From 669d07dc016757b856e1014a415996cf9f0ebc58 Mon Sep 17 00:00:00 2001 From: Andrew Yourtchenko Date: Fri, 17 Nov 2017 14:38:18 +0100 Subject: ACL based forwarding A poor man's flow switching or policy based rounting. An ACL is used to match packets and is associated with a [set of] forwarding paths that determine how to forward matched packets - collectively this association is a 'policy'. Policies are then 'attached', in a priority order, to an interface when thaey are encountered as an input feature. If a packet matches no policies it is forwarded normally in the IP FIB. This commit is used to test the "ACL-as-a-service" functionality, which currently compiles, and the existing traffic ACL tests pass in both hash and linear modes. Change-Id: I0b274ec9f2e645352fa898b43eb54c457e195964 Signed-off-by: Neale Ranns Signed-off-by: Andrew Yourtchenko Signed-off-by: Ole Troan --- src/plugins/abf/abf_policy.h | 118 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 src/plugins/abf/abf_policy.h (limited to 'src/plugins/abf/abf_policy.h') diff --git a/src/plugins/abf/abf_policy.h b/src/plugins/abf/abf_policy.h new file mode 100644 index 00000000000..71fa1a61afd --- /dev/null +++ b/src/plugins/abf/abf_policy.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __ABF_H__ +#define __ABF_H__ + +#include + +#define ABF_PLUGIN_VERSION_MAJOR 1 +#define ABF_PLUGIN_VERSION_MINOR 0 + +/** + * An ACL based Forwading 'policy'. + * This comprises the ACL index to match against and the forwarding + * path to take if the match is successfull. + * + * ABF policies are then 'attached' to interfaces. An input feature + * will run through the list of policies a match will divert the packet, + * if all miss then we continues down the interface's feature arc + */ +typedef struct abf_policy_t_ +{ + /** + * Linkage into the FIB graph + */ + fib_node_t ap_node; + + /** + * ACL index to match + */ + u32 ap_acl; + + /** + * The path-list describing how to forward in case of a match + */ + fib_node_index_t ap_pl; + + /** + * Sibling index on the path-list + */ + u32 ap_sibling; + + /** + * The policy ID - as configured by the client + */ + u32 ap_id; +} abf_policy_t; + +/** + * Get an ABF object from its VPP index + */ +extern abf_policy_t *abf_policy_get (index_t index); + +/** + * Find a ABF object from the client's policy ID + * + * @param policy_id Client's defined policy ID + * @return VPP's object index + */ +extern index_t abf_policy_find (u32 policy_id); + +/** + * The FIB node type for ABF policies + */ +extern fib_node_type_t abf_policy_fib_node_type; + +/** + * Create or update an ABF Policy + * + * @param policy_id User defined Policy ID + * @param acl_index The ACL the policy with match on + * @param rpaths The set of paths to add to the forwarding set + */ +extern void abf_policy_update (u32 policy_id, + u32 acl_index, + const fib_route_path_t * rpaths); + +/** + * Delete paths from an ABF Policy. If no more paths exist, the policy + * is deleted. + * + * @param policy_id User defined Policy ID + * @param rpaths The set of paths to forward remove + */ +extern int abf_policy_delete (u32 policy_id, const fib_route_path_t * rpaths); + +/** + * Callback function invoked during a walk of all policies + */ +typedef int (*abf_policy_walk_cb_t) (index_t index, void *ctx); + +/** + * Walk/visit each of the ABF policies + */ +extern void abf_policy_walk (abf_policy_walk_cb_t cb, void *ctx); + + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ + +#endif -- cgit 1.2.3-korg