ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node

Browse Source 
Bypass node MUST NOT intercept a packet if destination IP doesn’t match
a local address.  However IP address interpretation depends on the VRF,
hence bypass node must take that into account.

This patch also factors-out common VTEP management and checking code.

Type: improvement
Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com>
Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
This commit is contained in:
Nick Zavaritsky
2020-02-27 15:54:58 +00:00
committed by John Lo
parent 297d288ed6
commit 27518c2ffd
18 changed files with 341 additions and 335 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
src/plugins/gtpu/gtpu.c
View File

@@ -298,35 +298,6 @@ gtpu_decap_next_is_valid (gtpu_main_t * gtm, u32 is_ip6, u32 decap_next_index)
return decap_next_index < r->n_next_nodes;
}
static uword
vtep_addr_ref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (gtpu_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (gtpu_main.vtep6, &ip->ip6);
if (vtep)
return ++(*vtep);
ip46_address_is_ip4 (ip) ?
hash_set (gtpu_main.vtep4, ip->ip4.as_u32, 1) :
hash_set_mem_alloc (&gtpu_main.vtep6, &ip->ip6, 1);
return 1;
}
static uword
vtep_addr_unref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (gtpu_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (gtpu_main.vtep6, &ip->ip6);
ALWAYS_ASSERT (vtep);
if (--(*vtep) != 0)
return *vtep;
ip46_address_is_ip4 (ip) ?
hash_unset (gtpu_main.vtep4, ip->ip4.as_u32) :
hash_unset_mem_free (&gtpu_main.vtep6, &ip->ip6);
return 0;
}
typedef CLIB_PACKED (union
{
struct
@@ -498,7 +469,7 @@ int vnet_gtpu_add_del_tunnel
* when the forwarding for the entry updates, and the tunnel can
* re-stack accordingly
*/
vtep_addr_ref (&t->src);
vtep_addr_ref (&gtm->vtep_table, t->encap_fib_index, &t->src);
t->fib_entry_index = fib_entry_track (t->encap_fib_index,
&tun_dst_pfx,
gtm->fib_node_type,
@@ -515,7 +486,8 @@ int vnet_gtpu_add_del_tunnel
*/
fib_protocol_t fp = fib_ip_proto (is_ip6);
if (vtep_addr_ref (&t->dst) == 1)
if (vtep_addr_ref (&gtm->vtep_table,
t->encap_fib_index, &t->dst) == 1)
{
fib_node_index_t mfei;
adj_index_t ai;
@@ -608,10 +580,11 @@ int vnet_gtpu_add_del_tunnel
if (t->flow_index != ~0)
vnet_flow_del (vnm, t->flow_index);
vtep_addr_unref (&t->src);
vtep_addr_unref (&gtm->vtep_table, t->encap_fib_index, &t->src);
fib_entry_untrack (t->fib_entry_index, t->sibling_index);
}
else if (vtep_addr_unref (&t->dst) == 0)
else if (vtep_addr_unref (&gtm->vtep_table,
t->encap_fib_index, &t->dst) == 0)
{
mcast_shared_remove (&t->dst);
}
@@ -1243,7 +1216,7 @@ gtpu_init (vlib_main_t * vm)
gtm->gtpu6_tunnel_by_key = hash_create_mem (0,
sizeof (gtpu6_tunnel_key_t),
sizeof (uword));
gtm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword));
gtm->vtep_table = vtep_table_create ();
gtm->mcast_shared = hash_create_mem (0,
sizeof (ip46_address_t),
sizeof (mcast_shared_t));

4
src/plugins/gtpu/gtpu.h
View File

@@ -23,6 +23,7 @@
#include <vppinfra/hash.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/vtep.h>
#include <vnet/l2/l2_input.h>
#include <vnet/l2/l2_output.h>
#include <vnet/l2/l2_bd.h>
@@ -210,8 +211,7 @@ typedef struct
/* local VTEP IPs ref count used by gtpu-bypass node to check if
received gtpu packet DIP matches any local VTEP address */
uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */
uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */
vtep_table_t vtep_table;
/* mcast shared info */
uword *mcast_shared; /* keyed on mcast ip46 addr */

75
src/plugins/gtpu/gtpu_decap.c
View File

@@ -51,20 +51,7 @@ static u8 * format_gtpu_rx_trace (u8 * s, va_list * args)
always_inline u32
validate_gtpu_fib (vlib_buffer_t *b, gtpu_tunnel_t *t, u32 is_ip4)
{
u32 fib_index, sw_if_index;
sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
if (is_ip4)
fib_index = (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
vec_elt (ip4_main.fib_index_by_sw_if_index, sw_if_index) :
vnet_buffer (b)->sw_if_index[VLIB_TX];
else
fib_index = (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
vec_elt (ip6_main.fib_index_by_sw_if_index, sw_if_index) :
vnet_buffer (b)->sw_if_index[VLIB_TX];
return (fib_index == t->encap_fib_index);
return t->encap_fib_index == vlib_buffer_get_ip_fib_index (b, is_ip4);
}
always_inline uword
@@ -813,8 +800,10 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
gtpu_main_t * gtm = &gtpu_main;
u32 * from, * to_next, n_left_from, n_left_to_next, next_index;
vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip4_input_node.index);
ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
vtep4_key_t last_vtep4; /* last IPv4 address / fib index
matching a local VTEP address */
vtep6_key_t last_vtep6; /* last IPv6 address / fib index
matching a local VTEP address */
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -823,8 +812,10 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
if (is_ip4) addr4.data_u32 = ~0;
else ip6_address_set_zero (&addr6);
if (is_ip4)
vtep4_key_init (&last_vtep4);
else
vtep6_key_init (&last_vtep6);
while (n_left_from > 0)
{
@@ -908,21 +899,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs*/
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (gtm->vtep4, ip40->dst_address.as_u32))
goto exit0; /* no local VTEP for GTPU packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&gtm->vtep_table, b0, ip40, &last_vtep4))
goto exit0; /* no local VTEP for GTPU packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (gtm->vtep6, &ip60->dst_address))
goto exit0; /* no local VTEP for GTPU packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&gtm->vtep_table, b0, ip60, &last_vtep6))
goto exit0; /* no local VTEP for GTPU packet */
}
flags0 = b0->flags;
@@ -990,21 +973,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs*/
if (is_ip4)
{
if (addr4.as_u32 != ip41->dst_address.as_u32)
{
if (!hash_get (gtm->vtep4, ip41->dst_address.as_u32))
goto exit1; /* no local VTEP for GTPU packet */
addr4 = ip41->dst_address;
}
if (!vtep4_check (&gtm->vtep_table, b1, ip41, &last_vtep4))
goto exit1; /* no local VTEP for GTPU packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
{
if (!hash_get_mem (gtm->vtep6, &ip61->dst_address))
goto exit1; /* no local VTEP for GTPU packet */
addr6 = ip61->dst_address;
}
if (!vtep6_check (&gtm->vtep_table, b1, ip61, &last_vtep6))
goto exit1; /* no local VTEP for GTPU packet */
}
flags1 = b1->flags;
@@ -1108,21 +1083,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs*/
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (gtm->vtep4, ip40->dst_address.as_u32))
goto exit; /* no local VTEP for GTPU packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&gtm->vtep_table, b0, ip40, &last_vtep4))
goto exit; /* no local VTEP for GTPU packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (gtm->vtep6, &ip60->dst_address))
goto exit; /* no local VTEP for GTPU packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&gtm->vtep_table, b0, ip60, &last_vtep6))
goto exit; /* no local VTEP for GTPU packet */
}
flags0 = b0->flags;

1
src/vnet/CMakeLists.txt
View File

@@ -460,6 +460,7 @@ list(APPEND VNET_SOURCES
ip/punt_api.c
ip/punt.c
ip/punt_node.c
ip/vtep.c
)
list(APPEND VNET_MULTIARCH_SOURCES

58
src/vnet/geneve/decap.c
View File

@@ -865,8 +865,10 @@ ip_geneve_bypass_inline (vlib_main_t * vm,
u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
vlib_node_runtime_t *error_node =
vlib_node_get_runtime (vm, ip4_input_node.index);
ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
vtep4_key_t last_vtep4; /* last IPv4 address / fib index
matching a local VTEP address */
vtep6_key_t last_vtep6; /* last IPv6 address / fib index
matching a local VTEP address */
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -876,9 +878,9 @@ ip_geneve_bypass_inline (vlib_main_t * vm,
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
if (is_ip4)
addr4.data_u32 = ~0;
vtep4_key_init (&last_vtep4);
else
ip6_address_set_zero (&addr6);
vtep6_key_init (&last_vtep6);
while (n_left_from > 0)
{
@@ -962,21 +964,13 @@ ip_geneve_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
goto exit0; /* no local VTEP for GENEVE packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4))
goto exit0; /* no local VTEP for GENEVE packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
goto exit0; /* no local VTEP for GENEVE packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6))
goto exit0; /* no local VTEP for GENEVE packet */
}
flags0 = b0->flags;
@@ -1048,21 +1042,13 @@ ip_geneve_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip41->dst_address.as_u32)
{
if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32))
goto exit1; /* no local VTEP for GENEVE packet */
addr4 = ip41->dst_address;
}
if (!vtep4_check (&vxm->vtep_table, b1, ip41, &last_vtep4))
goto exit1; /* no local VTEP for GENEVE packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
{
if (!hash_get_mem (vxm->vtep6, &ip61->dst_address))
goto exit1; /* no local VTEP for GENEVE packet */
addr6 = ip61->dst_address;
}
if (!vtep6_check (&vxm->vtep_table, b1, ip61, &last_vtep6))
goto exit1; /* no local VTEP for GENEVE packet */
}
flags1 = b1->flags;
@@ -1170,21 +1156,13 @@ ip_geneve_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
goto exit; /* no local VTEP for GENEVE packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4))
goto exit; /* no local VTEP for GENEVE packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
goto exit; /* no local VTEP for GENEVE packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6))
goto exit; /* no local VTEP for GENEVE packet */
}
flags0 = b0->flags;

41
src/vnet/geneve/geneve.c
View File

@@ -292,35 +292,6 @@ geneve_decap_next_is_valid (geneve_main_t * vxm, u32 is_ip6,
return decap_next_index < r->n_next_nodes;
}
static uword
vtep_addr_ref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (geneve_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (geneve_main.vtep6, &ip->ip6);
if (vtep)
return ++(*vtep);
ip46_address_is_ip4 (ip) ?
hash_set (geneve_main.vtep4, ip->ip4.as_u32, 1) :
hash_set_mem_alloc (&geneve_main.vtep6, &ip->ip6, 1);
return 1;
}
static uword
vtep_addr_unref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (geneve_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (geneve_main.vtep6, &ip->ip6);
ALWAYS_ASSERT (vtep);
if (--(*vtep) != 0)
return *vtep;
ip46_address_is_ip4 (ip) ?
hash_unset (geneve_main.vtep4, ip->ip4.as_u32) :
hash_unset_mem_free (&geneve_main.vtep6, &ip->ip6);
return 0;
}
typedef CLIB_PACKED (union
{
struct
@@ -498,7 +469,7 @@ int vnet_geneve_add_del_tunnel
* when the forwarding for the entry updates, and the tunnel can
* re-stack accordingly
*/
vtep_addr_ref (&t->local);
vtep_addr_ref (&vxm->vtep_table, t->encap_fib_index, &t->local);
t->fib_entry_index = fib_entry_track (t->encap_fib_index,
&tun_remote_pfx,
FIB_NODE_TYPE_GENEVE_TUNNEL,
@@ -515,7 +486,8 @@ int vnet_geneve_add_del_tunnel
*/
fib_protocol_t fp = fib_ip_proto (is_ip6);
if (vtep_addr_ref (&t->remote) == 1)
if (vtep_addr_ref (&vxm->vtep_table,
t->encap_fib_index, &t->remote) == 1)
{
fib_node_index_t mfei;
adj_index_t ai;
@@ -604,10 +576,11 @@ int vnet_geneve_add_del_tunnel
if (!ip46_address_is_multicast (&t->remote))
{
vtep_addr_unref (&t->local);
vtep_addr_unref (&vxm->vtep_table, t->encap_fib_index, &t->local);
fib_entry_untrack (t->fib_entry_index, t->sibling_index);
}
else if (vtep_addr_unref (&t->remote) == 0)
else if (vtep_addr_unref (&vxm->vtep_table,
t->encap_fib_index, &t->remote) == 0)
{
mcast_shared_remove (&t->remote);
}
@@ -1118,7 +1091,7 @@ geneve_init (vlib_main_t * vm)
vxm->geneve6_tunnel_by_key = hash_create_mem (0,
sizeof (geneve6_tunnel_key_t),
sizeof (uword));
vxm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword));
vxm->vtep_table = vtep_table_create ();
vxm->mcast_shared = hash_create_mem (0,
sizeof (ip46_address_t),
sizeof (mcast_shared_t));

4
src/vnet/geneve/geneve.h
View File

@@ -19,6 +19,7 @@
#include <vppinfra/hash.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/vtep.h>
#include <vnet/l2/l2_input.h>
#include <vnet/l2/l2_output.h>
#include <vnet/l2/l2_bd.h>
@@ -167,8 +168,7 @@ typedef struct
/* local VTEP IPs ref count used by geneve-bypass node to check if
received GENEVE packet DIP matches any local VTEP address */
uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */
uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */
vtep_table_t vtep_table;
/* mcast shared info */
uword *mcast_shared; /* keyed on mcast ip46 addr */

9
src/vnet/ip/ip.h
View File

@@ -289,6 +289,15 @@ void ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen,
void ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask);
u32 ip6_mask_to_preflen (ip6_address_t * mask);
always_inline u32 vlib_buffer_get_ip4_fib_index (vlib_buffer_t * b);
always_inline u32 vlib_buffer_get_ip6_fib_index (vlib_buffer_t * b);
always_inline u32
vlib_buffer_get_ip_fib_index (vlib_buffer_t * b, u8 is_ip4)
{
return (is_ip4 ? vlib_buffer_get_ip4_fib_index
: vlib_buffer_get_ip6_fib_index) (b);
}
#endif /* included_ip_main_h */
/*

10
src/vnet/ip/ip4.h
View File

@@ -410,6 +410,16 @@ vlib_buffer_push_ip4 (vlib_main_t * vm, vlib_buffer_t * b,
return ih;
}
always_inline u32
vlib_buffer_get_ip4_fib_index (vlib_buffer_t * b)
{
u32 fib_index, sw_if_index;
sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
fib_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
return (fib_index == (u32) ~ 0) ?
vec_elt (ip4_main.fib_index_by_sw_if_index, sw_if_index) : fib_index;
}
#endif /* included_ip_ip4_h */
/*

10
src/vnet/ip/ip6.h
View File

@@ -608,6 +608,16 @@ vlib_buffer_push_ip6 (vlib_main_t * vm, vlib_buffer_t * b,
0 /* flow label */ );
}
always_inline u32
vlib_buffer_get_ip6_fib_index (vlib_buffer_t * b)
{
u32 fib_index, sw_if_index;
sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
fib_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
return (fib_index == (u32) ~ 0) ?
vec_elt (ip6_main.fib_index_by_sw_if_index, sw_if_index) : fib_index;
}
#endif /* included_ip_ip6_h */
/*

55
src/vnet/ip/vtep.c Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <vnet/ip/vtep.h>
uword
vtep_addr_ref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip)
{
vtep4_key_t key4 = {.addr = ip->ip4,.fib_index = fib_index };
vtep6_key_t key6 = {.addr = ip->ip6,.fib_index = fib_index };
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (t->vtep4, key4.as_u64) : hash_get_mem (t->vtep6, &key6);
if (vtep)
return ++(*vtep);
ip46_address_is_ip4 (ip) ?
hash_set (t->vtep4, key4.as_u64, 1) :
hash_set_mem_alloc (&t->vtep6, &key6, 1);
return 1;
}
uword
vtep_addr_unref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip)
{
vtep4_key_t key4 = {.addr = ip->ip4,.fib_index = fib_index };
vtep6_key_t key6 = {.addr = ip->ip6,.fib_index = fib_index };
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (t->vtep4, key4.as_u64) : hash_get_mem (t->vtep6, &key6);
ALWAYS_ASSERT (vtep);
if (--(*vtep) != 0)
return *vtep;
ip46_address_is_ip4 (ip) ?
hash_unset (t->vtep4, key4.as_u64) :
hash_unset_mem_free (&t->vtep6, &key6);
return 0;
}
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/

142
src/vnet/ip/vtep.h Normal file
View File

@@ -0,0 +1,142 @@
/*
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef included_ip_vtep_h
#define included_ip_vtep_h
#include <vppinfra/hash.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip4.h>
#include <vnet/ip/ip6.h>
/**
* @brief Tunnel endpoint key (IPv4)
*
* Tunnel modules maintain a set of vtep4_key_t-s to track local IP
* addresses that have tunnels established. Bypass node consults the
* corresponding set to decide whether a packet should bypass normal
* processing and go directly to the tunnel protocol handler node.
*/
/* *INDENT-OFF* */
typedef CLIB_PACKED
(struct {
union {
struct {
ip4_address_t addr;
u32 fib_index;
};
u64 as_u64;
};
}) vtep4_key_t;
/* *INDENT-ON* */
/**
* @brief Tunnel endpoint key (IPv6)
*
* Tunnel modules maintain a set of vtep6_key_t-s to track local IP
* addresses that have tunnels established. Bypass node consults the
* corresponding set to decide whether a packet should bypass normal
* processing and go directly to the tunnel protocol handler node.
*/
/* *INDENT-OFF* */
typedef CLIB_PACKED
(struct {
ip6_address_t addr;
u32 fib_index;
}) vtep6_key_t;
/* *INDENT-ON* */
typedef struct
{
uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr + fib_index */
uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr + fib_index */
} vtep_table_t;
always_inline vtep_table_t
vtep_table_create ()
{
vtep_table_t t = { };
t.vtep6 = hash_create_mem (0, sizeof (vtep6_key_t), sizeof (uword));
return t;
}
uword vtep_addr_ref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip);
uword vtep_addr_unref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip);
always_inline void
vtep4_key_init (vtep4_key_t * k4)
{
k4->as_u64 = ~((u64) 0);
}
always_inline void
vtep6_key_init (vtep6_key_t * k6)
{
ip6_address_set_zero (&k6->addr);
k6->fib_index = (u32) ~ 0;
}
enum
{
VTEP_CHECK_FAIL = 0,
VTEP_CHECK_PASS = 1,
VTEP_CHECK_PASS_UNCHANGED = 2
};
always_inline u8
vtep4_check (vtep_table_t * t, vlib_buffer_t * b0, ip4_header_t * ip40,
vtep4_key_t * last_k4)
{
vtep4_key_t k4;
k4.addr.as_u32 = ip40->dst_address.as_u32;
k4.fib_index = vlib_buffer_get_ip4_fib_index (b0);
if (PREDICT_TRUE (k4.as_u64 == last_k4->as_u64))
return VTEP_CHECK_PASS_UNCHANGED;
if (PREDICT_FALSE (!hash_get (t->vtep4, k4.as_u64)))
return VTEP_CHECK_FAIL;
last_k4->as_u64 = k4.as_u64;
return VTEP_CHECK_PASS;
}
always_inline u8
vtep6_check (vtep_table_t * t, vlib_buffer_t * b0, ip6_header_t * ip60,
vtep6_key_t * last_k6)
{
vtep6_key_t k6;
k6.fib_index = vlib_buffer_get_ip6_fib_index (b0);
if (PREDICT_TRUE (k6.fib_index == last_k6->fib_index
&& ip60->dst_address.as_u64[0] == last_k6->addr.as_u64[0]
&& ip60->dst_address.as_u64[1] ==
last_k6->addr.as_u64[1]))
{
return VTEP_CHECK_PASS_UNCHANGED;
}
k6.addr = ip60->dst_address;
if (PREDICT_FALSE (!hash_get_mem (t->vtep6, &k6)))
return VTEP_CHECK_FAIL;
*last_k6 = k6;
return VTEP_CHECK_PASS;
}
#endif /* included_ip_vtep_h */
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/

58
src/vnet/vxlan-gpe/decap.c
View File

@@ -788,8 +788,10 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm,
u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
vlib_node_runtime_t *error_node =
vlib_node_get_runtime (vm, ip4_input_node.index);
ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
vtep4_key_t last_vtep4; /* last IPv4 address / fib index
matching a local VTEP address */
vtep6_key_t last_vtep6; /* last IPv6 address / fib index
matching a local VTEP address */
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -799,9 +801,9 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm,
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
if (is_ip4)
addr4.data_u32 = ~0;
vtep4_key_init (&last_vtep4);
else
ip6_address_set_zero (&addr6);
vtep6_key_init (&last_vtep6);
while (n_left_from > 0)
{
@@ -883,21 +885,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32))
goto exit0; /* no local VTEP for VXLAN packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4))
goto exit0; /* no local VTEP for VXLAN packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (ngm->vtep6, &ip60->dst_address))
goto exit0; /* no local VTEP for VXLAN packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6))
goto exit0; /* no local VTEP for VXLAN packet */
}
flags0 = b0->flags;
@@ -969,21 +963,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip41->dst_address.as_u32)
{
if (!hash_get (ngm->vtep4, ip41->dst_address.as_u32))
goto exit1; /* no local VTEP for VXLAN packet */
addr4 = ip41->dst_address;
}
if (!vtep4_check (&ngm->vtep_table, b1, ip41, &last_vtep4))
goto exit1; /* no local VTEP for VXLAN packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
{
if (!hash_get_mem (ngm->vtep6, &ip61->dst_address))
goto exit1; /* no local VTEP for VXLAN packet */
addr6 = ip61->dst_address;
}
if (!vtep6_check (&ngm->vtep_table, b1, ip61, &last_vtep6))
goto exit1; /* no local VTEP for VXLAN packet */
}
flags1 = b1->flags;
@@ -1089,21 +1075,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32))
goto exit; /* no local VTEP for VXLAN packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4))
goto exit; /* no local VTEP for VXLAN packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (ngm->vtep6, &ip60->dst_address))
goto exit; /* no local VTEP for VXLAN packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6))
goto exit; /* no local VTEP for VXLAN packet */
}
flags0 = b0->flags;

41
src/vnet/vxlan-gpe/vxlan_gpe.c
View File

@@ -384,35 +384,6 @@ vxlan6_gpe_rewrite (vxlan_gpe_tunnel_t * t, u32 extension_size,
return (0);
}
static uword
vtep_addr_ref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (vxlan_gpe_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (vxlan_gpe_main.vtep6, &ip->ip6);
if (vtep)
return ++(*vtep);
ip46_address_is_ip4 (ip) ?
hash_set (vxlan_gpe_main.vtep4, ip->ip4.as_u32, 1) :
hash_set_mem_alloc (&vxlan_gpe_main.vtep6, &ip->ip6, 1);
return 1;
}
static uword
vtep_addr_unref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (vxlan_gpe_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (vxlan_gpe_main.vtep6, &ip->ip6);
ALWAYS_ASSERT (vtep);
if (--(*vtep) != 0)
return *vtep;
ip46_address_is_ip4 (ip) ?
hash_unset (vxlan_gpe_main.vtep4, ip->ip4.as_u32) :
hash_unset_mem_free (&vxlan_gpe_main.vtep6, &ip->ip6);
return 0;
}
/* *INDENT-OFF* */
typedef CLIB_PACKED(union {
struct {
@@ -620,7 +591,7 @@ int vnet_vxlan_gpe_add_del_tunnel
* when the forwarding for the entry updates, and the tunnel can
* re-stack accordingly
*/
vtep_addr_ref (&t->local);
vtep_addr_ref (&ngm->vtep_table, t->encap_fib_index, &t->local);
t->fib_entry_index = fib_entry_track (t->encap_fib_index,
&tun_remote_pfx,
FIB_NODE_TYPE_VXLAN_GPE_TUNNEL,
@@ -637,7 +608,8 @@ int vnet_vxlan_gpe_add_del_tunnel
*/
fib_protocol_t fp = fib_ip_proto (is_ip6);
if (vtep_addr_ref (&t->remote) == 1)
if (vtep_addr_ref (&ngm->vtep_table,
t->encap_fib_index, &t->remote) == 1)
{
fib_node_index_t mfei;
adj_index_t ai;
@@ -726,10 +698,11 @@ int vnet_vxlan_gpe_add_del_tunnel
if (!ip46_address_is_multicast (&t->remote))
{
vtep_addr_unref (&t->local);
vtep_addr_unref (&ngm->vtep_table, t->encap_fib_index, &t->local);
fib_entry_untrack (t->fib_entry_index, t->sibling_index);
}
else if (vtep_addr_unref (&t->remote) == 0)
else if (vtep_addr_unref (&ngm->vtep_table,
t->encap_fib_index, &t->remote) == 0)
{
mcast_shared_remove (&t->remote);
}
@@ -1261,7 +1234,7 @@ vxlan_gpe_init (vlib_main_t * vm)
ngm->mcast_shared = hash_create_mem (0,
sizeof (ip46_address_t),
sizeof (mcast_shared_t));
ngm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword));
ngm->vtep_table = vtep_table_create ();
/* Register the list of standard decap protocols supported */
vxlan_gpe_register_decap_protocol (VXLAN_GPE_PROTOCOL_IP4,

4
src/vnet/vxlan-gpe/vxlan_gpe.h
View File

@@ -24,6 +24,7 @@
#include <vppinfra/hash.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/vtep.h>
#include <vnet/l2/l2_input.h>
#include <vnet/l2/l2_output.h>
#include <vnet/l2/l2_bd.h>
@@ -205,8 +206,7 @@ typedef struct
/* local VTEP IPs ref count used by vxlan-bypass node to check if
received VXLAN packet DIP matches any local VTEP address */
uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */
uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */
vtep_table_t vtep_table;
/* mcast shared info */
uword *mcast_shared; /* keyed on mcast ip46 addr */
/** Free vlib hw_if_indices */

78
src/vnet/vxlan/decap.c
View File

@@ -46,20 +46,6 @@ format_vxlan_rx_trace (u8 * s, va_list * args)
t->tunnel_index, t->vni, t->next_index, t->error);
}
always_inline u32
buf_fib_index (vlib_buffer_t * b, u32 is_ip4)
{
u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
if (sw_if_index != (u32) ~ 0)
return sw_if_index;
u32 *fib_index_by_sw_if_index = is_ip4 ?
ip4_main.fib_index_by_sw_if_index : ip6_main.fib_index_by_sw_if_index;
sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
return vec_elt (fib_index_by_sw_if_index, sw_if_index);
}
typedef vxlan4_tunnel_key_t last_tunnel_cache4;
static const vxlan_decap_info_t decap_not_found = {
@@ -246,8 +232,8 @@ vxlan_input (vlib_main_t * vm,
vlib_buffer_advance (b[0], sizeof *vxlan0);
vlib_buffer_advance (b[1], sizeof *vxlan1);
u32 fi0 = buf_fib_index (b[0], is_ip4);
u32 fi1 = buf_fib_index (b[1], is_ip4);
u32 fi0 = vlib_buffer_get_ip_fib_index (b[0], is_ip4);
u32 fi1 = vlib_buffer_get_ip_fib_index (b[1], is_ip4);
vxlan_decap_info_t di0 = is_ip4 ?
vxlan4_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan0, &stats_if0) :
@@ -349,7 +335,7 @@ vxlan_input (vlib_main_t * vm,
/* pop (ip, udp, vxlan) */
vlib_buffer_advance (b[0], sizeof (*vxlan0));
u32 fi0 = buf_fib_index (b[0], is_ip4);
u32 fi0 = vlib_buffer_get_ip_fib_index (b[0], is_ip4);
vxlan_decap_info_t di0 = is_ip4 ?
vxlan4_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan0, &stats_if0) :
@@ -468,8 +454,10 @@ ip_vxlan_bypass_inline (vlib_main_t * vm,
u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
vlib_node_runtime_t *error_node =
vlib_node_get_runtime (vm, ip4_input_node.index);
ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
vtep4_key_t last_vtep4; /* last IPv4 address / fib index
matching a local VTEP address */
vtep6_key_t last_vtep6; /* last IPv6 address / fib index
matching a local VTEP address */
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -479,9 +467,9 @@ ip_vxlan_bypass_inline (vlib_main_t * vm,
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
if (is_ip4)
addr4.data_u32 = ~0;
vtep4_key_init (&last_vtep4);
else
ip6_address_set_zero (&addr6);
vtep6_key_init (&last_vtep6);
while (n_left_from > 0)
{
@@ -565,21 +553,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
goto exit0; /* no local VTEP for VXLAN packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4))
goto exit0; /* no local VTEP for VXLAN packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
goto exit0; /* no local VTEP for VXLAN packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6))
goto exit0; /* no local VTEP for VXLAN packet */
}
flags0 = b0->flags;
@@ -651,21 +631,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip41->dst_address.as_u32)
{
if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32))
goto exit1; /* no local VTEP for VXLAN packet */
addr4 = ip41->dst_address;
}
if (!vtep4_check (&vxm->vtep_table, b1, ip41, &last_vtep4))
goto exit1; /* no local VTEP for VXLAN packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
{
if (!hash_get_mem (vxm->vtep6, &ip61->dst_address))
goto exit1; /* no local VTEP for VXLAN packet */
addr6 = ip61->dst_address;
}
if (!vtep6_check (&vxm->vtep_table, b1, ip61, &last_vtep6))
goto exit1; /* no local VTEP for VXLAN packet */
}
flags1 = b1->flags;
@@ -773,21 +745,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs */
if (is_ip4)
{
if (addr4.as_u32 != ip40->dst_address.as_u32)
{
if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
goto exit; /* no local VTEP for VXLAN packet */
addr4 = ip40->dst_address;
}
if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4))
goto exit; /* no local VTEP for VXLAN packet */
}
else
{
if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
{
if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
goto exit; /* no local VTEP for VXLAN packet */
addr6 = ip60->dst_address;
}
if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6))
goto exit; /* no local VTEP for VXLAN packet */
}
flags0 = b0->flags;

41
src/vnet/vxlan/vxlan.c
View File

@@ -291,35 +291,6 @@ vxlan_decap_next_is_valid (vxlan_main_t * vxm, u32 is_ip6,
return decap_next_index < r->n_next_nodes;
}
static uword
vtep_addr_ref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (vxlan_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (vxlan_main.vtep6, &ip->ip6);
if (vtep)
return ++(*vtep);
ip46_address_is_ip4 (ip) ?
hash_set (vxlan_main.vtep4, ip->ip4.as_u32, 1) :
hash_set_mem_alloc (&vxlan_main.vtep6, &ip->ip6, 1);
return 1;
}
static uword
vtep_addr_unref (ip46_address_t * ip)
{
uword *vtep = ip46_address_is_ip4 (ip) ?
hash_get (vxlan_main.vtep4, ip->ip4.as_u32) :
hash_get_mem (vxlan_main.vtep6, &ip->ip6);
ALWAYS_ASSERT (vtep);
if (--(*vtep) != 0)
return *vtep;
ip46_address_is_ip4 (ip) ?
hash_unset (vxlan_main.vtep4, ip->ip4.as_u32) :
hash_unset_mem_free (&vxlan_main.vtep6, &ip->ip6);
return 0;
}
/* *INDENT-OFF* */
typedef CLIB_PACKED(union
{
@@ -513,7 +484,7 @@ int vnet_vxlan_add_del_tunnel
* when the forwarding for the entry updates, and the tunnel can
* re-stack accordingly
*/
vtep_addr_ref (&t->src);
vtep_addr_ref (&vxm->vtep_table, t->encap_fib_index, &t->src);
t->fib_entry_index = fib_entry_track (t->encap_fib_index,
&tun_dst_pfx,
FIB_NODE_TYPE_VXLAN_TUNNEL,
@@ -530,7 +501,8 @@ int vnet_vxlan_add_del_tunnel
*/
fib_protocol_t fp = fib_ip_proto (is_ip6);
if (vtep_addr_ref (&t->dst) == 1)
if (vtep_addr_ref (&vxm->vtep_table,
t->encap_fib_index, &t->dst) == 1)
{
fib_node_index_t mfei;
adj_index_t ai;
@@ -619,10 +591,11 @@ int vnet_vxlan_add_del_tunnel
if (t->flow_index != ~0)
vnet_flow_del (vnm, t->flow_index);
vtep_addr_unref (&t->src);
vtep_addr_unref (&vxm->vtep_table, t->encap_fib_index, &t->src);
fib_entry_untrack (t->fib_entry_index, t->sibling_index);
}
else if (vtep_addr_unref (&t->dst) == 0)
else if (vtep_addr_unref (&vxm->vtep_table,
t->encap_fib_index, &t->dst) == 0)
{
mcast_shared_remove (&t->dst);
}
@@ -1261,7 +1234,7 @@ vxlan_init (vlib_main_t * vm)
VXLAN_HASH_NUM_BUCKETS, VXLAN_HASH_MEMORY_SIZE);
clib_bihash_init_24_8 (&vxm->vxlan6_tunnel_by_key, "vxlan6",
VXLAN_HASH_NUM_BUCKETS, VXLAN_HASH_MEMORY_SIZE);
vxm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword));
vxm->vtep_table = vtep_table_create ();
vxm->mcast_shared = hash_create_mem (0,
sizeof (ip46_address_t),
sizeof (mcast_shared_t));

4
src/vnet/vxlan/vxlan.h
View File

@@ -21,6 +21,7 @@
#include <vppinfra/bihash_24_8.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/vtep.h>
#include <vnet/l2/l2_input.h>
#include <vnet/l2/l2_output.h>
#include <vnet/l2/l2_bd.h>
@@ -163,8 +164,7 @@ typedef struct
/* local VTEP IPs ref count used by vxlan-bypass node to check if
received VXLAN packet DIP matches any local VTEP address */
uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */
uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */
vtep_table_t vtep_table;
/* mcast shared info */
uword *mcast_shared; /* keyed on mcast ip46 addr */