diff options
author | Nick Zavaritsky <nick.zavaritsky@emnify.com> | 2020-02-27 15:54:58 +0000 |
---|---|---|
committer | John Lo <loj@cisco.com> | 2020-03-03 16:15:15 +0000 |
commit | 27518c2ffd0ef75e973a64870da0e3339f39ccce (patch) | |
tree | 3fb7afdb06963ae3ef36cc74bfe33e10b8668d5d /src/vnet/vxlan/decap.c | |
parent | 297d288ed653abac9d719013c4ead5215230e7da (diff) |
geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node
Bypass node MUST NOT intercept a packet if destination IP doesn’t match
a local address. However IP address interpretation depends on the VRF,
hence bypass node must take that into account.
This patch also factors-out common VTEP management and checking code.
Type: improvement
Signed-off-by: Nick Zavaritsky <nick.zavaritsky@emnify.com>
Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94
Diffstat (limited to 'src/vnet/vxlan/decap.c')
-rw-r--r-- | src/vnet/vxlan/decap.c | 78 |
1 files changed, 21 insertions, 57 deletions
diff --git a/src/vnet/vxlan/decap.c b/src/vnet/vxlan/decap.c index 764dfca4820..3b428be35e4 100644 --- a/src/vnet/vxlan/decap.c +++ b/src/vnet/vxlan/decap.c @@ -46,20 +46,6 @@ format_vxlan_rx_trace (u8 * s, va_list * args) t->tunnel_index, t->vni, t->next_index, t->error); } -always_inline u32 -buf_fib_index (vlib_buffer_t * b, u32 is_ip4) -{ - u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX]; - if (sw_if_index != (u32) ~ 0) - return sw_if_index; - - u32 *fib_index_by_sw_if_index = is_ip4 ? - ip4_main.fib_index_by_sw_if_index : ip6_main.fib_index_by_sw_if_index; - sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX]; - - return vec_elt (fib_index_by_sw_if_index, sw_if_index); -} - typedef vxlan4_tunnel_key_t last_tunnel_cache4; static const vxlan_decap_info_t decap_not_found = { @@ -246,8 +232,8 @@ vxlan_input (vlib_main_t * vm, vlib_buffer_advance (b[0], sizeof *vxlan0); vlib_buffer_advance (b[1], sizeof *vxlan1); - u32 fi0 = buf_fib_index (b[0], is_ip4); - u32 fi1 = buf_fib_index (b[1], is_ip4); + u32 fi0 = vlib_buffer_get_ip_fib_index (b[0], is_ip4); + u32 fi1 = vlib_buffer_get_ip_fib_index (b[1], is_ip4); vxlan_decap_info_t di0 = is_ip4 ? vxlan4_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan0, &stats_if0) : @@ -349,7 +335,7 @@ vxlan_input (vlib_main_t * vm, /* pop (ip, udp, vxlan) */ vlib_buffer_advance (b[0], sizeof (*vxlan0)); - u32 fi0 = buf_fib_index (b[0], is_ip4); + u32 fi0 = vlib_buffer_get_ip_fib_index (b[0], is_ip4); vxlan_decap_info_t di0 = is_ip4 ? vxlan4_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan0, &stats_if0) : @@ -468,8 +454,10 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, u32 *from, *to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -479,9 +467,9 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, ip4_forward_next_trace (vm, node, frame, VLIB_TX); if (is_ip4) - addr4.data_u32 = ~0; + vtep4_key_init (&last_vtep4); else - ip6_address_set_zero (&addr6); + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -565,21 +553,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; @@ -651,21 +631,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for VXLAN packet */ } flags1 = b1->flags; @@ -773,21 +745,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; |