From 9a69a6095f67b8979a02f128f44e449889454273 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Sun, 26 Mar 2017 10:56:33 -0700 Subject: Sub-net broadcast addresses for IPv4 Change-Id: Ib2189d01e8bc61de57404159690fb70f89c47277 Signed-off-by: Neale Ranns --- src/vnet/classify/vnet_classify.c | 2 +- src/vnet/fib/fib_entry_src_interface.c | 21 ++++++++++ src/vnet/ip/ip4_forward.c | 73 ++++++++++++++++++++++++++++++++-- 3 files changed, 92 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/vnet/classify/vnet_classify.c b/src/vnet/classify/vnet_classify.c index b651a1f1..98842a48 100644 --- a/src/vnet/classify/vnet_classify.c +++ b/src/vnet/classify/vnet_classify.c @@ -1499,7 +1499,7 @@ static u8 * format_vnet_classify_table (u8 * s, va_list * args) s = format (s, "%10u%10d%10d%10d", index, t->active_elements, t->next_table_index, t->miss_next_index); - s = format (s, "\n Heap: %U", format_mheap, t->mheap, 0 /*verbose*/); + s = format (s, "\n Heap: %U", format_mheap, t->mheap, 0 /*verbose*/); s = format (s, "\n nbuckets %d, skip %d match %d flag %d offset %d", t->nbuckets, t->skip_n_vectors, t->match_n_vectors, diff --git a/src/vnet/fib/fib_entry_src_interface.c b/src/vnet/fib/fib_entry_src_interface.c index ca04716e..bb87818f 100644 --- a/src/vnet/fib/fib_entry_src_interface.c +++ b/src/vnet/fib/fib_entry_src_interface.c @@ -31,6 +31,25 @@ fib_entry_src_interface_init (fib_entry_src_t *src) src->interface.fesi_sibling = FIB_NODE_INDEX_INVALID; } +static void +fib_entry_src_interface_add (fib_entry_src_t *src, + const fib_entry_t *entry, + fib_entry_flag_t flags, + fib_protocol_t proto, + const dpo_id_t *dpo) +{ + src->fes_pl = fib_path_list_create_special( + proto, + fib_entry_src_flags_2_path_list_flags(flags), + dpo); +} + +static void +fib_entry_src_interface_remove (fib_entry_src_t *src) +{ + src->fes_pl = FIB_NODE_INDEX_INVALID; +} + static void fib_entry_src_interface_path_swap (fib_entry_src_t *src, const fib_entry_t *entry, @@ -176,6 +195,8 @@ fib_entry_src_interface_format (fib_entry_src_t *src, const static fib_entry_src_vft_t interface_src_vft = { .fesv_init = fib_entry_src_interface_init, + .fesv_add = fib_entry_src_interface_add, + .fesv_remove = fib_entry_src_interface_remove, .fesv_path_swap = fib_entry_src_interface_path_swap, .fesv_activate = fib_entry_src_interface_activate, .fesv_deactivate = fib_entry_src_interface_deactivate, diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c index f2bc2a71..bbba4b70 100644 --- a/src/vnet/ip/ip4_forward.c +++ b/src/vnet/ip/ip4_forward.c @@ -745,8 +745,9 @@ ip4_add_interface_routes (u32 sw_if_index, a->neighbor_probe_adj_index = ~0; - if (pfx.fp_len < 32) + if (pfx.fp_len <= 30) { + /* a /30 or shorter - add a glean for the network address */ fib_node_index_t fei; fei = fib_table_entry_update_one_path (fib_index, &pfx, @@ -764,8 +765,50 @@ ip4_add_interface_routes (u32 sw_if_index, NULL, FIB_ROUTE_PATH_FLAG_NONE); a->neighbor_probe_adj_index = fib_entry_get_adj (fei); - } + /* Add the two broadcast addresses as drop */ + fib_prefix_t net_pfx = { + .fp_len = 32, + .fp_proto = FIB_PROTOCOL_IP4, + .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[pfx.fp_len], + }; + if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32) + fib_table_entry_special_add(fib_index, + &net_pfx, + FIB_SOURCE_INTERFACE, + (FIB_ENTRY_FLAG_DROP | + FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT), + ADJ_INDEX_INVALID); + net_pfx.fp_addr.ip4.as_u32 |= ~im->fib_masks[pfx.fp_len]; + if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32) + fib_table_entry_special_add(fib_index, + &net_pfx, + FIB_SOURCE_INTERFACE, + (FIB_ENTRY_FLAG_DROP | + FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT), + ADJ_INDEX_INVALID); + } + else if (pfx.fp_len == 31) + { + u32 mask = clib_host_to_net_u32(1); + fib_prefix_t net_pfx = pfx; + + net_pfx.fp_len = 32; + net_pfx.fp_addr.ip4.as_u32 ^= mask; + + /* a /31 - add the other end as an attached host */ + fib_table_entry_update_one_path (fib_index, &net_pfx, + FIB_SOURCE_INTERFACE, + (FIB_ENTRY_FLAG_ATTACHED), + FIB_PROTOCOL_IP4, + &net_pfx.fp_addr, + sw_if_index, + // invalid FIB index + ~0, + 1, + NULL, + FIB_ROUTE_PATH_FLAG_NONE); + } pfx.fp_len = 32; if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index)) @@ -813,10 +856,34 @@ ip4_del_interface_routes (ip4_main_t * im, .fp_addr.ip4 = *address, }; - if (pfx.fp_len < 32) + if (pfx.fp_len <= 30) { + fib_prefix_t net_pfx = { + .fp_len = 32, + .fp_proto = FIB_PROTOCOL_IP4, + .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[pfx.fp_len], + }; + if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32) + fib_table_entry_special_remove(fib_index, + &net_pfx, + FIB_SOURCE_INTERFACE); + net_pfx.fp_addr.ip4.as_u32 |= ~im->fib_masks[pfx.fp_len]; + if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32) + fib_table_entry_special_remove(fib_index, + &net_pfx, + FIB_SOURCE_INTERFACE); fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE); } + else if (pfx.fp_len == 31) + { + u32 mask = clib_host_to_net_u32(1); + fib_prefix_t net_pfx = pfx; + + net_pfx.fp_len = 32; + net_pfx.fp_addr.ip4.as_u32 ^= mask; + + fib_table_entry_delete (fib_index, &net_pfx, FIB_SOURCE_INTERFACE); + } pfx.fp_len = 32; fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE); -- cgit 1.2.3-korg