FD.io VPP  v17.01.1-3-gc6833f8
Vector Packet Processing
sr.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @file
17  * @brief Segment Routing header
18  *
19  * @note sr_replicate only works using DPDK today
20  */
21 #ifndef included_vnet_sr_h
22 #define included_vnet_sr_h
23 
24 #include <vnet/vnet.h>
25 #include <vnet/sr/sr_packet.h>
26 #include <vnet/ip/ip6_packet.h>
27 
28 #include <openssl/opensslconf.h>
29 #include <stdlib.h>
30 #include <string.h>
31 
32 #include <openssl/crypto.h>
33 #include <openssl/sha.h>
34 #include <openssl/opensslv.h>
35 #include <openssl/hmac.h>
36 
37 /**
38  * @brief Segment Route tunnel key
39  */
40 typedef struct
41 {
45 
46 /**
47  * @brief Segment Route tunnel
48  */
49 typedef struct
50 {
51  /** src, dst address */
53 
54  /** Pptional tunnel name */
55  u8 *name;
56 
57  /** Mask width for FIB entry */
59 
60  /** First hop, to save 1 elt in the segment list */
62 
63  /** RX Fib index */
65  /** TX Fib index */
67 
68  /** The actual ip6 SR header */
70 
71  /** Indicates that this tunnel is part of a policy comprising
72  of multiple tunnels. If == ~0 tunnel is not part of a policy */
75 
76 /**
77  * @brief Shared secret for keyed-hash message authentication code (HMAC).
78  */
79 typedef struct
80 {
83 
84 /**
85  * @brief Args required for add/del tunnel.
86  *
87  * Else we end up passing a LOT of parameters around.
88  */
89 typedef struct
90 {
91  /** Key (header imposition case) */
97 
98  /** optional name argument - for referencing SR tunnel/policy by name */
99  u8 *name;
100 
101  /** optional policy name */
103 
104  /** segment list, when inserting an ip6 SR header */
106 
107  /**
108  * "Tag" list, aka segments inserted at the end of the list,
109  * past last_seg
110  */
112 
113  /** Shared secret => generate SHA-256 HMAC security fields */
115 
116  /** Flags, e.g. cleanup, policy-list flags */
118 
119  /** Delete the tunnnel? */
122 
123 /**
124  * @brief Args for creating a policy.
125  *
126  * Typically used for multicast replication.
127  * ie a multicast address can be associated with a policy,
128  * then replicated across a number of unicast SR tunnels.
129  */
130 typedef struct
131 {
132  /** policy name */
134 
135  /** tunnel names */
137 
138  /** Delete the policy? */
141 
142 /**
143  * @brief Segment Routing policy.
144  *
145  * Typically used for multicast replication.
146  * ie a multicast address can be associated with a policy,
147  * then replicated across a number of unicast SR tunnels.
148  */
149 typedef struct
150 {
151  /** name of policy */
153 
154  /** vector to SR tunnel index */
156 
158 
159 /**
160  * @brief Args for mapping of multicast address to policy name.
161  *
162  * Typically used for multicast replication.
163  * ie a multicast address can be associated with a policy,
164  * then replicated across a number of unicast SR tunnels.
165  */
166 typedef struct
167 {
168  /** multicast IP6 address */
170 
171  /** name of policy to map to */
173 
174  /** Delete the mapping */
176 
178 
179 /**
180  * @brief Segment Routing state.
181  */
182 typedef struct
183 {
184  /** pool of tunnel instances, sr entry only */
186 
187  /** find an sr "tunnel" by its outer-IP src/dst */
189 
190  /** find an sr "tunnel" by its name */
192 
193  /** policy pool */
195 
196  /** find a policy by name */
198 
199  /** multicast address to policy mapping */
201 
202  /** hmac key id by shared secret */
204 
205  /** ip6-rewrite next index for reinstalling the original dst address */
207 
208  /** ip6-replicate next index for multicast tunnel */
210 
211  /** application API callback */
212  void *sr_local_cb;
213 
214  /** validate hmac keys */
216 
217  /** pool of hmac keys */
219 
220  /** Openssl var */
221  EVP_MD *md;
222  /** Openssl var */
223  HMAC_CTX *hmac_ctx;
224 
225  /** enable debug spew */
227 
228  /** convenience */
230  /** convenience */
232 } ip6_sr_main_t;
233 
235 
238 
240 
241 #if DPDK > 0
243 #endif /* DPDK */
244 
248 
249 void vnet_register_sr_app_callback (void *cb);
250 
251 void sr_fix_hmac (ip6_sr_main_t * sm, ip6_header_t * ip,
252  ip6_sr_header_t * sr);
253 
254 #endif /* included_vnet_sr_h */
255 
256 /*
257  * fd.io coding-style-patch-verification: ON
258  *
259  * Local Variables:
260  * eval: (c-set-style "gnu")
261  * End:
262  */
HMAC_CTX * hmac_ctx
Openssl var.
Definition: sr.h:223
Segment Route tunnel key.
Definition: sr.h:40
Args for creating a policy.
Definition: sr.h:130
uword * tunnel_index_by_key
find an sr "tunnel" by its outer-IP src/dst
Definition: sr.h:188
a
Definition: bitmap.h:516
u32 tx_fib_index
TX Fib index.
Definition: sr.h:66
u32 policy_index
Indicates that this tunnel is part of a policy comprising of multiple tunnels.
Definition: sr.h:73
u32 dst_mask_width
Mask width for FIB entry.
Definition: sr.h:58
ip6_address_t * multicast_address
multicast IP6 address
Definition: sr.h:169
u8 * name
Pptional tunnel name.
Definition: sr.h:55
struct _vlib_node_registration vlib_node_registration_t
ip6_address_t * tags
"Tag" list, aka segments inserted at the end of the list, past last_seg
Definition: sr.h:111
ip6_sr_tunnel_key_t key
src, dst address
Definition: sr.h:52
u32 rx_fib_index
RX Fib index.
Definition: sr.h:64
ip6_address_t dst
Definition: sr.h:43
ip6_address_t src
Definition: sr.h:42
u8 * name
name of policy
Definition: sr.h:152
ip6_address_t * segments
segment list, when inserting an ip6 SR header
Definition: sr.h:105
EVP_MD * md
Openssl var.
Definition: sr.h:221
int ip6_sr_add_del_policy(ip6_sr_add_del_policy_args_t *a)
Add or Delete a Segment Routing policy.
Definition: sr.c:1509
ip6_sr_hmac_key_t * hmac_keys
pool of hmac keys
Definition: sr.h:218
u8 * name
optional name argument - for referencing SR tunnel/policy by name
Definition: sr.h:99
int ip6_sr_add_del_multicastmap(ip6_sr_add_del_multicastmap_args_t *a)
Add or Delete a mapping of IP6 multicast address to Segment Routing policy.
Definition: sr.c:1761
format_function_t format_ip6_sr_header_with_length
Definition: sr.h:237
Args required for add/del tunnel.
Definition: sr.h:89
void sr_fix_hmac(ip6_sr_main_t *sm, ip6_header_t *ip, ip6_sr_header_t *sr)
Use passed HMAC key in ip6_sr_header_t in OpenSSL HMAC routines.
Definition: sr.c:46
u8 is_del
Delete the tunnnel?
Definition: sr.h:120
Args for mapping of multicast address to policy name.
Definition: sr.h:166
vlib_main_t * vlib_main
convenience
Definition: sr.h:229
void vnet_register_sr_app_callback(void *cb)
Register a callback routine to set next0 in sr_local.
Definition: sr.c:3112
The Segment Routing Header (SRH).
void * sr_local_cb
application API callback
Definition: sr.h:212
u8 * shared_secret
Definition: sr.h:81
u8 is_debug
enable debug spew
Definition: sr.h:226
int ip6_sr_add_del_tunnel(ip6_sr_add_del_tunnel_args_t *a)
Add or Delete a Segment Routing tunnel.
Definition: sr.c:896
u16 flags_net_byte_order
Flags, e.g.
Definition: sr.h:117
u32 ip6_lookup_sr_replicate_index
ip6-replicate next index for multicast tunnel
Definition: sr.h:209
ip6_address_t * src_address
Key (header imposition case)
Definition: sr.h:92
u8 * policy_name
optional policy name
Definition: sr.h:102
vnet_main_t * vnet_main
convenience
Definition: sr.h:231
u8 * rewrite
The actual ip6 SR header.
Definition: sr.h:69
vlib_node_registration_t ip6_sr_input_node
Definition: sr.h:239
u32 * tunnel_indices
vector to SR tunnel index
Definition: sr.h:155
u8 * policy_name
name of policy to map to
Definition: sr.h:172
Segment Route tunnel.
Definition: sr.h:49
u8 validate_hmac
validate hmac keys
Definition: sr.h:215
ip6_address_t first_hop
First hop, to save 1 elt in the segment list.
Definition: sr.h:61
unsigned int u32
Definition: types.h:88
u8 * name
policy name
Definition: sr.h:133
ip6_sr_tunnel_t * tunnels
pool of tunnel instances, sr entry only
Definition: sr.h:185
uword * policy_index_by_policy_name
find a policy by name
Definition: sr.h:197
u8 is_del
Delete the policy?
Definition: sr.h:139
uword * tunnel_index_by_name
find an sr "tunnel" by its name
Definition: sr.h:191
u8 *( format_function_t)(u8 *s, va_list *args)
Definition: format.h:48
u64 uword
Definition: types.h:112
format_function_t format_ip6_sr_header
Definition: sr.h:236
u8 * shared_secret
Shared secret => generate SHA-256 HMAC security fields.
Definition: sr.h:114
uword * hmac_key_by_shared_secret
hmac key id by shared secret
Definition: sr.h:203
unsigned short u16
Definition: types.h:57
uword * policy_index_by_multicast_address
multicast address to policy mapping
Definition: sr.h:200
unsigned char u8
Definition: types.h:56
Segment Routing policy.
Definition: sr.h:149
vlib_node_registration_t sr_replicate_node
(constructor) VLIB_REGISTER_NODE (sr_replicate_node)
Definition: sr_replicate.c:449
ip6_sr_policy_t * policies
policy pool
Definition: sr.h:194
SR header struct.
Definition: sr_packet.h:177
ip6_address_t * dst_address
Definition: sr.h:93
u8 ** tunnel_names
tunnel names
Definition: sr.h:136
Shared secret for keyed-hash message authentication code (HMAC).
Definition: sr.h:79
Segment Routing state.
Definition: sr.h:182
u8 is_del
Delete the mapping.
Definition: sr.h:175
ip6_sr_main_t sr_main
Definition: sr.h:234
u32 ip6_rewrite_sr_next_index
ip6-rewrite next index for reinstalling the original dst address
Definition: sr.h:206