diff options
author | Neale Ranns <nranns@cisco.com> | 2019-03-29 05:08:27 -0700 |
---|---|---|
committer | Neale Ranns <nranns@cisco.com> | 2019-04-03 13:48:19 +0000 |
commit | 2b600184f3f43e740b54a1c51d3a35f8c1a77868 (patch) | |
tree | ce2384579f02214589729ee90642aec035906f47 /src/vnet | |
parent | 7cae003a68ed3e1022bcc8d33d0b5375918a83f7 (diff) |
GBP: iVXLAN reflection check
packets should not egress on an iVXLAN tunnel if they
arrived on one.
Change-Id: I9adca30252364b4878f99e254aebc73b70a5d4d6
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/vxlan-gbp/decap.c | 11 | ||||
-rw-r--r-- | src/vnet/vxlan-gbp/vxlan_gbp.h | 11 | ||||
-rw-r--r-- | src/vnet/vxlan-gbp/vxlan_gbp_packet.h | 8 |
3 files changed, 26 insertions, 4 deletions
diff --git a/src/vnet/vxlan-gbp/decap.c b/src/vnet/vxlan-gbp/decap.c index c520e25dcf2..23995c49fcb 100644 --- a/src/vnet/vxlan-gbp/decap.c +++ b/src/vnet/vxlan-gbp/decap.c @@ -330,7 +330,8 @@ vxlan_gbp_input (vlib_main_t * vm, pkts_decapsulated++; } - vnet_buffer2 (b0)->gbp.flags = vxlan_gbp_get_gpflags (vxlan_gbp0); + vnet_buffer2 (b0)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp0) | + VXLAN_GBP_GPFLAGS_R); vnet_buffer2 (b0)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp0); @@ -370,7 +371,9 @@ vxlan_gbp_input (vlib_main_t * vm, (rx_counter, thread_index, t1->sw_if_index, 1, len1); } - vnet_buffer2 (b1)->gbp.flags = vxlan_gbp_get_gpflags (vxlan_gbp1); + vnet_buffer2 (b1)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp1) | + VXLAN_GBP_GPFLAGS_R); + vnet_buffer2 (b1)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp1); vnet_update_l2_len (b0); @@ -476,7 +479,9 @@ vxlan_gbp_input (vlib_main_t * vm, vlib_increment_combined_counter (rx_counter, thread_index, t0->sw_if_index, 1, len0); } - vnet_buffer2 (b0)->gbp.flags = vxlan_gbp_get_gpflags (vxlan_gbp0); + vnet_buffer2 (b0)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp0) | + VXLAN_GBP_GPFLAGS_R); + vnet_buffer2 (b0)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp0); /* Required to make the l2 tag push / pop code work on l2 subifs */ diff --git a/src/vnet/vxlan-gbp/vxlan_gbp.h b/src/vnet/vxlan-gbp/vxlan_gbp.h index 6580f38e119..af2e1809099 100644 --- a/src/vnet/vxlan-gbp/vxlan_gbp.h +++ b/src/vnet/vxlan-gbp/vxlan_gbp.h @@ -226,6 +226,17 @@ int vnet_vxlan_gbp_tunnel_del (u32 sw_if_indexp); void vnet_int_vxlan_gbp_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable); +always_inline u32 +vxlan_gbp_tunnel_by_sw_if_index (u32 sw_if_index) +{ + vxlan_gbp_main_t *vxm = &vxlan_gbp_main; + + if (sw_if_index >= vec_len (vxm->tunnel_index_by_sw_if_index)) + return ~0; + + return (vxm->tunnel_index_by_sw_if_index[sw_if_index]); +} + #endif /* included_vnet_vxlan_gbp_h */ /* diff --git a/src/vnet/vxlan-gbp/vxlan_gbp_packet.h b/src/vnet/vxlan-gbp/vxlan_gbp_packet.h index 33bccd6aed6..58fe00323b0 100644 --- a/src/vnet/vxlan-gbp/vxlan_gbp_packet.h +++ b/src/vnet/vxlan-gbp/vxlan_gbp_packet.h @@ -63,6 +63,11 @@ * Group membership being encapsulated by VXLAN. Its value is source * class id. * + * FOR INTERNAL USE ONLY + * R bit: Bit 12 of the initial word is defined as the reflection bit + * Set on packet rx checked on tx and dropped if set. this prevents + * packets recieved on an iVXLAN tunnel being reflected back to + * another. */ typedef struct @@ -103,7 +108,8 @@ typedef enum _ (0x40, D) \ _ (0x20, E) \ _ (0x10, S) \ -_ (0x08, A) +_ (0x08, A) \ +_ (0x04, R) typedef enum { |