diff options
author | John Lo <loj@cisco.com> | 2020-05-12 22:34:39 -0400 |
---|---|---|
committer | John Lo <loj@cisco.com> | 2020-06-01 21:16:37 +0000 |
commit | 5e69119cdda353988cbd138665193231daf271c9 (patch) | |
tree | 6294d75c2380fd09cd849502c85285dc09a3d6ec /src/vnet/ethernet | |
parent | ab572152d9cbed7944442d07a6bd21c43ad1c83d (diff) |
ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)
Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
DMAC-filtering to indicate its capability and initialize interface
to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
flags_change() functions registered by various drivers in interface
infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.
Type: fix
Ticket: VPP-1868
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
(cherry picked from commit 4a302ee7c75f3d4fd1a73a9d1f6c34b3bde8d620)
Diffstat (limited to 'src/vnet/ethernet')
-rw-r--r-- | src/vnet/ethernet/ethernet.h | 21 | ||||
-rw-r--r-- | src/vnet/ethernet/interface.c | 33 | ||||
-rwxr-xr-x | src/vnet/ethernet/node.c | 52 |
3 files changed, 77 insertions, 29 deletions
diff --git a/src/vnet/ethernet/ethernet.h b/src/vnet/ethernet/ethernet.h index 2f544bbdbaa..afb932931b7 100644 --- a/src/vnet/ethernet/ethernet.h +++ b/src/vnet/ethernet/ethernet.h @@ -137,15 +137,22 @@ typedef struct ethernet_interface { u32 flags; - /* Accept all packets (promiscuous mode). */ -#define ETHERNET_INTERFACE_FLAG_ACCEPT_ALL (1 << 0) -#define ETHERNET_INTERFACE_FLAG_CONFIG_PROMISC(flags) \ - (((flags) & ~ETHERNET_INTERFACE_FLAG_ACCEPT_ALL) == 0) + /* Top 16 bits for status and bottom 16 bits for set operation */ +#define ETHERNET_INTERFACE_FLAGS_STATUS_MASK (0xffff0000) +#define ETHERNET_INTERFACE_FLAGS_SET_OPN_MASK (0x0000ffff) + + /* Interface driver/hw is in L3/non-promiscuous mode so packet DMAC + would already be filtered */ +#define ETHERNET_INTERFACE_FLAG_STATUS_L3 (1 << 16) + + /* Set interface to default L3 mode */ +#define ETHERNET_INTERFACE_FLAG_DEFAULT_L3 0 + + /* Set interface to accept all packets (promiscuous mode). */ +#define ETHERNET_INTERFACE_FLAG_ACCEPT_ALL 1 /* Change MTU on interface from hw interface structure */ -#define ETHERNET_INTERFACE_FLAG_MTU (1 << 1) -#define ETHERNET_INTERFACE_FLAG_CONFIG_MTU(flags) \ - ((flags) & ETHERNET_INTERFACE_FLAG_MTU) +#define ETHERNET_INTERFACE_FLAG_MTU 2 /* Callback, e.g. to turn on/off promiscuous mode */ ethernet_flag_change_function_t *flag_change; diff --git a/src/vnet/ethernet/interface.c b/src/vnet/ethernet/interface.c index 629f190f9f8..7b11fdad8b1 100644 --- a/src/vnet/ethernet/interface.c +++ b/src/vnet/ethernet/interface.c @@ -428,16 +428,43 @@ ethernet_set_flags (vnet_main_t * vnm, u32 hw_if_index, u32 flags) ethernet_main_t *em = ðernet_main; vnet_hw_interface_t *hi; ethernet_interface_t *ei; + u32 opn_flags = flags & ETHERNET_INTERFACE_FLAGS_SET_OPN_MASK; hi = vnet_get_hw_interface (vnm, hw_if_index); ASSERT (hi->hw_class_index == ethernet_hw_interface_class.index); ei = pool_elt_at_index (em->interfaces, hi->hw_instance); - ei->flags = flags; + + /* preserve status bits and update last set operation bits */ + ei->flags = (ei->flags & ETHERNET_INTERFACE_FLAGS_STATUS_MASK) | opn_flags; + if (ei->flag_change) - return ei->flag_change (vnm, hi, flags); - return (u32) ~ 0; + { + switch (opn_flags) + { + case ETHERNET_INTERFACE_FLAG_DEFAULT_L3: + if (hi->flags & VNET_HW_INTERFACE_FLAG_SUPPORTS_MAC_FILTER) + { + if (ei->flag_change (vnm, hi, opn_flags) != ~0) + { + ei->flags |= ETHERNET_INTERFACE_FLAG_STATUS_L3; + return 0; + } + ei->flags &= ~ETHERNET_INTERFACE_FLAG_STATUS_L3; + return ~0; + } + /* fall through */ + case ETHERNET_INTERFACE_FLAG_ACCEPT_ALL: + ei->flags &= ~ETHERNET_INTERFACE_FLAG_STATUS_L3; + /* fall through */ + case ETHERNET_INTERFACE_FLAG_MTU: + return ei->flag_change (vnm, hi, opn_flags); + default: + return ~0; + } + } + return ~0; } /** diff --git a/src/vnet/ethernet/node.c b/src/vnet/ethernet/node.c index 3c4330e6225..e26c3617667 100755 --- a/src/vnet/ethernet/node.c +++ b/src/vnet/ethernet/node.c @@ -220,9 +220,10 @@ identify_subint (vnet_hw_interface_t * hi, if (matched) { // Perform L3 my-mac filter - // A unicast packet arriving on an L3 interface must have a dmac matching the interface mac. - // This is required for promiscuous mode, else we will forward packets we aren't supposed to. - if (!(*is_l2)) + // A unicast packet arriving on an L3 interface must have a dmac + // matching the interface mac. If interface has STATUS_L3 bit set + // mac filter is already done. + if (!(*is_l2 || (hi->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3))) { u64 dmacs[2]; u8 dmacs_bad[2]; @@ -241,7 +242,6 @@ identify_subint (vnet_hw_interface_t * hi, ethernet_input_inline_dmac_check (hi, dmacs, dmacs_bad, 1 /* n_packets */ , ei0, 0 /* have_sec_dmac */ ); - if (dmacs_bad[0]) *error0 = ETHERNET_ERROR_L3_MAC_MISMATCH; } @@ -1085,29 +1085,35 @@ eth_input_single_int (vlib_main_t * vm, vlib_node_runtime_t * node, subint_config_t *subint0 = &intf0->untagged_subint; int main_is_l3 = (subint0->flags & SUBINT_CONFIG_L2) == 0; - int promisc = (ei->flags & ETHERNET_INTERFACE_FLAG_ACCEPT_ALL) != 0; + int int_is_l3 = ei->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3; if (main_is_l3) { - /* main interface is L3, we dont expect tagged packets and interface - is not in promisc node, so we dont't need to check DMAC */ - int is_l3 = 1; - - if (promisc == 0) - eth_input_process_frame (vm, node, hi, from, n_pkts, is_l3, - ip4_cksum_ok, 0); + if (int_is_l3 || /* DMAC filter already done by NIC */ + ((hi->l2_if_count != 0) && (hi->l3_if_count == 0))) + { /* All L2 usage - DMAC check not needed */ + eth_input_process_frame (vm, node, hi, from, n_pkts, + /*is_l3 */ 1, ip4_cksum_ok, 0); + } else - /* subinterfaces and promisc mode so DMAC check is needed */ - eth_input_process_frame (vm, node, hi, from, n_pkts, is_l3, - ip4_cksum_ok, 1); + { /* DMAC check needed for L3 */ + eth_input_process_frame (vm, node, hi, from, n_pkts, + /*is_l3 */ 1, ip4_cksum_ok, 1); + } return; } else { - /* untagged packets are treated as L2 */ - int is_l3 = 0; - eth_input_process_frame (vm, node, hi, from, n_pkts, is_l3, - ip4_cksum_ok, 1); + if (hi->l3_if_count == 0) + { /* All L2 usage - DMAC check not needed */ + eth_input_process_frame (vm, node, hi, from, n_pkts, + /*is_l3 */ 0, ip4_cksum_ok, 0); + } + else + { /* DMAC check needed for L3 */ + eth_input_process_frame (vm, node, hi, from, n_pkts, + /*is_l3 */ 0, ip4_cksum_ok, 1); + } return; } } @@ -1325,6 +1331,9 @@ ethernet_input_inline (vlib_main_t * vm, } else { + if (hi->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3) + goto skip_dmac_check01; + dmacs[0] = *(u64 *) e0; dmacs[1] = *(u64 *) e1; @@ -1346,6 +1355,7 @@ ethernet_input_inline (vlib_main_t * vm, if (dmacs_bad[1]) error1 = ETHERNET_ERROR_L3_MAC_MISMATCH; + skip_dmac_check01: vlib_buffer_advance (b0, sizeof (ethernet_header_t)); determine_next_node (em, variant, 0, type0, b0, &error0, &next0); @@ -1563,6 +1573,9 @@ ethernet_input_inline (vlib_main_t * vm, } else { + if (hi->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3) + goto skip_dmac_check0; + dmacs[0] = *(u64 *) e0; if (ei && vec_len (ei->secondary_addrs)) @@ -1581,6 +1594,7 @@ ethernet_input_inline (vlib_main_t * vm, if (dmacs_bad[0]) error0 = ETHERNET_ERROR_L3_MAC_MISMATCH; + skip_dmac_check0: vlib_buffer_advance (b0, sizeof (ethernet_header_t)); determine_next_node (em, variant, 0, type0, b0, &error0, &next0); |