INDENT-ON* */ @@ -590,13 +590,11 @@ vxlan_gpe_set_ioam_flags_command_fn (vlib_main_t * vm, return rv; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (vxlan_gpe_set_ioam_flags_cmd, static) = { .path = "set vxlan-gpe-ioam rewrite", .short_help = "set vxlan-gpe-ioam [trace] [pot] [ppc <encap|decap>]", .function = vxlan_gpe_set_ioam_flags_command_fn,}; -/* *INDENT-ON* */ int vxlan_gpe_ioam_disable_for_dest @@ -681,13 +679,11 @@ static clib_error_t *vxlan_gpe_set_ioam_transit_rewrite_command_fn return rv; } - /* *INDENT-OFF* */ VLIB_CLI_COMMAND (vxlan_gpe_set_ioam_transit_rewrite_cmd, static) = { .path = "set vxlan-gpe-ioam-transit", .short_help = "set vxlan-gpe-ioam-transit dst-ip <dst_ip> [outer-fib-index <outer_fib_index>] [disable]", .function = vxlan_gpe_set_ioam_transit_rewrite_command_fn, }; -/* *INDENT-ON* */ clib_error_t *clear_vxlan_gpe_ioam_rewrite_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) @@ -695,14 +691,12 @@ clib_error_t *clear_vxlan_gpe_ioam_rewrite_command_fn return (vxlan_gpe_ioam_disable (0, 0, 0)); } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (vxlan_gpe_clear_ioam_flags_cmd, static) = { .path = "clear vxlan-gpe-ioam rewrite", .short_help = "clear vxlan-gpe-ioam rewrite", .function = clear_vxlan_gpe_ioam_rewrite_command_fn, }; -/* *INDENT-ON* */ /** @@ -749,7 +743,8 @@ void vxlan_gpe_ioam_interface_init (void) { vxlan_gpe_ioam_main_t *hm = &vxlan_gpe_ioam_main; - hm->fib_entry_type = fib_node_register_new_type (&vxlan_gpe_ioam_vft); + hm->fib_entry_type = + fib_node_register_new_type ("vxlan-gpe", &vxlan_gpe_ioam_vft); return; } diff --git a/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam_trace.c b/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam_trace.c index 1a37059396c..9c783c747d0 100644 --- a/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam_trace.c +++ b/src/plugins/ioam/lib-vxlan-gpe/vxlan_gpe_ioam_trace.c @@ -39,14 +39,12 @@ typedef union } time_u64_t; -/* *INDENT-OFF* */ typedef CLIB_PACKED(struct { vxlan_gpe_ioam_option_t hdr; u8 ioam_trace_type; u8 data_list_elts_left; u32 elts[0]; /* Variable type. So keep it generic */ }) vxlan_gpe_ioam_trace_option_t; -/* *INDENT-ON* */ #define foreach_vxlan_gpe_ioam_trace_stats \ @@ -422,13 +420,11 @@ vxlan_gpe_show_ioam_trace_cmd_fn (vlib_main_t * vm, } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (vxlan_gpe_show_ioam_trace_cmd, static) = { .path = "show ioam vxlan-gpe trace", .short_help = "iOAM trace statistics", .function = vxlan_gpe_show_ioam_trace_cmd_fn, }; -/* *INDENT-ON* */ static clib_error_t * @@ -459,13 +455,11 @@ vxlan_gpe_ioam_trace_init (vlib_main_t * vm) return (0); } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (vxlan_gpe_ioam_trace_init) = { .runs_after = VLIB_INITS("ip_main_init", "ip6_lookup_init", "vxlan_gpe_init"), }; -/* *INDENT-ON* */ int diff --git a/src/plugins/ioam/udp-ping/udp_ping_export.c b/src/plugins/ioam/udp-ping/udp_ping_export.c index 3e835989a6f..78d62233a7d 100644 --- a/src/plugins/ioam/udp-ping/udp_ping_export.c +++ b/src/plugins/ioam/udp-ping/udp_ping_export.c @@ -23,20 +23,18 @@ #define UDP_PING_EXPORT_RECORD_SIZE 400 static u8 * -udp_ping_template_rewrite (flow_report_main_t * frm, flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, u16 collector_port, - ipfix_report_element_t * elts, - u32 n_elts, u32 * stream_index) +udp_ping_template_rewrite (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, ipfix_report_element_t *elts, + u32 n_elts, u32 *stream_index) { - return ioam_template_rewrite (frm, fr, collector_address, - src_address, collector_port, elts, n_elts, + return ioam_template_rewrite (exp, fr, collector_port, elts, n_elts, stream_index); } static vlib_frame_t * -udp_ping_send_flows (flow_report_main_t * frm, flow_report_t * fr, - vlib_frame_t * f, u32 * to_next, u32 node_index) +udp_ping_send_flows (flow_report_main_t *frm, ipfix_exporter_t *exp, + flow_report_t *fr, vlib_frame_t *f, u32 *to_next, + u32 node_index) { vlib_buffer_t *b0 = NULL; u32 next_offset = 0; @@ -47,17 +45,16 @@ udp_ping_send_flows (flow_report_main_t * frm, flow_report_t * fr, ipfix_set_header_t *s = NULL; ip4_header_t *ip; udp_header_t *udp; - u32 records_this_buffer; u16 new_l0, old_l0; ip_csum_t sum0; - vlib_main_t *vm = frm->vlib_main; + vlib_main_t *vm = vlib_get_main (); flow_report_stream_t *stream; udp_ping_flow_data *stats; ip46_udp_ping_flow *ip46_flow; u16 src_port, dst_port; u16 data_len; - stream = &frm->streams[fr->stream_index]; + stream = &exp->streams[fr->stream_index]; data_len = vec_len (udp_ping_main.ip46_flow); for (i = 0; i < data_len; i++) @@ -101,7 +98,6 @@ udp_ping_send_flows (flow_report_main_t * frm, flow_report_t * fr, h->sequence_number = clib_host_to_net_u32 (h->sequence_number); next_offset = (u32) (((u8 *) (s + 1)) - (u8 *) tp); - records_this_buffer = 0; } next_offset = ioam_analyse_add_ipfix_record (fr, @@ -117,10 +113,8 @@ udp_ping_send_flows (flow_report_main_t * frm, flow_report_t * fr, //memcpy (b0->data + next_offset, &pak_sent, sizeof(u32)); //next_offset += sizeof(u32); - records_this_buffer++; - /* Flush data if packet len is about to reach path mtu */ - if (next_offset > (frm->path_mtu - UDP_PING_EXPORT_RECORD_SIZE)) + if (next_offset > (exp->path_mtu - UDP_PING_EXPORT_RECORD_SIZE)) { b0->current_length = next_offset; b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID; @@ -230,7 +224,7 @@ udp_ping_flow_create (u8 del) vnet_flow_report_add_del_args_t args; int rv; u32 domain_id = 0; - flow_report_main_t *frm = &flow_report_main; + ipfix_exporter_t *exp = &flow_report_main.exporters[0]; u16 template_id; clib_memset (&args, 0, sizeof (args)); @@ -240,7 +234,7 @@ udp_ping_flow_create (u8 del) args.domain_id = domain_id; args.src_port = UDP_DST_PORT_ipfix; - rv = vnet_flow_report_add_del (frm, &args, &template_id); + rv = vnet_flow_report_add_del (exp, &args, &template_id); switch (rv) { @@ -281,13 +275,11 @@ set_udp_ping_export_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_udp_ping_export_command, static) = { .path = "set udp-ping export-ipfix", .short_help = "set udp-ping export-ipfix [disable]", .function = set_udp_ping_export_command_fn, }; -/* *INDENT-ON* */ clib_error_t * udp_ping_flow_report_init (vlib_main_t * vm) @@ -295,12 +287,10 @@ udp_ping_flow_report_init (vlib_main_t * vm) return 0; } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (udp_ping_flow_report_init) = { .runs_after = VLIB_INITS ("flow_report_init"), }; -/* *INDENT-ON* */ /* diff --git a/src/plugins/ioam/udp-ping/udp_ping_node.c b/src/plugins/ioam/udp-ping/udp_ping_node.c index 6bfa8f67ef5..fbc3b13971c 100644 --- a/src/plugins/ioam/udp-ping/udp_ping_node.c +++ b/src/plugins/ioam/udp-ping/udp_ping_node.c @@ -93,14 +93,12 @@ format_udp_ping_trace (u8 * s, va_list * args) return s; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (udp_ping_node, static) = { .function = udp_ping_process, .type = VLIB_NODE_TYPE_PROCESS, .name = "udp-ping-process", }; -/* *INDENT-ON* */ void udp_ping_calculate_timer_interval (void) @@ -301,7 +299,6 @@ set_udp_ping_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_udp_ping_command, static) = { .path = "set udp-ping", @@ -312,7 +309,6 @@ VLIB_CLI_COMMAND (set_udp_ping_command, static) = [disable]", .function = set_udp_ping_command_fn, }; -/* *INDENT-ON* */ static clib_error_t * show_udp_ping_summary_cmd_fn (vlib_main_t * vm, @@ -374,14 +370,12 @@ show_udp_ping_summary_cmd_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_udp_ping_cmd, static) = { .path = "show udp-ping summary", .short_help = "Summary of udp-ping", .function = show_udp_ping_summary_cmd_fn, }; -/* *INDENT-ON* */ /** * @brief UDP-Ping Process node. @@ -790,7 +784,6 @@ udp_ping_local_node_fn (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ /* * Node for udp-ping-local */ @@ -814,7 +807,6 @@ VLIB_REGISTER_NODE (udp_ping_local, static) = [UDP_PING_NEXT_IP6_DROP] = "ip6-drop", }, }; -/* *INDENT-ON* */ static clib_error_t * udp_ping_init (vlib_main_t * vm) @@ -828,12 +820,10 @@ udp_ping_init (vlib_main_t * vm) return 0; } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (udp_ping_init) = { .runs_after = VLIB_INITS("ip_main_init"), }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON |