diff options
Diffstat (limited to 'src/vnet/sr/sr.h')
-rw-r--r-- | src/vnet/sr/sr.h | 262 |
1 files changed, 262 insertions, 0 deletions
diff --git a/src/vnet/sr/sr.h b/src/vnet/sr/sr.h new file mode 100644 index 00000000000..610b36996f3 --- /dev/null +++ b/src/vnet/sr/sr.h @@ -0,0 +1,262 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file + * @brief Segment Routing header + * + * @note sr_replicate only works using DPDK today + */ +#ifndef included_vnet_sr_h +#define included_vnet_sr_h + +#include <vnet/vnet.h> +#include <vnet/sr/sr_packet.h> +#include <vnet/ip/ip6_packet.h> + +#include <openssl/opensslconf.h> +#include <stdlib.h> +#include <string.h> + +#include <openssl/crypto.h> +#include <openssl/sha.h> +#include <openssl/opensslv.h> +#include <openssl/hmac.h> + +/** + * @brief Segment Route tunnel key + */ +typedef struct +{ + ip6_address_t src; + ip6_address_t dst; +} ip6_sr_tunnel_key_t; + +/** + * @brief Segment Route tunnel + */ +typedef struct +{ + /** src, dst address */ + ip6_sr_tunnel_key_t key; + + /** Pptional tunnel name */ + u8 *name; + + /** Mask width for FIB entry */ + u32 dst_mask_width; + + /** First hop, to save 1 elt in the segment list */ + ip6_address_t first_hop; + + /** RX Fib index */ + u32 rx_fib_index; + /** TX Fib index */ + u32 tx_fib_index; + + /** The actual ip6 SR header */ + u8 *rewrite; + + /** Indicates that this tunnel is part of a policy comprising + of multiple tunnels. If == ~0 tunnel is not part of a policy */ + u32 policy_index; +} ip6_sr_tunnel_t; + +/** + * @brief Shared secret for keyed-hash message authentication code (HMAC). + */ +typedef struct +{ + u8 *shared_secret; +} ip6_sr_hmac_key_t; + +/** + * @brief Args required for add/del tunnel. + * + * Else we end up passing a LOT of parameters around. + */ +typedef struct +{ + /** Key (header imposition case) */ + ip6_address_t *src_address; + ip6_address_t *dst_address; + u32 dst_mask_width; + u32 rx_table_id; + u32 tx_table_id; + + /** optional name argument - for referencing SR tunnel/policy by name */ + u8 *name; + + /** optional policy name */ + u8 *policy_name; + + /** segment list, when inserting an ip6 SR header */ + ip6_address_t *segments; + + /** + * "Tag" list, aka segments inserted at the end of the list, + * past last_seg + */ + ip6_address_t *tags; + + /** Shared secret => generate SHA-256 HMAC security fields */ + u8 *shared_secret; + + /** Flags, e.g. cleanup, policy-list flags */ + u16 flags_net_byte_order; + + /** Delete the tunnnel? */ + u8 is_del; +} ip6_sr_add_del_tunnel_args_t; + +/** + * @brief Args for creating a policy. + * + * Typically used for multicast replication. + * ie a multicast address can be associated with a policy, + * then replicated across a number of unicast SR tunnels. + */ +typedef struct +{ + /** policy name */ + u8 *name; + + /** tunnel names */ + u8 **tunnel_names; + + /** Delete the policy? */ + u8 is_del; +} ip6_sr_add_del_policy_args_t; + +/** + * @brief Segment Routing policy. + * + * Typically used for multicast replication. + * ie a multicast address can be associated with a policy, + * then replicated across a number of unicast SR tunnels. + */ +typedef struct +{ + /** name of policy */ + u8 *name; + + /** vector to SR tunnel index */ + u32 *tunnel_indices; + +} ip6_sr_policy_t; + +/** + * @brief Args for mapping of multicast address to policy name. + * + * Typically used for multicast replication. + * ie a multicast address can be associated with a policy, + * then replicated across a number of unicast SR tunnels. + */ +typedef struct +{ + /** multicast IP6 address */ + ip6_address_t *multicast_address; + + /** name of policy to map to */ + u8 *policy_name; + + /** Delete the mapping */ + u8 is_del; + +} ip6_sr_add_del_multicastmap_args_t; + +/** + * @brief Segment Routing state. + */ +typedef struct +{ + /** pool of tunnel instances, sr entry only */ + ip6_sr_tunnel_t *tunnels; + + /** find an sr "tunnel" by its outer-IP src/dst */ + uword *tunnel_index_by_key; + + /** find an sr "tunnel" by its name */ + uword *tunnel_index_by_name; + + /** policy pool */ + ip6_sr_policy_t *policies; + + /** find a policy by name */ + uword *policy_index_by_policy_name; + + /** multicast address to policy mapping */ + uword *policy_index_by_multicast_address; + + /** hmac key id by shared secret */ + uword *hmac_key_by_shared_secret; + + /** ip6-rewrite next index for reinstalling the original dst address */ + u32 ip6_rewrite_sr_next_index; + + /** ip6-replicate next index for multicast tunnel */ + u32 ip6_lookup_sr_replicate_index; + + /** application API callback */ + void *sr_local_cb; + + /** validate hmac keys */ + u8 validate_hmac; + + /** pool of hmac keys */ + ip6_sr_hmac_key_t *hmac_keys; + + /** Openssl var */ + EVP_MD *md; + /** Openssl var */ + HMAC_CTX *hmac_ctx; + + /** enable debug spew */ + u8 is_debug; + + /** convenience */ + vlib_main_t *vlib_main; + /** convenience */ + vnet_main_t *vnet_main; +} ip6_sr_main_t; + +ip6_sr_main_t sr_main; + +format_function_t format_ip6_sr_header; +format_function_t format_ip6_sr_header_with_length; + +vlib_node_registration_t ip6_sr_input_node; + +#if DPDK > 0 +extern vlib_node_registration_t sr_replicate_node; +#endif /* DPDK */ + +int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a); +int ip6_sr_add_del_policy (ip6_sr_add_del_policy_args_t * a); +int ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a); + +void vnet_register_sr_app_callback (void *cb); + +void sr_fix_hmac (ip6_sr_main_t * sm, ip6_header_t * ip, + ip6_sr_header_t * sr); + +#endif /* included_vnet_sr_h */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |