diff options
| author |   Stanislav Zaikin <zstaseg@gmail.com> | 2021-07-15 16:27:29 +0200 |
|---|---|---|
| committer |   Neale Ranns <neale@graphiant.com> | 2021-07-28 08:25:38 +0000 |
| commit | 328b5dadb35916e8147237f2339dd5f4c38912fc (patch) | |
| tree | fba6fb6990a21baa5ad5b830ba5a4a21a87b2dcc | |
| parent | a44a0c038f5aee70876e240d7a59aaeb79debc4c (diff) | |
gre: set proper fib index for unnumbered interfaces, unset fib index before forwarding gre payload
This commit introduces 2 fixes:
1) After GRE decapsulation sw_if_index[VLIB_TX] is set as fib index of GRE tunnel.
But since GRE tunnel can work on v4 endpoints and have v6 payload, we need to reset it.
In case we get IPv6 packet inside IPv4 GRE tunnel (or vice-versa) fib index can be (and usually is) invalid.
2) Check that ip-table and ip6-table are the same when setting interface as an unnumbered one.
Also, fix for the pipe test include setting the right unnumbered interface for the pipes
Type: fix
Signed-off-by: Stanislav Zaikin <zstaseg@gmail.com>
Change-Id: Id13d239cfdd21e0db6b1c9725f01c40d4af4d800
| -rw-r--r-- | src/vnet/gre/node.c | 5 | ||||
| -rw-r--r-- | src/vnet/interface.c | 42 | ||||
| -rw-r--r-- | src/vnet/interface_api.c | 4 | ||||
| -rw-r--r-- | src/vnet/interface_cli.c | 19 | ||||
| -rw-r--r-- | src/vnet/interface_funcs.h | 4 | ||||
| -rw-r--r-- | test/test_pipe.py | 16 |
6 files changed, 76 insertions, 14 deletions
diff --git a/src/vnet/gre/node.c b/src/vnet/gre/node.c index 92523069f05..fdd3118bf3c 100644 --- a/src/vnet/gre/node.c +++ b/src/vnet/gre/node.c @@ -301,6 +301,9 @@ gre_input (vlib_main_t * vm, vnet_buffer (b[1])->sw_if_index[VLIB_RX] = tun_sw_if_index[1]; } + vnet_buffer (b[0])->sw_if_index[VLIB_TX] = (u32) ~0; + vnet_buffer (b[1])->sw_if_index[VLIB_TX] = (u32) ~0; + if (PREDICT_FALSE (b[0]->flags & VLIB_BUFFER_IS_TRACED)) gre_trace (vm, node, b[0], tun_sw_if_index[0], ip6[0], ip4[0], is_ipv6); @@ -411,6 +414,8 @@ gre_input (vlib_main_t * vm, vnet_buffer (b[0])->sw_if_index[VLIB_RX] = tun_sw_if_index[0]; } + vnet_buffer (b[0])->sw_if_index[VLIB_TX] = (u32) ~0; + if (PREDICT_FALSE (b[0]->flags & VLIB_BUFFER_IS_TRACED)) gre_trace (vm, node, b[0], tun_sw_if_index[0], ip6[0], ip4[0], is_ipv6); diff --git a/src/vnet/interface.c b/src/vnet/interface.c index 44ea52a870d..e79722d0461 100644 --- a/src/vnet/interface.c +++ b/src/vnet/interface.c @@ -1610,20 +1610,58 @@ vnet_hw_interface_change_mac_address (vnet_main_t * vnm, u32 hw_if_index, (vnm, hw_if_index, mac_address); } +static int +vnet_sw_interface_check_table_same (u32 unnumbered_sw_if_index, + u32 ip_sw_if_index) +{ + vec_validate (ip4_main.fib_index_by_sw_if_index, unnumbered_sw_if_index); + vec_validate (ip4_main.mfib_index_by_sw_if_index, unnumbered_sw_if_index); + vec_validate (ip6_main.fib_index_by_sw_if_index, unnumbered_sw_if_index); + vec_validate (ip6_main.mfib_index_by_sw_if_index, unnumbered_sw_if_index); + + vec_validate (ip4_main.fib_index_by_sw_if_index, ip_sw_if_index); + vec_validate (ip4_main.mfib_index_by_sw_if_index, ip_sw_if_index); + vec_validate (ip6_main.fib_index_by_sw_if_index, ip_sw_if_index); + vec_validate (ip6_main.mfib_index_by_sw_if_index, ip_sw_if_index); + + if (ip4_main.fib_index_by_sw_if_index[unnumbered_sw_if_index] != + ip4_main.fib_index_by_sw_if_index[ip_sw_if_index]) + return VNET_API_ERROR_UNEXPECTED_INTF_STATE; + + if (ip4_main.mfib_index_by_sw_if_index[unnumbered_sw_if_index] != + ip4_main.mfib_index_by_sw_if_index[ip_sw_if_index]) + return VNET_API_ERROR_UNEXPECTED_INTF_STATE; + + if (ip6_main.fib_index_by_sw_if_index[unnumbered_sw_if_index] != + ip6_main.fib_index_by_sw_if_index[ip_sw_if_index]) + return VNET_API_ERROR_UNEXPECTED_INTF_STATE; + + if (ip6_main.mfib_index_by_sw_if_index[unnumbered_sw_if_index] != + ip6_main.mfib_index_by_sw_if_index[ip_sw_if_index]) + return VNET_API_ERROR_UNEXPECTED_INTF_STATE; + + return 0; +} + /* update the unnumbered state of an interface*/ -void +int vnet_sw_interface_update_unnumbered (u32 unnumbered_sw_if_index, u32 ip_sw_if_index, u8 enable) { vnet_main_t *vnm = vnet_get_main (); vnet_sw_interface_t *si; u32 was_unnum; + int rv = 0; si = vnet_get_sw_interface (vnm, unnumbered_sw_if_index); was_unnum = (si->flags & VNET_SW_INTERFACE_FLAG_UNNUMBERED); if (enable) { + rv = vnet_sw_interface_check_table_same (unnumbered_sw_if_index, + ip_sw_if_index); + if (rv != 0) + return rv; si->flags |= VNET_SW_INTERFACE_FLAG_UNNUMBERED; si->unnumbered_sw_if_index = ip_sw_if_index; @@ -1660,6 +1698,8 @@ vnet_sw_interface_update_unnumbered (u32 unnumbered_sw_if_index, ip4_sw_interface_enable_disable (unnumbered_sw_if_index, enable); ip6_sw_interface_enable_disable (unnumbered_sw_if_index, enable); } + + return 0; } vnet_l3_packet_type_t diff --git a/src/vnet/interface_api.c b/src/vnet/interface_api.c index a1450bd1906..9b606dd6265 100644 --- a/src/vnet/interface_api.c +++ b/src/vnet/interface_api.c @@ -682,8 +682,8 @@ static void vl_api_sw_interface_set_unnumbered_t_handler goto done; } - vnet_sw_interface_update_unnumbered (unnumbered_sw_if_index, - sw_if_index, mp->is_add); + rv = vnet_sw_interface_update_unnumbered (unnumbered_sw_if_index, + sw_if_index, mp->is_add); done: REPLY_MACRO (VL_API_SW_INTERFACE_SET_UNNUMBERED_REPLY); } diff --git a/src/vnet/interface_cli.c b/src/vnet/interface_cli.c index 73b275785b8..68431860183 100644 --- a/src/vnet/interface_cli.c +++ b/src/vnet/interface_cli.c @@ -976,8 +976,23 @@ set_unnumbered (vlib_main_t * vm, return clib_error_return (0, "When enabling unnumbered specify the" " IP enabled interface that it uses"); - vnet_sw_interface_update_unnumbered (unnumbered_sw_if_index, - inherit_from_sw_if_index, enable); + int rv = vnet_sw_interface_update_unnumbered ( + unnumbered_sw_if_index, inherit_from_sw_if_index, enable); + + switch (rv) + { + case 0: + break; + + case VNET_API_ERROR_UNEXPECTED_INTF_STATE: + return clib_error_return ( + 0, + "When enabling unnumbered both interfaces must be in the same tables"); + + default: + return clib_error_return ( + 0, "vnet_sw_interface_update_unnumbered returned %d", rv); + } return (NULL); } diff --git a/src/vnet/interface_funcs.h b/src/vnet/interface_funcs.h index 14168406377..3db5a2d8c11 100644 --- a/src/vnet/interface_funcs.h +++ b/src/vnet/interface_funcs.h @@ -430,8 +430,8 @@ void vnet_sw_interface_set_protocol_mtu (vnet_main_t * vnm, u32 sw_if_index, u32 mtu[]); /* update the unnumbered state of an interface */ -void vnet_sw_interface_update_unnumbered (u32 sw_if_index, - u32 ip_sw_if_index, u8 enable); +int vnet_sw_interface_update_unnumbered (u32 sw_if_index, u32 ip_sw_if_index, + u8 enable); int vnet_sw_interface_stats_collect_enable_disable (u32 sw_if_index, u8 enable); diff --git a/test/test_pipe.py b/test/test_pipe.py index 0e766654d2a..937a28ef826 100644 --- a/test/test_pipe.py +++ b/test/test_pipe.py @@ -53,11 +53,13 @@ class VppPipe(VppInterface): return True return False - def set_unnumbered(self, ip_sw_if_index, is_add=True): - res = self._test.vapi.sw_interface_set_unnumbered(ip_sw_if_index, - self.east, is_add) - res = self._test.vapi.sw_interface_set_unnumbered(ip_sw_if_index, - self.west, is_add) + def set_unnumbered(self, ip_sw_if_index, is_east, is_add=True): + if is_east: + res = self._test.vapi.sw_interface_set_unnumbered( + ip_sw_if_index, self.east, is_add) + else: + res = self._test.vapi.sw_interface_set_unnumbered( + ip_sw_if_index, self.west, is_add) class TestPipe(VppTestCase): @@ -203,8 +205,8 @@ class TestPipe(VppTestCase): self.send_and_assert_no_replies(self.pg2, p_east * NUM_PKTS) # IP enable the Pipes by making them unnumbered - pipes[0].set_unnumbered(self.pg2.sw_if_index) - pipes[1].set_unnumbered(self.pg3.sw_if_index) + pipes[1].set_unnumbered(self.pg2.sw_if_index, True) + pipes[1].set_unnumbered(self.pg3.sw_if_index, False) self.send_and_expect(self.pg2, p_east * NUM_PKTS, self.pg3) |