From d1e68ab77e57f3f170c989d9f73b6a44648b4f60 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Mon, 1 Oct 2018 01:42:13 -0700 Subject: Source VRF Select match against a packet's source address to determine the VRF for the subsequent destination address lookup. Change-Id: I48ee0ef54dcb891f0ec7f879e4d3b925a0ed0081 Signed-off-by: Neale Ranns --- src/plugins/svs/svs.c | 611 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 611 insertions(+) create mode 100644 src/plugins/svs/svs.c (limited to 'src/plugins/svs/svs.c') diff --git a/src/plugins/svs/svs.c b/src/plugins/svs/svs.c new file mode 100644 index 00000000000..d9e46a50de8 --- /dev/null +++ b/src/plugins/svs/svs.c @@ -0,0 +1,611 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +u32 *svs_itf_db[FIB_PROTOCOL_IP_MAX]; + +int +svs_table_add (fib_protocol_t fproto, u32 table_id) +{ + fib_table_find_or_create_and_lock (fproto, table_id, FIB_SOURCE_PLUGIN_LOW); + + return (0); +} + +int +svs_table_delete (fib_protocol_t fproto, u32 table_id) +{ + u32 fib_index; + + fib_index = fib_table_find (fproto, table_id); + + if (~0 == fib_index) + return VNET_API_ERROR_NO_SUCH_FIB; + + fib_table_unlock (fib_index, fproto, FIB_SOURCE_PLUGIN_LOW); + + return (0); +} + +static int +svs_route_add_i (u32 fib_index, const fib_prefix_t * pfx, u32 src_fib_index) +{ + dpo_id_t dpo = DPO_INVALID; + + + lookup_dpo_add_or_lock_w_fib_index (src_fib_index, + fib_proto_to_dpo (pfx->fp_proto), + LOOKUP_UNICAST, + LOOKUP_INPUT_SRC_ADDR, + LOOKUP_TABLE_FROM_CONFIG, &dpo); + + fib_table_entry_special_dpo_add (fib_index, pfx, + FIB_SOURCE_PLUGIN_LOW, + FIB_ENTRY_FLAG_EXCLUSIVE, &dpo); + + dpo_unlock (&dpo); + + return (0); +} + +int +svs_route_add (u32 table_id, const fib_prefix_t * pfx, u32 source_table_id) +{ + u32 fib_index, src_fib_index; + int rv; + + fib_index = fib_table_find (pfx->fp_proto, table_id); + + if (~0 == fib_index) + return VNET_API_ERROR_NO_SUCH_FIB; + + src_fib_index = fib_table_find (pfx->fp_proto, source_table_id); + + if (~0 == src_fib_index) + return (VNET_API_ERROR_NO_SUCH_FIB); + + rv = svs_route_add_i (fib_index, pfx, src_fib_index); + + return (rv); +} + +int +svs_route_delete (u32 table_id, const fib_prefix_t * pfx) +{ + u32 fib_index; + + fib_index = fib_table_find (pfx->fp_proto, table_id); + + if (~0 == fib_index) + return VNET_API_ERROR_NO_SUCH_FIB; + + fib_table_entry_special_remove (fib_index, pfx, FIB_SOURCE_PLUGIN_LOW); + + return (0); +} + +int +svs_enable (fib_protocol_t fproto, u32 table_id, u32 sw_if_index) +{ + fib_prefix_t pfx = { + .fp_proto = fproto, + }; + u32 fib_index; + + fib_index = fib_table_find (fproto, table_id); + + if (~0 == fib_index) + return VNET_API_ERROR_NO_SUCH_FIB; + + /* + * now we know which interface the table will serve, we can add the default + * route to use the table that the interface is bound to. + */ + svs_route_add_i (fib_index, &pfx, + fib_table_get_index_for_sw_if_index (fproto, sw_if_index)); + + vec_validate_init_empty (svs_itf_db[fproto], sw_if_index, ~0); + + svs_itf_db[fproto][sw_if_index] = fib_index; + + vnet_feature_enable_disable ((FIB_PROTOCOL_IP4 == fproto ? + "ip4-unicast" : + "ip6-unicast"), + (FIB_PROTOCOL_IP4 == fproto ? + "svs-ip4" : + "svs-ip6"), sw_if_index, 1, NULL, 0); + + return (0); +} + +static void +svs_table_bind (fib_protocol_t fproto, u32 sw_if_index, u32 itf_fib_index) +{ + /* + * update the default route to use the interface's newly bound FIB + */ + u32 svs_fib_index; + + if (sw_if_index >= vec_len (svs_itf_db[FIB_PROTOCOL_IP6])) + return; + + svs_fib_index = svs_itf_db[FIB_PROTOCOL_IP6][sw_if_index]; + + if (~0 != svs_fib_index) + { + fib_prefix_t pfx = { + .fp_proto = fproto, + }; + + svs_route_add (svs_fib_index, &pfx, itf_fib_index); + } + /* + * else + * no SVS enable on this interface + */ +} + +static void +svs_ip6_table_bind (ip6_main_t * im, + uword opaque, + u32 sw_if_index, u32 new_fib_index, u32 old_fib_index) +{ + svs_table_bind (FIB_PROTOCOL_IP6, sw_if_index, new_fib_index); +} + +static void +svs_ip4_table_bind (ip4_main_t * im, + uword opaque, + u32 sw_if_index, u32 new_fib_index, u32 old_fib_index) +{ + svs_table_bind (FIB_PROTOCOL_IP4, sw_if_index, new_fib_index); +} + +int +svs_disable (fib_protocol_t fproto, u32 table_id, u32 sw_if_index) +{ + u32 fib_index; + + fib_index = fib_table_find (fproto, table_id); + + if (~0 == fib_index) + return VNET_API_ERROR_NO_SUCH_FIB; + + if (sw_if_index <= vec_len (svs_itf_db[fproto])) + return VNET_API_ERROR_INVALID_SW_IF_INDEX; + + svs_itf_db[fproto][sw_if_index] = ~0; + + vnet_feature_enable_disable ((FIB_PROTOCOL_IP4 == fproto ? + "ip4-unicast" : + "ip6-unicast"), + (FIB_PROTOCOL_IP4 == fproto ? + "svs-ip4" : + "svs-ip6"), sw_if_index, 0, NULL, 0); + + return (0); +} + +void +svs_walk (svs_walk_fn_t fn, void *ctx) +{ + fib_protocol_t fproto; + u32 ii, fib_index; + + FOR_EACH_FIB_IP_PROTOCOL (fproto) + { + vec_foreach_index (ii, svs_itf_db[fproto]) + { + fib_index = svs_itf_db[fproto][ii]; + + if (~0 != fib_index) + { + if (WALK_CONTINUE != fn (fproto, + fib_table_get_table_id (fib_index, fproto), + ii, ctx)) + return; + } + } + } +} + +typedef enum svs_next_t_ +{ + SVS_NEXT_DROP, + SVS_N_NEXT, +} svs_next_t; + +typedef struct svs_input_trace_t_ +{ + u32 fib_index; +} svs_input_trace_t; + +always_inline uword +svs_input_inline (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame, fib_protocol_t fproto) +{ + u32 n_left_from, *from, *to_next, next_index; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = node->cached_next_index; + + while (n_left_from > 0) + { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from > 0 && n_left_to_next > 0) + { + const load_balance_t *lb0; + const lookup_dpo_t *lk0; + u32 bi0, sw_if_index0; + const dpo_id_t *dpo0; + vlib_buffer_t *b0; + svs_next_t next0; + index_t lbi0; + + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + + if (FIB_PROTOCOL_IP4 == fproto) + { + ip4_header_t *ip0; + + ip0 = vlib_buffer_get_current (b0); + lbi0 = + ip4_fib_forwarding_lookup (svs_itf_db[fproto][sw_if_index0], + &ip0->src_address); + } + else + { + ip6_header_t *ip0; + + ip0 = vlib_buffer_get_current (b0); + lbi0 = ip6_fib_table_fwding_lookup (&ip6_main, + svs_itf_db[fproto] + [sw_if_index0], + &ip0->src_address); + } + lb0 = load_balance_get (lbi0); + dpo0 = load_balance_get_fwd_bucket (lb0, 0); + lk0 = lookup_dpo_get (dpo0->dpoi_index); + + vnet_buffer (b0)->sw_if_index[VLIB_TX] = lk0->lkd_fib_index; + + vnet_feature_next (&next0, b0); + + if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) + { + svs_input_trace_t *tr; + + tr = vlib_add_trace (vm, node, b0, sizeof (*tr)); + tr->fib_index = vnet_buffer (b0)->sw_if_index[VLIB_TX]; + } + + /* verify speculative enqueue, maybe switch current next frame */ + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, + to_next, n_left_to_next, bi0, + next0); + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + + return frame->n_vectors; +} + +static uword +svs_input_ip4 (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return svs_input_inline (vm, node, frame, FIB_PROTOCOL_IP4); +} + +static uword +svs_input_ip6 (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return svs_input_inline (vm, node, frame, FIB_PROTOCOL_IP6); +} + +static u8 * +format_svs_input_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + svs_input_trace_t *t = va_arg (*args, svs_input_trace_t *); + + s = format (s, " fib_index %d", t->fib_index); + return s; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (svs_ip4_node) = +{ + .function = svs_input_ip4, + .name = "svs-ip4", + .vector_size = sizeof (u32), + .format_trace = format_svs_input_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_next_nodes = SVS_N_NEXT, + .next_nodes = + { + [SVS_NEXT_DROP] = "error-drop", + } +}; + +VLIB_REGISTER_NODE (svs_ip6_node) = +{ + .function = svs_input_ip6, + .name = "svs-ip6", + .vector_size = sizeof (u32), + .format_trace = format_svs_input_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .next_nodes = + { + [SVS_NEXT_DROP] = "error-drop", + } +}; + +VNET_FEATURE_INIT (svs_ip4_feat, static) = +{ + .arc_name = "ip4-unicast", + .node_name = "svs-ip4", +}; + +VNET_FEATURE_INIT (svs_ip6_feat, static) = +{ + .arc_name = "ip6-unicast", + .node_name = "svs-ip6", +}; +/* *INDENT-ON* */ + +static clib_error_t * +svs_table_cli (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + fib_protocol_t fproto; + u32 table_id; + u8 add; + + fproto = FIB_PROTOCOL_IP4; + table_id = ~0; + add = 1; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "add")) + add = 1; + else if (unformat (input, "del")) + add = 0; + else if (unformat (input, "ip4")) + fproto = FIB_PROTOCOL_IP4; + else if (unformat (input, "ip6")) + fproto = FIB_PROTOCOL_IP6; + else if (unformat (input, "table-id %d", &table_id)) + ; + else + break; + } + + if (~0 == table_id) + return clib_error_return (0, "table-id must be specified"); + + if (add) + svs_table_add (fproto, table_id); + else + svs_table_delete (fproto, table_id); + + return (NULL); +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (svs_table_cmd_cli, static) = { + .path = "svs table", + .short_help = "Source VRF select table [add|delete] [ip4|ip6] table-id X", + .function = svs_table_cli, +}; +/* *INDENT-ON* */ + +static clib_error_t * +svs_enable_cli (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + u32 sw_if_index, table_id; + fib_protocol_t fproto; + vnet_main_t *vnm; + u8 enable; + + vnm = vnet_get_main (); + sw_if_index = table_id = ~0; + fproto = FIB_PROTOCOL_IP4; + enable = 1; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "%U", unformat_vnet_sw_interface, + vnm, &sw_if_index)) + ; + else if (unformat (input, "enable")) + enable = 1; + else if (unformat (input, "disable")) + enable = 0; + else if (unformat (input, "ip4")) + fproto = FIB_PROTOCOL_IP4; + else if (unformat (input, "ip6")) + fproto = FIB_PROTOCOL_IP6; + else if (unformat (input, "table-id %d", &table_id)) + ; + else + break; + } + + if (~0 == sw_if_index) + return clib_error_return (0, "interface must be specified"); + if (~0 == table_id) + return clib_error_return (0, "table-id must be specified"); + + if (enable) + svs_enable (fproto, table_id, sw_if_index); + else + svs_disable (fproto, table_id, sw_if_index); + + return (NULL); +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (svs_enable_cli_cmd, static) = { + .path = "svs enable", + .short_help = "Source VRF select [enable|disable] [ip4|ip6] X ", + .function = svs_enable_cli, +}; +/* *INDENT-ON* */ + +static clib_error_t * +svs_route_cli (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + u32 table_id, src_table_id; + fib_prefix_t pfx; + int rv; + u8 add; + + src_table_id = table_id = ~0; + add = 1; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "add")) + add = 1; + else if (unformat (input, "del")) + add = 0; + else if (unformat (input, "table-id %d", &table_id)) + ; + else if (unformat (input, "src-table-id %d", &src_table_id)) + ; + else if (unformat (input, "%U/%d", + unformat_ip4_address, &pfx.fp_addr.ip4, &pfx.fp_len)) + { + pfx.fp_proto = FIB_PROTOCOL_IP4; + } + else if (unformat (input, "%U/%d", + unformat_ip6_address, &pfx.fp_addr.ip6, &pfx.fp_len)) + { + pfx.fp_proto = FIB_PROTOCOL_IP6; + } + else + break; + } + + if (~0 == table_id) + return clib_error_return (0, "table-id must be specified"); + if (~0 == src_table_id) + return clib_error_return (0, "src-table-id must be specified"); + + if (add) + rv = svs_route_add (table_id, &pfx, src_table_id); + else + rv = svs_route_delete (table_id, &pfx); + + if (rv != 0) + return clib_error_return (0, + "failed, rv=%d:%U", + (int) rv, format_vnet_api_errno, rv); + + return (NULL); +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (svs_route_cmd_cli, static) = { + .path = "svs route", + .short_help = "Source VRF select route [add|delete] ", + .function = svs_route_cli, +}; +/* *INDENT-ON* */ + +static clib_error_t * +svs_show_cli (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + fib_protocol_t fproto; + u32 ii; + + vlib_cli_output (vm, "Source VRF select interface to fib-index mappings:"); + FOR_EACH_FIB_IP_PROTOCOL (fproto) + { + vlib_cli_output (vm, " %U", format_fib_protocol, fproto); + vec_foreach_index (ii, svs_itf_db[fproto]) + { + if (~0 != svs_itf_db[fproto][ii]) + vlib_cli_output (vm, " %U -> %d", format_vnet_sw_if_index_name, + vnet_get_main (), ii, svs_itf_db[fproto][ii]); + } + } + return (NULL); +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (svs_show_cli_cmd, static) = { + .path = "show svs", + .short_help = "Source VRF select show", + .function = svs_show_cli, +}; +/* *INDENT-ON* */ + +static clib_error_t * +svs_init (vlib_main_t * vm) +{ + ip6_table_bind_callback_t cbt6 = { + .function = svs_ip6_table_bind, + }; + vec_add1 (ip6_main.table_bind_callbacks, cbt6); + + ip4_table_bind_callback_t cbt4 = { + .function = svs_ip4_table_bind, + }; + vec_add1 (ip4_main.table_bind_callbacks, cbt4); + + return (NULL); +} + +VLIB_INIT_FUNCTION (svs_init); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ -- cgit 1.2.3-korg