2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * @brief A unicast RPF list.
17 * The uRPF list is the set of interfaces that a prefix can be reached through.
18 * There are 3 levels of RPF check:
19 * - do we have any route to the source (i.e. it's not drop)
20 * - did the packet arrive on an interface that the source is reachable through
21 * - did the packet arrive from a peer that the source is reachable through
22 * we don't support the last. But it could be done by storing adjs in the uPRF
23 * list rather than interface indices.
25 * these conditions are checked against the list by:
26 * - the list is not empty
27 * - there is an interface in the list that is on the input interface.
28 * - there is an adj in the list whose MAC address matches the packet's
29 * source MAC and input interface.
31 * To speed the last two checks the interface list only needs to have the unique
32 * interfaces present. If the uRPF check was instead implemented by forward
33 * walking the DPO chain, then that walk would encounter a great deal of
34 * non-adjacency objects (i.e. load-balances, mpls-labels, etc) and potentially
35 * the same adjacency many times (esp. when UCMP is used).
36 * To that end the uRPF list is a collapsed, unique interface only list.
39 #ifndef __FIB_URPF_LIST_H__
40 #define __FIB_URPF_LIST_H__
42 #include <vnet/fib/fib_types.h>
43 #include <vnet/adj/adj.h>
48 typedef enum fib_urpf_list_flag_t_
51 * @brief Set to indicated that the uRPF list has already been baked.
52 * This is protection against it being baked more than once. These
53 * are not chunky fries - once is enough.
55 FIB_URPF_LIST_BAKED = (1 << 0),
56 } fib_urpf_list_flag_t;
58 typedef struct fib_urpf_list_t_
61 * The list of interfaces that comprise the allowed accepting interfaces
63 adj_index_t *furpf_itfs;
68 fib_urpf_list_flag_t furpf_flags;
71 * uRPF lists are shared amongst many entries so we require a locking
77 extern index_t fib_urpf_list_alloc_and_lock(void);
78 extern void fib_urpf_list_unlock(index_t urpf);
79 extern void fib_urpf_list_lock(index_t urpf);
81 extern void fib_urpf_list_append(index_t urpf, adj_index_t adj);
82 extern void fib_urpf_list_combine(index_t urpf1, index_t urpf2);
84 extern void fib_urpf_list_bake(index_t urpf);
86 extern u8 *format_fib_urpf_list(u8 *s, va_list *ap);
88 extern void fib_urpf_list_show_mem(void);
91 * @brief pool of all fib_urpf_list
93 extern fib_urpf_list_t *fib_urpf_list_pool;
95 static inline fib_urpf_list_t *
96 fib_urpf_list_get (index_t index)
98 return (pool_elt_at_index(fib_urpf_list_pool, index));
102 * @brief Data-Plane function to check an input interface against an uRPF list
104 * @param ui The uRPF list index to check against. Get this from the load-balance
105 * object that is the result of the FIB lookup
106 * @param sw_if_index The SW interface index to validate
108 * @return 1 if the interface is found, 0 otherwise
111 fib_urpf_check (index_t ui, u32 sw_if_index)
113 fib_urpf_list_t *urpf;
116 urpf = fib_urpf_list_get(ui);
118 vec_foreach(swi, urpf->furpf_itfs)
120 if (*swi == sw_if_index)
128 * @brief Data-Plane function to check the size of an uRPF list, (i.e. the number
129 * of interfaces in the list).
131 * @param ui The uRPF list index to check against. Get this from the load-balance
132 * object that is the result of the FIB lookup
134 * @return the number of interfaces in the list
137 fib_urpf_check_size (index_t ui)
139 fib_urpf_list_t *urpf;
141 urpf = fib_urpf_list_get(ui);
143 return (vec_len(urpf->furpf_itfs));