diff options
author | Nick Zavaritsky <nick.zavaritsky@emnify.com> | 2020-02-27 15:54:58 +0000 |
---|---|---|
committer | John Lo <loj@cisco.com> | 2020-03-03 16:15:15 +0000 |
commit | 27518c2ffd0ef75e973a64870da0e3339f39ccce (patch) | |
tree | 3fb7afdb06963ae3ef36cc74bfe33e10b8668d5d /src/vnet/vxlan-gpe | |
parent | 297d288ed653abac9d719013c4ead5215230e7da (diff) |
geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node
Bypass node MUST NOT intercept a packet if destination IP doesn’t match
a local address. However IP address interpretation depends on the VRF,
hence bypass node must take that into account.
This patch also factors-out common VTEP management and checking code.
Type: improvement
Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com>
Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
Diffstat (limited to 'src/vnet/vxlan-gpe')
-rw-r--r-- | src/vnet/vxlan-gpe/decap.c | 58 | ||||
-rw-r--r-- | src/vnet/vxlan-gpe/vxlan_gpe.c | 41 | ||||
-rw-r--r-- | src/vnet/vxlan-gpe/vxlan_gpe.h | 4 |
3 files changed, 27 insertions, 76 deletions
diff --git a/src/vnet/vxlan-gpe/decap.c b/src/vnet/vxlan-gpe/decap.c index dec0788c653..f2961d5ff5b 100644 --- a/src/vnet/vxlan-gpe/decap.c +++ b/src/vnet/vxlan-gpe/decap.c @@ -788,8 +788,10 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, u32 *from, *to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -799,9 +801,9 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, ip4_forward_next_trace (vm, node, frame, VLIB_TX); if (is_ip4) - addr4.data_u32 = ~0; + vtep4_key_init (&last_vtep4); else - ip6_address_set_zero (&addr6); + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -883,21 +885,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; @@ -969,21 +963,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for VXLAN packet */ } flags1 = b1->flags; @@ -1089,21 +1075,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; diff --git a/src/vnet/vxlan-gpe/vxlan_gpe.c b/src/vnet/vxlan-gpe/vxlan_gpe.c index 07b7ac96542..3ce8ad619fa 100644 --- a/src/vnet/vxlan-gpe/vxlan_gpe.c +++ b/src/vnet/vxlan-gpe/vxlan_gpe.c @@ -384,35 +384,6 @@ vxlan6_gpe_rewrite (vxlan_gpe_tunnel_t * t, u32 extension_size, return (0); } -static uword -vtep_addr_ref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (vxlan_gpe_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (vxlan_gpe_main.vtep6, &ip->ip6); - if (vtep) - return ++(*vtep); - ip46_address_is_ip4 (ip) ? - hash_set (vxlan_gpe_main.vtep4, ip->ip4.as_u32, 1) : - hash_set_mem_alloc (&vxlan_gpe_main.vtep6, &ip->ip6, 1); - return 1; -} - -static uword -vtep_addr_unref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (vxlan_gpe_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (vxlan_gpe_main.vtep6, &ip->ip6); - ALWAYS_ASSERT (vtep); - if (--(*vtep) != 0) - return *vtep; - ip46_address_is_ip4 (ip) ? - hash_unset (vxlan_gpe_main.vtep4, ip->ip4.as_u32) : - hash_unset_mem_free (&vxlan_gpe_main.vtep6, &ip->ip6); - return 0; -} - /* *INDENT-OFF* */ typedef CLIB_PACKED(union { struct { @@ -620,7 +591,7 @@ int vnet_vxlan_gpe_add_del_tunnel * when the forwarding for the entry updates, and the tunnel can * re-stack accordingly */ - vtep_addr_ref (&t->local); + vtep_addr_ref (&ngm->vtep_table, t->encap_fib_index, &t->local); t->fib_entry_index = fib_entry_track (t->encap_fib_index, &tun_remote_pfx, FIB_NODE_TYPE_VXLAN_GPE_TUNNEL, @@ -637,7 +608,8 @@ int vnet_vxlan_gpe_add_del_tunnel */ fib_protocol_t fp = fib_ip_proto (is_ip6); - if (vtep_addr_ref (&t->remote) == 1) + if (vtep_addr_ref (&ngm->vtep_table, + t->encap_fib_index, &t->remote) == 1) { fib_node_index_t mfei; adj_index_t ai; @@ -726,10 +698,11 @@ int vnet_vxlan_gpe_add_del_tunnel if (!ip46_address_is_multicast (&t->remote)) { - vtep_addr_unref (&t->local); + vtep_addr_unref (&ngm->vtep_table, t->encap_fib_index, &t->local); fib_entry_untrack (t->fib_entry_index, t->sibling_index); } - else if (vtep_addr_unref (&t->remote) == 0) + else if (vtep_addr_unref (&ngm->vtep_table, + t->encap_fib_index, &t->remote) == 0) { mcast_shared_remove (&t->remote); } @@ -1261,7 +1234,7 @@ vxlan_gpe_init (vlib_main_t * vm) ngm->mcast_shared = hash_create_mem (0, sizeof (ip46_address_t), sizeof (mcast_shared_t)); - ngm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword)); + ngm->vtep_table = vtep_table_create (); /* Register the list of standard decap protocols supported */ vxlan_gpe_register_decap_protocol (VXLAN_GPE_PROTOCOL_IP4, diff --git a/src/vnet/vxlan-gpe/vxlan_gpe.h b/src/vnet/vxlan-gpe/vxlan_gpe.h index b93487b08fe..a50be3914ee 100644 --- a/src/vnet/vxlan-gpe/vxlan_gpe.h +++ b/src/vnet/vxlan-gpe/vxlan_gpe.h @@ -24,6 +24,7 @@ #include <vppinfra/hash.h> #include <vnet/vnet.h> #include <vnet/ip/ip.h> +#include <vnet/ip/vtep.h> #include <vnet/l2/l2_input.h> #include <vnet/l2/l2_output.h> #include <vnet/l2/l2_bd.h> @@ -205,8 +206,7 @@ typedef struct /* local VTEP IPs ref count used by vxlan-bypass node to check if received VXLAN packet DIP matches any local VTEP address */ - uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */ - uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */ + vtep_table_t vtep_table; /* mcast shared info */ uword *mcast_shared; /* keyed on mcast ip46 addr */ /** Free vlib hw_if_indices */ |