Line data Source code
1 : /*
2 : * Copyright (c) 2017 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 :
16 : #include <stn/stn.h>
17 :
18 : #include <vnet/plugin/plugin.h>
19 : #include <vpp/app/version.h>
20 : #include <vnet/ip/format.h>
21 : #include <vnet/ip/punt.h>
22 : #include <vnet/ethernet/packet.h>
23 :
24 : stn_main_t stn_main;
25 : static vlib_node_registration_t stn_ip4_punt;
26 : static vlib_node_registration_t stn_ip6_punt;
27 :
28 : static u8 stn_hw_addr_local[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
29 : static u8 stn_hw_addr_dst[6] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x02};
30 :
31 : static ethernet_header_t stn_ip4_ethernet_header = {};
32 : static ethernet_header_t stn_ip6_ethernet_header = {};
33 :
34 : typedef struct {
35 : clib_bihash_kv_16_8_t kv;
36 : } stn_ip46_punt_trace_t;
37 :
38 : static u8 *
39 1 : format_stn_rule (u8 * s, va_list * args)
40 : {
41 1 : stn_rule_t *r = va_arg (*args, stn_rule_t *);
42 1 : stn_main_t *stn = &stn_main;
43 1 : u32 indent = format_get_indent (s);
44 1 : u32 node_index = ip46_address_is_ip4(&r->address)?stn_ip4_punt.index:stn_ip6_punt.index;
45 1 : vlib_node_t *next_node = vlib_get_next_node(vlib_get_main(), node_index, r->next_node_index);
46 1 : s = format (s, "rule_index: %d\n", r - stn->rules);
47 1 : s = format (s, "%Uaddress: %U\n", format_white_space, indent,
48 : format_ip46_address, &r->address, IP46_TYPE_ANY);
49 1 : s = format (s, "%Uiface: %U (%d)\n", format_white_space, indent,
50 : format_vnet_sw_if_index_name, vnet_get_main(), r->sw_if_index,
51 : r->sw_if_index);
52 1 : s = format (s, "%Unext_node: %s (%d)", format_white_space, indent,
53 : next_node->name, next_node->index);
54 1 : return s;
55 : }
56 :
57 : static_always_inline u8 *
58 0 : format_stn_ip46_punt_trace (u8 * s, va_list * args, u8 is_ipv4)
59 : {
60 0 : CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
61 0 : CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
62 0 : stn_ip46_punt_trace_t *t = va_arg (*args, stn_ip46_punt_trace_t *);
63 0 : u32 indent = format_get_indent (s);
64 :
65 0 : s = format (s, "dst_address: %U\n", format_ip46_address,
66 0 : (ip46_address_t *)t->kv.key, IP46_TYPE_ANY);
67 :
68 0 : if (t->kv.value == ~(0L))
69 : {
70 0 : s = format (s, "%Urule: none", format_white_space, indent);
71 : }
72 : else
73 : {
74 0 : s = format (s, "%Urule:\n%U%U", format_white_space, indent,
75 : format_white_space, indent + 2,
76 0 : format_stn_rule, &stn_main.rules[t->kv.value]);
77 : }
78 0 : return s;
79 : }
80 :
81 : typedef enum
82 : {
83 : STN_IP_PUNT_DROP,
84 : STN_IP_PUNT_N_NEXT,
85 : } stn_ip_punt_next_t;
86 :
87 : static_always_inline uword
88 0 : stn_ip46_punt_fn (vlib_main_t * vm,
89 : vlib_node_runtime_t * node,
90 : vlib_frame_t * frame,
91 : u8 is_ipv4)
92 : {
93 : u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
94 0 : stn_main_t *stn = &stn_main;
95 :
96 0 : from = vlib_frame_vector_args (frame);
97 0 : n_left_from = frame->n_vectors;
98 0 : next_index = node->cached_next_index;
99 :
100 0 : while (n_left_from > 0)
101 : {
102 0 : vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
103 :
104 : /* Single loop */
105 0 : while (n_left_from > 0 && n_left_to_next > 0)
106 : {
107 : u32 pi0;
108 : vlib_buffer_t *p0;
109 : clib_bihash_kv_16_8_t kv;
110 0 : u32 next0 = STN_IP_PUNT_DROP;
111 :
112 0 : pi0 = to_next[0] = from[0];
113 0 : from += 1;
114 0 : n_left_from -= 1;
115 0 : to_next += 1;
116 0 : n_left_to_next -= 1;
117 :
118 0 : p0 = vlib_get_buffer (vm, pi0);
119 :
120 0 : if (is_ipv4)
121 : {
122 0 : ip4_header_t *hdr = (ip4_header_t *) vlib_buffer_get_current(p0);
123 0 : ip46_address_set_ip4((ip46_address_t *)kv.key, &hdr->dst_address);
124 : }
125 : else
126 : {
127 0 : ip6_header_t *hdr = (ip6_header_t *) vlib_buffer_get_current(p0);
128 0 : kv.key[0] = hdr->dst_address.as_u64[0];
129 0 : kv.key[1] = hdr->dst_address.as_u64[1];
130 : }
131 :
132 0 : kv.value = ~(0L);
133 0 : clib_bihash_search_inline_16_8 (&stn->rule_by_address_table, &kv);
134 0 : if (kv.value != ~(0L))
135 : {
136 : ethernet_header_t *eth;
137 0 : stn_rule_t *r = &stn->rules[kv.value];
138 0 : vnet_buffer(p0)->sw_if_index[VLIB_TX] = r->sw_if_index;
139 0 : next0 = r->next_node_index;
140 0 : vlib_buffer_advance(p0, -sizeof(*eth));
141 0 : eth = (ethernet_header_t *) vlib_buffer_get_current(p0);
142 0 : if (is_ipv4)
143 0 : clib_memcpy_fast(eth, &stn_ip4_ethernet_header, sizeof(*eth));
144 : else
145 0 : clib_memcpy_fast(eth, &stn_ip6_ethernet_header, sizeof(*eth));
146 : }
147 : else
148 : {
149 0 : vnet_feature_next (&next0, p0);
150 : }
151 :
152 0 : if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
153 : {
154 : stn_ip46_punt_trace_t *tr =
155 0 : vlib_add_trace (vm, node, p0, sizeof (*tr));
156 0 : tr->kv = kv;
157 : }
158 :
159 0 : vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
160 : n_left_to_next, pi0, next0);
161 : }
162 0 : vlib_put_next_frame (vm, node, next_index, n_left_to_next);
163 : }
164 :
165 0 : return frame->n_vectors;
166 : }
167 :
168 :
169 : #define foreach_stn_ip_punt_error \
170 : _(NONE, "no error")
171 :
172 : typedef enum {
173 : #define _(sym,str) STN_IP_punt_ERROR_##sym,
174 : foreach_stn_ip_punt_error
175 : #undef _
176 : STN_IP_PUNT_N_ERROR,
177 : } ila_error_t;
178 :
179 : static char *stn_ip_punt_error_strings[] = {
180 : #define _(sym,string) string,
181 : foreach_stn_ip_punt_error
182 : #undef _
183 : };
184 :
185 : u8 *
186 0 : format_stn_ip6_punt_trace (u8 * s, va_list * args)
187 : {
188 0 : return format_stn_ip46_punt_trace (s, args, 0);
189 : }
190 :
191 : static uword
192 0 : stn_ip6_punt_fn (vlib_main_t * vm,
193 : vlib_node_runtime_t * node, vlib_frame_t * frame)
194 : {
195 0 : return stn_ip46_punt_fn(vm, node, frame, 0);
196 : }
197 :
198 : /** *INDENT-OFF* */
199 31103 : VLIB_REGISTER_NODE (stn_ip6_punt, static) =
200 : {
201 : .function = stn_ip6_punt_fn,
202 : .name = "stn-ip6-punt",
203 : .vector_size = sizeof (u32),
204 : .format_trace = format_stn_ip6_punt_trace,
205 : .n_errors = STN_IP_PUNT_N_ERROR,
206 : .error_strings = stn_ip_punt_error_strings,
207 : .n_next_nodes = STN_IP_PUNT_N_NEXT,
208 : .next_nodes =
209 : {
210 : [STN_IP_PUNT_DROP] = "error-drop"
211 : },
212 : };
213 13247 : VNET_FEATURE_INIT (stn_ip6_punt_feat_node, static) = {
214 : .arc_name = "ip6-punt",
215 : .node_name = "stn-ip6-punt",
216 : .runs_before = VNET_FEATURES("ip6-punt-redirect"),
217 : };
218 : /** *INDENT-ON* */
219 :
220 : u8 *
221 0 : format_stn_ip4_punt_trace (u8 * s, va_list * args)
222 : {
223 0 : return format_stn_ip46_punt_trace (s, args, 1);
224 : }
225 :
226 : static uword
227 0 : stn_ip4_punt_fn (vlib_main_t * vm,
228 : vlib_node_runtime_t * node, vlib_frame_t * frame)
229 : {
230 0 : return stn_ip46_punt_fn(vm, node, frame, 1);
231 : }
232 :
233 : /** *INDENT-OFF* */
234 31103 : VLIB_REGISTER_NODE (stn_ip4_punt, static) =
235 : {
236 : .function = stn_ip4_punt_fn,
237 : .name = "stn-ip4-punt",
238 : .vector_size = sizeof (u32),
239 : .format_trace = format_stn_ip4_punt_trace,
240 : .n_errors = STN_IP_PUNT_N_ERROR,
241 : .error_strings = stn_ip_punt_error_strings,
242 : .n_next_nodes = STN_IP_PUNT_N_NEXT,
243 : .next_nodes =
244 : {
245 : [STN_IP_PUNT_DROP] = "error-drop",
246 : },
247 : };
248 13247 : VNET_FEATURE_INIT (stn_ip4_punt_feat_node, static) = {
249 : .arc_name = "ip4-punt",
250 : .node_name = "stn-ip4-punt",
251 : .runs_before = VNET_FEATURES("ip4-punt-redirect"),
252 : };
253 : /** *INDENT-ON* */
254 :
255 : clib_error_t *
256 575 : stn_init (vlib_main_t * vm)
257 : {
258 575 : stn_main_t *stn = &stn_main;
259 575 : stn->rules = 0;
260 575 : clib_bihash_init_16_8(&stn->rule_by_address_table, "stn addresses",
261 : 1024, 1<<20);
262 :
263 575 : clib_memcpy_fast(stn_ip4_ethernet_header.dst_address, stn_hw_addr_dst, 6);
264 575 : clib_memcpy_fast(stn_ip4_ethernet_header.src_address, stn_hw_addr_local, 6);
265 575 : stn_ip4_ethernet_header.type = clib_host_to_net_u16(ETHERNET_TYPE_IP4);
266 :
267 575 : clib_memcpy_fast(stn_ip6_ethernet_header.dst_address, stn_hw_addr_dst, 6);
268 575 : clib_memcpy_fast(stn_ip6_ethernet_header.src_address, stn_hw_addr_local, 6);
269 575 : stn_ip6_ethernet_header.type = clib_host_to_net_u16(ETHERNET_TYPE_IP6);
270 :
271 575 : return stn_api_init (vm, stn);
272 :
273 : return NULL;
274 : }
275 :
276 1151 : VLIB_INIT_FUNCTION (stn_init);
277 :
278 : /* *INDENT-OFF* */
279 : VLIB_PLUGIN_REGISTER () = {
280 : .version = VPP_BUILD_VER,
281 : .description = "VPP Steals the NIC (STN) for Container Integration",
282 : };
283 : /* *INDENT-ON* */
284 :
285 4 : int stn_rule_add_del (stn_rule_add_del_args_t *args)
286 : {
287 4 : vnet_main_t *vnm = vnet_get_main();
288 4 : vlib_main_t *vm = vlib_get_main();
289 4 : stn_main_t *stn = &stn_main;
290 :
291 4 : stn_rule_t *r = NULL;
292 : clib_bihash_kv_16_8_t kv;
293 4 : kv.key[0] = args->address.as_u64[0];
294 4 : kv.key[1] = args->address.as_u64[1];
295 :
296 4 : if (clib_bihash_search_inline_16_8 (&stn->rule_by_address_table, &kv) == 0)
297 : {
298 2 : r = &stn->rules[kv.value];
299 : }
300 2 : else if (!args->del)
301 : {
302 2 : pool_get(stn->rules, r);
303 2 : kv.value = r - stn->rules;
304 2 : clib_bihash_add_del_16_8(&stn->rule_by_address_table, &kv, 1);
305 2 : r->address = args->address;
306 :
307 2 : stn->n_rules++;
308 2 : if (stn->n_rules == 1)
309 : {
310 2 : vnet_feature_enable_disable("ip6-punt", "stn-ip6-punt",
311 : 0, 1, 0, 0);
312 2 : vnet_feature_enable_disable("ip4-punt", "stn-ip4-punt",
313 : 0, 1, 0, 0);
314 :
315 2 : punt_reg_t pr = {
316 : .punt = {
317 : .l4 = {
318 : .af = AF_IP4,
319 : .port = ~0,
320 : .protocol = IP_PROTOCOL_UDP,
321 : },
322 : },
323 : .type = PUNT_TYPE_L4,
324 : };
325 2 : vnet_punt_add_del (vm, &pr, 1 /* is_add */);
326 2 : pr.punt.l4.af = AF_IP6;
327 2 : vnet_punt_add_del (vm, &pr, 1 /* is_add */);
328 2 : pr.punt.l4.protocol = IP_PROTOCOL_TCP;
329 2 : vnet_punt_add_del (vm, &pr, 1 /* is_add */);
330 2 : pr.punt.l4.af = AF_IP4;
331 2 : vnet_punt_add_del (vm, &pr, 1 /* is_add */);
332 : }
333 : }
334 :
335 4 : if (!args->del)
336 : {
337 : /* Getting output node and adding it as next */
338 : u32 output_node_index =
339 2 : vnet_tx_node_index_for_sw_interface(vnm, args->sw_if_index);
340 2 : u32 node_index = ip46_address_is_ip4(&args->address)?
341 2 : stn_ip4_punt.index : stn_ip6_punt.index;
342 :
343 2 : r->sw_if_index = args->sw_if_index;
344 2 : r->next_node_index =
345 2 : vlib_node_add_next(vm, node_index, output_node_index);
346 :
347 : /* enabling forwarding on the output node (might not be done since
348 : * it is unnumbered) */
349 2 : ip4_sw_interface_enable_disable(args->sw_if_index, 1);
350 2 : ip6_sw_interface_enable_disable(args->sw_if_index, 1);
351 : }
352 2 : else if (r)
353 : {
354 2 : clib_bihash_add_del_16_8(&stn->rule_by_address_table, &kv, 0);
355 2 : pool_put(stn->rules, r);
356 :
357 2 : stn->n_rules--;
358 2 : if (stn->n_rules == 0)
359 : {
360 2 : vnet_feature_enable_disable("ip6-punt", "stn-ip6-punt",
361 : 0, 0, 0, 0);
362 2 : vnet_feature_enable_disable("ip4-punt", "stn-ip4-punt",
363 : 0, 0, 0, 0);
364 : }
365 : }
366 : else
367 : {
368 0 : return VNET_API_ERROR_NO_SUCH_ENTRY;
369 : }
370 :
371 4 : return 0;
372 : }
373 :
374 : static clib_error_t *
375 1 : show_stn_rules_fn (vlib_main_t * vm,
376 : unformat_input_t * input, vlib_cli_command_t * cmd)
377 : {
378 1 : stn_main_t *stn = &stn_main;
379 1 : u8 *s = 0;
380 : stn_rule_t *rule;
381 2 : pool_foreach (rule, stn->rules) {
382 1 : s = format (s, "- %U\n", format_stn_rule, rule);
383 : }
384 :
385 1 : vlib_cli_output(vm, "%v", s);
386 :
387 1 : vec_free(s);
388 1 : return NULL;
389 : }
390 :
391 40319 : VLIB_CLI_COMMAND (show_stn_rules_command, static) =
392 : {
393 : .path = "show stn rules",
394 : .short_help = "",
395 : .function = show_stn_rules_fn,
396 : };
397 :
398 : static clib_error_t *
399 2 : stn_rule_fn (vlib_main_t * vm,
400 : unformat_input_t * input, vlib_cli_command_t * cmd)
401 : {
402 2 : unformat_input_t _line_input, *line_input = &_line_input;
403 2 : clib_error_t *error = 0;
404 2 : stn_rule_add_del_args_t args = {};
405 2 : u8 got_addr = 0;
406 2 : u8 got_iface = 0;
407 : int ret;
408 :
409 2 : if (!unformat_user (input, unformat_line_input, line_input))
410 0 : return 0;
411 :
412 7 : while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
413 : {
414 5 : if (unformat (line_input, "address %U", unformat_ip46_address,
415 : &args.address, IP46_TYPE_ANY))
416 2 : got_addr = 1;
417 3 : else if (unformat
418 : (line_input, "interface %U", unformat_vnet_sw_interface,
419 : vnet_get_main(), &args.sw_if_index))
420 2 : got_iface = 1;
421 1 : else if (unformat (line_input, "del"))
422 1 : args.del = 1;
423 : else
424 : {
425 0 : error = clib_error_return (0, "parse error: '%U'",
426 : format_unformat_error, line_input);
427 0 : goto done;
428 : }
429 : }
430 :
431 2 : if (!got_addr)
432 : {
433 0 : error = clib_error_return (0, "Missing address");
434 0 : goto done;
435 : }
436 :
437 2 : if (!got_iface)
438 : {
439 0 : error = clib_error_return (0, "Missing interface");
440 0 : goto done;
441 : }
442 :
443 2 : if ((ret = stn_rule_add_del (&args)))
444 : {
445 0 : error = clib_error_return (0, "stn_rule_add_del returned error %d", ret);
446 0 : goto done;
447 : }
448 :
449 2 : done:
450 2 : unformat_free (line_input);
451 2 : return error;
452 : }
453 :
454 40319 : VLIB_CLI_COMMAND (stn_rule_command, static) =
455 : {
456 : .path = "stn rule",
457 : .short_help = "address <addr> interface <iface> [del]",
458 : .function = stn_rule_fn,
459 : };
|
