2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #ifndef __IP_PUNT_DROP_H__
17 #define __IP_PUNT_DROP_H__
19 #include <vnet/ip/ip.h>
20 #include <vnet/policer/policer.h>
21 #include <vnet/policer/police_inlines.h>
24 * IP4 punt policer configuration
25 * we police the punt rate to prevent overloading the host
27 typedef struct ip_punt_policer_t_
33 typedef enum ip_punt_policer_next_t_
35 IP_PUNT_POLICER_NEXT_DROP,
36 IP_PUNT_POLICER_NEXT_HANDOFF,
37 IP_PUNT_POLICER_N_NEXT,
38 } ip_punt_policer_next_t;
40 typedef struct ip_punt_policer_trace_t_
44 } ip_punt_policer_trace_t;
46 #define foreach_ip_punt_policer_error \
47 _(DROP, "ip punt policer drop")
51 #define _(sym,str) IP_PUNT_POLICER_ERROR_##sym,
52 foreach_ip_punt_policer_error
54 IP4_PUNT_POLICER_N_ERROR,
55 } ip_punt_policer_error_t;
57 extern u8 *format_ip_punt_policer_trace (u8 * s, va_list * args);
58 extern vlib_node_registration_t ip4_punt_policer_node;
59 extern ip_punt_policer_t ip4_punt_policer_cfg;
60 extern vlib_node_registration_t ip6_punt_policer_node;
61 extern ip_punt_policer_t ip6_punt_policer_cfg;
64 * IP punt policing node function
67 ip_punt_policer (vlib_main_t * vm,
68 vlib_node_runtime_t * node,
69 vlib_frame_t * frame, u8 arc_index, u32 policer_index)
71 u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
72 u64 time_in_policer_periods;
73 vnet_feature_main_t *fm = &feature_main;
74 vnet_feature_config_main_t *cm = &fm->feature_config_mains[arc_index];
76 time_in_policer_periods =
77 clib_cpu_time_now () >> POLICER_TICKS_PER_PERIOD_SHIFT;
79 from = vlib_frame_vector_args (frame);
80 n_left_from = frame->n_vectors;
81 next_index = node->cached_next_index;
83 while (n_left_from > 0)
85 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
87 while (n_left_from >= 4 && n_left_to_next >= 2)
89 vlib_buffer_t *b0, *b1;
95 bi0 = to_next[0] = from[0];
96 bi1 = to_next[1] = from[1];
103 b0 = vlib_get_buffer (vm, bi0);
104 b1 = vlib_get_buffer (vm, bi1);
106 act0 = vnet_policer_police (vm, b0, policer_index,
107 time_in_policer_periods, POLICE_CONFORM,
109 act1 = vnet_policer_police (vm, b1, policer_index,
110 time_in_policer_periods, POLICE_CONFORM,
113 if (PREDICT_FALSE (act0 == QOS_ACTION_HANDOFF))
115 next0 = next1 = IP_PUNT_POLICER_NEXT_HANDOFF;
120 vnet_get_config_data (&cm->config_main,
121 &b0->current_config_index, &next0, 0);
122 vnet_get_config_data (&cm->config_main,
123 &b1->current_config_index, &next1, 0);
125 if (PREDICT_FALSE (act0 == QOS_ACTION_DROP))
127 next0 = IP_PUNT_POLICER_NEXT_DROP;
128 b0->error = node->errors[IP_PUNT_POLICER_ERROR_DROP];
130 if (PREDICT_FALSE (act1 == QOS_ACTION_DROP))
132 next1 = IP_PUNT_POLICER_NEXT_DROP;
133 b1->error = node->errors[IP_PUNT_POLICER_ERROR_DROP];
136 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
138 ip_punt_policer_trace_t *t =
139 vlib_add_trace (vm, node, b0, sizeof (*t));
141 t->policer_index = policer_index;
143 if (PREDICT_FALSE (b1->flags & VLIB_BUFFER_IS_TRACED))
145 ip_punt_policer_trace_t *t =
146 vlib_add_trace (vm, node, b1, sizeof (*t));
148 t->policer_index = policer_index;
152 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
154 bi0, bi1, next0, next1);
156 while (n_left_from > 0 && n_left_to_next > 0)
164 bi0 = to_next[0] = from[0];
171 b0 = vlib_get_buffer (vm, bi0);
173 act0 = vnet_policer_police (vm, b0, policer_index,
174 time_in_policer_periods, POLICE_CONFORM,
176 if (PREDICT_FALSE (act0 == QOS_ACTION_HANDOFF))
178 next0 = IP_PUNT_POLICER_NEXT_HANDOFF;
182 vnet_get_config_data (&cm->config_main,
183 &b0->current_config_index, &next0, 0);
185 if (PREDICT_FALSE (act0 == QOS_ACTION_DROP))
187 next0 = IP_PUNT_POLICER_NEXT_DROP;
188 b0->error = node->errors[IP_PUNT_POLICER_ERROR_DROP];
191 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
193 ip_punt_policer_trace_t *t =
194 vlib_add_trace (vm, node, b0, sizeof (*t));
196 t->policer_index = policer_index;
199 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
200 n_left_to_next, bi0, next0);
202 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
205 return frame->n_vectors;
209 * IP4 punt redirect per-rx interface configuration
210 * redirect punted traffic to another location.
212 typedef struct ip_punt_redirect_rx_t_
215 * Node linkage into the FIB graph
219 fib_protocol_t fproto;
220 fib_forward_chain_type_t payload_type;
225 * redirect forwarding
228 } ip_punt_redirect_rx_t;
231 * IP punt redirect configuration
233 typedef struct ip_punt_redirect_t_
235 ip_punt_redirect_rx_t *pool;
238 * per-RX interface configuration.
239 * sw_if_index = 0 (from which packets are never received) is used to
240 * indicate 'from-any'
242 index_t *redirect_by_rx_sw_if_index[FIB_PROTOCOL_IP_MAX];
243 } ip_punt_redirect_cfg_t;
245 extern ip_punt_redirect_cfg_t ip_punt_redirect_cfg;
248 * IP punt redirect next nodes
250 typedef enum ip_punt_redirect_next_t_
252 IP_PUNT_REDIRECT_NEXT_DROP,
253 IP_PUNT_REDIRECT_NEXT_TX,
254 IP_PUNT_REDIRECT_NEXT_ARP,
255 IP_PUNT_REDIRECT_N_NEXT,
256 } ip_punt_redirect_next_t;
259 * IP Punt redirect trace
261 typedef struct ip4_punt_redirect_trace_t_
265 } ip_punt_redirect_trace_t;
268 * Add a punt redirect entry
270 extern void ip_punt_redirect_add (fib_protocol_t fproto, u32 rx_sw_if_index,
271 fib_forward_chain_type_t ct,
272 const fib_route_path_t *rpaths);
274 extern void ip_punt_redirect_del (fib_protocol_t fproto, u32 rx_sw_if_index);
275 extern index_t ip_punt_redirect_find (fib_protocol_t fproto,
277 extern u8 *format_ip_punt_redirect (u8 * s, va_list * args);
279 extern u8 *format_ip_punt_redirect_trace (u8 * s, va_list * args);
281 typedef walk_rc_t (*ip_punt_redirect_walk_cb_t) (u32 rx_sw_if_index,
282 const ip_punt_redirect_rx_t *
283 redirect, void *arg);
284 extern void ip_punt_redirect_walk (fib_protocol_t fproto,
285 ip_punt_redirect_walk_cb_t cb, void *ctx);
287 static_always_inline ip_punt_redirect_rx_t *
288 ip_punt_redirect_get (index_t rrxi)
290 return (pool_elt_at_index (ip_punt_redirect_cfg.pool, rrxi));
294 ip_punt_redirect (vlib_main_t * vm,
295 vlib_node_runtime_t * node,
296 vlib_frame_t * frame, u8 arc_index, fib_protocol_t fproto)
298 u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
299 vnet_feature_main_t *fm = &feature_main;
300 vnet_feature_config_main_t *cm = &fm->feature_config_mains[arc_index];
303 from = vlib_frame_vector_args (frame);
304 n_left_from = frame->n_vectors;
305 next_index = node->cached_next_index;
306 redirects = ip_punt_redirect_cfg.redirect_by_rx_sw_if_index[fproto];
308 while (n_left_from > 0)
310 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
312 while (n_left_from > 0 && n_left_to_next > 0)
314 u32 rx_sw_if_index0, rrxi0;
315 ip_punt_redirect_rx_t *rrx0;
320 rrxi0 = INDEX_INVALID;
322 bi0 = to_next[0] = from[0];
329 b0 = vlib_get_buffer (vm, bi0);
331 vnet_get_config_data (&cm->config_main,
332 &b0->current_config_index, &next0, 0);
334 rx_sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
337 * If config exists for this particular RX interface use it,
338 * else use the default (at RX = 0)
340 if (vec_len (redirects) > rx_sw_if_index0)
342 rrxi0 = redirects[rx_sw_if_index0];
343 if (INDEX_INVALID == rrxi0)
344 rrxi0 = redirects[0];
346 else if (vec_len (redirects) >= 1)
347 rrxi0 = redirects[0];
349 if (PREDICT_TRUE (INDEX_INVALID != rrxi0))
351 /* prevent ttl decrement on forward */
352 b0->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
353 rrx0 = ip_punt_redirect_get (rrxi0);
354 vnet_buffer (b0)->ip.adj_index[VLIB_TX] = rrx0->dpo.dpoi_index;
355 next0 = rrx0->dpo.dpoi_next_node;
358 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
360 ip_punt_redirect_trace_t *t =
361 vlib_add_trace (vm, node, b0, sizeof (*t));
366 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
367 n_left_to_next, bi0, next0);
370 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
373 return frame->n_vectors;
377 ip_drop_or_punt (vlib_main_t * vm,
378 vlib_node_runtime_t * node,
379 vlib_frame_t * frame, u8 arc_index)
381 u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
383 from = vlib_frame_vector_args (frame);
384 n_left_from = frame->n_vectors;
385 next_index = node->cached_next_index;
387 while (n_left_from > 0)
389 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
391 while (n_left_from >= 8 && n_left_to_next >= 4)
393 vlib_buffer_t *b0, *b1, *b2, *b3;
394 u32 next0, next1, next2, next3;
395 u32 bi0, bi1, bi2, bi3;
397 next0 = next1 = next2 = next3 = 0;
399 /* Prefetch next iteration. */
401 vlib_buffer_t *p4, *p5, *p6, *p7;
403 p4 = vlib_get_buffer (vm, from[4]);
404 p5 = vlib_get_buffer (vm, from[5]);
405 p6 = vlib_get_buffer (vm, from[6]);
406 p7 = vlib_get_buffer (vm, from[7]);
408 vlib_prefetch_buffer_header (p4, LOAD);
409 vlib_prefetch_buffer_header (p5, LOAD);
410 vlib_prefetch_buffer_header (p6, LOAD);
411 vlib_prefetch_buffer_header (p7, LOAD);
414 bi0 = to_next[0] = from[0];
415 bi1 = to_next[1] = from[1];
416 bi2 = to_next[2] = from[2];
417 bi3 = to_next[3] = from[3];
424 b0 = vlib_get_buffer (vm, bi0);
425 b1 = vlib_get_buffer (vm, bi1);
426 b2 = vlib_get_buffer (vm, bi2);
427 b3 = vlib_get_buffer (vm, bi3);
429 /* punt and drop features are not associated with a given interface
430 * so the special index 0 is used */
431 vnet_feature_arc_start (arc_index, 0, &next0, b0);
432 vnet_feature_arc_start (arc_index, 0, &next1, b1);
433 vnet_feature_arc_start (arc_index, 0, &next2, b2);
434 vnet_feature_arc_start (arc_index, 0, &next3, b3);
436 vlib_validate_buffer_enqueue_x4 (vm, node, next_index,
437 to_next, n_left_to_next,
439 next0, next1, next2, next3);
442 while (n_left_from > 0 && n_left_to_next > 0)
449 bi0 = to_next[0] = from[0];
456 b0 = vlib_get_buffer (vm, bi0);
458 vnet_feature_arc_start (arc_index, 0, &next0, b0);
460 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
461 n_left_to_next, bi0, next0);
463 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
466 return frame->n_vectors;
472 * fd.io coding-style-patch-verification: ON
475 * eval: (c-set-style "gnu")