2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #ifndef __GBP_CONTRACT_H__
17 #define __GBP_CONTRACT_H__
19 #include <plugins/gbp/gbp_types.h>
21 #define foreach_gbp_policy_error \
22 _(ALLOW_NO_SCLASS, "allow-no-sclass") \
23 _(ALLOW_INTRA, "allow-intra-sclass") \
24 _(ALLOW_A_BIT, "allow-a-bit-set") \
25 _(ALLOW_SCLASS_1, "allow-sclass-1") \
26 _(ALLOW_CONTRACT, "allow-contract") \
27 _(DROP_CONTRACT, "drop-contract") \
28 _(DROP_ETHER_TYPE, "drop-ether-type") \
29 _(DROP_NO_CONTRACT, "drop-no-contract") \
30 _(DROP_NO_DCLASS, "drop-no-dclass")
33 * The key for an Contract
35 typedef struct gbp_contract_key_t_
41 gbp_scope_t gck_scope;
43 * source and destination EPGs for which the ACL applies
52 typedef struct gbp_next_hop_t_
55 ip46_address_t gnh_ip;
56 mac_address_t gnh_mac;
62 index_t gnh_ai[FIB_PROTOCOL_IP_MAX];
65 #define foreach_gbp_hash_mode \
68 _(SYMMETRIC, "symmetric")
70 typedef enum gbp_hash_mode_t_
72 #define _(v,s) GBP_HASH_MODE_##v,
77 #define foreach_gbp_rule_action \
80 _(REDIRECT, "redirect")
82 typedef enum gbp_rule_action_t_
84 #define _(v,s) GBP_RULE_##v,
85 foreach_gbp_rule_action
89 #define foreach_gbp_policy_node \
94 typedef enum gbp_policy_node_t_
96 #define _(v,s) GBP_POLICY_NODE_##v,
97 foreach_gbp_policy_node
100 #define GBP_POLICY_N_NODES (GBP_POLICY_NODE_IP6+1)
102 #define FOR_EACH_GBP_POLICY_NODE(pnode) \
103 for (pnode = GBP_POLICY_NODE_L2; pnode < GBP_POLICY_N_NODES; pnode++)
105 typedef struct gbp_rule_t_
107 gbp_rule_action_t gu_action;
108 gbp_hash_mode_t gu_hash_mode;
112 * DPO of the load-balance object used to redirect
114 dpo_id_t gu_dpo[GBP_POLICY_N_NODES][FIB_PROTOCOL_IP_MAX];
118 * A Group Based Policy Contract.
119 * Determines the ACL that applies to traffic pass between two endpoint groups
121 typedef struct gbp_contract_t_
124 * source and destination EPGs
126 gbp_contract_key_t gc_key;
132 * The ACL to apply for packets from the source to the destination EPG
137 * An ethertype whitelist
139 u16 *gc_allowed_ethertypes;
143 * EPG src,dst pair to ACL mapping table, aka contract DB
145 typedef struct gbp_contract_db_t_
148 * We can form a u64 key from the pair, so use a simple hash table
153 extern int gbp_contract_update (gbp_scope_t scope,
158 u16 * allowed_ethertypes, u32 * stats_index);
159 extern int gbp_contract_delete (gbp_scope_t scope, sclass_t sclass,
162 extern index_t gbp_rule_alloc (gbp_rule_action_t action,
163 gbp_hash_mode_t hash_mode, index_t * nhs);
164 extern index_t gbp_next_hop_alloc (const ip46_address_t * ip,
166 const mac_address_t * mac, index_t gbd);
168 typedef int (*gbp_contract_cb_t) (gbp_contract_t * gbpe, void *ctx);
169 extern void gbp_contract_walk (gbp_contract_cb_t bgpe, void *ctx);
171 extern u8 *format_gbp_contract (u8 * s, va_list * args);
174 * DP functions and databases
176 extern gbp_contract_db_t gbp_contract_db;
178 always_inline index_t
179 gbp_contract_find (gbp_contract_key_t * key)
183 p = hash_get (gbp_contract_db.gc_hash, key->as_u64);
188 return (INDEX_INVALID);
191 extern gbp_contract_t *gbp_contract_pool;
193 always_inline gbp_contract_t *
194 gbp_contract_get (index_t gci)
196 return (pool_elt_at_index (gbp_contract_pool, gci));
199 extern gbp_rule_t *gbp_rule_pool;
201 always_inline gbp_rule_t *
202 gbp_rule_get (index_t gui)
204 return (pool_elt_at_index (gbp_rule_pool, gui));
207 extern vlib_combined_counter_main_t gbp_contract_permit_counters;
208 extern vlib_combined_counter_main_t gbp_contract_drop_counters;
213 * fd.io coding-style-patch-verification: ON
216 * eval: (c-set-style "gnu")