Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / 73ee23cecbe2806569132de64f6680297544cbe9 / . / src / vnet / sr / sr_steering.c
blob: 86d6f27cbe108839f2dd0f37ebe3526e7d23c777 [file] [log] [blame]
Pablo Camarillofb380952016-12-07 18:34:18 +0100[diff] [blame]1/*
2 * sr_steering.c: ipv6 segment routing steering into SR policy
3 *
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18/**
19 * @file
20 * @brief Packet steering into SR Policies
21 *
22 * This file is in charge of handling the FIB appropiatly to steer packets
23 * through SR Policies as defined in 'sr_policy_rewrite.c'. Notice that here
24 * we are only doing steering. SR policy application is done in
25 * sr_policy_rewrite.c
26 *
27 * Supports:
28 * - Steering of IPv6 traffic Destination Address based
29 * - Steering of IPv4 traffic Destination Address based
30 * - Steering of L2 frames, interface based (sw interface)
31 */
32
33#include <vlib/vlib.h>
34#include <vnet/vnet.h>
35#include <vnet/sr/sr.h>
36#include <vnet/ip/ip.h>
37#include <vnet/sr/sr_packet.h>
38#include <vnet/ip/ip6_packet.h>
39#include <vnet/fib/ip6_fib.h>
40#include <vnet/dpo/dpo.h>
41
42#include <vppinfra/error.h>
43#include <vppinfra/elog.h>
44
45/**
46 * @brief Steer traffic L2 and L3 traffic through a given SR policy
47 *
48 * @param is_del
49 * @param bsid is the bindingSID of the SR Policy (alt to sr_policy_index)
50 * @param sr_policy is the index of the SR Policy (alt to bsid)
51 * @param table_id is the VRF where to install the FIB entry for the BSID
52 * @param prefix is the IPv4/v6 address for L3 traffic type
53 * @param mask_width is the mask for L3 traffic type
54 * @param sw_if_index is the incoming interface for L2 traffic
55 * @param traffic_type describes the type of traffic
56 *
57 * @return 0 if correct, else error
58 */
59int
60sr_steering_policy (int is_del, ip6_address_t * bsid, u32 sr_policy_index,
61 u32 table_id, ip46_address_t * prefix, u32 mask_width,
62 u32 sw_if_index, u8 traffic_type)
63{
64 ip6_sr_main_t *sm = &sr_main;
65 sr_steering_key_t key, *key_copy;
66 ip6_sr_steering_policy_t *steer_pl;
67 fib_prefix_t pfx = { 0 };
68
69 ip6_sr_policy_t *sr_policy = 0;
70 uword *p = 0;
71
72 hash_pair_t *hp;
73
74 /* Compute the steer policy key */
75 if (prefix)
76 {
77 key.l3.prefix.as_u64[0] = prefix->as_u64[0];
78 key.l3.prefix.as_u64[1] = prefix->as_u64[1];
79 key.l3.mask_width = mask_width;
80 key.l3.fib_table = (table_id != (u32) ~ 0 ? table_id : 0);
81 }
82 else
83 {
84 key.l2.sw_if_index = sw_if_index;
85
86 /* Sanitise the SW_IF_INDEX */
87 if (pool_is_free_index (sm->vnet_main->interface_main.sw_interfaces,
88 sw_if_index))
89 return -3;
90
91 vnet_sw_interface_t *sw =
92 vnet_get_sw_interface (sm->vnet_main, sw_if_index);
93 if (sw->type != VNET_SW_INTERFACE_TYPE_HARDWARE)
94 return -3;
95 }
96
97 key.traffic_type = traffic_type;
98
99 /* Search for the item */
100 p = hash_get_mem (sm->steer_policies_index_by_key, &key);
101
102 if (p)
103 {
104 /* Retrieve Steer Policy function */
105 steer_pl = pool_elt_at_index (sm->steer_policies, p[0]);
106
107 if (is_del)
108 {
109 if (steer_pl->classify.traffic_type == SR_STEER_IPV6)
110 {
111 /* Remove FIB entry */
112 pfx.fp_proto = FIB_PROTOCOL_IP6;
113 pfx.fp_len = steer_pl->classify.l3.mask_width;
114 pfx.fp_addr.ip6 = steer_pl->classify.l3.prefix.ip6;
115
116 fib_table_entry_delete (fib_table_id_find_fib_index
117 (FIB_PROTOCOL_IP6,
118 steer_pl->classify.l3.fib_table), &pfx,
119 FIB_SOURCE_SR);
120 }
121 else if (steer_pl->classify.traffic_type == SR_STEER_IPV4)
122 {
123 /* Remove FIB entry */
124 pfx.fp_proto = FIB_PROTOCOL_IP4;
125 pfx.fp_len = steer_pl->classify.l3.mask_width;
126 pfx.fp_addr.ip4 = steer_pl->classify.l3.prefix.ip4;
127
128 fib_table_entry_delete (fib_table_id_find_fib_index
129 (FIB_PROTOCOL_IP4,
130 steer_pl->classify.l3.fib_table), &pfx,
131 FIB_SOURCE_SR);
132 }
133 else if (steer_pl->classify.traffic_type == SR_STEER_L2)
134 {
135 /* Remove HW redirection */
136 vnet_feature_enable_disable ("device-input",
137 "sr-policy-rewrite-encaps-l2",
138 sw_if_index, 0, 0, 0);
139 sm->sw_iface_sr_policies[sw_if_index] = ~(u32) 0;
140
141 /* Remove promiscous mode from interface */
142 vnet_main_t *vnm = vnet_get_main ();
143 ethernet_main_t *em = &ethernet_main;
144 ethernet_interface_t *eif =
145 ethernet_get_interface (em, sw_if_index);
146
147 if (!eif)
148 goto cleanup_error_redirection;
149
150 ethernet_set_flags (vnm, sw_if_index, 0);
151 }
152
153 /* Delete SR steering policy entry */
154 pool_put (sm->steer_policies, steer_pl);
155 hp = hash_get_pair (sm->steer_policies_index_by_key, &key);
156 key_copy = (void *) (hp->key);
157 hash_unset_mem (sm->steer_policies_index_by_key, &key);
158 vec_free (key_copy);
159 return 1;
160 }
161 else /* It means user requested to update an existing SR steering policy */
162 {
163 /* Retrieve SR steering policy */
164 if (bsid)
165 {
166 p = hash_get_mem (sm->sr_policy_index_by_key, bsid);
167 if (p)
168 sr_policy = pool_elt_at_index (sm->sr_policies, p[0]);
169 else
170 return -2;
171 }
172 else
173 sr_policy = pool_elt_at_index (sm->sr_policies, sr_policy_index);
174
175 if (!sr_policy)
176 return -2;
177
178 steer_pl->sr_policy = sr_policy - sm->sr_policies;
179
180 /* Remove old FIB/hw redirection and create a new one */
181 if (steer_pl->classify.traffic_type == SR_STEER_IPV6)
182 {
183 /* Remove FIB entry */
184 pfx.fp_proto = FIB_PROTOCOL_IP6;
185 pfx.fp_len = steer_pl->classify.l3.mask_width;
186 pfx.fp_addr.ip6 = steer_pl->classify.l3.prefix.ip6;
187
188 fib_table_entry_delete (fib_table_id_find_fib_index
189 (FIB_PROTOCOL_IP6,
190 steer_pl->classify.l3.fib_table), &pfx,
191 FIB_SOURCE_SR);
192
193 /* Create a new one */
194 goto update_fib;
195
196 }
197 else if (steer_pl->classify.traffic_type == SR_STEER_IPV4)
198 {
199 /* Remove FIB entry */
200 pfx.fp_proto = FIB_PROTOCOL_IP4;
201 pfx.fp_len = steer_pl->classify.l3.mask_width;
202 pfx.fp_addr.ip4 = steer_pl->classify.l3.prefix.ip4;
203
204 fib_table_entry_delete (fib_table_id_find_fib_index
205 (FIB_PROTOCOL_IP4,
206 steer_pl->classify.l3.fib_table), &pfx,
207 FIB_SOURCE_SR);
208
209 /* Create a new one */
210 goto update_fib;
211 }
212 else if (steer_pl->classify.traffic_type == SR_STEER_L2)
213 {
214 /* Update L2-HW redirection */
215 goto update_fib;
216 }
217 }
218 }
219 else
220 /* delete; steering policy does not exist; complain */
221 if (is_del)
222 return -4;
223
224 /* Retrieve SR policy */
225 if (bsid)
226 {
227 p = hash_get_mem (sm->sr_policy_index_by_key, bsid);
228 if (p)
229 sr_policy = pool_elt_at_index (sm->sr_policies, p[0]);
230 else
231 return -2;
232 }
233 else
234 sr_policy = pool_elt_at_index (sm->sr_policies, sr_policy_index);
235
236 /* Create a new steering policy */
237 pool_get (sm->steer_policies, steer_pl);
238 memset (steer_pl, 0, sizeof (*steer_pl));
239
240 if (traffic_type == SR_STEER_IPV4 || traffic_type == SR_STEER_IPV6)
241 {
242 clib_memcpy (&steer_pl->classify.l3.prefix, prefix,
243 sizeof (ip46_address_t));
244 steer_pl->classify.l3.mask_width = mask_width;
245 steer_pl->classify.l3.fib_table =
246 (table_id != (u32) ~ 0 ? table_id : 0);
247 steer_pl->classify.traffic_type = traffic_type;
248 }
249 else if (traffic_type == SR_STEER_L2)
250 {
251 steer_pl->classify.l2.sw_if_index = sw_if_index;
252 steer_pl->classify.traffic_type = traffic_type;
253 }
254 else
255 {
256 /* Incorrect API usage. Should never get here */
257 pool_put (sm->steer_policies, steer_pl);
258 hp = hash_get_pair (sm->steer_policies_index_by_key, &key);
259 key_copy = (void *) (hp->key);
260 hash_unset_mem (sm->steer_policies_index_by_key, &key);
261 vec_free (key_copy);
262 return -1;
263 }
264 steer_pl->sr_policy = sr_policy - sm->sr_policies;
265
266 /* Create and store key */
267 key_copy = vec_new (sr_steering_key_t, 1);
268 clib_memcpy (key_copy, &key, sizeof (sr_steering_key_t));
269 hash_set_mem (sm->steer_policies_index_by_key,
270 key_copy, steer_pl - sm->steer_policies);
271
272 if (traffic_type == SR_STEER_L2)
273 {
274 if (!sr_policy->is_encap)
275 goto cleanup_error_encap;
276
277 if (vnet_feature_enable_disable
278 ("device-input", "sr-policy-rewrite-encaps-l2", sw_if_index, 1, 0,
279 0))
280 goto cleanup_error_redirection;
281
282 /* Set promiscous mode on interface */
283 vnet_main_t *vnm = vnet_get_main ();
284 ethernet_main_t *em = &ethernet_main;
285 ethernet_interface_t *eif = ethernet_get_interface (em, sw_if_index);
286
287 if (!eif)
288 goto cleanup_error_redirection;
289
290 ethernet_set_flags (vnm, sw_if_index,
291 ETHERNET_INTERFACE_FLAG_ACCEPT_ALL);
292 }
293 else if (traffic_type == SR_STEER_IPV4)
294 if (!sr_policy->is_encap)
295 goto cleanup_error_encap;
296
297update_fib:
298 /* FIB API calls - Recursive route through the BindingSID */
299 if (traffic_type == SR_STEER_IPV6)
300 {
301 pfx.fp_proto = FIB_PROTOCOL_IP6;
302 pfx.fp_len = steer_pl->classify.l3.mask_width;
303 pfx.fp_addr.ip6 = steer_pl->classify.l3.prefix.ip6;
304
305 fib_table_entry_path_add (fib_table_id_find_fib_index (FIB_PROTOCOL_IP6,
306 (table_id !=
307 (u32) ~ 0 ?
308 table_id : 0)),
309 &pfx, FIB_SOURCE_CLI, FIB_ENTRY_FLAG_NONE,
310 FIB_PROTOCOL_IP6,
311 (ip46_address_t *) & sr_policy->bsid, ~0,
312 sm->fib_table_ip6, 1, NULL,
313 FIB_ROUTE_PATH_FLAG_NONE);
314 }
315 else if (traffic_type == SR_STEER_IPV4)
316 {
317 pfx.fp_proto = FIB_PROTOCOL_IP4;
318 pfx.fp_len = steer_pl->classify.l3.mask_width;
319 pfx.fp_addr.ip4 = steer_pl->classify.l3.prefix.ip4;
320
321 fib_table_entry_path_add (fib_table_id_find_fib_index (FIB_PROTOCOL_IP4,
322 (table_id !=
323 (u32) ~ 0 ?
324 table_id : 0)),
325 &pfx, FIB_SOURCE_CLI, FIB_ENTRY_FLAG_NONE,
326 FIB_PROTOCOL_IP6,
327 (ip46_address_t *) & sr_policy->bsid, ~0,
328 sm->fib_table_ip4, 1, NULL,
329 FIB_ROUTE_PATH_FLAG_NONE);
330 }
331 else if (traffic_type == SR_STEER_L2)
332 {
333 if (sw_if_index < vec_len (sm->sw_iface_sr_policies))
334 sm->sw_iface_sr_policies[sw_if_index] = steer_pl->sr_policy;
335 else
336 {
337 vec_resize (sm->sw_iface_sr_policies,
338 (pool_len (sm->vnet_main->interface_main.sw_interfaces)
339 - vec_len (sm->sw_iface_sr_policies)));
340 sm->sw_iface_sr_policies[sw_if_index] = steer_pl->sr_policy;
341 }
342 }
343
344 return 0;
345
346cleanup_error_encap:
347 pool_put (sm->steer_policies, steer_pl);
348 hp = hash_get_pair (sm->steer_policies_index_by_key, &key);
349 key_copy = (void *) (hp->key);
350 hash_unset_mem (sm->steer_policies_index_by_key, &key);
351 vec_free (key_copy);
352 return -5;
353
354cleanup_error_redirection:
355 pool_put (sm->steer_policies, steer_pl);
356 hp = hash_get_pair (sm->steer_policies_index_by_key, &key);
357 key_copy = (void *) (hp->key);
358 hash_unset_mem (sm->steer_policies_index_by_key, &key);
359 vec_free (key_copy);
360 return -3;
361}
362
363static clib_error_t *
364sr_steer_policy_command_fn (vlib_main_t * vm, unformat_input_t * input,
365 vlib_cli_command_t * cmd)
366{
367 vnet_main_t *vnm = vnet_get_main ();
368
369 int is_del = 0;
370
371 ip46_address_t prefix;
372 u32 dst_mask_width = 0;
373 u32 sw_if_index = (u32) ~ 0;
374 u8 traffic_type = 0;
375 u32 fib_table = (u32) ~ 0;
376
377 ip6_address_t bsid;
378 u32 sr_policy_index = (u32) ~ 0;
379
380 u8 sr_policy_set = 0;
381
382 int rv;
383 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
384 {
385 if (unformat (input, "del"))
386 is_del = 1;
387 else if (!traffic_type
388 && unformat (input, "l3 %U/%d", unformat_ip6_address,
389 &prefix.ip6, &dst_mask_width))
390 traffic_type = SR_STEER_IPV6;
391 else if (!traffic_type
392 && unformat (input, "l3 %U/%d", unformat_ip4_address,
393 &prefix.ip4, &dst_mask_width))
394 traffic_type = SR_STEER_IPV4;
395 else if (!traffic_type
396 && unformat (input, "l2 %U", unformat_vnet_sw_interface, vnm,
397 &sw_if_index))
398 traffic_type = SR_STEER_L2;
399 else if (!sr_policy_set
400 && unformat (input, "via sr policy index %d",
401 &sr_policy_index))
402 sr_policy_set = 1;
403 else if (!sr_policy_set
404 && unformat (input, "via sr policy bsid %U",
405 unformat_ip6_address, &bsid))
406 sr_policy_set = 1;
407 else if (fib_table == (u32) ~ 0
408 && unformat (input, "fib-table %d", &fib_table));
409 else
410 break;
411 }
412
413 if (!traffic_type)
414 return clib_error_return (0, "No L2/L3 traffic specified");
415 if (!sr_policy_set)
416 return clib_error_return (0, "No SR policy specified");
417
418 /* Make sure that the prefixes are clean */
419 if (traffic_type == SR_STEER_IPV4)
420 {
421 u32 mask =
422 (dst_mask_width ? (0xFFFFFFFFu >> (32 - dst_mask_width)) : 0);
423 prefix.ip4.as_u32 &= mask;
424 }
425 else if (traffic_type == SR_STEER_IPV6)
426 {
427 ip6_address_t mask;
428 ip6_address_mask_from_width (&mask, dst_mask_width);
429 ip6_address_mask (&prefix.ip6, &mask);
430 }
431
432 rv =
433 sr_steering_policy (is_del, (sr_policy_index == ~(u32) 0 ? &bsid : NULL),
434 sr_policy_index, fib_table, &prefix, dst_mask_width,
435 sw_if_index, traffic_type);
436
437 switch (rv)
438 {
439 case 0:
440 break;
441 case 1:
442 return 0;
443 case -1:
444 return clib_error_return (0, "Incorrect API usage.");
445 case -2:
446 return clib_error_return (0,
447 "The requested SR policy could not be located. Review the BSID/index.");
448 case -3:
449 return clib_error_return (0,
450 "Unable to do SW redirect. Incorrect interface.");
451 case -4:
452 return clib_error_return (0,
453 "The requested SR policy could not be deleted. Review the BSID/index.");
454 case -5:
455 return clib_error_return (0,
456 "The SR policy is not an encapsulation one.");
457 default:
458 return clib_error_return (0, "BUG: sr steer policy returns %d", rv);
459 }
460 return 0;
461}
462
463/* *INDENT-OFF* */
464VLIB_CLI_COMMAND (sr_steer_policy_command, static) = {
465 .path = "sr steer",
466 .short_help = "sr steer (del) [l3 <ip_addr/mask>|l2 <sf_if>]"
467 "via sr policy [index <sr_policy_index>|bsid <bsid_ip6_addr>]"
468 "(fib-table <fib_table_index>)",
469 .long_help =
470 "\tSteer a L2 or L3 traffic through an existing SR policy.\n"
471 "\tExamples:\n"
472 "\t\tsr steer l3 2001::/64 via sr_policy index 5\n"
473 "\t\tsr steer l3 2001::/64 via sr_policy bsid 2010::9999:1\n"
474 "\t\tsr steer l2 GigabitEthernet0/5/0 via sr_policy index 5\n"
475 "\t\tsr steer del l3 2001::/64 via sr_policy index 5\n",
476 .function = sr_steer_policy_command_fn,
477};
478/* *INDENT-ON* */
479
480static clib_error_t *
481show_sr_steering_policies_command_fn (vlib_main_t * vm,
482 unformat_input_t * input,
483 vlib_cli_command_t * cmd)
484{
485 ip6_sr_main_t *sm = &sr_main;
486 ip6_sr_steering_policy_t **steer_policies = 0;
487 ip6_sr_steering_policy_t *steer_pl;
488
489 vnet_main_t *vnm = vnet_get_main ();
490
491 ip6_sr_policy_t *pl = 0;
492 int i;
493
494 vlib_cli_output (vm, "SR steering policies:");
495 /* *INDENT-OFF* */
496 pool_foreach (steer_pl, sm->steer_policies, ({vec_add1(steer_policies, steer_pl);}));
497 /* *INDENT-ON* */
498 vlib_cli_output (vm, "Traffic\t\tSR policy BSID");
499 for (i = 0; i < vec_len (steer_policies); i++)
500 {
501 steer_pl = steer_policies[i];
502 pl = pool_elt_at_index (sm->sr_policies, steer_pl->sr_policy);
503 if (steer_pl->classify.traffic_type == SR_STEER_L2)
504 {
505 vlib_cli_output (vm, "L2 %U\t%U",
506 format_vnet_sw_if_index_name, vnm,
507 steer_pl->classify.l2.sw_if_index,
508 format_ip6_address, &pl->bsid);
509 }
510 else if (steer_pl->classify.traffic_type == SR_STEER_IPV4)
511 {
512 vlib_cli_output (vm, "L3 %U/%d\t%U",
513 format_ip4_address,
514 &steer_pl->classify.l3.prefix.ip4,
515 steer_pl->classify.l3.mask_width,
516 format_ip6_address, &pl->bsid);
517 }
518 else if (steer_pl->classify.traffic_type == SR_STEER_IPV6)
519 {
520 vlib_cli_output (vm, "L3 %U/%d\t%U",
521 format_ip6_address,
522 &steer_pl->classify.l3.prefix.ip6,
523 steer_pl->classify.l3.mask_width,
524 format_ip6_address, &pl->bsid);
525 }
526 }
527 return 0;
528}
529
530/* *INDENT-OFF* */
531VLIB_CLI_COMMAND (show_sr_steering_policies_command, static) = {
532 .path = "show sr steering policies",
533 .short_help = "show sr steering policies",
534 .function = show_sr_steering_policies_command_fn,
535};
536/* *INDENT-ON* */
537
538clib_error_t *
539sr_steering_init (vlib_main_t * vm)
540{
541 ip6_sr_main_t *sm = &sr_main;
542
543 /* Init memory for function keys */
544 sm->steer_policies_index_by_key =
545 hash_create_mem (0, sizeof (sr_steering_key_t), sizeof (uword));
546
547 sm->sw_iface_sr_policies = 0;
548
549 sm->vnet_main = vnet_get_main ();
550
551 return 0;
552}
553
554VLIB_INIT_FUNCTION (sr_steering_init);
555
556VNET_FEATURE_INIT (sr_policy_rewrite_encaps_l2, static) =
557{
558.arc_name = "device-input",.node_name =
559 "sr-pl-rewrite-encaps-l2",.runs_before =
560 VNET_FEATURES ("ethernet-input"),};
561
562/*
563* fd.io coding-style-patch-verification: ON
564*
565* Local Variables:
566* eval: (c-set-style "gnu")
567* End:
568*/