diff options
author | Neale Ranns <nranns@cisco.com> | 2018-12-06 13:46:49 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-12-07 15:09:37 +0000 |
commit | 521a8d7df423a0b5aaf259d49ca9230705bc25ee (patch) | |
tree | 12559229002f31b289adb15460b967a3d10900f3 /src/vnet/gre | |
parent | ab86f86e7c29393fa1da81b5f86296bd5fcb7420 (diff) |
FIB recusrion loop checks traverse midchain adjacencies
if a tunnel's destination address is reachable through the tunnel
(see example config belwo) then search for and detect a recursion
loop and don't stack the adjacency. Otherwise this results in a
nasty surprise.
DBGvpp# loop cre
DBGvpp# set int state loop0 up
DBGvpp# set int ip addr loop0 10.0.0.1/24
DBGvpp# create gre tunnel src 10.0.0.1 dst 1.1.1.1
DBGvpp# set int state gre0 up
DBGvpp# set int unnum gre0 use loop0
DBGvpp# ip route 1.1.1.1/32 via gre0
DBGvpp# sh ip fib 1.1.1.1
ipv4-VRF:0, fib_index:0, flow hash:[src dst sport dport proto ] locks:[src:plugin-hi:2, src:default-route:1, ]
1.1.1.1/32 fib:0 index:11 locks:4 <<< this is entry #11
src:CLI refs:1 entry-flags:attached, src-flags:added,contributing,active,
path-list:[14] locks:2 flags:shared,looped, uPRF-list:12 len:1 itfs:[2, ]
path:[14] pl-index:14 ip4 weight=1 pref=0 attached-nexthop: oper-flags:recursive-loop,resolved, cfg-flags:attached,
1.1.1.1 gre0 (p2p)
[@0]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800
stacked-on entry:11: <<<< and the midchain forwards via entry #11
[@2]: dpo-drop ip4
src:recursive-resolution refs:1 src-flags:added, cover:-1
forwarding: unicast-ip4-chain
[@0]: dpo-load-balance: [proto:ip4 index:13 buckets:1 uRPF:12 to:[0:0]]
[0] [@6]: ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800
stacked-on entry:11:
[@2]: dpo-drop ip4
DBGvpp# sh adj 1
[@1] ipv4 via 0.0.0.0 gre0: mtu:9000 4500000000000000fe2fb0cc0a0000010101010100000800
stacked-on entry:11:
[@2]: dpo-drop ip4
flags:midchain-ip-stack midchain-looped <<<<< this is a loop
counts:[0:0]
locks:4
delegates:
children:
{path:14}
Change-Id: I39b82bd1ea439be4611c88b130d40289fa0c1b59
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet/gre')
-rw-r--r-- | src/vnet/gre/gre.c | 11 | ||||
-rw-r--r-- | src/vnet/gre/interface.c | 40 |
2 files changed, 12 insertions, 39 deletions
diff --git a/src/vnet/gre/gre.c b/src/vnet/gre/gre.c index 449968c1be0..e30319f5f99 100644 --- a/src/vnet/gre/gre.c +++ b/src/vnet/gre/gre.c @@ -301,17 +301,20 @@ gre_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai) { gre_main_t *gm = &gre_main; gre_tunnel_t *t; - u32 ti; + adj_flags_t af; u8 is_ipv6; + u32 ti; ti = gm->tunnel_index_by_sw_if_index[sw_if_index]; t = pool_elt_at_index (gm->tunnels, ti); is_ipv6 = t->tunnel_dst.fp_proto == FIB_PROTOCOL_IP6 ? 1 : 0; + af = ADJ_FLAG_MIDCHAIN_IP_STACK; + + if (VNET_LINK_ETHERNET == adj_get_link_type (ai)) + af |= ADJ_FLAG_MIDCHAIN_NO_COUNT; adj_nbr_midchain_update_rewrite - (ai, !is_ipv6 ? gre4_fixup : gre6_fixup, NULL, - (VNET_LINK_ETHERNET == adj_get_link_type (ai) ? - ADJ_FLAG_MIDCHAIN_NO_COUNT : ADJ_FLAG_NONE), + (ai, !is_ipv6 ? gre4_fixup : gre6_fixup, NULL, af, gre_build_rewrite (vnm, sw_if_index, adj_get_link_type (ai), NULL)); gre_tunnel_stack (ai); diff --git a/src/vnet/gre/interface.c b/src/vnet/gre/interface.c index 6be934af56c..b9bfb79c172 100644 --- a/src/vnet/gre/interface.c +++ b/src/vnet/gre/interface.c @@ -128,9 +128,7 @@ gre_tunnel_from_fib_node (fib_node_t * node) void gre_tunnel_stack (adj_index_t ai) { - fib_forward_chain_type_t fib_fwd; gre_main_t *gm = &gre_main; - dpo_id_t tmp = DPO_INVALID; ip_adjacency_t *adj; gre_tunnel_t *gt; u32 sw_if_index; @@ -149,42 +147,14 @@ gre_tunnel_stack (adj_index_t ai) VNET_HW_INTERFACE_FLAG_LINK_UP) == 0) { adj_nbr_midchain_unstack (ai); - return; } - - fib_fwd = fib_forw_chain_type_from_fib_proto (gt->tunnel_dst.fp_proto); - - fib_entry_contribute_forwarding (gt->fib_entry_index, fib_fwd, &tmp); - if (DPO_LOAD_BALANCE == tmp.dpoi_type) + else { - /* - * post GRE rewrite we will load-balance. However, the GRE encap - * is always the same for this adjacency/tunnel and hence the IP/GRE - * src,dst hash is always the same result too. So we do that hash now and - * stack on the choice. - * If the choice is an incomplete adj then we will need a poke when - * it becomes complete. This happens since the adj update walk propagates - * as far a recursive paths. - */ - const dpo_id_t *choice; - load_balance_t *lb; - int hash; - - lb = load_balance_get (tmp.dpoi_index); - - if (fib_fwd == FIB_FORW_CHAIN_TYPE_UNICAST_IP4) - hash = ip4_compute_flow_hash ((ip4_header_t *) adj_get_rewrite (ai), - lb->lb_hash_config); - else - hash = ip6_compute_flow_hash ((ip6_header_t *) adj_get_rewrite (ai), - lb->lb_hash_config); - choice = - load_balance_get_bucket_i (lb, hash & lb->lb_n_buckets_minus_1); - dpo_copy (&tmp, choice); + adj_nbr_midchain_stack_on_fib_entry (ai, + gt->fib_entry_index, + fib_forw_chain_type_from_fib_proto + (gt->tunnel_dst.fp_proto)); } - - adj_nbr_midchain_stack (ai, &tmp); - dpo_reset (&tmp); } /** |