X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fgbp%2Fgbp_policy_dpo.c;h=4b8cd5bf6ad0b89d7353ef6ed2b018d38f68744e;hb=7d98a12f29d5b9696df98b8af2f128614a4f0360;hp=bfe5974f8070295d98158970809fd518960ba3d2;hpb=25b049484fcf9161edb2c19250066b893c38c264;p=vpp.git

diff --git a/src/plugins/gbp/gbp_policy_dpo.c b/src/plugins/gbp/gbp_policy_dpo.c
index bfe5974f807..4b8cd5bf6ad 100644
--- a/src/plugins/gbp/gbp_policy_dpo.c
+++ b/src/plugins/gbp/gbp_policy_dpo.c
@@ -13,15 +13,15 @@
  * limitations under the License.
  */
 
-#include <plugins/gbp/gbp.h>
-#include <plugins/gbp/gbp_policy_dpo.h>
-#include <plugins/gbp/gbp_recirc.h>
-
 #include <vnet/dpo/dvr_dpo.h>
 #include <vnet/fib/ip4_fib.h>
 #include <vnet/fib/ip6_fib.h>
 #include <vnet/dpo/load_balance.h>
 
+#include <plugins/gbp/gbp.h>
+#include <plugins/gbp/gbp_policy_dpo.h>
+#include <plugins/gbp/gbp_recirc.h>
+
 /**
  * DPO pool
  */
@@ -92,6 +92,16 @@ gbp_policy_dpo_unlock (dpo_id_t * dpo)
     }
 }
 
+static u32
+gbp_policy_dpo_get_urpf (const dpo_id_t * dpo)
+{
+  gbp_policy_dpo_t *gpd;
+
+  gpd = gbp_policy_dpo_get_from_dpo (dpo);
+
+  return (gpd->gpd_sw_if_index);
+}
+
 void
 gbp_policy_dpo_add_or_lock (dpo_proto_t dproto,
 			    epg_id_t epg, u32 sw_if_index, dpo_id_t * dpo)
@@ -138,6 +148,7 @@ const static dpo_vft_t gbp_policy_dpo_vft = {
   .dv_lock = gbp_policy_dpo_lock,
   .dv_unlock = gbp_policy_dpo_unlock,
   .dv_format = format_gbp_policy_dpo,
+  .dv_get_urpf = gbp_policy_dpo_get_urpf,
 };
 
 /**
@@ -195,8 +206,9 @@ typedef enum
 always_inline uword
 gbp_policy_dpo_inline (vlib_main_t * vm,
 		       vlib_node_runtime_t * node,
-		       vlib_frame_t * from_frame, fib_protocol_t fproto)
+		       vlib_frame_t * from_frame, u8 is_ip6)
 {
+  gbp_main_t *gm = &gbp_main;
   u32 n_left_from, next_index, *from, *to_next;
 
   from = vlib_frame_vector_args (from_frame);
@@ -213,8 +225,11 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
       while (n_left_from > 0 && n_left_to_next > 0)
 	{
 	  const gbp_policy_dpo_t *gpd0;
-	  u32 bi0, next0, acl_index0;
+	  u32 bi0, next0;
 	  gbp_contract_key_t key0;
+	  gbp_contract_value_t value0 = {
+	    .as_u64 = ~0,
+	  };
 	  vlib_buffer_t *b0;
 
 	  bi0 = from[0];
@@ -224,7 +239,6 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
 	  n_left_from -= 1;
 	  n_left_to_next -= 1;
 	  next0 = GBP_POLICY_DROP;
-	  acl_index0 = ~0;
 
 	  b0 = vlib_get_buffer (vm, bi0);
 	  gpd0 =
@@ -245,18 +259,35 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
 		}
 	      else
 		{
-		  acl_index0 = gbp_acl_lookup (&key0);
+		  value0.as_u64 = gbp_acl_lookup (&key0);
 
-		  if (~0 != acl_index0)
+		  if (~0 != value0.gc_lc_index)
 		    {
+		      fa_5tuple_opaque_t pkt_5tuple0;
+		      u8 action0 = 0;
+		      u32 acl_pos_p0, acl_match_p0;
+		      u32 rule_match_p0, trace_bitmap0;
 		      /*
-		       * TODO tests against the ACL
-		       */
-		      /*
-		       * ACL tables are not available outside of ACL plugin
-		       * until then bypass the ACL to next node
+		       * tests against the ACL
 		       */
-		      next0 = gpd0->gpd_dpo.dpoi_next_node;
+		      acl_plugin_fill_5tuple_inline (gm->
+						     acl_plugin.p_acl_main,
+						     value0.gc_lc_index, b0,
+						     is_ip6,
+						     /* is_input */ 1,
+						     /* is_l2_path */ 0,
+						     &pkt_5tuple0);
+		      acl_plugin_match_5tuple_inline (gm->
+						      acl_plugin.p_acl_main,
+						      value0.gc_lc_index,
+						      &pkt_5tuple0, is_ip6,
+						      &action0, &acl_pos_p0,
+						      &acl_match_p0,
+						      &rule_match_p0,
+						      &trace_bitmap0);
+
+		      if (action0 > 0)
+			next0 = gpd0->gpd_dpo.dpoi_next_node;
 		    }
 		}
 	    }
@@ -276,7 +307,7 @@ gbp_policy_dpo_inline (vlib_main_t * vm,
 	      tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
 	      tr->src_epg = key0.gck_src;
 	      tr->dst_epg = key0.gck_dst;
-	      tr->acl_index = acl_index0;
+	      tr->acl_index = value0.gc_acl_index;
 	    }
 
 	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
@@ -304,14 +335,14 @@ static uword
 ip4_gbp_policy_dpo (vlib_main_t * vm,
 		    vlib_node_runtime_t * node, vlib_frame_t * from_frame)
 {
-  return (gbp_policy_dpo_inline (vm, node, from_frame, FIB_PROTOCOL_IP4));
+  return (gbp_policy_dpo_inline (vm, node, from_frame, 0));
 }
 
 static uword
 ip6_gbp_policy_dpo (vlib_main_t * vm,
 		    vlib_node_runtime_t * node, vlib_frame_t * from_frame)
 {
-  return (gbp_policy_dpo_inline (vm, node, from_frame, FIB_PROTOCOL_IP6));
+  return (gbp_policy_dpo_inline (vm, node, from_frame, 1));
 }
 
 /* *INDENT-OFF* */
@@ -424,8 +455,7 @@ gbp_lpm_classify_inline (vlib_main_t * vm,
 	    {
 	      gpd0 = gbp_policy_dpo_get_i (dpo0->dpoi_index);
 	      src_epg0 = gpd0->gpd_epg;
-	      vnet_feature_next (vnet_buffer (b0)->sw_if_index[VLIB_RX],
-				 &next0, b0);
+	      vnet_feature_next (&next0, b0);
 	    }
 	  else
 	    {
@@ -499,7 +529,7 @@ VLIB_NODE_FUNCTION_MULTIARCH (gbp_ip4_lpm_classify_node, gbp_ip4_lpm_classify);
 
 VLIB_REGISTER_NODE (gbp_ip6_lpm_classify_node) = {
   .function = gbp_ip6_lpm_classify,
-  .name = "ip6-gpb-lpm-classify",
+  .name = "ip6-gbp-lpm-classify",
   .vector_size = sizeof (u32),
   .format_trace = format_gbp_classify_trace,
   .type = VLIB_NODE_TYPE_INTERNAL,