1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
|
/*
* Copyright (c) 2015 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <vnet/ip/ip.h>
#include <vnet/ip/ip_punt_drop.h>
#include <vnet/policer/policer.h>
#include <vnet/policer/police_inlines.h>
/* *INDENT-OFF* */
VNET_FEATURE_ARC_INIT (ip4_punt) =
{
.arc_name = "ip4-punt",
.start_nodes = VNET_FEATURES ("ip4-punt"),
};
VNET_FEATURE_ARC_INIT (ip4_drop) =
{
.arc_name = "ip4-drop",
.start_nodes = VNET_FEATURES ("ip4-drop", "ip4-not-enabled"),
};
/* *INDENT-ON* */
u8 *
format_ip_punt_policer_trace (u8 * s, va_list * args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
ip_punt_policer_trace_t *t = va_arg (*args, ip_punt_policer_trace_t *);
s = format (s, "policer_index %d next %d", t->policer_index, t->next);
return s;
}
ip_punt_policer_t ip4_punt_policer_cfg = {
.policer_index = ~0,
};
static char *ip4_punt_policer_error_strings[] = {
#define _(sym,string) string,
foreach_ip_punt_policer_error
#undef _
};
static uword
ip4_punt_policer (vlib_main_t * vm,
vlib_node_runtime_t * node, vlib_frame_t * frame)
{
return (ip_punt_policer (vm, node, frame,
vnet_feat_arc_ip4_punt.feature_arc_index,
ip4_punt_policer_cfg.policer_index));
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_punt_policer_node, static) = {
.function = ip4_punt_policer,
.name = "ip4-punt-policer",
.vector_size = sizeof (u32),
.n_next_nodes = IP_PUNT_POLICER_N_NEXT,
.format_trace = format_ip_punt_policer_trace,
.n_errors = ARRAY_LEN(ip4_punt_policer_error_strings),
.error_strings = ip4_punt_policer_error_strings,
.next_nodes = {
[IP_PUNT_POLICER_NEXT_DROP] = "ip4-drop",
},
};
VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_policer_node,
ip4_punt_policer);
VNET_FEATURE_INIT (ip4_punt_policer_node, static) = {
.arc_name = "ip4-punt",
.node_name = "ip4-punt-policer",
.runs_before = VNET_FEATURES("ip4-punt-redirect"),
};
/* *INDENT-ON* */
u8 *
format_ip_punt_redirect_trace (u8 * s, va_list * args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
ip_punt_redirect_trace_t *t = va_arg (*args, ip_punt_redirect_trace_t *);
vnet_main_t *vnm = vnet_get_main ();
vnet_sw_interface_t *si;
si = vnet_get_sw_interface_safe (vnm, t->redirect.tx_sw_if_index);
if (NULL != si)
s = format (s, "via %U on %U using adj:%d",
format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY,
format_vnet_sw_interface_name, vnm, si,
t->redirect.adj_index);
else
s = format (s, "via %U on %d using adj:%d",
format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY,
t->redirect.tx_sw_if_index, t->redirect.adj_index);
return s;
}
/* *INDENT-OFF* */
ip_punt_redirect_t ip4_punt_redirect_cfg = {
.any_rx_sw_if_index = {
.tx_sw_if_index = ~0,
.adj_index = ADJ_INDEX_INVALID,
},
};
/* *INDENT-ON* */
#define foreach_ip4_punt_redirect_error \
_(DROP, "ip4 punt redirect drop")
typedef enum
{
#define _(sym,str) IP4_PUNT_REDIRECT_ERROR_##sym,
foreach_ip4_punt_redirect_error
#undef _
IP4_PUNT_REDIRECT_N_ERROR,
} ip4_punt_redirect_error_t;
static char *ip4_punt_redirect_error_strings[] = {
#define _(sym,string) string,
foreach_ip4_punt_redirect_error
#undef _
};
static uword
ip4_punt_redirect (vlib_main_t * vm,
vlib_node_runtime_t * node, vlib_frame_t * frame)
{
return (ip_punt_redirect (vm, node, frame,
vnet_feat_arc_ip4_punt.feature_arc_index,
&ip4_punt_redirect_cfg));
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_punt_redirect_node, static) = {
.function = ip4_punt_redirect,
.name = "ip4-punt-redirect",
.vector_size = sizeof (u32),
.n_next_nodes = IP_PUNT_REDIRECT_N_NEXT,
.format_trace = format_ip_punt_redirect_trace,
.n_errors = ARRAY_LEN(ip4_punt_redirect_error_strings),
.error_strings = ip4_punt_redirect_error_strings,
/* edit / add dispositions here */
.next_nodes = {
[IP_PUNT_REDIRECT_NEXT_DROP] = "ip4-drop",
[IP_PUNT_REDIRECT_NEXT_TX] = "ip4-rewrite",
[IP_PUNT_REDIRECT_NEXT_ARP] = "ip4-arp",
},
};
VLIB_NODE_FUNCTION_MULTIARCH (ip4_punt_redirect_node,
ip4_punt_redirect);
VNET_FEATURE_INIT (ip4_punt_redirect_node, static) = {
.arc_name = "ip4-punt",
.node_name = "ip4-punt-redirect",
.runs_before = VNET_FEATURES("error-punt"),
};
/* *INDENT-ON* */
static uword
ip4_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
{
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
return ip_drop_or_punt (vm, node, frame,
vnet_feat_arc_ip4_drop.feature_arc_index);
}
static uword
ip4_not_enabled (vlib_main_t * vm,
vlib_node_runtime_t * node, vlib_frame_t * frame)
{
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
return ip_drop_or_punt (vm, node, frame,
vnet_feat_arc_ip4_drop.feature_arc_index);
}
static uword
ip4_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
{
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
return ip_drop_or_punt (vm, node, frame,
vnet_feat_arc_ip4_punt.feature_arc_index);
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (ip4_drop_node, static) =
{
.function = ip4_drop,
.name = "ip4-drop",
.vector_size = sizeof (u32),
.format_trace = format_ip4_forward_next_trace,
.n_next_nodes = 1,
.next_nodes = {
[0] = "error-drop",
},
};
VLIB_NODE_FUNCTION_MULTIARCH (ip4_drop_node, ip4_drop);
VLIB_REGISTER_NODE (ip4_not_enabled_node, static) =
{
.function = ip4_not_enabled,
.name = "ip4-not-enabled",
.vector_size = sizeof (u32),
.format_trace = format_ip4_forward_next_trace,
.n_next_nodes = 1,
.next_nodes = {
[0] = "error-drop",
},
};
VLIB_NODE_FUNCTION_MULTIARCH (ip4_not_enabled_node, ip4_not_enabled);
VLIB_REGISTER_NODE (ip4_punt_node, static) =
{
.function = ip4_punt,
.name = "ip4-punt",
.vector_size = sizeof (u32),
.format_trace = format_ip4_forward_next_trace,
.n_next_nodes = 1,
.next_nodes = {
[0] = "error-punt",
},
};
VNET_FEATURE_INIT (ip4_punt_end_of_arc, static) = {
.arc_name = "ip4-punt",
.node_name = "error-punt",
.runs_before = 0, /* not before any other features */
};
VNET_FEATURE_INIT (ip4_drop_end_of_arc, static) = {
.arc_name = "ip4-drop",
.node_name = "error-drop",
.runs_before = 0, /* not before any other features */
};
/* *INDENT-ON */
void
ip4_punt_policer_add_del (u8 is_add, u32 policer_index)
{
ip4_punt_policer_cfg.policer_index = policer_index;
vnet_feature_enable_disable ("ip4-punt", "ip4-punt-policer",
0, is_add, 0, 0);
}
static clib_error_t *
ip4_punt_police_cmd (vlib_main_t * vm,
unformat_input_t * main_input,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
u32 policer_index;
u8 is_add = 1;
policer_index = ~0;
if (!unformat_user (main_input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "%d", &policer_index))
;
else if (unformat (line_input, "del"))
is_add = 0;
else if (unformat (line_input, "add"))
is_add = 1;
else
{
error = unformat_parse_error (line_input);
goto done;
}
}
if (is_add && ~0 == policer_index)
{
error = clib_error_return (0, "expected policer index `%U'",
format_unformat_error, line_input);
goto done;
}
if (!is_add)
policer_index = ~0;
ip4_punt_policer_add_del(is_add, policer_index);
done:
unformat_free (line_input);
return (error);
}
/*?
*
* @cliexpar
* @cliexcmd{set ip punt policer <INDEX>}
?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (ip4_punt_policer_command, static) =
{
.path = "ip punt policer",
.function = ip4_punt_police_cmd,
.short_help = "ip punt policer [add|del] <index>",
};
/* *INDENT-ON* */
/*
* an uninitalised rx-redirect strcut used to pad the vector
*/
ip_punt_redirect_rx_t uninit_rx_redirect = {
.tx_sw_if_index = ~0,
.adj_index = ADJ_INDEX_INVALID,
};
void
ip_punt_redirect_add (ip_punt_redirect_t * cfg,
u32 rx_sw_if_index,
ip_punt_redirect_rx_t * redirect,
fib_protocol_t fproto, vnet_link_t linkt)
{
ip_punt_redirect_rx_t *new;
if (~0 == rx_sw_if_index)
{
cfg->any_rx_sw_if_index = *redirect;
new = &cfg->any_rx_sw_if_index;
}
else
{
vec_validate_init_empty (cfg->redirect_by_rx_sw_if_index,
rx_sw_if_index, uninit_rx_redirect);
cfg->redirect_by_rx_sw_if_index[rx_sw_if_index] = *redirect;
new = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index];
}
new->adj_index = adj_nbr_add_or_lock (fproto, linkt,
&redirect->nh,
redirect->tx_sw_if_index);
}
void
ip_punt_redirect_del (ip_punt_redirect_t * cfg, u32 rx_sw_if_index)
{
ip_punt_redirect_rx_t *old;
if (~0 == rx_sw_if_index)
{
old = &cfg->any_rx_sw_if_index;
}
else
{
old = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index];
}
if ((old == NULL) || (old->adj_index == ADJ_INDEX_INVALID))
return;
adj_unlock (old->adj_index);
*old = uninit_rx_redirect;
}
void
ip4_punt_redirect_add (u32 rx_sw_if_index,
u32 tx_sw_if_index, ip46_address_t * nh)
{
ip_punt_redirect_rx_t rx = {
.tx_sw_if_index = tx_sw_if_index,
.nh = *nh,
};
ip_punt_redirect_add (&ip4_punt_redirect_cfg,
rx_sw_if_index, &rx, FIB_PROTOCOL_IP4, VNET_LINK_IP4);
vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 1, 0, 0);
}
void
ip4_punt_redirect_del (u32 rx_sw_if_index)
{
vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 0, 0, 0);
ip_punt_redirect_del (&ip4_punt_redirect_cfg, rx_sw_if_index);
}
static clib_error_t *
ip4_punt_redirect_cmd (vlib_main_t * vm,
unformat_input_t * main_input,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
u32 rx_sw_if_index = 0;
u32 tx_sw_if_index = 0;
ip46_address_t nh;
vnet_main_t *vnm;
u8 is_add;
is_add = 1;
vnm = vnet_get_main ();
if (!unformat_user (main_input, unformat_line_input, line_input))
return 0;
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "del"))
is_add = 0;
else if (unformat (line_input, "add"))
is_add = 1;
else if (unformat (line_input, "rx all"))
rx_sw_if_index = ~0;
else if (unformat (line_input, "rx %U",
unformat_vnet_sw_interface, vnm, &rx_sw_if_index))
;
else if (unformat (line_input, "via %U %U",
unformat_ip4_address,
&nh.ip4,
unformat_vnet_sw_interface, vnm, &tx_sw_if_index))
;
else if (unformat (line_input, "via %U",
unformat_vnet_sw_interface, vnm, &tx_sw_if_index))
memset (&nh, 0, sizeof (nh));
else
{
error = unformat_parse_error (line_input);
goto done;
}
}
if (is_add)
{
if (rx_sw_if_index && tx_sw_if_index)
{
ip4_punt_redirect_add (rx_sw_if_index, tx_sw_if_index, &nh);
}
}
else
{
if (rx_sw_if_index)
{
ip4_punt_redirect_del (rx_sw_if_index);
}
}
done:
unformat_free (line_input);
return (error);
}
/*?
*
* @cliexpar
* @cliexcmd{set ip punt policer}
?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (ip4_punt_redirect_command, static) =
{
.path = "ip punt redirect",
.function = ip4_punt_redirect_cmd,
.short_help = "ip punt redirect [add|del] rx [<interface>|all] via [<nh>] <tx_interface>",
};
/* *INDENT-ON* */
u8 *
format_ip_punt_redirect (u8 * s, va_list * args)
{
ip_punt_redirect_t *cfg = va_arg (*args, ip_punt_redirect_t *);
ip_punt_redirect_rx_t *rx;
u32 rx_sw_if_index;
vnet_main_t *vnm = vnet_get_main ();
vec_foreach_index (rx_sw_if_index, cfg->redirect_by_rx_sw_if_index)
{
rx = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index];
if (~0 != rx->tx_sw_if_index)
{
s = format (s, " rx %U redirect via %U %U\n",
format_vnet_sw_interface_name, vnm,
vnet_get_sw_interface (vnm, rx_sw_if_index),
format_ip46_address, &rx->nh, IP46_TYPE_ANY,
format_vnet_sw_interface_name, vnm,
vnet_get_sw_interface (vnm, rx->tx_sw_if_index));
}
}
if (~0 != cfg->any_rx_sw_if_index.tx_sw_if_index)
{
s = format (s, " rx all redirect via %U %U\n",
format_ip46_address, &cfg->any_rx_sw_if_index.nh,
IP46_TYPE_ANY, format_vnet_sw_interface_name, vnm,
vnet_get_sw_interface (vnm,
cfg->
any_rx_sw_if_index.tx_sw_if_index));
}
return (s);
}
static clib_error_t *
ip4_punt_redirect_show_cmd (vlib_main_t * vm,
unformat_input_t * main_input,
vlib_cli_command_t * cmd)
{
vlib_cli_output (vm, "%U", format_ip_punt_redirect, &ip4_punt_redirect_cfg);
return (NULL);
}
/*?
*
* @cliexpar
* @cliexcmd{set ip punt redierect}
?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (show_ip4_punt_redirect_command, static) =
{
.path = "show ip punt redirect",
.function = ip4_punt_redirect_show_cmd,
.short_help = "show ip punt redirect",
.is_mp_safe = 1,
};
/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/
|
