FD.io VPP  v21.06-3-gbb25fbf28
Vector Packet Processing
abf_itf_attach.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2017 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
17 #include <vnet/fib/fib_path_list.h>
18 #include <plugins/acl/exports.h>
19 
20 /**
21  * Forward declarations;
22  */
25 
26 /**
27  * FIB node registered type for the bonds
28  */
30 
31 /**
32  * Pool of ABF interface attachment objects
33  */
35 
36 /**
37  * A per interface vector of attached policies. used in the data-plane
38  */
40 
41 /**
42  * Per interface values of ACL lookup context IDs. used in the data-plane
43  */
45 
46 /**
47  * ABF ACL module user id returned during the initialization
48  */
50 /*
51  * ACL plugin method vtable
52  */
53 
55 
56 /**
57  * A DB of attachments; key={abf_index,sw_if_index}
58  */
60 
61 static u64
63 {
64  u64 key;
65 
66  key = abf_index;
67  key = key << 32;
68  key |= sw_if_index;
69 
70  return (key);
71 }
72 
73 static abf_itf_attach_t *
75 {
76  uword *p;
77  u64 key;
78 
79  key = abf_itf_attach_mk_key (abf_index, sw_if_index);
80 
82 
83  if (NULL != p)
84  return (pool_elt_at_index (abf_itf_attach_pool, p[0]));
85 
86  return (NULL);
87 }
88 
89 static void
91 {
92  u64 key;
93 
94  key = abf_itf_attach_mk_key (abf_index, sw_if_index);
95 
97 }
98 
99 static void
101 {
102  u64 key;
103 
104  key = abf_itf_attach_mk_key (abf_index, sw_if_index);
105 
107 }
108 
109 static void
111 {
112  /*
113  * stack the DPO on the forwarding contributed by the path-list
114  */
115  dpo_id_t via_dpo = DPO_INVALID;
116  abf_policy_t *ap;
117 
118  ap = abf_policy_get (aia->aia_abf);
119 
121  (FIB_PROTOCOL_IP4 == aia->aia_proto ?
125  &via_dpo);
126 
128  abf_ip4_node.index :
129  abf_ip6_node.index), &aia->aia_dpo, &via_dpo);
130  dpo_reset (&via_dpo);
131 }
132 
133 static int
134 abf_cmp_attach_for_sort (void *v1, void *v2)
135 {
136  const abf_itf_attach_t *aia1;
137  const abf_itf_attach_t *aia2;
138 
139  aia1 = abf_itf_attach_get (*(u32 *) v1);
140  aia2 = abf_itf_attach_get (*(u32 *) v2);
141 
142  return (aia1->aia_prio - aia2->aia_prio);
143 }
144 
145 void
147 {
148  u32 *acl_vec = 0;
149  u32 *aiai;
150  abf_itf_attach_t *aia;
151 
152  if (~0 == abf_alctx_per_itf[fproto][sw_if_index])
153  return;
154 
155  vec_foreach (aiai, abf_per_itf[fproto][sw_if_index])
156  {
157  aia = abf_itf_attach_get (*aiai);
158  vec_add1 (acl_vec, aia->aia_acl);
159  }
160  acl_plugin.set_acl_vec_for_context (abf_alctx_per_itf[fproto][sw_if_index],
161  acl_vec);
162  vec_free (acl_vec);
163 }
164 
165 int
167  u32 policy_id, u32 priority, u32 sw_if_index)
168 {
169  abf_itf_attach_t *aia;
170  abf_policy_t *ap;
171  u32 api, aiai;
172 
173  api = abf_policy_find (policy_id);
174 
175  ASSERT (INDEX_INVALID != api);
176  ap = abf_policy_get (api);
177 
178  /*
179  * check this is not a duplicate
180  */
181  aia = abf_itf_attach_db_find (policy_id, sw_if_index);
182 
183  if (NULL != aia)
184  return (VNET_API_ERROR_ENTRY_ALREADY_EXISTS);
185 
186  /*
187  * construct a new attachment object
188  */
190 
192  aia->aia_prio = priority;
193  aia->aia_proto = fproto;
194  aia->aia_acl = ap->ap_acl;
195  aia->aia_abf = api;
197  aiai = aia - abf_itf_attach_pool;
198  abf_itf_attach_db_add (policy_id, sw_if_index, aia);
199 
200  /*
201  * stack the DPO on the forwarding contributed by the path-list
202  */
203  abf_itf_attach_stack (aia);
204 
205  /*
206  * Insert the policy on the interfaces list.
207  */
210  if (1 == vec_len (abf_per_itf[fproto][sw_if_index]))
211  {
212  /*
213  * when enabling the first ABF policy on the interface
214  * we need to enable the interface input feature
215  */
217  "ip4-unicast" :
218  "ip6-unicast"),
219  (FIB_PROTOCOL_IP4 == fproto ?
220  "abf-input-ip4" :
221  "abf-input-ip6"),
222  sw_if_index, 1, NULL, 0);
223 
224  /* if this is the first ABF policy, we need to acquire an ACL lookup context */
226  abf_alctx_per_itf[fproto][sw_if_index] =
227  acl_plugin.get_lookup_context_index (abf_acl_user_id, sw_if_index, 0);
228  }
229  else
230  {
233  }
234 
235  /* Prepare and set the list of ACLs for lookup within the context */
236  abf_setup_acl_lc (fproto, sw_if_index);
237 
238  /*
239  * become a child of the ABF policy so we are notified when
240  * its forwarding changes.
241  */
243  api,
245 
246  return (0);
247 }
248 
249 int
251 {
252  abf_itf_attach_t *aia;
253  u32 index;
254 
255  /*
256  * check this is a valid attachment
257  */
258  aia = abf_itf_attach_db_find (policy_id, sw_if_index);
259 
260  if (NULL == aia)
261  return (VNET_API_ERROR_NO_SUCH_ENTRY);
262 
263  /*
264  * first remove from the interface's vector
265  */
266  ASSERT (abf_per_itf[fproto]);
267  ASSERT (abf_per_itf[fproto][sw_if_index]);
268 
270  aia - abf_itf_attach_pool);
271 
272  ASSERT (index != ~0);
274 
275  if (0 == vec_len (abf_per_itf[fproto][sw_if_index]))
276  {
277  /*
278  * when deleting the last ABF policy on the interface
279  * we need to disable the interface input feature
280  */
282  "ip4-unicast" :
283  "ip6-unicast"),
284  (FIB_PROTOCOL_IP4 == fproto ?
285  "abf-input-ip4" :
286  "abf-input-ip6"),
287  sw_if_index, 0, NULL, 0);
288 
289  /* Return the lookup context, invalidate its id in our records */
290  acl_plugin.put_lookup_context_index (abf_alctx_per_itf[fproto]
291  [sw_if_index]);
292  abf_alctx_per_itf[fproto][sw_if_index] = ~0;
293  }
294  else
295  {
298  }
299 
300  /* Prepare and set the list of ACLs for lookup within the context */
301  abf_setup_acl_lc (fproto, sw_if_index);
302 
303  /*
304  * remove the dependency on the policy
305  */
307  aia->aia_abf, aia->aia_sibling);
308 
309  /*
310  * remove the attachment from the DB
311  */
312  abf_itf_attach_db_del (policy_id, sw_if_index);
313 
314  /*
315  * release our locks on FIB forwarding data
316  */
317  dpo_reset (&aia->aia_dpo);
318 
319  /*
320  * return the object
321  */
323 
324  return (0);
325 }
326 
327 static u8 *
328 format_abf_intf_attach (u8 * s, va_list * args)
329 {
330  abf_itf_attach_t *aia = va_arg (*args, abf_itf_attach_t *);
331  abf_policy_t *ap;
332 
333  ap = abf_policy_get (aia->aia_abf);
334  s = format (s, "abf-interface-attach: policy:%d priority:%d",
335  ap->ap_id, aia->aia_prio);
336  s = format (s, "\n %U", format_dpo_id, &aia->aia_dpo, 2);
337 
338  return (s);
339 }
340 
341 static clib_error_t *
343  unformat_input_t * input, vlib_cli_command_t * cmd)
344 {
345  u32 policy_id, sw_if_index;
346  fib_protocol_t fproto;
347  u32 is_del, priority;
348  vnet_main_t *vnm;
349 
350  is_del = 0;
351  sw_if_index = policy_id = ~0;
352  vnm = vnet_get_main ();
353  fproto = FIB_PROTOCOL_MAX;
354  priority = 0;
355 
357  {
358  if (unformat (input, "del"))
359  is_del = 1;
360  else if (unformat (input, "add"))
361  is_del = 0;
362  else if (unformat (input, "ip4"))
363  fproto = FIB_PROTOCOL_IP4;
364  else if (unformat (input, "ip6"))
365  fproto = FIB_PROTOCOL_IP6;
366  else if (unformat (input, "policy %d", &policy_id))
367  ;
368  else if (unformat (input, "priority %d", &priority))
369  ;
370  else if (unformat (input, "%U",
372  ;
373  else
374  return (clib_error_return (0, "unknown input '%U'",
375  format_unformat_error, input));
376  }
377 
378  if (~0 == policy_id)
379  {
380  return (clib_error_return (0, "invalid policy ID:%d", policy_id));
381  }
382  if (~0 == sw_if_index)
383  {
384  return (clib_error_return (0, "invalid interface name"));
385  }
386  if (FIB_PROTOCOL_MAX == fproto)
387  {
388  return (clib_error_return (0, "Specify either ip4 or ip6"));
389  }
390 
391  if (~0 == abf_policy_find (policy_id))
392  return (clib_error_return (0, "invalid policy ID:%d", policy_id));
393 
394  if (is_del)
395  abf_itf_detach (fproto, policy_id, sw_if_index);
396  else
397  abf_itf_attach (fproto, policy_id, priority, sw_if_index);
398 
399  return (NULL);
400 }
401 
402 /* *INDENT-OFF* */
403 /**
404  * Attach an ABF policy to an interface.
405  */
407  .path = "abf attach",
408  .function = abf_itf_attach_cmd,
409  .short_help = "abf attach <ip4|ip6> [del] policy <value> <interface>",
410  // this is not MP safe
411 };
412 /* *INDENT-ON* */
413 
414 static clib_error_t *
416  unformat_input_t * input, vlib_cli_command_t * cmd)
417 {
418  const abf_itf_attach_t *aia;
419  u32 sw_if_index, *aiai;
420  fib_protocol_t fproto;
421  vnet_main_t *vnm;
422 
423  sw_if_index = ~0;
424  vnm = vnet_get_main ();
425 
427  {
428  if (unformat (input, "%U",
430  ;
431  else
432  return (clib_error_return (0, "unknown input '%U'",
433  format_unformat_error, input));
434  }
435 
436  if (~0 == sw_if_index)
437  {
438  vlib_cli_output (vm, "specify an interface");
439  }
440 
441  /* *INDENT-OFF* */
443  {
444  if (sw_if_index < vec_len(abf_per_itf[fproto]))
445  {
446  if (vec_len(abf_per_itf[fproto][sw_if_index]))
447  vlib_cli_output(vm, "%U:", format_fib_protocol, fproto);
448 
449  vec_foreach(aiai, abf_per_itf[fproto][sw_if_index])
450  {
453  }
454  }
455  }
456  /* *INDENT-ON* */
457  return (NULL);
458 }
459 
460 /* *INDENT-OFF* */
462  .path = "show abf attach",
463  .function = abf_show_attach_cmd,
464  .short_help = "show abf attach <interface>",
465  .is_mp_safe = 1,
466 };
467 /* *INDENT-ON* */
468 
469 void
471 {
472  u32 aii;
473 
474  /* *INDENT-OFF* */
476  {
477  if (!cb(aii, ctx))
478  break;
479  }
480  /* *INDENT-ON* */
481 }
482 
483 typedef enum abf_next_t_
484 {
487 } abf_next_t;
488 
489 typedef struct abf_input_trace_t_
490 {
494 
495 typedef enum
496 {
497 #define abf_error(n,s) ABF_ERROR_##n,
498 #include "abf_error.def"
499 #undef abf_error
501 } abf_error_t;
502 
507 {
508  u32 n_left_from, *from, *to_next, next_index, matches, misses;
509 
511  n_left_from = frame->n_vectors;
512  next_index = node->cached_next_index;
513  matches = misses = 0;
514 
515  while (n_left_from > 0)
516  {
517  u32 n_left_to_next;
518 
519  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
520 
521  while (n_left_from > 0 && n_left_to_next > 0)
522  {
523  const u32 *attachments0;
524  const abf_itf_attach_t *aia0;
525  abf_next_t next0 = ABF_NEXT_DROP;
526  vlib_buffer_t *b0;
527  u32 bi0, sw_if_index0;
528  fa_5tuple_opaque_t fa_5tuple0;
529  u32 match_acl_index = ~0;
530  u32 match_acl_pos = ~0;
531  u32 match_rule_index = ~0;
532  u32 trace_bitmap = 0;
533  u32 lc_index;
534  u8 action;
535 
536  bi0 = from[0];
537  to_next[0] = bi0;
538  from += 1;
539  to_next += 1;
540  n_left_from -= 1;
541  n_left_to_next -= 1;
542 
543  b0 = vlib_get_buffer (vm, bi0);
544  sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
545 
546  ASSERT (vec_len (abf_per_itf[fproto]) > sw_if_index0);
547  attachments0 = abf_per_itf[fproto][sw_if_index0];
548 
549  ASSERT (vec_len (abf_alctx_per_itf[fproto]) > sw_if_index0);
550  /*
551  * check if any of the policies attached to this interface matches.
552  */
553  lc_index = abf_alctx_per_itf[fproto][sw_if_index0];
554 
555  /*
556  A non-inline version looks like this:
557 
558  acl_plugin.fill_5tuple (lc_index, b0, (FIB_PROTOCOL_IP6 == fproto),
559  1, 0, &fa_5tuple0);
560  if (acl_plugin.match_5tuple
561  (lc_index, &fa_5tuple0, (FIB_PROTOCOL_IP6 == fproto), &action,
562  &match_acl_pos, &match_acl_index, &match_rule_index,
563  &trace_bitmap))
564  . . .
565  */
567  (FIB_PROTOCOL_IP6 == fproto), 1, 0,
568  &fa_5tuple0);
569 
571  (acl_plugin.p_acl_main, lc_index, &fa_5tuple0,
572  (FIB_PROTOCOL_IP6 == fproto), &action, &match_acl_pos,
573  &match_acl_index, &match_rule_index, &trace_bitmap))
574  {
575  /*
576  * match:
577  * follow the DPO chain
578  */
579  aia0 = abf_itf_attach_get (attachments0[match_acl_pos]);
580 
581  next0 = aia0->aia_dpo.dpoi_next_node;
582  vnet_buffer (b0)->ip.adj_index[VLIB_TX] =
583  aia0->aia_dpo.dpoi_index;
584  matches++;
585  }
586  else
587  {
588  /*
589  * miss:
590  * move on down the feature arc
591  */
592  vnet_feature_next (&next0, b0);
593  misses++;
594  }
595 
596  if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
597  {
598  abf_input_trace_t *tr;
599 
600  tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
601  tr->next = next0;
602  tr->index = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
603  }
604 
605  /* verify speculative enqueue, maybe switch current next frame */
607  to_next, n_left_to_next, bi0,
608  next0);
609  }
610 
611  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
612  }
613 
615  (fproto = FIB_PROTOCOL_IP6 ?
616  abf_ip4_node.index :
617  abf_ip6_node.index),
618  ABF_ERROR_MATCHED, matches);
620  (fproto = FIB_PROTOCOL_IP6 ?
621  abf_ip4_node.index :
622  abf_ip6_node.index),
623  ABF_ERROR_MISSED, misses);
624 
625  return frame->n_vectors;
626 }
627 
628 static uword
631 {
633 }
634 
635 static uword
638 {
640 }
641 
642 static u8 *
643 format_abf_input_trace (u8 * s, va_list * args)
644 {
645  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
646  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
647  abf_input_trace_t *t = va_arg (*args, abf_input_trace_t *);
648 
649  s = format (s, " next %d index %d", t->next, t->index);
650  return s;
651 }
652 
653 static char *abf_error_strings[] = {
654 #define abf_error(n,s) s,
655 #include "abf_error.def"
656 #undef abf_error
657 };
658 
659 /* *INDENT-OFF* */
661 {
662  .function = abf_input_ip4,
663  .name = "abf-input-ip4",
664  .vector_size = sizeof (u32),
665  .format_trace = format_abf_input_trace,
667  .n_errors = ABF_N_ERROR,
668  .error_strings = abf_error_strings,
669  .n_next_nodes = ABF_N_NEXT,
670  .next_nodes =
671  {
672  [ABF_NEXT_DROP] = "error-drop",
673  }
674 };
675 
677 {
678  .function = abf_input_ip6,
679  .name = "abf-input-ip6",
680  .vector_size = sizeof (u32),
681  .format_trace = format_abf_input_trace,
683  .n_errors = 0,
684  .n_next_nodes = ABF_N_NEXT,
685 
686  .next_nodes =
687  {
688  [ABF_NEXT_DROP] = "error-drop",
689  }
690 };
691 
692 VNET_FEATURE_INIT (abf_ip4_feat, static) =
693 {
694  .arc_name = "ip4-unicast",
695  .node_name = "abf-input-ip4",
696  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
697 };
698 
699 VNET_FEATURE_INIT (abf_ip6_feat, static) =
700 {
701  .arc_name = "ip6-unicast",
702  .node_name = "abf-input-ip6",
703  .runs_after = VNET_FEATURES ("acl-plugin-in-ip6-fa"),
704 };
705 /* *INDENT-ON* */
706 
707 static fib_node_t *
709 {
711  return (&(aia->aia_node));
712 }
713 
714 static abf_itf_attach_t *
716 {
717  return ((abf_itf_attach_t *) (((char *) node) -
719  aia_node)));
720 }
721 
722 static void
724 {
725  /*
726  * ABF interface attachments are leaves on the graph.
727  * we do not manage locks from children.
728  */
729 }
730 
731 /*
732  * abf_itf_attach_back_walk_notify
733  *
734  * A back walk has reached this BIER fmask
735  */
739 {
740  /*
741  * re-stack the fmask on the n-eos of the via
742  */
744 
745  abf_itf_attach_stack (aia);
746 
748 }
749 
750 /*
751  * The BIER fmask's graph node virtual function table
752  */
755  .fnv_last_lock = abf_itf_attach_last_lock_gone,
756  .fnv_back_walk = abf_itf_attach_back_walk_notify,
757 };
758 
759 static clib_error_t *
761 {
765  if (acl_init_res)
766  return (acl_init_res);
767 
769  acl_plugin.register_user_module ("ABF plugin", "sw_if_index", NULL);
770 
771  return (NULL);
772 }
773 
774 /* *INDENT-OFF* */
776 {
777  .runs_after = VLIB_INITS("acl_init"),
778 };
779 /* *INDENT-ON* */
780 
781 /*
782  * fd.io coding-style-patch-verification: ON
783  *
784  * Local Variables:
785  * eval: (c-set-style "gnu")
786  * End:
787  */
FIB_PROTOCOL_MAX
#define FIB_PROTOCOL_MAX
Definition outside of enum so it does not need to be included in non-defaulted switch statements.
Definition: fib_types.h:51
abf_policy_t_::ap_id
u32 ap_id
The policy ID - as configured by the client.
Definition: abf_policy.h:58
dpo_id_t_::dpoi_next_node
u16 dpoi_next_node
The next VLIB node to follow.
Definition: dpo.h:186
dpo_id_t_::dpoi_index
index_t dpoi_index
the index of objects of that type
Definition: dpo.h:190
abf_itf_attach_db_find
static abf_itf_attach_t * abf_itf_attach_db_find(u32 abf_index, u32 sw_if_index)
Definition: abf_itf_attach.c:74
DPO_INVALID
#define DPO_INVALID
An initialiser for DPOs declared on the stack.
Definition: dpo.h:204
abf_itf_attach_get_node
static fib_node_t * abf_itf_attach_get_node(fib_node_index_t index)
Definition: abf_itf_attach.c:708
acl_plugin_match_5tuple_inline
static int acl_plugin_match_5tuple_inline(void *p_acl_main, u32 lc_index, fa_5tuple_opaque_t *pkt_5tuple, int is_ip6, u8 *r_action, u32 *r_acl_pos_p, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
Definition: public_inlines.h:653
abf_itf_attach_db
static uword * abf_itf_attach_db
A DB of attachments; key={abf_index,sw_if_index}.
Definition: abf_itf_attach.c:59
frame
vlib_main_t vlib_node_runtime_t vlib_frame_t * frame
Definition: nat44_ei.c:3048
fib_node_back_walk_rc_t
enum fib_node_back_walk_rc_t_ fib_node_back_walk_rc_t
Return code from a back walk function.
abf_input_trace_t_
Definition: abf_itf_attach.c:489
next_index
nat44_ei_hairpin_src_next_t next_index
Definition: nat44_ei_hairpinning.c:412
FOR_EACH_FIB_IP_PROTOCOL
#define FOR_EACH_FIB_IP_PROTOCOL(_item)
Definition: fib_types.h:69
acl_plugin_exports_init
static clib_error_t * acl_plugin_exports_init(acl_plugin_methods_t *m)
Definition: public_inlines.h:39
vlib_get_buffer
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:111
abf_itf_attach
int abf_itf_attach(fib_protocol_t fproto, u32 policy_id, u32 priority, u32 sw_if_index)
Definition: abf_itf_attach.c:166
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:553
format_abf_intf_attach
static u8 * format_abf_intf_attach(u8 *s, va_list *args)
Definition: abf_itf_attach.c:328
abf_itf_attach_mk_key
static u64 abf_itf_attach_mk_key(u32 abf_index, u32 sw_if_index)
Definition: abf_itf_attach.c:62
VLIB_NODE_TYPE_INTERNAL
@ VLIB_NODE_TYPE_INTERNAL
Definition: node.h:72
node
vlib_main_t vlib_node_runtime_t * node
Definition: nat44_ei.c:3047
fib_node_vft_t_
A FIB graph nodes virtual function table.
Definition: fib_node.h:288
abf_error_strings
static char * abf_error_strings[]
Definition: abf_itf_attach.c:653
clib_error_return
#define clib_error_return(e, args...)
Definition: error.h:99
vlib_cli_command_t::path
char * path
Definition: cli.h:96
abf_itf_attach_stack
static void abf_itf_attach_stack(abf_itf_attach_t *aia)
Definition: abf_itf_attach.c:110
pool_put
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:305
vm
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
Definition: nat44_ei.c:3047
VLIB_RX
@ VLIB_RX
Definition: defs.h:46
ABF_N_ERROR
@ ABF_N_ERROR
Definition: abf_itf_attach.c:500
abf_itf_attach_t_::aia_node
fib_node_t aia_node
Linkage into the FIB graph.
Definition: abf_itf_attach.h:44
abf_itf_attach_t_
Attachment data for an ABF policy to an interface.
Definition: abf_itf_attach.h:25
abf_next_t
enum abf_next_t_ abf_next_t
abf_policy_t_
An ACL based Forwarding 'policy'.
Definition: abf_policy.h:33
unformat_input_t
struct _unformat_input_t unformat_input_t
vlib_frame_t
Definition: node.h:372
fib_node_type_t
enum fib_node_type_t_ fib_node_type_t
The types of nodes in a FIB graph.
abf_show_attach_cmd_node
static vlib_cli_command_t abf_show_attach_cmd_node
(constructor) VLIB_CLI_COMMAND (abf_show_attach_cmd_node)
Definition: abf_itf_attach.c:461
abf_policy_get
abf_policy_t * abf_policy_get(u32 index)
Get an ABF object from its VPP index.
Definition: abf_policy.c:41
abf_itf_attach_t_::aia_sw_if_index
u32 aia_sw_if_index
The interface for the attachment.
Definition: abf_itf_attach.h:65
abf_itf_attach.h
key
typedef key
Definition: ipsec_types.api:88
api
import vnet interface_types api
Definition: sample.api:20
unformat
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:978
hash_set
#define hash_set(h, key, value)
Definition: hash.h:255
FIB_FORW_CHAIN_TYPE_UNICAST_IP4
@ FIB_FORW_CHAIN_TYPE_UNICAST_IP4
Contribute an object that is to be used to forward IP4 packets.
Definition: fib_types.h:108
STRUCT_OFFSET_OF
#define STRUCT_OFFSET_OF(t, f)
Definition: clib.h:73
abf_ip6_node
vlib_node_registration_t abf_ip6_node
(constructor) VLIB_REGISTER_NODE (abf_ip6_node)
Definition: abf_itf_attach.c:676
fa_5tuple_opaque_t
Definition: exported_types.h:25
abf_itf_attach_get
static abf_itf_attach_t * abf_itf_attach_get(u32 index)
Definition: abf_itf_attach.h:81
acl_plugin
static acl_plugin_methods_t acl_plugin
Definition: abf_itf_attach.c:54
abf_itf_attach_pool
abf_itf_attach_t * abf_itf_attach_pool
Pool of ABF interface attachment objects.
Definition: abf_itf_attach.c:34
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:142
abf_policy_t_::ap_pl
fib_node_index_t ap_pl
The path-list describing how to forward in case of a match.
Definition: abf_policy.h:48
abf_policy_find
u32 abf_policy_find(u32 policy_id)
Find a ABF object from the client's policy ID.
Definition: abf_policy.c:66
abf_itf_attach_cmd_node
static vlib_cli_command_t abf_itf_attach_cmd_node
Attach an ABF policy to an interface.
Definition: abf_itf_attach.c:406
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:606
abf_policy_fib_node_type
fib_node_type_t abf_policy_fib_node_type
FIB node type the attachment is registered.
Definition: abf_policy.c:26
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:90
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:437
vnet_get_main
vnet_main_t * vnet_get_main(void)
Definition: pnat_test_stubs.h:56
priority
i32 priority
Definition: ipsec.api:95
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:124
vnet_feature_next
static_always_inline void vnet_feature_next(u32 *next0, vlib_buffer_t *b0)
Definition: feature.h:322
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:301
unformat_check_input
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:163
abf_input_ip4
static uword abf_input_ip4(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: abf_itf_attach.c:629
abf_itf_attach_db_del
static void abf_itf_attach_db_del(u32 abf_index, u32 sw_if_index)
Definition: abf_itf_attach.c:100
index_t
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:43
fib_node_index_t
u32 fib_node_index_t
A typedef of a node index.
Definition: fib_types.h:29
abf_input_trace_t_::index
index_t index
Definition: abf_itf_attach.c:492
uword
u64 uword
Definition: types.h:112
ABF_N_NEXT
@ ABF_N_NEXT
Definition: abf_itf_attach.c:486
hash_get
#define hash_get(h, key)
Definition: hash.h:249
abf_itf_attach_vft
static const fib_node_vft_t abf_itf_attach_vft
Definition: abf_itf_attach.c:753
abf_itf_attach_t_::aia_sibling
u32 aia_sibling
Sibling index on the policy's path list.
Definition: abf_itf_attach.h:54
abf_itf_attach_db_add
static void abf_itf_attach_db_add(u32 abf_index, u32 sw_if_index, abf_itf_attach_t *aia)
Definition: abf_itf_attach.c:90
vlib_node_increment_counter
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
Definition: node_funcs.h:1244
abf_itf_attach_walk_cb_t
int(* abf_itf_attach_walk_cb_t)(index_t aii, void *ctx0)
Definition: abf_itf_attach.h:92
exports.h
abf_error.def
format_unformat_error
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
pool_get
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:255
VLIB_CLI_COMMAND
#define VLIB_CLI_COMMAND(x,...)
Definition: cli.h:163
acl_plugin_methods_t
Definition: exported_types.h:88
dpo_stack_from_node
void dpo_stack_from_node(u32 child_node_index, dpo_id_t *dpo, const dpo_id_t *parent)
Stack one DPO object on another, and thus establish a child parent relationship.
Definition: dpo.c:550
VNET_FEATURE_INIT
VNET_FEATURE_INIT(abf_ip4_feat, static)
fib_protocol_t
enum fib_protocol_t_ fib_protocol_t
Protocol Type.
abf_show_attach_cmd
static clib_error_t * abf_show_attach_cmd(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: abf_itf_attach.c:415
fib_path_list_contribute_forwarding
void fib_path_list_contribute_forwarding(fib_node_index_t path_list_index, fib_forward_chain_type_t fct, fib_path_list_fwd_flags_t flags, dpo_id_t *dpo)
Definition: fib_path_list.c:1211
abf_cmp_attach_for_sort
static int abf_cmp_attach_for_sort(void *v1, void *v2)
Definition: abf_itf_attach.c:134
FIB_PROTOCOL_IP4
@ FIB_PROTOCOL_IP4
Definition: fib_types.h:36
abf_input_ip6
static uword abf_input_ip6(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: abf_itf_attach.c:636
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
FIB_NODE_BACK_WALK_CONTINUE
@ FIB_NODE_BACK_WALK_CONTINUE
Definition: fib_node.h:259
vlib_cli_output
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
Definition: cli.c:716
format_dpo_id
u8 * format_dpo_id(u8 *s, va_list *args)
Format a DPO_id_t oject.
Definition: dpo.c:150
vec_search
#define vec_search(v, E)
Search a vector for the index of the entry that matches.
Definition: vec.h:1054
abf_input_inline
static uword abf_input_inline(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, fib_protocol_t fproto)
Definition: abf_itf_attach.c:504
abf_itf_attach_back_walk_notify
static fib_node_back_walk_rc_t abf_itf_attach_back_walk_notify(fib_node_t *node, fib_node_back_walk_ctx_t *ctx)
Definition: abf_itf_attach.c:737
abf_setup_acl_lc
void abf_setup_acl_lc(fib_protocol_t fproto, u32 sw_if_index)
Definition: abf_itf_attach.c:146
ABF_NEXT_DROP
@ ABF_NEXT_DROP
Definition: abf_itf_attach.c:485
vnet_main_t
Definition: vnet.h:76
vec_free
#define vec_free(V)
Free vector's memory (no header).
Definition: vec.h:395
vlib_validate_buffer_enqueue_x1
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:224
index
u32 index
Definition: flow_types.api:221
always_inline
#define always_inline
Definition: rdma_mlx5dv.h:23
format_fib_protocol
u8 * format_fib_protocol(u8 *s, va_list *ap)
Definition: fib_types.c:33
abf_itf_attach_last_lock_gone
static void abf_itf_attach_last_lock_gone(fib_node_t *node)
Definition: abf_itf_attach.c:723
fib_path_list.h
pool_foreach_index
#define pool_foreach_index(i, v)
Definition: pool.h:576
u64
unsigned long u64
Definition: types.h:89
unformat_vnet_sw_interface
unformat_function_t unformat_vnet_sw_interface
Definition: interface_funcs.h:459
format
description fragment has unexpected format
Definition: map.api:433
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
acl_plugin_fill_5tuple_inline
static void acl_plugin_fill_5tuple_inline(void *p_acl_main, u32 lc_index, vlib_buffer_t *b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_opaque_t *p5tuple_pkt)
Definition: public_inlines.h:231
abf_error_t
abf_error_t
Definition: abf_itf_attach.c:495
vec_validate_init_empty
#define vec_validate_init_empty(V, I, INIT)
Make sure vector is long enough for given index and initialize empty space (no header,...
Definition: vec.h:570
vlib_put_next_frame
vlib_put_next_frame(vm, node, next_index, 0)
abf_alctx_per_itf
static u32 * abf_alctx_per_itf[FIB_PROTOCOL_MAX]
Per interface values of ACL lookup context IDs.
Definition: abf_itf_attach.c:44
abf_policy_t_::ap_acl
u32 ap_acl
ACL index to match.
Definition: abf_policy.h:43
u32
unsigned int u32
Definition: types.h:88
VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:172
abf_itf_attach_t_::aia_prio
u32 aia_prio
The priority of this policy for attachment.
Definition: abf_itf_attach.h:72
abf_itf_attach_t_::aia_dpo
dpo_id_t aia_dpo
The DPO actually used for forwarding.
Definition: abf_itf_attach.h:39
FIB_PROTOCOL_IP6
@ FIB_PROTOCOL_IP6
Definition: fib_types.h:37
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
abf_itf_detach
int abf_itf_detach(fib_protocol_t fproto, u32 policy_id, u32 sw_if_index)
Definition: abf_itf_attach.c:250
vec_foreach
#define vec_foreach(var, vec)
Vector iterator.
Definition: vec_bootstrap.h:213
abf_itf_attach_fib_node_type
static fib_node_type_t abf_itf_attach_fib_node_type
FIB node registered type for the bonds.
Definition: abf_itf_attach.c:29
vnet_feature_enable_disable
int vnet_feature_enable_disable(const char *arc_name, const char *node_name, u32 sw_if_index, int enable_disable, void *feature_config, u32 n_feature_config_bytes)
Definition: pnat_test_stubs.h:50
fib_node_t_
An node in the FIB graph.
Definition: fib_node.h:301
hash_unset
#define hash_unset(h, key)
Definition: hash.h:261
vec_sort_with_function
#define vec_sort_with_function(vec, f)
Sort a vector using the supplied element comparison function.
Definition: vec.h:1097
vlib_main_t
Definition: main.h:102
vlib_node_t
Definition: node.h:247
fib_node_init
void fib_node_init(fib_node_t *node, fib_node_type_t type)
Definition: fib_node.c:185
vlib_add_trace
void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace.c:628
VLIB_INITS
#define VLIB_INITS(...)
Definition: init.h:352
format_abf_input_trace
static u8 * format_abf_input_trace(u8 *s, va_list *args)
Definition: abf_itf_attach.c:643
abf_itf_attach_t_::aia_acl
u32 aia_acl
The ACL and DPO are cached for fast DP access.
Definition: abf_itf_attach.h:34
VNET_FEATURES
#define VNET_FEATURES(...)
Definition: feature.h:470
abf_acl_user_id
static u32 abf_acl_user_id
ABF ACL module user id returned during the initialization.
Definition: abf_itf_attach.c:49
u8
unsigned char u8
Definition: types.h:56
clib_error_t
Definition: clib_error.h:21
vlib_init_function_t
clib_error_t *() vlib_init_function_t(struct vlib_main_t *vm)
Definition: init.h:51
abf_input_trace_t
struct abf_input_trace_t_ abf_input_trace_t
abf_next_t_
abf_next_t_
Definition: abf_itf_attach.c:483
fib_node_back_walk_ctx_t_
Context passed between object during a back walk.
Definition: fib_node.h:214
abf_ip4_node
vlib_node_registration_t abf_ip4_node
Forward declarations;.
Definition: abf_itf_attach.c:660
fib_node_vft_t_::fnv_get
fib_node_get_t fnv_get
Definition: fib_node.h:289
fib_node_child_remove
void fib_node_child_remove(fib_node_type_t parent_type, fib_node_index_t parent_index, fib_node_index_t sibling_index)
Definition: fib_node.c:123
abf_input_trace_t_::next
abf_next_t next
Definition: abf_itf_attach.c:491
dpo_id_t_
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
Definition: dpo.h:172
FIB_FORW_CHAIN_TYPE_UNICAST_IP6
@ FIB_FORW_CHAIN_TYPE_UNICAST_IP6
Contribute an object that is to be used to forward IP6 packets.
Definition: fib_types.h:112
vlib_node_runtime_t
Definition: node.h:454
vlib_cli_command_t
Definition: cli.h:92
abf_itf_attach_cmd
static clib_error_t * abf_itf_attach_cmd(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: abf_itf_attach.c:342
from
from
Definition: nat44_ei_hairpinning.c:415
INDEX_INVALID
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:49
action
vl_api_mac_event_action_t action
Definition: l2.api:211
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
vlib_get_next_frame
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:395
abf_itf_attach_walk
void abf_itf_attach_walk(abf_itf_attach_walk_cb_t cb, void *ctx)
Definition: abf_itf_attach.c:470
abf_itf_attach_t_::aia_abf
u32 aia_abf
The VPP index of the ABF policy.
Definition: abf_itf_attach.h:49
VLIB_TX
@ VLIB_TX
Definition: defs.h:47
abf_itf_bond_init
static clib_error_t * abf_itf_bond_init(vlib_main_t *vm)
Definition: abf_itf_attach.c:760
dpo_reset
void dpo_reset(dpo_id_t *dpo)
reset a DPO ID The DPO will be unlocked.
Definition: dpo.c:234
abf_per_itf
static u32 ** abf_per_itf[FIB_PROTOCOL_MAX]
A per interface vector of attached policies.
Definition: abf_itf_attach.c:39
n_left_from
n_left_from
Definition: nat44_ei_hairpinning.c:416
fib_node_register_new_type
fib_node_type_t fib_node_register_new_type(const fib_node_vft_t *vft)
Create a new FIB node type and Register the function table for it.
Definition: fib_node.c:80
abf_itf_attach_t_::aia_proto
fib_protocol_t aia_proto
The protocol for the attachment.
Definition: abf_itf_attach.h:60
acl_plugin_methods_t::p_acl_main
void * p_acl_main
Definition: exported_types.h:89
fib_node_child_add
u32 fib_node_child_add(fib_node_type_t parent_type, fib_node_index_t parent_index, fib_node_type_t type, fib_node_index_t index)
Definition: fib_node.c:98
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
vec_del1
#define vec_del1(v, i)
Delete the element at index I.
Definition: vec.h:896
UNFORMAT_END_OF_INPUT
#define UNFORMAT_END_OF_INPUT
Definition: format.h:137
FIB_PATH_LIST_FWD_FLAG_COLLAPSE
@ FIB_PATH_LIST_FWD_FLAG_COLLAPSE
Definition: fib_path_list.h:143
vlib_buffer_t::flags
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index,...
Definition: buffer.h:133
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
abf_itf_attach_get_from_node
static abf_itf_attach_t * abf_itf_attach_get_from_node(fib_node_t *node)
Definition: abf_itf_attach.c:715