From d91c1dbdb31f80db7d967f2f57c43d0a81d65297 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Mon, 31 Jul 2017 02:30:50 -0700 Subject: punt and drop features: - new IPv4 and IPv6 feature arcs on the punt and drop nodes - new features: - redirect punted traffic to an interface and nexthop - police punted traffic. Change-Id: I53be8bf4e06545add8a3619e462de5ffedd0a95c Signed-off-by: Neale Ranns --- src/vnet/ip/ip4_punt_drop.c | 515 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 515 insertions(+) create mode 100644 src/vnet/ip/ip4_punt_drop.c (limited to 'src/vnet/ip/ip4_punt_drop.c') diff --git a/src/vnet/ip/ip4_punt_drop.c b/src/vnet/ip/ip4_punt_drop.c new file mode 100644 index 00000000000..72f36f33560 --- /dev/null +++ b/src/vnet/ip/ip4_punt_drop.c @@ -0,0 +1,515 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include + +/* *INDENT-OFF* */ +VNET_FEATURE_ARC_INIT (ip4_punt) = +{ + .arc_name = "ip4-punt", + .start_nodes = VNET_FEATURES ("ip4-punt"), +}; + +VNET_FEATURE_ARC_INIT (ip4_drop) = +{ + .arc_name = "ip4-drop", + .start_nodes = VNET_FEATURES ("ip4-drop"), +}; +/* *INDENT-ON* */ + +u8 * +format_ip_punt_policer_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + ip_punt_policer_trace_t *t = va_arg (*args, ip_punt_policer_trace_t *); + + s = format (s, "policer_index %d next %d", t->policer_index, t->next); + return s; +} + +ip_punt_policer_t ip4_punt_policer_cfg = { + .policer_index = ~0, +}; + +static char *ip4_punt_policer_error_strings[] = { +#define _(sym,string) string, + foreach_ip_punt_policer_error +#undef _ +}; + +static uword +ip4_punt_policer (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return (ip_punt_policer (vm, node, frame, + vnet_feat_arc_ip4_punt.feature_arc_index, + ip4_punt_policer_cfg.policer_index)); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (ip4_punt_policer_node, static) = { + .function = ip4_punt_policer, + .name = "ip4-punt-policer", + .vector_size = sizeof (u32), + .n_next_nodes = IP_PUNT_POLICER_N_NEXT, + .format_trace = format_ip_punt_policer_trace, + .n_errors = ARRAY_LEN(ip4_punt_policer_error_strings), + .error_strings = ip4_punt_policer_error_strings, + + .next_nodes = { + [IP_PUNT_POLICER_NEXT_DROP] = "ip4-drop", + }, +}; + +VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_policer_node, + ip4_punt_policer); + +VNET_FEATURE_INIT (ip4_punt_policer_node, static) = { + .arc_name = "ip4-punt", + .node_name = "ip4-punt-policer", + .runs_before = VNET_FEATURES("ip4-punt-redirect"), +}; +/* *INDENT-ON* */ + +u8 * +format_ip_punt_redirect_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + ip_punt_redirect_trace_t *t = va_arg (*args, ip_punt_redirect_trace_t *); + vnet_main_t *vnm = vnet_get_main (); + vnet_sw_interface_t *si; + + si = vnet_get_sw_interface_safe (vnm, t->redirect.tx_sw_if_index); + + if (NULL != si) + s = format (s, "via %U on %U using adj:%d", + format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY, + format_vnet_sw_interface_name, vnm, si, + t->redirect.adj_index); + else + s = format (s, "via %U on %d using adj:%d", + format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY, + t->redirect.tx_sw_if_index, t->redirect.adj_index); + + return s; +} + +/* *INDENT-OFF* */ +ip_punt_redirect_t ip4_punt_redirect_cfg = { + .any_rx_sw_if_index = { + .tx_sw_if_index = ~0, + }, +}; +/* *INDENT-ON* */ + + +#define foreach_ip4_punt_redirect_error \ +_(DROP, "ip4 punt redirect drop") + +typedef enum +{ +#define _(sym,str) IP4_PUNT_REDIRECT_ERROR_##sym, + foreach_ip4_punt_redirect_error +#undef _ + IP4_PUNT_REDIRECT_N_ERROR, +} ip4_punt_redirect_error_t; + +static char *ip4_punt_redirect_error_strings[] = { +#define _(sym,string) string, + foreach_ip4_punt_redirect_error +#undef _ +}; + +static uword +ip4_punt_redirect (vlib_main_t * vm, + vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return (ip_punt_redirect (vm, node, frame, + vnet_feat_arc_ip4_punt.feature_arc_index, + &ip4_punt_redirect_cfg)); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (ip4_punt_redirect_node, static) = { + .function = ip4_punt_redirect, + .name = "ip4-punt-redirect", + .vector_size = sizeof (u32), + .n_next_nodes = IP_PUNT_REDIRECT_N_NEXT, + .format_trace = format_ip_punt_redirect_trace, + .n_errors = ARRAY_LEN(ip4_punt_redirect_error_strings), + .error_strings = ip4_punt_redirect_error_strings, + + /* edit / add dispositions here */ + .next_nodes = { + [IP_PUNT_REDIRECT_NEXT_DROP] = "ip4-drop", + [IP_PUNT_REDIRECT_NEXT_TX] = "ip4-rewrite", + [IP_PUNT_REDIRECT_NEXT_ARP] = "ip4-arp", + }, +}; + +VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_redirect_node, + ip4_punt_redirect); + +VNET_FEATURE_INIT (ip4_punt_redirect_node, static) = { + .arc_name = "ip4-punt", + .node_name = "ip4-punt-redirect", + .runs_before = VNET_FEATURES("error-punt"), +}; +/* *INDENT-ON* */ + +static uword +ip4_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + if (node->flags & VLIB_NODE_FLAG_TRACE) + ip4_forward_next_trace (vm, node, frame, VLIB_TX); + + return ip_drop_or_punt (vm, node, frame, + vnet_feat_arc_ip4_drop.feature_arc_index); + +} + +static uword +ip4_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + if (node->flags & VLIB_NODE_FLAG_TRACE) + ip4_forward_next_trace (vm, node, frame, VLIB_TX); + + return ip_drop_or_punt (vm, node, frame, + vnet_feat_arc_ip4_punt.feature_arc_index); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (ip4_drop_node, static) = +{ + .function = ip4_drop, + .name = "ip4-drop", + .vector_size = sizeof (u32), + .format_trace = format_ip4_forward_next_trace, + .n_next_nodes = 1, + .next_nodes = { + [0] = "error-drop", + }, +}; + +VLIB_NODE_FUNCTION_MULTIARCH (ip4_drop_node, ip4_drop); + +VLIB_REGISTER_NODE (ip4_punt_node, static) = +{ + .function = ip4_punt, + .name = "ip4-punt", + .vector_size = sizeof (u32), + .format_trace = format_ip4_forward_next_trace, + .n_next_nodes = 1, + .next_nodes = { + [0] = "error-punt", + }, +}; + +VNET_FEATURE_INIT (ip4_punt_end_of_arc, static) = { + .arc_name = "ip4-punt", + .node_name = "error-punt", + .runs_before = 0, /* not before any other features */ +}; + +VNET_FEATURE_INIT (ip4_drop_end_of_arc, static) = { + .arc_name = "ip4-drop", + .node_name = "error-drop", + .runs_before = 0, /* not before any other features */ +}; +/* *INDENT-ON */ + +void +ip4_punt_policer_add_del (u8 is_add, u32 policer_index) +{ + ip4_punt_policer_cfg.policer_index = policer_index; + + vnet_feature_enable_disable ("ip4-punt", "ip4-punt-policer", + 0, is_add, 0, 0); +} + +static clib_error_t * +ip4_punt_police_cmd (vlib_main_t * vm, + unformat_input_t * main_input, + vlib_cli_command_t * cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *error = 0; + u32 policer_index; + u8 is_add = 1; + + policer_index = ~0; + + if (!unformat_user (main_input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "%d", &policer_index)) + ; + else if (unformat (line_input, "del")) + is_add = 0; + else if (unformat (line_input, "add")) + is_add = 1; + else + { + error = unformat_parse_error (line_input); + goto done; + } + } + + if (is_add && ~0 == policer_index) + { + error = clib_error_return (0, "expected policer index `%U'", + format_unformat_error, line_input); + goto done; + } + if (!is_add) + policer_index = ~0; + + ip4_punt_policer_add_del(is_add, policer_index); + +done: + unformat_free (line_input); + return (error); +} + +/*? + * + * @cliexpar + * @cliexcmd{set ip punt policer } + ?*/ +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (ip4_punt_policer_command, static) = +{ + .path = "ip punt policer", + .function = ip4_punt_police_cmd, + .short_help = "ip punt policer [add|del] ", +}; +/* *INDENT-ON* */ + +/* + * an uninitalised rx-redirect strcut used to pad the vector + */ +ip_punt_redirect_rx_t uninit_rx_redirect = { + .tx_sw_if_index = ~0, +}; + +void +ip_punt_redirect_add (ip_punt_redirect_t * cfg, + u32 rx_sw_if_index, + ip_punt_redirect_rx_t * redirect, + fib_protocol_t fproto, vnet_link_t linkt) +{ + ip_punt_redirect_rx_t *new; + + if (~0 == rx_sw_if_index) + { + cfg->any_rx_sw_if_index = *redirect; + new = &cfg->any_rx_sw_if_index; + } + else + { + vec_validate_init_empty (cfg->redirect_by_rx_sw_if_index, + rx_sw_if_index, uninit_rx_redirect); + cfg->redirect_by_rx_sw_if_index[rx_sw_if_index] = *redirect; + new = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index]; + } + + new->adj_index = adj_nbr_add_or_lock (fproto, linkt, + &redirect->nh, + redirect->tx_sw_if_index); +} + +void +ip_punt_redirect_del (ip_punt_redirect_t * cfg, u32 rx_sw_if_index) +{ + ip_punt_redirect_rx_t *old; + + if (~0 == rx_sw_if_index) + { + old = &cfg->any_rx_sw_if_index; + } + else + { + old = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index]; + } + + adj_unlock (old->adj_index); + *old = uninit_rx_redirect; +} + +void +ip4_punt_redirect_add (u32 rx_sw_if_index, + u32 tx_sw_if_index, ip46_address_t * nh) +{ + ip_punt_redirect_rx_t rx = { + .tx_sw_if_index = tx_sw_if_index, + .nh = *nh, + }; + + ip_punt_redirect_add (&ip4_punt_redirect_cfg, + rx_sw_if_index, &rx, FIB_PROTOCOL_IP4, VNET_LINK_IP4); + + vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 1, 0, 0); +} + +void +ip4_punt_redirect_del (u32 rx_sw_if_index) +{ + vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 0, 0, 0); + + ip_punt_redirect_del (&ip4_punt_redirect_cfg, rx_sw_if_index); +} + +static clib_error_t * +ip4_punt_redirect_cmd (vlib_main_t * vm, + unformat_input_t * main_input, + vlib_cli_command_t * cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *error = 0; + u32 rx_sw_if_index; + u32 tx_sw_if_index; + ip46_address_t nh; + vnet_main_t *vnm; + u8 is_add; + + is_add = 1; + vnm = vnet_get_main (); + + if (!unformat_user (main_input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "del")) + is_add = 0; + else if (unformat (line_input, "add")) + is_add = 1; + else if (unformat (line_input, "rx all")) + rx_sw_if_index = ~0; + else if (unformat (line_input, "rx %U", + unformat_vnet_sw_interface, vnm, &rx_sw_if_index)) + ; + else if (unformat (line_input, "via %U %U", + unformat_ip4_address, + &nh.ip4, + unformat_vnet_sw_interface, vnm, &tx_sw_if_index)) + ; + else if (unformat (line_input, "via %U", + unformat_vnet_sw_interface, vnm, &tx_sw_if_index)) + memset (&nh, 0, sizeof (nh)); + else + { + error = unformat_parse_error (line_input); + goto done; + } + } + + if (is_add) + ip4_punt_redirect_add (rx_sw_if_index, tx_sw_if_index, &nh); + else + ip4_punt_redirect_del (rx_sw_if_index); + +done: + unformat_free (line_input); + return (error); +} + +/*? + * + * @cliexpar + * @cliexcmd{set ip punt policer} + ?*/ +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (ip4_punt_redirect_command, static) = +{ + .path = "ip punt redirect", + .function = ip4_punt_redirect_cmd, + .short_help = "ip punt redirect [add|del] rx [|all] via [] ", +}; +/* *INDENT-ON* */ + +u8 * +format_ip_punt_redirect (u8 * s, va_list * args) +{ + ip_punt_redirect_t *cfg = va_arg (*args, ip_punt_redirect_t *); + ip_punt_redirect_rx_t *rx; + u32 rx_sw_if_index; + vnet_main_t *vnm = vnet_get_main (); + + vec_foreach_index (rx_sw_if_index, cfg->redirect_by_rx_sw_if_index) + { + rx = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index]; + if (~0 != rx->tx_sw_if_index) + { + s = format (s, " rx %U redirect via %U %U\n", + format_vnet_sw_interface_name, vnm, + vnet_get_sw_interface (vnm, rx_sw_if_index), + format_ip46_address, &rx->nh, IP46_TYPE_ANY, + format_vnet_sw_interface_name, vnm, + vnet_get_sw_interface (vnm, rx->tx_sw_if_index)); + } + } + if (~0 != cfg->any_rx_sw_if_index.tx_sw_if_index) + { + s = format (s, " rx all redirect via %U %U\n", + format_ip46_address, &cfg->any_rx_sw_if_index.nh, + IP46_TYPE_ANY, format_vnet_sw_interface_name, vnm, + vnet_get_sw_interface (vnm, + cfg-> + any_rx_sw_if_index.tx_sw_if_index)); + } + + return (s); +} + +static clib_error_t * +ip4_punt_redirect_show_cmd (vlib_main_t * vm, + unformat_input_t * main_input, + vlib_cli_command_t * cmd) +{ + vlib_cli_output (vm, "%U", format_ip_punt_redirect, &ip4_punt_redirect_cfg); + + return (NULL); +} + +/*? + * + * @cliexpar + * @cliexcmd{set ip punt redierect} + ?*/ +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (show_ip4_punt_redirect_command, static) = +{ + .path = "show ip punt redirect", + .function = ip4_punt_redirect_show_cmd, + .short_help = "show ip punt redirect [add|del] rx [|all] via [] ", + .is_mp_safe = 1, +}; +/* *INDENT-ON* */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ -- cgit 1.2.3-korg