aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/classify/classify.api5
-rw-r--r--src/vnet/classify/vnet_classify.c10
-rw-r--r--src/vnet/classify/vnet_classify.h1
-rw-r--r--src/vnet/ip/ip_input_acl.c2
-rw-r--r--src/vnet/srv6/sr_steering.md24
5 files changed, 41 insertions, 1 deletions
diff --git a/src/vnet/classify/classify.api b/src/vnet/classify/classify.api
index de9de773858..9d666ee35a5 100644
--- a/src/vnet/classify/classify.api
+++ b/src/vnet/classify/classify.api
@@ -90,8 +90,13 @@ define classify_add_del_table_reply
2: Classified IP packets will be looked up from the
specified ipv6 fib table (configured by metadata as VRF id).
Only valid for L3 input ACL node
+ 3: Classified packet will be steered to source routig policy
+ of given index (in metadata).
+ This is only valid for IPv6 packets redirected to a source
+ routing node.
@param metadata - valid only if action != 0
VRF id if action is 1 or 2.
+ sr policy index if action is 3.
@param match[] - for add, match value for session, required
*/
autoreply define classify_add_del_session
diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c
index f2fe23b3231..d634550bafd 100644
--- a/src/vnet/classify/vnet_classify.c
+++ b/src/vnet/classify/vnet_classify.c
@@ -373,6 +373,8 @@ vnet_classify_entry_claim_resource (vnet_classify_entry_t *e)
case CLASSIFY_ACTION_SET_IP6_FIB_INDEX:
fib_table_lock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY);
break;
+ case CLASSIFY_ACTION_SET_SR_POLICY_INDEX:
+ break;
}
}
@@ -387,6 +389,8 @@ vnet_classify_entry_release_resource (vnet_classify_entry_t *e)
case CLASSIFY_ACTION_SET_IP6_FIB_INDEX:
fib_table_unlock (e->metadata, FIB_PROTOCOL_IP6, FIB_SOURCE_CLASSIFY);
break;
+ case CLASSIFY_ACTION_SET_SR_POLICY_INDEX:
+ break;
}
}
@@ -2104,6 +2108,8 @@ int vnet_classify_add_del_session (vnet_classify_main_t * cm,
e->metadata = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
metadata,
FIB_SOURCE_CLASSIFY);
+ else if (e->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX)
+ e->metadata = metadata;
else
e->metadata = 0;
@@ -2172,6 +2178,8 @@ classify_session_command_fn (vlib_main_t * vm,
action = 1;
else if (unformat (input, "action set-ip6-fib-id %d", &metadata))
action = 2;
+ else if (unformat (input, "action set-sr-policy-index %d", &metadata))
+ action = 3;
else
{
/* Try registered opaque-index unformat fns */
@@ -2217,7 +2225,7 @@ VLIB_CLI_COMMAND (classify_session_command, static) = {
"classify session [hit-next|l2-hit-next|"
"acl-hit-next <next_index>|policer-hit-next <policer_name>]"
"\n table-index <nn> match [hex] [l2] [l3 ip4] [opaque-index <index>]"
- "\n [action set-ip4-fib-id <n>] [action set-ip6-fib-id <n>] [del]",
+ "\n [action set-ip4-fib-id|set-ip6-fib-id|set-sr-policy-index <n>] [del]",
.function = classify_session_command_fn,
};
diff --git a/src/vnet/classify/vnet_classify.h b/src/vnet/classify/vnet_classify.h
index 1eb5b14d024..c4a5a61364c 100644
--- a/src/vnet/classify/vnet_classify.h
+++ b/src/vnet/classify/vnet_classify.h
@@ -66,6 +66,7 @@ typedef enum vnet_classify_action_t_
{
CLASSIFY_ACTION_SET_IP4_FIB_INDEX = 1,
CLASSIFY_ACTION_SET_IP6_FIB_INDEX = 2,
+ CLASSIFY_ACTION_SET_SR_POLICY_INDEX = 3,
} __attribute__ ((packed)) vnet_classify_action_t;
struct _vnet_classify_main;
diff --git a/src/vnet/ip/ip_input_acl.c b/src/vnet/ip/ip_input_acl.c
index b0b52ab11c3..1dd5317ee24 100644
--- a/src/vnet/ip/ip_input_acl.c
+++ b/src/vnet/ip/ip_input_acl.c
@@ -288,6 +288,8 @@ ip_inacl_inline (vlib_main_t * vm,
if (e0->action == CLASSIFY_ACTION_SET_IP4_FIB_INDEX ||
e0->action == CLASSIFY_ACTION_SET_IP6_FIB_INDEX)
vnet_buffer (b0)->sw_if_index[VLIB_TX] = e0->metadata;
+ else if (e0->action == CLASSIFY_ACTION_SET_SR_POLICY_INDEX)
+ vnet_buffer (b0)->ip.adj_index[VLIB_TX] = e0->metadata;
}
else
{
diff --git a/src/vnet/srv6/sr_steering.md b/src/vnet/srv6/sr_steering.md
index cf446f8171e..7e91892e0bc 100644
--- a/src/vnet/srv6/sr_steering.md
+++ b/src/vnet/srv6/sr_steering.md
@@ -1,5 +1,7 @@
# Steering packets into a SR Policy {#srv6_steering_doc}
+## steer packets uging the sr steering policy
+
To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L2 behaviors), the user needs to create an 'sr steering policy'.
sr steer l3 2001::/64 via sr policy index 1
@@ -9,3 +11,25 @@ To steer packets in Transit into an SR policy (T.Insert, T.Encaps and T.Encaps.L
sr steer l2 TenGE0/1/0 via sr policy bsid cafe::1
Disclaimer: The T.Encaps.L2 will steer L2 frames into an SR Policy. Notice that creating an SR steering policy for L2 frames will actually automatically *put the interface into promiscous mode*.
+
+## steer packets using the classifier
+
+Another way to steer packet is to use the classifier.
+
+First the user need to manually add the source routing node to the list of the
+ip6-inacl next nodes.
+Using the python api this can be donne with:
+
+ # jsonfiles = get list of json api files
+ vpp = VPP(jsonfiles)
+ vpp.add_node_next(node_name='ip6-inacl', next_name='sr-pl-rewrite-insert')
+
+Below is a classifier mask filtering all the packets from the interface
+TenGigabitEthernet5/0/0 on ip version and moving all ipv6 packets to the
+sr-pl-rewrite-insert node (dropping the others) and applying the source routing
+index 2.
+In essence, this means "apply this sr policy to all the packets from this interface)
+
+ vpp# classify table miss-next 0 current-data-flag 1 mask hex f000000000000000 skip 0
+ vpp# classify session acl-hit-next 1 table-index 0 match hex 6000000000000000 action set-sr-policy-index 2
+ vpp# set interface input acl intfc TenGigabitEthernet5/0/0 ip6-table 0