aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
diff options
context:
space:
mode:
authorNick Zavaritsky <nick.zavaritsky@emnify.com>2020-02-27 15:54:58 +0000
committerJohn Lo <loj@cisco.com>2020-03-03 16:15:15 +0000
commit27518c2ffd0ef75e973a64870da0e3339f39ccce (patch)
tree3fb7afdb06963ae3ef36cc74bfe33e10b8668d5d /src/vnet/ip
parent297d288ed653abac9d719013c4ead5215230e7da (diff)
geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node
Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com> Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
Diffstat (limited to 'src/vnet/ip')
-rw-r--r--src/vnet/ip/ip.h9
-rw-r--r--src/vnet/ip/ip4.h10
-rw-r--r--src/vnet/ip/ip6.h10
-rw-r--r--src/vnet/ip/vtep.c55
-rw-r--r--src/vnet/ip/vtep.h142
5 files changed, 226 insertions, 0 deletions
diff --git a/src/vnet/ip/ip.h b/src/vnet/ip/ip.h
index 040e580c3a1..75750c5a192 100644
--- a/src/vnet/ip/ip.h
+++ b/src/vnet/ip/ip.h
@@ -289,6 +289,15 @@ void ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen,
void ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask);
u32 ip6_mask_to_preflen (ip6_address_t * mask);
+always_inline u32 vlib_buffer_get_ip4_fib_index (vlib_buffer_t * b);
+always_inline u32 vlib_buffer_get_ip6_fib_index (vlib_buffer_t * b);
+always_inline u32
+vlib_buffer_get_ip_fib_index (vlib_buffer_t * b, u8 is_ip4)
+{
+ return (is_ip4 ? vlib_buffer_get_ip4_fib_index
+ : vlib_buffer_get_ip6_fib_index) (b);
+}
+
#endif /* included_ip_main_h */
/*
diff --git a/src/vnet/ip/ip4.h b/src/vnet/ip/ip4.h
index bed552b982c..7a42510166f 100644
--- a/src/vnet/ip/ip4.h
+++ b/src/vnet/ip/ip4.h
@@ -410,6 +410,16 @@ vlib_buffer_push_ip4 (vlib_main_t * vm, vlib_buffer_t * b,
return ih;
}
+
+always_inline u32
+vlib_buffer_get_ip4_fib_index (vlib_buffer_t * b)
+{
+ u32 fib_index, sw_if_index;
+ sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
+ fib_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
+ return (fib_index == (u32) ~ 0) ?
+ vec_elt (ip4_main.fib_index_by_sw_if_index, sw_if_index) : fib_index;
+}
#endif /* included_ip_ip4_h */
/*
diff --git a/src/vnet/ip/ip6.h b/src/vnet/ip/ip6.h
index 575c6a0eec5..d12756d421b 100644
--- a/src/vnet/ip/ip6.h
+++ b/src/vnet/ip/ip6.h
@@ -608,6 +608,16 @@ vlib_buffer_push_ip6 (vlib_main_t * vm, vlib_buffer_t * b,
0 /* flow label */ );
}
+
+always_inline u32
+vlib_buffer_get_ip6_fib_index (vlib_buffer_t * b)
+{
+ u32 fib_index, sw_if_index;
+ sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
+ fib_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
+ return (fib_index == (u32) ~ 0) ?
+ vec_elt (ip6_main.fib_index_by_sw_if_index, sw_if_index) : fib_index;
+}
#endif /* included_ip_ip6_h */
/*
diff --git a/src/vnet/ip/vtep.c b/src/vnet/ip/vtep.c
new file mode 100644
index 00000000000..d0493f8cd2f
--- /dev/null
+++ b/src/vnet/ip/vtep.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2020 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <vnet/ip/vtep.h>
+
+uword
+vtep_addr_ref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip)
+{
+ vtep4_key_t key4 = {.addr = ip->ip4,.fib_index = fib_index };
+ vtep6_key_t key6 = {.addr = ip->ip6,.fib_index = fib_index };
+ uword *vtep = ip46_address_is_ip4 (ip) ?
+ hash_get (t->vtep4, key4.as_u64) : hash_get_mem (t->vtep6, &key6);
+ if (vtep)
+ return ++(*vtep);
+ ip46_address_is_ip4 (ip) ?
+ hash_set (t->vtep4, key4.as_u64, 1) :
+ hash_set_mem_alloc (&t->vtep6, &key6, 1);
+ return 1;
+}
+
+uword
+vtep_addr_unref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip)
+{
+ vtep4_key_t key4 = {.addr = ip->ip4,.fib_index = fib_index };
+ vtep6_key_t key6 = {.addr = ip->ip6,.fib_index = fib_index };
+ uword *vtep = ip46_address_is_ip4 (ip) ?
+ hash_get (t->vtep4, key4.as_u64) : hash_get_mem (t->vtep6, &key6);
+ ALWAYS_ASSERT (vtep);
+ if (--(*vtep) != 0)
+ return *vtep;
+ ip46_address_is_ip4 (ip) ?
+ hash_unset (t->vtep4, key4.as_u64) :
+ hash_unset_mem_free (&t->vtep6, &key6);
+ return 0;
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/ip/vtep.h b/src/vnet/ip/vtep.h
new file mode 100644
index 00000000000..703ace18dba
--- /dev/null
+++ b/src/vnet/ip/vtep.h
@@ -0,0 +1,142 @@
+/*
+ * Copyright (c) 2020 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef included_ip_vtep_h
+#define included_ip_vtep_h
+
+#include <vppinfra/hash.h>
+#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4.h>
+#include <vnet/ip/ip6.h>
+
+/**
+ * @brief Tunnel endpoint key (IPv4)
+ *
+ * Tunnel modules maintain a set of vtep4_key_t-s to track local IP
+ * addresses that have tunnels established. Bypass node consults the
+ * corresponding set to decide whether a packet should bypass normal
+ * processing and go directly to the tunnel protocol handler node.
+ */
+
+/* *INDENT-OFF* */
+typedef CLIB_PACKED
+(struct {
+ union {
+ struct {
+ ip4_address_t addr;
+ u32 fib_index;
+ };
+ u64 as_u64;
+ };
+}) vtep4_key_t;
+/* *INDENT-ON* */
+
+/**
+ * @brief Tunnel endpoint key (IPv6)
+ *
+ * Tunnel modules maintain a set of vtep6_key_t-s to track local IP
+ * addresses that have tunnels established. Bypass node consults the
+ * corresponding set to decide whether a packet should bypass normal
+ * processing and go directly to the tunnel protocol handler node.
+ */
+
+/* *INDENT-OFF* */
+typedef CLIB_PACKED
+(struct {
+ ip6_address_t addr;
+ u32 fib_index;
+}) vtep6_key_t;
+/* *INDENT-ON* */
+
+typedef struct
+{
+ uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr + fib_index */
+ uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr + fib_index */
+} vtep_table_t;
+
+always_inline vtep_table_t
+vtep_table_create ()
+{
+ vtep_table_t t = { };
+ t.vtep6 = hash_create_mem (0, sizeof (vtep6_key_t), sizeof (uword));
+ return t;
+}
+
+uword vtep_addr_ref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip);
+uword vtep_addr_unref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip);
+
+always_inline void
+vtep4_key_init (vtep4_key_t * k4)
+{
+ k4->as_u64 = ~((u64) 0);
+}
+
+always_inline void
+vtep6_key_init (vtep6_key_t * k6)
+{
+ ip6_address_set_zero (&k6->addr);
+ k6->fib_index = (u32) ~ 0;
+}
+
+enum
+{
+ VTEP_CHECK_FAIL = 0,
+ VTEP_CHECK_PASS = 1,
+ VTEP_CHECK_PASS_UNCHANGED = 2
+};
+
+always_inline u8
+vtep4_check (vtep_table_t * t, vlib_buffer_t * b0, ip4_header_t * ip40,
+ vtep4_key_t * last_k4)
+{
+ vtep4_key_t k4;
+ k4.addr.as_u32 = ip40->dst_address.as_u32;
+ k4.fib_index = vlib_buffer_get_ip4_fib_index (b0);
+ if (PREDICT_TRUE (k4.as_u64 == last_k4->as_u64))
+ return VTEP_CHECK_PASS_UNCHANGED;
+ if (PREDICT_FALSE (!hash_get (t->vtep4, k4.as_u64)))
+ return VTEP_CHECK_FAIL;
+ last_k4->as_u64 = k4.as_u64;
+ return VTEP_CHECK_PASS;
+}
+
+always_inline u8
+vtep6_check (vtep_table_t * t, vlib_buffer_t * b0, ip6_header_t * ip60,
+ vtep6_key_t * last_k6)
+{
+ vtep6_key_t k6;
+ k6.fib_index = vlib_buffer_get_ip6_fib_index (b0);
+ if (PREDICT_TRUE (k6.fib_index == last_k6->fib_index
+ && ip60->dst_address.as_u64[0] == last_k6->addr.as_u64[0]
+ && ip60->dst_address.as_u64[1] ==
+ last_k6->addr.as_u64[1]))
+ {
+ return VTEP_CHECK_PASS_UNCHANGED;
+ }
+ k6.addr = ip60->dst_address;
+ if (PREDICT_FALSE (!hash_get_mem (t->vtep6, &k6)))
+ return VTEP_CHECK_FAIL;
+ *last_k6 = k6;
+ return VTEP_CHECK_PASS;
+}
+#endif /* included_ip_vtep_h */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */