--- /dev/null
+#!/usr/bin/env python
+
+import unittest
+import random
+
+from scapy.packet import Raw
+from scapy.layers.l2 import Ether
+from scapy.layers.inet import IP, UDP
+from logging import *
+
+from framework import VppTestCase, VppTestRunner
+from util import Host
+
+
+class TestSpan(VppTestCase):
+ """ SPAN Test Case """
+
+ # Test variables
+ hosts_nr = 10 # Number of hosts
+ pkts_per_burst = 257 # Number of packets per burst
+
+ @classmethod
+ def setUpClass(cls):
+ super(TestSpan, cls).setUpClass()
+
+ def setUp(self):
+ super(TestSpan, self).setUp()
+
+ # create 3 pg interfaces
+ self.create_pg_interfaces(range(3))
+
+ # packet flows mapping pg0 -> pg1, pg2 -> pg3, etc.
+ self.flows = dict()
+ self.flows[self.pg0] = [self.pg1]
+
+ # packet sizes
+ self.pg_if_packet_sizes = [64, 512] #, 1518, 9018]
+
+ self.interfaces = list(self.pg_interfaces)
+
+ # Create host MAC and IPv4 lists
+ # self.MY_MACS = dict()
+ # self.MY_IP4S = dict()
+ self.create_host_lists(TestSpan.hosts_nr)
+
+ # Create bi-directional cross-connects between pg0 and pg1
+ self.vapi.sw_interface_set_l2_xconnect(
+ self.pg0.sw_if_index, self.pg1.sw_if_index, enable=1)
+ self.vapi.sw_interface_set_l2_xconnect(
+ self.pg1.sw_if_index, self.pg0.sw_if_index, enable=1)
+
+ # setup all interfaces
+ for i in self.interfaces:
+ i.admin_up()
+ i.config_ip4()
+ i.resolve_arp()
+
+ # Enable SPAN on pg0 (mirrored to pg2)
+ self.vapi.sw_interface_span_enable_disable(self.pg0.sw_if_index, self.pg2.sw_if_index)
+
+ def tearDown(self):
+ super(TestSpan, self).tearDown()
+
+ def create_host_lists(self, count):
+ """ Method to create required number of MAC and IPv4 addresses.
+ Create required number of host MAC addresses and distribute them among
+ interfaces. Create host IPv4 address for every host MAC address too.
+
+ :param count: Number of hosts to create MAC and IPv4 addresses for.
+ """
+ # mapping between packet-generator index and lists of test hosts
+ self.hosts_by_pg_idx = dict()
+
+ for pg_if in self.pg_interfaces:
+ # self.MY_MACS[i.sw_if_index] = []
+ # self.MY_IP4S[i.sw_if_index] = []
+ self.hosts_by_pg_idx[pg_if.sw_if_index] = []
+ hosts = self.hosts_by_pg_idx[pg_if.sw_if_index]
+ for j in range(0, count):
+ host = Host(
+ "00:00:00:ff:%02x:%02x" % (pg_if.sw_if_index, j),
+ "172.17.1%02x.%u" % (pg_if.sw_if_index, j))
+ hosts.append(host)
+
+ def create_stream(self, src_if, packet_sizes):
+ pkts = []
+ for i in range(0, TestSpan.pkts_per_burst):
+ dst_if = self.flows[src_if][0]
+ dst_host = random.choice(self.hosts_by_pg_idx[dst_if.sw_if_index])
+ src_host = random.choice(self.hosts_by_pg_idx[src_if.sw_if_index])
+ pkt_info = self.create_packet_info(
+ src_if.sw_if_index, dst_if.sw_if_index)
+ payload = self.info_to_payload(pkt_info)
+ p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
+ IP(src=src_if.remote_ip4, dst=dst_if.remote_ip4) /
+ UDP(sport=1234, dport=1234) /
+ Raw(payload))
+ pkt_info.data = p.copy()
+ size = packet_sizes[(i / 2) % len(packet_sizes)]
+ self.extend_packet(p, size)
+ pkts.append(p)
+ return pkts
+
+ def verify_capture(self, dst_if, capture_pg1, capture_pg2):
+ last_info = dict()
+ for i in self.interfaces:
+ last_info[i.sw_if_index] = None
+ dst_sw_if_index = dst_if.sw_if_index
+ if len(capture_pg1) != len(capture_pg2):
+ error("Diffrent number of outgoing and mirrored packets : %u != %u"
+ % (len(capture_pg1), len(capture_pg2)))
+ raise
+ for pkt_pg1, pkt_pg2 in zip(capture_pg1, capture_pg2):
+ try:
+ ip1 = pkt_pg1[IP]
+ udp1 = pkt_pg1[UDP]
+ raw1 = pkt_pg1[Raw]
+
+ if pkt_pg1[Ether] != pkt_pg2[Ether]:
+ error("Diffrent ethernet header of outgoing and mirrored packet")
+ raise
+ if ip1 != pkt_pg2[IP]:
+ error("Diffrent ip header of outgoing and mirrored packet")
+ raise
+ if udp1 != pkt_pg2[UDP]:
+ error("Diffrent udp header of outgoing and mirrored packet")
+ raise
+ if raw1 != pkt_pg2[Raw]:
+ error("Diffrent raw data of outgoing and mirrored packet")
+ raise
+
+ payload_info = self.payload_to_info(str(raw1))
+ packet_index = payload_info.index
+ self.assertEqual(payload_info.dst, dst_sw_if_index)
+ debug("Got packet on port %s: src=%u (id=%u)" %
+ (dst_if.name, payload_info.src, packet_index))
+ next_info = self.get_next_packet_info_for_interface2(
+ payload_info.src, dst_sw_if_index,
+ last_info[payload_info.src])
+ last_info[payload_info.src] = next_info
+ self.assertTrue(next_info is not None)
+ self.assertEqual(packet_index, next_info.index)
+ saved_packet = next_info.data
+ # Check standard fields
+ self.assertEqual(ip1.src, saved_packet[IP].src)
+ self.assertEqual(ip1.dst, saved_packet[IP].dst)
+ self.assertEqual(udp1.sport, saved_packet[UDP].sport)
+ self.assertEqual(udp1.dport, saved_packet[UDP].dport)
+ except:
+ error("Unexpected or invalid packet:")
+ pkt_pg1.show()
+ pkt_pg2.show()
+ raise
+ for i in self.interfaces:
+ remaining_packet = self.get_next_packet_info_for_interface2(
+ i, dst_sw_if_index, last_info[i.sw_if_index])
+ self.assertTrue(remaining_packet is None,
+ "Port %u: Packet expected from source %u didn't"
+ " arrive" % (dst_sw_if_index, i.sw_if_index))
+
+ def test_span(self):
+ """ SPAN test
+
+ Test scenario:
+ 1. config
+ 3 interfaces, pg0 l2xconnected with pg1
+ 2. sending l2 eth packets between 2 interfaces (pg0, pg1) and mirrored to pg2
+ 64B, 512B, 1518B, 9018B (ether_size)
+ burst of packets per interface
+ """
+
+ # Create incoming packet streams for packet-generator interfaces
+ pkts = self.create_stream(self.pg0, self.pg_if_packet_sizes)
+ self.pg0.add_stream(pkts)
+
+ # Enable packet capturing and start packet sending
+ self.pg_enable_capture(self.pg_interfaces)
+ self.pg_start()
+
+ # Verify packets outgoing packet streams on mirrored interface (pg2)
+ info("Verifying capture on interfaces %s and %s" % (self.pg1.name, self.pg2.name))
+ self.verify_capture(self.pg1, self.pg1.get_capture(), self.pg2.get_capture())
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=VppTestRunner)
dst_address
)
)
+
+ def sw_interface_span_enable_disable(self, sw_if_index_from, sw_if_index_to, enable=1):
+ """
+
+ :param sw_if_index_from:
+ :param sw_if_index_to:
+ :param enable
+
+ """
+ return self.api(vpp_papi.sw_interface_span_enable_disable, (sw_if_index_from, sw_if_index_to, enable ))
nobase_include_HEADERS += \
vnet/lawful-intercept/lawful_intercept.h
+########################################
+# SPAN (port mirroring)
+########################################
+
+libvnet_la_SOURCES += \
+ vnet/span/span.c \
+ vnet/span/node.c
+
+nobase_include_HEADERS += \
+ vnet/span/span.h
+
########################################
# Packet generator
########################################
.runs_before = VNET_FEATURES ("ethernet-input"),
};
+VNET_FEATURE_INIT (span_input, static) = {
+ .arc_name = "device-input",
+ .node_name = "span-input",
+ .runs_before = VNET_FEATURES ("ethernet-input"),
+};
+
VNET_FEATURE_INIT (ethernet_input, static) = {
.arc_name = "device-input",
.node_name = "ethernet-input",
vec_validate_init_empty (cm->config_index_by_sw_if_index, sw_if_index, ~0);
ci = cm->config_index_by_sw_if_index[sw_if_index];
+ vec_validate (fm->feature_count_by_sw_if_index[arc_index], sw_if_index);
+ if (!enable_disable
+ && fm->feature_count_by_sw_if_index[arc_index][sw_if_index] < 1)
+ return 0;
+
ci = (enable_disable
? vnet_config_add_feature
: vnet_config_del_feature)
return &fm->feature_config_mains[arc_index];
}
+static_always_inline vnet_feature_config_main_t *
+vnet_feature_get_config_main (u16 arc)
+{
+ vnet_feature_main_t *fm = &feature_main;
+ return &fm->feature_config_mains[arc];
+}
+
static_always_inline int
vnet_have_features (u8 arc, u32 sw_if_index)
{
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vlib/vlib.h>
+#include <vnet/vnet.h>
+#include <vppinfra/error.h>
+
+#include <vnet/span/span.h>
+
+#include <vppinfra/error.h>
+#include <vppinfra/elog.h>
+
+vlib_node_registration_t span_node;
+
+/* packet trace format function */
+u8 *
+format_span_trace (u8 * s, va_list * args)
+{
+ CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
+ CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
+ span_trace_t *t = va_arg (*args, span_trace_t *);
+
+ vnet_main_t *vnm = &vnet_main;
+ s = format (s, "SPAN: mirrored %U -> %U",
+ format_vnet_sw_if_index_name, vnm, t->src_sw_if_index,
+ format_vnet_sw_if_index_name, vnm, t->mirror_sw_if_index);
+
+ return s;
+}
+
+#define foreach_span_error \
+_(HITS, "SPAN incomming packets processed")
+
+typedef enum
+{
+#define _(sym,str) SPAN_ERROR_##sym,
+ foreach_span_error
+#undef _
+ SPAN_N_ERROR,
+} span_error_t;
+
+static char *span_error_strings[] = {
+#define _(sym,string) string,
+ foreach_span_error
+#undef _
+};
+
+static uword
+span_node_fn (vlib_main_t * vm,
+ vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+ span_main_t *sm = &span_main;
+ vnet_main_t *vnm = &vnet_main;
+ u32 n_left_from, *from, *to_next, *to_mirror_next = 0;
+ u32 n_span_packets = 0;
+ u32 next_index, mirror_sw_if_index0, mirror_sw_if_index1;
+ u32 last_mirror_sw_if_index = ~0;
+ vlib_frame_t *mirror_frame = 0;
+
+ from = vlib_frame_vector_args (frame);
+ n_left_from = frame->n_vectors;
+ next_index = node->cached_next_index;
+
+ /* TODO dual loop */
+ while (n_left_from > 0)
+ {
+ u32 n_left_to_next;
+
+ vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
+
+ while (n_left_from >= 4 && n_left_to_next >= 2)
+ {
+ u32 bi0;
+ u32 bi1;
+ vlib_buffer_t *b0, *c0;
+ vlib_buffer_t *b1, *c1;
+ u32 sw_if_index0;
+ u32 next0 = 0; //SPAN_NEXT_ORIG_ETHERNET;
+ u32 sw_if_index1;
+ u32 next1 = 1; //SPAN_NEXT_ORIG_ETHERNET;
+
+ /* speculatively enqueue b0, b1 to the current next frame */
+ to_next[0] = bi0 = from[0];
+ to_next[1] = bi1 = from[1];
+ to_next += 2;
+ n_left_to_next -= 2;
+ from += 2;
+ n_left_from -= 2;
+
+ b0 = vlib_get_buffer (vm, bi0);
+ sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
+ mirror_sw_if_index0 = sm->dst_by_src_sw_if_index[sw_if_index0];
+ b1 = vlib_get_buffer (vm, bi1);
+ sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX];
+ mirror_sw_if_index1 = sm->dst_by_src_sw_if_index[sw_if_index1];
+
+ /* get frame to mirror interface */
+ if (PREDICT_FALSE
+ ((last_mirror_sw_if_index != mirror_sw_if_index0)
+ || mirror_frame == 0))
+ {
+ if (mirror_frame)
+ vnet_put_frame_to_sw_interface (vnm, last_mirror_sw_if_index,
+ mirror_frame);
+ last_mirror_sw_if_index = mirror_sw_if_index0;
+ mirror_frame =
+ vnet_get_frame_to_sw_interface (vnm, mirror_sw_if_index0);
+ to_mirror_next = vlib_frame_vector_args (mirror_frame);
+ }
+ /* get frame to mirror interface */
+ if (PREDICT_FALSE
+ ((last_mirror_sw_if_index != mirror_sw_if_index1)
+ || mirror_frame == 0))
+ {
+ if (mirror_frame)
+ vnet_put_frame_to_sw_interface (vnm, last_mirror_sw_if_index,
+ mirror_frame);
+ last_mirror_sw_if_index = mirror_sw_if_index1;
+ mirror_frame =
+ vnet_get_frame_to_sw_interface (vnm, mirror_sw_if_index0);
+ to_mirror_next = vlib_frame_vector_args (mirror_frame);
+ }
+ c0 = vlib_buffer_copy (vm, b0);
+ vnet_buffer (c0)->sw_if_index[VLIB_TX] = mirror_sw_if_index0;
+ to_mirror_next[0] = vlib_get_buffer_index (vm, c0);
+ to_mirror_next += 1;
+ mirror_frame->n_vectors++;
+
+ vnet_feature_next (sw_if_index0, &next0, b0);
+
+ c1 = vlib_buffer_copy (vm, b1);
+ vnet_buffer (c1)->sw_if_index[VLIB_TX] = mirror_sw_if_index1;
+ to_mirror_next[0] = vlib_get_buffer_index (vm, c1);
+ to_mirror_next += 1;
+ mirror_frame->n_vectors++;
+
+ vnet_feature_next (sw_if_index1, &next1, b1);
+
+ if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
+ {
+ span_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
+ t->src_sw_if_index = sw_if_index0;
+ t->mirror_sw_if_index =
+ sm->dst_by_src_sw_if_index[sw_if_index0];
+ }
+
+ if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
+ {
+ span_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t));
+ t->src_sw_if_index = sw_if_index1;
+ t->mirror_sw_if_index =
+ sm->dst_by_src_sw_if_index[sw_if_index1];
+ }
+ /* verify speculative enqueue, maybe switch current next frame */
+ vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
+ to_next, n_left_to_next,
+ bi0, bi1, next0, next1);
+ }
+ while (n_left_from > 0 && n_left_to_next > 0)
+ {
+ u32 bi0;
+ vlib_buffer_t *b0, *c0;
+ u32 sw_if_index0;
+ u32 next0 = 0; //SPAN_NEXT_ORIG_ETHERNET;
+
+ /* speculatively enqueue b0 to the current next frame */
+ to_next[0] = bi0 = from[0];
+ to_next += 1;
+ n_left_to_next -= 1;
+ from += 1;
+ n_left_from -= 1;
+
+ b0 = vlib_get_buffer (vm, bi0);
+ sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
+ mirror_sw_if_index0 = sm->dst_by_src_sw_if_index[sw_if_index0];
+
+ /* get frame to mirror interface */
+ if (PREDICT_FALSE
+ ((last_mirror_sw_if_index != mirror_sw_if_index0)
+ || mirror_frame == 0))
+ {
+ if (mirror_frame)
+ vnet_put_frame_to_sw_interface (vnm, last_mirror_sw_if_index,
+ mirror_frame);
+ last_mirror_sw_if_index = mirror_sw_if_index0;
+ mirror_frame =
+ vnet_get_frame_to_sw_interface (vnm, mirror_sw_if_index0);
+ to_mirror_next = vlib_frame_vector_args (mirror_frame);
+ }
+ c0 = vlib_buffer_copy (vm, b0);
+ vnet_buffer (c0)->sw_if_index[VLIB_TX] = mirror_sw_if_index0;
+ to_mirror_next[0] = vlib_get_buffer_index (vm, c0);
+ to_mirror_next += 1;
+ mirror_frame->n_vectors++;
+
+ vnet_feature_next (sw_if_index0, &next0, b0);
+
+ if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
+ {
+ span_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
+ t->src_sw_if_index = sw_if_index0;
+ t->mirror_sw_if_index =
+ sm->dst_by_src_sw_if_index[sw_if_index0];
+ }
+ /* verify speculative enqueue, maybe switch current next frame */
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
+ n_left_to_next, bi0, next0);
+ }
+
+ vlib_put_next_frame (vm, node, next_index, n_left_to_next);
+ }
+
+ vnet_put_frame_to_sw_interface (vnm, last_mirror_sw_if_index, mirror_frame);
+ vlib_node_increment_counter (vm, span_node.index, SPAN_ERROR_HITS,
+ n_span_packets);
+
+ return frame->n_vectors;
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (span_node) = {
+ .function = span_node_fn,
+ .name = "span-input",
+ .vector_size = sizeof (u32),
+ .format_trace = format_span_trace,
+ .type = VLIB_NODE_TYPE_INTERNAL,
+
+ .n_errors = ARRAY_LEN(span_error_strings),
+ .error_strings = span_error_strings,
+
+ .n_next_nodes = 0,
+
+ /* edit / add dispositions here */
+ .next_nodes = {
+ [0] = "error-drop",
+ },
+};
+
+/* *INDENT-ON* */
+
+VLIB_NODE_FUNCTION_MULTIARCH (span_node, span_node_fn)
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vlib/vlib.h>
+#include <vppinfra/error.h>
+#include <vnet/feature/feature.h>
+
+#include <vnet/span/span.h>
+
+int
+span_add_delete_entry (vlib_main_t * vm,
+ u32 src_sw_if_index, u32 dst_sw_if_index, u8 is_add)
+{
+ span_main_t *sm = &span_main;
+
+ if ((src_sw_if_index == ~0) || (dst_sw_if_index == ~0 && is_add)
+ || (src_sw_if_index == dst_sw_if_index))
+ return VNET_API_ERROR_INVALID_INTERFACE;
+
+ vnet_sw_interface_t *sw =
+ vnet_get_sw_interface (sm->vnet_main, src_sw_if_index);
+
+ vec_validate_aligned (sm->dst_by_src_sw_if_index, sw->hw_if_index,
+ CLIB_CACHE_LINE_BYTES);
+ sm->dst_by_src_sw_if_index[sw->hw_if_index] = is_add ? dst_sw_if_index : 0;
+ vnet_feature_enable_disable ("device-input", "span-input",
+ sw->hw_if_index, is_add, 0, 0);
+ return 0;
+}
+
+static clib_error_t *
+set_interface_span_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ span_main_t *sm = &span_main;
+ u32 src_sw_if_index = ~0;
+ u32 dst_sw_if_index = ~0;
+ u8 is_add = 1;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "%U", unformat_vnet_sw_interface,
+ sm->vnet_main, &src_sw_if_index))
+ ;
+ else if (unformat (input, "destination %U", unformat_vnet_sw_interface,
+ sm->vnet_main, &dst_sw_if_index))
+ ;
+ else if (unformat (input, "disable"))
+ is_add = 0;
+ else
+ break;
+ }
+
+ int rv =
+ span_add_delete_entry (vm, src_sw_if_index, dst_sw_if_index, is_add);
+ if (rv == VNET_API_ERROR_INVALID_INTERFACE)
+ return clib_error_return (0, "Invalid interface");
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (set_interface_span_command, static) = {
+ .path = "set interface span",
+ .short_help = "set interface span <if-name> [disable | destination <if-name>]",
+ .function = set_interface_span_command_fn,
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+show_interfaces_span_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+
+ span_main_t *sm = &span_main;
+ vnet_main_t *vnm = &vnet_main;
+ u32 src_sw_if_index = 0, *dst_sw_if_index;
+ u8 header = 1;
+
+ vec_foreach (dst_sw_if_index, sm->dst_by_src_sw_if_index)
+ {
+ if (*dst_sw_if_index > 0) // && *dst_sw_if_index != ~0)
+ {
+ if (header)
+ {
+ vlib_cli_output (vm,
+ "SPAN source interface to destination interface table");
+ header = 0;
+ }
+ vlib_cli_output (vm, "%32U => %-32U",
+ format_vnet_sw_if_index_name, vnm, src_sw_if_index,
+ format_vnet_sw_if_index_name, vnm, *dst_sw_if_index);
+ }
+ src_sw_if_index++;
+ }
+ return 0;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (show_interfaces_span_command, static) = {
+ .path = "show interfaces span",
+ .short_help = "Shows SPAN mirror table",
+ .function = show_interfaces_span_command_fn,
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+span_init (vlib_main_t * vm)
+{
+ span_main_t *sm = &span_main;
+
+ sm->vlib_main = vm;
+ sm->vnet_main = vnet_get_main ();
+
+ return 0;
+}
+
+VLIB_INIT_FUNCTION (span_init);
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __span_h__
+#define __span_h__
+
+#include <vnet/vnet.h>
+#include <vnet/ip/ip.h>
+
+typedef struct
+{
+ /* destination interface index by source interface index */
+ u32 *dst_by_src_sw_if_index;
+
+ /* convenience */
+ vlib_main_t *vlib_main;
+ vnet_main_t *vnet_main;
+} span_main_t;
+
+span_main_t span_main;
+
+typedef struct
+{
+ u32 src_sw_if_index; /* mirrored interface index */
+ u32 mirror_sw_if_index; /* output interface index */
+} span_trace_t;
+
+#endif /* __span_h__ */
+
+int
+span_add_delete_entry (vlib_main_t * vm, u32 src_sw_if_index,
+ u32 dst_sw_if_index, u8 is_add);
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
--- /dev/null
+# VPP SPAN implementation
+
+This is a memo intended to contain documentation of the VPP SPAN implementation.
+Everything that is not directly obvious should come here.
+
+
+## Switched Port Analyzer (SPAN)
+Port mirroring is used on a network switch to send a copy of network packets seen on one switch port to a network monitoring connection on another switch port.
+Can be used by network engineers or administrators to measure performnce, analyze and debug data or diagnose errors on a network.
+
+### RX traffic node
+There is one static node to mirror incomming packets.
+* span-input: Creates a copy of incomming buffer due to incomming buffers can be reused internally.
+
+Chaining: dpdk-input -> span-input ->
+* original buffer is sent to ethernet-input for processing
+* buffer copy is sent to interface-output
+
+### Configuration
+SPAN supports the following CLI configuration commands:
+
+#### Enable/Disable SPAN (CLI)
+ set interface span <if-name> [disable | destination <if-name>]
+
+<if-name>: mirrored interface name
+destination <if-name>: monitoring interface name
+disable: delete mirroring
+
+#### Enable/Disabl SPAN (API)
+SPAN supports the following API configuration command:
+ sw_interface_span_enable_disable src GigabitEthernet0/8/0 dst GigabitEthernet0/9/0
+ sw_interface_span_enable_disable src_sw_if_index 1 dst_sw_if_index 2
+
+src/src_sw_if_index: mirrored interface name
+dst/dst_sw_if_index: monitoring interface name
+
+#### Remove SPAN entry (API)
+SPAN supports the following API configuration command:
+ sw_interface_span_enable_disable src_sw_if_index 1 dst_sw_if_index 2 disable
+
+src_sw_if_index: mirrored interface name
+dst_sw_if_index: monitoring interface name
+
+### Configuration example
+
+Mirror all packets on interface GigabitEthernet0/10/0 to interface GigabitEthernet0/11/0.
+
+Configure IPv4 addresses on mirrored interface:
+set interface ip address GigabitEthernet0/10/0 192.168.1.13/24
+set interface state GigabitEthernet0/10/0 up
+
+Configure IPv4 addresses on monitoring interface:
+set interface ip address GigabitEthernet0/11/0 192.168.2.13/24
+set interface state GigabitEthernet0/11/0 up
+
+Configure SPAN
+set span src GigabitEthernet0/10/0 dst GigabitEthernet0/11/0
+
+### Operational data
+
+Active SPAN mirroring CLI show command:
+ show interfaces span
+
+Active SPAN mirroring API dump command:
+ sw_interface_span_dump
#include <vnet/ip/ip6_hop_by_hop.h>
#include <vnet/ip/ip_source_and_port_range_check.h>
#include <vnet/policer/xlate.h>
+#include <vnet/span/span.h>
#include <vnet/policer/policer.h>
#include <vnet/policer/police.h>
_(set_ipfix_classify_stream_reply) \
_(ipfix_classify_table_add_del_reply) \
_(flow_classify_set_interface_reply) \
+_(sw_interface_span_enable_disable_reply) \
_(pg_capture_reply) \
_(pg_enable_disable_reply) \
_(ip_source_and_port_range_check_add_del_reply) \
_(IPFIX_CLASSIFY_TABLE_DETAILS, ipfix_classify_table_details) \
_(FLOW_CLASSIFY_SET_INTERFACE_REPLY, flow_classify_set_interface_reply) \
_(FLOW_CLASSIFY_DETAILS, flow_classify_details) \
+_(SW_INTERFACE_SPAN_ENABLE_DISABLE_REPLY, sw_interface_span_enable_disable_reply) \
+_(SW_INTERFACE_SPAN_DETAILS, sw_interface_span_details) \
_(GET_NEXT_INDEX_REPLY, get_next_index_reply) \
_(PG_CREATE_INTERFACE_REPLY, pg_create_interface_reply) \
_(PG_CAPTURE_REPLY, pg_capture_reply) \
mp->transport_protocol);
}
+static int
+api_sw_interface_span_enable_disable (vat_main_t * vam)
+{
+ unformat_input_t *i = vam->input;
+ vl_api_sw_interface_span_enable_disable_t *mp;
+ f64 timeout;
+ u32 src_sw_if_index = ~0;
+ u32 dst_sw_if_index = ~0;
+ u8 enable = 1;
+
+ while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (i, "src %U", unformat_sw_if_index, vam, &src_sw_if_index))
+ ;
+ else if (unformat (i, "src_sw_if_index %d", &src_sw_if_index))
+ ;
+ else
+ if (unformat
+ (i, "dst %U", unformat_sw_if_index, vam, &dst_sw_if_index))
+ ;
+ else if (unformat (i, "dst_sw_if_index %d", &dst_sw_if_index))
+ ;
+ else if (unformat (i, "disable"))
+ enable = 0;
+ else
+ break;
+ }
+
+ M (SW_INTERFACE_SPAN_ENABLE_DISABLE, sw_interface_span_enable_disable);
+
+ mp->sw_if_index_from = htonl (src_sw_if_index);
+ mp->sw_if_index_to = htonl (dst_sw_if_index);
+ mp->enable = enable;
+
+ S;
+ W;
+ /* NOTREACHED */
+ return 0;
+}
+
+static void
+vl_api_sw_interface_span_details_t_handler (vl_api_sw_interface_span_details_t
+ * mp)
+{
+ vat_main_t *vam = &vat_main;
+
+ fformat (vam->ofp, "%u => %u\n",
+ ntohl (mp->sw_if_index_from), ntohl (mp->sw_if_index_to));
+}
+
+static void
+ vl_api_sw_interface_span_details_t_handler_json
+ (vl_api_sw_interface_span_details_t * mp)
+{
+ vat_main_t *vam = &vat_main;
+ vat_json_node_t *node = NULL;
+
+ if (VAT_JSON_ARRAY != vam->json_tree.type)
+ {
+ ASSERT (VAT_JSON_NONE == vam->json_tree.type);
+ vat_json_init_array (&vam->json_tree);
+ }
+ node = vat_json_array_add (&vam->json_tree);
+
+ vat_json_init_object (node);
+ vat_json_object_add_uint (node, "src-if-index",
+ ntohl (mp->sw_if_index_from));
+ vat_json_object_add_uint (node, "dst-if-index", ntohl (mp->sw_if_index_to));
+}
+
+static int
+api_sw_interface_span_dump (vat_main_t * vam)
+{
+ vl_api_sw_interface_span_dump_t *mp;
+ f64 timeout;
+
+ M (SW_INTERFACE_SPAN_DUMP, sw_interface_span_dump);
+ S;
+
+ /* Use a control ping for synchronization */
+ {
+ vl_api_control_ping_t *mp;
+ M (CONTROL_PING, control_ping);
+ S;
+ }
+ W;
+}
+
int
api_pg_create_interface (vat_main_t * vam)
{
_(ipfix_classify_stream_dump, "") \
_(ipfix_classify_table_add_del, "table <table-index> ip4|ip6 [tcp|udp]")\
_(ipfix_classify_table_dump, "") \
+_(sw_interface_span_enable_disable, "[src <intfc> | src_sw_if_index <id>] [[dst <intfc> | dst_sw_if_index <id>] | disable]") \
+_(sw_interface_span_dump, "") \
_(get_next_index, "node-name <node-name> next-node-name <node-name>") \
_(pg_create_interface, "if_id <nn>") \
_(pg_capture, "if_id <nnn> pcap <file_name> count <nnn> [disable]") \
#include <vnet/l2/l2_fib.h>
#include <vnet/l2/l2_bd.h>
#include <vpp-api/vpe_msg_enum.h>
+#include <vnet/span/span.h>
#include <vnet/fib/ip6_fib.h>
#include <vnet/fib/ip4_fib.h>
_(IPFIX_CLASSIFY_STREAM_DUMP, ipfix_classify_stream_dump) \
_(IPFIX_CLASSIFY_TABLE_ADD_DEL, ipfix_classify_table_add_del) \
_(IPFIX_CLASSIFY_TABLE_DUMP, ipfix_classify_table_dump) \
+_(SW_INTERFACE_SPAN_ENABLE_DISABLE, sw_interface_span_enable_disable) \
+_(SW_INTERFACE_SPAN_DUMP, sw_interface_span_dump) \
_(GET_NEXT_INDEX, get_next_index) \
_(PG_CREATE_INTERFACE, pg_create_interface) \
_(PG_CAPTURE, pg_capture) \
send_ipfix_classify_table_details (i, q, mp->context);
}
+static void
+ vl_api_sw_interface_span_enable_disable_t_handler
+ (vl_api_sw_interface_span_enable_disable_t * mp)
+{
+ vl_api_sw_interface_span_enable_disable_reply_t *rmp;
+ int rv;
+
+ vlib_main_t *vm = vlib_get_main ();
+
+ rv = span_add_delete_entry (vm, ntohl (mp->sw_if_index_from),
+ ntohl (mp->sw_if_index_to), mp->enable);
+
+ REPLY_MACRO (VL_API_SW_INTERFACE_SPAN_ENABLE_DISABLE_REPLY);
+}
+
+static void
+vl_api_sw_interface_span_dump_t_handler (vl_api_sw_interface_span_dump_t * mp)
+{
+
+ unix_shared_memory_queue_t *q;
+ vl_api_sw_interface_span_details_t *rmp;
+ span_main_t *sm = &span_main;
+ u32 src_sw_if_index = 0, *dst_sw_if_index;
+
+ q = vl_api_client_index_to_input_queue (mp->client_index);
+ vec_foreach (dst_sw_if_index, sm->dst_by_src_sw_if_index)
+ {
+ if (*dst_sw_if_index > 0)
+ {
+ rmp = vl_msg_api_alloc (sizeof (*rmp));
+ memset (rmp, 0, sizeof (*rmp));
+ rmp->_vl_msg_id = ntohs (VL_API_SW_INTERFACE_SPAN_DETAILS);
+ rmp->context = mp->context;
+
+ rmp->sw_if_index_from = htonl (src_sw_if_index);
+ rmp->sw_if_index_to = htonl (*dst_sw_if_index);
+
+ vl_msg_api_send_shmem (q, (u8 *) & rmp);
+ }
+ src_sw_if_index++;
+ }
+}
+
static void
vl_api_pg_create_interface_t_handler (vl_api_pg_create_interface_t * mp)
{
FINISH;
}
+static void *vl_api_sw_interface_span_enable_disable_t_print
+ (vl_api_sw_interface_span_enable_disable_t * mp, void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: sw_interface_span_enable_disable ");
+ s = format (s, "src_sw_if_index %u ", ntohl (mp->sw_if_index_from));
+ s = format (s, "dst_sw_if_index %u ", ntohl (mp->sw_if_index_to));
+ if (!mp->enable)
+ s = format (s, "disable ");
+
+ FINISH;
+}
+
+static void *
+vl_api_sw_interface_span_dump_t_print (vl_api_sw_interface_span_dump_t * mp,
+ void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: sw_interface_span_dump ");
+
+ FINISH;
+}
+
static void *vl_api_get_next_index_t_print
(vl_api_get_next_index_t * mp, void *handle)
{
_(IPFIX_CLASSIFY_STREAM_DUMP, ipfix_classify_stream_dump) \
_(IPFIX_CLASSIFY_TABLE_ADD_DEL, ipfix_classify_table_add_del) \
_(IPFIX_CLASSIFY_TABLE_DUMP, ipfix_classify_table_dump) \
+_(SW_INTERFACE_SPAN_ENABLE_DISABLE, sw_interface_span_enable_disable) \
+_(SW_INTERFACE_SPAN_DUMP, sw_interface_span_dump) \
_(GET_NEXT_INDEX, get_next_index) \
_(PG_CREATE_INTERFACE,pg_create_interface) \
_(PG_CAPTURE, pg_capture) \
u32 table_index;
};
+/** \brief Enable/Disable span to mirror traffic from one interface to another
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context which was passed in the request
+ @param sw_if_index_from - interface to be mirorred
+ @param sw_if_index_to - interface where the traffic is mirrored
+ @param enable - 1 enable SPAN, 0 SPAN on given interface
+*/
+define sw_interface_span_enable_disable{
+ u32 client_index;
+ u32 context;
+ u32 sw_if_index_from;
+ u32 sw_if_index_to;
+ u8 enable;
+};
+
+/** \brief Reply to SPAN enable/disable request
+ @param context - sender context which was passed in the request
+*/
+define sw_interface_span_enable_disable_reply {
+ u32 context;
+ i32 retval;
+};
+
+/** \brief SPAN dump request
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+define sw_interface_span_dump {
+ u32 client_index;
+ u32 context;
+};
+
+/** \brief Reply to SPAN dump request
+ @param context - sender context which was passed in the request
+ @param sw_if_index_from - mirorred interface
+ @param sw_if_index_to - interface where the traffic is mirrored
+*/
+define sw_interface_span_details {
+ u32 context;
+ u32 sw_if_index_from;
+ u32 sw_if_index_to;
+};
+
/** \brief Query relative index via node names
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
Code Review / vpp.git / commitdiff