FD.io VPP  v19.04.4-rc0-5-ge88582fac
Vector Packet Processing
acl_l3_list.cpp
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2017 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "vom/acl_l3_list.hpp"
17 #include "vom/acl_list_cmds.hpp"
18 #include "vom/logger.hpp"
20 
21 namespace VOM {
22 namespace ACL {
23 
24 /**
25  * Definition of the static singular_db for ACL Lists
26  */
27 singular_db<l3_list::key_t, l3_list> l3_list::m_db;
28 
29 /**
30  * Definition of the static per-handle DB for ACL Lists
31  */
32 std::map<handle_t, std::weak_ptr<l3_list>> l3_list::m_hdl_db;
33 
34 l3_list::event_handler l3_list::m_evh;
35 
37 {
39  inspect::register_handler({ "l3-acl-list" }, "L3 ACL lists", this);
40 }
41 
43  : m_hdl(handle_t::INVALID)
44  , m_key(key)
45 {
46 }
47 
48 l3_list::l3_list(const handle_t& hdl, const key_t& key)
49  : m_hdl(hdl)
50  , m_key(key)
51 {
52 }
53 
55  : m_hdl(handle_t::INVALID)
56  , m_key(key)
57  , m_rules(rules)
58 {
59 }
60 
62  : m_hdl(o.m_hdl)
63  , m_key(o.m_key)
64  , m_rules(o.m_rules)
65 {
66 }
67 
69 {
70  sweep();
71  m_db.release(m_key, this);
72 }
73 
74 std::shared_ptr<l3_list>
76 {
77  return find_or_add(*this);
78 }
79 
80 /**
81  * Dump all ACLs into the stream provided
82  */
83 void
84 l3_list::dump(std::ostream& os)
85 {
86  db_dump(m_db, os);
87 }
88 
89 /**
90  * convert to string format for debug purposes
91  */
92 std::string
94 {
95  std::ostringstream s;
96  s << "acl-list:[" << m_key << " " << m_hdl.to_string() << " rules:[";
97 
98  for (auto rule : m_rules) {
99  s << rule.to_string() << " ";
100  }
101 
102  s << "]]";
103 
104  return (s.str());
105 }
106 
107 void
109 {
110  m_rules.insert(rule);
111 }
112 
113 void
115 {
116  m_rules.erase(rule);
117 }
118 
119 const handle_t&
121 {
122  return (singular()->handle_i());
123 }
124 
125 std::shared_ptr<l3_list>
127 {
128  return (m_hdl_db[handle].lock());
129 }
130 
131 std::shared_ptr<l3_list>
133 {
134  return (m_db.find(key));
135 }
136 
137 std::shared_ptr<l3_list>
138 l3_list::find_or_add(const l3_list& temp)
139 {
140  return (m_db.find_or_add(temp.key(), temp));
141 }
142 
143 const handle_t&
144 l3_list::handle_i() const
145 {
146  return (m_hdl.data());
147 }
148 
149 void
151 {
152  std::shared_ptr<l3_list> sp = find(key);
153 
154  if (sp && item) {
155  m_hdl_db[item.data()] = sp;
156  }
157 }
158 
159 void
161 {
162  m_hdl_db.erase(item.data());
163 }
164 
165 const l3_list::key_t&
167 {
168  return m_key;
169 }
170 
171 const l3_list::rules_t&
173 {
174  return m_rules;
175 }
176 
177 bool
179 {
180  return (key() == l.key() && rules() == l.rules());
181 }
182 
183 void
184 l3_list::event_handler::handle_populate(const client_db::key_t& key)
185 {
186  /*
187  * dump L3 ACLs Bridge domains
188  */
189  std::shared_ptr<list_cmds::l3_dump_cmd> cmd =
190  std::make_shared<list_cmds::l3_dump_cmd>();
191 
192  HW::enqueue(cmd);
193  HW::write();
194 
195  for (auto& record : *cmd) {
196  auto& payload = record.get_payload();
197 
198  const handle_t hdl(payload.acl_index);
199  l3_list acl(hdl, std::string(reinterpret_cast<const char*>(payload.tag)));
200 
201  for (unsigned int ii = 0; ii < payload.count; ii++) {
202  const route::prefix_t src(payload.r[ii].is_ipv6,
203  payload.r[ii].src_ip_addr,
204  payload.r[ii].src_ip_prefix_len);
205  const route::prefix_t dst(payload.r[ii].is_ipv6,
206  payload.r[ii].dst_ip_addr,
207  payload.r[ii].dst_ip_prefix_len);
208  l3_rule rule(ii, action_t::from_int(payload.r[ii].is_permit), src, dst);
209 
210  rule.set_proto(payload.r[ii].proto);
211  rule.set_src_from_port(payload.r[ii].srcport_or_icmptype_first);
212  rule.set_src_to_port(payload.r[ii].srcport_or_icmptype_last);
213  rule.set_dst_from_port(payload.r[ii].dstport_or_icmpcode_first);
214  rule.set_dst_to_port(payload.r[ii].dstport_or_icmpcode_last);
215  rule.set_tcp_flags_mask(payload.r[ii].tcp_flags_mask);
216  rule.set_tcp_flags_value(payload.r[ii].tcp_flags_value);
217 
218  acl.insert(rule);
219  }
220  VOM_LOG(log_level_t::DEBUG) << "dump: " << acl.to_string();
221 
222  /*
223  * Write each of the discovered ACLs into the OM,
224  * but disable the HW Command q whilst we do, so that no
225  * commands are sent to VPP
226  */
227  OM::commit(key, acl);
228  }
229 }
230 
231 void
232 l3_list::event_handler::show(std::ostream& os)
233 {
234  db_dump(m_db, os);
235 }
236 
238 l3_list::event_handler::order() const
239 {
240  return (dependency_t::ACL);
241 }
242 
243 void
244 l3_list::event_handler::handle_replay()
245 {
246  m_db.replay();
247 }
248 
249 void
250 l3_list::update(const l3_list& obj)
251 {
252  /*
253  * always update the instance with the latest rule set
254  */
255  if (rc_t::OK != m_hdl.rc() || obj.m_rules != m_rules) {
256  HW::enqueue(new list_cmds::l3_update_cmd(m_hdl, m_key, m_rules));
257  }
258  /*
259  * We don't, can't, read the priority from VPP,
260  * so the is equals check above does not include the priorty.
261  * but we save it now.
262  */
263  m_rules = obj.m_rules;
264 }
265 
266 /**
267  * Sweep/reap the object if still stale
268  */
269 void
270 l3_list::sweep(void)
271 {
272  if (m_hdl) {
274  }
275  HW::write();
276 }
277 
278 /**
279  * Replay the objects state to HW
280  */
281 void
282 l3_list::replay(void)
283 {
284  if (m_hdl) {
285  m_hdl.data().reset();
286  HW::enqueue(new list_cmds::l3_update_cmd(m_hdl, m_key, m_rules));
287  }
288 }
289 
290 }; // namespace ACL
291 }; // namespace VOM
292 
293 /*
294  * fd.io coding-style-patch-verification: ON
295  *
296  * Local Variables:
297  * eval: (c-set-style "mozilla")
298  * End:
299  */
An L3 ACL list comprises a set of match actions rules to be applied to packets.
Definition: acl_l3_list.hpp:35
void set_src_from_port(uint16_t srcport_or_icmptype_first)
Set Src port or ICMP Type first.
static const action_t & from_int(uint8_t i)
Get the enum type from a VPP integer value.
Definition: acl_types.cpp:30
#define VOM_LOG(lvl)
Definition: logger.hpp:181
void set_dst_from_port(uint16_t dstport_or_icmpcode_first)
Set Dst port or ICMP code first.
const key_t & key() const
void db_dump(const DB &db, std::ostream &os)
Print each of the objects in the DB into the stream provided.
void set_tcp_flags_value(uint8_t tcp_flags_value)
Set TCP flags value.
const std::string key_t
In the opflex world each entity is known by a URI which can be converted into a string.
Definition: client_db.hpp:51
const handle_t & handle() const
Return the VPP assign handle.
std::multiset< l3_rule > rules_t
The rule container type.
Definition: acl_l3_list.hpp:48
static void register_handler(const std::vector< std::string > &cmds, const std::string &help, command_handler *ch)
Register a command handler for inspection.
Definition: inspect.cpp:85
std::string key_t
The KEY can be used to uniquely identify the ACL.
Definition: acl_l3_list.hpp:43
static rc_t write()
Write/Execute all commands hitherto enqueued.
Definition: hw.cpp:255
rc_t rc() const
Get the HW return code.
Definition: hw.hpp:119
const rules_t & rules() const
static const log_level_t DEBUG
Definition: logger.hpp:32
vl_api_ip4_address_t dst
Definition: ipsec_gre.api:39
void set_tcp_flags_mask(uint8_t tcp_flags_mask)
Set TCP flags mask.
static std::shared_ptr< l3_list > find(const handle_t &handle)
std::shared_ptr< l3_list > singular() const
Return the &#39;sigular instance&#39; of the ACL that matches this object.
Definition: acl_l3_list.cpp:75
T & data()
Return the data read/written.
Definition: hw.hpp:109
std::string to_string() const
convert to string format for debug purposes
Definition: hw.hpp:161
void set_src_to_port(uint16_t srcport_or_icmptype_last)
Set Src port or ICMP Type last.
static void add(const key_t &key, const HW::item< handle_t > &item)
~l3_list()
Destructor.
Definition: acl_l3_list.cpp:68
void remove(const l3_rule &rule)
Remove a rule from the list.
A command class that Create the list.
vl_api_ip4_address_t src
Definition: ipsec_gre.api:38
A cmd class that Deletes an ACL.
void set_dst_to_port(uint16_t dstport_or_icmpcode_last)
Set Dst port or ICMP code last.
static void dump(std::ostream &os)
Dump all ACLs into the stream provided.
Definition: acl_l3_list.cpp:84
A type declaration of an interface handle in VPP.
Definition: types.hpp:233
static rc_t commit(const client_db::key_t &key, const OBJ &obj)
Make the State in VPP reflect the expressed desired state.
Definition: om.hpp:202
void event_handler(void *tls_async)
Definition: tls_async.c:340
void set_proto(uint8_t proto)
Set proto.
Definition: acl_l3_rule.cpp:98
dependency_t
There needs to be a strict order in which object types are read from VPP (at boot time) and replayed ...
Definition: types.hpp:43
bool operator==(const l3_list &l) const
Comparison operator - for UT.
static const rc_t OK
The HW write was successfull.
Definition: types.hpp:109
static void enqueue(cmd *f)
Enqueue A command for execution.
Definition: hw.cpp:212
void insert(const l3_rule &rule)
Insert priority sorted a rule into the list.
The VPP Object Model (VOM) library.
Definition: acl_binding.cpp:19
l3_list(const key_t &key)
Construct a new object matching the desried state.
Definition: acl_l3_list.cpp:42
An ACL rule is the building block of an ACL.
Definition: acl_l3_rule.hpp:31
A representation of a method call to VPP.
Definition: cmd.hpp:32
void reset()
reset the value of the handle to ~0
Definition: types.cpp:99
typedef key
Definition: ipsec.api:244
void show(char *chroot_path, int verbose)
Definition: svmtool.c:105
std::string to_string() const
convert to string format for debug purposes
Definition: acl_l3_list.cpp:93
static bool register_listener(listener *listener)
Register a listener of events.
Definition: om.cpp:127
A prefix defintion.
Definition: prefix.hpp:92