FD.io VPP  v16.09
Vector Packet Processing
sr.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @file
17  * @brief Segment Routing header
18  *
19  * @note sr_replicate only works using DPDK today
20  */
21 #ifndef included_vnet_sr_h
22 #define included_vnet_sr_h
23 
24 #include <vnet/vnet.h>
25 #include <vnet/sr/sr_packet.h>
26 #include <vnet/ip/ip6_packet.h>
27 
28 #include <openssl/opensslconf.h>
29 #include <stdlib.h>
30 #include <string.h>
31 
32 #include <openssl/crypto.h>
33 #include <openssl/sha.h>
34 #include <openssl/opensslv.h>
35 #include <openssl/hmac.h>
36 
37 /**
38  * @brief Segment Route tunnel key
39  */
40 typedef struct
41 {
45 
46 /**
47  * @brief Segment Route tunnel
48  */
49 typedef struct
50 {
51  /** src, dst address */
53 
54  /** Pptional tunnel name */
55  u8 *name;
56 
57  /** Mask width for FIB entry */
59 
60  /** First hop, to save 1 elt in the segment list */
62 
63  /** RX Fib index */
65  /** TX Fib index */
67 
68  /** The actual ip6 SR header */
70 
71  /** Indicates that this tunnel is part of a policy comprising
72  of multiple tunnels. If == ~0 tunnel is not part of a policy */
75 
76 /**
77  * @brief Shared secret for keyed-hash message authentication code (HMAC).
78  */
79 typedef struct
80 {
83 
84 /**
85  * @brief Args required for add/del tunnel.
86  *
87  * Else we end up passing a LOT of parameters around.
88  */
89 typedef struct
90 {
91  /** Key (header imposition case) */
97 
98  /** optional name argument - for referencing SR tunnel/policy by name */
99  u8 *name;
100 
101  /** optional policy name */
103 
104  /** segment list, when inserting an ip6 SR header */
106 
107  /**
108  * "Tag" list, aka segments inserted at the end of the list,
109  * past last_seg
110  */
112 
113  /** Shared secret => generate SHA-256 HMAC security fields */
115 
116  /** Flags, e.g. cleanup, policy-list flags */
118 
119  /** Delete the tunnnel? */
122 
123 /**
124  * @brief Args for creating a policy.
125  *
126  * Typically used for multicast replication.
127  * ie a multicast address can be associated with a policy,
128  * then replicated across a number of unicast SR tunnels.
129  */
130 typedef struct
131 {
132  /** policy name */
134 
135  /** tunnel names */
137 
138  /** Delete the policy? */
141 
142 /**
143  * @brief Segment Routing policy.
144  *
145  * Typically used for multicast replication.
146  * ie a multicast address can be associated with a policy,
147  * then replicated across a number of unicast SR tunnels.
148  */
149 typedef struct
150 {
151  /** name of policy */
153 
154  /** vector to SR tunnel index */
156 
158 
159 /**
160  * @brief Args for mapping of multicast address to policy name.
161  *
162  * Typically used for multicast replication.
163  * ie a multicast address can be associated with a policy,
164  * then replicated across a number of unicast SR tunnels.
165  */
166 typedef struct
167 {
168  /** multicast IP6 address */
170 
171  /** name of policy to map to */
173 
174  /** Delete the mapping */
176 
178 
179 /**
180  * @brief Segment Routing state.
181  */
182 typedef struct
183 {
184  /** pool of tunnel instances, sr entry only */
186 
187  /** find an sr "tunnel" by its outer-IP src/dst */
189 
190  /** find an sr "tunnel" by its name */
192 
193  /** policy pool */
195 
196  /** find a policy by name */
198 
199  /** multicast address to policy mapping */
201 
202  /** ip6-lookup next index for imposition FIB entries */
204 
205  /** hmac key id by shared secret */
207 
208  /** ip6-rewrite next index for reinstalling the original dst address */
210 
211  /** ip6-replicate next index for multicast tunnel */
213 
214  /** application API callback */
215  void *sr_local_cb;
216 
217  /** validate hmac keys */
219 
220  /** pool of hmac keys */
222 
223  /** Openssl var */
224  EVP_MD *md;
225  /** Openssl var */
226  HMAC_CTX *hmac_ctx;
227 
228  /** enable debug spew */
230 
231  /** convenience */
233  /** convenience */
235 } ip6_sr_main_t;
236 
238 
241 
243 
244 #if DPDK > 0
246 #endif /* DPDK */
247 
251 
252 void vnet_register_sr_app_callback (void *cb);
253 
254 void sr_fix_hmac (ip6_sr_main_t * sm, ip6_header_t * ip,
255  ip6_sr_header_t * sr);
256 
257 #endif /* included_vnet_sr_h */
258 
259 /*
260  * fd.io coding-style-patch-verification: ON
261  *
262  * Local Variables:
263  * eval: (c-set-style "gnu")
264  * End:
265  */
HMAC_CTX * hmac_ctx
Openssl var.
Definition: sr.h:226
Segment Route tunnel key.
Definition: sr.h:40
Args for creating a policy.
Definition: sr.h:130
uword * tunnel_index_by_key
find an sr "tunnel" by its outer-IP src/dst
Definition: sr.h:188
a
Definition: bitmap.h:516
u32 tx_fib_index
TX Fib index.
Definition: sr.h:66
u32 policy_index
Indicates that this tunnel is part of a policy comprising of multiple tunnels.
Definition: sr.h:73
u32 dst_mask_width
Mask width for FIB entry.
Definition: sr.h:58
ip6_address_t * multicast_address
multicast IP6 address
Definition: sr.h:169
u8 * name
Pptional tunnel name.
Definition: sr.h:55
struct _vlib_node_registration vlib_node_registration_t
ip6_address_t * tags
"Tag" list, aka segments inserted at the end of the list, past last_seg
Definition: sr.h:111
ip6_sr_tunnel_key_t key
src, dst address
Definition: sr.h:52
u32 rx_fib_index
RX Fib index.
Definition: sr.h:64
ip6_address_t dst
Definition: sr.h:43
ip6_address_t src
Definition: sr.h:42
u8 * name
name of policy
Definition: sr.h:152
ip6_address_t * segments
segment list, when inserting an ip6 SR header
Definition: sr.h:105
EVP_MD * md
Openssl var.
Definition: sr.h:224
int ip6_sr_add_del_policy(ip6_sr_add_del_policy_args_t *a)
Add or Delete a Segment Routing policy.
Definition: sr.c:1426
ip6_sr_hmac_key_t * hmac_keys
pool of hmac keys
Definition: sr.h:221
u8 * name
optional name argument - for referencing SR tunnel/policy by name
Definition: sr.h:99
int ip6_sr_add_del_multicastmap(ip6_sr_add_del_multicastmap_args_t *a)
Add or Delete a mapping of IP6 multicast address to Segment Routing policy.
Definition: sr.c:1678
format_function_t format_ip6_sr_header_with_length
Definition: sr.h:240
Args required for add/del tunnel.
Definition: sr.h:89
void sr_fix_hmac(ip6_sr_main_t *sm, ip6_header_t *ip, ip6_sr_header_t *sr)
Use passed HMAC key in ip6_sr_header_t in OpenSSL HMAC routines.
Definition: sr.c:39
u8 is_del
Delete the tunnnel?
Definition: sr.h:120
Args for mapping of multicast address to policy name.
Definition: sr.h:166
vlib_main_t * vlib_main
convenience
Definition: sr.h:232
void vnet_register_sr_app_callback(void *cb)
Register a callback routine to set next0 in sr_local.
Definition: sr.c:2951
The Segment Routing Header (SRH).
void * sr_local_cb
application API callback
Definition: sr.h:215
u8 * shared_secret
Definition: sr.h:81
u8 is_debug
enable debug spew
Definition: sr.h:229
int ip6_sr_add_del_tunnel(ip6_sr_add_del_tunnel_args_t *a)
Add or Delete a Segment Routing tunnel.
Definition: sr.c:837
u16 flags_net_byte_order
Flags, e.g.
Definition: sr.h:117
u32 ip6_lookup_sr_replicate_index
ip6-replicate next index for multicast tunnel
Definition: sr.h:212
ip6_address_t * src_address
Key (header imposition case)
Definition: sr.h:92
u8 * policy_name
optional policy name
Definition: sr.h:102
vnet_main_t * vnet_main
convenience
Definition: sr.h:234
u8 * rewrite
The actual ip6 SR header.
Definition: sr.h:69
vlib_node_registration_t ip6_sr_input_node
Definition: sr.h:242
u32 * tunnel_indices
vector to SR tunnel index
Definition: sr.h:155
u8 * policy_name
name of policy to map to
Definition: sr.h:172
Segment Route tunnel.
Definition: sr.h:49
u8 validate_hmac
validate hmac keys
Definition: sr.h:218
ip6_address_t first_hop
First hop, to save 1 elt in the segment list.
Definition: sr.h:61
unsigned int u32
Definition: types.h:88
u8 * name
policy name
Definition: sr.h:133
ip6_sr_tunnel_t * tunnels
pool of tunnel instances, sr entry only
Definition: sr.h:185
uword * policy_index_by_policy_name
find a policy by name
Definition: sr.h:197
u8 is_del
Delete the policy?
Definition: sr.h:139
uword * tunnel_index_by_name
find an sr "tunnel" by its name
Definition: sr.h:191
u8 *( format_function_t)(u8 *s, va_list *args)
Definition: format.h:48
u64 uword
Definition: types.h:112
u32 ip6_lookup_sr_next_index
ip6-lookup next index for imposition FIB entries
Definition: sr.h:203
format_function_t format_ip6_sr_header
Definition: sr.h:239
u8 * shared_secret
Shared secret => generate SHA-256 HMAC security fields.
Definition: sr.h:114
uword * hmac_key_by_shared_secret
hmac key id by shared secret
Definition: sr.h:206
unsigned short u16
Definition: types.h:57
uword * policy_index_by_multicast_address
multicast address to policy mapping
Definition: sr.h:200
unsigned char u8
Definition: types.h:56
Segment Routing policy.
Definition: sr.h:149
vlib_node_registration_t sr_replicate_node
(constructor) VLIB_REGISTER_NODE (sr_replicate_node)
Definition: sr_replicate.c:387
ip6_sr_policy_t * policies
policy pool
Definition: sr.h:194
SR header struct.
Definition: sr_packet.h:177
ip6_address_t * dst_address
Definition: sr.h:93
u8 ** tunnel_names
tunnel names
Definition: sr.h:136
Shared secret for keyed-hash message authentication code (HMAC).
Definition: sr.h:79
Segment Routing state.
Definition: sr.h:182
u8 is_del
Delete the mapping.
Definition: sr.h:175
ip6_sr_main_t sr_main
Definition: sr.h:237
u32 ip6_rewrite_sr_next_index
ip6-rewrite next index for reinstalling the original dst address
Definition: sr.h:209