/* * Copyright (c) 2017 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <stn/stn.h> #include <vnet/plugin/plugin.h> #include <vpp/app/version.h> #include <vnet/ip/format.h> #include <vnet/ip/punt.h> #include <vnet/ethernet/packet.h> stn_main_t stn_main; static vlib_node_registration_t stn_ip4_punt; static vlib_node_registration_t stn_ip6_punt; static u8 stn_hw_addr_local[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x01}; static u8 stn_hw_addr_dst[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x02}; static ethernet_header_t stn_ip4_ethernet_header = {}; static ethernet_header_t stn_ip6_ethernet_header = {}; typedef struct { clib_bihash_kv_16_8_t kv; } stn_ip46_punt_trace_t; static u8 * format_stn_rule (u8 * s, va_list * args) { stn_rule_t *r = va_arg (*args, stn_rule_t *); stn_main_t *stn = &stn_main; u32 indent = format_get_indent (s); u32 node_index = ip46_address_is_ip4(&r->address)?stn_ip4_punt.index:stn_ip6_punt.index; vlib_node_t *next_node = vlib_get_next_node(vlib_get_main(), node_index, r->next_node_index); s = format (s, "rule_index: %d\n", r - stn->rules); s = format (s, "%Uaddress: %U\n", format_white_space, indent, format_ip46_address, &r->address, IP46_TYPE_ANY); s = format (s, "%Uiface: %U (%d)\n", format_white_space, indent, format_vnet_sw_if_index_name, vnet_get_main(), r->sw_if_index, r->sw_if_index); s = format (s, "%Unext_node: %s (%d)", format_white_space, indent, next_node->name, next_node->index); return s; } static_always_inline u8 * format_stn_ip46_punt_trace (u8 * s, va_list * args, u8 is_ipv4) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); stn_ip46_punt_trace_t *t = va_arg (*args, stn_ip46_punt_trace_t *); u32 indent = format_get_indent (s); s = format (s, "dst_address: %U\n", format_ip46_address, (ip46_address_t *)t->kv.key, IP46_TYPE_ANY); if (t->kv.value == ~(0L)) { s = format (s, "%Urule: none", format_white_space, indent); } else { s = format (s, "%Urule:\n%U%U", format_white_space, indent, format_white_space, indent + 2, format_stn_rule, &stn_main.rules[t->kv.value]); } return s; } typedef enum { STN_IP_PUNT_DROP, STN_IP_PUNT_N_NEXT, } stn_ip_punt_next_t; static_always_inline uword stn_ip46_punt_fn (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame, u8 is_ipv4) { u32 n_left_from, *from, next_index, *to_next, n_left_to_next; stn_main_t *stn = &stn_main; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; next_index = node->cached_next_index; while (n_left_from > 0) { vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); /* Single loop */ while (n_left_from > 0 && n_left_to_next > 0) { u32 pi0; vlib_buffer_t *p0; clib_bihash_kv_16_8_t kv; u32 next0 = STN_IP_PUNT_DROP; pi0 = to_next[0] = from[0]; from += 1; n_left_from -= 1; to_next += 1; n_left_to_next -= 1; p0 = vlib_get_buffer (vm, pi0); if (is_ipv4) { ip4_header_t *hdr = (ip4_header_t *) vlib_buffer_get_current(p0); ip46_address_set_ip4((ip46_address_t *)kv.key, &hdr->dst_address); } else { ip6_header_t *hdr = (ip6_header_t *) vlib_buffer_get_current(p0); kv.key[0] = hdr->dst_address.as_u64[0]; kv.key[1] = hdr->dst_address.as_u64[1]; } kv.value = ~(0L); clib_bihash_search_inline_16_8 (&stn->rule_by_address_table, &kv); if (kv.value != ~(0L)) { ethernet_header_t *eth; stn_rule_t *r = &stn->rules[kv.value]; vnet_buffer(p0)->sw_if_index[VLIB_TX] = r->sw_if_index; next0 = r->next_node_index; vlib_buffer_advance(p0, -sizeof(*eth)); eth = (ethernet_header_t *) vlib_buffer_get_current(p0); if (is_ipv4) clib_memcpy_fast(eth, &stn_ip4_ethernet_header, sizeof(*eth)); else clib_memcpy_fast(eth, &stn_ip6_ethernet_header, sizeof(*eth)); } else { vnet_feature_next (&next0, p0); } if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED)) { stn_ip46_punt_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr)); tr->kv = kv; } vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, pi0, next0); } vlib_put_next_frame (vm, node, next_index, n_left_to_next); } return frame->n_vectors; } #define foreach_stn_ip_punt_error \ _(NONE, "no error") typedef enum { #define _(sym,str) STN_IP_punt_ERROR_##sym, foreach_stn_ip_punt_error #undef _ STN_IP_PUNT_N_ERROR, } ila_error_t; static char *stn_ip_punt_error_strings[] = { #define _(sym,string) string, foreach_stn_ip_punt_error #undef _ }; u8 * format_stn_ip6_punt_trace (u8 * s, va_list * args) { return format_stn_ip46_punt_trace (s, args, 0); } static uword stn_ip6_punt_fn (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { return stn_ip46_punt_fn(vm, node, frame, 0); } /** *INDENT-OFF* */ VLIB_REGISTER_NODE (stn_ip6_punt, static) = { .function = stn_ip6_punt_fn, .name = "stn-ip6-punt", .vector_size = sizeof (u32), .format_trace = format_stn_ip6_punt_trace, .n_errors = STN_IP_PUNT_N_ERROR, .error_strings = stn_ip_punt_error_strings, .n_next_nodes = STN_IP_PUNT_N_NEXT, .next_nodes = { [STN_IP_PUNT_DROP] = "error-drop" }, }; VNET_FEATURE_INIT (stn_ip6_punt_feat_node, static) = { .arc_name = "ip6-punt", .node_name = "stn-ip6-punt", .runs_before = VNET_FEATURES("ip6-punt-redirect"), }; /** *INDENT-ON* */ u8 * format_stn_ip4_punt_trace (u8 * s, va_list * args) { return format_stn_ip46_punt_trace (s, args, 1); } static uword stn_ip4_punt_fn (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { return stn_ip46_punt_fn(vm, node, frame, 1); } /** *INDENT-OFF* */ VLIB_REGISTER_NODE (stn_ip4_punt, static) = { .function = stn_ip4_punt_fn, .name = "stn-ip4-punt", .vector_size = sizeof (u32), .format_trace = format_stn_ip4_punt_trace, .n_errors = STN_IP_PUNT_N_ERROR, .error_strings = stn_ip_punt_error_strings, .n_next_nodes = STN_IP_PUNT_N_NEXT, .next_nodes = { [STN_IP_PUNT_DROP] = "error-drop", }, }; VNET_FEATURE_INIT (stn_ip4_punt_feat_node, static) = { .arc_name = "ip4-punt", .node_name = "stn-ip4-punt", .runs_before = VNET_FEATURES("ip4-punt-redirect"), }; /** *INDENT-ON* */ clib_error_t * stn_init (vlib_main_t * vm) { stn_main_t *stn = &stn_main; stn->rules = 0; clib_bihash_init_16_8(&stn->rule_by_address_table, "stn addresses", 1024, 1<<20); clib_memcpy_fast(stn_ip4_ethernet_header.dst_address, stn_hw_addr_dst, 6); clib_memcpy_fast(stn_ip4_ethernet_header.src_address, stn_hw_addr_local, 6); stn_ip4_ethernet_header.type = clib_host_to_net_u16(ETHERNET_TYPE_IP4); clib_memcpy_fast(stn_ip6_ethernet_header.dst_address, stn_hw_addr_dst, 6); clib_memcpy_fast(stn_ip6_ethernet_header.src_address, stn_hw_addr_local, 6); stn_ip6_ethernet_header.type = clib_host_to_net_u16(ETHERNET_TYPE_IP6); return stn_api_init (vm, stn); return NULL; } VLIB_INIT_FUNCTION (stn_init); /* *INDENT-OFF* */ VLIB_PLUGIN_REGISTER () = { .version = VPP_BUILD_VER, .description = "VPP Steals the NIC (STN) for Container Integration", }; /* *INDENT-ON* */ int stn_rule_add_del (stn_rule_add_del_args_t *args) { vnet_main_t *vnm = vnet_get_main(); vlib_main_t *vm = vlib_get_main(); stn_main_t *stn = &stn_main; stn_rule_t *r = NULL; clib_bihash_kv_16_8_t kv; kv.key[0] = args->address.as_u64[0]; kv.key[1] = args->address.as_u64[1]; if (clib_bihash_search_inline_16_8 (&stn->rule_by_address_table, &kv) == 0) { r = &stn->rules[kv.value]; } else if (!args->del) { pool_get(stn->rules, r); kv.value = r - stn->rules; clib_bihash_add_del_16_8(&stn->rule_by_address_table, &kv, 1); r->address = args->address; stn->n_rules++; if (stn->n_rules == 1) { vnet_feature_enable_disable("ip6-punt", "stn-ip6-punt", 0, 1, 0, 0); vnet_feature_enable_disable("ip4-punt", "stn-ip4-punt", 0, 1, 0, 0); punt_reg_t pr = { .punt = { .l4 = { .af = AF_IP4, .port = ~0, .protocol = IP_PROTOCOL_UDP, }, }, .type = PUNT_TYPE_L4, }; vnet_punt_add_del (vm, &pr, 1 /* is_add */); pr.punt.l4.af = AF_IP6; vnet_punt_add_del (vm, &pr, 1 /* is_add */); pr.punt.l4.protocol = IP_PROTOCOL_TCP; vnet_punt_add_del (vm, &pr, 1 /* is_add */); pr.punt.l4.af = AF_IP4; vnet_punt_add_del (vm, &pr, 1 /* is_add */); } } if (!args->del) { /* Getting output node and adding it as next */ u32 output_node_index = vnet_tx_node_index_for_sw_interface(vnm, args->sw_if_index); u32 node_index = ip46_address_is_ip4(&args->address)? stn_ip4_punt.index : stn_ip6_punt.index; r->sw_if_index = args->sw_if_index; r->next_node_index = vlib_node_add_next(vm, node_index, output_node_index); /* enabling forwarding on the output node (might not be done since * it is unnumbered) */ ip4_sw_interface_enable_disable(args->sw_if_index, 1); ip6_sw_interface_enable_disable(args->sw_if_index, 1); } else if (r) { clib_bihash_add_del_16_8(&stn->rule_by_address_table, &kv, 0); pool_put(stn->rules, r); stn->n_rules--; if (stn->n_rules == 0) { vnet_feature_enable_disable("ip6-punt", "stn-ip6-punt", 0, 0, 0, 0); vnet_feature_enable_disable("ip4-punt", "stn-ip4-punt", 0, 0, 0, 0); } } else { return VNET_API_ERROR_NO_SUCH_ENTRY; } return 0; } static clib_error_t * show_stn_rules_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { stn_main_t *stn = &stn_main; u8 *s = 0; stn_rule_t *rule; pool_foreach (rule, stn->rules) { s = format (s, "- %U\n", format_stn_rule, rule); } vlib_cli_output(vm, "%v", s); vec_free(s); return NULL; } VLIB_CLI_COMMAND (show_stn_rules_command, static) = { .path = "show stn rules", .short_help = "", .function = show_stn_rules_fn, }; static clib_error_t * stn_rule_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; clib_error_t *error = 0; stn_rule_add_del_args_t args = {}; u8 got_addr = 0; u8 got_iface = 0; int ret; if (!unformat_user (input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "address %U", unformat_ip46_address, &args.address, IP46_TYPE_ANY)) got_addr = 1; else if (unformat (line_input, "interface %U", unformat_vnet_sw_interface, vnet_get_main(), &args.sw_if_index)) got_iface = 1; else if (unformat (line_input, "del")) args.del = 1; else { error = clib_error_return (0, "parse error: '%U'", format_unformat_error, line_input); goto done; } } if (!got_addr) { error = clib_error_return (0, "Missing address"); goto done; } if (!got_iface) { error = clib_error_return (0, "Missing interface"); goto done; } if ((ret = stn_rule_add_del (&args))) { error = clib_error_return (0, "stn_rule_add_del returned error %d", ret); goto done; } done: unformat_free (line_input); return error; } VLIB_CLI_COMMAND (stn_rule_command, static) = { .path = "stn rule", .short_help = "address <addr> interface <iface> [del]", .function = stn_rule_fn, };