* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/**
+ * @file
+ * @brief Segment Routing header
+ *
+ * @note sr_replicate only works using DPDK today
+ */
#ifndef included_vnet_sr_h
#define included_vnet_sr_h
#include <openssl/opensslv.h>
#include <openssl/hmac.h>
+/**
+ * @brief Segment Route tunnel key
+ */
typedef struct
{
ip6_address_t src;
ip6_address_t dst;
} ip6_sr_tunnel_key_t;
+/**
+ * @brief Segment Route tunnel
+ */
typedef struct
{
- /* src, dst address */
+ /** src, dst address */
ip6_sr_tunnel_key_t key;
- /* optional tunnel name */
+ /** Pptional tunnel name */
u8 *name;
- /* mask width for FIB entry */
+ /** Mask width for FIB entry */
u32 dst_mask_width;
- /* first hop, to save 1 elt in the segment list */
+ /** First hop, to save 1 elt in the segment list */
ip6_address_t first_hop;
- /* Fib indices */
+ /** RX Fib index */
u32 rx_fib_index;
+ /** TX Fib index */
u32 tx_fib_index;
- /* The actual ip6 sr header */
+ /** The actual ip6 SR header */
u8 *rewrite;
- /* Indicates that this tunnel is part of a policy comprising
- of multiple tunnels. */
+ /** Indicates that this tunnel is part of a policy comprising
+ of multiple tunnels. If == ~0 tunnel is not part of a policy */
u32 policy_index;
} ip6_sr_tunnel_t;
+/**
+ * @brief Shared secret for keyed-hash message authentication code (HMAC).
+ */
typedef struct
{
u8 *shared_secret;
} ip6_sr_hmac_key_t;
+/**
+ * @brief Args required for add/del tunnel.
+ *
+ * Else we end up passing a LOT of parameters around.
+ */
typedef struct
{
- /* Key (header imposition case) */
+ /** Key (header imposition case) */
ip6_address_t *src_address;
ip6_address_t *dst_address;
u32 dst_mask_width;
u32 rx_table_id;
u32 tx_table_id;
- /* optional name argument - for referencing SR tunnel/policy by name */
+ /** optional name argument - for referencing SR tunnel/policy by name */
u8 *name;
- /* optional policy name */
+ /** optional policy name */
u8 *policy_name;
- /* segment list, when inserting an ip6 SR header */
+ /** segment list, when inserting an ip6 SR header */
ip6_address_t *segments;
- /*
+ /**
* "Tag" list, aka segments inserted at the end of the list,
* past last_seg
*/
ip6_address_t *tags;
- /* Shared secret => generate SHA-256 HMAC security fields */
+ /** Shared secret => generate SHA-256 HMAC security fields */
u8 *shared_secret;
- /* Flags, e.g. cleanup, policy-list flags */
+ /** Flags, e.g. cleanup, policy-list flags */
u16 flags_net_byte_order;
- /* Delete the tunnnel? */
+ /** Delete the tunnnel? */
u8 is_del;
} ip6_sr_add_del_tunnel_args_t;
+/**
+ * @brief Args for creating a policy.
+ *
+ * Typically used for multicast replication.
+ * ie a multicast address can be associated with a policy,
+ * then replicated across a number of unicast SR tunnels.
+ */
typedef struct
{
- /* policy name */
+ /** policy name */
u8 *name;
- /* tunnel names */
+ /** tunnel names */
u8 **tunnel_names;
- /* Delete the policy? */
+ /** Delete the policy? */
u8 is_del;
} ip6_sr_add_del_policy_args_t;
-
+/**
+ * @brief Segment Routing policy.
+ *
+ * Typically used for multicast replication.
+ * ie a multicast address can be associated with a policy,
+ * then replicated across a number of unicast SR tunnels.
+ */
typedef struct
{
- /* name of policy */
+ /** name of policy */
u8 *name;
- /* vector to SR tunnel index */
+ /** vector to SR tunnel index */
u32 *tunnel_indices;
} ip6_sr_policy_t;
+/**
+ * @brief Args for mapping of multicast address to policy name.
+ *
+ * Typically used for multicast replication.
+ * ie a multicast address can be associated with a policy,
+ * then replicated across a number of unicast SR tunnels.
+ */
typedef struct
{
- /* multicast IP6 address */
+ /** multicast IP6 address */
ip6_address_t *multicast_address;
- /* name of policy to map to */
+ /** name of policy to map to */
u8 *policy_name;
- /* Delete the mapping */
+ /** Delete the mapping */
u8 is_del;
} ip6_sr_add_del_multicastmap_args_t;
+/**
+ * @brief Segment Routing state.
+ */
typedef struct
{
- /* pool of tunnel instances, sr entry only */
+ /** pool of tunnel instances, sr entry only */
ip6_sr_tunnel_t *tunnels;
- /* find an sr "tunnel" by its outer-IP src/dst */
+ /** find an sr "tunnel" by its outer-IP src/dst */
uword *tunnel_index_by_key;
- /* find an sr "tunnel" by its name */
+ /** find an sr "tunnel" by its name */
uword *tunnel_index_by_name;
- /* policy pool */
+ /** policy pool */
ip6_sr_policy_t *policies;
- /* find a policy by name */
+ /** find a policy by name */
uword *policy_index_by_policy_name;
- /* multicast address to policy mapping */
+ /** multicast address to policy mapping */
uword *policy_index_by_multicast_address;
- /* ip6-lookup next index for imposition FIB entries */
- u32 ip6_lookup_sr_next_index;
-
- /* hmac key id by shared secret */
+ /** hmac key id by shared secret */
uword *hmac_key_by_shared_secret;
- /* ip6-rewrite next index for reinstalling the original dst address */
+ /** ip6-rewrite next index for reinstalling the original dst address */
u32 ip6_rewrite_sr_next_index;
- /* ip6-replicate next index for multicast tunnel */
+ /** ip6-replicate next index for multicast tunnel */
u32 ip6_lookup_sr_replicate_index;
- /* application API callback */
+ /** application API callback */
void *sr_local_cb;
- /* validate hmac keys */
+ /** validate hmac keys */
u8 validate_hmac;
- /* pool of hmac keys */
+ /** pool of hmac keys */
ip6_sr_hmac_key_t *hmac_keys;
- /* Openssl vbls */
+ /** Openssl var */
EVP_MD *md;
+ /** Openssl var */
HMAC_CTX *hmac_ctx;
- /* enable debug spew */
+ /** enable debug spew */
u8 is_debug;
- /* convenience */
+ /** convenience */
vlib_main_t *vlib_main;
+ /** convenience */
vnet_main_t *vnet_main;
} ip6_sr_main_t;