FD.io VPP  v19.01.1-17-ge106252
Vector Packet Processing
gbp_contract.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef __GBP_CONTRACT_H__
17 #define __GBP_CONTRACT_H__
18 
19 #include <plugins/gbp/gbp_types.h>
20 
21 /**
22  * The key for an Contract
23  */
24 typedef struct gbp_contract_key_t_
25 {
26  union
27  {
28  struct
29  {
30  /**
31  * source and destination EPGs for which the ACL applies
32  */
35  };
37  };
39 
40 typedef struct gbp_next_hop_t_
41 {
43  ip46_address_t gnh_ip;
52 
53 #define foreach_gbp_hash_mode \
54  _(SRC_IP, "src-ip") \
55  _(DST_IP, "dst-ip") \
56  _(SYMMETRIC, "symmetric")
57 
58 typedef enum gbp_hash_mode_t_
59 {
60 #define _(v,s) GBP_HASH_MODE_##v,
62 #undef _
64 
65 #define foreach_gbp_rule_action \
66  _(PERMIT, "permit") \
67  _(DENY, "deny") \
68  _(REDIRECT, "redirect")
69 
70 typedef enum gbp_rule_action_t_
71 {
72 #define _(v,s) GBP_RULE_##v,
74 #undef _
76 
77 #define foreach_gbp_policy_node \
78  _(L2, "L2") \
79  _(IP4, "ip4") \
80  _(IP6, "ip6")
81 
82 typedef enum gbp_policy_node_t_
83 {
84 #define _(v,s) GBP_POLICY_NODE_##v,
86 #undef _
88 #define GBP_POLICY_N_NODES (GBP_POLICY_NODE_IP6+1)
89 
90 #define FOR_EACH_GBP_POLICY_NODE(pnode) \
91  for (pnode = GBP_POLICY_NODE_L2; pnode < GBP_POLICY_N_NODES; pnode++)
92 
93 typedef struct gbp_rule_t_
94 {
98 
99  /**
100  * DPO of the load-balance object used to redirect
101  */
103 } gbp_rule_t;
104 
105 /**
106  * A Group Based Policy Contract.
107  * Determines the ACL that applies to traffic pass between two endpoint groups
108  */
109 typedef struct gbp_contract_t_
110 {
111  /**
112  * source and destination EPGs
113  */
115 
118 
119  /**
120  * The ACL to apply for packets from the source to the destination EPG
121  */
123 
124  /**
125  * An ethertype whitelist
126  */
129 
130 /**
131  * EPG src,dst pair to ACL mapping table, aka contract DB
132  */
133 typedef struct gbp_contract_db_t_
134 {
135  /**
136  * We can form a u64 key from the pair, so use a simple hash table
137  */
140 
141 extern int gbp_contract_update (epg_id_t src_epg,
143  u32 acl_index,
145 extern int gbp_contract_delete (epg_id_t src_epg, epg_id_t dst_epg);
146 
148  gbp_hash_mode_t hash_mode, index_t * nhs);
149 extern index_t gbp_next_hop_alloc (const ip46_address_t * ip,
150  index_t grd,
151  const mac_address_t * mac, index_t gbd);
152 
153 typedef int (*gbp_contract_cb_t) (gbp_contract_t * gbpe, void *ctx);
154 extern void gbp_contract_walk (gbp_contract_cb_t bgpe, void *ctx);
155 
156 extern u8 *format_gbp_contract (u8 * s, va_list * args);
157 
158 /**
159  * DP functions and databases
160  */
162 
165 {
166  uword *p;
167 
168  p = hash_get (gbp_contract_db.gc_hash, key->as_u32);
169 
170  if (NULL != p)
171  return (p[0]);
172 
173  return (INDEX_INVALID);
174 }
175 
177 
180 {
181  return (pool_elt_at_index (gbp_contract_pool, gci));
182 }
183 
184 extern gbp_rule_t *gbp_rule_pool;
185 
188 {
189  return (pool_elt_at_index (gbp_rule_pool, gui));
190 }
191 
192 #endif
193 
194 /*
195  * fd.io coding-style-patch-verification: ON
196  *
197  * Local Variables:
198  * eval: (c-set-style "gnu")
199  * End:
200  */
u16 * gc_allowed_ethertypes
An ethertype whitelist.
Definition: gbp_contract.h:127
u32 acl_index
Definition: gbp.api:295
u16 epg_id_t
Definition: gbp_types.h:21
gbp_contract_key_t gc_key
source and destination EPGs
Definition: gbp_contract.h:114
fib_node_t gnh_node
Definition: gbp_contract.h:42
struct gbp_next_hop_t_ gbp_next_hop_t
struct gbp_rule_t_ gbp_rule_t
struct gbp_contract_key_t_ gbp_contract_key_t
The key for an Contract.
#define NULL
Definition: clib.h:58
The key for an Contract.
Definition: gbp_contract.h:24
#define FIB_PROTOCOL_IP_MAX
Definition outside of enum so it does not need to be included in non-defaulted switch statements...
Definition: fib_types.h:58
ip46_address_t gnh_ip
Definition: gbp_contract.h:43
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:41
EPG src,dst pair to ACL mapping table, aka contract DB.
Definition: gbp_contract.h:133
static gbp_rule_t * gbp_rule_get(index_t gui)
Definition: gbp_contract.h:187
gbp_policy_node_t_
Definition: gbp_contract.h:82
gbp_rule_action_t_
Definition: gbp_contract.h:70
unsigned char u8
Definition: types.h:56
#define always_inline
Definition: clib.h:98
struct gbp_contract_db_t_ gbp_contract_db_t
EPG src,dst pair to ACL mapping table, aka contract DB.
void gbp_contract_walk(gbp_contract_cb_t bgpe, void *ctx)
Definition: gbp_contract.c:524
unsigned int u32
Definition: types.h:88
gbp_contract_db_t gbp_contract_db
DP functions and databases.
Definition: gbp_contract.c:29
u16 allowed_ethertypes[n_ether_types]
Definition: gbp.api:299
int gbp_contract_delete(epg_id_t src_epg, epg_id_t dst_epg)
Definition: gbp_contract.c:496
uword * gc_hash
We can form a u64 key from the pair, so use a simple hash table.
Definition: gbp_contract.h:138
gbp_hash_mode_t_
Definition: gbp_contract.h:58
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
Definition: dpo.h:168
#define hash_get(h, key)
Definition: hash.h:249
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:511
gbp_rule_t * gbp_rule_pool
Definition: gbp_contract.c:37
#define foreach_gbp_policy_node
Definition: gbp_contract.h:77
long ctx[MAX_CONNS]
Definition: main.c:144
index_t * gc_rules
The ACL to apply for packets from the source to the destination EPG.
Definition: gbp_contract.h:122
unsigned short u16
Definition: types.h:57
gbp_rule_action_t gu_action
Definition: gbp_contract.h:95
#define GBP_POLICY_N_NODES
Definition: gbp_contract.h:88
vl_api_gbp_next_hop_t nhs[8]
Definition: gbp.api:275
An node in the FIB graph.
Definition: fib_node.h:291
u8 * format_gbp_contract(u8 *s, va_list *args)
Definition: gbp_contract.c:606
enum gbp_hash_mode_t_ gbp_hash_mode_t
index_t gbp_next_hop_alloc(const ip46_address_t *ip, index_t grd, const mac_address_t *mac, index_t gbd)
Definition: gbp_contract.c:59
epg_id_t gck_src
source and destination EPGs for which the ACL applies
Definition: gbp_contract.h:33
vl_api_gbp_rule_t rules[n_rules]
Definition: gbp.api:297
mac_address_t gnh_mac
Definition: gbp_contract.h:44
struct gbp_contract_t_ gbp_contract_t
A Group Based Policy Contract.
static gbp_contract_t * gbp_contract_get(index_t gci)
Definition: gbp_contract.h:179
index_t gbp_rule_alloc(gbp_rule_action_t action, gbp_hash_mode_t hash_mode, index_t *nhs)
Definition: gbp_contract.c:44
enum gbp_rule_action_t_ gbp_rule_action_t
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:47
u64 uword
Definition: types.h:112
#define foreach_gbp_rule_action
Definition: gbp_contract.h:65
u16 dst_epg
Definition: gbp.api:294
#define foreach_gbp_hash_mode
Definition: gbp_contract.h:53
enum gbp_policy_node_t_ gbp_policy_node_t
gbp_hash_mode_t gu_hash_mode
Definition: gbp_contract.h:96
vl_api_mac_address_t mac
Definition: gbp.api:118
index_t * gu_nhs
Definition: gbp_contract.h:97
gbp_contract_t * gbp_contract_pool
Definition: gbp_contract.c:31
static index_t gbp_contract_find(gbp_contract_key_t *key)
Definition: gbp_contract.h:164
A Group Based Policy Contract.
Definition: gbp_contract.h:109
int gbp_contract_update(epg_id_t src_epg, epg_id_t dst_epg, u32 acl_index, index_t *rules, u16 *allowed_ethertypes)
Definition: gbp_contract.c:436
int(* gbp_contract_cb_t)(gbp_contract_t *gbpe, void *ctx)
Definition: gbp_contract.h:153