FD.io VPP  v19.04.4-rc0-5-ge88582fac
Vector Packet Processing
abf_policy.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2017 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <plugins/abf/abf_policy.h>
17 
18 #include <vlib/vlib.h>
19 #include <vnet/plugin/plugin.h>
20 #include <vnet/fib/fib_path_list.h>
21 #include <vnet/fib/fib_walk.h>
22 
23 /**
24  * FIB node type the attachment is registered
25  */
26 fib_node_type_t abf_policy_fib_node_type;
27 
28 /**
29  * Pool of ABF objects
30  */
31 static abf_policy_t *abf_policy_pool;
32 
33 /**
34  * DB of ABF policy objects
35  * - policy ID to index conversion.
36  */
37 static uword *abf_policy_db;
38 
39 
40 abf_policy_t *
41 abf_policy_get (u32 index)
42 {
43  return (pool_elt_at_index (abf_policy_pool, index));
44 }
45 
46 static u32
47 abf_policy_get_index (const abf_policy_t * abf)
48 {
49  return (abf - abf_policy_pool);
50 }
51 
52 static abf_policy_t *
53 abf_policy_find_i (u32 policy_id)
54 {
55  u32 api;
56 
57  api = abf_policy_find (policy_id);
58 
59  if (INDEX_INVALID != api)
60  return (abf_policy_get (api));
61 
62  return (NULL);
63 }
64 
65 u32
66 abf_policy_find (u32 policy_id)
67 {
68  uword *p;
69 
70  p = hash_get (abf_policy_db, policy_id);
71 
72  if (NULL != p)
73  return (p[0]);
74 
75  return (INDEX_INVALID);
76 }
77 
78 
79 void
80 abf_policy_update (u32 policy_id,
81  u32 acl_index, const fib_route_path_t * rpaths)
82 {
83  abf_policy_t *ap;
84  u32 api;
85 
86  api = abf_policy_find (policy_id);
87 
88  if (INDEX_INVALID == api)
89  {
90  /*
91  * create a new policy
92  */
93  pool_get (abf_policy_pool, ap);
94 
95  api = ap - abf_policy_pool;
96  fib_node_init (&ap->ap_node, abf_policy_fib_node_type);
97  ap->ap_acl = acl_index;
98  ap->ap_id = policy_id;
99  ap->ap_pl = fib_path_list_create ((FIB_PATH_LIST_FLAG_SHARED |
100  FIB_PATH_LIST_FLAG_NO_URPF), rpaths);
101 
102  /*
103  * become a child of the path list so we get poked when
104  * the forwarding changes.
105  */
106  ap->ap_sibling = fib_path_list_child_add (ap->ap_pl,
107  abf_policy_fib_node_type,
108  api);
109 
110  /*
111  * add this new policy to the DB
112  */
113  hash_set (abf_policy_db, policy_id, api);
114 
115  /*
116  * take a lock on behalf of the CLI/API creation
117  */
118  fib_node_lock (&ap->ap_node);
119  }
120  else
121  {
122  /*
123  * update an existing policy.
124  * - add the path to the path-list and swap our ancestry
125  * - backwalk to poke all attachments to update
126  */
127  fib_node_index_t old_pl;
128 
129  ap = abf_policy_get (api);
130  old_pl = ap->ap_pl;
131 
132  if (FIB_NODE_INDEX_INVALID != old_pl)
133  {
134  ap->ap_pl = fib_path_list_copy_and_path_add (old_pl,
135  (FIB_PATH_LIST_FLAG_SHARED
136  |
137  FIB_PATH_LIST_FLAG_NO_URPF),
138  rpaths);
139  fib_path_list_child_remove (old_pl, ap->ap_sibling);
140  }
141  else
142  {
143  ap->ap_pl = fib_path_list_create ((FIB_PATH_LIST_FLAG_SHARED |
144  FIB_PATH_LIST_FLAG_NO_URPF),
145  rpaths);
146  }
147 
148  ap->ap_sibling = fib_path_list_child_add (ap->ap_pl,
149  abf_policy_fib_node_type,
150  api);
151 
152  fib_node_back_walk_ctx_t ctx = {
153  .fnbw_reason = FIB_NODE_BW_REASON_FLAG_EVALUATE,
154  };
155 
156  fib_walk_sync (abf_policy_fib_node_type, api, &ctx);
157  }
158 }
159 
160 static void
161 abf_policy_destroy (abf_policy_t * ap)
162 {
163  /*
164  * this ABF should not be a sibling on the path list, since
165  * that was removed when the API config went
166  */
167  ASSERT (ap->ap_sibling == ~0);
168  ASSERT (ap->ap_pl == FIB_NODE_INDEX_INVALID);
169 
170  hash_unset (abf_policy_db, ap->ap_id);
171  pool_put (abf_policy_pool, ap);
172 }
173 
174 int
175 abf_policy_delete (u32 policy_id, const fib_route_path_t * rpaths)
176 {
177  abf_policy_t *ap;
178  u32 api;
179 
180  api = abf_policy_find (policy_id);
181 
182  if (INDEX_INVALID == api)
183  {
184  /*
185  * no such policy
186  */
187  return (-1);
188  }
189  else
190  {
191  /*
192  * update an existing policy.
193  * - add the path to the path-list and swap our ancestry
194  * - backwalk to poke all attachments to update
195  */
196  fib_node_index_t old_pl;
197 
198  ap = abf_policy_get (api);
199  old_pl = ap->ap_pl;
200 
201  fib_path_list_lock (old_pl);
202  ap->ap_pl =
203  fib_path_list_copy_and_path_remove (ap->ap_pl,
204  (FIB_PATH_LIST_FLAG_SHARED |
205  FIB_PATH_LIST_FLAG_NO_URPF),
206  rpaths);
207 
208  fib_path_list_child_remove (old_pl, ap->ap_sibling);
209  ap->ap_sibling = ~0;
210 
211  if (FIB_NODE_INDEX_INVALID == ap->ap_pl)
212  {
213  /*
214  * no more paths on this policy. It's toast
215  * remove the CLI/API's lock
216  */
217  fib_node_unlock (&ap->ap_node);
218  }
219  else
220  {
221  ap->ap_sibling = fib_path_list_child_add (ap->ap_pl,
222  abf_policy_fib_node_type,
223  api);
224 
225  fib_node_back_walk_ctx_t ctx = {
226  .fnbw_reason = FIB_NODE_BW_REASON_FLAG_EVALUATE,
227  };
228 
229  fib_walk_sync (abf_policy_fib_node_type, api, &ctx);
230  }
231  fib_path_list_unlock (old_pl);
232  }
233 
234  return (0);
235 }
236 
237 static clib_error_t *
238 abf_policy_cmd (vlib_main_t * vm,
239  unformat_input_t * main_input, vlib_cli_command_t * cmd)
240 {
241  unformat_input_t _line_input, *line_input = &_line_input;
242  u32 acl_index, policy_id;
243  fib_route_path_t *rpaths = NULL, rpath;
244  u32 is_del;
245 
246  is_del = 0;
247  acl_index = INDEX_INVALID;
248  policy_id = INDEX_INVALID;
249 
250  /* Get a line of input. */
251  if (!unformat_user (main_input, unformat_line_input, line_input))
252  return 0;
253 
254  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
255  {
256  if (unformat (line_input, "acl %d", &acl_index))
257  ;
258  else if (unformat (line_input, "id %d", &policy_id))
259  ;
260  else if (unformat (line_input, "del"))
261  is_del = 1;
262  else if (unformat (line_input, "add"))
263  is_del = 0;
264  else if (unformat (line_input, "via %U",
265  unformat_fib_route_path, &rpath))
266  vec_add1 (rpaths, rpath);
267  else
268  return (clib_error_return (0, "unknown input '%U'",
269  format_unformat_error, line_input));
270  }
271 
272  if (INDEX_INVALID == policy_id)
273  {
274  vlib_cli_output (vm, "Specify a Policy ID");
275  return 0;
276  }
277 
278  if (!is_del)
279  {
280  if (INDEX_INVALID == acl_index)
281  {
282  vlib_cli_output (vm, "ACL index must be set");
283  return 0;
284  }
285 
286  abf_policy_update (policy_id, acl_index, rpaths);
287  }
288  else
289  {
290  abf_policy_delete (policy_id, rpaths);
291  }
292 
293  unformat_free (line_input);
294  return (NULL);
295 }
296 
297 /* *INDENT-OFF* */
298 /**
299  * Create an ABF policy.
300  */
301 VLIB_CLI_COMMAND (abf_policy_cmd_node, static) = {
302  .path = "abf policy",
303  .function = abf_policy_cmd,
304  .short_help = "abf policy [add|del] id <index> acl <index> via ...",
305  .is_mp_safe = 1,
306 };
307 /* *INDENT-ON* */
308 
309 static u8 *
310 format_abf (u8 * s, va_list * args)
311 {
312  abf_policy_t *ap = va_arg (*args, abf_policy_t *);
313 
314  s = format (s, "abf:[%d]: policy:%d acl:%d",
315  ap - abf_policy_pool, ap->ap_id, ap->ap_acl);
316  s = format (s, "\n ");
317  if (FIB_NODE_INDEX_INVALID == ap->ap_pl)
318  {
319  s = format (s, "no forwarding");
320  }
321  else
322  {
323  s = fib_path_list_format (ap->ap_pl, s);
324  }
325 
326  return (s);
327 }
328 
329 void
330 abf_policy_walk (abf_policy_walk_cb_t cb, void *ctx)
331 {
332  u32 api;
333 
334  /* *INDENT-OFF* */
335  pool_foreach_index(api, abf_policy_pool,
336  ({
337  if (!cb(api, ctx))
338  break;
339  }));
340  /* *INDENT-ON* */
341 }
342 
343 static clib_error_t *
344 abf_show_policy_cmd (vlib_main_t * vm,
345  unformat_input_t * input, vlib_cli_command_t * cmd)
346 {
347  u32 policy_id;
348  abf_policy_t *ap;
349 
350  policy_id = INDEX_INVALID;
351 
352  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
353  {
354  if (unformat (input, "%d", &policy_id))
355  ;
356  else
357  return (clib_error_return (0, "unknown input '%U'",
358  format_unformat_error, input));
359  }
360 
361  if (INDEX_INVALID == policy_id)
362  {
363  /* *INDENT-OFF* */
364  pool_foreach(ap, abf_policy_pool,
365  ({
366  vlib_cli_output(vm, "%U", format_abf, ap);
367  }));
368  /* *INDENT-ON* */
369  }
370  else
371  {
372  ap = abf_policy_find_i (policy_id);
373 
374  if (NULL != ap)
375  vlib_cli_output (vm, "%U", format_abf, ap);
376  else
377  vlib_cli_output (vm, "Invalid policy ID:%d", policy_id);
378  }
379 
380  return (NULL);
381 }
382 
383 /* *INDENT-OFF* */
384 VLIB_CLI_COMMAND (abf_policy_show_policy_cmd_node, static) = {
385  .path = "show abf policy",
386  .function = abf_show_policy_cmd,
387  .short_help = "show abf policy <value>",
388  .is_mp_safe = 1,
389 };
390 /* *INDENT-ON* */
391 
392 static fib_node_t *
393 abf_policy_get_node (fib_node_index_t index)
394 {
395  abf_policy_t *ap = abf_policy_get (index);
396  return (&(ap->ap_node));
397 }
398 
399 static abf_policy_t *
400 abf_policy_get_from_node (fib_node_t * node)
401 {
402  return ((abf_policy_t *) (((char *) node) -
403  STRUCT_OFFSET_OF (abf_policy_t, ap_node)));
404 }
405 
406 static void
407 abf_policy_last_lock_gone (fib_node_t * node)
408 {
409  abf_policy_destroy (abf_policy_get_from_node (node));
410 }
411 
412 /*
413  * A back walk has reached this ABF policy
414  */
415 static fib_node_back_walk_rc_t
416 abf_policy_back_walk_notify (fib_node_t * node,
417  fib_node_back_walk_ctx_t * ctx)
418 {
419  /*
420  * re-stack the fmask on the n-eos of the via
421  */
422  abf_policy_t *abf = abf_policy_get_from_node (node);
423 
424  /*
425  * propagate further up the graph.
426  * we can do this synchronously since the fan out is small.
427  */
428  fib_walk_sync (abf_policy_fib_node_type, abf_policy_get_index (abf), ctx);
429 
430  return (FIB_NODE_BACK_WALK_CONTINUE);
431 }
432 
433 /*
434  * The BIER fmask's graph node virtual function table
435  */
436 static const fib_node_vft_t abf_policy_vft = {
437  .fnv_get = abf_policy_get_node,
438  .fnv_last_lock = abf_policy_last_lock_gone,
439  .fnv_back_walk = abf_policy_back_walk_notify,
440 };
441 
442 static clib_error_t *
443 abf_policy_init (vlib_main_t * vm)
444 {
445  abf_policy_fib_node_type = fib_node_register_new_type (&abf_policy_vft);
446 
447  return (NULL);
448 }
449 
450 VLIB_INIT_FUNCTION (abf_policy_init);
451 
452 /*
453  * fd.io coding-style-patch-verification: ON
454  *
455  * Local Variables:
456  * eval: (c-set-style "gnu")
457  * End:
458  */
abf_policy_get_from_node
static abf_policy_t * abf_policy_get_from_node(fib_node_t *node)
Definition: abf_policy.c:400
acl_index
u32 acl_index
Definition: gbp.api:304
api
import vnet fib fib_types api
Definition: bier.api:22
abf_policy_find_i
static abf_policy_t * abf_policy_find_i(u32 policy_id)
Definition: abf_policy.c:53
abf_policy_get_index
static u32 abf_policy_get_index(const abf_policy_t *abf)
Definition: abf_policy.c:47
hash_set
#define hash_set(h, key, value)
Definition: hash.h:255
fib_path_list_copy_and_path_remove
fib_node_index_t fib_path_list_copy_and_path_remove(fib_node_index_t orig_path_list_index, fib_path_list_flags_t flags, const fib_route_path_t *rpath)
Definition: fib_path_list.c:1035
abf_policy_db
static uword * abf_policy_db
DB of ABF policy objects.
Definition: abf_policy.c:37
fib_path_list_child_remove
void fib_path_list_child_remove(fib_node_index_t path_list_index, u32 si)
Definition: fib_path_list.c:1285
hash_unset
#define hash_unset(h, key)
Definition: hash.h:261
abf_policy_back_walk_notify
static fib_node_back_walk_rc_t abf_policy_back_walk_notify(fib_node_t *node, fib_node_back_walk_ctx_t *ctx)
Definition: abf_policy.c:416
fib_route_path_t_
A representation of a path as described by a route producer.
Definition: fib_types.h:476
abf_policy_t_::ap_id
u32 ap_id
The policy ID - as configured by the client.
Definition: abf_policy.h:58
fib_node_init
void fib_node_init(fib_node_t *node, fib_node_type_t type)
Definition: fib_node.c:185
unformat_fib_route_path
uword unformat_fib_route_path(unformat_input_t *input, va_list *args)
Unformat a fib_route_path_t from CLI input.
Definition: fib_types.c:441
abf_policy_get
abf_policy_t * abf_policy_get(u32 index)
Get an ABF object from its VPP index.
Definition: abf_policy.c:41
NULL
#define NULL
Definition: clib.h:58
fib_node_back_walk_rc_t
enum fib_node_back_walk_rc_t_ fib_node_back_walk_rc_t
Return code from a back walk function.
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:522
FIB_PATH_LIST_FLAG_SHARED
Definition: fib_path_list.h:81
unformat_user
uword unformat_user(unformat_input_t *input, unformat_function_t *func,...)
Definition: unformat.c:983
STRUCT_OFFSET_OF
#define STRUCT_OFFSET_OF(t, f)
Definition: clib.h:65
format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
FIB_NODE_BACK_WALK_CONTINUE
Definition: fib_node.h:249
abf_policy_get_node
static fib_node_t * abf_policy_get_node(fib_node_index_t index)
Definition: abf_policy.c:393
abf_policy_fib_node_type
fib_node_type_t abf_policy_fib_node_type
FIB node type the attachment is registered.
Definition: abf_policy.c:26
pool_get
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:236
fib_path_list_child_add
u32 fib_path_list_child_add(fib_node_index_t path_list_index, fib_node_type_t child_type, fib_node_index_t child_index)
Definition: fib_path_list.c:1246
u8
unsigned char u8
Definition: types.h:56
fib_node_register_new_type
fib_node_type_t fib_node_register_new_type(const fib_node_vft_t *vft)
Create a new FIB node type and Register the function table for it.
Definition: fib_node.c:80
pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:493
VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:163
abf_policy_cmd
static clib_error_t * abf_policy_cmd(vlib_main_t *vm, unformat_input_t *main_input, vlib_cli_command_t *cmd)
Definition: abf_policy.c:238
fib_walk_sync
void fib_walk_sync(fib_node_type_t parent_type, fib_node_index_t parent_index, fib_node_back_walk_ctx_t *ctx)
Back walk all the children of a FIB node.
Definition: fib_walk.c:745
abf_policy_t_::ap_sibling
u32 ap_sibling
Sibling index on the path-list.
Definition: abf_policy.h:53
fib_walk.h
clib_error_return
#define clib_error_return(e, args...)
Definition: error.h:99
u32
unsigned int u32
Definition: types.h:88
format_abf
static u8 * format_abf(u8 *s, va_list *args)
Definition: abf_policy.c:310
unformat_line_input
unformat_function_t unformat_line_input
Definition: format.h:282
abf_policy_find
u32 abf_policy_find(u32 policy_id)
Find a ABF object from the client&#39;s policy ID.
Definition: abf_policy.c:66
fib_path_list_copy_and_path_add
fib_node_index_t fib_path_list_copy_and_path_add(fib_node_index_t orig_path_list_index, fib_path_list_flags_t flags, const fib_route_path_t *rpaths)
Definition: fib_path_list.c:882
abf_policy_destroy
static void abf_policy_destroy(abf_policy_t *ap)
Definition: abf_policy.c:161
abf_policy_update
void abf_policy_update(u32 policy_id, u32 acl_index, const fib_route_path_t *rpaths)
Create or update an ABF Policy.
Definition: abf_policy.c:80
hash_get
#define hash_get(h, key)
Definition: hash.h:249
pool_elt_at_index
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:514
fib_path_list_create
fib_node_index_t fib_path_list_create(fib_path_list_flags_t flags, const fib_route_path_t *rpaths)
Definition: fib_path_list.c:684
fib_node_lock
void fib_node_lock(fib_node_t *node)
Definition: fib_node.c:203
ctx
long ctx[MAX_CONNS]
Definition: main.c:144
abf_policy_walk_cb_t
int(* abf_policy_walk_cb_t)(index_t index, void *ctx)
Callback function invoked during a walk of all policies.
Definition: abf_policy.h:102
unformat_input_t
struct _unformat_input_t unformat_input_t
pool_put
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:286
fib_path_list_lock
void fib_path_list_lock(fib_node_index_t path_list_index)
Definition: fib_path_list.c:1294
abf_policy_walk
void abf_policy_walk(abf_policy_walk_cb_t cb, void *ctx)
Walk/visit each of the ABF policies.
Definition: abf_policy.c:330
fib_node_t_
An node in the FIB graph.
Definition: fib_node.h:291
fib_node_unlock
void fib_node_unlock(fib_node_t *node)
Definition: fib_node.c:209
abf_policy_last_lock_gone
static void abf_policy_last_lock_gone(fib_node_t *node)
Definition: abf_policy.c:407
abf_policy_t_::ap_pl
fib_node_index_t ap_pl
The path-list describing how to forward in case of a match.
Definition: abf_policy.h:48
UNFORMAT_END_OF_INPUT
#define UNFORMAT_END_OF_INPUT
Definition: format.h:144
FIB_PATH_LIST_FLAG_NO_URPF
Definition: fib_path_list.h:88
vm
vlib_main_t * vm
Definition: buffer.c:312
fib_node_vft_t_::fnv_get
fib_node_get_t fnv_get
Definition: fib_node.h:279
fib_node_index_t
u32 fib_node_index_t
A typedef of a node index.
Definition: fib_types.h:30
fib_path_list_unlock
void fib_path_list_unlock(fib_node_index_t path_list_index)
Definition: fib_path_list.c:1307
fib_node_back_walk_ctx_t_
Context passed between object during a back walk.
Definition: fib_node.h:204
VLIB_CLI_COMMAND
#define VLIB_CLI_COMMAND(x,...)
Definition: cli.h:155
fib_path_list.h
ASSERT
#define ASSERT(truth)
Definition: error_bootstrap.h:69
abf_policy_t_
An ACL based Forwarding &#39;policy&#39;.
Definition: abf_policy.h:33
abf_policy_t_::ap_acl
u32 ap_acl
ACL index to match.
Definition: abf_policy.h:43
clib_error_t
Definition: clib_error.h:21
abf_policy_init
static clib_error_t * abf_policy_init(vlib_main_t *vm)
Definition: abf_policy.c:443
abf_policy.h
FIB_NODE_INDEX_INVALID
#define FIB_NODE_INDEX_INVALID
Definition: fib_types.h:31
INDEX_INVALID
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
Definition: dpo.h:47
vlib_main_t
Definition: main.h:68
fib_path_list_format
u8 * fib_path_list_format(fib_node_index_t path_list_index, u8 *s)
Definition: fib_path_list.c:169
uword
u64 uword
Definition: types.h:112
unformat_free
static void unformat_free(unformat_input_t *i)
Definition: format.h:162
vlib_cli_command_t
Definition: cli.h:91
fib_node_vft_t_
A FIB graph nodes virtual function table.
Definition: fib_node.h:278
fib_node_type_t
enum fib_node_type_t_ fib_node_type_t
The types of nodes in a FIB graph.
format_unformat_error
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
abf_policy_delete
int abf_policy_delete(u32 policy_id, const fib_route_path_t *rpaths)
Delete paths from an ABF Policy.
Definition: abf_policy.c:175
abf_policy_t_::ap_node
fib_node_t ap_node
Linkage into the FIB graph.
Definition: abf_policy.h:38
abf_show_policy_cmd
static clib_error_t * abf_show_policy_cmd(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: abf_policy.c:344
pool_foreach_index
#define pool_foreach_index(i, v, body)
Iterate pool by index.
Definition: pool.h:538
abf_policy_pool
static abf_policy_t * abf_policy_pool
Pool of ABF objects.
Definition: abf_policy.c:31
vlib_cli_output
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
Definition: cli.c:762
FIB_NODE_BW_REASON_FLAG_EVALUATE
Definition: fib_node.h:148
unformat
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:972
unformat_check_input
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:170