Line data Source code
1 : /*
2 : * Copyright (c) 2016,2020 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : #include <plugins/adl/adl.h>
16 : #include <vnet/fib/ip4_fib.h>
17 : #include <vnet/dpo/load_balance.h>
18 :
19 : typedef struct {
20 : u32 next_index;
21 : u32 sw_if_index;
22 : } ip4_adl_allowlist_trace_t;
23 :
24 : /* packet trace format function */
25 0 : static u8 * format_ip4_adl_allowlist_trace (u8 * s, va_list * args)
26 : {
27 0 : CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
28 0 : CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
29 0 : ip4_adl_allowlist_trace_t * t = va_arg (*args, ip4_adl_allowlist_trace_t *);
30 :
31 0 : s = format (s, "IP4_ADL_ALLOWLIST: sw_if_index %d, next index %d",
32 : t->sw_if_index, t->next_index);
33 0 : return s;
34 : }
35 :
36 : #define foreach_ip4_adl_allowlist_error \
37 : _(ALLOWED, "ip4 allowlist allowed") \
38 : _(DROPPED, "ip4 allowlist dropped")
39 :
40 : typedef enum {
41 : #define _(sym,str) IP4_ADL_ALLOWLIST_ERROR_##sym,
42 : foreach_ip4_adl_allowlist_error
43 : #undef _
44 : IP4_ADL_ALLOWLIST_N_ERROR,
45 : } ip4_adl_allowlist_error_t;
46 :
47 : static char * ip4_adl_allowlist_error_strings[] = {
48 : #define _(sym,string) string,
49 : foreach_ip4_adl_allowlist_error
50 : #undef _
51 : };
52 :
53 576 : VLIB_NODE_FN (ip4_adl_allowlist_node) (vlib_main_t * vm,
54 : vlib_node_runtime_t * node,
55 : vlib_frame_t * frame)
56 : {
57 : u32 n_left_from, * from, * to_next;
58 : adl_feature_type_t next_index;
59 1 : adl_main_t *cm = &adl_main;
60 1 : vlib_combined_counter_main_t * vcm = &load_balance_main.lbm_via_counters;
61 1 : u32 thread_index = vm->thread_index;
62 : u32 allowed_packets;
63 :
64 1 : from = vlib_frame_vector_args (frame);
65 1 : n_left_from = frame->n_vectors;
66 1 : allowed_packets = n_left_from;
67 1 : next_index = node->cached_next_index;
68 :
69 2 : while (n_left_from > 0)
70 : {
71 : u32 n_left_to_next;
72 :
73 1 : vlib_get_next_frame (vm, node, next_index,
74 : to_next, n_left_to_next);
75 :
76 50 : while (n_left_from >= 4 && n_left_to_next >= 2)
77 : {
78 : u32 bi0, bi1;
79 : vlib_buffer_t * b0, * b1;
80 : u32 next0, next1;
81 : u32 sw_if_index0, sw_if_index1;
82 : ip4_header_t * ip0, * ip1;
83 : adl_config_main_t * ccm0, * ccm1;
84 : adl_config_data_t * c0, * c1;
85 : u32 lb_index0, lb_index1;
86 : const load_balance_t *lb0, *lb1;
87 : const dpo_id_t *dpo0, *dpo1;
88 :
89 : /* Prefetch next iteration. */
90 : {
91 : vlib_buffer_t *p2, *p3;
92 :
93 49 : p2 = vlib_get_buffer (vm, from[2]);
94 49 : p3 = vlib_get_buffer (vm, from[3]);
95 :
96 49 : vlib_prefetch_buffer_header (p2, LOAD);
97 49 : vlib_prefetch_buffer_header (p3, LOAD);
98 :
99 49 : clib_prefetch_store (p2->data);
100 49 : clib_prefetch_store (p3->data);
101 : }
102 :
103 : /* speculatively enqueue b0 and b1 to the current next frame */
104 49 : to_next[0] = bi0 = from[0];
105 49 : to_next[1] = bi1 = from[1];
106 49 : from += 2;
107 49 : to_next += 2;
108 49 : n_left_from -= 2;
109 49 : n_left_to_next -= 2;
110 :
111 49 : b0 = vlib_get_buffer (vm, bi0);
112 49 : sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
113 :
114 49 : ip0 = vlib_buffer_get_current (b0);
115 :
116 49 : ccm0 = cm->adl_config_mains + VNET_ADL_IP4;
117 :
118 49 : c0 = vnet_get_config_data (
119 49 : &ccm0->config_main, &adl_buffer (b0)->adl.current_config_index,
120 : &next0, sizeof (c0[0]));
121 :
122 : lb_index0 =
123 49 : ip4_fib_forwarding_lookup (c0->fib_index, &ip0->src_address);
124 :
125 49 : ASSERT (lb_index0
126 : == ip4_fib_table_lookup_lb (ip4_fib_get(c0->fib_index),
127 : &ip0->src_address));
128 49 : lb0 = load_balance_get (lb_index0);
129 49 : dpo0 = load_balance_get_bucket_i(lb0, 0);
130 :
131 49 : if (PREDICT_FALSE(dpo0->dpoi_type != DPO_RECEIVE))
132 : {
133 43 : b0->error = node->errors[IP4_ADL_ALLOWLIST_ERROR_DROPPED];
134 43 : allowed_packets--;
135 43 : next0 = RX_ADL_DROP;
136 : }
137 :
138 49 : b1 = vlib_get_buffer (vm, bi1);
139 49 : sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX];
140 :
141 49 : ip1 = vlib_buffer_get_current (b1);
142 :
143 49 : ccm1 = cm->adl_config_mains + VNET_ADL_IP4;
144 :
145 49 : c1 = vnet_get_config_data
146 : (&ccm1->config_main,
147 49 : &adl_buffer (b1)->adl.current_config_index,
148 : &next1,
149 : sizeof (c1[0]));
150 :
151 : lb_index1 =
152 49 : ip4_fib_forwarding_lookup (c1->fib_index, &ip1->src_address);
153 :
154 49 : ASSERT (lb_index1
155 : == ip4_fib_table_lookup_lb (ip4_fib_get(c1->fib_index),
156 : &ip1->src_address));
157 49 : lb1 = load_balance_get (lb_index1);
158 49 : dpo1 = load_balance_get_bucket_i(lb1, 0);
159 :
160 49 : vlib_increment_combined_counter
161 : (vcm, thread_index, lb_index0, 1,
162 49 : vlib_buffer_length_in_chain (vm, b0)
163 : + sizeof(ethernet_header_t));
164 :
165 49 : vlib_increment_combined_counter
166 : (vcm, thread_index, lb_index1, 1,
167 49 : vlib_buffer_length_in_chain (vm, b1)
168 : + sizeof(ethernet_header_t));
169 :
170 :
171 49 : if (PREDICT_FALSE(dpo1->dpoi_type != DPO_RECEIVE))
172 : {
173 44 : b1->error = node->errors[IP4_ADL_ALLOWLIST_ERROR_DROPPED];
174 44 : allowed_packets--;
175 44 : next1 = RX_ADL_DROP;
176 : }
177 :
178 49 : if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
179 : && (b0->flags & VLIB_BUFFER_IS_TRACED)))
180 : {
181 : ip4_adl_allowlist_trace_t *t =
182 0 : vlib_add_trace (vm, node, b0, sizeof (*t));
183 0 : t->sw_if_index = sw_if_index0;
184 0 : t->next_index = next0;
185 : }
186 :
187 49 : if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
188 : && (b1->flags & VLIB_BUFFER_IS_TRACED)))
189 : {
190 : ip4_adl_allowlist_trace_t *t =
191 0 : vlib_add_trace (vm, node, b1, sizeof (*t));
192 0 : t->sw_if_index = sw_if_index1;
193 0 : t->next_index = next1;
194 : }
195 :
196 : /* verify speculative enqueues, maybe switch current next frame */
197 49 : vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
198 : to_next, n_left_to_next,
199 : bi0, bi1, next0, next1);
200 : }
201 :
202 3 : while (n_left_from > 0 && n_left_to_next > 0)
203 : {
204 : u32 bi0;
205 : vlib_buffer_t * b0;
206 : u32 next0;
207 : u32 sw_if_index0;
208 : ip4_header_t * ip0;
209 : adl_config_main_t *ccm0;
210 : adl_config_data_t *c0;
211 : u32 lb_index0;
212 : const load_balance_t *lb0;
213 : const dpo_id_t *dpo0;
214 :
215 : /* speculatively enqueue b0 to the current next frame */
216 2 : bi0 = from[0];
217 2 : to_next[0] = bi0;
218 2 : from += 1;
219 2 : to_next += 1;
220 2 : n_left_from -= 1;
221 2 : n_left_to_next -= 1;
222 :
223 2 : b0 = vlib_get_buffer (vm, bi0);
224 2 : sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
225 :
226 2 : ip0 = vlib_buffer_get_current (b0);
227 :
228 2 : ccm0 = cm->adl_config_mains + VNET_ADL_IP4;
229 :
230 2 : c0 = vnet_get_config_data
231 : (&ccm0->config_main,
232 2 : &adl_buffer (b0)->adl.current_config_index,
233 : &next0,
234 : sizeof (c0[0]));
235 :
236 : lb_index0 =
237 2 : ip4_fib_forwarding_lookup (c0->fib_index, &ip0->src_address);
238 :
239 2 : ASSERT (lb_index0 ==
240 : ip4_fib_table_lookup_lb (ip4_fib_get (c0->fib_index),
241 : &ip0->src_address));
242 :
243 2 : lb0 = load_balance_get (lb_index0);
244 2 : dpo0 = load_balance_get_bucket_i(lb0, 0);
245 :
246 2 : vlib_increment_combined_counter
247 : (vcm, thread_index, lb_index0, 1,
248 2 : vlib_buffer_length_in_chain (vm, b0)
249 : + sizeof(ethernet_header_t));
250 :
251 2 : if (PREDICT_FALSE(dpo0->dpoi_type != DPO_RECEIVE))
252 : {
253 1 : b0->error = node->errors[IP4_ADL_ALLOWLIST_ERROR_DROPPED];
254 1 : allowed_packets--;
255 1 : next0 = RX_ADL_DROP;
256 : }
257 :
258 2 : if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
259 : && (b0->flags & VLIB_BUFFER_IS_TRACED)))
260 : {
261 : ip4_adl_allowlist_trace_t *t =
262 0 : vlib_add_trace (vm, node, b0, sizeof (*t));
263 0 : t->sw_if_index = sw_if_index0;
264 0 : t->next_index = next0;
265 : }
266 :
267 : /* verify speculative enqueue, maybe switch current next frame */
268 2 : vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
269 : to_next, n_left_to_next,
270 : bi0, next0);
271 : }
272 :
273 1 : vlib_put_next_frame (vm, node, next_index, n_left_to_next);
274 : }
275 :
276 1 : vlib_node_increment_counter (vm, node->node_index,
277 : IP4_ADL_ALLOWLIST_ERROR_ALLOWED,
278 : allowed_packets);
279 :
280 1 : return frame->n_vectors;
281 : }
282 :
283 173420 : VLIB_REGISTER_NODE (ip4_adl_allowlist_node) = {
284 : .name = "ip4-adl-allowlist",
285 : .vector_size = sizeof (u32),
286 : .format_trace = format_ip4_adl_allowlist_trace,
287 : .type = VLIB_NODE_TYPE_INTERNAL,
288 :
289 : .n_errors = ARRAY_LEN(ip4_adl_allowlist_error_strings),
290 : .error_strings = ip4_adl_allowlist_error_strings,
291 :
292 : .n_next_nodes = ADL_RX_N_FEATURES,
293 :
294 : /* edit / add dispositions here */
295 : .next_nodes = {
296 : [IP4_RX_ADL_ALLOWLIST] = "ip4-adl-allowlist",
297 : [IP6_RX_ADL_ALLOWLIST] = "ip6-adl-allowlist",
298 : [DEFAULT_RX_ADL_ALLOWLIST] = "default-adl-allowlist",
299 : [IP4_RX_ADL_INPUT] = "ip4-input",
300 : [IP6_RX_ADL_INPUT] = "ip6-input",
301 : [DEFAULT_RX_ADL_INPUT] = "ethernet-input",
302 : [RX_ADL_DROP] = "error-drop",
303 : },
304 : };
305 :
306 : static clib_error_t *
307 575 : ip4_allowlist_init (vlib_main_t * vm)
308 : {
309 575 : return 0;
310 : }
311 :
312 1151 : VLIB_INIT_FUNCTION (ip4_allowlist_init);
|
