summaryrefslogtreecommitdiffstats
path: root/src/vnet/dpo/ip_null_dpo.h
blob: 6c7ced5124a741b30d3ed07c61f4fe3844abc1f1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
/*
 * Copyright (c) 2016 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/**
 * @brief
 * The IP NULL DPO represents the rubbish bin for IP traffic. Without specifying an
 * action (i.e. send IMCP type X to sender) it is equivalent to using a drop DPO.
 * However, in contrast to the drop DPO any route that resovles via a NULL, is
 * considered to 'resolved' by FIB, i.e. a IP NULL is used when the control plane
 * is explicitly expressing the desire to drop packets. Drop DPOs are used
 * internally by FIB when resolution is not possible.
 *
 * Any replies to sender are rate limited.
 */

#ifndef __IP_NULL_DPO_H__
#define __IP_NULL_DPO_H__

#include <vnet/dpo/dpo.h>

/**
 * @brief Actions to take when a packet encounters the NULL DPO
 */
typedef enum ip_null_dpo_action_t_
{
    IP_NULL_ACTION_NONE,
    IP_NULL_ACTION_SEND_ICMP_UNREACH,
    IP_NULL_ACTION_SEND_ICMP_PROHIBIT,
} ip_null_dpo_action_t;

#define IP_NULL_ACTIONS {						\
    [IP_NULL_ACTION_NONE] = "discard",					\
    [IP_NULL_ACTION_SEND_ICMP_UNREACH] = "send-unreachable",		\
    [IP_NULL_ACTION_SEND_ICMP_PROHIBIT] = "send-prohibited",		\
}

#define IP_NULL_DPO_ACTION_NUM (IP_NULL_ACTION_SEND_ICMP_PROHIBIT+1)

extern void ip_null_dpo_add_and_lock (dpo_proto_t proto,
				      ip_null_dpo_action_t action,
				      dpo_id_t *dpo);

extern void ip_null_dpo_module_init(void);

extern ip_null_dpo_action_t ip_null_dpo_get_action(index_t indi);

#endif