2 *------------------------------------------------------------------
3 * Copyright (c) 2017 Intel and/or its affiliates.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at:
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *------------------------------------------------------------------
19 #include <sys/ioctl.h>
22 #include <vlib/vlib.h>
23 #include <vlib/unix/unix.h>
24 #include <vnet/ethernet/ethernet.h>
25 #include <vnet/fib/fib_entry.h>
26 #include <vnet/fib/fib_table.h>
27 #include <vnet/fib/fib_entry_track.h>
28 #include <vnet/mfib/mfib_table.h>
29 #include <vnet/adj/adj_mcast.h>
30 #include <vnet/dpo/dpo.h>
31 #include <vnet/plugin/plugin.h>
32 #include <vpp/app/version.h>
33 #include <gtpu/gtpu.h>
34 #include <vnet/flow/flow.h>
36 gtpu_main_t gtpu_main;
39 VNET_FEATURE_INIT (ip4_gtpu_bypass, static) = {
40 .arc_name = "ip4-unicast",
41 .node_name = "ip4-gtpu-bypass",
42 .runs_before = VNET_FEATURES ("ip4-lookup"),
45 VNET_FEATURE_INIT (ip6_gtpu_bypass, static) = {
46 .arc_name = "ip6-unicast",
47 .node_name = "ip6-gtpu-bypass",
48 .runs_before = VNET_FEATURES ("ip6-lookup"),
52 u8 * format_gtpu_encap_trace (u8 * s, va_list * args)
54 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
55 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
56 gtpu_encap_trace_t * t
57 = va_arg (*args, gtpu_encap_trace_t *);
59 s = format (s, "GTPU encap to gtpu_tunnel%d teid %d",
60 t->tunnel_index, t->teid);
65 format_decap_next (u8 * s, va_list * args)
67 u32 next_index = va_arg (*args, u32);
71 case GTPU_INPUT_NEXT_DROP:
72 return format (s, "drop");
73 case GTPU_INPUT_NEXT_L2_INPUT:
74 return format (s, "l2");
75 case GTPU_INPUT_NEXT_IP4_INPUT:
76 return format (s, "ip4");
77 case GTPU_INPUT_NEXT_IP6_INPUT:
78 return format (s, "ip6");
80 return format (s, "index %d", next_index);
86 format_gtpu_tunnel (u8 * s, va_list * args)
88 gtpu_tunnel_t *t = va_arg (*args, gtpu_tunnel_t *);
89 gtpu_main_t *ngm = >pu_main;
91 s = format (s, "[%d] src %U dst %U teid %d fib-idx %d sw-if-idx %d ",
93 format_ip46_address, &t->src, IP46_TYPE_ANY,
94 format_ip46_address, &t->dst, IP46_TYPE_ANY,
95 t->teid, t->encap_fib_index, t->sw_if_index);
97 s = format (s, "encap-dpo-idx %d ", t->next_dpo.dpoi_index);
98 s = format (s, "decap-next-%U ", format_decap_next, t->decap_next_index);
100 if (PREDICT_FALSE (ip46_address_is_multicast (&t->dst)))
101 s = format (s, "mcast-sw-if-idx %d ", t->mcast_sw_if_index);
107 format_gtpu_name (u8 * s, va_list * args)
109 u32 dev_instance = va_arg (*args, u32);
110 return format (s, "gtpu_tunnel%d", dev_instance);
113 static clib_error_t *
114 gtpu_interface_admin_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
116 u32 hw_flags = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) ?
117 VNET_HW_INTERFACE_FLAG_LINK_UP : 0;
118 vnet_hw_interface_set_flags (vnm, hw_if_index, hw_flags);
120 return /* no error */ 0;
124 VNET_DEVICE_CLASS (gtpu_device_class,static) = {
126 .format_device_name = format_gtpu_name,
127 .format_tx_trace = format_gtpu_encap_trace,
128 .admin_up_down_function = gtpu_interface_admin_up_down,
133 format_gtpu_header_with_length (u8 * s, va_list * args)
135 u32 dev_instance = va_arg (*args, u32);
136 s = format (s, "unimplemented dev %u", dev_instance);
141 VNET_HW_INTERFACE_CLASS (gtpu_hw_class) =
144 .format_header = format_gtpu_header_with_length,
145 .build_rewrite = default_build_rewrite,
146 .flags = VNET_HW_INTERFACE_CLASS_FLAG_P2P,
151 gtpu_tunnel_restack_dpo (gtpu_tunnel_t * t)
153 dpo_id_t dpo = DPO_INVALID;
154 u32 encap_index = ip46_address_is_ip4 (&t->dst) ?
155 gtpu4_encap_node.index : gtpu6_encap_node.index;
156 fib_forward_chain_type_t forw_type = ip46_address_is_ip4 (&t->dst) ?
157 FIB_FORW_CHAIN_TYPE_UNICAST_IP4 : FIB_FORW_CHAIN_TYPE_UNICAST_IP6;
159 fib_entry_contribute_forwarding (t->fib_entry_index, forw_type, &dpo);
160 dpo_stack_from_node (encap_index, &t->next_dpo, &dpo);
164 static gtpu_tunnel_t *
165 gtpu_tunnel_from_fib_node (fib_node_t * node)
167 return ((gtpu_tunnel_t *) (((char *) node) -
168 STRUCT_OFFSET_OF (gtpu_tunnel_t, node)));
172 * Function definition to backwalk a FIB node -
173 * Here we will restack the new dpo of GTPU DIP to encap node.
175 static fib_node_back_walk_rc_t
176 gtpu_tunnel_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
178 gtpu_tunnel_restack_dpo (gtpu_tunnel_from_fib_node (node));
179 return (FIB_NODE_BACK_WALK_CONTINUE);
183 * Function definition to get a FIB node from its index
186 gtpu_tunnel_fib_node_get (fib_node_index_t index)
189 gtpu_main_t *gtm = >pu_main;
191 t = pool_elt_at_index (gtm->tunnels, index);
197 * Function definition to inform the FIB node that its last lock has gone.
200 gtpu_tunnel_last_lock_gone (fib_node_t * node)
203 * The GTPU tunnel is a root of the graph. As such
204 * it never has children and thus is never locked.
210 * Virtual function table registered by GTPU tunnels
211 * for participation in the FIB object graph.
213 const static fib_node_vft_t gtpu_vft = {
214 .fnv_get = gtpu_tunnel_fib_node_get,
215 .fnv_last_lock = gtpu_tunnel_last_lock_gone,
216 .fnv_back_walk = gtpu_tunnel_back_walk,
220 #define foreach_copy_field \
222 _(mcast_sw_if_index) \
224 _(decap_next_index) \
229 ip_udp_gtpu_rewrite (gtpu_tunnel_t * t, bool is_ip6)
233 ip4_gtpu_header_t *h4;
234 ip6_gtpu_header_t *h6;
239 int len = is_ip6 ? sizeof *r.h6 : sizeof *r.h4;
241 vec_validate_aligned (r.rw, len - 1, CLIB_CACHE_LINE_BYTES);
245 /* Fixed portion of the (outer) ip header */
248 ip4_header_t *ip = &r.h4->ip4;
251 ip->ip_version_and_header_length = 0x45;
253 ip->protocol = IP_PROTOCOL_UDP;
255 ip->src_address = t->src.ip4;
256 ip->dst_address = t->dst.ip4;
258 /* we fix up the ip4 header length and checksum after-the-fact */
259 ip->checksum = ip4_header_checksum (ip);
263 ip6_header_t *ip = &r.h6->ip6;
266 ip->ip_version_traffic_class_and_flow_label =
267 clib_host_to_net_u32 (6 << 28);
269 ip->protocol = IP_PROTOCOL_UDP;
271 ip->src_address = t->src.ip6;
272 ip->dst_address = t->dst.ip6;
275 /* UDP header, randomize src port on something, maybe? */
276 udp->src_port = clib_host_to_net_u16 (2152);
277 udp->dst_port = clib_host_to_net_u16 (UDP_DST_PORT_GTPU);
280 gtpu->ver_flags = GTPU_V1_VER | GTPU_PT_GTP;
281 gtpu->type = GTPU_TYPE_GTPU;
282 gtpu->teid = clib_host_to_net_u32 (t->teid);
285 /* Now only support 8-byte gtpu header. TBD */
286 _vec_len (t->rewrite) = sizeof (ip4_gtpu_header_t) - 4;
292 gtpu_decap_next_is_valid (gtpu_main_t * gtm, u32 is_ip6, u32 decap_next_index)
294 vlib_main_t *vm = gtm->vlib_main;
295 u32 input_idx = (!is_ip6) ? gtpu4_input_node.index : gtpu6_input_node.index;
296 vlib_node_runtime_t *r = vlib_node_get_runtime (vm, input_idx);
298 return decap_next_index < r->n_next_nodes;
301 typedef CLIB_PACKED (union
305 fib_node_index_t mfib_entry_index;
306 adj_index_t mcast_adj_index;
310 static inline mcast_shared_t
311 mcast_shared_get (ip46_address_t * ip)
313 ASSERT (ip46_address_is_multicast (ip));
314 uword *p = hash_get_mem (gtpu_main.mcast_shared, ip);
316 return (mcast_shared_t)
322 mcast_shared_add (ip46_address_t * dst, fib_node_index_t mfei, adj_index_t ai)
324 mcast_shared_t new_ep = {
325 .mcast_adj_index = ai,
326 .mfib_entry_index = mfei,
329 hash_set_mem_alloc (>pu_main.mcast_shared, dst, new_ep.as_u64);
333 mcast_shared_remove (ip46_address_t * dst)
335 mcast_shared_t ep = mcast_shared_get (dst);
337 adj_unlock (ep.mcast_adj_index);
338 mfib_table_entry_delete_index (ep.mfib_entry_index, MFIB_SOURCE_GTPU);
340 hash_unset_mem_free (>pu_main.mcast_shared, dst);
343 int vnet_gtpu_add_del_tunnel
344 (vnet_gtpu_add_del_tunnel_args_t * a, u32 * sw_if_indexp)
346 gtpu_main_t *gtm = >pu_main;
347 gtpu_tunnel_t *t = 0;
348 vnet_main_t *vnm = gtm->vnet_main;
350 u32 hw_if_index = ~0;
351 u32 sw_if_index = ~0;
352 gtpu4_tunnel_key_t key4;
353 gtpu6_tunnel_key_t key6;
354 bool is_ip6 = !ip46_address_is_ip4 (&a->dst);
358 key4.src = a->dst.ip4.as_u32; /* decap src in key is encap dst in config */
359 key4.teid = clib_host_to_net_u32 (a->teid);
360 p = hash_get (gtm->gtpu4_tunnel_by_key, key4.as_u64);
364 key6.src = a->dst.ip6;
365 key6.teid = clib_host_to_net_u32 (a->teid);
366 p = hash_get_mem (gtm->gtpu6_tunnel_by_key, &key6);
371 l2input_main_t *l2im = &l2input_main;
373 /* adding a tunnel: tunnel must not already exist */
375 return VNET_API_ERROR_TUNNEL_EXIST;
377 /*if not set explicitly, default to l2 */
378 if (a->decap_next_index == ~0)
379 a->decap_next_index = GTPU_INPUT_NEXT_L2_INPUT;
380 if (!gtpu_decap_next_is_valid (gtm, is_ip6, a->decap_next_index))
381 return VNET_API_ERROR_INVALID_DECAP_NEXT;
383 pool_get_aligned (gtm->tunnels, t, CLIB_CACHE_LINE_BYTES);
384 clib_memset (t, 0, sizeof (*t));
386 /* copy from arg structure */
387 #define _(x) t->x = a->x;
391 ip_udp_gtpu_rewrite (t, is_ip6);
393 /* clear the flow index */
398 hash_set_mem_alloc (>m->gtpu6_tunnel_by_key, &key6,
401 hash_set (gtm->gtpu4_tunnel_by_key, key4.as_u64, t - gtm->tunnels);
403 vnet_hw_interface_t *hi;
404 if (vec_len (gtm->free_gtpu_tunnel_hw_if_indices) > 0)
406 vnet_interface_main_t *im = &vnm->interface_main;
407 hw_if_index = gtm->free_gtpu_tunnel_hw_if_indices
408 [vec_len (gtm->free_gtpu_tunnel_hw_if_indices) - 1];
409 _vec_len (gtm->free_gtpu_tunnel_hw_if_indices) -= 1;
411 hi = vnet_get_hw_interface (vnm, hw_if_index);
412 hi->dev_instance = t - gtm->tunnels;
413 hi->hw_instance = hi->dev_instance;
415 /* clear old stats of freed tunnel before reuse */
416 sw_if_index = hi->sw_if_index;
417 vnet_interface_counter_lock (im);
418 vlib_zero_combined_counter
419 (&im->combined_sw_if_counters[VNET_INTERFACE_COUNTER_TX],
421 vlib_zero_combined_counter (&im->combined_sw_if_counters
422 [VNET_INTERFACE_COUNTER_RX],
424 vlib_zero_simple_counter (&im->sw_if_counters
425 [VNET_INTERFACE_COUNTER_DROP],
427 vnet_interface_counter_unlock (im);
431 hw_if_index = vnet_register_interface
432 (vnm, gtpu_device_class.index, t - gtm->tunnels,
433 gtpu_hw_class.index, t - gtm->tunnels);
434 hi = vnet_get_hw_interface (vnm, hw_if_index);
437 /* Set gtpu tunnel output node */
438 u32 encap_index = !is_ip6 ?
439 gtpu4_encap_node.index : gtpu6_encap_node.index;
440 vnet_set_interface_output_node (vnm, hw_if_index, encap_index);
442 t->hw_if_index = hw_if_index;
443 t->sw_if_index = sw_if_index = hi->sw_if_index;
445 vec_validate_init_empty (gtm->tunnel_index_by_sw_if_index, sw_if_index,
447 gtm->tunnel_index_by_sw_if_index[sw_if_index] = t - gtm->tunnels;
449 /* setup l2 input config with l2 feature and bd 0 to drop packet */
450 vec_validate (l2im->configs, sw_if_index);
451 l2im->configs[sw_if_index].feature_bitmap = L2INPUT_FEAT_DROP;
452 l2im->configs[sw_if_index].bd_index = 0;
454 vnet_sw_interface_t *si = vnet_get_sw_interface (vnm, sw_if_index);
455 si->flags &= ~VNET_SW_INTERFACE_FLAG_HIDDEN;
456 vnet_sw_interface_set_flags (vnm, sw_if_index,
457 VNET_SW_INTERFACE_FLAG_ADMIN_UP);
459 fib_node_init (&t->node, gtm->fib_node_type);
460 fib_prefix_t tun_dst_pfx;
461 vnet_flood_class_t flood_class = VNET_FLOOD_CLASS_TUNNEL_NORMAL;
463 fib_prefix_from_ip46_addr (&t->dst, &tun_dst_pfx);
464 if (!ip46_address_is_multicast (&t->dst))
467 * Track the FIB entry for the tunnel's destination.
468 * The tunnel will then get poked
469 * when the forwarding for the entry updates, and the tunnel can
470 * re-stack accordingly
472 vtep_addr_ref (>m->vtep_table, t->encap_fib_index, &t->src);
473 t->fib_entry_index = fib_entry_track (t->encap_fib_index,
478 gtpu_tunnel_restack_dpo (t);
482 /* Multicast tunnel -
483 * as the same mcast group can be used for multiple mcast tunnels
484 * with different VNIs, create the output adjacency only if
485 * it does not already exist
487 fib_protocol_t fp = fib_ip_proto (is_ip6);
489 if (vtep_addr_ref (>m->vtep_table,
490 t->encap_fib_index, &t->dst) == 1)
492 fib_node_index_t mfei;
494 fib_route_path_t path = {
495 .frp_proto = fib_proto_to_dpo (fp),
496 .frp_addr = zero_addr,
497 .frp_sw_if_index = 0xffffffff,
500 .frp_flags = FIB_ROUTE_PATH_LOCAL,
501 .frp_mitf_flags = MFIB_ITF_FLAG_FORWARD,
503 const mfib_prefix_t mpfx = {
505 .fp_len = (is_ip6 ? 128 : 32),
506 .fp_grp_addr = tun_dst_pfx.fp_addr,
510 * Setup the (*,G) to receive traffic on the mcast group
511 * - the forwarding interface is for-us
512 * - the accepting interface is that from the API
514 mfib_table_entry_path_update (t->encap_fib_index,
515 &mpfx, MFIB_SOURCE_GTPU, &path);
517 path.frp_sw_if_index = a->mcast_sw_if_index;
518 path.frp_flags = FIB_ROUTE_PATH_FLAG_NONE;
519 path.frp_mitf_flags = MFIB_ITF_FLAG_ACCEPT;
520 mfei = mfib_table_entry_path_update (t->encap_fib_index,
522 MFIB_SOURCE_GTPU, &path);
525 * Create the mcast adjacency to send traffic to the group
527 ai = adj_mcast_add_or_lock (fp,
528 fib_proto_to_link (fp),
529 a->mcast_sw_if_index);
532 * create a new end-point
534 mcast_shared_add (&t->dst, mfei, ai);
537 dpo_id_t dpo = DPO_INVALID;
538 mcast_shared_t ep = mcast_shared_get (&t->dst);
540 /* Stack shared mcast dst mac addr rewrite on encap */
541 dpo_set (&dpo, DPO_ADJACENCY_MCAST,
542 fib_proto_to_dpo (fp), ep.mcast_adj_index);
544 dpo_stack_from_node (encap_index, &t->next_dpo, &dpo);
547 flood_class = VNET_FLOOD_CLASS_TUNNEL_MASTER;
550 vnet_get_sw_interface (vnet_get_main (), sw_if_index)->flood_class =
555 /* deleting a tunnel: tunnel must exist */
557 return VNET_API_ERROR_NO_SUCH_ENTRY;
559 t = pool_elt_at_index (gtm->tunnels, p[0]);
560 sw_if_index = t->sw_if_index;
562 vnet_sw_interface_set_flags (vnm, t->sw_if_index, 0 /* down */ );
563 vnet_sw_interface_t *si = vnet_get_sw_interface (vnm, t->sw_if_index);
564 si->flags |= VNET_SW_INTERFACE_FLAG_HIDDEN;
566 /* make sure tunnel is removed from l2 bd or xconnect */
567 set_int_l2_mode (gtm->vlib_main, vnm, MODE_L3, t->sw_if_index, 0,
568 L2_BD_PORT_TYPE_NORMAL, 0, 0);
569 vec_add1 (gtm->free_gtpu_tunnel_hw_if_indices, t->hw_if_index);
571 gtm->tunnel_index_by_sw_if_index[t->sw_if_index] = ~0;
574 hash_unset (gtm->gtpu4_tunnel_by_key, key4.as_u64);
576 hash_unset_mem_free (>m->gtpu6_tunnel_by_key, &key6);
578 if (!ip46_address_is_multicast (&t->dst))
580 if (t->flow_index != ~0)
581 vnet_flow_del (vnm, t->flow_index);
583 vtep_addr_unref (>m->vtep_table, t->encap_fib_index, &t->src);
584 fib_entry_untrack (t->fib_entry_index, t->sibling_index);
586 else if (vtep_addr_unref (>m->vtep_table,
587 t->encap_fib_index, &t->dst) == 0)
589 mcast_shared_remove (&t->dst);
592 fib_node_deinit (&t->node);
593 vec_free (t->rewrite);
594 pool_put (gtm->tunnels, t);
598 *sw_if_indexp = sw_if_index;
602 /* register udp ports */
603 if (!is_ip6 && !udp_is_valid_dst_port (UDP_DST_PORT_GTPU, 1))
604 udp_register_dst_port (gtm->vlib_main, UDP_DST_PORT_GTPU,
605 gtpu4_input_node.index, /* is_ip4 */ 1);
606 if (is_ip6 && !udp_is_valid_dst_port (UDP_DST_PORT_GTPU6, 0))
607 udp_register_dst_port (gtm->vlib_main, UDP_DST_PORT_GTPU6,
608 gtpu6_input_node.index, /* is_ip4 */ 0);
615 get_decap_next_for_node (u32 node_index, u32 ipv4_set)
617 gtpu_main_t *gtm = >pu_main;
618 vlib_main_t *vm = gtm->vlib_main;
619 uword input_node = (ipv4_set) ? gtpu4_input_node.index :
620 gtpu6_input_node.index;
622 return vlib_node_add_next (vm, input_node, node_index);
626 unformat_decap_next (unformat_input_t * input, va_list * args)
628 u32 *result = va_arg (*args, u32 *);
629 u32 ipv4_set = va_arg (*args, int);
630 gtpu_main_t *gtm = >pu_main;
631 vlib_main_t *vm = gtm->vlib_main;
635 if (unformat (input, "l2"))
636 *result = GTPU_INPUT_NEXT_L2_INPUT;
637 else if (unformat (input, "ip4"))
638 *result = GTPU_INPUT_NEXT_IP4_INPUT;
639 else if (unformat (input, "ip6"))
640 *result = GTPU_INPUT_NEXT_IP6_INPUT;
641 else if (unformat (input, "node %U", unformat_vlib_node, vm, &node_index))
642 *result = get_decap_next_for_node (node_index, ipv4_set);
643 else if (unformat (input, "%d", &tmp))
651 static clib_error_t *
652 gtpu_add_del_tunnel_command_fn (vlib_main_t * vm,
653 unformat_input_t * input,
654 vlib_cli_command_t * cmd)
656 unformat_input_t _line_input, *line_input = &_line_input;
657 ip46_address_t src, dst;
664 u32 encap_fib_index = 0;
665 u32 mcast_sw_if_index = ~0;
666 u32 decap_next_index = GTPU_INPUT_NEXT_L2_INPUT;
670 vnet_gtpu_add_del_tunnel_args_t _a, *a = &_a;
671 u32 tunnel_sw_if_index;
672 clib_error_t *error = NULL;
674 /* Cant "universally zero init" (={0}) due to GCC bug 53119 */
675 clib_memset (&src, 0, sizeof src);
676 clib_memset (&dst, 0, sizeof dst);
678 /* Get a line of input. */
679 if (!unformat_user (input, unformat_line_input, line_input))
682 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
684 if (unformat (line_input, "del"))
688 else if (unformat (line_input, "src %U",
689 unformat_ip4_address, &src.ip4))
694 else if (unformat (line_input, "dst %U",
695 unformat_ip4_address, &dst.ip4))
700 else if (unformat (line_input, "src %U",
701 unformat_ip6_address, &src.ip6))
706 else if (unformat (line_input, "dst %U",
707 unformat_ip6_address, &dst.ip6))
712 else if (unformat (line_input, "group %U %U",
713 unformat_ip4_address, &dst.ip4,
714 unformat_vnet_sw_interface,
715 vnet_get_main (), &mcast_sw_if_index))
717 grp_set = dst_set = 1;
720 else if (unformat (line_input, "group %U %U",
721 unformat_ip6_address, &dst.ip6,
722 unformat_vnet_sw_interface,
723 vnet_get_main (), &mcast_sw_if_index))
725 grp_set = dst_set = 1;
728 else if (unformat (line_input, "encap-vrf-id %d", &tmp))
730 encap_fib_index = fib_table_find (fib_ip_proto (ipv6_set), tmp);
731 if (encap_fib_index == ~0)
734 clib_error_return (0, "nonexistent encap-vrf-id %d", tmp);
738 else if (unformat (line_input, "decap-next %U", unformat_decap_next,
739 &decap_next_index, ipv4_set))
741 else if (unformat (line_input, "teid %d", &teid))
745 error = clib_error_return (0, "parse error: '%U'",
746 format_unformat_error, line_input);
753 error = clib_error_return (0, "tunnel src address not specified");
759 error = clib_error_return (0, "tunnel dst address not specified");
763 if (grp_set && !ip46_address_is_multicast (&dst))
765 error = clib_error_return (0, "tunnel group address not multicast");
769 if (grp_set == 0 && ip46_address_is_multicast (&dst))
771 error = clib_error_return (0, "dst address must be unicast");
775 if (grp_set && mcast_sw_if_index == ~0)
777 error = clib_error_return (0, "tunnel nonexistent multicast device");
781 if (ipv4_set && ipv6_set)
783 error = clib_error_return (0, "both IPv4 and IPv6 addresses specified");
787 if (ip46_address_cmp (&src, &dst) == 0)
789 error = clib_error_return (0, "src and dst addresses are identical");
793 if (decap_next_index == ~0)
795 error = clib_error_return (0, "next node not found");
799 clib_memset (a, 0, sizeof (*a));
803 #define _(x) a->x = x;
807 rv = vnet_gtpu_add_del_tunnel (a, &tunnel_sw_if_index);
813 vlib_cli_output (vm, "%U\n", format_vnet_sw_if_index_name,
814 vnet_get_main (), tunnel_sw_if_index);
817 case VNET_API_ERROR_TUNNEL_EXIST:
818 error = clib_error_return (0, "tunnel already exists...");
821 case VNET_API_ERROR_NO_SUCH_ENTRY:
822 error = clib_error_return (0, "tunnel does not exist...");
826 error = clib_error_return
827 (0, "vnet_gtpu_add_del_tunnel returned %d", rv);
832 unformat_free (line_input);
838 * Add or delete a GTPU Tunnel.
840 * GTPU provides the features needed to allow L2 bridge domains (BDs)
841 * to span multiple servers. This is done by building an L2 overlay on
842 * top of an L3 network underlay using GTPU tunnels.
844 * This makes it possible for servers to be co-located in the same data
845 * center or be separated geographically as long as they are reachable
846 * through the underlay L3 network.
848 * You can refer to this kind of L2 overlay bridge domain as a GTPU
849 * (Virtual eXtensible VLAN) segment.
852 * Example of how to create a GTPU Tunnel:
853 * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 teid 13 encap-vrf-id 7}
854 * Example of how to delete a GTPU Tunnel:
855 * @cliexcmd{create gtpu tunnel src 10.0.3.1 dst 10.0.3.3 teid 13 del}
858 VLIB_CLI_COMMAND (create_gtpu_tunnel_command, static) = {
859 .path = "create gtpu tunnel",
861 "create gtpu tunnel src <local-vtep-addr>"
862 " {dst <remote-vtep-addr>|group <mcast-vtep-addr> <intf-name>} teid <nn>"
863 " [encap-vrf-id <nn>] [decap-next [l2|ip4|ip6|node <name>]] [del]",
864 .function = gtpu_add_del_tunnel_command_fn,
868 static clib_error_t *
869 show_gtpu_tunnel_command_fn (vlib_main_t * vm,
870 unformat_input_t * input,
871 vlib_cli_command_t * cmd)
873 gtpu_main_t *gtm = >pu_main;
876 if (pool_elts (gtm->tunnels) == 0)
877 vlib_cli_output (vm, "No gtpu tunnels configured...");
879 pool_foreach (t, gtm->tunnels, (
881 vlib_cli_output (vm, "%U",
882 format_gtpu_tunnel, t);
890 * Display all the GTPU Tunnel entries.
893 * Example of how to display the GTPU Tunnel entries:
894 * @cliexstart{show gtpu tunnel}
895 * [0] src 10.0.3.1 dst 10.0.3.3 teid 13 encap_fib_index 0 sw_if_index 5 decap_next l2
899 VLIB_CLI_COMMAND (show_gtpu_tunnel_command, static) = {
900 .path = "show gtpu tunnel",
901 .short_help = "show gtpu tunnel",
902 .function = show_gtpu_tunnel_command_fn,
907 vnet_int_gtpu_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable)
910 vnet_feature_enable_disable ("ip6-unicast", "ip6-gtpu-bypass",
911 sw_if_index, is_enable, 0, 0);
913 vnet_feature_enable_disable ("ip4-unicast", "ip4-gtpu-bypass",
914 sw_if_index, is_enable, 0, 0);
917 static clib_error_t *
918 set_ip_gtpu_bypass (u32 is_ip6,
919 unformat_input_t * input, vlib_cli_command_t * cmd)
921 unformat_input_t _line_input, *line_input = &_line_input;
922 vnet_main_t *vnm = vnet_get_main ();
923 clib_error_t *error = 0;
924 u32 sw_if_index, is_enable;
929 if (!unformat_user (input, unformat_line_input, line_input))
932 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
935 (line_input, unformat_vnet_sw_interface, vnm, &sw_if_index))
937 else if (unformat (line_input, "del"))
941 error = unformat_parse_error (line_input);
946 if (~0 == sw_if_index)
948 error = clib_error_return (0, "unknown interface `%U'",
949 format_unformat_error, line_input);
953 vnet_int_gtpu_bypass_mode (sw_if_index, is_ip6, is_enable);
956 unformat_free (line_input);
961 static clib_error_t *
962 set_ip4_gtpu_bypass (vlib_main_t * vm,
963 unformat_input_t * input, vlib_cli_command_t * cmd)
965 return set_ip_gtpu_bypass (0, input, cmd);
969 * This command adds the 'ip4-gtpu-bypass' graph node for a given interface.
970 * By adding the IPv4 gtpu-bypass graph node to an interface, the node checks
971 * for and validate input gtpu packet and bypass ip4-lookup, ip4-local,
972 * ip4-udp-lookup nodes to speedup gtpu packet forwarding. This node will
973 * cause extra overhead to for non-gtpu packets which is kept at a minimum.
977 * Example of graph node before ip4-gtpu-bypass is enabled:
978 * @cliexstart{show vlib graph ip4-gtpu-bypass}
980 * ip4-gtpu-bypass error-drop [0]
985 * Example of how to enable ip4-gtpu-bypass on an interface:
986 * @cliexcmd{set interface ip gtpu-bypass GigabitEthernet2/0/0}
988 * Example of graph node after ip4-gtpu-bypass is enabled:
989 * @cliexstart{show vlib graph ip4-gtpu-bypass}
991 * ip4-gtpu-bypass error-drop [0] ip4-input
992 * gtpu4-input [1] ip4-input-no-checksum
996 * Example of how to display the feature enabled on an interface:
997 * @cliexstart{show ip interface features GigabitEthernet2/0/0}
998 * IP feature paths configured on GigabitEthernet2/0/0...
1006 * Example of how to disable ip4-gtpu-bypass on an interface:
1007 * @cliexcmd{set interface ip gtpu-bypass GigabitEthernet2/0/0 del}
1011 VLIB_CLI_COMMAND (set_interface_ip_gtpu_bypass_command, static) = {
1012 .path = "set interface ip gtpu-bypass",
1013 .function = set_ip4_gtpu_bypass,
1014 .short_help = "set interface ip gtpu-bypass <interface> [del]",
1018 static clib_error_t *
1019 set_ip6_gtpu_bypass (vlib_main_t * vm,
1020 unformat_input_t * input, vlib_cli_command_t * cmd)
1022 return set_ip_gtpu_bypass (1, input, cmd);
1026 * This command adds the 'ip6-gtpu-bypass' graph node for a given interface.
1027 * By adding the IPv6 gtpu-bypass graph node to an interface, the node checks
1028 * for and validate input gtpu packet and bypass ip6-lookup, ip6-local,
1029 * ip6-udp-lookup nodes to speedup gtpu packet forwarding. This node will
1030 * cause extra overhead to for non-gtpu packets which is kept at a minimum.
1034 * Example of graph node before ip6-gtpu-bypass is enabled:
1035 * @cliexstart{show vlib graph ip6-gtpu-bypass}
1036 * Name Next Previous
1037 * ip6-gtpu-bypass error-drop [0]
1042 * Example of how to enable ip6-gtpu-bypass on an interface:
1043 * @cliexcmd{set interface ip6 gtpu-bypass GigabitEthernet2/0/0}
1045 * Example of graph node after ip6-gtpu-bypass is enabled:
1046 * @cliexstart{show vlib graph ip6-gtpu-bypass}
1047 * Name Next Previous
1048 * ip6-gtpu-bypass error-drop [0] ip6-input
1049 * gtpu6-input [1] ip4-input-no-checksum
1053 * Example of how to display the feature enabled on an interface:
1054 * @cliexstart{show ip interface features GigabitEthernet2/0/0}
1055 * IP feature paths configured on GigabitEthernet2/0/0...
1063 * Example of how to disable ip6-gtpu-bypass on an interface:
1064 * @cliexcmd{set interface ip6 gtpu-bypass GigabitEthernet2/0/0 del}
1068 VLIB_CLI_COMMAND (set_interface_ip6_gtpu_bypass_command, static) = {
1069 .path = "set interface ip6 gtpu-bypass",
1070 .function = set_ip6_gtpu_bypass,
1071 .short_help = "set interface ip6 gtpu-bypass <interface> [del]",
1076 vnet_gtpu_add_del_rx_flow (u32 hw_if_index, u32 t_index, int is_add)
1078 gtpu_main_t *gtm = >pu_main;
1079 gtpu_tunnel_t *t = pool_elt_at_index (gtm->tunnels, t_index);
1080 vnet_main_t *vnm = vnet_get_main ();
1083 if (t->flow_index == ~0)
1085 vnet_flow_t flow = {
1087 VNET_FLOW_ACTION_REDIRECT_TO_NODE | VNET_FLOW_ACTION_MARK |
1088 VNET_FLOW_ACTION_BUFFER_ADVANCE,
1089 .mark_flow_id = t_index + gtm->flow_id_start,
1090 .redirect_node_index = gtpu4_flow_input_node.index,
1091 .buffer_advance = sizeof (ethernet_header_t)
1092 + sizeof (ip4_header_t) + sizeof (udp_header_t),
1093 .type = VNET_FLOW_TYPE_IP4_GTPU_IP4,
1095 .protocol = IP_PROTOCOL_UDP,
1096 .src_addr.addr = t->dst.ip4,
1097 .src_addr.mask.as_u32 = ~0,
1098 .dst_addr.addr = t->src.ip4,
1099 .dst_addr.mask.as_u32 = ~0,
1104 vnet_flow_add (vnm, &flow, &t->flow_index);
1107 return vnet_flow_enable (vnm, t->flow_index, hw_if_index);
1110 /* flow index is removed when the tunnel is deleted */
1111 return vnet_flow_disable (vnm, t->flow_index, hw_if_index);
1115 vnet_gtpu_get_tunnel_index (u32 sw_if_index)
1117 gtpu_main_t *gtm = >pu_main;
1119 if (sw_if_index >= vec_len (gtm->tunnel_index_by_sw_if_index))
1121 return gtm->tunnel_index_by_sw_if_index[sw_if_index];
1124 static clib_error_t *
1125 gtpu_offload_command_fn (vlib_main_t * vm,
1126 unformat_input_t * input, vlib_cli_command_t * cmd)
1128 unformat_input_t _line_input, *line_input = &_line_input;
1130 /* Get a line of input. */
1131 if (!unformat_user (input, unformat_line_input, line_input))
1134 vnet_main_t *vnm = vnet_get_main ();
1135 u32 rx_sw_if_index = ~0;
1136 u32 hw_if_index = ~0;
1139 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1141 if (unformat (line_input, "hw %U", unformat_vnet_hw_interface, vnm,
1144 if (unformat (line_input, "rx %U", unformat_vnet_sw_interface, vnm,
1147 if (unformat (line_input, "del"))
1152 return clib_error_return (0, "unknown input `%U'",
1153 format_unformat_error, line_input);
1156 if (rx_sw_if_index == ~0)
1157 return clib_error_return (0, "missing rx interface");
1158 if (hw_if_index == ~0)
1159 return clib_error_return (0, "missing hw interface");
1161 u32 t_index = vnet_gtpu_get_tunnel_index (rx_sw_if_index);;
1163 return clib_error_return (0, "%U is not a gtpu tunnel",
1164 format_vnet_sw_if_index_name, vnm,
1167 gtpu_main_t *gtm = >pu_main;
1168 gtpu_tunnel_t *t = pool_elt_at_index (gtm->tunnels, t_index);
1170 /* first support ipv4 hw offload */
1171 if (!ip46_address_is_ip4 (&t->dst))
1172 return clib_error_return (0, "currently only IPV4 tunnels are supported");
1174 /* inner protocol should be IPv4 */
1175 if (t->decap_next_index != GTPU_INPUT_NEXT_IP4_INPUT)
1176 return clib_error_return (0,
1177 "currently only inner IPV4 protocol is supported");
1179 vnet_hw_interface_t *hw_if = vnet_get_hw_interface (vnm, hw_if_index);
1180 ip4_main_t *im = &ip4_main;
1182 vec_elt (im->fib_index_by_sw_if_index, hw_if->sw_if_index);
1184 if (t->encap_fib_index != rx_fib_index)
1185 return clib_error_return (0, "interface/tunnel fib mismatch");
1187 if (vnet_gtpu_add_del_rx_flow (hw_if_index, t_index, is_add))
1188 return clib_error_return (0, "error %s flow",
1189 is_add ? "enabling" : "disabling");
1196 VLIB_CLI_COMMAND (gtpu_offload_command, static) = {
1197 .path = "set flow-offload gtpu",
1199 "set flow-offload gtpu hw <inerface-name> rx <tunnel-name> [del]",
1200 .function = gtpu_offload_command_fn,
1205 gtpu_init (vlib_main_t * vm)
1207 gtpu_main_t *gtm = >pu_main;
1209 gtm->vnet_main = vnet_get_main ();
1210 gtm->vlib_main = vm;
1212 vnet_flow_get_range (gtm->vnet_main, "gtpu", 1024 * 1024,
1213 >m->flow_id_start);
1215 /* initialize the ip6 hash */
1216 gtm->gtpu6_tunnel_by_key = hash_create_mem (0,
1217 sizeof (gtpu6_tunnel_key_t),
1219 gtm->vtep_table = vtep_table_create ();
1220 gtm->mcast_shared = hash_create_mem (0,
1221 sizeof (ip46_address_t),
1222 sizeof (mcast_shared_t));
1224 gtm->fib_node_type = fib_node_register_new_type (>pu_vft);
1229 VLIB_INIT_FUNCTION (gtpu_init);
1232 VLIB_PLUGIN_REGISTER () = {
1233 .version = VPP_BUILD_VER,
1234 .description = "GPRS Tunnelling Protocol, User Data (GTPv1-U)",
1239 * fd.io coding-style-patch-verification: ON
1242 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob