diff options
author | Chris Luke <chrisy@flirble.org> | 2016-04-26 10:49:53 -0400 |
---|---|---|
committer | Chris Luke <chrisy@flirble.org> | 2016-04-28 15:13:01 -0400 |
commit | 99cb335ac1209d5bb7ede754f59d7df898ae0e81 (patch) | |
tree | 406b1741f6cbd1750ded32e6f047645080e74313 | |
parent | 1589576c57e4bfb2b81dc5237e0af74130cb908f (diff) |
VXLAN over IPv6.
Refactors the VXLAN node to work with both IPv4 and IPv6 transports.
There is a discussion thread for this change at
https://lists.fd.io/pipermail/vpp-dev/2016-March/000279.html
Note that this changes the binary configuration API to support both
address families; each address uses the same memory for either address
type and a flag to indicate which is in use. This also includes changes
to the Java API to support both address families.
The CLI and VAT syntax remains unchanged; the code detects whether an
IPv4 or an IPv6 address was given.
Configuration examples:
IPv4 CLI: create vxlan tunnel src 192.168.1.1 dst 192.168.1.2
vni 10 encap-vrf-id 0 decap-next l2
IPv6 CLI: create vxlan tunnel src 2620:124:9000::1 dst 2620:124:9000::2
vni 16 encap-vrf-id 0 decap-next l2
IPv4 VAT: vxlan_add_del_tunnel src 192.168.1.1 dst 192.168.1.2
vni 10 encap-vrf-id 0 decap-next l2
IPv6 VAT: vxlan_add_del_tunnel src 2620:124:9000::1 dst 2620:124:9000::2
vni 16 encap-vrf-id 0 decap-next l2
TODO: The encap path is not as optimal as it could be.
Change-Id: I87be8bf0501e0c9cd7e401be4542bb599f1b6e47
Signed-off-by: Chris Luke <chrisy@flirble.org>
-rw-r--r-- | vnet/vnet/api_errno.h | 3 | ||||
-rw-r--r-- | vnet/vnet/ip/udp.h | 1 | ||||
-rw-r--r-- | vnet/vnet/vxlan/decap.c | 241 | ||||
-rw-r--r-- | vnet/vnet/vxlan/encap.c | 282 | ||||
-rw-r--r-- | vnet/vnet/vxlan/vxlan.c | 209 | ||||
-rw-r--r-- | vnet/vnet/vxlan/vxlan.h | 58 | ||||
-rw-r--r-- | vpp-api-test/vat/api_format.c | 79 | ||||
-rw-r--r-- | vpp-api/java/japi/org/openvpp/vppjapi/vppVxlanTunnelDetails.java | 10 | ||||
-rw-r--r-- | vpp-api/java/japi/vppjni.c | 60 | ||||
-rw-r--r-- | vpp-api/java/japi/vppjni.h | 5 | ||||
-rw-r--r-- | vpp/api/api.c | 33 | ||||
-rw-r--r-- | vpp/api/custom_dump.c | 8 | ||||
-rw-r--r-- | vpp/api/vpe.api | 10 |
13 files changed, 793 insertions, 206 deletions
diff --git a/vnet/vnet/api_errno.h b/vnet/vnet/api_errno.h index 77c14a4a4fa..04779f0bf1f 100644 --- a/vnet/vnet/api_errno.h +++ b/vnet/vnet/api_errno.h @@ -71,7 +71,8 @@ _(RESPONSE_NOT_READY, -77, "Response not ready") \ _(NOT_CONNECTED, -78, "Not connected to the data plane") \ _(IF_ALREADY_EXISTS, -79, "Interface already exists") \ _(BOND_SLAVE_NOT_ALLOWED, -80, "Operation not allowed on slave of BondEthernet") \ -_(VALUE_EXIST, -81, "Value already exists") +_(VALUE_EXIST, -81, "Value already exists") \ +_(SAME_SRC_DST, -82, "Source and destination are the same") typedef enum { #define _(a,b,c) VNET_API_ERROR_##a = (b), diff --git a/vnet/vnet/ip/udp.h b/vnet/vnet/ip/udp.h index 26056bd68ef..26576a45614 100644 --- a/vnet/vnet/ip/udp.h +++ b/vnet/vnet/ip/udp.h @@ -41,6 +41,7 @@ _ (4341, lisp_gpe) \ _ (4342, lisp_cp) \ _ (4739, ipfix) \ _ (4789, vxlan) \ +_ (4789, vxlan6) \ _ (4790, vxlan_gpe) \ _ (6633, vpath_3) diff --git a/vnet/vnet/vxlan/decap.c b/vnet/vnet/vxlan/decap.c index 7789bed9310..bd61f4bb256 100644 --- a/vnet/vnet/vxlan/decap.c +++ b/vnet/vnet/vxlan/decap.c @@ -47,22 +47,24 @@ static u8 * format_vxlan_rx_trace (u8 * s, va_list * args) return s; } -static uword +always_inline uword vxlan_input (vlib_main_t * vm, vlib_node_runtime_t * node, - vlib_frame_t * from_frame) + vlib_frame_t * from_frame, + char is_ip4) { u32 n_left_from, next_index, * from, * to_next; vxlan_main_t * vxm = &vxlan_main; vnet_main_t * vnm = vxm->vnet_main; vnet_interface_main_t * im = &vnm->interface_main; u32 last_tunnel_index = ~0; - vxlan_tunnel_key_t last_key; + vxlan4_tunnel_key_t last_key4; + vxlan6_tunnel_key_t last_key6; u32 pkts_decapsulated = 0; u32 cpu_index = os_get_cpu_number(); u32 stats_sw_if_index, stats_n_packets, stats_n_bytes; - last_key.as_u64 = ~0; + last_key4.as_u64 = ~0; from = vlib_frame_vector_args (from_frame); n_left_from = from_frame->n_vectors; @@ -82,12 +84,14 @@ vxlan_input (vlib_main_t * vm, u32 bi0, bi1; vlib_buffer_t * b0, * b1; u32 next0, next1; - ip4_header_t * ip0, * ip1; + ip4_header_t * ip4_0, * ip4_1; + ip6_header_t * ip6_0, * ip6_1; vxlan_header_t * vxlan0, * vxlan1; uword * p0, * p1; u32 tunnel_index0, tunnel_index1; vxlan_tunnel_t * t0, * t1; - vxlan_tunnel_key_t key0, key1; + vxlan4_tunnel_key_t key4_0, key4_1; + vxlan6_tunnel_key_t key6_0, key6_1; u32 error0, error1; u32 sw_if_index0, sw_if_index1, len0, len1; @@ -121,18 +125,34 @@ vxlan_input (vlib_main_t * vm, vxlan0 = vlib_buffer_get_current (b0); vxlan1 = vlib_buffer_get_current (b1); + if (is_ip4) { vlib_buffer_advance (b0, -(word)(sizeof(udp_header_t)+sizeof(ip4_header_t))); vlib_buffer_advance (b1, -(word)(sizeof(udp_header_t)+sizeof(ip4_header_t))); - ip0 = vlib_buffer_get_current (b0); - ip1 = vlib_buffer_get_current (b1); + ip4_0 = vlib_buffer_get_current (b0); + ip4_1 = vlib_buffer_get_current (b1); + } else { + vlib_buffer_advance + (b0, -(word)(sizeof(udp_header_t)+sizeof(ip6_header_t))); + vlib_buffer_advance + (b1, -(word)(sizeof(udp_header_t)+sizeof(ip6_header_t))); + ip6_0 = vlib_buffer_get_current (b0); + ip6_1 = vlib_buffer_get_current (b1); + } /* pop (ip, udp, vxlan) */ + if (is_ip4) { + vlib_buffer_advance + (b0, sizeof(*ip4_0)+sizeof(udp_header_t)+sizeof(*vxlan0)); vlib_buffer_advance - (b0, sizeof(*ip0)+sizeof(udp_header_t)+sizeof(*vxlan0)); + (b1, sizeof(*ip4_1)+sizeof(udp_header_t)+sizeof(*vxlan1)); + } else { vlib_buffer_advance - (b1, sizeof(*ip1)+sizeof(udp_header_t)+sizeof(*vxlan1)); + (b0, sizeof(*ip6_0)+sizeof(udp_header_t)+sizeof(*vxlan0)); + vlib_buffer_advance + (b1, sizeof(*ip6_1)+sizeof(udp_header_t)+sizeof(*vxlan1)); + } tunnel_index0 = ~0; error0 = 0; @@ -140,12 +160,34 @@ vxlan_input (vlib_main_t * vm, tunnel_index1 = ~0; error1 = 0; - key0.src = ip0->src_address.as_u32; - key0.vni = vxlan0->vni_reserved; - - if (PREDICT_FALSE (key0.as_u64 != last_key.as_u64)) + if (is_ip4) { + key4_0.src = ip4_0->src_address.as_u32; + key4_0.vni = vxlan0->vni_reserved; + + if (PREDICT_FALSE (key4_0.as_u64 != last_key4.as_u64)) + { + p0 = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64); + + if (p0 == 0) + { + error0 = VXLAN_ERROR_NO_SUCH_TUNNEL; + next0 = VXLAN_INPUT_NEXT_DROP; + goto trace0; + } + + last_key4.as_u64 = key4_0.as_u64; + tunnel_index0 = last_tunnel_index = p0[0]; + } + else + tunnel_index0 = last_tunnel_index; + } else /* !is_ip4 */ { + key6_0.src.as_u64[0] = ip6_0->src_address.as_u64[0]; + key6_0.src.as_u64[1] = ip6_0->src_address.as_u64[1]; + key6_0.vni = vxlan0->vni_reserved; + + if (PREDICT_FALSE (memcmp(&key6_0, &last_key6, sizeof(last_key6)) != 0)) { - p0 = hash_get (vxm->vxlan_tunnel_by_key, key0.as_u64); + p0 = hash_get (vxm->vxlan6_tunnel_by_key, pointer_to_uword(&key6_0)); if (p0 == 0) { @@ -154,27 +196,29 @@ vxlan_input (vlib_main_t * vm, goto trace0; } - last_key.as_u64 = key0.as_u64; + last_key6 = key6_0; tunnel_index0 = last_tunnel_index = p0[0]; } else tunnel_index0 = last_tunnel_index; + } t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0); next0 = t0->decap_next_index; - sw_if_index0 = t0->sw_if_index; - len0 = vlib_buffer_length_in_chain (vm, b0); + sw_if_index0 = t0->sw_if_index; + len0 = vlib_buffer_length_in_chain (vm, b0); /* Required to make the l2 tag push / pop code work on l2 subifs */ - vnet_update_l2_len (b0); + if (PREDICT_TRUE(next0 == VXLAN_INPUT_NEXT_L2_INPUT)) + vnet_update_l2_len (b0); /* Set input sw_if_index to VXLAN tunnel for learning */ vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0; pkts_decapsulated ++; - stats_n_packets += 1; - stats_n_bytes += len0; + stats_n_packets += 1; + stats_n_bytes += len0; /* Batch stats increment on the same vxlan tunnel so counter is not incremented per packet */ @@ -205,12 +249,35 @@ vxlan_input (vlib_main_t * vm, tr->vni = vnet_get_vni (vxlan0); } - key1.src = ip1->src_address.as_u32; - key1.vni = vxlan1->vni_reserved; - if (PREDICT_FALSE (key1.as_u64 != last_key.as_u64)) + if (is_ip4) { + key4_1.src = ip4_1->src_address.as_u32; + key4_1.vni = vxlan1->vni_reserved; + + if (PREDICT_FALSE (key4_1.as_u64 != last_key4.as_u64)) + { + p1 = hash_get (vxm->vxlan4_tunnel_by_key, key4_1.as_u64); + + if (p1 == 0) + { + error1 = VXLAN_ERROR_NO_SUCH_TUNNEL; + next1 = VXLAN_INPUT_NEXT_DROP; + goto trace1; + } + + last_key4.as_u64 = key4_1.as_u64; + tunnel_index1 = last_tunnel_index = p1[0]; + } + else + tunnel_index1 = last_tunnel_index; + } else /* !is_ip4 */ { + key6_1.src.as_u64[0] = ip6_1->src_address.as_u64[0]; + key6_1.src.as_u64[1] = ip6_1->src_address.as_u64[1]; + key6_1.vni = vxlan1->vni_reserved; + + if (PREDICT_FALSE (memcmp(&key6_1, &last_key6, sizeof(last_key6)) != 0)) { - p1 = hash_get (vxm->vxlan_tunnel_by_key, key1.as_u64); + p1 = hash_get (vxm->vxlan6_tunnel_by_key, pointer_to_uword(&key6_1)); if (p1 == 0) { @@ -219,27 +286,29 @@ vxlan_input (vlib_main_t * vm, goto trace1; } - last_key.as_u64 = key1.as_u64; + last_key6 = key6_1; tunnel_index1 = last_tunnel_index = p1[0]; } else tunnel_index1 = last_tunnel_index; + } t1 = pool_elt_at_index (vxm->tunnels, tunnel_index1); next1 = t1->decap_next_index; - sw_if_index1 = t1->sw_if_index; - len1 = vlib_buffer_length_in_chain (vm, b1); + sw_if_index1 = t1->sw_if_index; + len1 = vlib_buffer_length_in_chain (vm, b1); /* Required to make the l2 tag push / pop code work on l2 subifs */ - vnet_update_l2_len (b1); + if (PREDICT_TRUE(next1 == VXLAN_INPUT_NEXT_L2_INPUT)) + vnet_update_l2_len (b1); /* Set input sw_if_index to VXLAN tunnel for learning */ vnet_buffer(b1)->sw_if_index[VLIB_RX] = sw_if_index1; pkts_decapsulated ++; - stats_n_packets += 1; - stats_n_bytes += len1; + stats_n_packets += 1; + stats_n_bytes += len1; /* Batch stats increment on the same vxlan tunnel so counter is not incremented per packet */ @@ -280,12 +349,14 @@ vxlan_input (vlib_main_t * vm, u32 bi0; vlib_buffer_t * b0; u32 next0; - ip4_header_t * ip0; + ip4_header_t * ip4_0; + ip6_header_t * ip6_0; vxlan_header_t * vxlan0; uword * p0; u32 tunnel_index0; vxlan_tunnel_t * t0; - vxlan_tunnel_key_t key0; + vxlan4_tunnel_key_t key4_0; + vxlan6_tunnel_key_t key6_0; u32 error0; u32 sw_if_index0, len0; @@ -301,23 +372,56 @@ vxlan_input (vlib_main_t * vm, /* udp leaves current_data pointing at the vxlan header */ vxlan0 = vlib_buffer_get_current (b0); + if (is_ip4) { vlib_buffer_advance (b0, -(word)(sizeof(udp_header_t)+sizeof(ip4_header_t))); - ip0 = vlib_buffer_get_current (b0); + ip4_0 = vlib_buffer_get_current (b0); + } else { + vlib_buffer_advance + (b0, -(word)(sizeof(udp_header_t)+sizeof(ip6_header_t))); + ip6_0 = vlib_buffer_get_current (b0); + } /* pop (ip, udp, vxlan) */ + if (is_ip4) { + vlib_buffer_advance + (b0, sizeof(*ip4_0)+sizeof(udp_header_t)+sizeof(*vxlan0)); + } else { vlib_buffer_advance - (b0, sizeof(*ip0)+sizeof(udp_header_t)+sizeof(*vxlan0)); + (b0, sizeof(*ip6_0)+sizeof(udp_header_t)+sizeof(*vxlan0)); + } tunnel_index0 = ~0; error0 = 0; - key0.src = ip0->src_address.as_u32; - key0.vni = vxlan0->vni_reserved; - - if (PREDICT_FALSE (key0.as_u64 != last_key.as_u64)) + if (is_ip4) { + key4_0.src = ip4_0->src_address.as_u32; + key4_0.vni = vxlan0->vni_reserved; + + if (PREDICT_FALSE (key4_0.as_u64 != last_key4.as_u64)) + { + p0 = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64); + + if (p0 == 0) + { + error0 = VXLAN_ERROR_NO_SUCH_TUNNEL; + next0 = VXLAN_INPUT_NEXT_DROP; + goto trace00; + } + + last_key4.as_u64 = key4_0.as_u64; + tunnel_index0 = last_tunnel_index = p0[0]; + } + else + tunnel_index0 = last_tunnel_index; + } else /* !is_ip4 */ { + key6_0.src.as_u64[0] = ip6_0->src_address.as_u64[0]; + key6_0.src.as_u64[1] = ip6_0->src_address.as_u64[1]; + key6_0.vni = vxlan0->vni_reserved; + + if (PREDICT_FALSE (memcmp(&key6_0, &last_key6, sizeof(last_key6)) != 0)) { - p0 = hash_get (vxm->vxlan_tunnel_by_key, key0.as_u64); + p0 = hash_get (vxm->vxlan6_tunnel_by_key, pointer_to_uword(&key6_0)); if (p0 == 0) { @@ -326,27 +430,29 @@ vxlan_input (vlib_main_t * vm, goto trace00; } - last_key.as_u64 = key0.as_u64; + last_key6 = key6_0; tunnel_index0 = last_tunnel_index = p0[0]; } else tunnel_index0 = last_tunnel_index; + } t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0); next0 = t0->decap_next_index; - sw_if_index0 = t0->sw_if_index; - len0 = vlib_buffer_length_in_chain (vm, b0); + sw_if_index0 = t0->sw_if_index; + len0 = vlib_buffer_length_in_chain (vm, b0); /* Required to make the l2 tag push / pop code work on l2 subifs */ - vnet_update_l2_len (b0); + if (PREDICT_TRUE(next0 == VXLAN_INPUT_NEXT_L2_INPUT)) + vnet_update_l2_len (b0); /* Set input sw_if_index to VXLAN tunnel for learning */ vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0; pkts_decapsulated ++; - stats_n_packets += 1; - stats_n_bytes += len0; + stats_n_packets += 1; + stats_n_bytes += len0; /* Batch stats increment on the same vxlan tunnel so counter is not incremented per packet */ @@ -400,6 +506,22 @@ vxlan_input (vlib_main_t * vm, return from_frame->n_vectors; } +static uword +vxlan4_input (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return vxlan_input(vm, node, from_frame, /* is_ip4 */ 1); +} + +static uword +vxlan6_input (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * from_frame) +{ + return vxlan_input(vm, node, from_frame, /* is_ip4 */ 0); +} + static char * vxlan_error_strings[] = { #define vxlan_error(n,s) s, #include <vnet/vxlan/vxlan_error.def> @@ -407,9 +529,30 @@ static char * vxlan_error_strings[] = { #undef _ }; -VLIB_REGISTER_NODE (vxlan_input_node) = { - .function = vxlan_input, - .name = "vxlan-input", +VLIB_REGISTER_NODE (vxlan4_input_node) = { + .function = vxlan4_input, + .name = "vxlan4-input", + /* Takes a vector of packets. */ + .vector_size = sizeof (u32), + + .n_errors = VXLAN_N_ERROR, + .error_strings = vxlan_error_strings, + + .n_next_nodes = VXLAN_INPUT_N_NEXT, + .next_nodes = { +#define _(s,n) [VXLAN_INPUT_NEXT_##s] = n, + foreach_vxlan_input_next +#undef _ + }, + +//temp .format_buffer = format_vxlan_header, + .format_trace = format_vxlan_rx_trace, + // $$$$ .unformat_buffer = unformat_vxlan_header, +}; + +VLIB_REGISTER_NODE (vxlan6_input_node) = { + .function = vxlan6_input, + .name = "vxlan6-input", /* Takes a vector of packets. */ .vector_size = sizeof (u32), diff --git a/vnet/vnet/vxlan/encap.c b/vnet/vnet/vxlan/encap.c index 90854ad097e..ee5c7d5ea67 100644 --- a/vnet/vnet/vxlan/encap.c +++ b/vnet/vnet/vxlan/encap.c @@ -39,6 +39,7 @@ typedef enum { typedef enum { VXLAN_ENCAP_NEXT_IP4_LOOKUP, + VXLAN_ENCAP_NEXT_IP6_LOOKUP, VXLAN_ENCAP_NEXT_DROP, VXLAN_ENCAP_N_NEXT, } vxlan_encap_next_t; @@ -59,9 +60,13 @@ u8 * format_vxlan_encap_trace (u8 * s, va_list * args) return s; } -#define foreach_fixed_header_offset \ + +#define foreach_fixed_header4_offset \ _(0) _(1) _(2) _(3) +#define foreach_fixed_header6_offset \ + _(0) _(1) _(2) _(3) _(4) _(5) _(6) + static uword vxlan_encap (vlib_main_t * vm, vlib_node_runtime_t * node, @@ -99,7 +104,8 @@ vxlan_encap (vlib_main_t * vm, u32 next1 = VXLAN_ENCAP_NEXT_IP4_LOOKUP; u32 sw_if_index0, sw_if_index1, len0, len1; vnet_hw_interface_t * hi0, * hi1; - ip4_header_t * ip0, * ip1; + ip4_header_t * ip4_0, * ip4_1; + ip6_header_t * ip6_0, * ip6_1; udp_header_t * udp0, * udp1; u64 * copy_src0, * copy_dst0; u64 * copy_src1, * copy_dst1; @@ -108,6 +114,7 @@ vxlan_encap (vlib_main_t * vm, vxlan_tunnel_t * t0, * t1; u16 new_l0, new_l1; ip_csum_t sum0, sum1; + u8 is_ip4_0, is_ip4_1; /* Prefetch next iteration. */ { @@ -147,14 +154,22 @@ vxlan_encap (vlib_main_t * vm, t0 = &vxm->tunnels[hi0->dev_instance]; t1 = &vxm->tunnels[hi1->dev_instance]; + is_ip4_0 = (t0->flags & VXLAN_TUNNEL_IS_IPV4); + is_ip4_1 = (t1->flags & VXLAN_TUNNEL_IS_IPV4); + + if (PREDICT_FALSE(!is_ip4_0)) next0 = VXLAN_ENCAP_NEXT_IP6_LOOKUP; + if (PREDICT_FALSE(!is_ip4_1)) next1 = VXLAN_ENCAP_NEXT_IP6_LOOKUP; + /* Check rewrite string and drop packet if tunnel is deleted */ - if (PREDICT_FALSE(t0->rewrite == vxlan_dummy_rewrite)) + if (PREDICT_FALSE(t0->rewrite == vxlan4_dummy_rewrite || + t0->rewrite == vxlan6_dummy_rewrite)) { next0 = VXLAN_ENCAP_NEXT_DROP; b0->error = node->errors[VXLAN_ENCAP_ERROR_DEL_TUNNEL]; pkts_encapsulated --; } /* Still go through normal encap with dummy rewrite */ - if (PREDICT_FALSE(t1->rewrite == vxlan_dummy_rewrite)) + if (PREDICT_FALSE(t1->rewrite == vxlan4_dummy_rewrite || + t1->rewrite == vxlan6_dummy_rewrite)) { next1 = VXLAN_ENCAP_NEXT_DROP; b1->error = node->errors[VXLAN_ENCAP_ERROR_DEL_TUNNEL]; @@ -162,66 +177,117 @@ vxlan_encap (vlib_main_t * vm, } /* Still go through normal encap with dummy rewrite */ /* IP4 VXLAN header sizeof(ip4_vxlan_header_t) should be 36 octects */ - ASSERT(vec_len(t0->rewrite) == 36); - ASSERT(vec_len(t1->rewrite) == 36); + /* IP6 VXLAN header sizeof(ip6_vxlan_header_t) should be 56 octects */ + if (PREDICT_TRUE(is_ip4_0)) + ASSERT(vec_len(t0->rewrite) == 36); + else + ASSERT(vec_len(t0->rewrite) == 56); + if (PREDICT_TRUE(is_ip4_1)) + ASSERT(vec_len(t1->rewrite) == 36); + else + ASSERT(vec_len(t1->rewrite) == 56); /* Apply the rewrite string. $$$$ vnet_rewrite? */ vlib_buffer_advance (b0, -(word)_vec_len(t0->rewrite)); vlib_buffer_advance (b1, -(word)_vec_len(t1->rewrite)); - ip0 = vlib_buffer_get_current(b0); - ip1 = vlib_buffer_get_current(b1); - /* Copy the fixed header */ - copy_dst0 = (u64 *) ip0; + /* assign both v4 and v6; avoid a branch, optimizer will help us */ + ip4_0 = vlib_buffer_get_current(b0); + ip6_0 = (void *)ip4_0; + ip4_1 = vlib_buffer_get_current(b1); + ip6_1 = (void *)ip4_1; + + /* Copy the fixed header (v4 and v6 variables point to the same + * place at this point) + */ + copy_dst0 = (u64 *) ip4_0; copy_src0 = (u64 *) t0->rewrite; - copy_dst1 = (u64 *) ip1; + + copy_dst1 = (u64 *) ip4_1; copy_src1 = (u64 *) t1->rewrite; - /* Copy first 32 octets 8-bytes at a time */ + /* Copy first 32 (ip4)/56 (ip6) octets 8-bytes at a time */ #define _(offs) copy_dst0[offs] = copy_src0[offs]; - foreach_fixed_header_offset; + if (PREDICT_TRUE(is_ip4_0)) { + foreach_fixed_header4_offset; + } else { + foreach_fixed_header6_offset; + } #undef _ #define _(offs) copy_dst1[offs] = copy_src1[offs]; - foreach_fixed_header_offset; + if (PREDICT_TRUE(is_ip4_1)) { + foreach_fixed_header4_offset; + } else { + foreach_fixed_header6_offset; + } #undef _ - /* Last 4 octets. Hopefully gcc will be our friend */ - copy_dst_last0 = (u32 *)(©_dst0[4]); - copy_src_last0 = (u32 *)(©_src0[4]); - copy_dst_last1 = (u32 *)(©_dst1[4]); - copy_src_last1 = (u32 *)(©_src1[4]); - - copy_dst_last0[0] = copy_src_last0[0]; - copy_dst_last1[0] = copy_src_last1[0]; - - /* fix the <bleep>ing outer-IP checksum */ - sum0 = ip0->checksum; - /* old_l0 always 0, see the rewrite setup */ - new_l0 = - clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)); - - sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t, - length /* changed member */); - ip0->checksum = ip_csum_fold (sum0); - ip0->length = new_l0; - - sum1 = ip1->checksum; - /* old_l1 always 0, see the rewrite setup */ - new_l1 = - clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1)); - - sum1 = ip_csum_update (sum1, old_l1, new_l1, ip4_header_t, - length /* changed member */); - ip1->checksum = ip_csum_fold (sum1); - ip1->length = new_l1; + if (PREDICT_TRUE(is_ip4_0)) { + copy_dst_last0 = (u32 *)(©_dst0[4]); + copy_src_last0 = (u32 *)(©_src0[4]); + copy_dst_last0[0] = copy_src_last0[0]; + } + if (PREDICT_TRUE(is_ip4_1)) { + copy_dst_last1 = (u32 *)(©_dst1[4]); + copy_src_last1 = (u32 *)(©_src1[4]); + copy_dst_last1[0] = copy_src_last1[0]; + } + + if (PREDICT_TRUE(is_ip4_0)) { + /* fix the <bleep>ing outer-IP checksum */ + sum0 = ip4_0->checksum; + + /* old_l0 always 0, see the rewrite setup */ + new_l0 = + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)); + sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t, + length /* changed member */); + ip4_0->checksum = ip_csum_fold (sum0); + ip4_0->length = new_l0; + } else { + new_l0 = + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) + - sizeof(*ip6_0)); + ip6_0->payload_length = new_l0; + } + + if (PREDICT_TRUE(is_ip4_1)) { + /* fix the <bleep>ing outer-IP checksum */ + sum1 = ip4_1->checksum; + + /* old_l1 always 0, see the rewrite setup */ + new_l1 = + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1)); + sum1 = ip_csum_update (sum1, old_l1, new_l1, ip4_header_t, + length /* changed member */); + ip4_1->checksum = ip_csum_fold (sum1); + ip4_1->length = new_l1; + } else { + new_l1 = + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1) + - sizeof(*ip6_1)); + ip6_1->payload_length = new_l1; + } /* Fix UDP length */ - udp0 = (udp_header_t *)(ip0+1); - new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) - - sizeof (*ip0)); - udp1 = (udp_header_t *)(ip1+1); - new_l1 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1) - - sizeof (*ip1)); + if (PREDICT_TRUE(is_ip4_0)) { + udp0 = (udp_header_t *)(ip4_0+1); + new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) + - sizeof (*ip4_0)); + } else { + udp0 = (udp_header_t *)(ip6_0+1); + new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) + - sizeof (*ip6_0)); + } + if (PREDICT_TRUE(is_ip4_1)) { + udp1 = (udp_header_t *)(ip4_1+1); + new_l1 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1) + - sizeof (*ip4_1)); + } else { + udp1 = (udp_header_t *)(ip6_1+1); + new_l1 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1) + - sizeof (*ip6_1)); + } udp0->length = new_l0; udp0->src_port = flow_hash0; @@ -229,6 +295,26 @@ vxlan_encap (vlib_main_t * vm, udp1->length = new_l1; udp1->src_port = flow_hash1; + if (PREDICT_FALSE(!is_ip4_0)) { + int bogus = 0; + /* IPv6 UDP checksum is mandatory */ + udp0->checksum = ip6_tcp_udp_icmp_compute_checksum(vm, b0, + ip6_0, &bogus); + ASSERT(bogus == 0); + if (udp0->checksum == 0) + udp0->checksum = 0xffff; + } + + if (PREDICT_FALSE(!is_ip4_1)) { + int bogus = 0; + /* IPv6 UDP checksum is mandatory */ + udp1->checksum = ip6_tcp_udp_icmp_compute_checksum(vm, b1, + ip6_1, &bogus); + ASSERT(bogus == 0); + if (udp1->checksum == 0) + udp1->checksum = 0xffff; + } + /* Reset to look up tunnel partner in the configured FIB */ vnet_buffer(b0)->sw_if_index[VLIB_TX] = t0->encap_fib_index; vnet_buffer(b1)->sw_if_index[VLIB_TX] = t1->encap_fib_index; @@ -301,13 +387,15 @@ vxlan_encap (vlib_main_t * vm, u32 next0 = VXLAN_ENCAP_NEXT_IP4_LOOKUP; u32 sw_if_index0, len0; vnet_hw_interface_t * hi0; - ip4_header_t * ip0; + ip4_header_t * ip4_0; + ip6_header_t * ip6_0; udp_header_t * udp0; u64 * copy_src0, * copy_dst0; u32 * copy_src_last0, * copy_dst_last0; vxlan_tunnel_t * t0; u16 new_l0; ip_csum_t sum0; + u8 is_ip4_0; bi0 = from[0]; to_next[0] = bi0; @@ -326,54 +414,101 @@ vxlan_encap (vlib_main_t * vm, t0 = &vxm->tunnels[hi0->dev_instance]; + is_ip4_0 = (t0->flags & VXLAN_TUNNEL_IS_IPV4); + + if (PREDICT_FALSE(!is_ip4_0)) next0 = VXLAN_ENCAP_NEXT_IP6_LOOKUP; + /* Check rewrite string and drop packet if tunnel is deleted */ - if (PREDICT_FALSE(t0->rewrite == vxlan_dummy_rewrite)) + if (PREDICT_FALSE(t0->rewrite == vxlan4_dummy_rewrite || + t0->rewrite == vxlan6_dummy_rewrite)) { next0 = VXLAN_ENCAP_NEXT_DROP; b0->error = node->errors[VXLAN_ENCAP_ERROR_DEL_TUNNEL]; pkts_encapsulated --; } /* Still go through normal encap with dummy rewrite */ - /* IP4 VXLAN header sizeof(ip4_vxlan_header_t) should be 36 octects */ - ASSERT(vec_len(t0->rewrite) == 36); + + /* IP4 VXLAN header sizeof(ip4_vxlan_header_t) should be 36 octets */ + /* IP6 VXLAN header sizeof(ip4_vxlan_header_t) should be 56 octets */ + if (PREDICT_TRUE(is_ip4_0)) + ASSERT(vec_len(t0->rewrite) == 36); + else + ASSERT(vec_len(t0->rewrite) == 56); /* Apply the rewrite string. $$$$ vnet_rewrite? */ vlib_buffer_advance (b0, -(word)_vec_len(t0->rewrite)); - ip0 = vlib_buffer_get_current(b0); - /* Copy the fixed header */ - copy_dst0 = (u64 *) ip0; + /* assign both v4 and v6; avoid a branch, optimizer will help us */ + ip4_0 = vlib_buffer_get_current(b0); + ip6_0 = (void *)ip4_0; + + /* Copy the fixed header (v4 and v6 variables point to the same + * place at this point) + */ + copy_dst0 = (u64 *) ip4_0; copy_src0 = (u64 *) t0->rewrite; /* Copy first 32 octets 8-bytes at a time */ #define _(offs) copy_dst0[offs] = copy_src0[offs]; - foreach_fixed_header_offset; + if (PREDICT_TRUE(is_ip4_0)) { + foreach_fixed_header4_offset; + } else { + foreach_fixed_header6_offset; + } #undef _ - /* Last 4 octets. Hopefully gcc will be our friend */ - copy_dst_last0 = (u32 *)(©_dst0[4]); - copy_src_last0 = (u32 *)(©_src0[4]); + if (PREDICT_TRUE(is_ip4_0)) { + /* Last 4 octets. Hopefully gcc will be our friend */ + copy_dst_last0 = (u32 *)(©_dst0[4]); + copy_src_last0 = (u32 *)(©_src0[4]); - copy_dst_last0[0] = copy_src_last0[0]; + copy_dst_last0[0] = copy_src_last0[0]; + } - /* fix the <bleep>ing outer-IP checksum */ - sum0 = ip0->checksum; - /* old_l0 always 0, see the rewrite setup */ - new_l0 = - clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)); - - sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t, + if (PREDICT_TRUE(is_ip4_0)) { + /* fix the <bleep>ing outer-IP checksum */ + sum0 = ip4_0->checksum; + + /* old_l0 always 0, see the rewrite setup */ + new_l0 = + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)); + sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t, length /* changed member */); - ip0->checksum = ip_csum_fold (sum0); - ip0->length = new_l0; + ip4_0->checksum = ip_csum_fold (sum0); + ip4_0->length = new_l0; + } else { + new_l0 = + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) + - sizeof(*ip6_0)); + ip6_0->payload_length = new_l0; + } /* Fix UDP length */ - udp0 = (udp_header_t *)(ip0+1); - new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) - - sizeof (*ip0)); + if (PREDICT_TRUE(is_ip4_0)) { + udp0 = (udp_header_t *)(ip4_0+1); + new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) + - sizeof (*ip4_0)); + } else { + udp0 = (udp_header_t *)(ip6_0+1); + new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) + - sizeof (*ip6_0)); + } udp0->length = new_l0; udp0->src_port = flow_hash0; + if (PREDICT_FALSE(!is_ip4_0)) { + int bogus = 0; + /* IPv6 UDP checksum is mandatory */ + udp0->checksum = ip6_tcp_udp_icmp_compute_checksum(vm, b0, + ip6_0, &bogus); + ASSERT(bogus == 0); + if (udp0->checksum == 0) + udp0->checksum = 0xffff; + } + + + /* vnet_update_l2_len (b0); do we need this? cluke */ + /* Reset to look up tunnel partner in the configured FIB */ vnet_buffer(b0)->sw_if_index[VLIB_TX] = t0->encap_fib_index; vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0; @@ -447,6 +582,7 @@ VLIB_REGISTER_NODE (vxlan_encap_node) = { .next_nodes = { [VXLAN_ENCAP_NEXT_IP4_LOOKUP] = "ip4-lookup", + [VXLAN_ENCAP_NEXT_IP6_LOOKUP] = "ip6-lookup", [VXLAN_ENCAP_NEXT_DROP] = "error-drop", }, }; diff --git a/vnet/vnet/vxlan/vxlan.c b/vnet/vnet/vxlan/vxlan.c index 6e3842887a7..89e56e7844f 100644 --- a/vnet/vnet/vxlan/vxlan.c +++ b/vnet/vnet/vxlan/vxlan.c @@ -13,6 +13,7 @@ * limitations under the License. */ #include <vnet/vxlan/vxlan.h> +#include <vnet/ip/format.h> vxlan_main_t vxlan_main; @@ -44,8 +45,8 @@ u8 * format_vxlan_tunnel (u8 * s, va_list * args) s = format (s, "[%d] %U (src) %U (dst) vni %d encap_fib_index %d", t - ngm->tunnels, - format_ip4_address, &t->src, - format_ip4_address, &t->dst, + format_ip46_address, &t->src, + format_ip46_address, &t->dst, t->vni, t->encap_fib_index); s = format (s, " decap_next %U\n", format_decap_next, t->decap_next_index); @@ -109,13 +110,23 @@ VNET_HW_INTERFACE_CLASS (vxlan_hw_class) = { }; #define foreach_copy_field \ -_(src.as_u32) \ -_(dst.as_u32) \ _(vni) \ _(encap_fib_index) \ _(decap_next_index) -static int vxlan_rewrite (vxlan_tunnel_t * t) +#define foreach_copy_ipv4 { \ + _(src.ip4.as_u32) \ + _(dst.ip4.as_u32) \ +} + +#define foreach_copy_ipv6 { \ + _(src.ip6.as_u64[0]) \ + _(src.ip6.as_u64[1]) \ + _(dst.ip6.as_u64[0]) \ + _(dst.ip6.as_u64[1]) \ +} + +static int vxlan4_rewrite (vxlan_tunnel_t * t) { u8 *rw = 0; ip4_header_t * ip0; @@ -133,8 +144,8 @@ static int vxlan_rewrite (vxlan_tunnel_t * t) ip0->protocol = IP_PROTOCOL_UDP; /* we fix up the ip4 header length and checksum after-the-fact */ - ip0->src_address.as_u32 = t->src.as_u32; - ip0->dst_address.as_u32 = t->dst.as_u32; + ip0->src_address.as_u32 = t->src.ip4.as_u32; + ip0->dst_address.as_u32 = t->dst.ip4.as_u32; ip0->checksum = ip4_header_checksum (ip0); /* UDP header, randomize src port on something, maybe? */ @@ -148,6 +159,39 @@ static int vxlan_rewrite (vxlan_tunnel_t * t) return (0); } +static int vxlan6_rewrite (vxlan_tunnel_t * t) +{ + u8 *rw = 0; + ip6_header_t * ip0; + ip6_vxlan_header_t * h0; + int len = sizeof (*h0); + + vec_validate_aligned (rw, len-1, CLIB_CACHE_LINE_BYTES); + + h0 = (ip6_vxlan_header_t *) rw; + + /* Fixed portion of the (outer) ip6 header */ + ip0 = &h0->ip6; + ip0->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32(6 << 28); + ip0->hop_limit = 255; + ip0->protocol = IP_PROTOCOL_UDP; + + ip0->src_address.as_u64[0] = t->src.ip6.as_u64[0]; + ip0->src_address.as_u64[1] = t->src.ip6.as_u64[1]; + ip0->dst_address.as_u64[0] = t->dst.ip6.as_u64[0]; + ip0->dst_address.as_u64[1] = t->dst.ip6.as_u64[1]; + + /* UDP header, randomize src port on something, maybe? */ + h0->udp.src_port = clib_host_to_net_u16 (4789); + h0->udp.dst_port = clib_host_to_net_u16 (UDP_DST_PORT_vxlan); + + /* VXLAN header */ + vnet_set_vni_and_flags(&h0->vxlan, t->vni); + + t->rewrite = rw; + return (0); +} + int vnet_vxlan_add_del_tunnel (vnet_vxlan_add_del_tunnel_args_t *a, u32 * sw_if_indexp) { @@ -155,17 +199,27 @@ int vnet_vxlan_add_del_tunnel vxlan_tunnel_t *t = 0; vnet_main_t * vnm = vxm->vnet_main; ip4_main_t * im4 = &ip4_main; + ip6_main_t * im6 = &ip6_main; vnet_hw_interface_t * hi; uword * p; u32 hw_if_index = ~0; u32 sw_if_index = ~0; int rv; - vxlan_tunnel_key_t key; + vxlan4_tunnel_key_t key4; + vxlan6_tunnel_key_t key6; + + if (!a->is_ip6) { + key4.src = a->dst.ip4.as_u32; /* decap src in key is encap dst in config */ + key4.vni = clib_host_to_net_u32 (a->vni << 8); - key.src = a->dst.as_u32; /* decap src in key is encap dst in config */ - key.vni = clib_host_to_net_u32 (a->vni << 8); + p = hash_get (vxm->vxlan4_tunnel_by_key, key4.as_u64); + } else { + key6.src.as_u64[0] = a->dst.ip6.as_u64[0]; + key6.src.as_u64[1] = a->dst.ip6.as_u64[1]; + key6.vni = clib_host_to_net_u32 (a->vni << 8); - p = hash_get (vxm->vxlan_tunnel_by_key, key.as_u64); + p = hash_get (vxm->vxlan6_tunnel_by_key, pointer_to_uword(&key6)); + } if (a->is_add) { @@ -185,9 +239,22 @@ int vnet_vxlan_add_del_tunnel /* copy from arg structure */ #define _(x) t->x = a->x; foreach_copy_field; + if (!a->is_ip6) foreach_copy_ipv4 + else foreach_copy_ipv6 #undef _ - rv = vxlan_rewrite (t); + if (a->is_ip6) { + /* copy the key */ + t->key6 = key6; + } + + if (!a->is_ip6) t->flags |= VXLAN_TUNNEL_IS_IPV4; + + if (!a->is_ip6) { + rv = vxlan4_rewrite (t); + } else { + rv = vxlan6_rewrite (t); + } if (rv) { @@ -195,7 +262,10 @@ int vnet_vxlan_add_del_tunnel return rv; } - hash_set (vxm->vxlan_tunnel_by_key, key.as_u64, t - vxm->tunnels); + if (!a->is_ip6) + hash_set (vxm->vxlan4_tunnel_by_key, key4.as_u64, t - vxm->tunnels); + else + hash_set (vxm->vxlan6_tunnel_by_key, pointer_to_uword(&t->key6), t - vxm->tunnels); if (vec_len (vxm->free_vxlan_tunnel_hw_if_indices) > 0) { @@ -244,8 +314,13 @@ int vnet_vxlan_add_del_tunnel } vnet_sw_interface_set_flags (vnm, sw_if_index, VNET_SW_INTERFACE_FLAG_ADMIN_UP); + if (!a->is_ip6) { vec_validate (im4->fib_index_by_sw_if_index, sw_if_index); im4->fib_index_by_sw_if_index[sw_if_index] = t->encap_fib_index; + } else { + vec_validate (im6->fib_index_by_sw_if_index, sw_if_index); + im6->fib_index_by_sw_if_index[sw_if_index] = t->encap_fib_index; + } } else { @@ -262,10 +337,17 @@ int vnet_vxlan_add_del_tunnel vxm->tunnel_index_by_sw_if_index[t->sw_if_index] = ~0; - hash_unset (vxm->vxlan_tunnel_by_key, key.as_u64); + if (!a->is_ip6) + hash_unset (vxm->vxlan4_tunnel_by_key, key4.as_u64); + else + hash_unset (vxm->vxlan6_tunnel_by_key, pointer_to_uword(&key6)); vec_free (t->rewrite); - t->rewrite = vxlan_dummy_rewrite; + if (!a->is_ip6) { + t->rewrite = vxlan4_dummy_rewrite; + } else { + t->rewrite = vxlan6_dummy_rewrite; + } pool_put (vxm->tunnels, t); } @@ -275,7 +357,7 @@ int vnet_vxlan_add_del_tunnel return 0; } -static u32 fib_index_from_fib_id (u32 fib_id) +static u32 fib4_index_from_fib_id (u32 fib_id) { ip4_main_t * im = &ip4_main; uword * p; @@ -287,6 +369,18 @@ static u32 fib_index_from_fib_id (u32 fib_id) return p[0]; } +static u32 fib6_index_from_fib_id (u32 fib_id) +{ + ip6_main_t * im = &ip6_main; + uword * p; + + p = hash_get (im->fib_index_by_table_id, fib_id); + if (!p) + return ~0; + + return p[0]; +} + static uword unformat_decap_next (unformat_input_t * input, va_list * args) { u32 * result = va_arg (*args, u32 *); @@ -313,10 +407,12 @@ vxlan_add_del_tunnel_command_fn (vlib_main_t * vm, vlib_cli_command_t * cmd) { unformat_input_t _line_input, * line_input = &_line_input; - ip4_address_t src, dst; + ip46_address_t src, dst; u8 is_add = 1; u8 src_set = 0; u8 dst_set = 0; + u8 ipv4_set = 0; + u8 ipv6_set = 0; u32 encap_fib_index = 0; u32 decap_next_index = ~0; u32 vni = 0; @@ -330,16 +426,39 @@ vxlan_add_del_tunnel_command_fn (vlib_main_t * vm, while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { if (unformat (line_input, "del")) - is_add = 0; + { + is_add = 0; + } + else if (unformat (line_input, "src %U", + unformat_ip4_address, &src.ip4)) + { + src_set = 1; + ipv4_set = 1; + } + else if (unformat (line_input, "dst %U", + unformat_ip4_address, &dst.ip4)) + { + dst_set = 1; + ipv4_set = 1; + } else if (unformat (line_input, "src %U", - unformat_ip4_address, &src)) - src_set = 1; + unformat_ip6_address, &src.ip6)) + { + src_set = 1; + ipv6_set = 1; + } else if (unformat (line_input, "dst %U", - unformat_ip4_address, &dst)) - dst_set = 1; + unformat_ip6_address, &dst.ip6)) + { + dst_set = 1; + ipv6_set = 1; + } else if (unformat (line_input, "encap-vrf-id %d", &tmp)) { - encap_fib_index = fib_index_from_fib_id (tmp); + if (ipv6_set) + encap_fib_index = fib6_index_from_fib_id (tmp); + else + encap_fib_index = fib4_index_from_fib_id (tmp); if (encap_fib_index == ~0) return clib_error_return (0, "nonexistent encap-vrf-id %d", tmp); } @@ -364,15 +483,25 @@ vxlan_add_del_tunnel_command_fn (vlib_main_t * vm, if (dst_set == 0) return clib_error_return (0, "tunnel dst address not specified"); + if (ipv4_set && ipv6_set) + return clib_error_return (0, "both IPv4 and IPv6 addresses specified"); + + if ((ipv4_set && memcmp(&src.ip4, &dst.ip4, sizeof(src.ip4)) == 0) || + (ipv6_set && memcmp(&src.ip6, &dst.ip6, sizeof(src.ip6)) == 0)) + return clib_error_return (0, "src and dst addresses are identical"); + if (vni == 0) return clib_error_return (0, "vni not specified"); memset (a, 0, sizeof (*a)); a->is_add = is_add; + a->is_ip6 = ipv6_set; #define _(x) a->x = x; foreach_copy_field; + if (ipv4_set) foreach_copy_ipv4 + else foreach_copy_ipv6 #undef _ rv = vnet_vxlan_add_del_tunnel (a, 0 /* hw_if_indexp */); @@ -430,27 +559,43 @@ VLIB_CLI_COMMAND (show_vxlan_tunnel_command, static) = { .function = show_vxlan_tunnel_command_fn, }; + clib_error_t *vxlan_init (vlib_main_t *vm) { vxlan_main_t * vxm = &vxlan_main; - ip4_vxlan_header_t * hdr; - ip4_header_t * ip; + ip4_vxlan_header_t * hdr4; + ip4_header_t * ip4; + ip6_vxlan_header_t * hdr6; + ip6_header_t * ip6; vxm->vnet_main = vnet_get_main(); vxm->vlib_main = vm; + /* initialize the ip6 hash */ + vxm->vxlan6_tunnel_by_key = hash_create_mem(0, + sizeof(vxlan6_tunnel_key_t), + sizeof(uword)); + /* init dummy rewrite string for deleted vxlan tunnels */ - _vec_len(vxlan_dummy_rewrite) = sizeof(ip4_vxlan_header_t); - hdr = (ip4_vxlan_header_t *) vxlan_dummy_rewrite; - ip = &hdr->ip4; + _vec_len(vxlan4_dummy_rewrite) = sizeof(ip4_vxlan_header_t); + hdr4 = (ip4_vxlan_header_t *) vxlan4_dummy_rewrite; + ip4 = &hdr4->ip4; /* minimal rewrite setup, see vxlan_rewite() above as reference */ - ip->ip_version_and_header_length = 0x45; - ip->checksum = ip4_header_checksum (ip); + ip4->ip_version_and_header_length = 0x45; + ip4->checksum = ip4_header_checksum (ip4); + + /* Same again for IPv6 */ + _vec_len(vxlan6_dummy_rewrite) = sizeof(ip6_vxlan_header_t); + hdr6 = (ip6_vxlan_header_t *) vxlan6_dummy_rewrite; + ip6 = &hdr6->ip6; + /* minimal rewrite setup, see vxlan_rewite() above as reference */ + ip6->ip_version_traffic_class_and_flow_label = clib_host_to_net_u32(6 << 28); udp_register_dst_port (vm, UDP_DST_PORT_vxlan, - vxlan_input_node.index, 1 /* is_ip4 */); + vxlan4_input_node.index, /* is_ip4 */ 1); + udp_register_dst_port (vm, UDP_DST_PORT_vxlan6, + vxlan6_input_node.index, /* is_ip4 */ 0); return 0; } VLIB_INIT_FUNCTION(vxlan_init); - diff --git a/vnet/vnet/vxlan/vxlan.h b/vnet/vnet/vxlan/vxlan.h index 2454e4c53e8..866d7ffd18f 100644 --- a/vnet/vnet/vxlan/vxlan.h +++ b/vnet/vnet/vxlan/vxlan.h @@ -24,6 +24,7 @@ #include <vnet/ethernet/ethernet.h> #include <vnet/vxlan/vxlan_packet.h> #include <vnet/ip/ip4_packet.h> +#include <vnet/ip/ip6_packet.h> #include <vnet/ip/udp.h> typedef CLIB_PACKED (struct { @@ -32,6 +33,12 @@ typedef CLIB_PACKED (struct { vxlan_header_t vxlan; /* 8 bytes */ }) ip4_vxlan_header_t; +typedef CLIB_PACKED (struct { + ip6_header_t ip6; /* 40 bytes */ + udp_header_t udp; /* 8 bytes */ + vxlan_header_t vxlan; /* 8 bytes */ +}) ip6_vxlan_header_t; + typedef CLIB_PACKED(struct { /* * Key fields: ip src and vxlan vni on incoming VXLAN packet @@ -44,30 +51,50 @@ typedef CLIB_PACKED(struct { }; u64 as_u64; }; -}) vxlan_tunnel_key_t; +}) vxlan4_tunnel_key_t; + +typedef CLIB_PACKED(struct { + /* + * Key fields: ip src and vxlan vni on incoming VXLAN packet + * all fields in NET byte order + */ + ip6_address_t src; + u32 vni; /* shifted left 8 bits */ +}) vxlan6_tunnel_key_t; typedef struct { /* Rewrite string. $$$$ embed vnet_rewrite header */ u8 * rewrite; - /* decap next index */ - u32 decap_next_index; - /* tunnel src and dst addresses */ - ip4_address_t src; - ip4_address_t dst; + ip46_address_t src; + ip46_address_t dst; /* vxlan VNI in HOST byte order */ u32 vni; + /* decap next index */ + u32 decap_next_index; + /* L3 FIB index and L2 BD ID */ u16 encap_fib_index; /* tunnel partner IP lookup here */ /* vnet intfc hw/sw_if_index */ u16 hw_if_index; u32 sw_if_index; + + union { /* storage for the hash key */ + vxlan4_tunnel_key_t key4; + vxlan6_tunnel_key_t key6; + }; + + /* flags */ + u32 flags; } vxlan_tunnel_t; +/* Flags for vxlan_tunnel_t.flags */ +#define VXLAN_TUNNEL_IS_IPV4 1 + #define foreach_vxlan_input_next \ _(DROP, "error-drop") \ _(L2_INPUT, "l2-input") \ @@ -93,14 +120,18 @@ typedef struct { vxlan_tunnel_t *tunnels; /* lookup tunnel by key */ - uword * vxlan_tunnel_by_key; + uword * vxlan4_tunnel_by_key; /* keyed on ipv4.dst + vni */ + uword * vxlan6_tunnel_by_key; /* keyed on ipv6.dst + vni */ /* Free vlib hw_if_indices */ u32 * free_vxlan_tunnel_hw_if_indices; /* Dummy rewrite for deleted vxlan_tunnels with hw_if_indices as above */ - u64 dummy_str [sizeof(ip4_vxlan_header_t)/sizeof(u64) + 2]; -#define vxlan_dummy_rewrite ((u8 *) &vxlan_main.dummy_str[1]) + u64 dummy4_str [sizeof(ip4_vxlan_header_t)/sizeof(u64) + 2]; +#define vxlan4_dummy_rewrite ((u8 *) &vxlan_main.dummy4_str[1]) + + u64 dummy6_str [sizeof(ip6_vxlan_header_t)/sizeof(u64) + 2]; +#define vxlan6_dummy_rewrite ((u8 *) &vxlan_main.dummy6_str[1]) /* Mapping from sw_if_index to tunnel index */ u32 * tunnel_index_by_sw_if_index; @@ -112,14 +143,19 @@ typedef struct { vxlan_main_t vxlan_main; -extern vlib_node_registration_t vxlan_input_node; +extern vlib_node_registration_t vxlan4_input_node; +extern vlib_node_registration_t vxlan6_input_node; extern vlib_node_registration_t vxlan_encap_node; u8 * format_vxlan_encap_trace (u8 * s, va_list * args); typedef struct { u8 is_add; - ip4_address_t src, dst; + + /* we normally use is_ip4, but since this adds to the + * structure, this seems less of abreaking change */ + u8 is_ip6; + ip46_address_t src, dst; u32 encap_fib_index; u32 decap_next_index; u32 vni; diff --git a/vpp-api-test/vat/api_format.c b/vpp-api-test/vat/api_format.c index ed96af71a4c..72eb3392d97 100644 --- a/vpp-api-test/vat/api_format.c +++ b/vpp-api-test/vat/api_format.c @@ -419,6 +419,15 @@ u8 * format_ip6_address (u8 * s, va_list * args) return s; } +/* Format an IP46 address. */ +u8 * format_ip46_address (u8 * s, va_list * args) +{ + ip46_address_t *ip46 = va_arg (*args, ip46_address_t *); + return ip46_address_is_ip4(ip46)? + format(s, "%U", format_ip4_address, &ip46->ip4): + format(s, "%U", format_ip6_address, &ip46->ip6); +} + u8 * format_ethernet_address (u8 * s, va_list * args) { u8 * a = va_arg (*args, u8 *); @@ -7068,8 +7077,10 @@ static int api_vxlan_add_del_tunnel (vat_main_t * vam) unformat_input_t * line_input = vam->input; vl_api_vxlan_add_del_tunnel_t *mp; f64 timeout; - ip4_address_t src, dst; + ip4_address_t src4, dst4; + ip6_address_t src6, dst6; u8 is_add = 1; + u8 ipv4_set = 0, ipv6_set = 0; u8 src_set = 0; u8 dst_set = 0; u32 encap_vrf_id = 0; @@ -7080,11 +7091,29 @@ static int api_vxlan_add_del_tunnel (vat_main_t * vam) if (unformat (line_input, "del")) is_add = 0; else if (unformat (line_input, "src %U", - unformat_ip4_address, &src)) + unformat_ip4_address, &src4)) + { + ipv4_set = 1; src_set = 1; + } else if (unformat (line_input, "dst %U", - unformat_ip4_address, &dst)) + unformat_ip4_address, &dst4)) + { + ipv4_set = 1; + dst_set = 1; + } + else if (unformat (line_input, "src %U", + unformat_ip6_address, &src6)) + { + ipv6_set = 1; + src_set = 1; + } + else if (unformat (line_input, "dst %U", + unformat_ip6_address, &dst6)) + { + ipv6_set = 1; dst_set = 1; + } else if (unformat (line_input, "encap-vrf-id %d", &encap_vrf_id)) ; else if (unformat (line_input, "decap-next %U", @@ -7107,19 +7136,30 @@ static int api_vxlan_add_del_tunnel (vat_main_t * vam) return -99; } + if (ipv4_set && ipv6_set) { + errmsg ("both IPv4 and IPv6 addresses specified"); + return -99; + } + if ((vni == 0) || (vni>>24)) { errmsg ("vni not specified or out of range\n"); return -99; } M (VXLAN_ADD_DEL_TUNNEL, vxlan_add_del_tunnel); - - mp->src_address = src.as_u32; - mp->dst_address = dst.as_u32; + + if (ipv6_set) { + clib_memcpy(&mp->dst_address, &src6, sizeof(src6)); + clib_memcpy(&mp->dst_address, &src6, sizeof(dst6)); + } else { + clib_memcpy(&mp->src_address, &src4, sizeof(src4)); + clib_memcpy(&mp->dst_address, &dst4, sizeof(dst4)); + } mp->encap_vrf_id = ntohl(encap_vrf_id); mp->decap_next_index = ntohl(decap_next_index); mp->vni = ntohl(vni); mp->is_add = is_add; + mp->is_ipv6 = ipv6_set; S; W; /* NOTREACHED */ @@ -7131,10 +7171,10 @@ static void vl_api_vxlan_tunnel_details_t_handler { vat_main_t * vam = &vat_main; - fformat(vam->ofp, "%11d%13U%13U%14d%18d%13d\n", + fformat(vam->ofp, "%11d%24U%24U%14d%18d%13d\n", ntohl(mp->sw_if_index), - format_ip4_address, &mp->src_address, - format_ip4_address, &mp->dst_address, + format_ip46_address, &(mp->src_address[0]), + format_ip46_address, &(mp->dst_address[0]), ntohl(mp->encap_vrf_id), ntohl(mp->decap_next_index), ntohl(mp->vni)); @@ -7146,6 +7186,7 @@ static void vl_api_vxlan_tunnel_details_t_handler_json vat_main_t * vam = &vat_main; vat_json_node_t *node = NULL; struct in_addr ip4; + struct in6_addr ip6; if (VAT_JSON_ARRAY != vam->json_tree.type) { ASSERT(VAT_JSON_NONE == vam->json_tree.type); @@ -7155,13 +7196,21 @@ static void vl_api_vxlan_tunnel_details_t_handler_json vat_json_init_object(node); vat_json_object_add_uint(node, "sw_if_index", ntohl(mp->sw_if_index)); - clib_memcpy(&ip4, &mp->src_address, sizeof(ip4)); - vat_json_object_add_ip4(node, "src_address", ip4); - clib_memcpy(&ip4, &mp->dst_address, sizeof(ip4)); - vat_json_object_add_ip4(node, "dst_address", ip4); + if (mp->is_ipv6) { + clib_memcpy(&ip6, &(mp->src_address[0]), sizeof(ip6)); + vat_json_object_add_ip6(node, "src_address", ip6); + clib_memcpy(&ip6, &(mp->dst_address[0]), sizeof(ip6)); + vat_json_object_add_ip6(node, "dst_address", ip6); + } else { + clib_memcpy(&ip4, &(mp->src_address[0]), sizeof(ip4)); + vat_json_object_add_ip4(node, "src_address", ip4); + clib_memcpy(&ip4, &(mp->dst_address[0]), sizeof(ip4)); + vat_json_object_add_ip4(node, "dst_address", ip4); + } vat_json_object_add_uint(node, "encap_vrf_id", ntohl(mp->encap_vrf_id)); vat_json_object_add_uint(node, "decap_next_index", ntohl(mp->decap_next_index)); vat_json_object_add_uint(node, "vni", ntohl(mp->vni)); + vat_json_object_add_uint(node, "is_ipv6", mp->is_ipv6 ? 1 : 0); } static int api_vxlan_tunnel_dump (vat_main_t * vam) @@ -7185,12 +7234,12 @@ static int api_vxlan_tunnel_dump (vat_main_t * vam) } if (!vam->json_output) { - fformat(vam->ofp, "%11s%13s%13s%14s%18s%13s\n", + fformat(vam->ofp, "%11s%24s%24s%14s%18s%13s\n", "sw_if_index", "src_address", "dst_address", "encap_vrf_id", "decap_next_index", "vni"); } - /* Get list of l2tpv3-tunnel interfaces */ + /* Get list of vxlan-tunnel interfaces */ M(VXLAN_TUNNEL_DUMP, vxlan_tunnel_dump); mp->sw_if_index = htonl(sw_if_index); diff --git a/vpp-api/java/japi/org/openvpp/vppjapi/vppVxlanTunnelDetails.java b/vpp-api/java/japi/org/openvpp/vppjapi/vppVxlanTunnelDetails.java index dd81e98cf27..fe3d0bca067 100644 --- a/vpp-api/java/japi/org/openvpp/vppjapi/vppVxlanTunnelDetails.java +++ b/vpp-api/java/japi/org/openvpp/vppjapi/vppVxlanTunnelDetails.java @@ -16,18 +16,20 @@ package org.openvpp.vppjapi; public final class vppVxlanTunnelDetails { - public final int srcAddress; - public final int dstAddress; + public final byte[] srcAddress; + public final byte[] dstAddress; public final int encapVrfId; public final int vni; public final int decapNextIndex; + public final boolean isIpv6; - public vppVxlanTunnelDetails(int srcAddress, int dstAddress, - int encapVrfId, int vni, int decapNextIndex) { + public vppVxlanTunnelDetails(byte[] srcAddress, byte[] dstAddress, + int encapVrfId, int vni, int decapNextIndex, boolean isIpv6) { this.srcAddress = srcAddress; this.dstAddress = dstAddress; this.encapVrfId = encapVrfId; this.vni = vni; this.decapNextIndex = decapNextIndex; + this.isIpv6 = isIpv6; } } diff --git a/vpp-api/java/japi/vppjni.c b/vpp-api/java/japi/vppjni.c index c3a1078b7b7..5645263aef8 100644 --- a/vpp-api/java/japi/vppjni.c +++ b/vpp-api/java/japi/vppjni.c @@ -1471,14 +1471,24 @@ JNIEXPORT jobjectArray JNICALL Java_org_openvpp_vppjapi_vppConn_vxlanTunnelDump0 for (i = 0; i < count; i++) { vxlan_tunnel_details_t *details = &jm->vxlan_tunnel_details[i]; - jint src_address = details->src_address; - jint dst_address = details->dst_address; + + /* This interface to support both v4 and v6 addresses is nasty */ + jbyteArray src_address = (*env)->NewByteArray(env, 16); + (*env)->SetByteArrayRegion(env, src_address, 0, 16, + (signed char*)details->src_address); + + jbyteArray dst_address = (*env)->NewByteArray(env, 16); + (*env)->SetByteArrayRegion(env, dst_address, 0, 16, + (signed char*)details->dst_address); + jint encap_vrf_id = details->encap_vrf_id; jint vni = details->vni; jint decap_next_index = details->decap_next_index; + jboolean is_ipv6 = details->is_ipv6 ? 1 : 0; jobject vxlanTunnelDetailsObj = vppVxlanTunnelDetailsObject(env, - src_address, dst_address, encap_vrf_id, vni, decap_next_index); + src_address, dst_address, encap_vrf_id, vni, + decap_next_index, is_ipv6); (*env)->SetObjectArrayElement(env, vxlanTunnelDetailsArray, i, vxlanTunnelDetailsObj); @@ -1498,11 +1508,51 @@ static void vl_api_vxlan_tunnel_details_t_handler vxlan_tunnel_details_t *tunnel_details; vec_add2(jm->vxlan_tunnel_details, tunnel_details, 1); - tunnel_details->src_address = ntohl(mp->src_address); - tunnel_details->dst_address = ntohl(mp->dst_address); + if (mp->is_ipv6){ + u64 *s, *d; + + /* this is ugly - why is this in host order at all? -cluke */ + /* Per notes from Ole, Maros and Keith, this should all be + * superceded with a new api builder soon, so this interface will + * be short lived -cluke */ + s = (void *)mp->src_address; + d = (void *)tunnel_details->src_address; +#if CLIB_ARCH_IS_LITTLE_ENDIAN + d[0] = clib_net_to_host_u64(s[1]); + d[1] = clib_net_to_host_u64(s[0]); +#else /* big endian */ + d[0] = s[0]; + d[1] = s[1]; +#endif + + s = (void *)mp->dst_address; + d = (void *)tunnel_details->dst_address; +#if CLIB_ARCH_IS_LITTLE_ENDIAN + d[0] = clib_net_to_host_u64(s[1]); + d[1] = clib_net_to_host_u64(s[0]); +#else /* big endian */ + d[0] = s[0]; + d[1] = s[1]; +#endif + } else { + u32 *s, *d; + + /* the type changed from a u32 to u8[16] - this does + * the same as dst = ntohl(src) with the u32 of a v4 + * address in the first 32 bits */ + + s = (void *)mp->src_address; + d = (void *)tunnel_details->src_address; + d[0] = ntohl(s[0]); + + s = (void *)mp->dst_address; + d = (void *)tunnel_details->dst_address; + d[0] = ntohl(s[0]); + } tunnel_details->encap_vrf_id = ntohl(mp->encap_vrf_id); tunnel_details->vni = ntohl(mp->vni); tunnel_details->decap_next_index = ntohl(mp->decap_next_index); + tunnel_details->is_ipv6 = mp->is_ipv6; } /* cleanup handler for RX thread */ diff --git a/vpp-api/java/japi/vppjni.h b/vpp-api/java/japi/vppjni.h index bd0683ae2c5..bc738367bcf 100644 --- a/vpp-api/java/japi/vppjni.h +++ b/vpp-api/java/japi/vppjni.h @@ -124,11 +124,12 @@ typedef struct { } sw_interface_stats_t; typedef struct { - u32 src_address; - u32 dst_address; + u8 src_address[16]; + u8 dst_address[16]; u32 encap_vrf_id; u32 vni; u32 decap_next_index; + u8 is_ipv6; } vxlan_tunnel_details_t; diff --git a/vpp/api/api.c b/vpp/api/api.c index b7f2a16bcaf..1b6d52be28d 100644 --- a/vpp/api/api.c +++ b/vpp/api/api.c @@ -4196,13 +4196,25 @@ static void vl_api_vxlan_add_del_tunnel_t_handler } encap_fib_index = p[0]; + /* Check src & dst are different */ + if ((a->is_ip6 && memcmp(mp->src_address, mp->dst_address, 16) == 0) || + (!a->is_ip6 && memcmp(mp->src_address, mp->dst_address, 4) == 0)) { + rv = VNET_API_ERROR_SAME_SRC_DST; + goto out; + } memset (a, 0, sizeof (*a)); a->is_add = mp->is_add; + a->is_ip6 = mp->is_ipv6; /* ip addresses sent in network byte order */ - a->src.as_u32 = mp->src_address; - a->dst.as_u32 = mp->dst_address; + if (a->is_ip6) { + memcpy(&(a->src.ip6), mp->src_address, 16); + memcpy(&(a->dst.ip6), mp->dst_address, 16); + } else { + memcpy(&(a->src.ip4), mp->src_address, 4); + memcpy(&(a->dst.ip4), mp->dst_address, 4); + } a->encap_fib_index = encap_fib_index; a->decap_next_index = ntohl(mp->decap_next_index); @@ -4220,17 +4232,26 @@ static void send_vxlan_tunnel_details (vxlan_tunnel_t * t, unix_shared_memory_queue_t * q) { vl_api_vxlan_tunnel_details_t * rmp; - ip4_main_t * im = &ip4_main; + ip4_main_t * im4 = &ip4_main; + ip6_main_t * im6 = &ip6_main; + u8 is_ipv6 = !(t->flags & VXLAN_TUNNEL_IS_IPV4); rmp = vl_msg_api_alloc (sizeof (*rmp)); memset (rmp, 0, sizeof (*rmp)); rmp->_vl_msg_id = ntohs(VL_API_VXLAN_TUNNEL_DETAILS); - rmp->src_address = t->src.data_u32; - rmp->dst_address = t->dst.data_u32; - rmp->encap_vrf_id = htonl(im->fibs[t->encap_fib_index].table_id); + if (is_ipv6) { + memcpy(rmp->src_address, &(t->src.ip6), 16); + memcpy(rmp->dst_address, &(t->dst.ip6), 16); + rmp->encap_vrf_id = htonl(im6->fibs[t->encap_fib_index].table_id); + } else { + memcpy(rmp->src_address, &(t->src.ip4), 4); + memcpy(rmp->dst_address, &(t->dst.ip4), 4); + rmp->encap_vrf_id = htonl(im4->fibs[t->encap_fib_index].table_id); + } rmp->vni = htonl(t->vni); rmp->decap_next_index = htonl(t->decap_next_index); rmp->sw_if_index = htonl(t->sw_if_index); + rmp->is_ipv6 = is_ipv6; vl_msg_api_send_shmem (q, (u8 *)&rmp); } diff --git a/vpp/api/custom_dump.c b/vpp/api/custom_dump.c index 6bdbdc55803..6ffc8c95592 100644 --- a/vpp/api/custom_dump.c +++ b/vpp/api/custom_dump.c @@ -1266,11 +1266,11 @@ static void * vl_api_vxlan_add_del_tunnel_t_print s = format (0, "SCRIPT: vxlan_add_del_tunnel "); - s = format (s, "dst %U ", format_ip4_address, - (ip4_address_t *)&(mp->dst_address)); + s = format (s, "dst %U ", format_ip46_address, + (ip46_address_t *)&(mp->dst_address), mp->is_ipv6); - s = format (s, "src %U ", format_ip4_address, - (ip4_address_t *)&(mp->src_address)); + s = format (s, "src %U ", format_ip46_address, + (ip46_address_t *)&(mp->src_address), mp->is_ipv6); if (mp->encap_vrf_id) s = format (s, "encap-vrf-id %d ", ntohl(mp->encap_vrf_id)); diff --git a/vpp/api/vpe.api b/vpp/api/vpe.api index 50f971416bc..52893b58ef0 100644 --- a/vpp/api/vpe.api +++ b/vpp/api/vpe.api @@ -1769,8 +1769,9 @@ define vxlan_add_del_tunnel { u32 client_index; u32 context; u8 is_add; - u32 src_address; - u32 dst_address; + u8 is_ipv6; + u8 src_address[16]; + u8 dst_address[16]; u32 encap_vrf_id; u32 decap_next_index; u32 vni; @@ -1791,11 +1792,12 @@ manual_java define vxlan_tunnel_dump { manual_java define vxlan_tunnel_details { u32 context; u32 sw_if_index; - u32 src_address; - u32 dst_address; + u8 src_address[16]; + u8 dst_address[16]; u32 encap_vrf_id; u32 decap_next_index; u32 vni; + u8 is_ipv6; }; /** \brief L2 interface vlan tag rewrite configure request |