2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip4_source_check.c: IP v4 check source address (unicast RPF check)
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <urpf/urpf.h>
41 #include <urpf/urpf_dp.h>
43 static char *ip4_urpf_error_strings[] = {
49 VLIB_NODE_FN (ip4_rx_urpf_loose) (vlib_main_t * vm,
50 vlib_node_runtime_t * node,
53 return (urpf_inline (vm, node, frame, AF_IP4, VLIB_RX, URPF_MODE_LOOSE));
56 VLIB_NODE_FN (ip4_rx_urpf_strict) (vlib_main_t * vm,
57 vlib_node_runtime_t * node,
60 return (urpf_inline (vm, node, frame, AF_IP4, VLIB_RX, URPF_MODE_STRICT));
63 VLIB_NODE_FN (ip4_tx_urpf_loose) (vlib_main_t * vm,
64 vlib_node_runtime_t * node,
67 return (urpf_inline (vm, node, frame, AF_IP4, VLIB_TX, URPF_MODE_LOOSE));
70 VLIB_NODE_FN (ip4_tx_urpf_strict) (vlib_main_t * vm,
71 vlib_node_runtime_t * node,
74 return (urpf_inline (vm, node, frame, AF_IP4, VLIB_TX, URPF_MODE_STRICT));
78 VLIB_REGISTER_NODE (ip4_rx_urpf_loose) = {
79 .name = "ip4-rx-urpf-loose",
80 .vector_size = sizeof (u32),
82 .n_next_nodes = URPF_N_NEXT,
84 [URPF_NEXT_DROP] = "ip4-drop",
86 .n_errors = ARRAY_LEN (ip4_urpf_error_strings),
87 .error_strings = ip4_urpf_error_strings,
89 .format_buffer = format_ip4_header,
90 .format_trace = format_urpf_trace,
93 VLIB_REGISTER_NODE (ip4_rx_urpf_strict) = {
94 .name = "ip4-rx-urpf-strict",
95 .vector_size = sizeof (u32),
97 .n_next_nodes = URPF_N_NEXT,
99 [URPF_NEXT_DROP] = "ip4-drop",
101 .n_errors = ARRAY_LEN (ip4_urpf_error_strings),
102 .error_strings = ip4_urpf_error_strings,
104 .format_buffer = format_ip4_header,
105 .format_trace = format_urpf_trace,
108 VLIB_REGISTER_NODE (ip4_tx_urpf_loose) = {
109 .name = "ip4-tx-urpf-loose",
110 .vector_size = sizeof (u32),
112 .n_next_nodes = URPF_N_NEXT,
114 [URPF_NEXT_DROP] = "ip4-drop",
116 .n_errors = ARRAY_LEN (ip4_urpf_error_strings),
117 .error_strings = ip4_urpf_error_strings,
119 .format_buffer = format_ip4_header,
120 .format_trace = format_urpf_trace,
123 VLIB_REGISTER_NODE (ip4_tx_urpf_strict) = {
124 .name = "ip4-tx-urpf-strict",
125 .vector_size = sizeof (u32),
127 .n_next_nodes = URPF_N_NEXT,
129 [URPF_NEXT_DROP] = "ip4-drop",
131 .n_errors = ARRAY_LEN (ip4_urpf_error_strings),
132 .error_strings = ip4_urpf_error_strings,
134 .format_buffer = format_ip4_header,
135 .format_trace = format_urpf_trace,
138 VNET_FEATURE_INIT (ip4_rx_urpf_loose_feat, static) =
140 .arc_name = "ip4-unicast",
141 .node_name = "ip4-rx-urpf-loose",
142 .runs_before = VNET_FEATURES ("ip4-rx-urpf-strict"),
145 VNET_FEATURE_INIT (ip4_rx_urpf_strict_feat, static) =
147 .arc_name = "ip4-unicast",
148 .node_name = "ip4-rx-urpf-strict",
149 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
152 VNET_FEATURE_INIT (ip4_tx_urpf_loose_feat, static) =
154 .arc_name = "ip4-output",
155 .node_name = "ip4-tx-urpf-loose",
158 VNET_FEATURE_INIT (ip4_tx_urpf_strict_feat, static) =
160 .arc_name = "ip4-output",
161 .node_name = "ip4-tx-urpf-strict",
166 * fd.io coding-style-patch-verification: ON
169 * eval: (c-set-style "gnu")