3be9164f80
Type: improvement Signed-off-by: Neale Ranns <nranns@cisco.com> Signed-off-by: Benoît Ganne <bganne@cisco.com> Change-Id: I2f30a4f04fd9a8635ce2d259b5fd5b0c85cee8c3
293 lines
7.2 KiB
C
293 lines
7.2 KiB
C
/*
|
|
* Copyright (c) 2018 Cisco and/or its affiliates.
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at:
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <plugins/gbp/gbp_recirc.h>
|
|
#include <plugins/gbp/gbp_endpoint_group.h>
|
|
#include <plugins/gbp/gbp_endpoint.h>
|
|
#include <plugins/gbp/gbp_itf.h>
|
|
|
|
#include <vnet/dpo/dvr_dpo.h>
|
|
#include <vnet/fib/fib_table.h>
|
|
|
|
#include <vlib/unix/plugin.h>
|
|
|
|
/**
|
|
* Pool of GBP recircs
|
|
*/
|
|
gbp_recirc_t *gbp_recirc_pool;
|
|
|
|
/**
|
|
* Recirc configs keyed by sw_if_index
|
|
*/
|
|
index_t *gbp_recirc_db;
|
|
|
|
/**
|
|
* logger
|
|
*/
|
|
vlib_log_class_t gr_logger;
|
|
|
|
/**
|
|
* L2 Emulation enable/disable symbols
|
|
*/
|
|
static void (*l2e_enable) (u32 sw_if_index);
|
|
static void (*l2e_disable) (u32 sw_if_index);
|
|
|
|
#define GBP_RECIRC_DBG(...) \
|
|
vlib_log_debug (gr_logger, __VA_ARGS__);
|
|
|
|
u8 *
|
|
format_gbp_recirc (u8 * s, va_list * args)
|
|
{
|
|
gbp_recirc_t *gr = va_arg (*args, gbp_recirc_t *);
|
|
vnet_main_t *vnm = vnet_get_main ();
|
|
|
|
return format (s, " %U, sclass:%d, ext:%d",
|
|
format_vnet_sw_if_index_name, vnm,
|
|
gr->gr_sw_if_index, gr->gr_sclass, gr->gr_is_ext);
|
|
}
|
|
|
|
int
|
|
gbp_recirc_add (u32 sw_if_index, sclass_t sclass, u8 is_ext)
|
|
{
|
|
gbp_recirc_t *gr;
|
|
index_t gri;
|
|
|
|
vec_validate_init_empty (gbp_recirc_db, sw_if_index, INDEX_INVALID);
|
|
|
|
gri = gbp_recirc_db[sw_if_index];
|
|
|
|
if (INDEX_INVALID == gri)
|
|
{
|
|
gbp_endpoint_group_t *gg;
|
|
fib_protocol_t fproto;
|
|
index_t ggi;
|
|
|
|
ggi = gbp_endpoint_group_find (sclass);
|
|
|
|
if (INDEX_INVALID == ggi)
|
|
return (VNET_API_ERROR_NO_SUCH_ENTRY);
|
|
|
|
gbp_endpoint_group_lock (ggi);
|
|
pool_get_zero (gbp_recirc_pool, gr);
|
|
gri = gr - gbp_recirc_pool;
|
|
|
|
gr->gr_sclass = sclass;
|
|
gr->gr_is_ext = is_ext;
|
|
gr->gr_sw_if_index = sw_if_index;
|
|
|
|
/*
|
|
* IP enable the recirc interface
|
|
*/
|
|
ip4_sw_interface_enable_disable (gr->gr_sw_if_index, 1);
|
|
ip6_sw_interface_enable_disable (gr->gr_sw_if_index, 1);
|
|
|
|
/*
|
|
* cache the FIB indicies of the EPG
|
|
*/
|
|
gr->gr_epgi = ggi;
|
|
|
|
gg = gbp_endpoint_group_get (gr->gr_epgi);
|
|
FOR_EACH_FIB_IP_PROTOCOL (fproto)
|
|
{
|
|
gr->gr_fib_index[fib_proto_to_dpo (fproto)] =
|
|
gbp_endpoint_group_get_fib_index (gg, fproto);
|
|
}
|
|
|
|
/*
|
|
* bind to the bridge-domain of the EPG
|
|
*/
|
|
gr->gr_itf = gbp_itf_l2_add_and_lock (gr->gr_sw_if_index, gg->gg_gbd);
|
|
|
|
/*
|
|
* set the interface into L2 emulation mode
|
|
*/
|
|
l2e_enable (gr->gr_sw_if_index);
|
|
|
|
/*
|
|
* Packets on the recirculation interface are subject to src-EPG
|
|
* classification. Recirc interfaces are L2-emulation mode.
|
|
* for internal EPGs this is via an LPM on all external subnets.
|
|
* for external EPGs this is via a port mapping.
|
|
*/
|
|
if (gr->gr_is_ext)
|
|
{
|
|
mac_address_t mac;
|
|
/*
|
|
* recirc is for post-NAT translation packets going into
|
|
* the external EPG, these are classified to the NAT EPG
|
|
* based on its port
|
|
*/
|
|
mac_address_from_bytes (&mac,
|
|
vnet_sw_interface_get_hw_address
|
|
(vnet_get_main (), gr->gr_sw_if_index));
|
|
gbp_endpoint_update_and_lock (GBP_ENDPOINT_SRC_CP,
|
|
gr->gr_sw_if_index,
|
|
NULL, &mac, INDEX_INVALID,
|
|
INDEX_INVALID, gr->gr_sclass,
|
|
GBP_ENDPOINT_FLAG_NONE,
|
|
NULL, NULL, &gr->gr_ep);
|
|
vnet_feature_enable_disable ("ip4-unicast",
|
|
"ip4-gbp-src-classify",
|
|
gr->gr_sw_if_index, 1, 0, 0);
|
|
vnet_feature_enable_disable ("ip6-unicast",
|
|
"ip6-gbp-src-classify",
|
|
gr->gr_sw_if_index, 1, 0, 0);
|
|
}
|
|
else
|
|
{
|
|
/*
|
|
* recirc is for pre-NAT translation packets coming from
|
|
* the external EPG, these are classified based on a LPM
|
|
* in the EPG's route-domain
|
|
*/
|
|
vnet_feature_enable_disable ("ip4-unicast",
|
|
"ip4-gbp-lpm-classify",
|
|
gr->gr_sw_if_index, 1, 0, 0);
|
|
vnet_feature_enable_disable ("ip6-unicast",
|
|
"ip6-gbp-lpm-classify",
|
|
gr->gr_sw_if_index, 1, 0, 0);
|
|
}
|
|
|
|
gbp_recirc_db[sw_if_index] = gri;
|
|
}
|
|
else
|
|
{
|
|
gr = gbp_recirc_get (gri);
|
|
}
|
|
|
|
GBP_RECIRC_DBG ("add: %U", format_gbp_recirc, gr);
|
|
return (0);
|
|
}
|
|
|
|
int
|
|
gbp_recirc_delete (u32 sw_if_index)
|
|
{
|
|
gbp_recirc_t *gr;
|
|
index_t gri;
|
|
|
|
if (vec_len (gbp_recirc_db) <= sw_if_index)
|
|
return VNET_API_ERROR_INVALID_SW_IF_INDEX;
|
|
gri = gbp_recirc_db[sw_if_index];
|
|
|
|
if (INDEX_INVALID != gri)
|
|
{
|
|
gr = pool_elt_at_index (gbp_recirc_pool, gri);
|
|
|
|
GBP_RECIRC_DBG ("del: %U", format_gbp_recirc, gr);
|
|
|
|
if (gr->gr_is_ext)
|
|
{
|
|
gbp_endpoint_unlock (GBP_ENDPOINT_SRC_CP, gr->gr_ep);
|
|
vnet_feature_enable_disable ("ip4-unicast",
|
|
"ip4-gbp-src-classify",
|
|
gr->gr_sw_if_index, 0, 0, 0);
|
|
vnet_feature_enable_disable ("ip6-unicast",
|
|
"ip6-gbp-src-classify",
|
|
gr->gr_sw_if_index, 0, 0, 0);
|
|
}
|
|
else
|
|
{
|
|
vnet_feature_enable_disable ("ip4-unicast",
|
|
"ip4-gbp-lpm-classify",
|
|
gr->gr_sw_if_index, 0, 0, 0);
|
|
vnet_feature_enable_disable ("ip6-unicast",
|
|
"ip6-gbp-lpm-classify",
|
|
gr->gr_sw_if_index, 0, 0, 0);
|
|
}
|
|
|
|
ip4_sw_interface_enable_disable (gr->gr_sw_if_index, 0);
|
|
ip6_sw_interface_enable_disable (gr->gr_sw_if_index, 0);
|
|
l2e_disable (gr->gr_sw_if_index);
|
|
|
|
gbp_itf_unlock (&gr->gr_itf);
|
|
|
|
gbp_endpoint_group_unlock (gr->gr_epgi);
|
|
gbp_recirc_db[sw_if_index] = INDEX_INVALID;
|
|
pool_put (gbp_recirc_pool, gr);
|
|
return (0);
|
|
}
|
|
return VNET_API_ERROR_NO_SUCH_ENTRY;
|
|
}
|
|
|
|
void
|
|
gbp_recirc_walk (gbp_recirc_cb_t cb, void *ctx)
|
|
{
|
|
gbp_recirc_t *ge;
|
|
|
|
/* *INDENT-OFF* */
|
|
pool_foreach (ge, gbp_recirc_pool)
|
|
{
|
|
if (!cb(ge, ctx))
|
|
break;
|
|
}
|
|
/* *INDENT-ON* */
|
|
}
|
|
|
|
static walk_rc_t
|
|
gbp_recirc_show_one (gbp_recirc_t * gr, void *ctx)
|
|
{
|
|
vlib_cli_output (ctx, " %U", format_gbp_recirc, gr);
|
|
|
|
return (WALK_CONTINUE);
|
|
}
|
|
|
|
static clib_error_t *
|
|
gbp_recirc_show (vlib_main_t * vm,
|
|
unformat_input_t * input, vlib_cli_command_t * cmd)
|
|
{
|
|
vlib_cli_output (vm, "Recirculation-Interfaces:");
|
|
gbp_recirc_walk (gbp_recirc_show_one, vm);
|
|
|
|
return (NULL);
|
|
}
|
|
|
|
/*?
|
|
* Show Group Based Policy Recircs and derived information
|
|
*
|
|
* @cliexpar
|
|
* @cliexstart{show gbp recirc}
|
|
* @cliexend
|
|
?*/
|
|
/* *INDENT-OFF* */
|
|
VLIB_CLI_COMMAND (gbp_recirc_show_node, static) = {
|
|
.path = "show gbp recirc",
|
|
.short_help = "show gbp recirc\n",
|
|
.function = gbp_recirc_show,
|
|
};
|
|
/* *INDENT-ON* */
|
|
|
|
static clib_error_t *
|
|
gbp_recirc_init (vlib_main_t * vm)
|
|
{
|
|
gr_logger = vlib_log_register_class ("gbp", "recirc");
|
|
|
|
l2e_enable =
|
|
vlib_get_plugin_symbol ("l2e_plugin.so", "l2_emulation_enable");
|
|
l2e_disable =
|
|
vlib_get_plugin_symbol ("l2e_plugin.so", "l2_emulation_disable");
|
|
|
|
return (NULL);
|
|
}
|
|
|
|
VLIB_INIT_FUNCTION (gbp_recirc_init);
|
|
|
|
/*
|
|
* fd.io coding-style-patch-verification: ON
|
|
*
|
|
* Local Variables:
|
|
* eval: (c-set-style "gnu")
|
|
* End:
|
|
*/
|