FD.io VPP  v16.09
Vector Packet Processing
ip6_whitelist.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <vnet/cop/cop.h>
16 
17 typedef struct {
18  u32 next_index;
19  u32 sw_if_index;
20 } ip6_cop_whitelist_trace_t;
21 
22 /* packet trace format function */
23 static u8 * format_ip6_cop_whitelist_trace (u8 * s, va_list * args)
24 {
25  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
26  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
27  ip6_cop_whitelist_trace_t * t = va_arg (*args, ip6_cop_whitelist_trace_t *);
28 
29  s = format (s, "IP6_COP_WHITELIST: sw_if_index %d, next index %d",
30  t->sw_if_index, t->next_index);
31  return s;
32 }
33 
34 vlib_node_registration_t ip6_cop_whitelist_node;
35 
36 #define foreach_ip6_cop_whitelist_error \
37 _(DROPPED, "ip6 cop whitelist packets dropped")
38 
39 typedef enum {
40 #define _(sym,str) IP6_COP_WHITELIST_ERROR_##sym,
41  foreach_ip6_cop_whitelist_error
42 #undef _
43  IP6_COP_WHITELIST_N_ERROR,
44 } ip6_cop_whitelist_error_t;
45 
46 static char * ip6_cop_whitelist_error_strings[] = {
47 #define _(sym,string) string,
48  foreach_ip6_cop_whitelist_error
49 #undef _
50 };
51 
52 static uword
53 ip6_cop_whitelist_node_fn (vlib_main_t * vm,
54  vlib_node_runtime_t * node,
55  vlib_frame_t * frame)
56 {
57  u32 n_left_from, * from, * to_next;
58  cop_feature_type_t next_index;
59  cop_main_t *cm = &cop_main;
60  ip6_main_t * im6 = &ip6_main;
61  ip_lookup_main_t * lm6 = &im6->lookup_main;
62  vlib_combined_counter_main_t * vcm = &im6->lookup_main.adjacency_counters;
63  u32 cpu_index = vm->cpu_index;
64 
65  from = vlib_frame_vector_args (frame);
66  n_left_from = frame->n_vectors;
67  next_index = node->cached_next_index;
68 
69  while (n_left_from > 0)
70  {
71  u32 n_left_to_next;
72 
73  vlib_get_next_frame (vm, node, next_index,
74  to_next, n_left_to_next);
75 
76  while (n_left_from >= 4 && n_left_to_next >= 2)
77  {
78  u32 bi0, bi1;
79  vlib_buffer_t * b0, * b1;
80  u32 next0, next1;
81  u32 sw_if_index0, sw_if_index1;
82  ip6_header_t * ip0, * ip1;
83  cop_config_main_t * ccm0, * ccm1;
84  cop_config_data_t * c0, * c1;
85  u32 adj_index0, adj_index1;
86  ip_adjacency_t * adj0, * adj1;
87 
88  /* Prefetch next iteration. */
89  {
90  vlib_buffer_t * p2, * p3;
91 
92  p2 = vlib_get_buffer (vm, from[2]);
93  p3 = vlib_get_buffer (vm, from[3]);
94 
95  vlib_prefetch_buffer_header (p2, LOAD);
96  vlib_prefetch_buffer_header (p3, LOAD);
97 
98  CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
99  CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE);
100  }
101 
102  /* speculatively enqueue b0 and b1 to the current next frame */
103  to_next[0] = bi0 = from[0];
104  to_next[1] = bi1 = from[1];
105  from += 2;
106  to_next += 2;
107  n_left_from -= 2;
108  n_left_to_next -= 2;
109 
110  b0 = vlib_get_buffer (vm, bi0);
111  sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
112 
113  ip0 = vlib_buffer_get_current (b0);
114 
115  ccm0 = cm->cop_config_mains + VNET_COP_IP6;
116 
117  c0 = vnet_get_config_data
118  (&ccm0->config_main,
119  &vnet_buffer (b0)->cop.current_config_index,
120  &next0,
121  sizeof (c0[0]));
122 
123  adj_index0 = ip6_fib_lookup_with_table (im6, c0->fib_index,
124  &ip0->src_address);
125  adj0 = ip_get_adjacency (lm6, adj_index0);
126  if (PREDICT_FALSE(adj0->lookup_next_index != IP_LOOKUP_NEXT_LOCAL))
127  {
128  b0->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
129  next0 = RX_COP_DROP;
130  }
131 
132  b1 = vlib_get_buffer (vm, bi1);
133  sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX];
134 
135  ip1 = vlib_buffer_get_current (b1);
136 
137  ccm1 = cm->cop_config_mains + VNET_COP_IP6;
138 
139  c1 = vnet_get_config_data
140  (&ccm1->config_main,
141  &vnet_buffer (b1)->cop.current_config_index,
142  &next1,
143  sizeof (c1[0]));
144 
145  adj_index1 = ip6_fib_lookup_with_table (im6, c1->fib_index,
146  &ip1->src_address);
147 
148  adj1 = ip_get_adjacency (lm6, adj_index1);
149 
150  vlib_increment_combined_counter
151  (vcm, cpu_index, adj_index0, 1,
152  vlib_buffer_length_in_chain (vm, b0)
153  + sizeof(ethernet_header_t));
154 
155  vlib_increment_combined_counter
156  (vcm, cpu_index, adj_index1, 1,
157  vlib_buffer_length_in_chain (vm, b1)
158  + sizeof(ethernet_header_t));
159 
160  if (PREDICT_FALSE(adj0->lookup_next_index != IP_LOOKUP_NEXT_LOCAL))
161  {
162  b0->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
163  next0 = RX_COP_DROP;
164  }
165 
166  if (PREDICT_FALSE(adj1->lookup_next_index != IP_LOOKUP_NEXT_LOCAL))
167  {
168  b1->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
169  next1 = RX_COP_DROP;
170  }
171 
172  if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
173  && (b0->flags & VLIB_BUFFER_IS_TRACED)))
174  {
175  ip6_cop_whitelist_trace_t *t =
176  vlib_add_trace (vm, node, b0, sizeof (*t));
177  t->sw_if_index = sw_if_index0;
178  t->next_index = next0;
179  }
180 
181  if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
182  && (b1->flags & VLIB_BUFFER_IS_TRACED)))
183  {
184  ip6_cop_whitelist_trace_t *t =
185  vlib_add_trace (vm, node, b1, sizeof (*t));
186  t->sw_if_index = sw_if_index1;
187  t->next_index = next1;
188  }
189 
190  /* verify speculative enqueues, maybe switch current next frame */
191  vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
192  to_next, n_left_to_next,
193  bi0, bi1, next0, next1);
194  }
195 
196  while (n_left_from > 0 && n_left_to_next > 0)
197  {
198  u32 bi0;
199  vlib_buffer_t * b0;
200  u32 next0;
201  u32 sw_if_index0;
202  ip6_header_t * ip0;
203  cop_config_main_t *ccm0;
204  cop_config_data_t *c0;
205  u32 adj_index0;
206  ip_adjacency_t * adj0;
207 
208  /* speculatively enqueue b0 to the current next frame */
209  bi0 = from[0];
210  to_next[0] = bi0;
211  from += 1;
212  to_next += 1;
213  n_left_from -= 1;
214  n_left_to_next -= 1;
215 
216  b0 = vlib_get_buffer (vm, bi0);
217  sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
218 
219  ip0 = vlib_buffer_get_current (b0);
220 
221  ccm0 = cm->cop_config_mains + VNET_COP_IP6;
222 
223  c0 = vnet_get_config_data
224  (&ccm0->config_main,
225  &vnet_buffer (b0)->cop.current_config_index,
226  &next0,
227  sizeof (c0[0]));
228 
229  adj_index0 = ip6_fib_lookup_with_table (im6, c0->fib_index,
230  &ip0->src_address);
231 
232  adj0 = ip_get_adjacency (lm6, adj_index0);
233 
234  vlib_increment_combined_counter
235  (vcm, cpu_index, adj_index0, 1,
236  vlib_buffer_length_in_chain (vm, b0)
237  + sizeof(ethernet_header_t));
238 
239  if (PREDICT_FALSE(adj0->lookup_next_index != IP_LOOKUP_NEXT_LOCAL))
240  {
241  b0->error = node->errors[IP6_COP_WHITELIST_ERROR_DROPPED];
242  next0 = RX_COP_DROP;
243  }
244 
245  if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
246  && (b0->flags & VLIB_BUFFER_IS_TRACED)))
247  {
248  ip6_cop_whitelist_trace_t *t =
249  vlib_add_trace (vm, node, b0, sizeof (*t));
250  t->sw_if_index = sw_if_index0;
251  t->next_index = next0;
252  }
253 
254  /* verify speculative enqueue, maybe switch current next frame */
255  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
256  to_next, n_left_to_next,
257  bi0, next0);
258  }
259 
260  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
261  }
262  return frame->n_vectors;
263 }
264 
265 VLIB_REGISTER_NODE (ip6_cop_whitelist_node) = {
266  .function = ip6_cop_whitelist_node_fn,
267  .name = "ip6-cop-whitelist",
268  .vector_size = sizeof (u32),
269  .format_trace = format_ip6_cop_whitelist_trace,
270  .type = VLIB_NODE_TYPE_INTERNAL,
271 
272  .n_errors = ARRAY_LEN(ip6_cop_whitelist_error_strings),
273  .error_strings = ip6_cop_whitelist_error_strings,
274 
275  .n_next_nodes = COP_RX_N_FEATURES,
276 
277  /* edit / add dispositions here */
278  .next_nodes = {
279  [IP4_RX_COP_WHITELIST] = "ip4-cop-whitelist",
280  [IP6_RX_COP_WHITELIST] = "ip6-cop-whitelist",
281  [DEFAULT_RX_COP_WHITELIST] = "default-cop-whitelist",
282  [IP4_RX_COP_INPUT] = "ip4-input",
283  [IP6_RX_COP_INPUT] = "ip6-input",
284  [DEFAULT_RX_COP_INPUT] = "ethernet-input",
285  [RX_COP_DROP] = "error-drop",
286  },
287 };
288 
289 VLIB_NODE_FUNCTION_MULTIARCH (ip6_cop_whitelist_node, ip6_cop_whitelist_node_fn)
290 
291 static clib_error_t *
292 ip6_whitelist_init (vlib_main_t * vm)
293 {
294  return 0;
295 }
296 
297 VLIB_INIT_FUNCTION (ip6_whitelist_init);
vlib_put_next_frame
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
Definition: main.c:457
ip6_cop_whitelist_trace_t::next_index
u32 next_index
Definition: ip6_whitelist.c:18
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:79
cop_main_t::cop_config_mains
cop_config_main_t cop_config_mains[VNET_N_COPS]
Definition: cop.h:66
IP6_COP_WHITELIST_N_ERROR
Definition: ip6_whitelist.c:43
type
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
ip_adjacency_t::lookup_next_index
ip_lookup_next_t lookup_next_index
Definition: lookup.h:180
ip_adjacency_t
IP unicast adjacency.
Definition: lookup.h:164
ip6_cop_whitelist_node
vlib_node_registration_t ip6_cop_whitelist_node
(constructor) VLIB_REGISTER_NODE (ip6_cop_whitelist_node)
Definition: ip6_whitelist.c:34
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
vlib_node_runtime_t::errors
vlib_error_t * errors
Definition: node.h:418
vlib_buffer_length_in_chain
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
Definition: buffer_funcs.h:112
ip6_header_t::src_address
ip6_address_t src_address
Definition: ip6_packet.h:298
vlib_frame_t
Definition: node.h:332
ip6_cop_whitelist_error_t
ip6_cop_whitelist_error_t
Definition: ip6_whitelist.c:39
vlib_node_runtime_t
Definition: node.h:412
ip6_cop_whitelist_trace_t::sw_if_index
u32 sw_if_index
Definition: ip6_whitelist.c:19
VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:111
vlib_buffer_get_current
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:187
vlib_main_t::cpu_index
u32 cpu_index
Definition: main.h:159
IP_LOOKUP_NEXT_LOCAL
This packet is for one of our own IP addresses.
Definition: lookup.h:68
ip6_whitelist_init
static clib_error_t * ip6_whitelist_init(vlib_main_t *vm)
Definition: ip6_whitelist.c:292
ip6_cop_whitelist_error_strings
static char * ip6_cop_whitelist_error_strings[]
Definition: ip6_whitelist.c:46
ip6_cop_whitelist_node_fn
static uword ip6_cop_whitelist_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_whitelist.c:53
cop_feature_type_t
cop_feature_type_t
Definition: cop.h:39
vnet_get_config_data
static void * vnet_get_config_data(vnet_config_main_t *cm, u32 *config_index, u32 *next_index, u32 n_data_bytes)
Definition: config.h:122
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:97
foreach_ip6_cop_whitelist_error
#define foreach_ip6_cop_whitelist_error
Definition: ip6_whitelist.c:36
vlib_validate_buffer_enqueue_x2
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
Definition: buffer_node.h:70
vlib_validate_buffer_enqueue_x1
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:130
vlib_get_next_frame
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:348
vlib_buffer_t::error
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:118
ip6_main_t
Definition: ip6.h:107
vlib_frame_t::n_vectors
u16 n_vectors
Definition: node.h:344
CLIB_PREFETCH
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:82
vlib_buffer_t
Definition: buffer.h:73
ip_lookup_main_t
Definition: lookup.h:399
ip6_fib_lookup_with_table
u32 ip6_fib_lookup_with_table(ip6_main_t *im, u32 fib_index, ip6_address_t *dst)
Definition: ip6_forward.c:61
ethernet_header_t
Definition: packet.h:50
cop_config_main_t
Definition: cop.h:56
ARRAY_LEN
#define ARRAY_LEN(x)
Definition: clib.h:59
cop_main
cop_main_t cop_main
Definition: cop.c:17
ip_lookup_main_t::adjacency_counters
vlib_combined_counter_main_t adjacency_counters
Adjacency packet/byte counters indexed by adjacency index.
Definition: lookup.h:404
vlib_node_runtime_t::cached_next_index
u16 cached_next_index
Definition: node.h:462
vlib_increment_combined_counter
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 cpu_index, u32 index, u32 packet_increment, u32 byte_increment)
Increment a combined counter.
Definition: counter.h:241
u32
unsigned int u32
Definition: types.h:88
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:335
ip6_main
ip6_main_t ip6_main
Definition: ip6_forward.c:2955
ip6_main_t::lookup_main
ip_lookup_main_t lookup_main
Definition: ip6.h:110
format
u8 * format(u8 *s, char *fmt,...)
Definition: format.c:418
ip6_header_t
Definition: ip6_packet.h:283
VLIB_NODE_FLAG_TRACE
#define VLIB_NODE_FLAG_TRACE
Definition: node.h:259
VLIB_BUFFER_IS_TRACED
#define VLIB_BUFFER_IS_TRACED
Definition: buffer.h:93
uword
u64 uword
Definition: types.h:112
vlib_add_trace
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace_funcs.h:55
cop_config_data_t
Definition: cop.h:61
clib_error_t
Definition: error.h:75
u8
unsigned char u8
Definition: types.h:56
vlib_main_t
Definition: main.h:59
vlib_node_t
Definition: node.h:215
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:251
vlib_combined_counter_main_t
A collection of combined counters.
Definition: counter.h:212
vlib_prefetch_buffer_header
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
Definition: buffer.h:163
VLIB_NODE_FUNCTION_MULTIARCH
#define VLIB_NODE_FUNCTION_MULTIARCH(node, fn)
Definition: node.h:158
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:143
format_ip6_cop_whitelist_trace
static u8 * format_ip6_cop_whitelist_trace(u8 *s, va_list *args)
Definition: ip6_whitelist.c:23
vlib_buffer_t::data
u8 data[0]
Packet data.
Definition: buffer.h:151
vlib_node_runtime_t::flags
u16 flags
Definition: node.h:452
cop_main_t
Definition: cop.h:65
CLIB_CACHE_LINE_BYTES
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:67
vlib_buffer_t::flags
u32 flags
buffer flags: VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:85
ip6_cop_whitelist_trace_t
Definition: ip6_whitelist.c:17
vlib_get_buffer
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:69
cop_config_data_t::fib_index
u32 fib_index
Definition: cop.h:62
VLIB_RX
Definition: defs.h:46
cop_config_main_t::config_main
vnet_config_main_t config_main
Definition: cop.h:57
ip_get_adjacency
static ip_adjacency_t * ip_get_adjacency(ip_lookup_main_t *lm, u32 adj_index)
Definition: lookup.h:480