2 * sr_steering.c: ipv6 segment routing steering into SR policy
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 * @brief Packet steering into SR Policies
22 * This file is in charge of handling the FIB appropiatly to steer packets
23 * through SR Policies as defined in 'sr_policy_rewrite.c'. Notice that here
24 * we are only doing steering. SR policy application is done in
28 * - Steering of IPv6 traffic Destination Address based
29 * - Steering of IPv4 traffic Destination Address based
30 * - Steering of L2 frames, interface based (sw interface)
33 #include <vlib/vlib.h>
34 #include <vnet/vnet.h>
35 #include <vnet/srv6/sr.h>
36 #include <vnet/ip/ip.h>
37 #include <vnet/srv6/sr_packet.h>
38 #include <vnet/ip/ip6_packet.h>
39 #include <vnet/fib/ip6_fib.h>
40 #include <vnet/dpo/dpo.h>
42 #include <vppinfra/error.h>
43 #include <vppinfra/elog.h>
46 * @brief Steer traffic L2 and L3 traffic through a given SR policy
49 * @param bsid is the bindingSID of the SR Policy (alt to sr_policy_index)
50 * @param sr_policy is the index of the SR Policy (alt to bsid)
51 * @param table_id is the VRF where to install the FIB entry for the BSID
52 * @param prefix is the IPv4/v6 address for L3 traffic type
53 * @param mask_width is the mask for L3 traffic type
54 * @param sw_if_index is the incoming interface for L2 traffic
55 * @param traffic_type describes the type of traffic
57 * @return 0 if correct, else error
60 sr_steering_policy (int is_del, ip6_address_t * bsid, u32 sr_policy_index,
61 u32 table_id, ip46_address_t * prefix, u32 mask_width,
62 u32 sw_if_index, u8 traffic_type)
64 ip6_sr_main_t *sm = &sr_main;
65 sr_steering_key_t key;
66 ip6_sr_steering_policy_t *steer_pl;
67 fib_prefix_t pfx = { 0 };
69 ip6_sr_policy_t *sr_policy = 0;
72 clib_memset (&key, 0, sizeof (sr_steering_key_t));
74 /* Compute the steer policy key */
75 if (traffic_type == SR_STEER_IPV4 || traffic_type == SR_STEER_IPV6)
77 key.l3.prefix.as_u64[0] = prefix->as_u64[0];
78 key.l3.prefix.as_u64[1] = prefix->as_u64[1];
79 key.l3.mask_width = mask_width;
80 key.l3.fib_table = (table_id != (u32) ~ 0 ? table_id : 0);
82 else if (traffic_type == SR_STEER_L2)
84 key.l2.sw_if_index = sw_if_index;
86 /* Sanitise the SW_IF_INDEX */
87 if (pool_is_free_index (sm->vnet_main->interface_main.sw_interfaces,
91 vnet_sw_interface_t *sw =
92 vnet_get_sw_interface (sm->vnet_main, sw_if_index);
93 if (sw->type != VNET_SW_INTERFACE_TYPE_HARDWARE)
99 key.traffic_type = traffic_type;
101 /* Search for the item */
102 p = mhash_get (&sm->sr_steer_policies_hash, &key);
106 /* Retrieve Steer Policy function */
107 steer_pl = pool_elt_at_index (sm->steer_policies, p[0]);
111 if (steer_pl->classify.traffic_type == SR_STEER_IPV6)
113 /* Remove FIB entry */
114 pfx.fp_proto = FIB_PROTOCOL_IP6;
115 pfx.fp_len = steer_pl->classify.l3.mask_width;
116 pfx.fp_addr.ip6 = steer_pl->classify.l3.prefix.ip6;
118 fib_table_entry_delete (fib_table_find
120 steer_pl->classify.l3.fib_table),
121 &pfx, FIB_SOURCE_SR);
123 else if (steer_pl->classify.traffic_type == SR_STEER_IPV4)
125 /* Remove FIB entry */
126 pfx.fp_proto = FIB_PROTOCOL_IP4;
127 pfx.fp_len = steer_pl->classify.l3.mask_width;
128 pfx.fp_addr.ip4 = steer_pl->classify.l3.prefix.ip4;
130 fib_table_entry_delete (fib_table_find
132 steer_pl->classify.l3.fib_table), &pfx,
135 else if (steer_pl->classify.traffic_type == SR_STEER_L2)
137 /* Remove HW redirection */
138 int ret = vnet_feature_enable_disable ("device-input",
139 "sr-pl-rewrite-encaps-l2",
140 sw_if_index, 0, 0, 0);
145 sm->sw_iface_sr_policies[sw_if_index] = ~(u32) 0;
147 /* Remove promiscous mode from interface */
148 vnet_main_t *vnm = vnet_get_main ();
149 vnet_hw_interface_t *hi =
150 vnet_get_sup_hw_interface (vnm, sw_if_index);
151 /* Make sure it is main interface */
152 if (hi->sw_if_index == sw_if_index)
153 ethernet_set_flags (vnm, hi->hw_if_index, 0);
156 /* Delete SR steering policy entry */
157 pool_put (sm->steer_policies, steer_pl);
158 mhash_unset (&sm->sr_steer_policies_hash, &key, NULL);
160 /* If no more SR policies or steering policies */
161 if (!pool_elts (sm->sr_policies) && !pool_elts (sm->steer_policies))
163 fib_table_unlock (sm->fib_table_ip6,
164 FIB_PROTOCOL_IP6, FIB_SOURCE_SR);
165 fib_table_unlock (sm->fib_table_ip4,
166 FIB_PROTOCOL_IP6, FIB_SOURCE_SR);
167 sm->fib_table_ip6 = (u32) ~ 0;
168 sm->fib_table_ip4 = (u32) ~ 0;
173 else /* It means user requested to update an existing SR steering policy */
175 /* Retrieve SR steering policy */
178 p = mhash_get (&sm->sr_policies_index_hash, bsid);
180 sr_policy = pool_elt_at_index (sm->sr_policies, p[0]);
185 sr_policy = pool_elt_at_index (sm->sr_policies, sr_policy_index);
187 steer_pl->sr_policy = sr_policy - sm->sr_policies;
189 /* Remove old FIB/hw redirection and create a new one */
190 if (steer_pl->classify.traffic_type == SR_STEER_IPV6)
192 /* Remove FIB entry */
193 pfx.fp_proto = FIB_PROTOCOL_IP6;
194 pfx.fp_len = steer_pl->classify.l3.mask_width;
195 pfx.fp_addr.ip6 = steer_pl->classify.l3.prefix.ip6;
197 fib_table_entry_delete (fib_table_find
199 steer_pl->classify.l3.fib_table),
200 &pfx, FIB_SOURCE_SR);
202 /* Create a new one */
205 else if (steer_pl->classify.traffic_type == SR_STEER_IPV4)
207 /* Remove FIB entry */
208 pfx.fp_proto = FIB_PROTOCOL_IP4;
209 pfx.fp_len = steer_pl->classify.l3.mask_width;
210 pfx.fp_addr.ip4 = steer_pl->classify.l3.prefix.ip4;
212 fib_table_entry_delete (fib_table_find
214 steer_pl->classify.l3.fib_table),
215 &pfx, FIB_SOURCE_SR);
217 /* Create a new one */
220 else if (steer_pl->classify.traffic_type == SR_STEER_L2)
222 /* Update L2-HW redirection */
228 /* delete; steering policy does not exist; complain */
232 /* Retrieve SR policy */
235 p = mhash_get (&sm->sr_policies_index_hash, bsid);
237 sr_policy = pool_elt_at_index (sm->sr_policies, p[0]);
242 sr_policy = pool_elt_at_index (sm->sr_policies, sr_policy_index);
244 /* Create a new steering policy */
245 pool_get (sm->steer_policies, steer_pl);
246 clib_memset (steer_pl, 0, sizeof (*steer_pl));
248 if (traffic_type == SR_STEER_IPV4 || traffic_type == SR_STEER_IPV6)
250 clib_memcpy_fast (&steer_pl->classify.l3.prefix, prefix,
251 sizeof (ip46_address_t));
252 steer_pl->classify.l3.mask_width = mask_width;
253 steer_pl->classify.l3.fib_table =
254 (table_id != (u32) ~ 0 ? table_id : 0);
255 steer_pl->classify.traffic_type = traffic_type;
257 else if (traffic_type == SR_STEER_L2)
259 steer_pl->classify.l2.sw_if_index = sw_if_index;
260 steer_pl->classify.traffic_type = traffic_type;
264 /* Incorrect API usage. Should never get here */
265 pool_put (sm->steer_policies, steer_pl);
266 mhash_unset (&sm->sr_steer_policies_hash, &key, NULL);
269 steer_pl->sr_policy = sr_policy - sm->sr_policies;
271 /* Create and store key */
272 mhash_set (&sm->sr_steer_policies_hash, &key, steer_pl - sm->steer_policies,
275 if (traffic_type == SR_STEER_L2)
277 if (!sr_policy->is_encap)
278 goto cleanup_error_encap;
280 if (vnet_feature_enable_disable
281 ("device-input", "sr-pl-rewrite-encaps-l2", sw_if_index, 1, 0, 0))
282 goto cleanup_error_redirection;
284 /* Set promiscous mode on interface */
285 vnet_main_t *vnm = vnet_get_main ();
286 vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
287 /* Make sure it is main interface */
288 if (hi->sw_if_index == sw_if_index)
289 ethernet_set_flags (vnm, hi->hw_if_index,
290 ETHERNET_INTERFACE_FLAG_ACCEPT_ALL);
292 else if (traffic_type == SR_STEER_IPV4)
293 if (!sr_policy->is_encap)
294 goto cleanup_error_encap;
297 /* FIB API calls - Recursive route through the BindingSID */
298 if (traffic_type == SR_STEER_IPV6)
300 pfx.fp_proto = FIB_PROTOCOL_IP6;
301 pfx.fp_len = steer_pl->classify.l3.mask_width;
302 pfx.fp_addr.ip6 = steer_pl->classify.l3.prefix.ip6;
304 fib_table_entry_path_add (fib_table_find (FIB_PROTOCOL_IP6,
309 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT,
311 (ip46_address_t *) & sr_policy->bsid, ~0,
312 sm->fib_table_ip6, 1, NULL,
313 FIB_ROUTE_PATH_FLAG_NONE);
315 else if (traffic_type == SR_STEER_IPV4)
317 pfx.fp_proto = FIB_PROTOCOL_IP4;
318 pfx.fp_len = steer_pl->classify.l3.mask_width;
319 pfx.fp_addr.ip4 = steer_pl->classify.l3.prefix.ip4;
321 fib_table_entry_path_add (fib_table_find (FIB_PROTOCOL_IP4,
326 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT,
328 (ip46_address_t *) & sr_policy->bsid, ~0,
329 sm->fib_table_ip4, 1, NULL,
330 FIB_ROUTE_PATH_FLAG_NONE);
332 else if (traffic_type == SR_STEER_L2)
334 if (sw_if_index < vec_len (sm->sw_iface_sr_policies))
335 sm->sw_iface_sr_policies[sw_if_index] = steer_pl->sr_policy;
338 vec_resize (sm->sw_iface_sr_policies,
339 (pool_len (sm->vnet_main->interface_main.sw_interfaces)
340 - vec_len (sm->sw_iface_sr_policies)));
341 sm->sw_iface_sr_policies[sw_if_index] = steer_pl->sr_policy;
348 pool_put (sm->steer_policies, steer_pl);
349 mhash_unset (&sm->sr_steer_policies_hash, &key, NULL);
352 cleanup_error_redirection:
353 pool_put (sm->steer_policies, steer_pl);
354 mhash_unset (&sm->sr_steer_policies_hash, &key, NULL);
358 static clib_error_t *
359 sr_steer_policy_command_fn (vlib_main_t * vm, unformat_input_t * input,
360 vlib_cli_command_t * cmd)
362 vnet_main_t *vnm = vnet_get_main ();
366 ip46_address_t prefix;
367 u32 dst_mask_width = 0;
368 u32 sw_if_index = (u32) ~ 0;
370 u32 fib_table = (u32) ~ 0;
373 u32 sr_policy_index = (u32) ~ 0;
375 u8 sr_policy_set = 0;
377 clib_memset (&prefix, 0, sizeof (ip46_address_t));
380 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
382 if (unformat (input, "del"))
384 else if (!traffic_type
385 && unformat (input, "l3 %U/%d", unformat_ip6_address,
386 &prefix.ip6, &dst_mask_width))
387 traffic_type = SR_STEER_IPV6;
388 else if (!traffic_type
389 && unformat (input, "l3 %U/%d", unformat_ip4_address,
390 &prefix.ip4, &dst_mask_width))
391 traffic_type = SR_STEER_IPV4;
392 else if (!traffic_type
393 && unformat (input, "l2 %U", unformat_vnet_sw_interface, vnm,
395 traffic_type = SR_STEER_L2;
396 else if (!sr_policy_set
397 && unformat (input, "via index %d", &sr_policy_index))
399 else if (!sr_policy_set
400 && unformat (input, "via bsid %U",
401 unformat_ip6_address, &bsid))
403 else if (fib_table == (u32) ~ 0
404 && unformat (input, "fib-table %d", &fib_table));
410 return clib_error_return (0, "No L2/L3 traffic specified");
411 if (!is_del && !sr_policy_set)
412 return clib_error_return (0, "No SR policy specified");
414 /* Make sure that the prefixes are clean */
415 if (traffic_type == SR_STEER_IPV4)
418 (dst_mask_width ? (0xFFFFFFFFu >> (32 - dst_mask_width)) : 0);
419 prefix.ip4.as_u32 &= mask;
421 else if (traffic_type == SR_STEER_IPV6)
424 ip6_address_mask_from_width (&mask, dst_mask_width);
425 ip6_address_mask (&prefix.ip6, &mask);
429 sr_steering_policy (is_del, (sr_policy_index == ~(u32) 0 ? &bsid : NULL),
430 sr_policy_index, fib_table, &prefix, dst_mask_width,
431 sw_if_index, traffic_type);
440 return clib_error_return (0, "Incorrect API usage.");
442 return clib_error_return (0,
443 "The requested SR policy could not be located. Review the BSID/index.");
445 return clib_error_return (0,
446 "Unable to do SW redirect. Incorrect interface.");
448 return clib_error_return (0,
449 "The requested SR steering policy could not be deleted.");
451 return clib_error_return (0,
452 "The SR policy is not an encapsulation one.");
454 return clib_error_return (0, "BUG: sr steer policy returns %d", rv);
459 VLIB_CLI_COMMAND (sr_steer_policy_command, static) = {
461 .short_help = "sr steer (del) [l3 <ip_addr/mask>|l2 <sf_if>] "
462 "via [index <sr_policy_index>|bsid <bsid_ip6_addr>] "
463 "(fib-table <fib_table_index>)",
465 "\tSteer a L2 or L3 traffic through an existing SR policy.\n"
467 "\t\tsr steer l3 2001::/64 via sr_policy index 5\n"
468 "\t\tsr steer l3 2001::/64 via sr_policy bsid 2010::9999:1\n"
469 "\t\tsr steer l2 GigabitEthernet0/5/0 via sr_policy index 5\n"
470 "\t\tsr steer del l3 2001::/64 via sr_policy index 5\n",
471 .function = sr_steer_policy_command_fn,
474 static clib_error_t *
475 show_sr_steering_policies_command_fn (vlib_main_t * vm,
476 unformat_input_t * input,
477 vlib_cli_command_t * cmd)
479 ip6_sr_main_t *sm = &sr_main;
480 ip6_sr_steering_policy_t **steer_policies = 0;
481 ip6_sr_steering_policy_t *steer_pl;
483 vnet_main_t *vnm = vnet_get_main ();
485 ip6_sr_policy_t *pl = 0;
488 vlib_cli_output (vm, "SR steering policies:");
489 pool_foreach (steer_pl, sm->steer_policies) {vec_add1(steer_policies, steer_pl);}
490 vlib_cli_output (vm, "Traffic\t\tSR policy BSID");
491 for (i = 0; i < vec_len (steer_policies); i++)
493 steer_pl = steer_policies[i];
494 pl = pool_elt_at_index (sm->sr_policies, steer_pl->sr_policy);
495 if (steer_pl->classify.traffic_type == SR_STEER_L2)
497 vlib_cli_output (vm, "L2 %U\t%U",
498 format_vnet_sw_if_index_name, vnm,
499 steer_pl->classify.l2.sw_if_index,
500 format_ip6_address, &pl->bsid);
502 else if (steer_pl->classify.traffic_type == SR_STEER_IPV4)
504 vlib_cli_output (vm, "L3 %U/%d\t%U",
506 &steer_pl->classify.l3.prefix.ip4,
507 steer_pl->classify.l3.mask_width,
508 format_ip6_address, &pl->bsid);
510 else if (steer_pl->classify.traffic_type == SR_STEER_IPV6)
512 vlib_cli_output (vm, "L3 %U/%d\t%U",
514 &steer_pl->classify.l3.prefix.ip6,
515 steer_pl->classify.l3.mask_width,
516 format_ip6_address, &pl->bsid);
522 VLIB_CLI_COMMAND (show_sr_steering_policies_command, static) = {
523 .path = "show sr steering-policies",
524 .short_help = "show sr steering-policies",
525 .function = show_sr_steering_policies_command_fn,
529 sr_steering_init (vlib_main_t * vm)
531 ip6_sr_main_t *sm = &sr_main;
533 /* Init memory for function keys */
534 mhash_init (&sm->sr_steer_policies_hash, sizeof (uword),
535 sizeof (sr_steering_key_t));
537 sm->sw_iface_sr_policies = 0;
539 sm->vnet_main = vnet_get_main ();
544 VLIB_INIT_FUNCTION (sr_steering_init);
546 VNET_FEATURE_INIT (sr_pl_rewrite_encaps_l2, static) =
548 .arc_name = "device-input",
549 .node_name = "sr-pl-rewrite-encaps-l2",
550 .runs_before = VNET_FEATURES ("ethernet-input"),
554 * fd.io coding-style-patch-verification: ON
557 * eval: (c-set-style "gnu")