summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorNick Zavaritsky <nick.zavaritsky@emnify.com>2020-02-27 15:54:58 +0000
committerJohn Lo <loj@cisco.com>2020-03-03 16:15:15 +0000
commit27518c2ffd0ef75e973a64870da0e3339f39ccce (patch)
tree3fb7afdb06963ae3ef36cc74bfe33e10b8668d5d /src/plugins
parent297d288ed653abac9d719013c4ead5215230e7da (diff)
geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node
Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com> Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/gtpu/gtpu.c41
-rw-r--r--src/plugins/gtpu/gtpu.h4
-rw-r--r--src/plugins/gtpu/gtpu_decap.c75
3 files changed, 30 insertions, 90 deletions
diff --git a/src/plugins/gtpu/gtpu.c b/src/plugins/gtpu/gtpu.c
index 0abac0053db..baa4d2481e2 100644
--- a/src/plugins/gtpu/gtpu.c
+++ b/src/plugins/gtpu/gtpu.c
@@ -298,35 +298,6 @@ gtpu_decap_next_is_valid (gtpu_main_t * gtm, u32 is_ip6, u32 decap_next_index)
return decap_next_index < r->n_next_nodes;
}
-static uword
-vtep_addr_ref (ip46_address_t * ip)
-{
- uword *vtep = ip46_address_is_ip4 (ip) ?
- hash_get (gtpu_main.vtep4, ip->ip4.as_u32) :
- hash_get_mem (gtpu_main.vtep6, &ip->ip6);
- if (vtep)
- return ++(*vtep);
- ip46_address_is_ip4 (ip) ?
- hash_set (gtpu_main.vtep4, ip->ip4.as_u32, 1) :
- hash_set_mem_alloc (&gtpu_main.vtep6, &ip->ip6, 1);
- return 1;
-}
-
-static uword
-vtep_addr_unref (ip46_address_t * ip)
-{
- uword *vtep = ip46_address_is_ip4 (ip) ?
- hash_get (gtpu_main.vtep4, ip->ip4.as_u32) :
- hash_get_mem (gtpu_main.vtep6, &ip->ip6);
- ALWAYS_ASSERT (vtep);
- if (--(*vtep) != 0)
- return *vtep;
- ip46_address_is_ip4 (ip) ?
- hash_unset (gtpu_main.vtep4, ip->ip4.as_u32) :
- hash_unset_mem_free (&gtpu_main.vtep6, &ip->ip6);
- return 0;
-}
-
typedef CLIB_PACKED (union
{
struct
@@ -498,7 +469,7 @@ int vnet_gtpu_add_del_tunnel
* when the forwarding for the entry updates, and the tunnel can
* re-stack accordingly
*/
- vtep_addr_ref (&t->src);
+ vtep_addr_ref (&gtm->vtep_table, t->encap_fib_index, &t->src);
t->fib_entry_index = fib_entry_track (t->encap_fib_index,
&tun_dst_pfx,
gtm->fib_node_type,
@@ -515,7 +486,8 @@ int vnet_gtpu_add_del_tunnel
*/
fib_protocol_t fp = fib_ip_proto (is_ip6);
- if (vtep_addr_ref (&t->dst) == 1)
+ if (vtep_addr_ref (&gtm->vtep_table,
+ t->encap_fib_index, &t->dst) == 1)
{
fib_node_index_t mfei;
adj_index_t ai;
@@ -608,10 +580,11 @@ int vnet_gtpu_add_del_tunnel
if (t->flow_index != ~0)
vnet_flow_del (vnm, t->flow_index);
- vtep_addr_unref (&t->src);
+ vtep_addr_unref (&gtm->vtep_table, t->encap_fib_index, &t->src);
fib_entry_untrack (t->fib_entry_index, t->sibling_index);
}
- else if (vtep_addr_unref (&t->dst) == 0)
+ else if (vtep_addr_unref (&gtm->vtep_table,
+ t->encap_fib_index, &t->dst) == 0)
{
mcast_shared_remove (&t->dst);
}
@@ -1243,7 +1216,7 @@ gtpu_init (vlib_main_t * vm)
gtm->gtpu6_tunnel_by_key = hash_create_mem (0,
sizeof (gtpu6_tunnel_key_t),
sizeof (uword));
- gtm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword));
+ gtm->vtep_table = vtep_table_create ();
gtm->mcast_shared = hash_create_mem (0,
sizeof (ip46_address_t),
sizeof (mcast_shared_t));
diff --git a/src/plugins/gtpu/gtpu.h b/src/plugins/gtpu/gtpu.h
index 1d47f2d1b93..6a758ee6847 100644
--- a/src/plugins/gtpu/gtpu.h
+++ b/src/plugins/gtpu/gtpu.h
@@ -23,6 +23,7 @@
#include <vppinfra/hash.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
+#include <vnet/ip/vtep.h>
#include <vnet/l2/l2_input.h>
#include <vnet/l2/l2_output.h>
#include <vnet/l2/l2_bd.h>
@@ -210,8 +211,7 @@ typedef struct
/* local VTEP IPs ref count used by gtpu-bypass node to check if
received gtpu packet DIP matches any local VTEP address */
- uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */
- uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */
+ vtep_table_t vtep_table;
/* mcast shared info */
uword *mcast_shared; /* keyed on mcast ip46 addr */
diff --git a/src/plugins/gtpu/gtpu_decap.c b/src/plugins/gtpu/gtpu_decap.c
index 99af7300025..4193e89c008 100644
--- a/src/plugins/gtpu/gtpu_decap.c
+++ b/src/plugins/gtpu/gtpu_decap.c
@@ -51,20 +51,7 @@ static u8 * format_gtpu_rx_trace (u8 * s, va_list * args)
always_inline u32
validate_gtpu_fib (vlib_buffer_t *b, gtpu_tunnel_t *t, u32 is_ip4)
{
- u32 fib_index, sw_if_index;
-
- sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
-
- if (is_ip4)
- fib_index = (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
- vec_elt (ip4_main.fib_index_by_sw_if_index, sw_if_index) :
- vnet_buffer (b)->sw_if_index[VLIB_TX];
- else
- fib_index = (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
- vec_elt (ip6_main.fib_index_by_sw_if_index, sw_if_index) :
- vnet_buffer (b)->sw_if_index[VLIB_TX];
-
- return (fib_index == t->encap_fib_index);
+ return t->encap_fib_index == vlib_buffer_get_ip_fib_index (b, is_ip4);
}
always_inline uword
@@ -813,8 +800,10 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
gtpu_main_t * gtm = &gtpu_main;
u32 * from, * to_next, n_left_from, n_left_to_next, next_index;
vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip4_input_node.index);
- ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
- ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
+ vtep4_key_t last_vtep4; /* last IPv4 address / fib index
+ matching a local VTEP address */
+ vtep6_key_t last_vtep6; /* last IPv6 address / fib index
+ matching a local VTEP address */
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -823,8 +812,10 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
- if (is_ip4) addr4.data_u32 = ~0;
- else ip6_address_set_zero (&addr6);
+ if (is_ip4)
+ vtep4_key_init (&last_vtep4);
+ else
+ vtep6_key_init (&last_vtep6);
while (n_left_from > 0)
{
@@ -908,21 +899,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs*/
if (is_ip4)
{
- if (addr4.as_u32 != ip40->dst_address.as_u32)
- {
- if (!hash_get (gtm->vtep4, ip40->dst_address.as_u32))
- goto exit0; /* no local VTEP for GTPU packet */
- addr4 = ip40->dst_address;
- }
+ if (!vtep4_check (&gtm->vtep_table, b0, ip40, &last_vtep4))
+ goto exit0; /* no local VTEP for GTPU packet */
}
else
{
- if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
- {
- if (!hash_get_mem (gtm->vtep6, &ip60->dst_address))
- goto exit0; /* no local VTEP for GTPU packet */
- addr6 = ip60->dst_address;
- }
+ if (!vtep6_check (&gtm->vtep_table, b0, ip60, &last_vtep6))
+ goto exit0; /* no local VTEP for GTPU packet */
}
flags0 = b0->flags;
@@ -990,21 +973,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs*/
if (is_ip4)
{
- if (addr4.as_u32 != ip41->dst_address.as_u32)
- {
- if (!hash_get (gtm->vtep4, ip41->dst_address.as_u32))
- goto exit1; /* no local VTEP for GTPU packet */
- addr4 = ip41->dst_address;
- }
+ if (!vtep4_check (&gtm->vtep_table, b1, ip41, &last_vtep4))
+ goto exit1; /* no local VTEP for GTPU packet */
}
else
{
- if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
- {
- if (!hash_get_mem (gtm->vtep6, &ip61->dst_address))
- goto exit1; /* no local VTEP for GTPU packet */
- addr6 = ip61->dst_address;
- }
+ if (!vtep6_check (&gtm->vtep_table, b1, ip61, &last_vtep6))
+ goto exit1; /* no local VTEP for GTPU packet */
}
flags1 = b1->flags;
@@ -1108,21 +1083,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm,
/* Validate DIP against VTEPs*/
if (is_ip4)
{
- if (addr4.as_u32 != ip40->dst_address.as_u32)
- {
- if (!hash_get (gtm->vtep4, ip40->dst_address.as_u32))
- goto exit; /* no local VTEP for GTPU packet */
- addr4 = ip40->dst_address;
- }
+ if (!vtep4_check (&gtm->vtep_table, b0, ip40, &last_vtep4))
+ goto exit; /* no local VTEP for GTPU packet */
}
else
{
- if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
- {
- if (!hash_get_mem (gtm->vtep6, &ip60->dst_address))
- goto exit; /* no local VTEP for GTPU packet */
- addr6 = ip60->dst_address;
- }
+ if (!vtep6_check (&gtm->vtep_table, b0, ip60, &last_vtep6))
+ goto exit; /* no local VTEP for GTPU packet */
}
flags0 = b0->flags;