summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-12-29 23:55:18 +0000
committerDamjan Marion <dmarion@me.com>2020-01-27 20:40:30 +0000
commit14053c9dbd75182f5302f7388d17508f3930f7ce (patch)
tree527f7675cfe18b13cc7c1923cd7959ec80459a7c
parent59ff918ea5b86112ffc89054aa38107703354585 (diff)
ipip: Multi-point interface
Type: feature plus fixes for gre Signed-off-by: Neale Ranns <nranns@cisco.com> Change-Id: I0eca5f94b8b8ea0fcfb058162cafea4491708db6
-rw-r--r--src/plugins/ikev2/ikev2.c2
-rw-r--r--src/vnet/adj/adj.c2
-rw-r--r--src/vnet/adj/adj_delegate.c4
-rw-r--r--src/vnet/adj/adj_midchain.c11
-rw-r--r--src/vnet/adj/adj_nbr.c34
-rw-r--r--src/vnet/fib/fib_path.c3
-rw-r--r--src/vnet/gre/gre.c53
-rw-r--r--src/vnet/gre/gre.h10
-rw-r--r--src/vnet/gre/interface.c32
-rw-r--r--src/vnet/ipip/ipip.api1
-rw-r--r--src/vnet/ipip/ipip.c322
-rw-r--r--src/vnet/ipip/ipip.h36
-rw-r--r--src/vnet/ipip/ipip_api.c9
-rw-r--r--src/vnet/ipip/ipip_cli.c57
-rw-r--r--src/vnet/ipip/node.c26
-rw-r--r--src/vnet/ipip/sixrd.c14
-rw-r--r--src/vnet/ipsec/ipsec_api.c2
-rw-r--r--src/vnet/ipsec/ipsec_cli.c2
-rw-r--r--src/vnet/nhrp/nhrp.c24
-rw-r--r--src/vnet/tunnel/tunnel.c14
-rw-r--r--src/vnet/tunnel/tunnel.h5
-rw-r--r--src/vnet/tunnel/tunnel_types.api2
-rw-r--r--test/test_gre.py24
-rw-r--r--test/test_ipip.py111
-rw-r--r--test/vpp_ipip_tun_interface.py8
25 files changed, 652 insertions, 156 deletions
diff --git a/src/plugins/ikev2/ikev2.c b/src/plugins/ikev2/ikev2.c
index 6e3ca7da0bc..03448b939f2 100644
--- a/src/plugins/ikev2/ikev2.c
+++ b/src/plugins/ikev2/ikev2.c
@@ -1546,7 +1546,7 @@ ikev2_add_tunnel_from_main (ikev2_add_ipsec_tunnel_args_t * a)
rv = ipip_add_tunnel (IPIP_TRANSPORT_IP4, ~0,
&a->local_ip, &a->remote_ip, 0,
TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
- &sw_if_index);
+ TUNNEL_MODE_P2P, &sw_if_index);
if (rv == VNET_API_ERROR_IF_ALREADY_EXISTS)
{
diff --git a/src/vnet/adj/adj.c b/src/vnet/adj/adj.c
index a603925e905..c758ebeae3a 100644
--- a/src/vnet/adj/adj.c
+++ b/src/vnet/adj/adj.c
@@ -182,7 +182,7 @@ format_ip_adjacency (u8 * s, va_list * args)
s = format (s, "\n flags:%U", format_adj_flags, adj->ia_flags);
s = format (s, "\n counts:[%Ld:%Ld]", counts.packets, counts.bytes);
s = format (s, "\n locks:%d", adj->ia_node.fn_locks);
- s = format(s, "\n delegates:\n ");
+ s = format(s, "\n delegates:");
s = adj_delegate_format(s, adj);
s = format(s, "\n children:");
diff --git a/src/vnet/adj/adj_delegate.c b/src/vnet/adj/adj_delegate.c
index 68232c5810a..87a83fb4239 100644
--- a/src/vnet/adj/adj_delegate.c
+++ b/src/vnet/adj/adj_delegate.c
@@ -163,13 +163,13 @@ adj_delegate_format (u8* s, ip_adjacency_t *adj)
{
if (ad_vfts[aed->ad_type].adv_format)
{
- s = format(s, "{");
+ s = format(s, "\n {");
s = ad_vfts[aed->ad_type].adv_format(aed, s);
s = format(s, "}");
}
else
{
- s = format(s, "{unknown delegate}");
+ s = format(s, "\n {unknown delegate}");
}
}
diff --git a/src/vnet/adj/adj_midchain.c b/src/vnet/adj/adj_midchain.c
index 542b5a13250..33da0ed829e 100644
--- a/src/vnet/adj/adj_midchain.c
+++ b/src/vnet/adj/adj_midchain.c
@@ -513,12 +513,11 @@ adj_nbr_midchain_update_rewrite (adj_index_t adj_index,
* one time only update. since we don't support changing the tunnel
* src,dst, this is all we need.
*/
- ASSERT((adj->lookup_next_index == IP_LOOKUP_NEXT_ARP) ||
- (adj->lookup_next_index == IP_LOOKUP_NEXT_GLEAN) ||
- (adj->lookup_next_index == IP_LOOKUP_NEXT_MCAST) ||
- (adj->lookup_next_index == IP_LOOKUP_NEXT_BCAST));
-
- adj_midchain_setup(adj_index, fixup, fixup_data, flags);
+ if (adj->lookup_next_index != IP_LOOKUP_NEXT_MIDCHAIN ||
+ adj->lookup_next_index != IP_LOOKUP_NEXT_MCAST_MIDCHAIN)
+ {
+ adj_midchain_setup(adj_index, fixup, fixup_data, flags);
+ }
/*
* update the rewrite with the workers paused.
diff --git a/src/vnet/adj/adj_nbr.c b/src/vnet/adj/adj_nbr.c
index 9e990e00f3b..75313267ea1 100644
--- a/src/vnet/adj/adj_nbr.c
+++ b/src/vnet/adj/adj_nbr.c
@@ -907,15 +907,19 @@ adj_nbr_show (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
adj_index_t ai = ADJ_INDEX_INVALID;
+ ip46_address_t nh = ip46_address_initializer;
u32 sw_if_index = ~0;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (input, "%d", &ai))
+ if (unformat (input, "%U",
+ unformat_vnet_sw_interface, vnet_get_main(),
+ &sw_if_index))
;
else if (unformat (input, "%U",
- unformat_vnet_sw_interface, vnet_get_main(),
- &sw_if_index))
+ unformat_ip46_address, &nh, IP46_TYPE_ANY))
+ ;
+ else if (unformat (input, "%d", &ai))
;
else
break;
@@ -932,12 +936,24 @@ adj_nbr_show (vlib_main_t * vm,
{
fib_protocol_t proto;
- for (proto = FIB_PROTOCOL_IP4; proto <= FIB_PROTOCOL_IP6; proto++)
- {
- adj_nbr_walk(sw_if_index, proto,
- adj_nbr_show_one,
- vm);
- }
+ if (ip46_address_is_zero(&nh))
+ {
+ for (proto = FIB_PROTOCOL_IP4; proto <= FIB_PROTOCOL_IP6; proto++)
+ {
+ adj_nbr_walk(sw_if_index, proto,
+ adj_nbr_show_one,
+ vm);
+ }
+ }
+ else
+ {
+ proto = (ip46_address_is_ip4(&nh) ?
+ FIB_PROTOCOL_IP4 :
+ FIB_PROTOCOL_IP6);
+ adj_nbr_walk_nh(sw_if_index, proto, &nh,
+ adj_nbr_show_one,
+ vm);
+ }
}
else
{
diff --git a/src/vnet/fib/fib_path.c b/src/vnet/fib/fib_path.c
index c8a2a09cbff..a6404805eb6 100644
--- a/src/vnet/fib/fib_path.c
+++ b/src/vnet/fib/fib_path.c
@@ -1870,7 +1870,8 @@ fib_path_recursive_loop_detect (fib_node_index_t path_index,
}
case FIB_PATH_TYPE_ATTACHED_NEXT_HOP:
case FIB_PATH_TYPE_ATTACHED:
- if (adj_recursive_loop_detect(path->fp_dpo.dpoi_index,
+ if (dpo_is_adj(&path->fp_dpo) &&
+ adj_recursive_loop_detect(path->fp_dpo.dpoi_index,
entry_indicies))
{
FIB_PATH_DBG(path, "recursive loop formed");
diff --git a/src/vnet/gre/gre.c b/src/vnet/gre/gre.c
index f06f19fab2a..2b95d99148a 100644
--- a/src/vnet/gre/gre.c
+++ b/src/vnet/gre/gre.c
@@ -18,7 +18,6 @@
#include <vnet/vnet.h>
#include <vnet/gre/gre.h>
#include <vnet/adj/adj_midchain.h>
-#include <vnet/nhrp/nhrp.h>
extern gre_main_t gre_main;
@@ -331,10 +330,38 @@ gre_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
gre_tunnel_stack (ai);
}
-static adj_walk_rc_t
-mgre_mk_complete_walk (adj_index_t ai, void *ctx)
+adj_walk_rc_t
+mgre_mk_complete_walk (adj_index_t ai, void *data)
{
- nhrp_entry_adj_stack (ctx, ai);
+ mgre_walk_ctx_t *ctx = data;
+ adj_midchain_fixup_t f;
+
+ f = (ctx->t->tunnel_dst.fp_proto == FIB_PROTOCOL_IP4 ?
+ gre4_fixup : gre6_fixup);
+
+ adj_nbr_midchain_update_rewrite
+ (ai, f, NULL, ADJ_FLAG_MIDCHAIN_IP_STACK,
+ gre_build_rewrite (vnet_get_main (),
+ ctx->t->sw_if_index,
+ adj_get_link_type (ai),
+ &nhrp_entry_get_nh (ctx->ne)->fp_addr));
+
+ nhrp_entry_adj_stack (ctx->ne, ai);
+
+ return (ADJ_WALK_RC_CONTINUE);
+}
+
+adj_walk_rc_t
+mgre_mk_incomplete_walk (adj_index_t ai, void *data)
+{
+ gre_tunnel_t *t = data;
+ adj_midchain_fixup_t f;
+
+ f = (t->tunnel_dst.fp_proto == FIB_PROTOCOL_IP4 ? gre4_fixup : gre6_fixup);
+
+ adj_nbr_midchain_update_rewrite (ai, f, NULL, ADJ_FLAG_NONE, NULL);
+
+ adj_midchain_delegate_unstack (ai);
return (ADJ_WALK_RC_CONTINUE);
}
@@ -346,20 +373,11 @@ mgre_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
ip_adjacency_t *adj;
nhrp_entry_t *ne;
gre_tunnel_t *t;
- adj_flags_t af;
- u8 is_ipv6;
u32 ti;
adj = adj_get (ai);
ti = gm->tunnel_index_by_sw_if_index[sw_if_index];
t = pool_elt_at_index (gm->tunnels, ti);
- is_ipv6 = t->tunnel_dst.fp_proto == FIB_PROTOCOL_IP6 ? 1 : 0;
- af = ADJ_FLAG_MIDCHAIN_IP_STACK;
-
- adj_nbr_midchain_update_rewrite
- (ai, !is_ipv6 ? gre4_fixup : gre6_fixup, NULL, af,
- gre_build_rewrite (vnm, sw_if_index, adj_get_link_type (ai),
- &adj->sub_type.nbr.next_hop));
ne = nhrp_entry_find (sw_if_index, &adj->sub_type.nbr.next_hop);
@@ -367,8 +385,13 @@ mgre_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
// no NHRP entry to provide the next-hop
return;
- adj_nbr_walk_nh (sw_if_index, t->tunnel_dst.fp_proto,
- &adj->sub_type.nbr.next_hop, mgre_mk_complete_walk, ne);
+ mgre_walk_ctx_t ctx = {
+ .t = t,
+ .ne = ne
+ };
+ adj_nbr_walk_nh (sw_if_index,
+ adj->ia_nh_proto,
+ &adj->sub_type.nbr.next_hop, mgre_mk_complete_walk, &ctx);
}
#endif /* CLIB_MARCH_VARIANT */
diff --git a/src/vnet/gre/gre.h b/src/vnet/gre/gre.h
index 7f6ff0be9dc..70f624122ce 100644
--- a/src/vnet/gre/gre.h
+++ b/src/vnet/gre/gre.h
@@ -25,6 +25,7 @@
#include <vnet/ip/format.h>
#include <vnet/adj/adj_types.h>
#include <vnet/tunnel/tunnel.h>
+#include <vnet/nhrp/nhrp.h>
extern vnet_hw_interface_class_t gre_hw_interface_class;
extern vnet_hw_interface_class_t mgre_hw_interface_class;
@@ -323,6 +324,15 @@ extern void gre_tunnel_stack (adj_index_t ai);
extern void gre_update_adj (vnet_main_t * vnm,
u32 sw_if_index, adj_index_t ai);
+typedef struct mgre_walk_ctx_t_
+{
+ const gre_tunnel_t *t;
+ const nhrp_entry_t *ne;
+} mgre_walk_ctx_t;
+
+adj_walk_rc_t mgre_mk_complete_walk (adj_index_t ai, void *data);
+adj_walk_rc_t mgre_mk_incomplete_walk (adj_index_t ai, void *data);
+
format_function_t format_gre_protocol;
format_function_t format_gre_header;
format_function_t format_gre_header_with_length;
diff --git a/src/vnet/gre/interface.c b/src/vnet/gre/interface.c
index 59bf21d6dc2..178b080a73b 100644
--- a/src/vnet/gre/interface.c
+++ b/src/vnet/gre/interface.c
@@ -203,10 +203,14 @@ gre_nhrp_mk_key (const gre_tunnel_t * t,
t->type, TUNNEL_MODE_P2P, 0, &key->gtk_v6);
}
+/**
+ * An NHRP entry has been added
+ */
static void
gre_nhrp_entry_added (const nhrp_entry_t * ne)
{
gre_main_t *gm = &gre_main;
+ const ip46_address_t *nh;
gre_tunnel_key_t key;
gre_tunnel_t *t;
u32 sw_if_index;
@@ -221,16 +225,35 @@ gre_nhrp_entry_added (const nhrp_entry_t * ne)
if (INDEX_INVALID == t_idx)
return;
+ /* entry has been added on an interface for which there is a GRE tunnel */
t = pool_elt_at_index (gm->tunnels, t_idx);
+ if (t->mode != TUNNEL_MODE_MP)
+ return;
+
+ /* the next-hop (underlay) of the NHRP entry will form part of the key for
+ * ingress lookup to match packets to this interface */
gre_nhrp_mk_key (t, ne, &key);
gre_tunnel_db_add (t, &key);
+
+ /* update the rewrites for each of the adjacencies for this peer (overlay)
+ * using the next-hop (underlay) */
+ mgre_walk_ctx_t ctx = {
+ .t = t,
+ .ne = ne
+ };
+ nh = nhrp_entry_get_peer (ne);
+ adj_nbr_walk_nh (nhrp_entry_get_sw_if_index (ne),
+ (ip46_address_is_ip4 (nh) ?
+ FIB_PROTOCOL_IP4 :
+ FIB_PROTOCOL_IP6), nh, mgre_mk_complete_walk, &ctx);
}
static void
gre_nhrp_entry_deleted (const nhrp_entry_t * ne)
{
gre_main_t *gm = &gre_main;
+ const ip46_address_t *nh;
gre_tunnel_key_t key;
gre_tunnel_t *t;
u32 sw_if_index;
@@ -247,8 +270,17 @@ gre_nhrp_entry_deleted (const nhrp_entry_t * ne)
t = pool_elt_at_index (gm->tunnels, t_idx);
+ /* remove the next-hop as an ingress lookup key */
gre_nhrp_mk_key (t, ne, &key);
gre_tunnel_db_remove (t, &key);
+
+ nh = nhrp_entry_get_peer (ne);
+
+ /* make all the adjacencies incomplete */
+ adj_nbr_walk_nh (nhrp_entry_get_sw_if_index (ne),
+ (ip46_address_is_ip4 (nh) ?
+ FIB_PROTOCOL_IP4 :
+ FIB_PROTOCOL_IP6), nh, mgre_mk_incomplete_walk, t);
}
static walk_rc_t
diff --git a/src/vnet/ipip/ipip.api b/src/vnet/ipip/ipip.api
index 8ba31363b17..4fbfa1d584e 100644
--- a/src/vnet/ipip/ipip.api
+++ b/src/vnet/ipip/ipip.api
@@ -67,6 +67,7 @@ typedef ipip_tunnel
details/dump */
u32 table_id;
vl_api_tunnel_encap_decap_flags_t flags;
+ vl_api_tunnel_mode_t mode;
vl_api_ip_dscp_t dscp; /* DSCP value for the tunnel encap,
ignored if ECNAP_COPY_DSCP flag is set */
};
diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c
index 05460fbbe34..aa8d8daca4b 100644
--- a/src/vnet/ipip/ipip.c
+++ b/src/vnet/ipip/ipip.c
@@ -25,6 +25,7 @@
#include <vnet/fib/ip6_fib.h>
#include <vnet/ip/format.h>
#include <vnet/ipip/ipip.h>
+#include <vnet/nhrp/nhrp.h>
ipip_main_t ipip_main;
@@ -55,10 +56,14 @@ static u8 *
ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index,
vnet_link_t link_type, const void *dst_address)
{
+ const ip46_address_t *dst;
ip4_header_t *ip4;
ip6_header_t *ip6;
u8 *rewrite = NULL;
- ipip_tunnel_t *t = ipip_tunnel_db_find_by_sw_if_index (sw_if_index);
+ ipip_tunnel_t *t;
+
+ dst = dst_address;
+ t = ipip_tunnel_db_find_by_sw_if_index (sw_if_index);
if (!t)
/* not one of ours */
@@ -73,12 +78,12 @@ ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index,
ip4->ttl = 64;
/* fixup ip4 header length, protocol and checksum after-the-fact */
ip4->src_address.as_u32 = t->tunnel_src.ip4.as_u32;
- ip4->dst_address.as_u32 = t->tunnel_dst.ip4.as_u32;
- ip4->checksum = ip4_header_checksum (ip4);
+ ip4->dst_address.as_u32 = dst->ip4.as_u32;
if (!(t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP))
ip4_header_set_dscp (ip4, t->dscp);
if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_SET_DF)
ip4_header_set_df (ip4);
+ ip4->checksum = ip4_header_checksum (ip4);
break;
case IPIP_TRANSPORT_IP6:
@@ -90,15 +95,11 @@ ipip_build_rewrite (vnet_main_t * vnm, u32 sw_if_index,
/* fixup ip6 header length and protocol after-the-fact */
ip6->src_address.as_u64[0] = t->tunnel_src.ip6.as_u64[0];
ip6->src_address.as_u64[1] = t->tunnel_src.ip6.as_u64[1];
- ip6->dst_address.as_u64[0] = t->tunnel_dst.ip6.as_u64[0];
- ip6->dst_address.as_u64[1] = t->tunnel_dst.ip6.as_u64[1];
+ ip6->dst_address.as_u64[0] = dst->ip6.as_u64[0];
+ ip6->dst_address.as_u64[1] = dst->ip6.as_u64[1];
if (!(t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP))
ip6_set_dscp_network_order (ip6, t->dscp);
break;
-
- default:
- /* pass through */
- ;
}
return (rewrite);
}
@@ -107,8 +108,10 @@ static void
ipip4_fixup (vlib_main_t * vm, const ip_adjacency_t * adj, vlib_buffer_t * b,
const void *data)
{
+ tunnel_encap_decap_flags_t flags;
ip4_header_t *ip4;
- const ipip_tunnel_t *t = data;
+
+ flags = pointer_to_uword (data);
ip4 = vlib_buffer_get_current (b);
ip4->length = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b));
@@ -116,11 +119,11 @@ ipip4_fixup (vlib_main_t * vm, const ip_adjacency_t * adj, vlib_buffer_t * b,
{
case VNET_LINK_IP6:
ip4->protocol = IP_PROTOCOL_IPV6;
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
ip4_header_set_dscp (ip4,
ip6_dscp_network_order ((ip6_header_t *) (ip4 +
1)));
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
ip4_header_set_ecn (ip4,
ip6_ecn_network_order ((ip6_header_t *) (ip4 +
1)));
@@ -128,11 +131,11 @@ ipip4_fixup (vlib_main_t * vm, const ip_adjacency_t * adj, vlib_buffer_t * b,
case VNET_LINK_IP4:
ip4->protocol = IP_PROTOCOL_IP_IN_IP;
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
ip4_header_set_dscp (ip4, ip4_header_get_dscp (ip4 + 1));
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
ip4_header_set_ecn (ip4, ip4_header_get_ecn (ip4 + 1));
- if ((t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DF) &&
+ if ((flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DF) &&
ip4_header_get_df (ip4 + 1))
ip4_header_set_df (ip4);
break;
@@ -148,8 +151,10 @@ static void
ipip6_fixup (vlib_main_t * vm, const ip_adjacency_t * adj, vlib_buffer_t * b,
const void *data)
{
+ tunnel_encap_decap_flags_t flags;
ip6_header_t *ip6;
- const ipip_tunnel_t *t = data;
+
+ flags = pointer_to_uword (data);
/* Must set locally originated otherwise we're not allowed to
fragment the packet later */
@@ -163,18 +168,18 @@ ipip6_fixup (vlib_main_t * vm, const ip_adjacency_t * adj, vlib_buffer_t * b,
{
case VNET_LINK_IP6:
ip6->protocol = IP_PROTOCOL_IPV6;
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
ip6_set_dscp_network_order (ip6, ip6_dscp_network_order (ip6 + 1));
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
ip6_set_ecn_network_order (ip6, ip6_ecn_network_order (ip6 + 1));
break;
case VNET_LINK_IP4:
ip6->protocol = IP_PROTOCOL_IP_IN_IP;
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_DSCP)
ip6_set_dscp_network_order
(ip6, ip4_header_get_dscp ((ip4_header_t *) (ip6 + 1)));
- if (t->flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
+ if (flags & TUNNEL_ENCAP_DECAP_FLAG_ENCAP_COPY_ECN)
ip6_set_ecn_network_order
(ip6, ip4_header_get_ecn ((ip4_header_t *) (ip6 + 1)));
break;
@@ -257,14 +262,89 @@ ipip_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
if (VNET_LINK_ETHERNET == adj_get_link_type (ai))
af |= ADJ_FLAG_MIDCHAIN_NO_COUNT;
- adj_nbr_midchain_update_rewrite (ai, f, t, af,
- ipip_build_rewrite (vnm,
- sw_if_index,
- adj_get_link_type
- (ai), NULL));
+ adj_nbr_midchain_update_rewrite
+ (ai, f, uword_to_pointer (t->flags, void *), af,
+ ipip_build_rewrite (vnm, sw_if_index,
+ adj_get_link_type (ai), &t->tunnel_dst));
ipip_tunnel_stack (ai);
}
+typedef struct mipip_walk_ctx_t_
+{
+ const ipip_tunnel_t *t;
+ const nhrp_entry_t *ne;
+} mipip_walk_ctx_t;
+
+static adj_walk_rc_t
+mipip_mk_complete_walk (adj_index_t ai, void *data)
+{
+ mipip_walk_ctx_t *ctx = data;
+ adj_midchain_fixup_t f;
+
+ f = ctx->t->transport == IPIP_TRANSPORT_IP6 ? ipip6_fixup : ipip4_fixup;
+
+ adj_nbr_midchain_update_rewrite
+ (ai, f, uword_to_pointer (ctx->t->flags, void *),
+ ADJ_FLAG_MIDCHAIN_IP_STACK, ipip_build_rewrite (vnet_get_main (),
+ ctx->t->sw_if_index,
+ adj_get_link_type (ai),
+ &nhrp_entry_get_nh
+ (ctx->ne)->fp_addr));
+
+ nhrp_entry_adj_stack (ctx->ne, ai);
+
+ return (ADJ_WALK_RC_CONTINUE);
+}
+
+static adj_walk_rc_t
+mipip_mk_incomplete_walk (adj_index_t ai, void *data)
+{
+ ipip_tunnel_t *t = data;
+ adj_midchain_fixup_t f;
+
+ f = t->transport == IPIP_TRANSPORT_IP6 ? ipip6_fixup : ipip4_fixup;
+
+ adj_nbr_midchain_update_rewrite (ai, f, NULL, ADJ_FLAG_NONE, NULL);
+
+ adj_midchain_delegate_unstack (ai);
+
+ return (ADJ_WALK_RC_CONTINUE);
+}
+
+void
+mipip_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai)
+{
+ ipip_main_t *gm = &ipip_main;
+ adj_midchain_fixup_t f;
+ ip_adjacency_t *adj;
+ nhrp_entry_t *ne;
+ ipip_tunnel_t *t;
+ u32 ti;
+
+ adj = adj_get (ai);
+ ti = gm->tunnel_index_by_sw_if_index[sw_if_index];
+ t = pool_elt_at_index (gm->tunnels, ti);
+ f = t->transport == IPIP_TRANSPORT_IP6 ? ipip6_fixup : ipip4_fixup;
+
+ ne = nhrp_entry_find (sw_if_index, &adj->sub_type.nbr.next_hop);
+
+ if (NULL == ne)
+ {
+ // no NHRP entry to provide the next-hop
+ adj_nbr_midchain_update_rewrite
+ (ai, f, uword_to_pointer (t->flags, void *), ADJ_FLAG_NONE, NULL);
+ return;
+ }
+
+ mipip_walk_ctx_t ctx = {
+ .t = t,
+ .ne = ne
+ };
+ adj_nbr_walk_nh (sw_if_index,
+ adj->ia_nh_proto,
+ &adj->sub_type.nbr.next_hop, mipip_mk_complete_walk, &ctx);
+}
+
static u8 *
format_ipip_tunnel_name (u8 * s, va_list * args)
{
@@ -350,10 +430,19 @@ VNET_HW_INTERFACE_CLASS(ipip_hw_interface_class) = {
.update_adjacency = ipip_update_adj,
.flags = VNET_HW_INTERFACE_CLASS_FLAG_P2P,
};
+
+VNET_HW_INTERFACE_CLASS(mipip_hw_interface_class) = {
+ .name = "mIPIP",
+ //.format_header = format_ipip_header_with_length,
+ //.unformat_header = unformat_ipip_header,
+ .build_rewrite = ipip_build_rewrite,
+ .update_adjacency = mipip_update_adj,
+ .flags = VNET_HW_INTERFACE_CLASS_FLAG_NBMA,
+};
/* *INDENT-ON* */
ipip_tunnel_t *
-ipip_tunnel_db_find (ipip_tunnel_key_t * key)
+ipip_tunnel_db_find (const ipip_tunnel_key_t * key)
{
ipip_main_t *gm = &ipip_main;
uword *p;
@@ -377,30 +466,155 @@ ipip_tunnel_db_find_by_sw_if_index (u32 sw_if_index)
}
void
-ipip_tunnel_db_add (ipip_tunnel_t * t, ipip_tunnel_key_t * key)
+ipip_tunnel_db_add (ipip_tunnel_t * t, const ipip_tunnel_key_t * key)
{
ipip_main_t *gm = &ipip_main;
- t->key = clib_mem_alloc (sizeof (*t->key));
- clib_memcpy (t->key, key, sizeof (*key));
- hash_set_mem (gm->tunnel_by_key, t->key, t->dev_instance);
+ hash_set_mem_alloc (&gm->tunnel_by_key, key, t->dev_instance);
}
void
-ipip_tunnel_db_remove (ipip_tunnel_t * t)
+ipip_tunnel_db_remove (ipip_tunnel_t * t, const ipip_tunnel_key_t * key)
{
ipip_main_t *gm = &ipip_main;
- hash_unset_mem (gm->tunnel_by_key, t->key);
- clib_mem_free (t->key);
- t->key = NULL;
+ hash_unset_mem_free (&gm->tunnel_by_key, key);
+}
+
+void
+ipip_mk_key_i (ipip_transport_t transport,
+ ipip_mode_t mode,
+ const ip46_address_t * src,
+ const ip46_address_t * dst,
+ u32 fib_index, ipip_tunnel_key_t * key)
+{
+ key->transport = transport;
+ key->mode = mode;
+ key->src = *src;
+ key->dst = *dst;
+ key->fib_index = fib_index;
+ key->__pad = 0;;
+}
+
+void
+ipip_mk_key (const ipip_tunnel_t * t, ipip_tunnel_key_t * key)
+{
+ ipip_mk_key_i (t->transport, t->mode,
+ &t->tunnel_src, &t->tunnel_dst, t->fib_index, key);
+}
+
+static void
+ipip_nhrp_mk_key (const ipip_tunnel_t * t,
+ const nhrp_entry_t * ne, ipip_tunnel_key_t * key)
+{
+ const fib_prefix_t *nh;
+
+ nh = nhrp_entry_get_nh (ne);
+
+ /* construct the key using mode P2P so it can be found in the DP */
+ ipip_mk_key_i (t->transport, IPIP_MODE_P2P,
+ &t->tunnel_src, &nh->fp_addr,
+ nhrp_entry_get_fib_index (ne), key);
+}
+
+static void
+ipip_nhrp_entry_added (const nhrp_entry_t * ne)
+{
+ ipip_main_t *gm = &ipip_main;
+ const ip46_address_t *nh;
+ ipip_tunnel_key_t key;
+ ipip_tunnel_t *t;
+ u32 sw_if_index;
+ u32 t_idx;
+
+ sw_if_index = nhrp_entry_get_sw_if_index (ne);
+ if (vec_len (gm->tunnel_index_by_sw_if_index) < sw_if_index)
+ return;
+
+ t_idx = gm->tunnel_index_by_sw_if_index[sw_if_index];
+
+ if (INDEX_INVALID == t_idx)
+ return;
+
+ t = pool_elt_at_index (gm->tunnels, t_idx);
+
+ ipip_nhrp_mk_key (t, ne, &key);
+ ipip_tunnel_db_add (t, &key);
+
+ // update the rewrites for each of the adjacencies for this next-hop
+ mipip_walk_ctx_t ctx = {
+ .t = t,
+ .ne = ne
+ };
+ nh = nhrp_entry_get_peer (ne);
+ adj_nbr_walk_nh (nhrp_entry_get_sw_if_index (ne),
+ (ip46_address_is_ip4 (nh) ?
+ FIB_PROTOCOL_IP4 :
+ FIB_PROTOCOL_IP6), nh, mipip_mk_complete_walk, &ctx);
+}
+
+static void
+ipip_nhrp_entry_deleted (const nhrp_entry_t * ne)
+{
+ ipip_main_t *gm = &ipip_main;
+ const ip46_address_t *nh;
+ ipip_tunnel_key_t key;
+ ipip_tunnel_t *t;
+ u32 sw_if_index;
+ u32 t_idx;
+
+ sw_if_index = nhrp_entry_get_sw_if_index (ne);
+ if (vec_len (gm->tunnel_index_by_sw_if_index) < sw_if_index)
+ return;
+
+ t_idx = gm->tunnel_index_by_sw_if_index[sw_if_index];
+
+ if (INDEX_INVALID == t_idx)
+ return;
+
+ t = pool_elt_at_index (gm->tunnels, t_idx);
+
+ ipip_nhrp_mk_key (t, ne, &key);
+ ipip_tunnel_db_remove (t, &key);
+
+ nh = nhrp_entry_get_peer (ne);
+
+ /* make all the adjacencies incomplete */
+ adj_nbr_walk_nh (nhrp_entry_get_sw_if_index (ne),
+ (ip46_address_is_ip4 (nh) ?
+ FIB_PROTOCOL_IP4 :
+ FIB_PROTOCOL_IP6), nh, mipip_mk_incomplete_walk, t);
+}
+
+static walk_rc_t
+ipip_tunnel_delete_nhrp_walk (index_t nei, void *ctx)
+{
+ ipip_tunnel_t *t = ctx;
+ ipip_tunnel_key_t key;
+
+ ipip_nhrp_mk_key (t, nhrp_entry_get (nei), &key);
+ ipip_tunnel_db_remove (t, &key);
+
+ return (WALK_CONTINUE);
+}
+
+static walk_rc_t
+ipip_tunnel_add_nhrp_walk (index_t nei, void *ctx)
+{
+ ipip_tunnel_t *t = ctx;
+ ipip_tunnel_key_t key;
+
+ ipip_nhrp_mk_key (t, nhrp_entry_get (nei), &key);
+ ipip_tunnel_db_add (t, &key);
+
+ return (WALK_CONTINUE);
}
int
ipip_add_tunnel (ipip_transport_t transport,
u32 instance, ip46_address_t * src, ip46_address_t * dst,
u32 fib_index, tunnel_encap_decap_flags_t flags,
- ip_dscp_t dscp, u32 * sw_if_indexp)
+ ip_dscp_t dscp, tunnel_mode_t tmode, u32 * sw_if_indexp)
{
ipip_main_t *gm = &ipip_main;
vnet_main_t *vnm = gm->vnet_main;
@@ -409,11 +623,15 @@ ipip_add_tunnel (ipip_transport_t transport,
ipip_tunnel_t *t;
vnet_hw_interface_t *hi;
u32 hw_if_index, sw_if_index;
- ipip_tunnel_key_t key = {.transport = transport,
- .fib_index = fib_index,
- .src = *src,
- .dst = *dst
- };
+ ipip_tunnel_key_t key;
+ ipip_mode_t mode;
+
+ if (tmode == TUNNEL_MODE_MP && !ip46_address_is_zero (dst))
+ return (VNET_API_ERROR_INVALID_DST_ADDRESS);
+
+ mode = (tmode == TUNNEL_MODE_P2P ? IPIP_MODE_P2P : IPIP_MODE_P2MP);
+ ipip_mk_key_i (transport, mode, src, dst, fib_index, &key);
+
t = ipip_tunnel_db_find (&key);
if (t)
{
@@ -441,12 +659,15 @@ ipip_add_tunnel (ipip_transport_t transport,
t->user_instance = u_idx; /* name */
hw_if_index = vnet_register_interface (vnm, ipip_device_class.index, t_idx,
- ipip_hw_interface_class.index,
+ (mode == IPIP_MODE_P2P ?
+ ipip_hw_interface_class.index :
+ mipip_hw_interface_class.index),
t_idx);
hi = vnet_get_hw_interface (vnm, hw_if_index);
sw_if_index = hi->sw_if_index;
+ t->mode = mode;
t->hw_if_index = hw_if_index;
t->fib_index = fib_index;
t->sw_if_index = sw_if_index;
@@ -476,6 +697,9 @@ ipip_add_tunnel (ipip_transport_t transport,
ipip_tunnel_db_add (t, &key);
+ if (t->mode == IPIP_MODE_P2MP)
+ nhrp_walk_itf (t->sw_if_index, ipip_tunnel_add_nhrp_walk, t);
+
if (sw_if_indexp)
*sw_if_indexp = sw_if_index;
@@ -500,22 +724,32 @@ ipip_del_tunnel (u32 sw_if_index)
ipip_main_t *gm = &ipip_main;
vnet_main_t *vnm = gm->vnet_main;
ipip_tunnel_t *t;
-
+ ipip_tunnel_key_t key;
t = ipip_tunnel_db_find_by_sw_if_index (sw_if_index);
if (t == NULL)
return VNET_API_ERROR_NO_SUCH_ENTRY;
+ if (t->mode == IPIP_MODE_P2MP)
+ nhrp_walk_itf (t->sw_if_index, ipip_tunnel_delete_nhrp_walk, t);
+
vnet_sw_interface_set_flags (vnm, sw_if_index, 0 /* down */ );
gm->tunnel_index_by_sw_if_index[sw_if_index] = ~0;
vnet_delete_hw_interface (vnm, t->hw_if_index);
hash_unset (gm->instance_used, t->user_instance);
- ipip_tunnel_db_remove (t);
+
+ ipip_mk_key (t, &key);
+ ipip_tunnel_db_remove (t, &key);
pool_put (gm->tunnels, t);
return 0;
}
+const static nhrp_vft_t ipip_nhrp_vft = {
+ .nv_added = ipip_nhrp_entry_added,
+ .nv_deleted = ipip_nhrp_entry_deleted,
+};
+
static clib_error_t *
ipip_init (vlib_main_t * vm)
{
@@ -527,6 +761,8 @@ ipip_init (vlib_main_t * vm)
gm->tunnel_by_key =
hash_create_mem (0, sizeof (ipip_tunnel_key_t), sizeof (uword));
+ nhrp_register (&ipip_nhrp_vft);
+
return 0;
}
diff --git a/src/vnet/ipip/ipip.h b/src/vnet/ipip/ipip.h
index a3732f75128..fef5aab0490 100644
--- a/src/vnet/ipip/ipip.h
+++ b/src/vnet/ipip/ipip.h
@@ -48,21 +48,26 @@ typedef enum
{
IPIP_TRANSPORT_IP4,
IPIP_TRANSPORT_IP6,
-} ipip_transport_t;
+} __clib_packed ipip_transport_t;
+
+typedef enum
+{
+ IPIP_MODE_P2P = 0,
+ IPIP_MODE_P2MP,
+ IPIP_MODE_6RD,
+} __clib_packed ipip_mode_t;
typedef struct
{
ip46_address_t src;
ip46_address_t dst;
- ipip_transport_t transport;
u32 fib_index;
-} __attribute__ ((packed)) ipip_tunnel_key_t;
+ ipip_transport_t transport;
+ ipip_mode_t mode;
+ u16 __pad;
+} __clib_packed ipip_tunnel_key_t;
-typedef enum
-{
- IPIP_MODE_P2P = 0,
- IPIP_MODE_6RD,
-} ipip_mode_t;
+STATIC_ASSERT_SIZEOF (ipip_tunnel_key_t, 5 * sizeof (u64));
/**
* @brief A representation of a IPIP tunnel
@@ -74,7 +79,6 @@ typedef struct
ipip_mode_t mode;
ipip_transport_t transport;
- ipip_tunnel_key_t *key;
ip46_address_t tunnel_src;
ip46_address_t tunnel_dst;
u32 fib_index;
@@ -145,7 +149,7 @@ sixrd_get_addr_net (const ipip_tunnel_t * t, u64 dal)
int ipip_add_tunnel (ipip_transport_t transport, u32 instance,
ip46_address_t * src, ip46_address_t * dst,
u32 fib_index, tunnel_encap_decap_flags_t flags,
- ip_dscp_t dscp, u32 * sw_if_indexp);
+ ip_dscp_t dscp, tunnel_mode_t mode, u32 * sw_if_indexp);
int ipip_del_tunnel (u32 sw_if_index);
int sixrd_add_tunnel (ip6_address_t * ip6_prefix, u8 ip6_prefix_len,
ip4_address_t * ip4_prefix, u8 ip4_prefix_len,
@@ -153,10 +157,16 @@ int sixrd_add_tunnel (ip6_address_t * ip6_prefix, u8 ip6_prefix_len,
u32 ip4_fib_index, u32 ip6_fib_index,
u32 * sw_if_index);
int sixrd_del_tunnel (u32 sw_if_index);
-void ipip_tunnel_db_add (ipip_tunnel_t * t, ipip_tunnel_key_t * key);
-void ipip_tunnel_db_remove (ipip_tunnel_t * t);
-ipip_tunnel_t *ipip_tunnel_db_find (ipip_tunnel_key_t * key);
+void ipip_tunnel_db_add (ipip_tunnel_t * t, const ipip_tunnel_key_t * key);
+void ipip_tunnel_db_remove (ipip_tunnel_t * t, const ipip_tunnel_key_t * key);
+ipip_tunnel_t *ipip_tunnel_db_find (const ipip_tunnel_key_t * key);
ipip_tunnel_t *ipip_tunnel_db_find_by_sw_if_index (u32 sw_if_index);
+void ipip_mk_key (const ipip_tunnel_t * t, ipip_tunnel_key_t * key);
+void ipip_mk_key_i (ipip_transport_t transport,
+ ipip_mode_t mode,
+ const ip46_address_t * src,
+ const ip46_address_t * dst,
+ u32 fib_index, ipip_tunnel_key_t * key);
#endif
diff --git a/src/vnet/ipip/ipip_api.c b/src/vnet/ipip/ipip_api.c
index 4f6aa7f3dbe..97fff156d35 100644
--- a/src/vnet/ipip/ipip_api.c
+++ b/src/vnet/ipip/ipip_api.c
@@ -40,6 +40,7 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp)
tunnel_encap_decap_flags_t flags;
ip46_address_t src, dst;
ip46_type_t itype[2];
+ tunnel_mode_t mode;
itype[0] = ip_address_decode (&mp->tunnel.src, &src);
itype[1] = ip_address_decode (&mp->tunnel.dst, &dst);
@@ -61,6 +62,11 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp)
if (rv)
goto out;
+ rv = tunnel_mode_decode (mp->tunnel.mode, &mode);
+
+ if (rv)
+ goto out;
+
fib_index = fib_table_find (fib_proto_from_ip46 (itype[0]),
ntohl (mp->tunnel.table_id));
@@ -75,7 +81,8 @@ vl_api_ipip_add_tunnel_t_handler (vl_api_ipip_add_tunnel_t * mp)
IPIP_TRANSPORT_IP4),
ntohl (mp->tunnel.instance), &src, &dst,
fib_index, flags,
- ip_dscp_decode (mp->tunnel.dscp), &sw_if_index);
+ ip_dscp_decode (mp->tunnel.dscp), mode,
+ &sw_if_index);
}
out:
diff --git a/src/vnet/ipip/ipip_cli.c b/src/vnet/ipip/ipip_cli.c
index 09f2ebae228..d3410558271 100644
--- a/src/vnet/ipip/ipip_cli.c
+++ b/src/vnet/ipip/ipip_cli.c
@@ -31,6 +31,7 @@ static clib_error_t *create_ipip_tunnel_command_fn(vlib_main_t *vm,
u32 sw_if_index;
clib_error_t *error = NULL;
bool ip4_set = false, ip6_set = false;
+ tunnel_mode_t mode = TUNNEL_MODE_P2P;
/* Get a line of input. */
if (!unformat_user(input, unformat_line_input, line_input))
@@ -51,6 +52,8 @@ static clib_error_t *create_ipip_tunnel_command_fn(vlib_main_t *vm,
} else if (unformat(line_input, "dst %U", unformat_ip6_address, &dst.ip6)) {
num_m_args++;
ip6_set = true;
+ } else if (unformat(line_input, "%U", unformat_tunnel_mode, &mode)) {
+ num_m_args++;
} else if (unformat(line_input, "outer-table-id %d", &table_id))
;
else {
@@ -84,6 +87,7 @@ static clib_error_t *create_ipip_tunnel_command_fn(vlib_main_t *vm,
fib_index,
TUNNEL_ENCAP_DECAP_FLAG_NONE,
IP_DSCP_CS0,
+ mode,
&sw_if_index);
}
@@ -104,6 +108,9 @@ static clib_error_t *create_ipip_tunnel_command_fn(vlib_main_t *vm,
case VNET_API_ERROR_INSTANCE_IN_USE:
error = clib_error_return(0, "Instance is in use");
goto done;
+ case VNET_API_ERROR_INVALID_DST_ADDRESS:
+ error = clib_error_return(0, "destination IP address when mode is multi-point");
+ goto done;
default:
error = clib_error_return(0, "vnet_ipip_add_del_tunnel returned %d", rv);
goto done;
@@ -182,12 +189,16 @@ static u8 *format_ipip_tunnel(u8 *s, va_list *args) {
format_ip6_address, &t->sixrd.ip6_prefix, t->sixrd.ip6_prefix_len);
break;
case IPIP_MODE_P2P:
- default:
s = format(s, "[%d] instance %d src %U dst %U ",
t->dev_instance, t->user_instance,
format_ip46_address, &t->tunnel_src, type,
format_ip46_address, &t->tunnel_dst, type);
break;
+ case IPIP_MODE_P2MP:
+ s = format(s, "[%d] instance %d p2mp src %U ",
+ t->dev_instance, t->user_instance,
+ format_ip46_address, &t->tunnel_src, type);
+ break;
}
s = format(s, "table-ID %d sw-if-idx %d flags [%U] dscp %U",
@@ -235,6 +246,50 @@ VLIB_CLI_COMMAND(show_ipip_tunnel_command, static) = {
};
/* *INDENT-ON* */
+static u8 *
+format_ipip_tunnel_key (u8 *s, va_list *args)
+{
+ ipip_tunnel_key_t *t = va_arg(*args, ipip_tunnel_key_t *);
+
+ s = format (s, "src:%U dst:%U fib:%d transport:%d mode:%d",
+ format_ip46_address, &t->src, IP46_TYPE_ANY,
+ format_ip46_address, &t->dst, IP46_TYPE_ANY,
+ t->fib_index, t->transport, t->mode);
+
+ return (s);
+}
+
+static clib_error_t *
+ipip_tunnel_hash_show (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ ipip_main_t *im = &ipip_main;
+ ipip_tunnel_key_t *key;
+ u32 index;
+
+ /* *INDENT-OFF* */
+ hash_foreach(key, index, im->tunnel_by_key,
+ ({
+ vlib_cli_output (vm, " %U -> %d", format_ipip_tunnel_key, key, index);
+ }));
+ /* *INDENT-ON* */
+
+ return NULL;
+}
+
+/**
+ * show IPSEC tunnel protection hash tables
+ */
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (ipip_tunnel_hash_show_node, static) =
+{
+ .path = "show ipip tunnel-hash",
+ .function = ipip_tunnel_hash_show,
+ .short_help = "show ipip tunnel-hash",
+};
+/* *INDENT-ON* */
+
static clib_error_t *create_sixrd_tunnel_command_fn(vlib_main_t *vm,
unformat_input_t *input,
vlib_cli_command_t *cmd) {
diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c
index bc0250ad6ef..0f47f2636db 100644
--- a/src/vnet/ipip/node.c
+++ b/src/vnet/ipip/node.c
@@ -83,9 +83,6 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node,
ip4_header_t *ip40;
ip6_header_t *ip60;
u32 next0 = IPIP_INPUT_NEXT_DROP;
- ip46_address_t src0 = ip46_address_initializer, dst0 =
- ip46_address_initializer;
- ipip_transport_t transport0;
u8 inner_protocol0;
bi0 = to_next[0] = from[0];
@@ -96,6 +93,11 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node,
b0 = vlib_get_buffer (vm, bi0);
+ ipip_tunnel_key_t key0 = {
+ .fib_index = vnet_buffer (b0)->ip.fib_index,
+ .mode = IPIP_MODE_P2P,
+ };
+
if (is_ipv6)
{
ip60 = vlib_buffer_get_current (b0);
@@ -108,10 +110,10 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node,
}
vlib_buffer_advance (b0, sizeof (*ip60));
- ip_set (&src0, &ip60->src_address, false);
- ip_set (&dst0, &ip60->dst_address, false);
+ ip_set (&key0.dst, &ip60->src_address, false);
+ ip_set (&key0.src, &ip60->dst_address, false);
inner_protocol0 = ip60->protocol;
- transport0 = IPIP_TRANSPORT_IP6;
+ key0.transport = IPIP_TRANSPORT_IP6;
}
else
{
@@ -125,25 +127,21 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node,
goto drop;
}
vlib_buffer_advance (b0, sizeof (*ip40));
- ip_set (&src0, &ip40->src_address, true);
- ip_set (&dst0, &ip40->dst_address, true);
+ ip_set (&key0.dst, &ip40->src_address, true);
+ ip_set (&key0.src, &ip40->dst_address, true);
inner_protocol0 = ip40->protocol;
- transport0 = IPIP_TRANSPORT_IP4;
+ key0.transport = IPIP_TRANSPORT_IP4;
}
/*
* Find tunnel. First a lookup for P2P tunnels, then a lookup
* for multipoint tunnels
*/
- ipip_tunnel_key_t key0 = {.transport = transport0,
- .fib_index = vnet_buffer (b0)->ip.fib_index,
- .src = dst0,
- .dst = src0
- };
ipip_tunnel_t *t0 = ipip_tunnel_db_find (&key0);
if (!t0)
{
ip46_address_reset (&key0.dst);
+ key0.mode = IPIP_MODE_6RD;
t0 = ipip_tunnel_db_find (&key0);
if (!t0)
{
diff --git a/src/vnet/ipip/sixrd.c b/src/vnet/ipip/sixrd.c
index 04df0eeabe5..492b4f83260 100644
--- a/src/vnet/ipip/sixrd.c
+++ b/src/vnet/ipip/sixrd.c
@@ -283,12 +283,10 @@ sixrd_add_tunnel (ip6_address_t * ip6_prefix, u8 ip6_prefix_len,
ip46_address_t src = ip46_address_initializer, dst =
ip46_address_initializer;
ip_set (&src, ip4_src, true);
- ipip_tunnel_key_t key = {
- .transport = IPIP_TRANSPORT_IP4,
- .fib_index = ip4_fib_index,
- .src = src,
- .dst = dst
- };
+ ipip_tunnel_key_t key;
+
+ ipip_mk_key_i (IPIP_TRANSPORT_IP4, IPIP_MODE_6RD, &src, &dst, ip4_fib_index,
+ &key);
t = ipip_tunnel_db_find (&key);
if (t)
@@ -377,6 +375,7 @@ sixrd_del_tunnel (u32 sw_if_index)
{
ipip_main_t *gm = &ipip_main;
ipip_tunnel_t *t = ipip_tunnel_db_find_by_sw_if_index (sw_if_index);
+ ipip_tunnel_key_t key;
if (!t)
{
@@ -408,7 +407,8 @@ sixrd_del_tunnel (u32 sw_if_index)
gm->tunnel_index_by_sw_if_index[t->sw_if_index] = ~0;
vnet_delete_hw_interface (vnet_get_main (), t->hw_if_index);
- ipip_tunnel_db_remove (t);
+ ipip_mk_key (t, &key);
+ ipip_tunnel_db_remove (t, &key);
pool_put (gm->tunnels, t);
return 0;
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 87f59313e55..a80c60489a4 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -647,7 +647,7 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
&local_ip,
&remote_ip, fib_index,
TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
- &sw_if_index);
+ TUNNEL_MODE_P2P, &sw_if_index);
if (rv)
goto done;
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index f04ccc8dc8a..b054155a45e 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -843,7 +843,7 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
ipip_add_tunnel (ipv6_set ? IPIP_TRANSPORT_IP6 : IPIP_TRANSPORT_IP4,
instance, &local_ip, &remote_ip, fib_index,
TUNNEL_ENCAP_DECAP_FLAG_NONE, IP_DSCP_CS0,
- &sw_if_index);
+ TUNNEL_MODE_P2P, &sw_if_index);
rv |=
ipsec_sa_add_and_lock (ipsec_tun_mk_local_sa_id (sw_if_index),
local_spi, IPSEC_PROTOCOL_ESP, crypto_alg,
diff --git a/src/vnet/nhrp/nhrp.c b/src/vnet/nhrp/nhrp.c
index e97fbe05b9c..11d2c2be027 100644
--- a/src/vnet/nhrp/nhrp.c
+++ b/src/vnet/nhrp/nhrp.c
@@ -76,22 +76,6 @@ nhrp_entry_adj_stack (const nhrp_entry_t * ne, adj_index_t ai)
adj_midchain_delegate_stack (ai, ne->ne_fib_index, &ne->ne_nh);
}
-static adj_walk_rc_t
-nhrp_entry_add_adj_walk (adj_index_t ai, void *ctx)
-{
- nhrp_entry_adj_stack (ctx, ai);
-
- return (ADJ_WALK_RC_CONTINUE);
-}
-
-static adj_walk_rc_t
-nhrp_entry_del_adj_walk (adj_index_t ai, void *ctx)
-{
- adj_midchain_delegate_unstack (ai);
-
- return (ADJ_WALK_RC_CONTINUE);
-}
-
nhrp_entry_t *
nhrp_entry_get (index_t nei)
{
@@ -157,10 +141,6 @@ nhrp_entry_add (u32 sw_if_index,
hash_set_mem (nhrp_db, ne->ne_key, nei);
- adj_nbr_walk_nh (sw_if_index,
- ne->ne_nh.fp_proto,
- &ne->ne_key->nk_peer, nhrp_entry_add_adj_walk, ne);
-
NHRP_NOTIFY (ne, nv_added);
}
else
@@ -180,10 +160,6 @@ nhrp_entry_del (u32 sw_if_index, const ip46_address_t * peer)
{
hash_unset_mem (nhrp_db, ne->ne_key);
- adj_nbr_walk_nh (sw_if_index,
- ne->ne_nh.fp_proto,
- &ne->ne_key->nk_peer, nhrp_entry_del_adj_walk, ne);
-
NHRP_NOTIFY (ne, nv_deleted);
clib_mem_free (ne->ne_key);
diff --git a/src/vnet/tunnel/tunnel.c b/src/vnet/tunnel/tunnel.c
index 83b1046b526..96d7fd12b52 100644
--- a/src/vnet/tunnel/tunnel.c
+++ b/src/vnet/tunnel/tunnel.c
@@ -34,6 +34,20 @@ format_tunnel_mode (u8 * s, va_list * args)
return (s);
}
+uword
+unformat_tunnel_mode (unformat_input_t * input, va_list * args)
+{
+ tunnel_mode_t *m = va_arg (*args, tunnel_mode_t *);
+
+ if (unformat (input, "p2p"))
+ *m = TUNNEL_MODE_P2P;
+ else if (unformat (input, "p2mp") || unformat (input, "mp"))
+ *m = TUNNEL_MODE_MP;
+ else
+ return 0;
+ return 1;
+}
+
u8 *
format_tunnel_encap_decap_flags (u8 * s, va_list * args)
{
diff --git a/src/vnet/tunnel/tunnel.h b/src/vnet/tunnel/tunnel.h
index e3390f5a165..f23a3d41924 100644
--- a/src/vnet/tunnel/tunnel.h
+++ b/src/vnet/tunnel/tunnel.h
@@ -20,7 +20,7 @@
#include <vlib/vlib.h>
-#define foreach_tunnel_mode \
+#define foreach_tunnel_mode \
_(P2P, "point-to-point") \
_(MP, "multi-point") \
@@ -32,11 +32,12 @@ typedef enum tunnel_mode_t_
} __clib_packed tunnel_mode_t;
extern u8 *format_tunnel_mode (u8 * s, va_list * args);
+extern uword unformat_tunnel_mode (unformat_input_t * input, va_list * args);
/**
* Keep these idenitical to those in ipip.api
*/
-#define forech_tunnel_encap_decap_flag \
+#define forech_tunnel_encap_decap_flag \
_(NONE, "none", 0x0) \
_(ENCAP_COPY_DF, "encap-copy-df", 0x1) \
_(ENCAP_SET_DF, "encap-set-df", 0x2) \
diff --git a/src/vnet/tunnel/tunnel_types.api b/src/vnet/tunnel/tunnel_types.api
index 103948d08c7..98354890016 100644
--- a/src/vnet/tunnel/tunnel_types.api
+++ b/src/vnet/tunnel/tunnel_types.api
@@ -38,7 +38,7 @@ enum tunnel_encap_decap_flags : u8
enum tunnel_mode : u8
{
/** point-to-point */
- TUNNEL_API_MODE_P2P,
+ TUNNEL_API_MODE_P2P = 0,
/** multi-point */
TUNNEL_API_MODE_MP,
};
diff --git a/test/test_gre.py b/test/test_gre.py
index f8c410050e1..e3e21c0ad99 100644
--- a/test/test_gre.py
+++ b/test/test_gre.py
@@ -1066,7 +1066,7 @@ class TestGRE(VppTestCase):
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_4o4(self.pg0, rx, tx_e,
itf.local_ip4,
- gre_if._remote_hosts[ii].ip4)
+ itf._remote_hosts[ii].ip4)
tx_i = self.create_tunnel_stream_4o4(self.pg0,
itf._remote_hosts[ii].ip4,
@@ -1087,7 +1087,7 @@ class TestGRE(VppTestCase):
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_4o4(self.pg0, rx, tx_e,
itf.local_ip4,
- gre_if._remote_hosts[ii].ip4)
+ itf._remote_hosts[ii].ip4)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
self.verify_decapped_4o4(self.pg0, rx, tx_i)
@@ -1131,6 +1131,14 @@ class TestGRE(VppTestCase):
route_addr = "4::%d" % ii
#
+ # Add a NHRP entry resolves the peer
+ #
+ nhrp = VppNhrp(self, gre_if,
+ gre_if._remote_hosts[ii].ip6,
+ itf._remote_hosts[ii].ip6)
+ nhrp.add_vpp_config()
+
+ #
# route traffic via the peer
#
route_via_tun = VppIpRoute(
@@ -1140,14 +1148,6 @@ class TestGRE(VppTestCase):
route_via_tun.add_vpp_config()
#
- # Add a NHRP entry resolves the peer
- #
- nhrp = VppNhrp(self, gre_if,
- gre_if._remote_hosts[ii].ip6,
- itf._remote_hosts[ii].ip6)
- nhrp.add_vpp_config()
-
- #
# Send a packet stream that is routed into the tunnel
# - packets are GRE encapped
#
@@ -1155,7 +1155,7 @@ class TestGRE(VppTestCase):
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_6o6(self.pg0, rx, tx_e,
itf.local_ip6,
- gre_if._remote_hosts[ii].ip6)
+ itf._remote_hosts[ii].ip6)
tx_i = self.create_tunnel_stream_6o6(self.pg0,
itf._remote_hosts[ii].ip6,
itf.local_ip6,
@@ -1174,7 +1174,7 @@ class TestGRE(VppTestCase):
rx = self.send_and_expect(self.pg0, tx_e, itf)
self.verify_tunneled_6o6(self.pg0, rx, tx_e,
itf.local_ip6,
- gre_if._remote_hosts[ii].ip6)
+ itf._remote_hosts[ii].ip6)
rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
self.verify_decapped_6o6(self.pg0, rx, tx_i)
diff --git a/test/test_ipip.py b/test/test_ipip.py
index 869dbaaa3af..511164f11ac 100644
--- a/test/test_ipip.py
+++ b/test/test_ipip.py
@@ -8,6 +8,7 @@ from framework import VppTestCase, VppTestRunner
from vpp_ip import DpoProto
from vpp_ip_route import VppIpRoute, VppRoutePath, VppIpTable, FibPathProto
from vpp_ipip_tun_interface import VppIpIpTunInterface
+from vpp_nhrp import VppNhrp
from vpp_papi import VppEnum
from socket import AF_INET, AF_INET6, inet_pton
from util import reassemble4
@@ -471,6 +472,116 @@ class TestIPIP(VppTestCase):
def payload(self, len):
return 'x' * len
+ def test_mipip4(self):
+ """ p2mp IPv4 tunnel Tests """
+
+ for itf in self.pg_interfaces:
+ #
+ # one underlay nh for each overlay/tunnel peer
+ #
+ itf.generate_remote_hosts(4)
+ itf.configure_ipv4_neighbors()
+
+ #
+ # Create an p2mo IPIP tunnel.
+ # - set it admin up
+ # - assign an IP Addres
+ # - Add a route via the tunnel
+ #
+ ipip_if = VppIpIpTunInterface(self, itf,
+ itf.local_ip4,
+ "0.0.0.0",
+ mode=(VppEnum.vl_api_tunnel_mode_t.
+ TUNNEL_API_MODE_MP))
+ ipip_if.add_vpp_config()
+ ipip_if.admin_up()
+ ipip_if.config_ip4()
+ ipip_if.generate_remote_hosts(4)
+
+ self.logger.info(self.vapi.cli("sh adj"))
+ self.logger.info(self.vapi.cli("sh ip fib"))
+
+ #
+ # ensure we don't match to the tunnel if the source address
+ # is all zeros
+ #
+ # tx = self.create_tunnel_stream_4o4(self.pg0,
+ # "0.0.0.0",
+ # itf.local_ip4,
+ # self.pg0.local_ip4,
+ # self.pg0.remote_ip4)
+ # self.send_and_assert_no_replies(self.pg0, tx)
+
+ #
+ # for-each peer
+ #
+ for ii in range(1, 4):
+ route_addr = "4.4.4.%d" % ii
+
+ #
+ # route traffic via the peer
+ #
+ route_via_tun = VppIpRoute(
+ self, route_addr, 32,
+ [VppRoutePath(ipip_if._remote_hosts[ii].ip4,
+ ipip_if.sw_if_index)])
+ route_via_tun.add_vpp_config()
+
+ #
+ # Add a NHRP entry resolves the peer
+ #
+ nhrp = VppNhrp(self, ipip_if,
+ ipip_if._remote_hosts[ii].ip4,
+ itf._remote_hosts[ii].ip4)
+ nhrp.add_vpp_config()
+ self.logger.info(self.vapi.cli("sh adj nbr ipip0 %s" %
+ ipip_if._remote_hosts[ii].ip4))
+
+ #
+ # Send a packet stream that is routed into the tunnel
+ # - packets are IPIP encapped
+ #
+ inner = (IP(dst=route_addr, src="5.5.5.5") /
+ UDP(sport=1234, dport=1234) /
+ Raw(b'0x44' * 100))
+ tx_e = [(Ether(dst=self.pg0.local_mac,
+ src=self.pg0.remote_mac) /
+ inner) for x in range(63)]
+
+ rxs = self.send_and_expect(self.pg0, tx_e, itf)
+
+ for rx in rxs:
+ self.assertEqual(rx[IP].src, itf.local_ip4)
+ self.assertEqual(rx[IP].dst, itf._remote_hosts[ii].ip4)
+
+ tx_i = [(Ether(dst=self.pg0.local_mac,
+ src=self.pg0.remote_mac) /
+ IP(src=itf._remote_hosts[ii].ip4,
+ dst=itf.local_ip4) /
+ IP(src=self.pg0.local_ip4, dst=self.pg0.remote_ip4) /
+ UDP(sport=1234, dport=1234) /
+ Raw(b'0x44' * 100)) for x in range(63)]
+
+ self.logger.info(self.vapi.cli("sh ipip tunnel-hash"))
+ rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
+
+ #
+ # delete and re-add the NHRP
+ #
+ nhrp.remove_vpp_config()
+ self.send_and_assert_no_replies(self.pg0, tx_e)
+ self.send_and_assert_no_replies(self.pg0, tx_i)
+
+ nhrp.add_vpp_config()
+ rx = self.send_and_expect(self.pg0, tx_e, itf)
+ for rx in rxs:
+ self.assertEqual(rx[IP].src, itf.local_ip4)
+ self.assertEqual(rx[IP].dst, itf._remote_hosts[ii].ip4)
+ rx = self.send_and_expect(self.pg0, tx_i, self.pg0)
+
+ ipip_if.admin_down()
+ ipip_if.unconfig_ip4()
+
class TestIPIP6(VppTestCase):
""" IPIP6 Test Case """
diff --git a/test/vpp_ipip_tun_interface.py b/test/vpp_ipip_tun_interface.py
index ea5cfa118aa..67cc1b5f1d8 100644
--- a/test/vpp_ipip_tun_interface.py
+++ b/test/vpp_ipip_tun_interface.py
@@ -1,5 +1,6 @@
from vpp_tunnel_interface import VppTunnelInterface
from ipaddress import ip_address
+from vpp_papi import VppEnum
class VppIpIpTunInterface(VppTunnelInterface):
@@ -9,13 +10,17 @@ class VppIpIpTunInterface(VppTunnelInterface):
def __init__(self, test, parent_if, src, dst,
table_id=0, dscp=0x0,
- flags=0):
+ flags=0, mode=None):
super(VppIpIpTunInterface, self).__init__(test, parent_if)
self.src = src
self.dst = dst
self.table_id = table_id
self.dscp = dscp
self.flags = flags
+ self.mode = mode
+ if not self.mode:
+ self.mode = (VppEnum.vl_api_tunnel_mode_t.
+ TUNNEL_API_MODE_P2P)
def add_vpp_config(self):
r = self.test.vapi.ipip_add_tunnel(
@@ -26,6 +31,7 @@ class VppIpIpTunInterface(VppTunnelInterface):
'flags': self.flags,
'dscp': self.dscp,
'instance': 0xffffffff,
+ 'mode': self.mode,
})
self.set_sw_if_index(r.sw_if_index)
self.test.registry.register(self, self.test.logger)