FD.io VPP  v17.01-9-ge7dcee4
Vector Packet Processing
ip4_whitelist.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include <vnet/cop/cop.h>
16 #include <vnet/fib/ip4_fib.h>
17 #include <vnet/dpo/load_balance.h>
18 
19 typedef struct {
23 
24 /* packet trace format function */
25 static u8 * format_ip4_cop_whitelist_trace (u8 * s, va_list * args)
26 {
27  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
28  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
30 
31  s = format (s, "IP4_COP_WHITELIST: sw_if_index %d, next index %d",
32  t->sw_if_index, t->next_index);
33  return s;
34 }
35 
37 
38 #define foreach_ip4_cop_whitelist_error \
39 _(DROPPED, "ip4 cop whitelist packets dropped")
40 
41 typedef enum {
42 #define _(sym,str) IP4_COP_WHITELIST_ERROR_##sym,
44 #undef _
47 
49 #define _(sym,string) string,
51 #undef _
52 };
53 
54 static uword
56  vlib_node_runtime_t * node,
57  vlib_frame_t * frame)
58 {
59  u32 n_left_from, * from, * to_next;
60  cop_feature_type_t next_index;
61  cop_main_t *cm = &cop_main;
63  u32 cpu_index = vm->cpu_index;
64 
65  from = vlib_frame_vector_args (frame);
66  n_left_from = frame->n_vectors;
67  next_index = node->cached_next_index;
68 
69  while (n_left_from > 0)
70  {
71  u32 n_left_to_next;
72 
73  vlib_get_next_frame (vm, node, next_index,
74  to_next, n_left_to_next);
75 
76  while (n_left_from >= 4 && n_left_to_next >= 2)
77  {
78  u32 bi0, bi1;
79  vlib_buffer_t * b0, * b1;
80  u32 next0, next1;
81  u32 sw_if_index0, sw_if_index1;
82  ip4_header_t * ip0, * ip1;
83  cop_config_main_t * ccm0, * ccm1;
84  cop_config_data_t * c0, * c1;
85  ip4_fib_mtrie_t * mtrie0, * mtrie1;
86  ip4_fib_mtrie_leaf_t leaf0, leaf1;
87  u32 lb_index0, lb_index1;
88  const load_balance_t * lb0, *lb1;
89  const dpo_id_t *dpo0, *dpo1;
90 
91  /* Prefetch next iteration. */
92  {
93  vlib_buffer_t * p2, * p3;
94 
95  p2 = vlib_get_buffer (vm, from[2]);
96  p3 = vlib_get_buffer (vm, from[3]);
97 
98  vlib_prefetch_buffer_header (p2, LOAD);
99  vlib_prefetch_buffer_header (p3, LOAD);
100 
103  }
104 
105  /* speculatively enqueue b0 and b1 to the current next frame */
106  to_next[0] = bi0 = from[0];
107  to_next[1] = bi1 = from[1];
108  from += 2;
109  to_next += 2;
110  n_left_from -= 2;
111  n_left_to_next -= 2;
112 
113  b0 = vlib_get_buffer (vm, bi0);
114  sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
115 
116  ip0 = vlib_buffer_get_current (b0);
117 
118  ccm0 = cm->cop_config_mains + VNET_COP_IP4;
119 
121  (&ccm0->config_main,
122  &vnet_buffer (b0)->cop.current_config_index,
123  &next0,
124  sizeof (c0[0]));
125 
126  mtrie0 = &ip4_fib_get (c0->fib_index)->mtrie;
127 
128  leaf0 = IP4_FIB_MTRIE_LEAF_ROOT;
129 
130  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
131  &ip0->src_address, 0);
132 
133  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
134  &ip0->src_address, 1);
135 
136  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
137  &ip0->src_address, 2);
138 
139  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
140  &ip0->src_address, 3);
141 
142  lb_index0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
143 
144  ASSERT (lb_index0
146  &ip0->src_address));
147  lb0 = load_balance_get (lb_index0);
148  dpo0 = load_balance_get_bucket_i(lb0, 0);
149 
150  if (PREDICT_FALSE(dpo0->dpoi_type != DPO_RECEIVE))
151  {
152  b0->error = node->errors[IP4_COP_WHITELIST_ERROR_DROPPED];
153  next0 = RX_COP_DROP;
154  }
155 
156  b1 = vlib_get_buffer (vm, bi1);
157  sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX];
158 
159  ip1 = vlib_buffer_get_current (b1);
160 
161  ccm1 = cm->cop_config_mains + VNET_COP_IP4;
162 
164  (&ccm1->config_main,
165  &vnet_buffer (b1)->cop.current_config_index,
166  &next1,
167  sizeof (c1[0]));
168  mtrie1 = &ip4_fib_get (c1->fib_index)->mtrie;
169 
170  leaf1 = IP4_FIB_MTRIE_LEAF_ROOT;
171 
172  leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1,
173  &ip1->src_address, 0);
174 
175  leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1,
176  &ip1->src_address, 1);
177 
178  leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1,
179  &ip1->src_address, 2);
180 
181  leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1,
182  &ip1->src_address, 3);
183 
184  lb_index1 = ip4_fib_mtrie_leaf_get_adj_index (leaf1);
185  ASSERT (lb_index1
187  &ip1->src_address));
188  lb1 = load_balance_get (lb_index1);
189  dpo1 = load_balance_get_bucket_i(lb1, 0);
190 
192  (vcm, cpu_index, lb_index0, 1,
194  + sizeof(ethernet_header_t));
195 
197  (vcm, cpu_index, lb_index1, 1,
199  + sizeof(ethernet_header_t));
200 
201 
202  if (PREDICT_FALSE(dpo1->dpoi_type != DPO_RECEIVE))
203  {
204  b1->error = node->errors[IP4_COP_WHITELIST_ERROR_DROPPED];
205  next1 = RX_COP_DROP;
206  }
207 
209  && (b0->flags & VLIB_BUFFER_IS_TRACED)))
210  {
212  vlib_add_trace (vm, node, b0, sizeof (*t));
213  t->sw_if_index = sw_if_index0;
214  t->next_index = next0;
215  }
216 
218  && (b1->flags & VLIB_BUFFER_IS_TRACED)))
219  {
221  vlib_add_trace (vm, node, b1, sizeof (*t));
222  t->sw_if_index = sw_if_index1;
223  t->next_index = next1;
224  }
225 
226  /* verify speculative enqueues, maybe switch current next frame */
227  vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
228  to_next, n_left_to_next,
229  bi0, bi1, next0, next1);
230  }
231 
232  while (n_left_from > 0 && n_left_to_next > 0)
233  {
234  u32 bi0;
235  vlib_buffer_t * b0;
236  u32 next0;
237  u32 sw_if_index0;
238  ip4_header_t * ip0;
239  cop_config_main_t *ccm0;
240  cop_config_data_t *c0;
241  ip4_fib_mtrie_t * mtrie0;
242  ip4_fib_mtrie_leaf_t leaf0;
243  u32 lb_index0;
244  const load_balance_t * lb0;
245  const dpo_id_t *dpo0;
246 
247  /* speculatively enqueue b0 to the current next frame */
248  bi0 = from[0];
249  to_next[0] = bi0;
250  from += 1;
251  to_next += 1;
252  n_left_from -= 1;
253  n_left_to_next -= 1;
254 
255  b0 = vlib_get_buffer (vm, bi0);
256  sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
257 
258  ip0 = vlib_buffer_get_current (b0);
259 
260  ccm0 = cm->cop_config_mains + VNET_COP_IP4;
261 
263  (&ccm0->config_main,
264  &vnet_buffer (b0)->cop.current_config_index,
265  &next0,
266  sizeof (c0[0]));
267 
268  mtrie0 = &ip4_fib_get (c0->fib_index)->mtrie;
269 
270  leaf0 = IP4_FIB_MTRIE_LEAF_ROOT;
271 
272  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
273  &ip0->src_address, 0);
274 
275  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
276  &ip0->src_address, 1);
277 
278  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
279  &ip0->src_address, 2);
280 
281  leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0,
282  &ip0->src_address, 3);
283 
284  lb_index0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
285 
286  ASSERT (lb_index0
288  &ip0->src_address));
289 
290  lb0 = load_balance_get (lb_index0);
291  dpo0 = load_balance_get_bucket_i(lb0, 0);
292 
294  (vcm, cpu_index, lb_index0, 1,
296  + sizeof(ethernet_header_t));
297 
298  if (PREDICT_FALSE(dpo0->dpoi_type != DPO_RECEIVE))
299  {
300  b0->error = node->errors[IP4_COP_WHITELIST_ERROR_DROPPED];
301  next0 = RX_COP_DROP;
302  }
303 
305  && (b0->flags & VLIB_BUFFER_IS_TRACED)))
306  {
308  vlib_add_trace (vm, node, b0, sizeof (*t));
309  t->sw_if_index = sw_if_index0;
310  t->next_index = next0;
311  }
312 
313  /* verify speculative enqueue, maybe switch current next frame */
314  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
315  to_next, n_left_to_next,
316  bi0, next0);
317  }
318 
319  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
320  }
321  return frame->n_vectors;
322 }
323 
325  .function = ip4_cop_whitelist_node_fn,
326  .name = "ip4-cop-whitelist",
327  .vector_size = sizeof (u32),
328  .format_trace = format_ip4_cop_whitelist_trace,
330 
332  .error_strings = ip4_cop_whitelist_error_strings,
333 
334  .n_next_nodes = COP_RX_N_FEATURES,
335 
336  /* edit / add dispositions here */
337  .next_nodes = {
338  [IP4_RX_COP_WHITELIST] = "ip4-cop-whitelist",
339  [IP6_RX_COP_WHITELIST] = "ip6-cop-whitelist",
340  [DEFAULT_RX_COP_WHITELIST] = "default-cop-whitelist",
341  [IP4_RX_COP_INPUT] = "ip4-input",
342  [IP6_RX_COP_INPUT] = "ip6-input",
343  [DEFAULT_RX_COP_INPUT] = "ethernet-input",
344  [RX_COP_DROP] = "error-drop",
345  },
346 };
347 
349 
350 static clib_error_t *
352 {
353  return 0;
354 }
355 
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
Definition: main.c:459
#define CLIB_UNUSED(x)
Definition: clib.h:79
cop_config_main_t cop_config_mains[VNET_N_COPS]
Definition: cop.h:66
ip4_address_t src_address
Definition: ip4_packet.h:163
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
#define foreach_ip4_cop_whitelist_error
Definition: ip4_whitelist.c:38
struct _vlib_node_registration vlib_node_registration_t
vlib_error_t * errors
Definition: node.h:419
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
Definition: buffer_funcs.h:100
static u8 * format_ip4_cop_whitelist_trace(u8 *s, va_list *args)
Definition: ip4_whitelist.c:25
static ip4_fib_mtrie_leaf_t ip4_fib_mtrie_lookup_step(ip4_fib_mtrie_t *m, ip4_fib_mtrie_leaf_t current_leaf, const ip4_address_t *dst_address, u32 dst_address_byte_index)
Definition: ip4_mtrie.h:164
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:111
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:194
u32 ip4_fib_mtrie_leaf_t
Definition: ip4_mtrie.h:52
u32 cpu_index
Definition: main.h:159
static u32 ip4_fib_mtrie_leaf_get_adj_index(ip4_fib_mtrie_leaf_t n)
Definition: ip4_mtrie.h:76
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
Definition: dpo.h:138
static char * ip4_cop_whitelist_error_strings[]
Definition: ip4_whitelist.c:48
dpo_type_t dpoi_type
the type
Definition: dpo.h:142
static const dpo_id_t * load_balance_get_bucket_i(const load_balance_t *lb, u32 bucket)
Definition: load_balance.h:194
cop_feature_type_t
Definition: cop.h:39
static void * vnet_get_config_data(vnet_config_main_t *cm, u32 *config_index, u32 *next_index, u32 n_data_bytes)
Definition: config.h:122
The FIB DPO provieds;.
Definition: load_balance.h:83
#define PREDICT_FALSE(x)
Definition: clib.h:97
load_balance_main_t load_balance_main
The one instance of load-balance main.
Definition: load_balance.c:55
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
Definition: buffer_node.h:70
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:216
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:350
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:121
vlib_node_registration_t ip4_cop_whitelist_node
(constructor) VLIB_REGISTER_NODE (ip4_cop_whitelist_node)
Definition: ip4_whitelist.c:36
u16 n_vectors
Definition: node.h:344
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:82
static ip4_fib_t * ip4_fib_get(u32 index)
Get the FIB at the given index.
Definition: ip4_fib.h:71
#define ARRAY_LEN(x)
Definition: clib.h:59
cop_main_t cop_main
Definition: cop.c:17
vlib_combined_counter_main_t lbm_via_counters
Definition: load_balance.h:46
u16 cached_next_index
Definition: node.h:463
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 cpu_index, u32 index, u32 packet_increment, u32 byte_increment)
Increment a combined counter.
Definition: counter.h:241
#define ASSERT(truth)
#define IP4_FIB_MTRIE_LEAF_ROOT
Definition: ip4_mtrie.h:55
unsigned int u32
Definition: types.h:88
#define vnet_buffer(b)
Definition: buffer.h:361
static load_balance_t * load_balance_get(index_t lbi)
Definition: load_balance.h:185
#define VLIB_NODE_FLAG_TRACE
Definition: node.h:259
#define VLIB_BUFFER_IS_TRACED
Definition: buffer.h:95
u64 uword
Definition: types.h:112
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace_funcs.h:55
ip4_cop_whitelist_error_t
Definition: ip4_whitelist.c:41
unsigned char u8
Definition: types.h:56
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:253
ip4_fib_mtrie_t mtrie
Definition: ip4.h:54
static clib_error_t * ip4_whitelist_init(vlib_main_t *vm)
A collection of combined counters.
Definition: counter.h:212
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
Definition: buffer.h:170
#define VLIB_NODE_FUNCTION_MULTIARCH(node, fn)
Definition: node.h:158
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:143
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:418
u8 data[0]
Packet data.
Definition: buffer.h:158
index_t ip4_fib_table_lookup_lb(ip4_fib_t *fib, const ip4_address_t *addr)
Definition: ip4_fib.c:261
Definition: cop.h:65
#define CLIB_CACHE_LINE_BYTES
Definition: cache.h:67
u32 flags
buffer flags: VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:85
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:57
static uword ip4_cop_whitelist_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip4_whitelist.c:55
u32 fib_index
Definition: cop.h:62
Definition: defs.h:46
vnet_config_main_t config_main
Definition: cop.h:57