--- /dev/null
+/*
+ * gbp.h : Group Based Policy
+ *
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <plugins/gbp/gbp_endpoint_group.h>
+#include <plugins/gbp/gbp_endpoint.h>
+#include <plugins/gbp/gbp_bridge_domain.h>
+#include <plugins/gbp/gbp_route_domain.h>
+#include <plugins/gbp/gbp_itf.h>
+
+#include <vnet/dpo/dvr_dpo.h>
+#include <vnet/fib/fib_table.h>
+#include <vnet/l2/l2_input.h>
+
+/**
+ * Pool of GBP endpoint_groups
+ */
+gbp_endpoint_group_t *gbp_endpoint_group_pool;
+
+/**
+ * DB of endpoint_groups
+ */
+gbp_endpoint_group_db_t gbp_endpoint_group_db;
+
+/**
+ * Map sclass to EPG
+ */
+uword *gbp_epg_sclass_db;
+
+vlib_log_class_t gg_logger;
+
+#define GBP_EPG_DBG(...) \
+ vlib_log_debug (gg_logger, __VA_ARGS__);
+
+gbp_endpoint_group_t *
+gbp_endpoint_group_get (index_t i)
+{
+ return (pool_elt_at_index (gbp_endpoint_group_pool, i));
+}
+
+void
+gbp_endpoint_group_lock (index_t ggi)
+{
+ gbp_endpoint_group_t *gg;
+
+ if (INDEX_INVALID == ggi)
+ return;
+
+ gg = gbp_endpoint_group_get (ggi);
+ gg->gg_locks++;
+}
+
+index_t
+gbp_endpoint_group_find (sclass_t sclass)
+{
+ uword *p;
+
+ p = hash_get (gbp_endpoint_group_db.gg_hash_sclass, sclass);
+
+ if (NULL != p)
+ return p[0];
+
+ return (INDEX_INVALID);
+}
+
+int
+gbp_endpoint_group_add_and_lock (vnid_t vnid,
+ u16 sclass,
+ u32 bd_id,
+ u32 rd_id,
+ u32 uplink_sw_if_index,
+ const gbp_endpoint_retention_t * retention)
+{
+ gbp_endpoint_group_t *gg;
+ index_t ggi;
+
+ ggi = gbp_endpoint_group_find (sclass);
+
+ if (INDEX_INVALID == ggi)
+ {
+ fib_protocol_t fproto;
+ index_t gbi, grdi;
+
+ gbi = gbp_bridge_domain_find_and_lock (bd_id);
+
+ if (~0 == gbi)
+ return (VNET_API_ERROR_BD_NOT_MODIFIABLE);
+
+ grdi = gbp_route_domain_find_and_lock (rd_id);
+
+ if (~0 == grdi)
+ {
+ gbp_bridge_domain_unlock (gbi);
+ return (VNET_API_ERROR_NO_SUCH_FIB);
+ }
+
+ pool_get_zero (gbp_endpoint_group_pool, gg);
+
+ gg->gg_vnid = vnid;
+ gg->gg_rd = grdi;
+ gg->gg_gbd = gbi;
+
+ gg->gg_uplink_sw_if_index = uplink_sw_if_index;
+ gbp_itf_hdl_reset (&gg->gg_uplink_itf);
+ gg->gg_locks = 1;
+ gg->gg_sclass = sclass;
+ gg->gg_retention = *retention;
+
+ if (SCLASS_INVALID != gg->gg_sclass)
+ hash_set (gbp_epg_sclass_db, gg->gg_sclass, gg->gg_vnid);
+
+ /*
+ * an egress DVR dpo for internal subnets to use when sending
+ * on the uplink interface
+ */
+ if (~0 != gg->gg_uplink_sw_if_index)
+ {
+ FOR_EACH_FIB_IP_PROTOCOL (fproto)
+ {
+ dvr_dpo_add_or_lock (uplink_sw_if_index,
+ fib_proto_to_dpo (fproto),
+ &gg->gg_dpo[fproto]);
+ }
+
+ /*
+ * Add the uplink to the BD
+ * packets direct from the uplink have had policy applied
+ */
+ gg->gg_uplink_itf =
+ gbp_itf_l2_add_and_lock (gg->gg_uplink_sw_if_index, gbi);
+
+ gbp_itf_l2_set_input_feature (gg->gg_uplink_itf,
+ L2INPUT_FEAT_GBP_NULL_CLASSIFY);
+ }
+
+ hash_set (gbp_endpoint_group_db.gg_hash_sclass,
+ gg->gg_sclass, gg - gbp_endpoint_group_pool);
+ }
+ else
+ {
+ gg = gbp_endpoint_group_get (ggi);
+ gg->gg_locks++;
+ }
+
+ GBP_EPG_DBG ("add: %U", format_gbp_endpoint_group, gg);
+
+ return (0);
+}
+
+void
+gbp_endpoint_group_unlock (index_t ggi)
+{
+ gbp_endpoint_group_t *gg;
+
+ if (INDEX_INVALID == ggi)
+ return;
+
+ gg = gbp_endpoint_group_get (ggi);
+
+ gg->gg_locks--;
+
+ if (0 == gg->gg_locks)
+ {
+ fib_protocol_t fproto;
+
+ gg = pool_elt_at_index (gbp_endpoint_group_pool, ggi);
+
+ gbp_itf_unlock (&gg->gg_uplink_itf);
+
+ FOR_EACH_FIB_IP_PROTOCOL (fproto)
+ {
+ dpo_reset (&gg->gg_dpo[fproto]);
+ }
+ gbp_bridge_domain_unlock (gg->gg_gbd);
+ gbp_route_domain_unlock (gg->gg_rd);
+
+ if (SCLASS_INVALID != gg->gg_sclass)
+ hash_unset (gbp_epg_sclass_db, gg->gg_sclass);
+ hash_unset (gbp_endpoint_group_db.gg_hash_sclass, gg->gg_sclass);
+
+ pool_put (gbp_endpoint_group_pool, gg);
+ }
+}
+
+int
+gbp_endpoint_group_delete (sclass_t sclass)
+{
+ index_t ggi;
+
+ ggi = gbp_endpoint_group_find (sclass);
+
+ if (INDEX_INVALID != ggi)
+ {
+ GBP_EPG_DBG ("del: %U", format_gbp_endpoint_group,
+ gbp_endpoint_group_get (ggi));
+ gbp_endpoint_group_unlock (ggi);
+
+ return (0);
+ }
+
+ return (VNET_API_ERROR_NO_SUCH_ENTRY);
+}
+
+u32
+gbp_endpoint_group_get_bd_id (const gbp_endpoint_group_t * gg)
+{
+ const gbp_bridge_domain_t *gb;
+
+ gb = gbp_bridge_domain_get (gg->gg_gbd);
+
+ return (gb->gb_bd_id);
+}
+
+index_t
+gbp_endpoint_group_get_fib_index (const gbp_endpoint_group_t * gg,
+ fib_protocol_t fproto)
+{
+ const gbp_route_domain_t *grd;
+
+ grd = gbp_route_domain_get (gg->gg_rd);
+
+ return (grd->grd_fib_index[fproto]);
+}
+
+void
+gbp_endpoint_group_walk (gbp_endpoint_group_cb_t cb, void *ctx)
+{
+ gbp_endpoint_group_t *gbpe;
+
+ /* *INDENT-OFF* */
+ pool_foreach (gbpe, gbp_endpoint_group_pool)
+ {
+ if (!cb(gbpe, ctx))
+ break;
+ }
+ /* *INDENT-ON* */
+}
+
+static clib_error_t *
+gbp_endpoint_group_cli (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ gbp_endpoint_retention_t retention = { 0 };
+ vnid_t vnid = VNID_INVALID, sclass;
+ vnet_main_t *vnm = vnet_get_main ();
+ u32 uplink_sw_if_index = ~0;
+ u32 bd_id = ~0;
+ u32 rd_id = ~0;
+ u8 add = 1;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "%U", unformat_vnet_sw_interface,
+ vnm, &uplink_sw_if_index))
+ ;
+ else if (unformat (input, "add"))
+ add = 1;
+ else if (unformat (input, "del"))
+ add = 0;
+ else if (unformat (input, "epg %d", &vnid))
+ ;
+ else if (unformat (input, "sclass %d", &sclass))
+ ;
+ else if (unformat (input, "bd %d", &bd_id))
+ ;
+ else if (unformat (input, "rd %d", &rd_id))
+ ;
+ else
+ break;
+ }
+
+ if (VNID_INVALID == vnid)
+ return clib_error_return (0, "EPG-ID must be specified");
+
+ if (add)
+ {
+ if (~0 == bd_id)
+ return clib_error_return (0, "Bridge-domain must be specified");
+ if (~0 == rd_id)
+ return clib_error_return (0, "route-domain must be specified");
+
+ gbp_endpoint_group_add_and_lock (vnid, sclass, bd_id, rd_id,
+ uplink_sw_if_index, &retention);
+ }
+ else
+ gbp_endpoint_group_delete (vnid);
+
+ return (NULL);
+}
+
+/*?
+ * Configure a GBP Endpoint Group
+ *
+ * @cliexpar
+ * @cliexstart{gbp endpoint-group [del] epg <ID> bd <ID> rd <ID> [sclass <ID>] [<interface>]}
+ * @cliexend
+ ?*/
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (gbp_endpoint_group_cli_node, static) = {
+ .path = "gbp endpoint-group",
+ .short_help = "gbp endpoint-group [del] epg <ID> bd <ID> rd <ID> [sclass <ID>] [<interface>]",
+ .function = gbp_endpoint_group_cli,
+};
+
+static u8 *
+format_gbp_endpoint_retention (u8 * s, va_list * args)
+{
+ gbp_endpoint_retention_t *rt = va_arg (*args, gbp_endpoint_retention_t*);
+
+ s = format (s, "[remote-EP-timeout:%d]", rt->remote_ep_timeout);
+
+ return (s);
+}
+
+u8 *
+format_gbp_endpoint_group (u8 * s, va_list * args)
+{
+ gbp_endpoint_group_t *gg = va_arg (*args, gbp_endpoint_group_t*);
+
+ if (NULL != gg)
+ s = format (s, "[%d] %d, sclass:%d bd:%d rd:%d uplink:%U retention:%U locks:%d",
+ gg - gbp_endpoint_group_pool,
+ gg->gg_vnid,
+ gg->gg_sclass,
+ gg->gg_gbd,
+ gg->gg_rd,
+ format_gbp_itf_hdl, gg->gg_uplink_itf,
+ format_gbp_endpoint_retention, &gg->gg_retention,
+ gg->gg_locks);
+ else
+ s = format (s, "NULL");
+
+ return (s);
+}
+
+static int
+gbp_endpoint_group_show_one (gbp_endpoint_group_t *gg, void *ctx)
+{
+ vlib_main_t *vm;
+
+ vm = ctx;
+ vlib_cli_output (vm, " %U",format_gbp_endpoint_group, gg);
+
+ return (1);
+}
+
+static clib_error_t *
+gbp_endpoint_group_show (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ vlib_cli_output (vm, "Endpoint-Groups:");
+ gbp_endpoint_group_walk (gbp_endpoint_group_show_one, vm);
+
+ return (NULL);
+}
+
+
+/*?
+ * Show Group Based Policy Endpoint_Groups and derived information
+ *
+ * @cliexpar
+ * @cliexstart{show gbp endpoint_group}
+ * @cliexend
+ ?*/
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (gbp_endpoint_group_show_node, static) = {
+ .path = "show gbp endpoint-group",
+ .short_help = "show gbp endpoint-group\n",
+ .function = gbp_endpoint_group_show,
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+gbp_endpoint_group_init (vlib_main_t * vm)
+{
+ gg_logger = vlib_log_register_class ("gbp", "epg");
+
+ return (NULL);
+}
+
+VLIB_INIT_FUNCTION (gbp_endpoint_group_init);
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
Code Review / vpp.git / blobdiff