2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief Segment Routing header
19 #ifndef included_vnet_sr_h
20 #define included_vnet_sr_h
22 #include <vnet/vnet.h>
23 #include <vnet/sr/sr_packet.h>
24 #include <vnet/ip/ip6_packet.h>
26 #include <openssl/opensslconf.h>
30 #include <openssl/crypto.h>
31 #include <openssl/sha.h>
32 #include <openssl/opensslv.h>
33 #include <openssl/hmac.h>
36 * @brief Segment Route tunnel key
42 } ip6_sr_tunnel_key_t;
45 * @brief Segment Route tunnel
49 /** src, dst address */
50 ip6_sr_tunnel_key_t key;
52 /** Pptional tunnel name */
55 /** Mask width for FIB entry */
58 /** First hop, to save 1 elt in the segment list */
59 ip6_address_t first_hop;
66 /** The actual ip6 SR header */
69 /** Indicates that this tunnel is part of a policy comprising
70 of multiple tunnels. If == ~0 tunnel is not part of a policy */
74 * The FIB node graph linkage
79 * The FIB entry index for the first hop. We track this so we
80 * don't need an extra lookup for it in the data plane
82 fib_node_index_t fib_entry_index;
85 * This tunnel's sibling index in the children of the FIB entry
90 * The DPO contributed by the first-hop FIB entry.
92 dpo_id_t first_hop_dpo;
96 * @brief Shared secret for keyed-hash message authentication code (HMAC).
104 * @brief Args required for add/del tunnel.
106 * Else we end up passing a LOT of parameters around.
110 /** Key (header imposition case) */
111 ip6_address_t *src_address;
112 ip6_address_t *dst_address;
117 /** optional name argument - for referencing SR tunnel/policy by name */
120 /** optional policy name */
123 /** segment list, when inserting an ip6 SR header */
124 ip6_address_t *segments;
127 * "Tag" list, aka segments inserted at the end of the list,
132 /** Shared secret => generate SHA-256 HMAC security fields */
135 /** Flags, e.g. cleanup, policy-list flags */
136 u16 flags_net_byte_order;
138 /** Delete the tunnnel? */
140 } ip6_sr_add_del_tunnel_args_t;
143 * @brief Args for creating a policy.
145 * Typically used for multicast replication.
146 * ie a multicast address can be associated with a policy,
147 * then replicated across a number of unicast SR tunnels.
157 /** Delete the policy? */
159 } ip6_sr_add_del_policy_args_t;
162 * @brief Segment Routing policy.
164 * Typically used for multicast replication.
165 * ie a multicast address can be associated with a policy,
166 * then replicated across a number of unicast SR tunnels.
170 /** name of policy */
173 /** vector to SR tunnel index */
179 * @brief Args for mapping of multicast address to policy name.
181 * Typically used for multicast replication.
182 * ie a multicast address can be associated with a policy,
183 * then replicated across a number of unicast SR tunnels.
187 /** multicast IP6 address */
188 ip6_address_t *multicast_address;
190 /** name of policy to map to */
193 /** Delete the mapping */
196 } ip6_sr_add_del_multicastmap_args_t;
199 * @brief Segment Routing state.
203 /** pool of tunnel instances, sr entry only */
204 ip6_sr_tunnel_t *tunnels;
206 /** find an sr "tunnel" by its outer-IP src/dst */
207 uword *tunnel_index_by_key;
209 /** find an sr "tunnel" by its name */
210 uword *tunnel_index_by_name;
213 ip6_sr_policy_t *policies;
215 /** find a policy by name */
216 uword *policy_index_by_policy_name;
218 /** multicast address to policy mapping */
219 uword *policy_index_by_multicast_address;
221 /** hmac key id by shared secret */
222 uword *hmac_key_by_shared_secret;
224 /** ip6-rewrite next index for reinstalling the original dst address */
225 u32 ip6_rewrite_sr_next_index;
227 /** application API callback */
230 /** validate hmac keys */
233 /** pool of hmac keys */
234 ip6_sr_hmac_key_t *hmac_keys;
241 /** enable debug spew */
245 vlib_main_t *vlib_main;
247 vnet_main_t *vnet_main;
250 ip6_sr_main_t sr_main;
252 format_function_t format_ip6_sr_header;
253 format_function_t format_ip6_sr_header_with_length;
255 vlib_node_registration_t ip6_sr_input_node;
257 int ip6_sr_add_del_tunnel (ip6_sr_add_del_tunnel_args_t * a);
258 int ip6_sr_add_del_policy (ip6_sr_add_del_policy_args_t * a);
259 int ip6_sr_add_del_multicastmap (ip6_sr_add_del_multicastmap_args_t * a);
261 void vnet_register_sr_app_callback (void *cb);
263 void sr_fix_hmac (ip6_sr_main_t * sm, ip6_header_t * ip,
264 ip6_sr_header_t * sr);
266 #endif /* included_vnet_sr_h */
269 * fd.io coding-style-patch-verification: ON
272 * eval: (c-set-style "gnu")