2 * gbp.h : Group Based Policy
4 * Copyright (c) 2018 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <plugins/gbp/gbp_endpoint_group.h>
19 #include <plugins/gbp/gbp_endpoint.h>
20 #include <plugins/gbp/gbp_bridge_domain.h>
21 #include <plugins/gbp/gbp_route_domain.h>
22 #include <plugins/gbp/gbp_itf.h>
24 #include <vnet/dpo/dvr_dpo.h>
25 #include <vnet/fib/fib_table.h>
26 #include <vnet/l2/l2_input.h>
29 * Pool of GBP endpoint_groups
31 gbp_endpoint_group_t *gbp_endpoint_group_pool;
34 * DB of endpoint_groups
36 gbp_endpoint_group_db_t gbp_endpoint_group_db;
41 uword *gbp_epg_sclass_db;
43 vlib_log_class_t gg_logger;
45 #define GBP_EPG_DBG(...) \
46 vlib_log_debug (gg_logger, __VA_ARGS__);
48 gbp_endpoint_group_t *
49 gbp_endpoint_group_get (index_t i)
51 return (pool_elt_at_index (gbp_endpoint_group_pool, i));
55 gbp_endpoint_group_lock (index_t ggi)
57 gbp_endpoint_group_t *gg;
59 if (INDEX_INVALID == ggi)
62 gg = gbp_endpoint_group_get (ggi);
67 gbp_endpoint_group_find (sclass_t sclass)
71 p = hash_get (gbp_endpoint_group_db.gg_hash_sclass, sclass);
76 return (INDEX_INVALID);
80 gbp_endpoint_group_add_and_lock (vnid_t vnid,
84 u32 uplink_sw_if_index,
85 const gbp_endpoint_retention_t * retention)
87 gbp_endpoint_group_t *gg;
90 ggi = gbp_endpoint_group_find (sclass);
92 if (INDEX_INVALID == ggi)
94 fib_protocol_t fproto;
97 gbi = gbp_bridge_domain_find_and_lock (bd_id);
100 return (VNET_API_ERROR_BD_NOT_MODIFIABLE);
102 grdi = gbp_route_domain_find_and_lock (rd_id);
106 gbp_bridge_domain_unlock (gbi);
107 return (VNET_API_ERROR_NO_SUCH_FIB);
110 pool_get_zero (gbp_endpoint_group_pool, gg);
116 gg->gg_uplink_sw_if_index = uplink_sw_if_index;
117 gbp_itf_hdl_reset (&gg->gg_uplink_itf);
119 gg->gg_sclass = sclass;
120 gg->gg_retention = *retention;
122 if (SCLASS_INVALID != gg->gg_sclass)
123 hash_set (gbp_epg_sclass_db, gg->gg_sclass, gg->gg_vnid);
126 * an egress DVR dpo for internal subnets to use when sending
127 * on the uplink interface
129 if (~0 != gg->gg_uplink_sw_if_index)
131 FOR_EACH_FIB_IP_PROTOCOL (fproto)
133 dvr_dpo_add_or_lock (uplink_sw_if_index,
134 fib_proto_to_dpo (fproto),
135 &gg->gg_dpo[fproto]);
139 * Add the uplink to the BD
140 * packets direct from the uplink have had policy applied
143 gbp_itf_l2_add_and_lock (gg->gg_uplink_sw_if_index, gbi);
145 gbp_itf_l2_set_input_feature (gg->gg_uplink_itf,
146 L2INPUT_FEAT_GBP_NULL_CLASSIFY);
149 hash_set (gbp_endpoint_group_db.gg_hash_sclass,
150 gg->gg_sclass, gg - gbp_endpoint_group_pool);
154 gg = gbp_endpoint_group_get (ggi);
158 GBP_EPG_DBG ("add: %U", format_gbp_endpoint_group, gg);
164 gbp_endpoint_group_unlock (index_t ggi)
166 gbp_endpoint_group_t *gg;
168 if (INDEX_INVALID == ggi)
171 gg = gbp_endpoint_group_get (ggi);
175 if (0 == gg->gg_locks)
177 fib_protocol_t fproto;
179 gg = pool_elt_at_index (gbp_endpoint_group_pool, ggi);
181 gbp_itf_unlock (&gg->gg_uplink_itf);
183 FOR_EACH_FIB_IP_PROTOCOL (fproto)
185 dpo_reset (&gg->gg_dpo[fproto]);
187 gbp_bridge_domain_unlock (gg->gg_gbd);
188 gbp_route_domain_unlock (gg->gg_rd);
190 if (SCLASS_INVALID != gg->gg_sclass)
191 hash_unset (gbp_epg_sclass_db, gg->gg_sclass);
192 hash_unset (gbp_endpoint_group_db.gg_hash_sclass, gg->gg_sclass);
194 pool_put (gbp_endpoint_group_pool, gg);
199 gbp_endpoint_group_delete (sclass_t sclass)
203 ggi = gbp_endpoint_group_find (sclass);
205 if (INDEX_INVALID != ggi)
207 GBP_EPG_DBG ("del: %U", format_gbp_endpoint_group,
208 gbp_endpoint_group_get (ggi));
209 gbp_endpoint_group_unlock (ggi);
214 return (VNET_API_ERROR_NO_SUCH_ENTRY);
218 gbp_endpoint_group_get_bd_id (const gbp_endpoint_group_t * gg)
220 const gbp_bridge_domain_t *gb;
222 gb = gbp_bridge_domain_get (gg->gg_gbd);
224 return (gb->gb_bd_id);
228 gbp_endpoint_group_get_fib_index (const gbp_endpoint_group_t * gg,
229 fib_protocol_t fproto)
231 const gbp_route_domain_t *grd;
233 grd = gbp_route_domain_get (gg->gg_rd);
235 return (grd->grd_fib_index[fproto]);
239 gbp_endpoint_group_walk (gbp_endpoint_group_cb_t cb, void *ctx)
241 gbp_endpoint_group_t *gbpe;
244 pool_foreach(gbpe, gbp_endpoint_group_pool,
252 static clib_error_t *
253 gbp_endpoint_group_cli (vlib_main_t * vm,
254 unformat_input_t * input, vlib_cli_command_t * cmd)
256 gbp_endpoint_retention_t retention = { 0 };
257 vnid_t vnid = VNID_INVALID, sclass;
258 vnet_main_t *vnm = vnet_get_main ();
259 u32 uplink_sw_if_index = ~0;
264 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
266 if (unformat (input, "%U", unformat_vnet_sw_interface,
267 vnm, &uplink_sw_if_index))
269 else if (unformat (input, "add"))
271 else if (unformat (input, "del"))
273 else if (unformat (input, "epg %d", &vnid))
275 else if (unformat (input, "sclass %d", &sclass))
277 else if (unformat (input, "bd %d", &bd_id))
279 else if (unformat (input, "rd %d", &rd_id))
285 if (VNID_INVALID == vnid)
286 return clib_error_return (0, "EPG-ID must be specified");
291 return clib_error_return (0, "Bridge-domain must be specified");
293 return clib_error_return (0, "route-domain must be specified");
295 gbp_endpoint_group_add_and_lock (vnid, sclass, bd_id, rd_id,
296 uplink_sw_if_index, &retention);
299 gbp_endpoint_group_delete (vnid);
305 * Configure a GBP Endpoint Group
308 * @cliexstart{gbp endpoint-group [del] epg <ID> bd <ID> rd <ID> [sclass <ID>] [<interface>]}
312 VLIB_CLI_COMMAND (gbp_endpoint_group_cli_node, static) = {
313 .path = "gbp endpoint-group",
314 .short_help = "gbp endpoint-group [del] epg <ID> bd <ID> rd <ID> [sclass <ID>] [<interface>]",
315 .function = gbp_endpoint_group_cli,
319 format_gbp_endpoint_retention (u8 * s, va_list * args)
321 gbp_endpoint_retention_t *rt = va_arg (*args, gbp_endpoint_retention_t*);
323 s = format (s, "[remote-EP-timeout:%d]", rt->remote_ep_timeout);
329 format_gbp_endpoint_group (u8 * s, va_list * args)
331 gbp_endpoint_group_t *gg = va_arg (*args, gbp_endpoint_group_t*);
334 s = format (s, "[%d] %d, sclass:%d bd:%d rd:%d uplink:%U retention:%U locks:%d",
335 gg - gbp_endpoint_group_pool,
340 format_gbp_itf_hdl, gg->gg_uplink_itf,
341 format_gbp_endpoint_retention, &gg->gg_retention,
344 s = format (s, "NULL");
350 gbp_endpoint_group_show_one (gbp_endpoint_group_t *gg, void *ctx)
355 vlib_cli_output (vm, " %U",format_gbp_endpoint_group, gg);
360 static clib_error_t *
361 gbp_endpoint_group_show (vlib_main_t * vm,
362 unformat_input_t * input, vlib_cli_command_t * cmd)
364 vlib_cli_output (vm, "Endpoint-Groups:");
365 gbp_endpoint_group_walk (gbp_endpoint_group_show_one, vm);
372 * Show Group Based Policy Endpoint_Groups and derived information
375 * @cliexstart{show gbp endpoint_group}
379 VLIB_CLI_COMMAND (gbp_endpoint_group_show_node, static) = {
380 .path = "show gbp endpoint-group",
381 .short_help = "show gbp endpoint-group\n",
382 .function = gbp_endpoint_group_show,
386 static clib_error_t *
387 gbp_endpoint_group_init (vlib_main_t * vm)
389 gg_logger = vlib_log_register_class ("gbp", "epg");
394 VLIB_INIT_FUNCTION (gbp_endpoint_group_init);
397 * fd.io coding-style-patch-verification: ON
400 * eval: (c-set-style "gnu")