Support proxy ARP on mirrored TAP interfaces

When VPP has an interface whose address is also applied to a TAP interface on the host, then VPP's TAP interface will be unnumbered to the 'real' interface and do proxy ARP from the host. the curious aspect of this setup is that ARP requests from the host will come from the VPP's own address. Change-Id: Ia238790e1034ba3cd3facdab29387b65a31525f2 Signed-off-by: Neale Ranns <nranns@cisco.com>
2017-08-15 05:33:11 -07:00
parent e9ab1c0b4a
commit 24b170aac5
3 changed files with 86 additions and 4 deletions
--- a/src/vnet/ethernet/arp.c
+++ b/src/vnet/ethernet/arp.c
@ -1004,7 +1004,17 @@ arp_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
                  if (FIB_ENTRY_FLAG_LOCAL & src_flags)
                    {
                      error0 = ETHERNET_ARP_ERROR_l3_src_address_is_local;
-                      goto drop2;
+                      /*
+                       * When VPP has an interface whose address is also
+                       * applied to a TAP interface on the host, then VPP's
+                       * TAP interface will be unnumbered  to the 'real'
+                       * interface and do proxy ARP from the host.
+                       * The curious aspect of this setup is that ARP requests
+                       * from the host will come from the VPP's own address.
+                       * So don't drop immediately here, instead go see if this
+                       * is a proxy ARP case.
+                       */
+                      goto drop1;
                    }
                  /* A Source must also be local to subnet of matching
                   * interface address. */
@ -1151,9 +1161,11 @@ arp_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
 		}
 	    }

-	  /* We are going to reply to this request, so learn the sender */
-	  error0 = arp_learn (vnm, am, sw_if_index0,
-			      &arp0->ip4_over_ethernet[1]);
+	  /* We are going to reply to this request, so, in the absence of
+	     errors, learn the sender */
+	  if (!error0)
+	    error0 = arp_learn (vnm, am, sw_if_index0,
+				&arp0->ip4_over_ethernet[1]);

 	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
 					   n_left_to_next, pi0, next0);
--- a/test/test_neighbor.py
+++ b/test/test_neighbor.py
@ -657,6 +657,70 @@ class ARPTestCase(VppTestCase):
        self.pg2.admin_down()
        self.pg1.admin_down()

+    def test_proxy_mirror_arp(self):
+        """ Interface Mirror Proxy ARP """
+
+        #
+        # When VPP has an interface whose address is also applied to a TAP
+        # interface on the host, then VPP's TAP interface will be unnumbered
+        # to the 'real' interface and do proxy ARP from the host.
+        # the curious aspect of this setup is that ARP requests from the host
+        # will come from the VPP's own address.
+        #
+        self.pg0.generate_remote_hosts(2)
+
+        arp_req_from_me = (Ether(src=self.pg2.remote_mac,
+                                 dst="ff:ff:ff:ff:ff:ff") /
+                           ARP(op="who-has",
+                               hwsrc=self.pg2.remote_mac,
+                               pdst=self.pg0.remote_hosts[1].ip4,
+                               psrc=self.pg0.local_ip4))
+
+        #
+        # Configure Proxy ARP for the subnet on PG0addresses on pg0
+        #
+        self.vapi.proxy_arp_add_del(self.pg0._local_ip4n_subnet,
+                                    self.pg0._local_ip4n_bcast)
+
+        # Make pg2 un-numbered to pg0
+        #
+        self.pg2.set_unnumbered(self.pg0.sw_if_index)
+
+        #
+        # Enable pg2 for proxy ARP
+        #
+        self.pg2.set_proxy_arp()
+
+        #
+        # Send the ARP request with an originating address that
+        # is VPP's own address
+        #
+        self.pg2.add_stream(arp_req_from_me)
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+
+        rx = self.pg2.get_capture(1)
+        self.verify_arp_resp(rx[0],
+                             self.pg2.local_mac,
+                             self.pg2.remote_mac,
+                             self.pg0.remote_hosts[1].ip4,
+                             self.pg0.local_ip4)
+
+        #
+        # validate we have not learned an ARP entry as a result of this
+        #
+        self.assertFalse(find_nbr(self,
+                                  self.pg2.sw_if_index,
+                                  self.pg0.local_ip4))
+
+        #
+        # cleanup
+        #
+        self.pg2.set_proxy_arp(0)
+        self.vapi.proxy_arp_add_del(self.pg0._local_ip4n_subnet,
+                                    self.pg0._local_ip4n_bcast,
+                                    is_add=0)
+
    def test_proxy_arp(self):
        """ Proxy ARP """

--- a/test/vpp_interface.py
+++ b/test/vpp_interface.py
@ -163,6 +163,12 @@ class VppInterface(object):

        self._local_ip4 = "172.16.%u.1" % self.sw_if_index
        self._local_ip4n = socket.inet_pton(socket.AF_INET, self.local_ip4)
+        self._local_ip4_subnet = "172.16.%u.0" % self.sw_if_index
+        self._local_ip4n_subnet = socket.inet_pton(socket.AF_INET,
+                                                   self._local_ip4_subnet)
+        self._local_ip4_bcast = "172.16.%u.255" % self.sw_if_index
+        self._local_ip4n_bcast = socket.inet_pton(socket.AF_INET,
+                                                  self._local_ip4_bcast)
        self.local_ip4_prefix_len = 24
        self.has_ip4_config = False
        self.ip4_table_id = 0