/* * Copyright (c) 2015 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <vnet/ip/ip.h> #include <vnet/ip/ip_punt_drop.h> #include <vnet/policer/policer.h> #include <vnet/policer/police_inlines.h> /* *INDENT-OFF* */ VNET_FEATURE_ARC_INIT (ip4_punt) = { .arc_name = "ip4-punt", .start_nodes = VNET_FEATURES ("ip4-punt"), }; VNET_FEATURE_ARC_INIT (ip4_drop) = { .arc_name = "ip4-drop", .start_nodes = VNET_FEATURES ("ip4-drop", "ip4-not-enabled"), }; /* *INDENT-ON* */ u8 * format_ip_punt_policer_trace (u8 * s, va_list * args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); ip_punt_policer_trace_t *t = va_arg (*args, ip_punt_policer_trace_t *); s = format (s, "policer_index %d next %d", t->policer_index, t->next); return s; } ip_punt_policer_t ip4_punt_policer_cfg = { .policer_index = ~0, }; static char *ip4_punt_policer_error_strings[] = { #define _(sym,string) string, foreach_ip_punt_policer_error #undef _ }; static uword ip4_punt_policer (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { return (ip_punt_policer (vm, node, frame, vnet_feat_arc_ip4_punt.feature_arc_index, ip4_punt_policer_cfg.policer_index)); } /* *INDENT-OFF* */ VLIB_REGISTER_NODE (ip4_punt_policer_node, static) = { .function = ip4_punt_policer, .name = "ip4-punt-policer", .vector_size = sizeof (u32), .n_next_nodes = IP_PUNT_POLICER_N_NEXT, .format_trace = format_ip_punt_policer_trace, .n_errors = ARRAY_LEN(ip4_punt_policer_error_strings), .error_strings = ip4_punt_policer_error_strings, .next_nodes = { [IP_PUNT_POLICER_NEXT_DROP] = "ip4-drop", }, }; VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_policer_node, ip4_punt_policer); VNET_FEATURE_INIT (ip4_punt_policer_node, static) = { .arc_name = "ip4-punt", .node_name = "ip4-punt-policer", .runs_before = VNET_FEATURES("ip4-punt-redirect"), }; /* *INDENT-ON* */ u8 * format_ip_punt_redirect_trace (u8 * s, va_list * args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); ip_punt_redirect_trace_t *t = va_arg (*args, ip_punt_redirect_trace_t *); vnet_main_t *vnm = vnet_get_main (); vnet_sw_interface_t *si; si = vnet_get_sw_interface_safe (vnm, t->redirect.tx_sw_if_index); if (NULL != si) s = format (s, "via %U on %U using adj:%d", format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY, format_vnet_sw_interface_name, vnm, si, t->redirect.adj_index); else s = format (s, "via %U on %d using adj:%d", format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY, t->redirect.tx_sw_if_index, t->redirect.adj_index); return s; } /* *INDENT-OFF* */ ip_punt_redirect_t ip4_punt_redirect_cfg = { .any_rx_sw_if_index = { .tx_sw_if_index = ~0, .adj_index = ADJ_INDEX_INVALID, }, }; /* *INDENT-ON* */ #define foreach_ip4_punt_redirect_error \ _(DROP, "ip4 punt redirect drop") typedef enum { #define _(sym,str) IP4_PUNT_REDIRECT_ERROR_##sym, foreach_ip4_punt_redirect_error #undef _ IP4_PUNT_REDIRECT_N_ERROR, } ip4_punt_redirect_error_t; static char *ip4_punt_redirect_error_strings[] = { #define _(sym,string) string, foreach_ip4_punt_redirect_error #undef _ }; static uword ip4_punt_redirect (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { return (ip_punt_redirect (vm, node, frame, vnet_feat_arc_ip4_punt.feature_arc_index, &ip4_punt_redirect_cfg)); } /* *INDENT-OFF* */ VLIB_REGISTER_NODE (ip4_punt_redirect_node, static) = { .function = ip4_punt_redirect, .name = "ip4-punt-redirect", .vector_size = sizeof (u32), .n_next_nodes = IP_PUNT_REDIRECT_N_NEXT, .format_trace = format_ip_punt_redirect_trace, .n_errors = ARRAY_LEN(ip4_punt_redirect_error_strings), .error_strings = ip4_punt_redirect_error_strings, /* edit / add dispositions here */ .next_nodes = { [IP_PUNT_REDIRECT_NEXT_DROP] = "ip4-drop", [IP_PUNT_REDIRECT_NEXT_TX] = "ip4-rewrite", [IP_PUNT_REDIRECT_NEXT_ARP] = "ip4-arp", }, }; VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_redirect_node, ip4_punt_redirect); VNET_FEATURE_INIT (ip4_punt_redirect_node, static) = { .arc_name = "ip4-punt", .node_name = "ip4-punt-redirect", .runs_before = VNET_FEATURES("error-punt"), }; /* *INDENT-ON* */ static uword ip4_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { if (node->flags & VLIB_NODE_FLAG_TRACE) ip4_forward_next_trace (vm, node, frame, VLIB_TX); return ip_drop_or_punt (vm, node, frame, vnet_feat_arc_ip4_drop.feature_arc_index); } static uword ip4_not_enabled (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { if (node->flags & VLIB_NODE_FLAG_TRACE) ip4_forward_next_trace (vm, node, frame, VLIB_TX); return ip_drop_or_punt (vm, node, frame, vnet_feat_arc_ip4_drop.feature_arc_index); } static uword ip4_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) { if (node->flags & VLIB_NODE_FLAG_TRACE) ip4_forward_next_trace (vm, node, frame, VLIB_TX); return ip_drop_or_punt (vm, node, frame, vnet_feat_arc_ip4_punt.feature_arc_index); } /* *INDENT-OFF* */ VLIB_REGISTER_NODE (ip4_drop_node, static) = { .function = ip4_drop, .name = "ip4-drop", .vector_size = sizeof (u32), .format_trace = format_ip4_forward_next_trace, .n_next_nodes = 1, .next_nodes = { [0] = "error-drop", }, }; VLIB_NODE_FUNCTION_MULTIARCH (ip4_drop_node, ip4_drop); VLIB_REGISTER_NODE (ip4_not_enabled_node, static) = { .function = ip4_not_enabled, .name = "ip4-not-enabled", .vector_size = sizeof (u32), .format_trace = format_ip4_forward_next_trace, .n_next_nodes = 1, .next_nodes = { [0] = "error-drop", }, }; VLIB_NODE_FUNCTION_MULTIARCH (ip4_not_enabled_node, ip4_not_enabled); VLIB_REGISTER_NODE (ip4_punt_node, static) = { .function = ip4_punt, .name = "ip4-punt", .vector_size = sizeof (u32), .format_trace = format_ip4_forward_next_trace, .n_next_nodes = 1, .next_nodes = { [0] = "error-punt", }, }; VNET_FEATURE_INIT (ip4_punt_end_of_arc, static) = { .arc_name = "ip4-punt", .node_name = "error-punt", .runs_before = 0, /* not before any other features */ }; VNET_FEATURE_INIT (ip4_drop_end_of_arc, static) = { .arc_name = "ip4-drop", .node_name = "error-drop", .runs_before = 0, /* not before any other features */ }; /* *INDENT-ON */ void ip4_punt_policer_add_del (u8 is_add, u32 policer_index) { ip4_punt_policer_cfg.policer_index = policer_index; vnet_feature_enable_disable ("ip4-punt", "ip4-punt-policer", 0, is_add, 0, 0); } static clib_error_t * ip4_punt_police_cmd (vlib_main_t * vm, unformat_input_t * main_input, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; clib_error_t *error = 0; u32 policer_index; u8 is_add = 1; policer_index = ~0; if (!unformat_user (main_input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "%d", &policer_index)) ; else if (unformat (line_input, "del")) is_add = 0; else if (unformat (line_input, "add")) is_add = 1; else { error = unformat_parse_error (line_input); goto done; } } if (is_add && ~0 == policer_index) { error = clib_error_return (0, "expected policer index `%U'", format_unformat_error, line_input); goto done; } if (!is_add) policer_index = ~0; ip4_punt_policer_add_del(is_add, policer_index); done: unformat_free (line_input); return (error); } /*? * * @cliexpar * @cliexcmd{set ip punt policer <INDEX>} ?*/ /* *INDENT-OFF* */ VLIB_CLI_COMMAND (ip4_punt_policer_command, static) = { .path = "ip punt policer", .function = ip4_punt_police_cmd, .short_help = "ip punt policer [add|del] <index>", }; /* *INDENT-ON* */ /* * an uninitalised rx-redirect strcut used to pad the vector */ ip_punt_redirect_rx_t uninit_rx_redirect = { .tx_sw_if_index = ~0, .adj_index = ADJ_INDEX_INVALID, }; void ip_punt_redirect_add (ip_punt_redirect_t * cfg, u32 rx_sw_if_index, ip_punt_redirect_rx_t * redirect, fib_protocol_t fproto, vnet_link_t linkt) { ip_punt_redirect_rx_t *new; if (~0 == rx_sw_if_index) { cfg->any_rx_sw_if_index = *redirect; new = &cfg->any_rx_sw_if_index; } else { vec_validate_init_empty (cfg->redirect_by_rx_sw_if_index, rx_sw_if_index, uninit_rx_redirect); cfg->redirect_by_rx_sw_if_index[rx_sw_if_index] = *redirect; new = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index]; } new->adj_index = adj_nbr_add_or_lock (fproto, linkt, &redirect->nh, redirect->tx_sw_if_index); } void ip_punt_redirect_del (ip_punt_redirect_t * cfg, u32 rx_sw_if_index) { ip_punt_redirect_rx_t *old; if (~0 == rx_sw_if_index) { old = &cfg->any_rx_sw_if_index; } else { old = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index]; } if ((old == NULL) || (old->adj_index == ADJ_INDEX_INVALID)) return; adj_unlock (old->adj_index); *old = uninit_rx_redirect; } void ip4_punt_redirect_add (u32 rx_sw_if_index, u32 tx_sw_if_index, ip46_address_t * nh) { ip_punt_redirect_rx_t rx = { .tx_sw_if_index = tx_sw_if_index, .nh = *nh, }; ip_punt_redirect_add (&ip4_punt_redirect_cfg, rx_sw_if_index, &rx, FIB_PROTOCOL_IP4, VNET_LINK_IP4); vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 1, 0, 0); } void ip4_punt_redirect_del (u32 rx_sw_if_index) { vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 0, 0, 0); ip_punt_redirect_del (&ip4_punt_redirect_cfg, rx_sw_if_index); } static clib_error_t * ip4_punt_redirect_cmd (vlib_main_t * vm, unformat_input_t * main_input, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; clib_error_t *error = 0; u32 rx_sw_if_index = 0; u32 tx_sw_if_index = 0; ip46_address_t nh; vnet_main_t *vnm; u8 is_add; is_add = 1; vnm = vnet_get_main (); if (!unformat_user (main_input, unformat_line_input, line_input)) return 0; while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "del")) is_add = 0; else if (unformat (line_input, "add")) is_add = 1; else if (unformat (line_input, "rx all")) rx_sw_if_index = ~0; else if (unformat (line_input, "rx %U", unformat_vnet_sw_interface, vnm, &rx_sw_if_index)) ; else if (unformat (line_input, "via %U %U", unformat_ip4_address, &nh.ip4, unformat_vnet_sw_interface, vnm, &tx_sw_if_index)) ; else if (unformat (line_input, "via %U", unformat_vnet_sw_interface, vnm, &tx_sw_if_index)) memset (&nh, 0, sizeof (nh)); else { error = unformat_parse_error (line_input); goto done; } } if (is_add) { if (rx_sw_if_index && tx_sw_if_index) { ip4_punt_redirect_add (rx_sw_if_index, tx_sw_if_index, &nh); } } else { if (rx_sw_if_index) { ip4_punt_redirect_del (rx_sw_if_index); } } done: unformat_free (line_input); return (error); } /*? * * @cliexpar * @cliexcmd{set ip punt policer} ?*/ /* *INDENT-OFF* */ VLIB_CLI_COMMAND (ip4_punt_redirect_command, static) = { .path = "ip punt redirect", .function = ip4_punt_redirect_cmd, .short_help = "ip punt redirect [add|del] rx [<interface>|all] via [<nh>] <tx_interface>", }; /* *INDENT-ON* */ u8 * format_ip_punt_redirect (u8 * s, va_list * args) { ip_punt_redirect_t *cfg = va_arg (*args, ip_punt_redirect_t *); ip_punt_redirect_rx_t *rx; u32 rx_sw_if_index; vnet_main_t *vnm = vnet_get_main (); vec_foreach_index (rx_sw_if_index, cfg->redirect_by_rx_sw_if_index) { rx = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index]; if (~0 != rx->tx_sw_if_index) { s = format (s, " rx %U redirect via %U %U\n", format_vnet_sw_interface_name, vnm, vnet_get_sw_interface (vnm, rx_sw_if_index), format_ip46_address, &rx->nh, IP46_TYPE_ANY, format_vnet_sw_interface_name, vnm, vnet_get_sw_interface (vnm, rx->tx_sw_if_index)); } } if (~0 != cfg->any_rx_sw_if_index.tx_sw_if_index) { s = format (s, " rx all redirect via %U %U\n", format_ip46_address, &cfg->any_rx_sw_if_index.nh, IP46_TYPE_ANY, format_vnet_sw_interface_name, vnm, vnet_get_sw_interface (vnm, cfg-> any_rx_sw_if_index.tx_sw_if_index)); } return (s); } static clib_error_t * ip4_punt_redirect_show_cmd (vlib_main_t * vm, unformat_input_t * main_input, vlib_cli_command_t * cmd) { vlib_cli_output (vm, "%U", format_ip_punt_redirect, &ip4_punt_redirect_cfg); return (NULL); } /*? * * @cliexpar * @cliexcmd{set ip punt redierect} ?*/ /* *INDENT-OFF* */ VLIB_CLI_COMMAND (show_ip4_punt_redirect_command, static) = { .path = "show ip punt redirect", .function = ip4_punt_redirect_show_cmd, .short_help = "show ip punt redirect", .is_mp_safe = 1, }; /* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON * * Local Variables: * eval: (c-set-style "gnu") * End: */