25 #ifndef CLIB_MARCH_VARIANT 57 return (gpd - gbp_policy_dpo_pool);
107 if (~0 != sw_if_index)
127 u32 indent = va_arg (*ap,
u32);
131 s =
format (s,
"gbp-policy-dpo: %U, sclass:%d out:%U",
188 "ip4-gbp-policy-dpo",
193 "ip6-gbp-policy-dpo",
222 #define _(sym,str) GBP_POLICY_DPO_ERROR_##sym, 229 #define _(sym,string) string, 256 pnode = (is_ip6 ? GBP_POLICY_NODE_IP6 : GBP_POLICY_NODE_IP4);
258 dpo = &gu->
gu_dpo[pnode][dproto];
272 u32 n_left_from, next_index, *from, *to_next, thread_index;
273 u32 n_allow_intra, n_allow_a_bit;
278 n_allow_intra = n_allow_a_bit = 0;
283 while (n_left_from > 0)
289 while (n_left_from > 0 && n_left_to_next > 0)
318 && (
vnet_buffer2 (b0)->gbp.flags & VXLAN_GBP_GPFLAGS_R))
353 u32 acl_pos_p0, acl_match_p0;
354 u32 rule_match_p0, trace_bitmap0;
369 &pkt_5tuple0, is_ip6,
370 &action0, &acl_pos_p0,
383 case GBP_RULE_PERMIT:
389 case GBP_RULE_REDIRECT:
401 node->
errors[GBP_POLICY_DPO_ERROR_DROP_CONTRACT];
415 node->
errors[GBP_POLICY_DPO_ERROR_DROP_NO_CONTRACT];
441 n_left_to_next, bi0, next0);
447 GBP_POLICY_DPO_ERROR_ALLOW_INTRA,
450 GBP_POLICY_DPO_ERROR_ALLOW_A_BIT,
463 s =
format (s,
" sclass:%d dclass:%d acl-index:%d flags:%U action:%d",
486 .name =
"ip4-gbp-policy-dpo",
487 .vector_size =
sizeof (
u32),
500 .name =
"ip6-gbp-policy-dpo",
501 .vector_size =
sizeof (
u32),
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
dpo_lock_fn_t dv_lock
A reference counting lock function.
static vlib_cli_command_t trace
(constructor) VLIB_CLI_COMMAND (trace)
static char * gbp_policy_dpo_error_strings[]
A virtual function table regisitered for a DPO type.
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 thread_index, u32 index, u64 n_packets, u64 n_bytes)
Increment a combined counter.
vnet_main_t * vnet_get_main(void)
void dpo_copy(dpo_id_t *dst, const dpo_id_t *src)
atomic copy a data-plane object.
u32 index_t
A Data-Path Object is an object that represents actions that are applied to packets are they are swit...
u32 dpo_get_urpf(const dpo_id_t *dpo)
Get a uRPF interface for the DPO.
#define VLIB_NODE_FN(node)
static gbp_rule_t * gbp_rule_get(index_t gui)
vlib_error_t * errors
Vector of errors for this node.
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
static gbp_policy_dpo_t * gbp_policy_dpo_get_from_dpo(const dpo_id_t *dpo)
format_function_t format_vnet_sw_if_index_name
static acl_plugin_methods_t acl_plugin
static const char *const gbp_policy_dpo_ip4_nodes[]
The per-protocol VLIB graph nodes that are assigned to a glean object.
const dpo_id_t * drop_dpo_get(dpo_proto_t proto)
gbp_policy_dpo_t * gbp_policy_dpo_pool
DPO pool.
enum dpo_type_t_ dpo_type_t
Common types of data-path objects New types can be dynamically added using dpo_register_new_type() ...
#define VLIB_INIT_FUNCTION(x)
u8 * format_vxlan_gbp_header_gpflags(u8 *s, va_list *args)
static u32 vxlan_gbp_tunnel_by_sw_if_index(u32 sw_if_index)
static uword gbp_policy_dpo_inline(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame, u8 is_ip6)
static u8 * format_gbp_policy_dpo_trace(u8 *s, va_list *args)
static gbp_policy_dpo_t * gbp_policy_dpo_alloc(void)
u32 gpd_sw_if_index
output sw_if_index
enum dpo_proto_t_ dpo_proto_t
Data path protocol.
static void acl_plugin_fill_5tuple_inline(void *p_acl_main, u32 lc_index, vlib_buffer_t *b0, int is_ip6, int is_input, int is_l2_path, fa_5tuple_opaque_t *p5tuple_pkt)
dpo_type_t dpo_register_new_type(const dpo_vft_t *vft, const char *const *const *nodes)
Create and register a new DPO type.
vlib_error_t error
Error code for buffers to be enqueued to error handler.
static clib_error_t * gbp_policy_dpo_module_init(vlib_main_t *vm)
dpo_type_t gbp_policy_dpo_get_type(void)
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
u8 * format_gbp_policy_dpo(u8 *s, va_list *ap)
static u32 gbp_policy_dpo_get_urpf(const dpo_id_t *dpo)
static void gbp_policy_dpo_lock(dpo_id_t *dpo)
dpo_type_t dpoi_type
the type
index_t * gc_rules
The ACL to apply for packets from the source to the destination EPG.
static const char *const gbp_policy_dpo_ip6_nodes[]
sclass_t gck_src
source and destination EPGs for which the ACL applies
#define pool_put(P, E)
Free an object E in pool P.
gbp_rule_action_t gu_action
static void gbp_policy_dpo_unlock(dpo_id_t *dpo)
#define pool_get_aligned_zero(P, E, A)
Allocate an object E from a pool P with alignment A and zero it.
u32 node_index
Node index.
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
void dvr_dpo_add_or_lock(u32 sw_if_index, dpo_proto_t dproto, dpo_id_t *dpo)
#define VLIB_REGISTER_NODE(x,...)
#define foreach_gbp_policy_error
vlib_combined_counter_main_t gbp_contract_permit_counters
struct gbp_policy_dpo_trace_t_ gbp_policy_dpo_trace_t
dpo_id_t gu_dpo[GBP_POLICY_N_NODES][FIB_PROTOCOL_IP_MAX]
DPO of the load-balance object used to redirect.
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
void dpo_set(dpo_id_t *dpo, dpo_type_t type, dpo_proto_t proto, index_t index)
Set/create a DPO ID The DPO will be locked.
static void gbp_policy_dpo_interpose(const dpo_id_t *original, const dpo_id_t *parent, dpo_id_t *clone)
Interpose a policy DPO.
sclass_t gpd_sclass
SClass.
static const char *const *const gbp_policy_dpo_nodes[DPO_PROTO_NUM]
static gbp_policy_dpo_t * gbp_policy_dpo_get(index_t index)
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
static int acl_plugin_match_5tuple_inline(void *p_acl_main, u32 lc_index, fa_5tuple_opaque_t *pkt_5tuple, int is_ip6, u8 *r_action, u32 *r_acl_pos_p, u32 *r_acl_match_p, u32 *r_rule_match_p, u32 *trace_bitmap)
u16 gpd_locks
number of locks.
dpo_type_t gbp_policy_dpo_type
DPO type registered for these GBP FWD.
vlib_node_registration_t ip4_gbp_policy_dpo_node
(constructor) VLIB_REGISTER_NODE (ip4_gbp_policy_dpo_node)
static gbp_contract_t * gbp_contract_get(index_t gci)
u8 * format_dpo_id(u8 *s, va_list *args)
Format a DPO_id_t oject
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
index_t dpoi_index
the index of objects of that type
static u32 gbp_rule_l3_redirect(const gbp_rule_t *gu, vlib_buffer_t *b0, int is_ip6)
#define INDEX_INVALID
Invalid index - used when no index is known blazoned capitals INVALID speak volumes where ~0 does not...
VLIB buffer representation.
dpo_id_t gpd_dpo
Stacked DPO on DVR/ADJ of output interface.
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
static index_t gbp_policy_dpo_get_index(gbp_policy_dpo_t *gpd)
#define DPO_INVALID
An initialiser for DPOs declared on the stack.
u8 * format_dpo_proto(u8 *s, va_list *args)
format a DPO protocol
void gbp_policy_dpo_add_or_lock(dpo_proto_t dproto, sclass_t sclass, u32 sw_if_index, dpo_id_t *dpo)
Group Base Policy (GBP) defines:
dpo_proto_t gpd_proto
The protocol of packets using this DPO.
enum gbp_policy_node_t_ gbp_policy_node_t
void dpo_reset(dpo_id_t *dpo)
reset a DPO ID The DPO will be unlocked.
u16 dpoi_next_node
The next VLIB node to follow.
vlib_combined_counter_main_t gbp_contract_drop_counters
#define CLIB_CACHE_LINE_BYTES
vlib_node_registration_t ip6_gbp_policy_dpo_node
(constructor) VLIB_REGISTER_NODE (ip6_gbp_policy_dpo_node)
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
static index_t gbp_contract_find(gbp_contract_key_t *key)
A Group Based Policy Contract.
void dpo_stack(dpo_type_t child_type, dpo_proto_t child_proto, dpo_id_t *dpo, const dpo_id_t *parent)
Stack one DPO object on another, and thus establish a child-parent relationship.