2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip4_source_check.c: IP v4 check source address (unicast RPF check)
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <urpf/urpf.h>
41 #include <urpf/urpf_dp.h>
43 static char *ip6_urpf_error_strings[] = {
49 VLIB_NODE_FN (ip6_rx_urpf_loose) (vlib_main_t * vm,
50 vlib_node_runtime_t * node,
53 return (urpf_inline (vm, node, frame, AF_IP6, VLIB_RX, URPF_MODE_LOOSE));
56 VLIB_NODE_FN (ip6_rx_urpf_strict) (vlib_main_t * vm,
57 vlib_node_runtime_t * node,
60 return (urpf_inline (vm, node, frame, AF_IP6, VLIB_RX, URPF_MODE_STRICT));
63 VLIB_NODE_FN (ip6_tx_urpf_loose) (vlib_main_t * vm,
64 vlib_node_runtime_t * node,
67 return (urpf_inline (vm, node, frame, AF_IP6, VLIB_TX, URPF_MODE_LOOSE));
70 VLIB_NODE_FN (ip6_tx_urpf_strict) (vlib_main_t * vm,
71 vlib_node_runtime_t * node,
74 return (urpf_inline (vm, node, frame, AF_IP6, VLIB_TX, URPF_MODE_STRICT));
77 VLIB_REGISTER_NODE (ip6_rx_urpf_loose) = {
78 .name = "ip6-rx-urpf-loose",
79 .vector_size = sizeof (u32),
81 .n_next_nodes = URPF_N_NEXT,
83 [URPF_NEXT_DROP] = "ip6-drop",
85 .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
86 .error_strings = ip6_urpf_error_strings,
88 .format_buffer = format_ip6_header,
89 .format_trace = format_urpf_trace,
92 VLIB_REGISTER_NODE (ip6_rx_urpf_strict) = {
93 .name = "ip6-rx-urpf-strict",
94 .vector_size = sizeof (u32),
96 .n_next_nodes = URPF_N_NEXT,
98 [URPF_NEXT_DROP] = "ip6-drop",
100 .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
101 .error_strings = ip6_urpf_error_strings,
103 .format_buffer = format_ip6_header,
104 .format_trace = format_urpf_trace,
107 VLIB_REGISTER_NODE (ip6_tx_urpf_loose) = {
108 .name = "ip6-tx-urpf-loose",
109 .vector_size = sizeof (u32),
111 .n_next_nodes = URPF_N_NEXT,
113 [URPF_NEXT_DROP] = "ip6-drop",
115 .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
116 .error_strings = ip6_urpf_error_strings,
118 .format_buffer = format_ip6_header,
119 .format_trace = format_urpf_trace,
122 VLIB_REGISTER_NODE (ip6_tx_urpf_strict) = {
123 .name = "ip6-tx-urpf-strict",
124 .vector_size = sizeof (u32),
126 .n_next_nodes = URPF_N_NEXT,
128 [URPF_NEXT_DROP] = "ip6-drop",
130 .n_errors = ARRAY_LEN (ip6_urpf_error_strings),
131 .error_strings = ip6_urpf_error_strings,
133 .format_buffer = format_ip6_header,
134 .format_trace = format_urpf_trace,
137 VNET_FEATURE_INIT (ip6_rx_urpf_loose_feat, static) =
139 .arc_name = "ip6-unicast",
140 .node_name = "ip6-rx-urpf-loose",
141 .runs_before = VNET_FEATURES ("ip6-rx-urpf-strict"),
144 VNET_FEATURE_INIT (ip6_rx_urpf_strict_feat, static) =
146 .arc_name = "ip6-unicast",
147 .node_name = "ip6-rx-urpf-strict",
148 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
151 VNET_FEATURE_INIT (ip6_tx_urpf_loose_feat, static) =
153 .arc_name = "ip6-output",
154 .node_name = "ip6-tx-urpf-loose",
157 VNET_FEATURE_INIT (ip6_tx_urpf_strict_feat, static) =
159 .arc_name = "ip6-output",
160 .node_name = "ip6-tx-urpf-strict",
164 * fd.io coding-style-patch-verification: ON
167 * eval: (c-set-style "gnu")