Line data Source code
1 : /*
2 : * Copyright (c) 2015 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : /*
16 : * ip/ip4_source_check.c: IP v4 check source address (unicast RPF check)
17 : *
18 : * Copyright (c) 2008 Eliot Dresselhaus
19 : *
20 : * Permission is hereby granted, free of charge, to any person obtaining
21 : * a copy of this software and associated documentation files (the
22 : * "Software"), to deal in the Software without restriction, including
23 : * without limitation the rights to use, copy, modify, merge, publish,
24 : * distribute, sublicense, and/or sell copies of the Software, and to
25 : * permit persons to whom the Software is furnished to do so, subject to
26 : * the following conditions:
27 : *
28 : * The above copyright notice and this permission notice shall be
29 : * included in all copies or substantial portions of the Software.
30 : *
31 : * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 : * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 : * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 : * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 : * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 : * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 : * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
38 : */
39 :
40 : #include <urpf/urpf.h>
41 : #include <urpf/urpf_dp.h>
42 :
43 : static char *ip6_urpf_error_strings[] = {
44 : #define _(a, b) b,
45 : foreach_urpf_error
46 : #undef _
47 : };
48 :
49 2239 : VLIB_NODE_FN (ip6_rx_urpf_loose) (vlib_main_t * vm,
50 : vlib_node_runtime_t * node,
51 : vlib_frame_t * frame)
52 : {
53 3 : return (urpf_inline (vm, node, frame, AF_IP6, VLIB_RX, URPF_MODE_LOOSE));
54 : }
55 :
56 2239 : VLIB_NODE_FN (ip6_rx_urpf_strict) (vlib_main_t * vm,
57 : vlib_node_runtime_t * node,
58 : vlib_frame_t * frame)
59 : {
60 3 : return (urpf_inline (vm, node, frame, AF_IP6, VLIB_RX, URPF_MODE_STRICT));
61 : }
62 :
63 2239 : VLIB_NODE_FN (ip6_tx_urpf_loose) (vlib_main_t * vm,
64 : vlib_node_runtime_t * node,
65 : vlib_frame_t * frame)
66 : {
67 3 : return (urpf_inline (vm, node, frame, AF_IP6, VLIB_TX, URPF_MODE_LOOSE));
68 : }
69 :
70 2240 : VLIB_NODE_FN (ip6_tx_urpf_strict) (vlib_main_t * vm,
71 : vlib_node_runtime_t * node,
72 : vlib_frame_t * frame)
73 : {
74 4 : return (urpf_inline (vm, node, frame, AF_IP6, VLIB_TX, URPF_MODE_STRICT));
75 : }
76 :
77 : /* *INDENT-OFF* */
78 19039 : VLIB_REGISTER_NODE (ip6_rx_urpf_loose) = {
79 : .name = "ip6-rx-urpf-loose",
80 : .vector_size = sizeof (u32),
81 :
82 : .n_next_nodes = URPF_N_NEXT,
83 : .next_nodes = {
84 : [URPF_NEXT_DROP] = "ip6-drop",
85 : },
86 : .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
87 : .error_strings = ip6_urpf_error_strings,
88 :
89 : .format_buffer = format_ip6_header,
90 : .format_trace = format_urpf_trace,
91 : };
92 :
93 19039 : VLIB_REGISTER_NODE (ip6_rx_urpf_strict) = {
94 : .name = "ip6-rx-urpf-strict",
95 : .vector_size = sizeof (u32),
96 :
97 : .n_next_nodes = URPF_N_NEXT,
98 : .next_nodes = {
99 : [URPF_NEXT_DROP] = "ip6-drop",
100 : },
101 : .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
102 : .error_strings = ip6_urpf_error_strings,
103 :
104 : .format_buffer = format_ip6_header,
105 : .format_trace = format_urpf_trace,
106 : };
107 :
108 19039 : VLIB_REGISTER_NODE (ip6_tx_urpf_loose) = {
109 : .name = "ip6-tx-urpf-loose",
110 : .vector_size = sizeof (u32),
111 :
112 : .n_next_nodes = URPF_N_NEXT,
113 : .next_nodes = {
114 : [URPF_NEXT_DROP] = "ip6-drop",
115 : },
116 : .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
117 : .error_strings = ip6_urpf_error_strings,
118 :
119 : .format_buffer = format_ip6_header,
120 : .format_trace = format_urpf_trace,
121 : };
122 :
123 19039 : VLIB_REGISTER_NODE (ip6_tx_urpf_strict) = {
124 : .name = "ip6-tx-urpf-strict",
125 : .vector_size = sizeof (u32),
126 :
127 : .n_next_nodes = URPF_N_NEXT,
128 : .next_nodes = {
129 : [URPF_NEXT_DROP] = "ip6-drop",
130 : },
131 : .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
132 : .error_strings = ip6_urpf_error_strings,
133 :
134 : .format_buffer = format_ip6_header,
135 : .format_trace = format_urpf_trace,
136 : };
137 :
138 3919 : VNET_FEATURE_INIT (ip6_rx_urpf_loose_feat, static) =
139 : {
140 : .arc_name = "ip6-unicast",
141 : .node_name = "ip6-rx-urpf-loose",
142 : .runs_before = VNET_FEATURES ("ip6-rx-urpf-strict"),
143 : };
144 :
145 3919 : VNET_FEATURE_INIT (ip6_rx_urpf_strict_feat, static) =
146 : {
147 : .arc_name = "ip6-unicast",
148 : .node_name = "ip6-rx-urpf-strict",
149 : .runs_before = VNET_FEATURES ("ip6-policer-classify"),
150 : };
151 :
152 3919 : VNET_FEATURE_INIT (ip6_tx_urpf_loose_feat, static) =
153 : {
154 : .arc_name = "ip6-output",
155 : .node_name = "ip6-tx-urpf-loose",
156 : };
157 :
158 3919 : VNET_FEATURE_INIT (ip6_tx_urpf_strict_feat, static) =
159 : {
160 : .arc_name = "ip6-output",
161 : .node_name = "ip6-tx-urpf-strict",
162 : };
163 : /* *INDENT-ON* */
164 :
165 : /*
166 : * fd.io coding-style-patch-verification: ON
167 : *
168 : * Local Variables:
169 : * eval: (c-set-style "gnu")
170 : * End:
171 : */
|
