diff options
Diffstat (limited to 'src/vnet/srv6/sr_policy_rewrite.c')
-rw-r--r-- | src/vnet/srv6/sr_policy_rewrite.c | 184 |
1 files changed, 123 insertions, 61 deletions
diff --git a/src/vnet/srv6/sr_policy_rewrite.c b/src/vnet/srv6/sr_policy_rewrite.c index 95de43166a1..0aa88cc273e 100644 --- a/src/vnet/srv6/sr_policy_rewrite.c +++ b/src/vnet/srv6/sr_policy_rewrite.c @@ -33,7 +33,7 @@ * Traffic input usually is IPv6 packets. However it is possible to have * IPv4 packets or L2 frames. (that are encapsulated into IPv6 with SRH) * - * This file provides the appropiates VPP graph nodes to do any of these + * This file provides the appropriate VPP graph nodes to do any of these * methods. * */ @@ -47,7 +47,9 @@ #include <vnet/fib/ip6_fib.h> #include <vnet/dpo/dpo.h> #include <vnet/dpo/replicate_dpo.h> +#include <vnet/srv6/sr_pt.h> +#include <vppinfra/byte_order.h> #include <vppinfra/error.h> #include <vppinfra/elog.h> @@ -140,13 +142,11 @@ set_sr_src_command_fn (vlib_main_t * vm, unformat_input_t * input, return clib_error_return (0, "No address specified"); } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_sr_src_command, static) = { .path = "set sr encaps source", .short_help = "set sr encaps source addr <ip6_addr>", .function = set_sr_src_command_fn, }; -/* *INDENT-ON* */ /******************** SR rewrite set encaps IPv6 hop-limit ********************/ @@ -178,34 +178,40 @@ set_sr_hop_limit_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (set_sr_hop_limit_command, static) = { .path = "set sr encaps hop-limit", .short_help = "set sr encaps hop-limit <value>", .function = set_sr_hop_limit_command_fn, }; -/* *INDENT-ON* */ /*********************** SR rewrite string computation ************************/ /** * @brief SR rewrite string computation for IPv6 encapsulation (inline) * * @param sl is a vector of IPv6 addresses composing the Segment List + * @param src_v6addr is a encaps IPv6 source addr * * @return precomputed rewrite string for encapsulation */ static inline u8 * -compute_rewrite_encaps (ip6_address_t *sl, u8 type) +compute_rewrite_encaps (ip6_address_t *sl, ip6_address_t *src_v6addr, u8 type) { ip6_header_t *iph; ip6_sr_header_t *srh; + ip6_sr_pt_tlv_t *srh_pt_tlv; ip6_address_t *addrp, *this_address; u32 header_length = 0; u8 *rs = NULL; header_length = 0; header_length += IPv6_DEFAULT_HEADER_LENGTH; - if (vec_len (sl) > 1) + if (type == SR_POLICY_TYPE_TEF) + { + header_length += sizeof (ip6_sr_header_t); + header_length += vec_len (sl) * sizeof (ip6_address_t); + header_length += sizeof (ip6_sr_pt_tlv_t); + } + else if (vec_len (sl) > 1) { header_length += sizeof (ip6_sr_header_t); header_length += vec_len (sl) * sizeof (ip6_address_t); @@ -216,13 +222,39 @@ compute_rewrite_encaps (ip6_address_t *sl, u8 type) iph = (ip6_header_t *) rs; iph->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32 (0 | ((6 & 0xF) << 28)); - iph->src_address.as_u64[0] = sr_pr_encaps_src.as_u64[0]; - iph->src_address.as_u64[1] = sr_pr_encaps_src.as_u64[1]; + iph->src_address.as_u64[0] = src_v6addr->as_u64[0]; + iph->src_address.as_u64[1] = src_v6addr->as_u64[1]; iph->payload_length = header_length - IPv6_DEFAULT_HEADER_LENGTH; iph->protocol = IP_PROTOCOL_IPV6; iph->hop_limit = sr_pr_encaps_hop_limit; - if (vec_len (sl) > 1) + if (type == SR_POLICY_TYPE_TEF) + { + srh = (ip6_sr_header_t *) (iph + 1); + iph->protocol = IP_PROTOCOL_IPV6_ROUTE; + srh->protocol = IP_PROTOCOL_IPV6; + srh->type = ROUTING_HEADER_TYPE_SR; + srh->flags = 0x00; + srh->tag = 0x0000; + srh->segments_left = vec_len (sl) - 1; + srh->last_entry = vec_len (sl) - 1; + srh->length = + ((sizeof (ip6_sr_header_t) + (vec_len (sl) * sizeof (ip6_address_t)) + + sizeof (ip6_sr_pt_tlv_t)) / + 8) - + 1; + addrp = srh->segments + vec_len (sl) - 1; + vec_foreach (this_address, sl) + { + clib_memcpy_fast (addrp->as_u8, this_address->as_u8, + sizeof (ip6_address_t)); + addrp--; + } + srh_pt_tlv = (ip6_sr_pt_tlv_t *) (srh->segments + vec_len (sl)); + srh_pt_tlv->type = IP6_SRH_PT_TLV_TYPE; + srh_pt_tlv->length = IP6_SRH_PT_TLV_LEN; + } + else if (vec_len (sl) > 1) { srh = (ip6_sr_header_t *) (iph + 1); iph->protocol = IP_PROTOCOL_IPV6_ROUTE; @@ -335,18 +367,20 @@ compute_rewrite_bsid (ip6_address_t * sl) * * @param sr_policy is the SR policy where the SL will be added * @param sl is a vector of IPv6 addresses composing the Segment List + * @param encap_src is a encaps IPv6 source addr. optional. * @param weight is the weight of the SegmentList (for load-balancing purposes) * @param is_encap represents the mode (SRH insertion vs Encapsulation) * * @return pointer to the just created segment list */ static inline ip6_sr_sl_t * -create_sl (ip6_sr_policy_t * sr_policy, ip6_address_t * sl, u32 weight, - u8 is_encap) +create_sl (ip6_sr_policy_t *sr_policy, ip6_address_t *sl, + ip6_address_t *encap_src, u32 weight, u8 is_encap) { ip6_sr_main_t *sm = &sr_main; ip6_sr_sl_t *segment_list; sr_policy_fn_registration_t *plugin = 0; + ip6_address_t encap_srcv6 = sr_pr_encaps_src; pool_get (sm->sid_lists, segment_list); clib_memset (segment_list, 0, sizeof (*segment_list)); @@ -365,8 +399,14 @@ create_sl (ip6_sr_policy_t * sr_policy, ip6_address_t * sl, u32 weight, if (is_encap) { - segment_list->rewrite = compute_rewrite_encaps (sl, sr_policy->type); + if (encap_src) + { + clib_memcpy_fast (&encap_srcv6, encap_src, sizeof (ip6_address_t)); + } + segment_list->rewrite = + compute_rewrite_encaps (sl, &encap_srcv6, sr_policy->type); segment_list->rewrite_bsid = segment_list->rewrite; + sr_policy->encap_src = encap_srcv6; } else { @@ -434,7 +474,7 @@ create_sl (ip6_sr_policy_t * sr_policy, ip6_address_t * sl, u32 weight, } /** - * @brief Updates the Load Balancer after an SR Policy change + * @brief Updates the Load-Balancer after an SR Policy change * * @param sr_policy is the modified SR Policy */ @@ -625,17 +665,19 @@ update_replicate (ip6_sr_policy_t * sr_policy) * * @param bsid is the bindingSID of the SR Policy * @param segments is a vector of IPv6 address composing the segment list + * @param encap_src is a encaps IPv6 source addr. optional. * @param weight is the weight of the sid list. optional. * @param behavior is the behavior of the SR policy. (default//spray) * @param fib_table is the VRF where to install the FIB entry for the BSID - * @param is_encap (bool) whether SR policy should behave as Encap/SRH Insertion + * @param is_encap (bool) whether SR policy should behave as Encap/SRH + * Insertion * * @return 0 if correct, else error */ int -sr_policy_add (ip6_address_t *bsid, ip6_address_t *segments, u32 weight, - u8 type, u32 fib_table, u8 is_encap, u16 plugin, - void *ls_plugin_mem) +sr_policy_add (ip6_address_t *bsid, ip6_address_t *segments, + ip6_address_t *encap_src, u32 weight, u8 type, u32 fib_table, + u8 is_encap, u16 plugin, void *ls_plugin_mem) { ip6_sr_main_t *sm = &sr_main; ip6_sr_policy_t *sr_policy = 0; @@ -691,7 +733,7 @@ sr_policy_add (ip6_address_t *bsid, ip6_address_t *segments, u32 weight, NULL); /* Create a segment list and add the index to the SR policy */ - create_sl (sr_policy, segments, weight, is_encap); + create_sl (sr_policy, segments, encap_src, weight, is_encap); /* If FIB doesnt exist, create them */ if (sm->fib_table_ip6 == (u32) ~ 0) @@ -705,7 +747,8 @@ sr_policy_add (ip6_address_t *bsid, ip6_address_t *segments, u32 weight, } /* Create IPv6 FIB for the BindingSID attached to the DPO of the only SL */ - if (sr_policy->type == SR_POLICY_TYPE_DEFAULT) + if (sr_policy->type == SR_POLICY_TYPE_DEFAULT || + sr_policy->type == SR_POLICY_TYPE_TEF) update_lb (sr_policy); else if (sr_policy->type == SR_POLICY_TYPE_SPRAY) update_replicate (sr_policy); @@ -740,8 +783,6 @@ sr_policy_del (ip6_address_t * bsid, u32 index) else { sr_policy = pool_elt_at_index (sm->sr_policies, index); - if (!sr_policy) - return -1; } /* Remove BindingSID FIB entry */ @@ -822,6 +863,7 @@ sr_policy_del (ip6_address_t * bsid, u32 index) * @param fib_table is the VRF where to install the FIB entry for the BSID * @param operation is the operation to perform (among the top ones) * @param segments is a vector of IPv6 address composing the segment list + * @param encap_src is a encaps IPv6 source addr. optional. * @param sl_index is the index of the Segment List to modify/delete * @param weight is the weight of the sid list. optional. * @param is_encap Mode. Encapsulation or SRH insertion. @@ -829,8 +871,8 @@ sr_policy_del (ip6_address_t * bsid, u32 index) * @return 0 if correct, else error */ int -sr_policy_mod (ip6_address_t * bsid, u32 index, u32 fib_table, - u8 operation, ip6_address_t * segments, u32 sl_index, +sr_policy_mod (ip6_address_t *bsid, u32 index, u32 fib_table, u8 operation, + ip6_address_t *segments, ip6_address_t *encap_src, u32 sl_index, u32 weight) { ip6_sr_main_t *sm = &sr_main; @@ -850,15 +892,13 @@ sr_policy_mod (ip6_address_t * bsid, u32 index, u32 fib_table, else { sr_policy = pool_elt_at_index (sm->sr_policies, index); - if (!sr_policy) - return -1; } if (operation == 1) /* Add SR List to an existing SR policy */ { /* Create the new SL */ - segment_list = - create_sl (sr_policy, segments, weight, sr_policy->is_encap); + segment_list = create_sl (sr_policy, segments, encap_src, weight, + sr_policy->is_encap); /* Create a new LB DPO */ if (sr_policy->type == SR_POLICY_TYPE_DEFAULT) @@ -931,7 +971,7 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, int rv = -1; char is_del = 0, is_add = 0, is_mod = 0; char policy_set = 0; - ip6_address_t bsid, next_address; + ip6_address_t bsid, next_address, src_v6addr; u32 sr_policy_index = (u32) ~ 0, sl_index = (u32) ~ 0; u32 weight = (u32) ~ 0, fib_table = (u32) ~ 0; ip6_address_t *segments = 0, *this_seg; @@ -940,6 +980,7 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, u8 type = SR_POLICY_TYPE_DEFAULT; u16 behavior = 0; void *ls_plugin_mem = 0; + ip6_address_t *encap_src = 0; while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) { @@ -963,6 +1004,10 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, clib_memcpy_fast (this_seg->as_u8, next_address.as_u8, sizeof (*this_seg)); } + else if (unformat (input, "v6src %U", unformat_ip6_address, &src_v6addr)) + { + encap_src = &src_v6addr; + } else if (unformat (input, "add sl")) operation = 1; else if (unformat (input, "del sl index %d", &sl_index)) @@ -977,17 +1022,17 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, is_encap = 0; else if (unformat (input, "spray")) type = SR_POLICY_TYPE_SPRAY; + else if (unformat (input, "tef")) + type = SR_POLICY_TYPE_TEF; else if (!behavior && unformat (input, "behavior")) { sr_policy_fn_registration_t *plugin = 0, **vec_plugins = 0; sr_policy_fn_registration_t **plugin_it = 0; - /* *INDENT-OFF* */ pool_foreach (plugin, sm->policy_plugin_functions) { vec_add1 (vec_plugins, plugin); } - /* *INDENT-ON* */ vec_foreach (plugin_it, vec_plugins) { @@ -1025,8 +1070,8 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, if (vec_len (segments) == 0) return clib_error_return (0, "No Segment List specified"); - rv = sr_policy_add (&bsid, segments, weight, type, fib_table, is_encap, - behavior, ls_plugin_mem); + rv = sr_policy_add (&bsid, segments, encap_src, weight, type, fib_table, + is_encap, behavior, ls_plugin_mem); vec_free (segments); } @@ -1044,9 +1089,9 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, if (operation == 3 && weight == (u32) ~ 0) return clib_error_return (0, "No new weight for the SL specified"); - rv = sr_policy_mod ((sr_policy_index != (u32) ~ 0 ? NULL : &bsid), + rv = sr_policy_mod ((sr_policy_index != (u32) ~0 ? NULL : &bsid), sr_policy_index, fib_table, operation, segments, - sl_index, weight); + encap_src, sl_index, weight); if (segments) vec_free (segments); @@ -1082,7 +1127,6 @@ sr_policy_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (sr_policy_command, static) = { .path = "sr policy", .short_help = "sr policy [add||del||mod] [bsid 2001::1||index 5] " @@ -1102,7 +1146,6 @@ VLIB_CLI_COMMAND (sr_policy_command, static) = { "SID lists.\n", .function = sr_policy_command_fn, }; -/* *INDENT-ON* */ /** * @brief CLI to display onscreen all the SR policies @@ -1122,10 +1165,8 @@ show_sr_policies_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_output (vm, "SR policies:"); - /* *INDENT-OFF* */ pool_foreach (sr_policy, sm->sr_policies) {vec_add1 (vec_policies, sr_policy); } - /* *INDENT-ON* */ vec_foreach_index (i, vec_policies) { @@ -1136,11 +1177,20 @@ show_sr_policies_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_output (vm, "\tBehavior: %s", (sr_policy->is_encap ? "Encapsulation" : "SRH insertion")); + if (sr_policy->is_encap) + { + vlib_cli_output (vm, "\tEncapSrcIP: %U", format_ip6_address, + &sr_policy->encap_src); + } switch (sr_policy->type) { case SR_POLICY_TYPE_SPRAY: vlib_cli_output (vm, "\tType: %s", "Spray"); break; + case SR_POLICY_TYPE_TEF: + vlib_cli_output (vm, "\tType: %s", + "TEF (Timestamp, Encapsulate, and Forward)"); + break; default: vlib_cli_output (vm, "\tType: %s", "Default"); break; @@ -1168,13 +1218,11 @@ show_sr_policies_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_sr_policies_command, static) = { .path = "show sr policies", .short_help = "show sr policies", .function = show_sr_policies_command_fn, }; -/* *INDENT-ON* */ /** * @brief CLI to display onscreen the SR encaps source addr @@ -1189,13 +1237,11 @@ show_sr_encaps_source_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_sr_encaps_source_command, static) = { .path = "show sr encaps source addr", .short_help = "show sr encaps source addr", .function = show_sr_encaps_source_command_fn, }; -/* *INDENT-ON* */ /** * @brief CLI to display onscreen the hop-limit value used for SRv6 encapsulation @@ -1210,13 +1256,11 @@ show_sr_encaps_hop_limit_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_sr_encaps_hop_limit_command, static) = { .path = "show sr encaps hop-limit", .short_help = "show sr encaps hop-limit", .function = show_sr_encaps_hop_limit_command_fn, }; -/* *INDENT-ON* */ /*************************** SR rewrite graph node ****************************/ /** @@ -1236,6 +1280,36 @@ format_sr_policy_rewrite_trace (u8 * s, va_list * args) return s; } +/** + * @brief SRv6 TEF (Timestamp, Encapsulate, and Forward) behavior + */ +static_always_inline void +srv6_tef_behavior (vlib_node_runtime_t *node, vlib_buffer_t *b0, + ip6_header_t *ip0) +{ + ip6_sr_header_t *srh; + ip6_sr_pt_tlv_t *srh_pt_tlv; + timestamp_64_t ts; + sr_pt_iface_t *ls = 0; + u16 id_ld = 0; + srh = (ip6_sr_header_t *) (ip0 + 1); + + srh_pt_tlv = + (ip6_sr_pt_tlv_t *) ((u8 *) ip0 + sizeof (ip6_header_t) + + sizeof (ip6_sr_header_t) + + sizeof (ip6_address_t) * (srh->last_entry + 1)); + + unix_time_now_nsec_fraction (&ts.sec, &ts.nsec); + srh_pt_tlv->t64.sec = clib_host_to_net_u32 (ts.sec); + srh_pt_tlv->t64.nsec = clib_host_to_net_u32 (ts.nsec); + ls = sr_pt_find_iface (vnet_buffer (b0)->sw_if_index[VLIB_RX]); + if (ls) + { + id_ld = ls->id << 4; + id_ld |= ls->ingress_load; + srh_pt_tlv->id_ld = clib_host_to_net_u16 (id_ld); + } +} /** * @brief IPv6 encapsulation processing as per RFC2473 @@ -1261,6 +1335,8 @@ encaps_processing_v6 (vlib_node_runtime_t *node, vlib_buffer_t *b0, ip0_encap->ip_version_traffic_class_and_flow_label) & 0xfff00000) | (flow_label & 0x0000ffff)); + if (policy_type == SR_POLICY_TYPE_TEF) + srv6_tef_behavior (node, b0, ip0); } /** @@ -1502,7 +1578,6 @@ sr_policy_rewrite_encaps (vlib_main_t * vm, vlib_node_runtime_t * node, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (sr_policy_rewrite_encaps_node) = { .function = sr_policy_rewrite_encaps, .name = "sr-pl-rewrite-encaps", @@ -1518,7 +1593,6 @@ VLIB_REGISTER_NODE (sr_policy_rewrite_encaps_node) = { #undef _ }, }; -/* *INDENT-ON* */ /** * @brief IPv4 encapsulation processing as per RFC2473 @@ -1795,7 +1869,6 @@ sr_policy_rewrite_encaps_v4 (vlib_main_t * vm, vlib_node_runtime_t * node, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (sr_policy_rewrite_encaps_v4_node) = { .function = sr_policy_rewrite_encaps_v4, .name = "sr-pl-rewrite-encaps-v4", @@ -1811,7 +1884,6 @@ VLIB_REGISTER_NODE (sr_policy_rewrite_encaps_v4_node) = { #undef _ }, }; -/* *INDENT-ON* */ always_inline u32 ip_flow_hash (void *data) @@ -2237,7 +2309,6 @@ sr_policy_rewrite_encaps_l2 (vlib_main_t * vm, vlib_node_runtime_t * node, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (sr_policy_rewrite_encaps_l2_node) = { .function = sr_policy_rewrite_encaps_l2, .name = "sr-pl-rewrite-encaps-l2", @@ -2253,7 +2324,6 @@ VLIB_REGISTER_NODE (sr_policy_rewrite_encaps_l2_node) = { #undef _ }, }; -/* *INDENT-ON* */ /** * @brief Graph node for applying a SR policy into a packet. SRH insertion. @@ -2659,7 +2729,6 @@ sr_policy_rewrite_insert (vlib_main_t * vm, vlib_node_runtime_t * node, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (sr_policy_rewrite_insert_node) = { .function = sr_policy_rewrite_insert, .name = "sr-pl-rewrite-insert", @@ -2675,7 +2744,6 @@ VLIB_REGISTER_NODE (sr_policy_rewrite_insert_node) = { #undef _ }, }; -/* *INDENT-ON* */ /** * @brief Graph node for applying a SR policy into a packet. BSID - SRH insertion. @@ -3070,7 +3138,6 @@ sr_policy_rewrite_b_insert (vlib_main_t * vm, vlib_node_runtime_t * node, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (sr_policy_rewrite_b_insert_node) = { .function = sr_policy_rewrite_b_insert, .name = "sr-pl-rewrite-b-insert", @@ -3086,7 +3153,6 @@ VLIB_REGISTER_NODE (sr_policy_rewrite_b_insert_node) = { #undef _ }, }; -/* *INDENT-ON* */ /** * @brief Function BSID encapsulation @@ -3112,6 +3178,8 @@ end_bsid_encaps_srh_processing (vlib_node_runtime_t *node, vlib_buffer_t *b0, ip0->dst_address.as_u64[1] = new_dst0->as_u64[1]; return; } + else if (sr0->segments_left == 0 && policy_type == SR_POLICY_TYPE_TEF) + return; } error_bsid_encaps: @@ -3379,7 +3447,6 @@ sr_policy_rewrite_b_encaps (vlib_main_t * vm, vlib_node_runtime_t * node, return from_frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (sr_policy_rewrite_b_encaps_node) = { .function = sr_policy_rewrite_b_encaps, .name = "sr-pl-rewrite-b-encaps", @@ -3395,7 +3462,6 @@ VLIB_REGISTER_NODE (sr_policy_rewrite_b_encaps_node) = { #undef _ }, }; -/* *INDENT-ON* */ /*************************** SR Policy plugins ******************************/ /** @@ -3463,10 +3529,8 @@ show_sr_policy_behaviors_command_fn (vlib_main_t * vm, vlib_cli_output (vm, "SR Policy behaviors:\n-----------------------\n\n"); - /* *INDENT-OFF* */ pool_foreach (plugin, sm->policy_plugin_functions) { vec_add1 (plugins_vec, plugin); } - /* *INDENT-ON* */ vlib_cli_output (vm, "Plugin behaviors:\n"); for (i = 0; i < vec_len (plugins_vec); i++) @@ -3479,13 +3543,11 @@ show_sr_policy_behaviors_command_fn (vlib_main_t * vm, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_sr_policy_behaviors_command, static) = { .path = "show sr policy behaviors", .short_help = "show sr policy behaviors", .function = show_sr_policy_behaviors_command_fn, }; -/* *INDENT-ON* */ /*************************** SR Segment Lists DPOs ****************************/ static u8 * |