From bc27d1be24815e1371dcce3bff2d3075a532acba Mon Sep 17 00:00:00 2001
From: Neale Ranns <neale.ranns@cisco.com>
Date: Mon, 5 Feb 2018 01:13:38 -0800
Subject: GBP plugin

Group Base Policy (GBP) defines:
 - endpoints: typically a VM or container that is connected to the
              virtual switch/router (i.e. to VPP)
 - endpoint-group: (EPG) a collection of endpoints
 - policy: rules determining which traffic can pass between EPGs a.k.a
            a 'contract'

Here, policy is implemented via an ACL.
EPG classification for transit packets is determined by:
 - source EPG: from the packet's input interface
 - destination EPG: from the packet's destination IP address.

Change-Id: I7b983844826b5fc3d49e21353ebda9df9b224e25
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
---
 src/plugins/gbp/gbp.h | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 src/plugins/gbp/gbp.h

(limited to 'src/plugins/gbp/gbp.h')

diff --git a/src/plugins/gbp/gbp.h b/src/plugins/gbp/gbp.h
new file mode 100644
index 00000000000..334a7438f53
--- /dev/null
+++ b/src/plugins/gbp/gbp.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2013 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Group Base Policy (GBP) defines:
+ *  - endpoints: typically a VM or container that is connected to the
+ *               virtual switch/router (i.e. to VPP)
+ *  - endpoint-group: (EPG) a collection of endpoints
+ *  - policy: rules determining which traffic can pass between EPGs a.k.a
+ *            a 'contract'
+ *
+ * Here, policy is implemented via an ACL.
+ * EPG classification for transit packets is determined by:
+ *  - source EPG: from the packet's input interface
+ *  - destination EPG: from the packet's destination IP address.
+ *
+ */
+
+#ifndef included_vnet_gbp_h
+#define included_vnet_gbp_h
+
+#include <vlib/vlib.h>
+#include <vnet/vnet.h>
+#include <vnet/ip/ip.h>
+
+typedef u32 epg_id_t;
+#define EPG_INVALID (~0)
+
+/**
+ * The key for an Endpoint
+ */
+typedef struct gbp_endpoint_key_t_
+{
+  /**
+   * The interface on which the EP is connected
+   */
+  u32 gek_sw_if_index;
+
+  /**
+   * The IP[46] address of the endpoint
+   */
+  ip46_address_t gek_ip;
+} gbp_endpoint_key_t;
+
+/**
+ * A Group Based Policy Endpoint.
+ * This is typcially a VM on the local compute node for which policy must be
+ * locally applied
+ */
+typedef struct gbp_endpoint_t_
+{
+  /**
+   * The endpoint's interface and IP address
+   */
+  gbp_endpoint_key_t *ge_key;
+
+  /**
+   * The endpoint's designated EPG
+   */
+  epg_id_t ge_epg_id;
+} gbp_endpoint_t;
+
+extern void gbp_endpoint_update (u32 sw_if_index,
+				 const ip46_address_t * ip, epg_id_t epg_id);
+extern void gbp_endpoint_delete (u32 sw_if_index, const ip46_address_t * ip);
+
+typedef int (*gbp_endpoint_cb_t) (gbp_endpoint_t * gbpe, void *ctx);
+extern void gbp_endpoint_walk (gbp_endpoint_cb_t bgpe, void *ctx);
+
+
+/**
+ * The key for an Contract
+ */
+typedef struct gbp_contract_key_t_
+{
+  union
+  {
+    struct
+    {
+      /**
+       * source and destination EPGs for which the ACL applies
+       */
+      epg_id_t gck_src;
+      epg_id_t gck_dst;
+    };
+    u64 as_u64;
+  };
+} gbp_contract_key_t;
+
+/**
+ * A Group Based Policy Contract.
+ *  Determines the ACL that applies to traffic pass between two endpoint groups
+ */
+typedef struct gbp_contract_t_
+{
+  /**
+   * source and destination EPGs
+   */
+  gbp_contract_key_t gc_key;
+
+  /**
+   * The ACL to apply for packets from the source to the destination EPG
+   */
+  u32 gc_acl_index;;
+} gbp_contract_t;
+
+
+extern void gbp_contract_update (epg_id_t src_epg,
+				 epg_id_t dst_epg, u32 acl_index);
+extern void gbp_contract_delete (epg_id_t src_epg, epg_id_t dst_epg);
+
+typedef int (*gbp_contract_cb_t) (gbp_contract_t * gbpe, void *ctx);
+extern void gbp_contract_walk (gbp_contract_cb_t bgpe, void *ctx);
+
+#endif
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
-- 
cgit 1.2.3-korg