summaryrefslogtreecommitdiffstats
path: root/src/vnet/sr/sr.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/sr/sr.c')
-rw-r--r--src/vnet/sr/sr.c327
1 files changed, 214 insertions, 113 deletions
diff --git a/src/vnet/sr/sr.c b/src/vnet/sr/sr.c
index f30c0da940e..012d45428ec 100644
--- a/src/vnet/sr/sr.c
+++ b/src/vnet/sr/sr.c
@@ -23,7 +23,9 @@
#include <vnet/vnet.h>
#include <vnet/sr/sr.h>
#include <vnet/fib/ip6_fib.h>
+#include <vnet/mfib/mfib_table.h>
#include <vnet/dpo/dpo.h>
+#include <vnet/dpo/replicate_dpo.h>
#include <openssl/hmac.h>
@@ -36,6 +38,11 @@ static vlib_node_registration_t sr_local_node;
static dpo_type_t sr_dpo_type;
/**
+ * @brief Dynamically added SR FIB Node type
+ */
+static fib_node_type_t sr_fib_node_type;
+
+/**
* @brief Use passed HMAC key in ip6_sr_header_t in OpenSSL HMAC routines
*
* @param sm ip6_sr_main_t *
@@ -258,20 +265,10 @@ format_ip6_sr_header_with_length (u8 * s, va_list * args)
/**
* @brief Defined valid next nodes
- * @note Cannot call replicate yet without DPDK
*/
-#if DPDK > 0
-#define foreach_sr_rewrite_next \
-_(ERROR, "error-drop") \
-_(IP6_LOOKUP, "ip6-lookup") \
-_(SR_LOCAL, "sr-local") \
-_(SR_REPLICATE,"sr-replicate")
-#else
#define foreach_sr_rewrite_next \
_(ERROR, "error-drop") \
-_(IP6_LOOKUP, "ip6-lookup") \
_(SR_LOCAL, "sr-local")
-#endif /* DPDK */
/**
* @brief Struct for defined valid next nodes
@@ -384,8 +381,8 @@ sr_rewrite (vlib_main_t * vm,
ip6_header_t *ip0, *ip1;
ip6_sr_header_t *sr0, *sr1;
ip6_sr_tunnel_t *t0, *t1;
- u32 next0 = SR_REWRITE_NEXT_IP6_LOOKUP;
- u32 next1 = SR_REWRITE_NEXT_IP6_LOOKUP;
+ u32 next0;
+ u32 next1;
u16 new_l0 = 0;
u16 new_l1 = 0;
@@ -433,16 +430,6 @@ sr_rewrite (vlib_main_t * vm,
ip0 = vlib_buffer_get_current (b0);
ip1 = vlib_buffer_get_current (b1);
-#if DPDK > 0 /* Cannot call replication node yet without DPDK */
- /* add a replication node */
- if (PREDICT_FALSE (t0->policy_index != ~0))
- {
- vnet_buffer (b0)->ip.save_protocol = t0->policy_index;
- next0 = SR_REWRITE_NEXT_SR_REPLICATE;
- sr0 = (ip6_sr_header_t *) (t0->rewrite);
- goto processnext;
- }
-#endif /* DPDK */
/*
* SR-unaware service chaining case: pkt coming back from
@@ -506,8 +493,11 @@ sr_rewrite (vlib_main_t * vm,
sr_fix_hmac (sm, ip0, sr0);
- next0 = sr_local_cb ? sr_local_cb (vm, node, b0, ip0, sr0) :
- next0;
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX] =
+ t0->first_hop_dpo.dpoi_index;
+ next0 = t0->first_hop_dpo.dpoi_next_node;
+ next0 = (sr_local_cb ?
+ sr_local_cb (vm, node, b0, ip0, sr0) : next0);
/*
* Ignore "do not rewrite" shtik in this path
@@ -519,17 +509,7 @@ sr_rewrite (vlib_main_t * vm,
b0->error = node->errors[SR_REWRITE_ERROR_APP_CALLBACK];
}
}
-#if DPDK > 0 /* Cannot call replication node yet without DPDK */
- processnext:
- /* add a replication node */
- if (PREDICT_FALSE (t1->policy_index != ~0))
- {
- vnet_buffer (b1)->ip.save_protocol = t1->policy_index;
- next1 = SR_REWRITE_NEXT_SR_REPLICATE;
- sr1 = (ip6_sr_header_t *) (t1->rewrite);
- goto trace00;
- }
-#endif /* DPDK */
+
if (PREDICT_FALSE (ip1->protocol == IPPROTO_IPV6_ROUTE))
{
vlib_buffer_advance (b1, sizeof (ip1));
@@ -584,8 +564,11 @@ sr_rewrite (vlib_main_t * vm,
sr_fix_hmac (sm, ip1, sr1);
- next1 = sr_local_cb ? sr_local_cb (vm, node, b1, ip1, sr1) :
- next1;
+ vnet_buffer (b1)->ip.adj_index[VLIB_TX] =
+ t1->first_hop_dpo.dpoi_index;
+ next1 = t1->first_hop_dpo.dpoi_next_node;
+ next1 = (sr_local_cb ?
+ sr_local_cb (vm, node, b1, ip1, sr1) : next1);
/*
* Ignore "do not rewrite" shtik in this path
@@ -597,9 +580,6 @@ sr_rewrite (vlib_main_t * vm,
b1->error = node->errors[SR_REWRITE_ERROR_APP_CALLBACK];
}
}
-#if DPDK > 0 /* Cannot run replicate without DPDK and only replicate uses this label */
- trace00:
-#endif /* DPDK */
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
{
@@ -641,7 +621,7 @@ sr_rewrite (vlib_main_t * vm,
ip6_header_t *ip0 = 0;
ip6_sr_header_t *sr0 = 0;
ip6_sr_tunnel_t *t0;
- u32 next0 = SR_REWRITE_NEXT_IP6_LOOKUP;
+ u32 next0;
u16 new_l0 = 0;
bi0 = from[0];
@@ -661,16 +641,6 @@ sr_rewrite (vlib_main_t * vm,
t0 =
pool_elt_at_index (sm->tunnels,
vnet_buffer (b0)->ip.adj_index[VLIB_TX]);
-#if DPDK > 0 /* Cannot call replication node yet without DPDK */
- /* add a replication node */
- if (PREDICT_FALSE (t0->policy_index != ~0))
- {
- vnet_buffer (b0)->ip.save_protocol = t0->policy_index;
- next0 = SR_REWRITE_NEXT_SR_REPLICATE;
- sr0 = (ip6_sr_header_t *) (t0->rewrite);
- goto trace0;
- }
-#endif /* DPDK */
ASSERT (VLIB_BUFFER_PRE_DATA_SIZE
>= ((word) vec_len (t0->rewrite)) + b0->current_data);
@@ -740,8 +710,11 @@ sr_rewrite (vlib_main_t * vm,
sr_fix_hmac (sm, ip0, sr0);
- next0 = sr_local_cb ? sr_local_cb (vm, node, b0, ip0, sr0) :
- next0;
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX] =
+ t0->first_hop_dpo.dpoi_index;
+ next0 = t0->first_hop_dpo.dpoi_next_node;
+ next0 = (sr_local_cb ?
+ sr_local_cb (vm, node, b0, ip0, sr0) : next0);
/*
* Ignore "do not rewrite" shtik in this path
@@ -753,9 +726,6 @@ sr_rewrite (vlib_main_t * vm,
b0->error = node->errors[SR_REWRITE_ERROR_APP_CALLBACK];
}
}
-#if DPDK > 0 /* Cannot run replicate without DPDK and only replicate uses this label */
- trace0:
-#endif /* DPDK */
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
{
@@ -809,20 +779,69 @@ VLIB_NODE_FUNCTION_MULTIARCH (sr_rewrite_node, sr_rewrite)
/* *INDENT-ON* */
static int
-ip6_delete_route_no_next_hop (ip6_address_t * dst_address_arg,
- u32 dst_address_length, u32 rx_table_id)
+ip6_routes_add_del (ip6_sr_tunnel_t * t, int is_del)
{
+ ip6_sr_main_t *sm = &sr_main;
+
+ /*
+ * the prefix for the tunnel's destination
+ */
+ /* *INDENT-OFF* */
fib_prefix_t pfx = {
- .fp_len = dst_address_length,
.fp_proto = FIB_PROTOCOL_IP6,
+ .fp_len = t->dst_mask_width,
.fp_addr = {
- .ip6 = *dst_address_arg,
- }
+ .ip6 = t->key.dst,
+ }
};
+ /* *INDENT-ON* */
- fib_table_entry_delete (fib_table_id_find_fib_index (FIB_PROTOCOL_IP6,
- rx_table_id),
- &pfx, FIB_SOURCE_SR);
+ if (is_del)
+ {
+ fib_table_entry_delete (t->rx_fib_index, &pfx, FIB_SOURCE_SR);
+ }
+ else
+ {
+ dpo_id_t dpo = DPO_INVALID;
+
+ dpo_set (&dpo, sr_dpo_type, DPO_PROTO_IP6, t - sm->tunnels);
+ fib_table_entry_special_dpo_add (t->rx_fib_index,
+ &pfx,
+ FIB_SOURCE_SR,
+ FIB_ENTRY_FLAG_EXCLUSIVE, &dpo);
+ dpo_reset (&dpo);
+ }
+
+ /*
+ * Track the first hop address so we don't need to perform an extra
+ * lookup in the data-path
+ */
+ /* *INDENT-OFF* */
+ const fib_prefix_t first_hop_pfx = {
+ .fp_len = 128,
+ .fp_proto = FIB_PROTOCOL_IP6,
+ .fp_addr = {
+ .ip6 = t->first_hop,
+ }
+ };
+ /* *INDENT-ON* */
+
+ if (is_del)
+ {
+ fib_entry_child_remove (t->fib_entry_index, t->sibling_index);
+ fib_table_entry_delete_index (t->fib_entry_index, FIB_SOURCE_RR);
+ }
+ else
+ {
+ t->fib_entry_index =
+ fib_table_entry_special_add (t->rx_fib_index,
+ &first_hop_pfx,
+ FIB_SOURCE_RR,
+ FIB_ENTRY_FLAG_NONE, ADJ_INDEX_INVALID);
+ t->sibling_index =
+ fib_entry_child_add (t->fib_entry_index,
+ sr_fib_node_type, t - sm->tunnels);
+ }
return 0;
}
@@ -886,6 +905,18 @@ find_or_add_shared_secret (ip6_sr_main_t * sm, u8 * secret, u32 * indexp)
}
/**
+ * @brief Stack a tunnel on the forwarding chain of the first-hop
+ */
+static void
+sr_tunnel_stack (ip6_sr_tunnel_t * st)
+{
+ dpo_stack (sr_dpo_type,
+ DPO_PROTO_IP6,
+ &st->first_hop_dpo,
+ fib_entry_contribute_ip_forwarding (st->fib_entry_index));
+}
+
+/**
* @brief Add or Delete a Segment Routing tunnel.
*
* @param a ip6_sr_add_del_tunnel_args_t *
@@ -909,7 +940,6 @@ ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
u8 hmac_key_index = 0;
ip6_sr_policy_t *pt;
int i;
- dpo_id_t dpo = DPO_INVALID;
/* Make sure that the rx FIB exists */
p = hash_get (im->fib_index_by_table_id, a->rx_table_id);
@@ -981,8 +1011,8 @@ ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
/* Delete existing tunnel */
t = pool_elt_at_index (sm->tunnels, p[0]);
- ip6_delete_route_no_next_hop (&t->key.dst, t->dst_mask_width,
- a->rx_table_id);
+ ip6_routes_add_del (t, 1);
+
vec_free (t->rewrite);
/* Remove tunnel from any policy if associated */
if (t->policy_index != ~0)
@@ -1014,6 +1044,7 @@ ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
hash_unset_mem (sm->tunnel_index_by_name, t->name);
vec_free (t->name);
}
+ dpo_reset (&t->first_hop_dpo);
pool_put (sm->tunnels, t);
hp = hash_get_pair (sm->tunnel_index_by_key, &key);
key_copy = (void *) (hp->key);
@@ -1026,6 +1057,7 @@ ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
pool_get (sm->tunnels, t);
memset (t, 0, sizeof (*t));
t->policy_index = ~0;
+ fib_node_init (&t->node, sr_fib_node_type);
clib_memcpy (&t->key, &key, sizeof (t->key));
t->dst_mask_width = a->dst_mask_width;
@@ -1124,20 +1156,13 @@ ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a)
* We don't handle ugly RFC-related cases yet, but I'm sure PL will complain
* at some point...
*/
- dpo_set (&dpo, sr_dpo_type, DPO_PROTO_IP6, t - sm->tunnels);
- fib_prefix_t pfx = {
- .fp_proto = FIB_PROTOCOL_IP6,
- .fp_len = a->dst_mask_width,
- .fp_addr = {
- .ip6 = *a->dst_address,
- }
- };
- fib_table_entry_special_dpo_add (rx_fib_index,
- &pfx,
- FIB_SOURCE_SR,
- FIB_ENTRY_FLAG_EXCLUSIVE, &dpo);
- dpo_reset (&dpo);
+ /*
+ * Add the routes for the tunnel destination and first-hop, then stack
+ * the tunnel on the appropriate forwarding DPOs.
+ */
+ ip6_routes_add_del (t, 0);
+ sr_tunnel_stack (t);
if (a->policy_name)
{
@@ -1197,7 +1222,7 @@ format_sr_dpo (u8 * s, va_list * args)
return (format (s, "SR: tunnel:[%d]", index));
}
-const static dpo_vft_t sr_vft = {
+const static dpo_vft_t sr_dpo_vft = {
.dv_lock = sr_dpo_lock,
.dv_unlock = sr_dpo_unlock,
.dv_format = format_sr_dpo,
@@ -1212,6 +1237,65 @@ const static char *const *const sr_nodes[DPO_PROTO_NUM] = {
[DPO_PROTO_IP6] = sr_ip6_nodes,
};
+static ip6_sr_tunnel_t *
+sr_tunnel_from_fib_node (fib_node_t * node)
+{
+#if (CLIB_DEBUG > 0)
+ ASSERT (sr_fib_node_type == node->fn_type);
+#endif
+ return ((ip6_sr_tunnel_t *) (((char *) node) -
+ STRUCT_OFFSET_OF (ip6_sr_tunnel_t, node)));
+}
+
+/**
+ * Function definition to backwalk a FIB node
+ */
+static fib_node_back_walk_rc_t
+sr_tunnel_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
+{
+ sr_tunnel_stack (sr_tunnel_from_fib_node (node));
+
+ return (FIB_NODE_BACK_WALK_CONTINUE);
+}
+
+/**
+ * Function definition to get a FIB node from its index
+ */
+static fib_node_t *
+sr_tunnel_fib_node_get (fib_node_index_t index)
+{
+ ip6_sr_tunnel_t *st;
+ ip6_sr_main_t *sm;
+
+ sm = &sr_main;
+ st = pool_elt_at_index (sm->tunnels, index);
+
+ return (&st->node);
+}
+
+/**
+ * Function definition to inform the FIB node that its last lock has gone.
+ */
+static void
+sr_tunnel_last_lock_gone (fib_node_t * node)
+{
+ /*
+ * The SR tunnel is a root of the graph. As such
+ * it never has children and thus is never locked.
+ */
+ ASSERT (0);
+}
+
+/*
+ * Virtual function table registered by SR tunnels
+ * for participation in the FIB object graph.
+ */
+const static fib_node_vft_t sr_fib_vft = {
+ .fnv_get = sr_tunnel_fib_node_get,
+ .fnv_last_lock = sr_tunnel_last_lock_gone,
+ .fnv_back_walk = sr_tunnel_back_walk,
+};
+
/**
* @brief CLI parser for Add or Delete a Segment Routing tunnel.
*
@@ -1764,6 +1848,8 @@ ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a)
ip6_sr_tunnel_t *t;
ip6_sr_main_t *sm = &sr_main;
ip6_sr_policy_t *pt;
+ index_t rep;
+ u32 ii;
if (a->is_del)
{
@@ -1803,23 +1889,49 @@ ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a)
* We don't handle ugly RFC-related cases yet, but I'm sure PL will complain
* at some point...
*/
- dpo_id_t dpo = DPO_INVALID;
-
- dpo_set (&dpo, sr_dpo_type, DPO_PROTO_IP6, t - sm->tunnels);
- /* Construct a FIB entry for multicast using the rx/tx fib from the first tunnel */
- fib_prefix_t pfx = {
+ /*
+ * Construct an mFIB entry for the multicast address,
+ * using the rx/tx fib from the first tunnel.
+ * There is no RPF information for this address (I need to discuss this with
+ * Pablo), so for now accept from anywhere...
+ */
+ /* *INDENT-OFF* */
+ mfib_prefix_t pfx = {
.fp_proto = FIB_PROTOCOL_IP6,
.fp_len = 128,
- .fp_addr = {
- .ip6 = *a->multicast_address,
- }
+ .fp_grp_addr = {
+ .ip6 = *a->multicast_address,
+ }
};
- fib_table_entry_special_dpo_add (t->rx_fib_index,
- &pfx,
- FIB_SOURCE_SR,
- FIB_ENTRY_FLAG_EXCLUSIVE, &dpo);
- dpo_reset (&dpo);
+ /* *INDENT-ON* */
+
+ if (a->is_del)
+ mfib_table_entry_delete (t->rx_fib_index, &pfx, MFIB_SOURCE_SRv6);
+ else
+ {
+ /*
+ * Construct a replicate DPO that will replicate received packets over
+ * each tunnel in the policy
+ */
+ dpo_id_t dpo = DPO_INVALID;
+
+ rep = replicate_create (vec_len (pt->tunnel_indices), DPO_PROTO_IP6);
+
+ vec_foreach_index (ii, pt->tunnel_indices)
+ {
+ dpo_set (&dpo, sr_dpo_type, DPO_PROTO_IP6, pt->tunnel_indices[ii]);
+
+ replicate_set_bucket (rep, ii, &dpo);
+ }
+
+ mfib_table_entry_special_add (t->rx_fib_index,
+ &pfx,
+ MFIB_SOURCE_SRv6,
+ MFIB_ENTRY_FLAG_ACCEPT_ALL_ITF, rep);
+
+ dpo_reset (&dpo);
+ }
u8 *mcast_copy = 0;
mcast_copy = vec_new (ip6_address_t, 1);
@@ -1829,13 +1941,12 @@ ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a)
{
hash_unset_mem (sm->policy_index_by_multicast_address, mcast_copy);
vec_free (mcast_copy);
- return 0;
}
- /* else */
-
- hash_set_mem (sm->policy_index_by_multicast_address, mcast_copy,
- pt - sm->policies);
-
+ else
+ {
+ hash_set_mem (sm->policy_index_by_multicast_address, mcast_copy,
+ pt - sm->policies);
+ }
return 0;
}
@@ -1888,12 +1999,7 @@ sr_add_del_multicast_map_command_fn (vlib_main_t * vm,
a->multicast_address = &multicast_address;
a->policy_name = policy_name;
-#if DPDK > 0 /*Cannot call replicate or configure multicast map yet without DPDK */
rv = ip6_sr_add_del_multicastmap (a);
-#else
- return clib_error_return (0,
- "cannot use multicast replicate spray case without DPDK installed");
-#endif /* DPDK */
switch (rv)
{
@@ -2295,12 +2401,6 @@ sr_init (vlib_main_t * vm)
ip6_rewrite_node = vlib_get_node_by_name (vm, (u8 *) "ip6-rewrite");
ASSERT (ip6_rewrite_node);
-#if DPDK > 0 /* Cannot run replicate without DPDK */
- /* Add a disposition to sr_replicate for the sr multicast replicate node */
- sm->ip6_lookup_sr_replicate_index =
- vlib_node_add_next (vm, ip6_lookup_node->index, sr_replicate_node.index);
-#endif /* DPDK */
-
/* Add a disposition to ip6_rewrite for the sr dst address hack node */
sm->ip6_rewrite_sr_next_index =
vlib_node_add_next (vm, ip6_rewrite_node->index,
@@ -2311,7 +2411,8 @@ sr_init (vlib_main_t * vm)
sm->md = (void *) EVP_get_digestbyname ("sha1");
sm->hmac_ctx = clib_mem_alloc (sizeof (HMAC_CTX));
- sr_dpo_type = dpo_register_new_type (&sr_vft, sr_nodes);
+ sr_dpo_type = dpo_register_new_type (&sr_dpo_vft, sr_nodes);
+ sr_fib_node_type = fib_node_register_new_type (&sr_fib_vft);
return error;
}
@@ -3087,7 +3188,7 @@ set_ip6_sr_rewrite_fn (vlib_main_t * vm,
hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
adj->rewrite_header.node_index = sr_fix_dst_addr_node.index;
- /* $$$$$ hack... steal the mcast group index */
+ /* $$$$$ hack... steal the interface address index */
adj->if_address_index =
vlib_node_add_next (vm, sr_fix_dst_addr_node.index,
hi->output_node_index);