FD.io VPP  v19.04.2-12-g66b1689
Vector Packet Processing
fib_urpf_list.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @brief A unicast RPF list.
17  * The uRPF list is the set of interfaces that a prefix can be reached through.
18  * There are 3 levels of RPF check:
19  * - do we have any route to the source (i.e. it's not drop)
20  * - did the packet arrive on an interface that the source is reachable through
21  * - did the packet arrive from a peer that the source is reachable through
22  * we don't support the last. But it could be done by storing adjs in the uPRF
23  * list rather than interface indices.
24  *
25  * these conditions are checked against the list by:
26  * - the list is not empty
27  * - there is an interface in the list that is on the input interface.
28  * - there is an adj in the list whose MAC address matches the packet's
29  * source MAC and input interface.
30  *
31  * To speed the last two checks the interface list only needs to have the unique
32  * interfaces present. If the uRPF check was instead implemented by forward
33  * walking the DPO chain, then that walk would encounter a great deal of
34  * non-adjacency objects (i.e. load-balances, mpls-labels, etc) and potentially
35  * the same adjacency many times (esp. when UCMP is used).
36  * To that end the uRPF list is a collapsed, unique interface only list.
37  */
38 
39 #ifndef __FIB_URPF_LIST_H__
40 #define __FIB_URPF_LIST_H__
41 
42 #include <vnet/fib/fib_types.h>
43 #include <vnet/adj/adj.h>
44 
45 /**
46  * @brief flags
47  */
49 {
50  /**
51  * @brief Set to indicated that the uRPF list has already been baked.
52  * This is protection against it being baked more than once. These
53  * are not chunky fries - once is enough.
54  */
55  FIB_URPF_LIST_BAKED = (1 << 0),
57 
58 typedef struct fib_urpf_list_t_
59 {
60  /**
61  * The list of interfaces that comprise the allowed accepting interfaces
62  */
64 
65  /**
66  * flags
67  */
69 
70  /**
71  * uRPF lists are shared amongst many entries so we require a locking
72  * mechanism.
73  */
76 
78 extern void fib_urpf_list_unlock(index_t urpf);
79 extern void fib_urpf_list_lock(index_t urpf);
80 
81 extern void fib_urpf_list_append(index_t urpf, adj_index_t adj);
82 extern void fib_urpf_list_combine(index_t urpf1, index_t urpf2);
83 
84 extern void fib_urpf_list_bake(index_t urpf);
85 
86 extern u8 *format_fib_urpf_list(u8 *s, va_list *ap);
87 
88 extern void fib_urpf_list_show_mem(void);
89 
90 /**
91  * @brief pool of all fib_urpf_list
92  */
94 
95 static inline fib_urpf_list_t *
97 {
98  return (pool_elt_at_index(fib_urpf_list_pool, index));
99 }
100 
101 /**
102  * @brief Data-Plane function to check an input interface against an uRPF list
103  *
104  * @param ui The uRPF list index to check against. Get this from the load-balance
105  * object that is the result of the FIB lookup
106  * @param sw_if_index The SW interface index to validate
107  *
108  * @return 1 if the interface is found, 0 otherwise
109  */
110 always_inline int
112 {
113  fib_urpf_list_t *urpf;
114  u32 *swi;
115 
116  urpf = fib_urpf_list_get(ui);
117 
118  vec_foreach(swi, urpf->furpf_itfs)
119  {
120  if (*swi == sw_if_index)
121  return (1);
122  }
123 
124  return (0);
125 }
126 
127 /**
128  * @brief Data-Plane function to check the size of an uRPF list, (i.e. the number
129  * of interfaces in the list).
130  *
131  * @param ui The uRPF list index to check against. Get this from the load-balance
132  * object that is the result of the FIB lookup
133  *
134  * @return the number of interfaces in the list
135  */
136 always_inline int
138 {
139  fib_urpf_list_t *urpf;
140 
141  urpf = fib_urpf_list_get(ui);
142 
143  return (vec_len(urpf->furpf_itfs));
144 }
145 
146 #endif
u32 sw_if_index
Definition: ipsec_gre.api:37
void fib_urpf_list_show_mem(void)
static int fib_urpf_check_size(index_t ui)
Data-Plane function to check the size of an uRPF list, (i.e.
void fib_urpf_list_unlock(index_t urpf)
Definition: fib_urpf_list.c:68
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
Definition: dpo.h:41
static int fib_urpf_check(index_t ui, u32 sw_if_index)
Data-Plane function to check an input interface against an uRPF list.
unsigned char u8
Definition: types.h:56
#define always_inline
Definition: clib.h:98
static fib_urpf_list_t * fib_urpf_list_get(index_t index)
Definition: fib_urpf_list.h:96
enum fib_urpf_list_flag_t_ fib_urpf_list_flag_t
A unicast RPF list.
void fib_urpf_list_lock(index_t urpf)
Definition: fib_urpf_list.c:87
unsigned int u32
Definition: types.h:88
adj_index_t * furpf_itfs
The list of interfaces that comprise the allowed accepting interfaces.
Definition: fib_urpf_list.h:63
fib_urpf_list_flag_t furpf_flags
flags
Definition: fib_urpf_list.h:68
Set to indicated that the uRPF list has already been baked.
Definition: fib_urpf_list.h:55
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:514
void fib_urpf_list_append(index_t urpf, adj_index_t adj)
Append another interface to the list.
u8 * format_fib_urpf_list(u8 *s, va_list *ap)
Definition: fib_urpf_list.c:25
fib_urpf_list_t * fib_urpf_list_pool
pool of all fib_urpf_list
Definition: fib_urpf_list.c:22
u32 adj_index_t
An index for adjacencies.
Definition: adj_types.h:30
fib_urpf_list_flag_t_
A unicast RPF list.
Definition: fib_urpf_list.h:48
index_t fib_urpf_list_alloc_and_lock(void)
Definition: fib_urpf_list.c:55
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
u32 furpf_locks
uRPF lists are shared amongst many entries so we require a locking mechanism.
Definition: fib_urpf_list.h:74
void fib_urpf_list_bake(index_t urpf)
Convert the uRPF list from the itf set obtained during the walk to a unique list. ...
#define vec_foreach(var, vec)
Vector iterator.
void fib_urpf_list_combine(index_t urpf1, index_t urpf2)
Combine to interface lists.
struct fib_urpf_list_t_ fib_urpf_list_t