2 * gbp.h : Group Based Policy
4 * Copyright (c) 2018 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <plugins/gbp/gbp_endpoint_group.h>
19 #include <plugins/gbp/gbp_endpoint.h>
20 #include <plugins/gbp/gbp_bridge_domain.h>
21 #include <plugins/gbp/gbp_route_domain.h>
23 #include <vnet/dpo/dvr_dpo.h>
24 #include <vnet/fib/fib_table.h>
25 #include <vnet/l2/l2_input.h>
28 * Pool of GBP endpoint_groups
30 gbp_endpoint_group_t *gbp_endpoint_group_pool;
33 * DB of endpoint_groups
35 gbp_endpoint_group_db_t gbp_endpoint_group_db;
40 uword *gbp_epg_sclass_db;
42 vlib_log_class_t gg_logger;
44 #define GBP_EPG_DBG(...) \
45 vlib_log_debug (gg_logger, __VA_ARGS__);
47 gbp_endpoint_group_t *
48 gbp_endpoint_group_get (index_t i)
50 return (pool_elt_at_index (gbp_endpoint_group_pool, i));
54 gbp_endpoint_group_lock (index_t i)
56 gbp_endpoint_group_t *gg;
58 gg = gbp_endpoint_group_get (i);
63 gbp_endpoint_group_find (epg_id_t epg_id)
67 p = hash_get (gbp_endpoint_group_db.gg_hash, epg_id);
72 return (INDEX_INVALID);
76 gbp_endpoint_group_add_and_lock (epg_id_t epg_id,
78 u32 bd_id, u32 rd_id, u32 uplink_sw_if_index)
80 gbp_endpoint_group_t *gg;
83 ggi = gbp_endpoint_group_find (epg_id);
85 if (INDEX_INVALID == ggi)
87 gbp_bridge_domain_t *gb;
88 fib_protocol_t fproto;
91 gbi = gbp_bridge_domain_find_and_lock (bd_id);
94 return (VNET_API_ERROR_BD_NOT_MODIFIABLE);
96 grdi = gbp_route_domain_find_and_lock (rd_id);
100 gbp_bridge_domain_unlock (gbi);
101 return (VNET_API_ERROR_NO_SUCH_FIB);
104 gb = gbp_bridge_domain_get (gbi);
106 pool_get_zero (gbp_endpoint_group_pool, gg);
111 gg->gg_bd_index = gb->gb_bd_index;
113 gg->gg_uplink_sw_if_index = uplink_sw_if_index;
115 gg->gg_sclass = sclass;
117 if (SCLASS_INVALID != gg->gg_sclass)
118 hash_set (gbp_epg_sclass_db, gg->gg_sclass, gg->gg_id);
121 * an egress DVR dpo for internal subnets to use when sending
122 * on the uplink interface
124 if (~0 != gg->gg_uplink_sw_if_index)
126 FOR_EACH_FIB_IP_PROTOCOL (fproto)
128 dvr_dpo_add_or_lock (uplink_sw_if_index,
129 fib_proto_to_dpo (fproto),
130 &gg->gg_dpo[fproto]);
134 * Add the uplink to the BD
135 * packets direct from the uplink have had policy applied
137 set_int_l2_mode (vlib_get_main (), vnet_get_main (),
138 MODE_L2_BRIDGE, gg->gg_uplink_sw_if_index,
139 gg->gg_bd_index, L2_BD_PORT_TYPE_NORMAL, 0, 0);
140 l2input_intf_bitmap_enable (gg->gg_uplink_sw_if_index,
141 L2INPUT_FEAT_GBP_NULL_CLASSIFY, 1);
144 hash_set (gbp_endpoint_group_db.gg_hash,
145 gg->gg_id, gg - gbp_endpoint_group_pool);
150 gg = gbp_endpoint_group_get (ggi);
154 GBP_EPG_DBG ("add: %U", format_gbp_endpoint_group, gg);
160 gbp_endpoint_group_unlock (index_t ggi)
162 gbp_endpoint_group_t *gg;
164 if (INDEX_INVALID == ggi)
167 gg = gbp_endpoint_group_get (ggi);
171 if (0 == gg->gg_locks)
173 fib_protocol_t fproto;
175 gg = pool_elt_at_index (gbp_endpoint_group_pool, ggi);
177 if (~0 != gg->gg_uplink_sw_if_index)
179 set_int_l2_mode (vlib_get_main (), vnet_get_main (),
180 MODE_L3, gg->gg_uplink_sw_if_index,
181 gg->gg_bd_index, L2_BD_PORT_TYPE_NORMAL, 0, 0);
183 l2input_intf_bitmap_enable (gg->gg_uplink_sw_if_index,
184 L2INPUT_FEAT_GBP_NULL_CLASSIFY, 0);
186 FOR_EACH_FIB_IP_PROTOCOL (fproto)
188 dpo_reset (&gg->gg_dpo[fproto]);
190 gbp_bridge_domain_unlock (gg->gg_gbd);
191 gbp_route_domain_unlock (gg->gg_rd);
193 if (SCLASS_INVALID != gg->gg_sclass)
194 hash_unset (gbp_epg_sclass_db, gg->gg_sclass);
195 hash_unset (gbp_endpoint_group_db.gg_hash, gg->gg_id);
197 pool_put (gbp_endpoint_group_pool, gg);
202 gbp_endpoint_group_delete (epg_id_t epg_id)
206 ggi = gbp_endpoint_group_find (epg_id);
208 if (INDEX_INVALID != ggi)
210 GBP_EPG_DBG ("del: %U", format_gbp_endpoint_group,
211 gbp_endpoint_group_get (ggi));
212 gbp_endpoint_group_unlock (ggi);
217 return (VNET_API_ERROR_NO_SUCH_ENTRY);
221 gbp_endpoint_group_get_bd_id (const gbp_endpoint_group_t * gg)
223 const gbp_bridge_domain_t *gb;
225 gb = gbp_bridge_domain_get (gg->gg_gbd);
227 return (gb->gb_bd_id);
231 gbp_endpoint_group_get_fib_index (const gbp_endpoint_group_t * gg,
232 fib_protocol_t fproto)
234 const gbp_route_domain_t *grd;
236 grd = gbp_route_domain_get (gg->gg_rd);
238 return (grd->grd_fib_index[fproto]);
242 gbp_endpoint_group_walk (gbp_endpoint_group_cb_t cb, void *ctx)
244 gbp_endpoint_group_t *gbpe;
247 pool_foreach(gbpe, gbp_endpoint_group_pool,
255 static clib_error_t *
256 gbp_endpoint_group_cli (vlib_main_t * vm,
257 unformat_input_t * input, vlib_cli_command_t * cmd)
259 epg_id_t epg_id = EPG_INVALID, sclass;
260 vnet_main_t *vnm = vnet_get_main ();
261 u32 uplink_sw_if_index = ~0;
266 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
268 if (unformat (input, "%U", unformat_vnet_sw_interface,
269 vnm, &uplink_sw_if_index))
271 else if (unformat (input, "add"))
273 else if (unformat (input, "del"))
275 else if (unformat (input, "epg %d", &epg_id))
277 else if (unformat (input, "sclass %d", &sclass))
279 else if (unformat (input, "bd %d", &bd_id))
281 else if (unformat (input, "rd %d", &rd_id))
287 if (EPG_INVALID == epg_id)
288 return clib_error_return (0, "EPG-ID must be specified");
292 if (~0 == uplink_sw_if_index)
293 return clib_error_return (0, "interface must be specified");
295 return clib_error_return (0, "Bridge-domain must be specified");
297 return clib_error_return (0, "route-domain must be specified");
299 gbp_endpoint_group_add_and_lock (epg_id, sclass, bd_id, rd_id,
303 gbp_endpoint_group_delete (epg_id);
309 * Configure a GBP Endpoint Group
312 * @cliexstart{set gbp endpoint-group [del] epg <ID> bd <ID> <interface>}
316 VLIB_CLI_COMMAND (gbp_endpoint_group_cli_node, static) = {
317 .path = "gbp endpoint-group",
318 .short_help = "gbp endpoint-group [del] epg <ID> bd <ID> rd <ID> <interface>",
319 .function = gbp_endpoint_group_cli,
323 format_gbp_endpoint_group (u8 * s, va_list * args)
325 gbp_endpoint_group_t *gg = va_arg (*args, gbp_endpoint_group_t*);
326 vnet_main_t *vnm = vnet_get_main ();
329 s = format (s, "%d, bd:[%d,%d], rd:[%d] uplink:%U locks:%d",
331 gbp_endpoint_group_get_bd_id(gg), gg->gg_bd_index,
333 format_vnet_sw_if_index_name, vnm, gg->gg_uplink_sw_if_index,
336 s = format (s, "NULL");
342 gbp_endpoint_group_show_one (gbp_endpoint_group_t *gg, void *ctx)
347 vlib_cli_output (vm, " %U",format_gbp_endpoint_group, gg);
352 static clib_error_t *
353 gbp_endpoint_group_show (vlib_main_t * vm,
354 unformat_input_t * input, vlib_cli_command_t * cmd)
356 vlib_cli_output (vm, "Endpoint-Groups:");
357 gbp_endpoint_group_walk (gbp_endpoint_group_show_one, vm);
364 * Show Group Based Policy Endpoint_Groups and derived information
367 * @cliexstart{show gbp endpoint_group}
371 VLIB_CLI_COMMAND (gbp_endpoint_group_show_node, static) = {
372 .path = "show gbp endpoint-group",
373 .short_help = "show gbp endpoint-group\n",
374 .function = gbp_endpoint_group_show,
378 static clib_error_t *
379 gbp_endpoint_group_init (vlib_main_t * vm)
381 gg_logger = vlib_log_register_class ("gbp", "epg");
386 VLIB_INIT_FUNCTION (gbp_endpoint_group_init);
389 * fd.io coding-style-patch-verification: ON
392 * eval: (c-set-style "gnu")