2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/ip/ip.h>
17 #include <vnet/ip/ip_punt_drop.h>
18 #include <vnet/policer/policer.h>
19 #include <vnet/policer/police_inlines.h>
22 VNET_FEATURE_ARC_INIT (ip4_punt) =
24 .arc_name = "ip4-punt",
25 .start_nodes = VNET_FEATURES ("ip4-punt"),
28 VNET_FEATURE_ARC_INIT (ip4_drop) =
30 .arc_name = "ip4-drop",
31 .start_nodes = VNET_FEATURES ("ip4-drop", "ip4-not-enabled"),
35 extern ip_punt_policer_t ip4_punt_policer_cfg;
36 extern ip_punt_redirect_t ip4_punt_redirect_cfg;
37 extern ip_punt_redirect_rx_t uninit_rx_redirect;
39 #ifndef CLIB_MARCH_VARIANT
41 format_ip_punt_policer_trace (u8 * s, va_list * args)
43 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
44 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
45 ip_punt_policer_trace_t *t = va_arg (*args, ip_punt_policer_trace_t *);
47 s = format (s, "policer_index %d next %d", t->policer_index, t->next);
51 ip_punt_policer_t ip4_punt_policer_cfg = {
54 #endif /* CLIB_MARCH_VARIANT */
56 static char *ip4_punt_policer_error_strings[] = {
57 #define _(sym,string) string,
58 foreach_ip_punt_policer_error
62 VLIB_NODE_FN (ip4_punt_policer_node) (vlib_main_t * vm,
63 vlib_node_runtime_t * node,
66 return (ip_punt_policer (vm, node, frame,
67 vnet_feat_arc_ip4_punt.feature_arc_index,
68 ip4_punt_policer_cfg.policer_index));
72 VLIB_REGISTER_NODE (ip4_punt_policer_node) = {
73 .name = "ip4-punt-policer",
74 .vector_size = sizeof (u32),
75 .n_next_nodes = IP_PUNT_POLICER_N_NEXT,
76 .format_trace = format_ip_punt_policer_trace,
77 .n_errors = ARRAY_LEN(ip4_punt_policer_error_strings),
78 .error_strings = ip4_punt_policer_error_strings,
81 [IP_PUNT_POLICER_NEXT_DROP] = "ip4-drop",
85 VNET_FEATURE_INIT (ip4_punt_policer_node) = {
86 .arc_name = "ip4-punt",
87 .node_name = "ip4-punt-policer",
88 .runs_before = VNET_FEATURES("ip4-punt-redirect"),
92 #ifndef CLIB_MARCH_VARIANT
94 format_ip_punt_redirect_trace (u8 * s, va_list * args)
96 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
97 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
98 ip_punt_redirect_trace_t *t = va_arg (*args, ip_punt_redirect_trace_t *);
99 vnet_main_t *vnm = vnet_get_main ();
100 vnet_sw_interface_t *si;
102 si = vnet_get_sw_interface_safe (vnm, t->redirect.tx_sw_if_index);
105 s = format (s, "via %U on %U using adj:%d",
106 format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY,
107 format_vnet_sw_interface_name, vnm, si,
108 t->redirect.adj_index);
110 s = format (s, "via %U on %d using adj:%d",
111 format_ip46_address, &t->redirect.nh, IP46_TYPE_ANY,
112 t->redirect.tx_sw_if_index, t->redirect.adj_index);
118 ip_punt_redirect_t ip4_punt_redirect_cfg = {
119 .any_rx_sw_if_index = {
120 .tx_sw_if_index = ~0,
121 .adj_index = ADJ_INDEX_INVALID,
125 #endif /* CLIB_MARCH_VARIANT */
128 #define foreach_ip4_punt_redirect_error \
129 _(DROP, "ip4 punt redirect drop")
133 #define _(sym,str) IP4_PUNT_REDIRECT_ERROR_##sym,
134 foreach_ip4_punt_redirect_error
136 IP4_PUNT_REDIRECT_N_ERROR,
137 } ip4_punt_redirect_error_t;
139 static char *ip4_punt_redirect_error_strings[] = {
140 #define _(sym,string) string,
141 foreach_ip4_punt_redirect_error
145 VLIB_NODE_FN (ip4_punt_redirect_node) (vlib_main_t * vm,
146 vlib_node_runtime_t * node,
147 vlib_frame_t * frame)
149 return (ip_punt_redirect (vm, node, frame,
150 vnet_feat_arc_ip4_punt.feature_arc_index,
151 &ip4_punt_redirect_cfg));
155 VLIB_REGISTER_NODE (ip4_punt_redirect_node) = {
156 .name = "ip4-punt-redirect",
157 .vector_size = sizeof (u32),
158 .n_next_nodes = IP_PUNT_REDIRECT_N_NEXT,
159 .format_trace = format_ip_punt_redirect_trace,
160 .n_errors = ARRAY_LEN(ip4_punt_redirect_error_strings),
161 .error_strings = ip4_punt_redirect_error_strings,
163 /* edit / add dispositions here */
165 [IP_PUNT_REDIRECT_NEXT_DROP] = "ip4-drop",
166 [IP_PUNT_REDIRECT_NEXT_TX] = "ip4-rewrite",
167 [IP_PUNT_REDIRECT_NEXT_ARP] = "ip4-arp",
171 VNET_FEATURE_INIT (ip4_punt_redirect_node, static) = {
172 .arc_name = "ip4-punt",
173 .node_name = "ip4-punt-redirect",
174 .runs_before = VNET_FEATURES("error-punt"),
178 VLIB_NODE_FN (ip4_drop_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
179 vlib_frame_t * frame)
181 if (node->flags & VLIB_NODE_FLAG_TRACE)
182 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
184 return ip_drop_or_punt (vm, node, frame,
185 vnet_feat_arc_ip4_drop.feature_arc_index);
189 VLIB_NODE_FN (ip4_not_enabled_node) (vlib_main_t * vm,
190 vlib_node_runtime_t * node,
191 vlib_frame_t * frame)
193 if (node->flags & VLIB_NODE_FLAG_TRACE)
194 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
196 return ip_drop_or_punt (vm, node, frame,
197 vnet_feat_arc_ip4_drop.feature_arc_index);
201 ip4_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
203 if (node->flags & VLIB_NODE_FLAG_TRACE)
204 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
206 return ip_drop_or_punt (vm, node, frame,
207 vnet_feat_arc_ip4_punt.feature_arc_index);
211 VLIB_REGISTER_NODE (ip4_drop_node) =
214 .vector_size = sizeof (u32),
215 .format_trace = format_ip4_forward_next_trace,
222 VLIB_REGISTER_NODE (ip4_not_enabled_node) =
224 .name = "ip4-not-enabled",
225 .vector_size = sizeof (u32),
226 .format_trace = format_ip4_forward_next_trace,
233 VLIB_REGISTER_NODE (ip4_punt_node) =
235 .function = ip4_punt,
237 .vector_size = sizeof (u32),
238 .format_trace = format_ip4_forward_next_trace,
245 VNET_FEATURE_INIT (ip4_punt_end_of_arc, static) = {
246 .arc_name = "ip4-punt",
247 .node_name = "error-punt",
248 .runs_before = 0, /* not before any other features */
251 VNET_FEATURE_INIT (ip4_drop_end_of_arc, static) = {
252 .arc_name = "ip4-drop",
253 .node_name = "error-drop",
254 .runs_before = 0, /* not before any other features */
258 #ifndef CLIB_MARCH_VARIANT
260 ip4_punt_policer_add_del (u8 is_add, u32 policer_index)
262 ip4_punt_policer_cfg.policer_index = policer_index;
264 vnet_feature_enable_disable ("ip4-punt", "ip4-punt-policer",
267 #endif /* CLIB_MARCH_VARIANT */
269 static clib_error_t *
270 ip4_punt_police_cmd (vlib_main_t * vm,
271 unformat_input_t * main_input,
272 vlib_cli_command_t * cmd)
274 unformat_input_t _line_input, *line_input = &_line_input;
275 clib_error_t *error = 0;
281 if (!unformat_user (main_input, unformat_line_input, line_input))
284 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
286 if (unformat (line_input, "%d", &policer_index))
288 else if (unformat (line_input, "del"))
290 else if (unformat (line_input, "add"))
294 error = unformat_parse_error (line_input);
299 if (is_add && ~0 == policer_index)
301 error = clib_error_return (0, "expected policer index `%U'",
302 format_unformat_error, line_input);
308 ip4_punt_policer_add_del(is_add, policer_index);
311 unformat_free (line_input);
318 * @cliexcmd{set ip punt policer <INDEX>}
321 VLIB_CLI_COMMAND (ip4_punt_policer_command, static) =
323 .path = "ip punt policer",
324 .function = ip4_punt_police_cmd,
325 .short_help = "ip punt policer [add|del] <index>",
329 #ifndef CLIB_MARCH_VARIANT
331 * an uninitalised rx-redirect strcut used to pad the vector
333 ip_punt_redirect_rx_t uninit_rx_redirect = {
334 .tx_sw_if_index = ~0,
335 .adj_index = ADJ_INDEX_INVALID,
339 ip_punt_redirect_add (ip_punt_redirect_t * cfg,
341 ip_punt_redirect_rx_t * redirect,
342 fib_protocol_t fproto, vnet_link_t linkt)
344 ip_punt_redirect_rx_t *new;
346 if (~0 == rx_sw_if_index)
348 cfg->any_rx_sw_if_index = *redirect;
349 new = &cfg->any_rx_sw_if_index;
353 vec_validate_init_empty (cfg->redirect_by_rx_sw_if_index,
354 rx_sw_if_index, uninit_rx_redirect);
355 cfg->redirect_by_rx_sw_if_index[rx_sw_if_index] = *redirect;
356 new = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index];
359 new->adj_index = adj_nbr_add_or_lock (fproto, linkt,
361 redirect->tx_sw_if_index);
365 ip_punt_redirect_del (ip_punt_redirect_t * cfg, u32 rx_sw_if_index)
367 ip_punt_redirect_rx_t *old;
369 if (~0 == rx_sw_if_index)
371 old = &cfg->any_rx_sw_if_index;
375 old = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index];
378 if ((old == NULL) || (old->adj_index == ADJ_INDEX_INVALID))
381 adj_unlock (old->adj_index);
382 *old = uninit_rx_redirect;
386 ip4_punt_redirect_add (u32 rx_sw_if_index,
387 u32 tx_sw_if_index, ip46_address_t * nh)
389 ip_punt_redirect_rx_t rx = {
390 .tx_sw_if_index = tx_sw_if_index,
394 ip_punt_redirect_add (&ip4_punt_redirect_cfg,
395 rx_sw_if_index, &rx, FIB_PROTOCOL_IP4, VNET_LINK_IP4);
397 vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 1, 0, 0);
401 ip4_punt_redirect_del (u32 rx_sw_if_index)
403 vnet_feature_enable_disable ("ip4-punt", "ip4-punt-redirect", 0, 0, 0, 0);
405 ip_punt_redirect_del (&ip4_punt_redirect_cfg, rx_sw_if_index);
407 #endif /* CLIB_MARCH_VARIANT */
409 static clib_error_t *
410 ip4_punt_redirect_cmd (vlib_main_t * vm,
411 unformat_input_t * main_input,
412 vlib_cli_command_t * cmd)
414 unformat_input_t _line_input, *line_input = &_line_input;
415 ip46_address_t nh = ip46_address_initializer;
416 clib_error_t *error = 0;
417 u32 rx_sw_if_index = 0;
418 u32 tx_sw_if_index = 0;
423 vnm = vnet_get_main ();
425 if (!unformat_user (main_input, unformat_line_input, line_input))
428 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
430 if (unformat (line_input, "del"))
432 else if (unformat (line_input, "add"))
434 else if (unformat (line_input, "rx all"))
436 else if (unformat (line_input, "rx %U",
437 unformat_vnet_sw_interface, vnm, &rx_sw_if_index))
439 else if (unformat (line_input, "via %U %U",
440 unformat_ip4_address,
442 unformat_vnet_sw_interface, vnm, &tx_sw_if_index))
444 else if (unformat (line_input, "via %U",
445 unformat_vnet_sw_interface, vnm, &tx_sw_if_index))
446 clib_memset (&nh, 0, sizeof (nh));
449 error = unformat_parse_error (line_input);
456 if (rx_sw_if_index && tx_sw_if_index)
458 ip4_punt_redirect_add (rx_sw_if_index, tx_sw_if_index, &nh);
465 ip4_punt_redirect_del (rx_sw_if_index);
470 unformat_free (line_input);
477 * @cliexcmd{set ip punt policer}
480 VLIB_CLI_COMMAND (ip4_punt_redirect_command, static) =
482 .path = "ip punt redirect",
483 .function = ip4_punt_redirect_cmd,
484 .short_help = "ip punt redirect [add|del] rx [<interface>|all] via [<nh>] <tx_interface>",
488 #ifndef CLIB_MARCH_VARIANT
490 format_ip_punt_redirect (u8 * s, va_list * args)
492 ip_punt_redirect_t *cfg = va_arg (*args, ip_punt_redirect_t *);
493 ip_punt_redirect_rx_t *rx;
495 vnet_main_t *vnm = vnet_get_main ();
497 vec_foreach_index (rx_sw_if_index, cfg->redirect_by_rx_sw_if_index)
499 rx = &cfg->redirect_by_rx_sw_if_index[rx_sw_if_index];
500 if (~0 != rx->tx_sw_if_index)
502 s = format (s, " rx %U redirect via %U %U\n",
503 format_vnet_sw_interface_name, vnm,
504 vnet_get_sw_interface (vnm, rx_sw_if_index),
505 format_ip46_address, &rx->nh, IP46_TYPE_ANY,
506 format_vnet_sw_interface_name, vnm,
507 vnet_get_sw_interface (vnm, rx->tx_sw_if_index));
510 if (~0 != cfg->any_rx_sw_if_index.tx_sw_if_index)
512 s = format (s, " rx all redirect via %U %U\n",
513 format_ip46_address, &cfg->any_rx_sw_if_index.nh,
514 IP46_TYPE_ANY, format_vnet_sw_interface_name, vnm,
515 vnet_get_sw_interface (vnm,
517 any_rx_sw_if_index.tx_sw_if_index));
523 ip_punt_redirect_detail_t *
524 ip4_punt_redirect_entries (u32 sw_if_index)
526 ip_punt_redirect_rx_t *pr;
527 ip_punt_redirect_detail_t *prs = 0;
530 vec_foreach_index (rx_sw_if_index,
531 ip4_punt_redirect_cfg.redirect_by_rx_sw_if_index)
533 if (sw_if_index == ~0 || sw_if_index == rx_sw_if_index)
536 &ip4_punt_redirect_cfg.redirect_by_rx_sw_if_index[rx_sw_if_index];
537 if (~0 != pr->tx_sw_if_index)
539 ip_punt_redirect_detail_t detail = {.rx_sw_if_index =
543 vec_add1 (prs, detail);
547 if (~0 != ip4_punt_redirect_cfg.any_rx_sw_if_index.tx_sw_if_index)
549 pr = &ip4_punt_redirect_cfg.any_rx_sw_if_index;
550 ip_punt_redirect_detail_t detail = {.rx_sw_if_index = ~0,
553 vec_add1 (prs, detail);
558 #endif /* CLIB_MARCH_VARIANT */
560 static clib_error_t *
561 ip4_punt_redirect_show_cmd (vlib_main_t * vm,
562 unformat_input_t * main_input,
563 vlib_cli_command_t * cmd)
565 vlib_cli_output (vm, "%U", format_ip_punt_redirect, &ip4_punt_redirect_cfg);
573 * @cliexcmd{set ip punt redierect}
576 VLIB_CLI_COMMAND (show_ip4_punt_redirect_command, static) =
578 .path = "show ip punt redirect",
579 .function = ip4_punt_redirect_show_cmd,
580 .short_help = "show ip punt redirect",
586 * fd.io coding-style-patch-verification: ON
589 * eval: (c-set-style "gnu")