diff options
author | Filip Tehlar <ftehlar@cisco.com> | 2016-10-17 16:20:18 +0200 |
---|---|---|
committer | Florin Coras <florin.coras@gmail.com> | 2016-10-25 09:07:10 +0000 |
commit | d5fcc468f33189c64c638c146812c534bcecac61 (patch) | |
tree | d5ccee7779af3e56ca238612a7f7025d754da9d1 | |
parent | 0c38ea3e7bac5577698f0dcf5c0b493a97d2a9ce (diff) |
Fix LISP src/dst based policy
Change-Id: Ibcc58ad50e33cd26367fd28f60334e29f45a094c
Signed-off-by: Filip Tehlar <ftehlar@cisco.com>
-rw-r--r-- | vnet/vnet/lisp-cp/control.c | 106 | ||||
-rw-r--r-- | vnet/vnet/lisp-cp/gid_dictionary.c | 139 | ||||
-rw-r--r-- | vnet/vnet/lisp-cp/gid_dictionary.h | 6 | ||||
-rw-r--r-- | vnet/vnet/lisp-gpe/lisp_gpe_fwd_entry.c | 21 |
4 files changed, 259 insertions, 13 deletions
diff --git a/vnet/vnet/lisp-cp/control.c b/vnet/vnet/lisp-cp/control.c index 8dc4207847a..3b843a0158b 100644 --- a/vnet/vnet/lisp-cp/control.c +++ b/vnet/vnet/lisp-cp/control.c @@ -230,6 +230,8 @@ dp_del_fwd_entry (lisp_cp_main_t * lcm, u32 src_map_index, u32 dst_map_index) a->locator_pairs = fe->locator_pairs; a->vni = gid_address_vni (&fe->reid); gid_address_copy (&a->rmt_eid, &fe->reid); + if (fe->is_src_dst) + gid_address_copy (&a->lcl_eid, &fe->leid); vnet_lisp_gpe_add_del_fwd_entry (a, &sw_if_index); @@ -386,12 +388,20 @@ dp_add_fwd_entry (lisp_cp_main_t * lcm, u32 src_map_index, u32 dst_map_index) /* insert data plane forwarding entry */ a->is_add = 1; - if (GID_ADDR_SRC_DST == gid_address_type (&dst_map->eid)) + if (MR_MODE_SRC_DST == lcm->map_request_mode) { - gid_address_sd_to_flat (&a->rmt_eid, &dst_map->eid, - &gid_address_sd_dst (&dst_map->eid)); - gid_address_sd_to_flat (&a->lcl_eid, &dst_map->eid, - &gid_address_sd_src (&dst_map->eid)); + if (GID_ADDR_SRC_DST == gid_address_type (&dst_map->eid)) + { + gid_address_sd_to_flat (&a->rmt_eid, &dst_map->eid, + &gid_address_sd_dst (&dst_map->eid)); + gid_address_sd_to_flat (&a->lcl_eid, &dst_map->eid, + &gid_address_sd_src (&dst_map->eid)); + } + else + { + gid_address_copy (&a->rmt_eid, &dst_map->eid); + gid_address_copy (&a->lcl_eid, &src_map->eid); + } is_src_dst = 1; } else @@ -873,6 +883,85 @@ compare_locators (lisp_cp_main_t * lcm, u32 * old_ls_indexes, return 0; } +typedef struct +{ + u8 is_negative; + void *lcm; + gid_address_t *eids_to_be_deleted; +} remove_mapping_args_t; + +/** + * Callback invoked when a sub-prefix is found + */ +static void +remove_mapping_if_needed (u32 mi, void *arg) +{ + u8 delete = 0; + remove_mapping_args_t *a = arg; + lisp_cp_main_t *lcm = a->lcm; + mapping_t *m; + locator_set_t *ls; + + m = pool_elt_at_index (lcm->mapping_pool, mi); + if (!m) + return; + + ls = pool_elt_at_index (lcm->locator_set_pool, m->locator_set_index); + + if (a->is_negative) + { + if (0 != vec_len (ls->locator_indices)) + delete = 1; + } + else + { + if (0 == vec_len (ls->locator_indices)) + delete = 1; + } + + if (delete) + vec_add1 (a->eids_to_be_deleted, m->eid); +} + +/** + * This function searches map cache and looks for IP prefixes that are subset + * of the provided one. If such prefix is found depending on 'is_negative' + * it does follows: + * + * 1) if is_negative is true and found prefix points to positive mapping, + * then the mapping is removed + * 2) if is_negative is false and found prefix points to negative mapping, + * then the mapping is removed + */ +static void +remove_overlapping_sub_prefixes (lisp_cp_main_t * lcm, gid_address_t * eid, + u8 is_negative) +{ + gid_address_t *e; + remove_mapping_args_t a; + memset (&a, 0, sizeof (a)); + + /* do this only in src/dst mode ... */ + if (MR_MODE_SRC_DST != lcm->map_request_mode) + return; + + /* ... and only for IP prefix */ + if (GID_ADDR_SRC_DST != gid_address_type (eid) + || (FID_ADDR_IP_PREF != gid_address_sd_dst_type (eid))) + return; + + a.is_negative = is_negative; + a.lcm = lcm; + + gid_dict_foreach_subprefix (&lcm->mapping_index_by_gid, eid, + remove_mapping_if_needed, &a); + + vec_foreach (e, a.eids_to_be_deleted) + vnet_lisp_add_del_mapping (e, 0, 0, 0, 0, 0 /* is add */ , 0, 0); + + vec_free (a.eids_to_be_deleted); +} + /** * Adds/removes/updates mapping. Does not program forwarding. * @@ -925,7 +1014,7 @@ vnet_lisp_add_del_mapping (gid_address_t * eid, locator_t * rlocs, u8 action, /* do not overwrite local or static remote mappings */ clib_warning ("mapping %U rejected due to collision with local " "or static remote mapping!", format_gid_address, - &eid); + eid); return 0; } @@ -952,6 +1041,8 @@ vnet_lisp_add_del_mapping (gid_address_t * eid, locator_t * rlocs, u8 action, /* new mapping */ else { + remove_overlapping_sub_prefixes (lcm, eid, 0 == ls_args->locators); + ls_args->is_add = 1; ls_args->index = ~0; @@ -2843,7 +2934,8 @@ build_encapsulated_map_request (lisp_cp_main_t * lcm, /* get rlocs */ rlocs = build_itr_rloc_list (lcm, loc_set); - if (MR_MODE_SRC_DST == lcm->map_request_mode) + if (MR_MODE_SRC_DST == lcm->map_request_mode + && GID_ADDR_SRC_DST != gid_address_type (deid)) { gid_address_t sd; memset (&sd, 0, sizeof (sd)); diff --git a/vnet/vnet/lisp-cp/gid_dictionary.c b/vnet/vnet/lisp-cp/gid_dictionary.c index 2fd909621ae..0632ef0373f 100644 --- a/vnet/vnet/lisp-cp/gid_dictionary.c +++ b/vnet/vnet/lisp-cp/gid_dictionary.c @@ -15,6 +15,127 @@ #include <vnet/lisp-cp/gid_dictionary.h> +typedef struct +{ + void *arg; + ip_prefix_t src; + foreach_subprefix_match_cb_t cb; + union + { + gid_ip4_table_t *ip4_table; + gid_ip6_table_t *ip6_table; + }; +} sfib_entry_arg_t; + +static u32 ip4_lookup (gid_ip4_table_t * db, u32 vni, ip_prefix_t * key); + +static u32 ip6_lookup (gid_ip6_table_t * db, u32 vni, ip_prefix_t * key); + +static void +foreach_sfib4_subprefix (BVT (clib_bihash_kv) * kvp, void *arg) +{ + sfib_entry_arg_t *a = arg; + u32 ip = (u32) kvp->key[0]; + ip4_address_t *mask; + u8 plen = ip_prefix_len (&a->src); + + ASSERT (plen >= 0 && plen <= 32); + mask = &a->ip4_table->ip4_fib_masks[plen]; + + u32 src_ip = clib_host_to_net_u32 (ip_prefix_v4 (&a->src).as_u32); + src_ip &= mask->as_u32; + if (src_ip == ip) + { + /* found sub-prefix of src prefix */ + (a->cb) (kvp->value, a->arg); + } +} + +static void +gid_dict_foreach_ip4_subprefix (gid_dictionary_t * db, u32 vni, + ip_prefix_t * src, ip_prefix_t * dst, + foreach_subprefix_match_cb_t cb, void *arg) +{ + u32 sfi; + gid_ip4_table_t *sfib4; + sfib_entry_arg_t a; + + sfi = ip4_lookup (&db->dst_ip4_table, vni, dst); + if (GID_LOOKUP_MISS == sfi) + return; + + sfib4 = pool_elt_at_index (db->src_ip4_table_pool, sfi); + + a.arg = arg; + a.cb = cb; + a.src = src[0]; + a.ip4_table = sfib4; + + BV (clib_bihash_foreach_key_value_pair) (&sfib4->ip4_lookup_table, + foreach_sfib4_subprefix, &a); +} + +static void +foreach_sfib6_subprefix (BVT (clib_bihash_kv) * kvp, void *arg) +{ + sfib_entry_arg_t *a = arg; + ip6_address_t ip; + ip6_address_t *mask; + u8 plen = ip_prefix_len (&a->src); + + mask = &a->ip6_table->ip6_fib_masks[plen]; + ip.as_u64[0] = kvp->key[0]; + ip.as_u64[1] = kvp->key[1]; + + if (ip6_address_is_equal_masked (&ip_prefix_v6 (&a->src), &ip, mask)) + { + /* found sub-prefix of src prefix */ + (a->cb) (kvp->value, a->arg); + } +} + +static void +gid_dict_foreach_ip6_subprefix (gid_dictionary_t * db, u32 vni, + ip_prefix_t * src, ip_prefix_t * dst, + foreach_subprefix_match_cb_t cb, void *arg) +{ + u32 sfi; + gid_ip6_table_t *sfib6; + sfib_entry_arg_t a; + + sfi = ip6_lookup (&db->dst_ip6_table, vni, dst); + if (GID_LOOKUP_MISS == sfi) + return; + + sfib6 = pool_elt_at_index (db->src_ip6_table_pool, sfi); + + a.arg = arg; + a.cb = cb; + a.src = src[0]; + a.ip6_table = sfib6; + + BV (clib_bihash_foreach_key_value_pair) (&sfib6->ip6_lookup_table, + foreach_sfib6_subprefix, &a); +} + +void +gid_dict_foreach_subprefix (gid_dictionary_t * db, gid_address_t * eid, + foreach_subprefix_match_cb_t cb, void *arg) +{ + ip_prefix_t *ippref = &gid_address_sd_dst_ippref (eid); + + if (IP4 == ip_prefix_version (ippref)) + gid_dict_foreach_ip4_subprefix (db, gid_address_vni (eid), + &gid_address_sd_src_ippref (eid), + &gid_address_sd_dst_ippref (eid), cb, + arg); + else + gid_dict_foreach_ip6_subprefix (db, gid_address_vni (eid), + &gid_address_sd_src_ippref (eid), + &gid_address_sd_dst_ippref (eid), cb, + arg); +} + static void make_mac_sd_key (BVT (clib_bihash_kv) * kv, u32 vni, u8 src_mac[6], u8 dst_mac[6]) @@ -255,6 +376,24 @@ gid_dictionary_sd_lookup (gid_dictionary_t * db, gid_address_t * dst, case GID_ADDR_MAC: return mac_sd_lookup (&db->sd_mac_table, gid_address_vni (dst), gid_address_mac (dst), gid_address_mac (src)); + case GID_ADDR_SRC_DST: + switch (gid_address_sd_dst_type (dst)) + { + case FID_ADDR_IP_PREF: + return ip_sd_lookup (db, gid_address_vni (dst), + &gid_address_sd_dst_ippref (dst), + &gid_address_sd_src_ippref (dst)); + break; + case FID_ADDR_MAC: + return mac_sd_lookup (&db->sd_mac_table, gid_address_vni (dst), + gid_address_sd_dst_mac (dst), + gid_address_sd_src_mac (dst)); + break; + default: + clib_warning ("Source/Dest address type %d not supported!", + gid_address_sd_dst_type (dst)); + break; + } default: clib_warning ("address type %d not supported!", gid_address_type (dst)); break; diff --git a/vnet/vnet/lisp-cp/gid_dictionary.h b/vnet/vnet/lisp-cp/gid_dictionary.h index 6544cca1b18..c5aaf8cb30d 100644 --- a/vnet/vnet/lisp-cp/gid_dictionary.h +++ b/vnet/vnet/lisp-cp/gid_dictionary.h @@ -35,6 +35,8 @@ #define MAC_LOOKUP_DEFAULT_HASH_NUM_BUCKETS (64 * 1024) #define MAC_LOOKUP_DEFAULT_HASH_MEMORY_SIZE (32<<20) +typedef void (*foreach_subprefix_match_cb_t) (u32, void *); + typedef struct { BVT (clib_bihash) ip4_lookup_table; @@ -103,6 +105,10 @@ u32 gid_dictionary_sd_lookup (gid_dictionary_t * db, gid_address_t * dst, void gid_dictionary_init (gid_dictionary_t * db); +void +gid_dict_foreach_subprefix (gid_dictionary_t * db, gid_address_t * eid, + foreach_subprefix_match_cb_t cb, void *arg); + #endif /* VNET_LISP_GPE_GID_DICTIONARY_H_ */ /* diff --git a/vnet/vnet/lisp-gpe/lisp_gpe_fwd_entry.c b/vnet/vnet/lisp-gpe/lisp_gpe_fwd_entry.c index 75db97d9b53..018fad4ba00 100644 --- a/vnet/vnet/lisp-gpe/lisp_gpe_fwd_entry.c +++ b/vnet/vnet/lisp-gpe/lisp_gpe_fwd_entry.c @@ -69,7 +69,17 @@ ip_dst_fib_add_route (u32 dst_fib_index, const ip_prefix_t * dst_prefix) "LISP-src for [%d,%U]", dst_fib_index, format_fib_prefix, &dst_fib_prefix); - + /* + * add src fib default route + */ + fib_prefix_t prefix = { + .fp_proto = dst_fib_prefix.fp_proto, + }; + fib_table_entry_special_dpo_add (src_fib_index, &prefix, + FIB_SOURCE_LISP, + FIB_ENTRY_FLAG_EXCLUSIVE, + lisp_cp_dpo_get (fib_proto_to_dpo + (dst_fib_prefix.fp_proto))); /* * create a data-path object to perform the source address lookup * in the SRC FIB @@ -363,11 +373,9 @@ static void lisp_gpe_fwd_entry_mk_paths (lisp_gpe_fwd_entry_t * lfe, vnet_lisp_gpe_add_del_fwd_entry_args_t * a) { - const lisp_gpe_tenant_t *lt; lisp_fwd_path_t *path; u32 index; - lt = lisp_gpe_tenant_get (lfe->tenant); vec_validate (lfe->paths, vec_len (a->locator_pairs) - 1); vec_foreach_index (index, a->locator_pairs) @@ -380,8 +388,7 @@ lisp_gpe_fwd_entry_mk_paths (lisp_gpe_fwd_entry_t * lfe, path->lisp_adj = lisp_gpe_adjacency_find_or_create_and_lock (&a->locator_pairs [index], - lt->lt_table_id, - lfe->key->vni); + a->dp_table, lfe->key->vni); } vec_sort_with_function (lfe->paths, lisp_gpe_fwd_entry_path_sort); } @@ -529,6 +536,8 @@ lisp_l2_fib_lookup (lisp_gpe_main_t * lgm, u16 bd_index, u8 src_mac[6], if (rv == 0) return value.value; } + else + return value.value; return lisp_gpe_main.l2_lb_cp_lkup.dpoi_index; } @@ -886,7 +895,7 @@ format_lisp_fwd_path (u8 * s, va_list ap) { lisp_fwd_path_t *lfp = va_arg (ap, lisp_fwd_path_t *); - s = format (s, "pirority:%d weight:%d ", lfp->priority, lfp->weight); + s = format (s, "priority:%d weight:%d ", lfp->priority, lfp->weight); s = format (s, "adj:[%U]\n", format_lisp_gpe_adjacency, lisp_gpe_adjacency_get (lfp->lisp_adj), |