|
FD.io VPP
v21.06-3-gbb25fbf28
Vector Packet Processing
|
Go to the documentation of this file.
16 #ifndef __GBP_CONTRACT_H__
17 #define __GBP_CONTRACT_H__
22 #define foreach_gbp_contract_error \
23 _(ALLOW_NO_SCLASS, "allow-no-sclass") \
24 _(ALLOW_INTRA, "allow-intra-sclass") \
25 _(ALLOW_A_BIT, "allow-a-bit-set") \
26 _(ALLOW_SCLASS_1, "allow-sclass-1") \
27 _(ALLOW_CONTRACT, "allow-contract") \
28 _(DROP_CONTRACT, "drop-contract") \
29 _(DROP_ETHER_TYPE, "drop-ether-type") \
30 _(DROP_NO_CONTRACT, "drop-no-contract") \
31 _(DROP_NO_DCLASS, "drop-no-dclass") \
32 _(DROP_NO_RULE, "drop-no-rule")
36 #define _(sym,str) GBP_CONTRACT_ERROR_##sym,
40 #define GBP_CONTRACT_N_ERROR GBP_CONTRACT_N_ERROR
78 #define foreach_gbp_hash_mode \
81 _(SYMMETRIC, "symmetric")
85 #define _(v,s) GBP_HASH_MODE_##v,
90 #define foreach_gbp_rule_action \
93 _(REDIRECT, "redirect")
97 #define _(v,s) GBP_RULE_##v,
102 #define foreach_gbp_policy_node \
109 #define _(v,s) GBP_POLICY_NODE_##v,
113 #define GBP_POLICY_N_NODES (GBP_POLICY_NODE_IP6+1)
115 #define FOR_EACH_GBP_POLICY_NODE(pnode) \
116 for (pnode = GBP_POLICY_NODE_L2; pnode < GBP_POLICY_N_NODES; pnode++)
243 u32 acl_pos, trace_bitmap;
250 if (
key->gck_src ==
key->gck_dst)
254 *err = GBP_CONTRACT_ERROR_ALLOW_INTRA;
255 return GBP_RULE_PERMIT;
258 if (1 ==
key->gck_src || 1 ==
key->gck_dst)
262 *err = GBP_CONTRACT_ERROR_ALLOW_SCLASS_1;
263 return GBP_RULE_PERMIT;
270 *err = GBP_CONTRACT_ERROR_DROP_NO_CONTRACT;
271 return GBP_RULE_DENY;
276 *err = GBP_CONTRACT_ERROR_DROP_CONTRACT;
295 *err = GBP_CONTRACT_ERROR_DROP_ETHER_TYPE;
299 switch (clib_net_to_host_u16 (etype))
301 case ETHERNET_TYPE_IP4:
304 case ETHERNET_TYPE_IP6:
330 *err = GBP_CONTRACT_ERROR_DROP_NO_RULE;
335 switch ((*rule)->gu_action)
337 case GBP_RULE_PERMIT:
338 case GBP_RULE_REDIRECT:
339 *err = GBP_CONTRACT_ERROR_ALLOW_CONTRACT;
343 return (*rule)->gu_action;
352 return GBP_RULE_DENY;
int(* gbp_contract_cb_t)(gbp_contract_t *gbpe, void *ctx)
static int acl_plugin_match_5tuple_inline(void *p_acl_main, u32 lc_index, fa_5tuple_opaque_t *pkt_5tuple, int is_ip6, u8 *r_action, u32 *r_acl_pos_p, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
gbp_contract_t * gbp_contract_pool
enum gbp_policy_node_t_ gbp_policy_node_t
static index_t gbp_contract_find(gbp_contract_key_t *key)
#define GBP_CONTRACT_N_ERROR
static gbp_rule_t * gbp_rule_get(index_t gui)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
gbp_contract_key_t gc_key
source and destination EPGs
void gbp_rule_free(index_t gui)
vlib_main_t * vm
X-connect all packets from the HOST to the PHY.
vlib_combined_counter_main_t gbp_contract_drop_counters
vl_api_gbp_next_hop_t nhs[8]
gbp_contract_apply_type_t
int gbp_contract_delete(gbp_scope_t scope, sclass_t sclass, sclass_t dclass)
u16 allowed_ethertypes[16]
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
struct gbp_contract_db_t_ gbp_contract_db_t
EPG src,dst pair to ACL mapping table, aka contract DB.
u8 * format_gbp_rule_action(u8 *s, va_list *args)
vlib_parse_match_function_t rule_match
gbp_rule_t * gbp_rule_pool
enum gbp_hash_mode_t_ gbp_hash_mode_t
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
struct gbp_contract_t_ gbp_contract_t
A Group Based Policy Contract.
#define FIB_PROTOCOL_IP_MAX
Definition outside of enum so it does not need to be included in non-defaulted switch statements.
gbp_contract_db_t gbp_contract_db
DP functions and databases.
struct gbp_contract_key_t_ gbp_contract_key_t
The key for an Contract.
vlib_combined_counter_main_t gbp_contract_permit_counters
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
#define static_always_inline
void gbp_contract_walk(gbp_contract_cb_t bgpe, void *ctx)
uword * gc_hash
We can form a u64 key from the pair, so use a simple hash table.
struct gbp_rule_t_ gbp_rule_t
index_t gbp_next_hop_alloc(const ip46_address_t *ip, index_t grd, const mac_address_t *mac, index_t gbd)
#define foreach_gbp_policy_node
sclass_t gck_src
source and destination EPGs for which the ACL applies
#define GBP_POLICY_N_NODES
index_t gnh_ai[FIB_PROTOCOL_IP_MAX]
#define vec_search(v, E)
Search a vector for the index of the entry that matches.
EPG src,dst pair to ACL mapping table, aka contract DB.
static_always_inline gbp_rule_action_t gbp_contract_apply(vlib_main_t *vm, gbp_main_t *gm, gbp_contract_key_t *key, vlib_buffer_t *b, gbp_rule_t **rule, u32 *intra, u32 *sclass1, u32 *acl_match, u32 *rule_match, gbp_contract_error_t *err, gbp_contract_apply_type_t type)
enum gbp_rule_action_t_ gbp_rule_action_t
u8 * format_gbp_contract(u8 *s, va_list *args)
A collection of combined counters.
#define foreach_gbp_rule_action
static void acl_plugin_fill_5tuple_inline(void *p_acl_main, u32 lc_index, vlib_buffer_t *b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_opaque_t *p5tuple_pkt)
int gbp_contract_update(gbp_scope_t scope, sclass_t sclass, sclass_t dclass, u32 acl_index, index_t *rules, u16 *allowed_ethertypes, u32 *stats_index)
gbp_hash_mode_t gu_hash_mode
vl_api_gbp_rule_t rules[n_rules]
#define foreach_gbp_hash_mode
char * gbp_contract_error_strings[GBP_CONTRACT_N_ERROR]
An node in the FIB graph.
dpo_id_t gu_dpo[GBP_POLICY_N_NODES][FIB_PROTOCOL_IP_MAX]
DPO of the load-balance object used to redirect.
static gbp_contract_t * gbp_contract_get(index_t gci)
index_t * gc_rules
The ACL to apply for packets from the source to the destination EPG.
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
index_t gbp_rule_alloc(gbp_rule_action_t action, gbp_hash_mode_t hash_mode, index_t *nhs)
A Group Based Policy Contract.
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
u16 * gc_allowed_ethertypes
An ethertype whitelist.
#define foreach_gbp_contract_error
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
vl_api_mac_event_action_t action
Group Base Policy (GBP) defines:
gbp_rule_action_t gu_action
vl_api_fib_path_type_t type
vlib_increment_combined_counter(ccm, ti, sw_if_index, n_buffers, n_bytes)
VLIB buffer representation.
struct gbp_next_hop_t_ gbp_next_hop_t