summaryrefslogtreecommitdiffstats
path: root/test/test_l2tp.py
AgeCommit message (Expand)AuthorFilesLines
2019-05-28l2tp: l2tp-decap-local don't accept packets unless configuredJakub Grajciar1-0/+48
td class='lines'>
# Copyright (c) 2015 Cisco and/or its affiliates.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

#
# Copyright (c) 2007-2008 Eliot Dresselhaus
#
#  Permission is hereby granted, free of charge, to any person obtaining
#  a copy of this software and associated documentation files (the
#  "Software"), to deal in the Software without restriction, including
#  without limitation the rights to use, copy, modify, merge, publish,
#  distribute, sublicense, and/or sell copies of the Software, and to
#  permit persons to whom the Software is furnished to do so, subject to
#  the following conditions:
#
#  The above copyright notice and this permission notice shall be
#  included in all copies or substantial portions of the Software.
#
#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#

# Platform selects e.g. Linux config file
PLATFORM = vpp

native_arch = native

# Default for which packages go into read-only image
# used to have pam
default_root_packages = bash coreutils sysvinit util-linux mingetty procps

# Linux based platforms (PLATFORM=i686 PLATFORM=ppc etc.)
i686_arch = i686
x86_64_arch = x86_64
ppc_arch = ppc
d='n431' href='#n431'>431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464
/*
 * Copyright (c) 2015 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vnet/ip/ip.h>
#include <vnet/ip/ip_punt_drop.h>
#include <vnet/policer/policer.h>
#include <vnet/policer/police_inlines.h>

/* *INDENT-OFF* */
VNET_FEATURE_ARC_INIT (ip4_punt) =
{
  .arc_name  = "ip4-punt",
  .start_nodes = VNET_FEATURES ("ip4-punt"),
};

VNET_FEATURE_ARC_INIT (ip4_drop) =
{
  .arc_name  = "ip4-drop",
  .start_nodes = VNET_FEATURES ("ip4-drop", "ip4-not-enabled"),
};
/* *INDENT-ON* */

extern ip_punt_policer_t ip4_punt_policer_cfg;

#ifndef CLIB_MARCH_VARIANT
u8 *
format_ip_punt_policer_trace (u8 * s, va_list * args)
{
  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
  ip_punt_policer_trace_t *t = va_arg (*args, ip_punt_policer_trace_t *);

  s = format (s, "policer_index %d next %d", t->policer_index, t->next);
  return s;
}

ip_punt_policer_t ip4_punt_policer_cfg = {
  .policer_index = ~0,
};
#endif /* CLIB_MARCH_VARIANT */

static char *ip4_punt_policer_handoff_error_strings[] = { "congestion drop" };

VLIB_NODE_FN (ip4_punt_policer_handoff_node)
(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
{
  return policer_handoff (vm, node, frame, ip4_punt_policer_cfg.fq_index,
			  ip4_punt_policer_cfg.policer_index);
}

VLIB_REGISTER_NODE (ip4_punt_policer_handoff_node) = {
  .name = "ip4-punt-policer-handoff",
  .vector_size = sizeof (u32),
  .format_trace = format_policer_handoff_trace,
  .type = VLIB_NODE_TYPE_INTERNAL,
  .n_errors = ARRAY_LEN(ip4_punt_policer_handoff_error_strings),
  .error_strings = ip4_punt_policer_handoff_error_strings,

  .n_next_nodes = 1,
  .next_nodes = {
    [0] = "error-drop",
  },
};

static char *ip4_punt_policer_error_strings[] = {
#define _(sym,string) string,
  foreach_ip_punt_policer_error
#undef _
};

VLIB_NODE_FN (ip4_punt_policer_node) (vlib_main_t * vm,
				      vlib_node_runtime_t * node,
				      vlib_frame_t * frame)
{
  return (ip_punt_policer (vm, node, frame,
			   vnet_feat_arc_ip4_punt.feature_arc_index,
			   ip4_punt_policer_cfg.policer_index));
}

/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_punt_policer_node) = {
  .name = "ip4-punt-policer",
  .vector_size = sizeof (u32),
  .n_next_nodes = IP_PUNT_POLICER_N_NEXT,
  .format_trace = format_ip_punt_policer_trace,
  .n_errors = ARRAY_LEN(ip4_punt_policer_error_strings),
  .error_strings = ip4_punt_policer_error_strings,

  .next_nodes = {
    [IP_PUNT_POLICER_NEXT_DROP] = "ip4-drop",
    [IP_PUNT_POLICER_NEXT_HANDOFF] = "ip4-punt-policer-handoff",
  },
};

VNET_FEATURE_INIT (ip4_punt_policer_node) = {
  .arc_name = "ip4-punt",
  .node_name = "ip4-punt-policer",
  .runs_before = VNET_FEATURES("ip4-punt-redirect"),
};
/* *INDENT-ON* */


#define foreach_ip4_punt_redirect_error         \
_(DROP, "ip4 punt redirect drop")

typedef enum
{
#define _(sym,str) IP4_PUNT_REDIRECT_ERROR_##sym,
  foreach_ip4_punt_redirect_error
#undef _
    IP4_PUNT_REDIRECT_N_ERROR,
} ip4_punt_redirect_error_t;

static char *ip4_punt_redirect_error_strings[] = {
#define _(sym,string) string,
  foreach_ip4_punt_redirect_error
#undef _
};

VLIB_NODE_FN (ip4_punt_redirect_node) (vlib_main_t * vm,
				       vlib_node_runtime_t * node,
				       vlib_frame_t * frame)
{
  return (ip_punt_redirect (vm, node, frame,
			    vnet_feat_arc_ip4_punt.feature_arc_index,
			    FIB_PROTOCOL_IP4));
}

/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_punt_redirect_node) = {
  .name = "ip4-punt-redirect",
  .vector_size = sizeof (u32),
  .n_next_nodes = IP_PUNT_REDIRECT_N_NEXT,
  .format_trace = format_ip_punt_redirect_trace,
  .n_errors = ARRAY_LEN(ip4_punt_redirect_error_strings),
  .error_strings = ip4_punt_redirect_error_strings,

  /* edit / add dispositions here */
  .next_nodes = {
    [IP_PUNT_REDIRECT_NEXT_DROP] = "ip4-drop",
    [IP_PUNT_REDIRECT_NEXT_TX] = "ip4-rewrite",
    [IP_PUNT_REDIRECT_NEXT_ARP] = "ip4-arp",
  },
};

VNET_FEATURE_INIT (ip4_punt_redirect_node, static) = {
  .arc_name = "ip4-punt",
  .node_name = "ip4-punt-redirect",
  .runs_before = VNET_FEATURES("error-punt"),
};
/* *INDENT-ON* */

VLIB_NODE_FN (ip4_drop_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
			      vlib_frame_t * frame)
{
  if (node->flags & VLIB_NODE_FLAG_TRACE)
    ip4_forward_next_trace (vm, node, frame, VLIB_TX);

  return ip_drop_or_punt (vm, node, frame,
			  vnet_feat_arc_ip4_drop.feature_arc_index);

}

VLIB_NODE_FN (ip4_not_enabled_node) (vlib_main_t * vm,
				     vlib_node_runtime_t * node,
				     vlib_frame_t * frame)
{
  if (node->flags & VLIB_NODE_FLAG_TRACE)
    ip4_forward_next_trace (vm, node, frame, VLIB_TX);

  return ip_drop_or_punt (vm, node, frame,
			  vnet_feat_arc_ip4_drop.feature_arc_index);
}

static uword
ip4_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
{
  if (node->flags & VLIB_NODE_FLAG_TRACE)
    ip4_forward_next_trace (vm, node, frame, VLIB_TX);

  return ip_drop_or_punt (vm, node, frame,
			  vnet_feat_arc_ip4_punt.feature_arc_index);
}

/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_drop_node) =
{
  .name = "ip4-drop",
  .vector_size = sizeof (u32),
  .format_trace = format_ip4_forward_next_trace,
  .n_next_nodes = 1,
  .next_nodes = {
    [0] = "error-drop",
  },
};

VLIB_REGISTER_NODE (ip4_not_enabled_node) =
{
  .name = "ip4-not-enabled",
  .vector_size = sizeof (u32),
  .format_trace = format_ip4_forward_next_trace,
  .sibling_of = "ip4-drop",
};

VLIB_REGISTER_NODE (ip4_punt_node) =
{
  .function = ip4_punt,
  .name = "ip4-punt",
  .vector_size = sizeof (u32),
  .format_trace = format_ip4_forward_next_trace,
  .n_next_nodes = 1,
  .next_nodes = {
    [0] = "error-punt",
  },
};

VNET_FEATURE_INIT (ip4_punt_end_of_arc, static) = {
  .arc_name = "ip4-punt",
  .node_name = "error-punt",
  .runs_before = 0, /* not before any other features */
};

VNET_FEATURE_INIT (ip4_drop_end_of_arc, static) = {
  .arc_name = "ip4-drop",
  .node_name = "error-drop",
  .runs_before = 0, /* not before any other features */
};
/* *INDENT-ON */

#ifndef CLIB_MARCH_VARIANT
void
ip4_punt_policer_add_del (u8 is_add, u32 policer_index)
{
  ip4_punt_policer_cfg.policer_index = policer_index;

  vnet_feature_enable_disable ("ip4-punt", "ip4-punt-policer",
                               0, is_add, 0, 0);
}
#endif /* CLIB_MARCH_VARIANT */

static clib_error_t *
ip4_punt_police_cmd (vlib_main_t * vm,
                     unformat_input_t * main_input,
                     vlib_cli_command_t * cmd)
{
  unformat_input_t _line_input, *line_input = &_line_input;
  clib_error_t *error = 0;
  u32 policer_index;
  u8 is_add = 1;

  policer_index = ~0;

  if (!unformat_user (main_input, unformat_line_input, line_input))
    return 0;

  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
    {
      if (unformat (line_input, "%d", &policer_index))
        ;
      else if (unformat (line_input, "del"))
        is_add = 0;
      else if (unformat (line_input, "add"))
        is_add = 1;
      else
        {
          error = unformat_parse_error (line_input);
          goto done;
        }
    }

  if (is_add && ~0 == policer_index)
  {
      error = clib_error_return (0, "expected policer index `%U'",
                                 format_unformat_error, line_input);
      goto done;
  }
  if (!is_add)
      policer_index = ~0;

  ip4_punt_policer_add_del(is_add, policer_index);

done:
  unformat_free (line_input);
  return (error);
}

/*?
 *
 * @cliexpar
 * @cliexcmd{set ip punt policer <INDEX>}
 ?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (ip4_punt_policer_command, static) =
{
  .path = "ip punt policer",
  .function = ip4_punt_police_cmd,
  .short_help = "ip punt policer [add|del] <index>",
};
/* *INDENT-ON* */

#ifndef CLIB_MARCH_VARIANT

void
ip4_punt_redirect_add (u32 rx_sw_if_index,
		       u32 tx_sw_if_index, ip46_address_t * nh)
{
  /* *INDENT-OFF* */
  fib_route_path_t *rpaths = NULL, rpath = {
    .frp_proto = DPO_PROTO_IP4,
    .frp_addr = *nh,
    .frp_sw_if_index = tx_sw_if_index,
    .frp_weight = 1,
    .frp_fib_index = ~0,
  };
  /* *INDENT-ON* */

  vec_add1 (rpaths, rpath);

  ip4_punt_redirect_add_paths (rx_sw_if_index, rpaths);

  vec_free (rpaths);
}

void
ip4_punt_redirect_add_paths (u32 rx_sw_if_index, fib_route_path_t * rpaths)
{
  ip_punt_redirect_add (FIB_PROTOCOL_IP4,
			rx_sw_if_index,
			FIB_FORW_CHAIN_TYPE_UNICAST_IP4, rpaths);

  vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 1, 0, 0);
}

void
ip4_punt_redirect_del (u32 rx_sw_if_index)
{
  vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 0, 0, 0);

  ip_punt_redirect_del (FIB_PROTOCOL_IP4, rx_sw_if_index);
}
#endif /* CLIB_MARCH_VARIANT */

static clib_error_t *
ip4_punt_redirect_cmd (vlib_main_t * vm,
		       unformat_input_t * main_input,
		       vlib_cli_command_t * cmd)
{
  unformat_input_t _line_input, *line_input = &_line_input;
  ip46_address_t nh = { 0 };
  clib_error_t *error = 0;
  u32 rx_sw_if_index = ~0;
  u32 tx_sw_if_index = ~0;
  vnet_main_t *vnm;
  u8 is_add;

  is_add = 1;
  vnm = vnet_get_main ();

  if (!unformat_user (main_input, unformat_line_input, line_input))
    return 0;

  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
    {
      if (unformat (line_input, "del"))
	is_add = 0;
      else if (unformat (line_input, "add"))
	is_add = 1;
      else if (unformat (line_input, "rx all"))
	rx_sw_if_index = ~0;
      else if (unformat (line_input, "rx %U",
			 unformat_vnet_sw_interface, vnm, &rx_sw_if_index))
	;
      else if (unformat (line_input, "via %U %U",
			 unformat_ip4_address, &nh.ip4,
			 unformat_vnet_sw_interface, vnm, &tx_sw_if_index))
	;
      else if (unformat (line_input, "via %U",
			 unformat_vnet_sw_interface, vnm, &tx_sw_if_index))
	;
      else
	{
	  error = unformat_parse_error (line_input);
	  goto done;
	}
    }

  if (~0 == rx_sw_if_index)
    {
      error = unformat_parse_error (line_input);
      goto done;
    }

  if (is_add)
    {
      ip4_punt_redirect_add (rx_sw_if_index, tx_sw_if_index, &nh);
    }
  else
    {
      ip4_punt_redirect_del (rx_sw_if_index);
    }

done:
  unformat_free (line_input);
  return (error);
}

/*?
 *
 * @cliexpar
 * @cliexcmd{set ip punt policer}
 ?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (ip4_punt_redirect_command, static) =
{
  .path = "ip punt redirect",
  .function = ip4_punt_redirect_cmd,
  .short_help = "ip punt redirect [add|del] rx [<interface>|all] via [<nh>] <tx_interface>",
};
/* *INDENT-ON* */

static clib_error_t *
ip4_punt_redirect_show_cmd (vlib_main_t * vm,
			    unformat_input_t * main_input,
			    vlib_cli_command_t * cmd)
{
  vlib_cli_output (vm, "%U", format_ip_punt_redirect, FIB_PROTOCOL_IP4);

  return (NULL);
}

/*?
 *
 * @cliexpar
 * @cliexcmd{set ip punt redierect}
 ?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (show_ip4_punt_redirect_command, static) =
{
  .path = "show ip punt redirect",
  .function = ip4_punt_redirect_show_cmd,
  .short_help = "show ip punt redirect",
  .is_mp_safe = 1,
};
/* *INDENT-ON* */

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */