diff options
-rw-r--r-- | src/vnet/ethernet/packet.h | 10 | ||||
-rw-r--r-- | src/vnet/mfib/mfib_entry.c | 58 | ||||
-rw-r--r-- | src/vnet/mfib/mfib_itf.c | 73 | ||||
-rw-r--r-- | src/vnet/mfib/mfib_itf.h | 5 | ||||
-rw-r--r-- | src/vnet/pg/input.c | 118 | ||||
-rw-r--r-- | src/vnet/pg/pg.h | 4 | ||||
-rw-r--r-- | src/vnet/pg/stream.c | 37 | ||||
-rw-r--r-- | test/test_ip_mcast.py | 35 |
8 files changed, 331 insertions, 9 deletions
diff --git a/src/vnet/ethernet/packet.h b/src/vnet/ethernet/packet.h index 13d7dafabfc..e1e42badd06 100644 --- a/src/vnet/ethernet/packet.h +++ b/src/vnet/ethernet/packet.h @@ -64,20 +64,20 @@ typedef struct /* I/G bit: individual (unicast)/group (broadcast/multicast). */ always_inline uword -ethernet_address_cast (u8 * a) +ethernet_address_cast (const u8 * a) { return (a[0] >> 0) & 1; } always_inline int -ethernet_address_is_broadcast (u8 * a) +ethernet_address_is_broadcast (const u8 * a) { return clib_mem_unaligned (a, u32) == 0xffffffff && clib_mem_unaligned (a + 4, u16) == 0xffff; } always_inline uword -ethernet_address_is_locally_administered (u8 * a) +ethernet_address_is_locally_administered (const u8 * a) { return (a[0] >> 1) & 1; } @@ -89,7 +89,7 @@ ethernet_address_set_locally_administered (u8 * a) } always_inline int -eh_dst_addr_to_rx_ctype (ethernet_header_t * eh) +eh_dst_addr_to_rx_ctype (const ethernet_header_t * eh) { if (PREDICT_TRUE (ethernet_address_cast (eh->dst_address) == ETHERNET_ADDRESS_UNICAST)) @@ -107,7 +107,7 @@ eh_dst_addr_to_rx_ctype (ethernet_header_t * eh) } always_inline int -eh_dst_addr_to_tx_ctype (ethernet_header_t * eh) +eh_dst_addr_to_tx_ctype (const ethernet_header_t * eh) { if (PREDICT_TRUE (ethernet_address_cast (eh->dst_address) == ETHERNET_ADDRESS_UNICAST)) diff --git a/src/vnet/mfib/mfib_entry.c b/src/vnet/mfib/mfib_entry.c index c08565d966c..471a6895b52 100644 --- a/src/vnet/mfib/mfib_entry.c +++ b/src/vnet/mfib/mfib_entry.c @@ -992,12 +992,14 @@ mfib_entry_path_update (fib_node_index_t mfib_entry_index, const fib_route_path_t *rpath; mfib_source_t current_best; mfib_path_ext_t *path_ext; + const mfib_prefix_t *pfx; mfib_entry_t *mfib_entry; mfib_entry_src_t *msrc; mfib_itf_flags_t old; u32 ii; mfib_entry = mfib_entry_get(mfib_entry_index); + pfx = mfib_entry_get_prefix(mfib_entry_index); ASSERT(NULL != mfib_entry); current_best = mfib_entry_get_best_source(mfib_entry); msrc = mfib_entry_src_find_or_create(mfib_entry, source); @@ -1051,13 +1053,23 @@ mfib_entry_path_update (fib_node_index_t mfib_entry_index, if (NULL == mfib_itf) { + index_t mfib_itf_i = mfib_itf_create(path_index, + rpath->frp_mitf_flags); mfib_entry_itf_add(msrc, rpath->frp_sw_if_index, - mfib_itf_create(path_index, - rpath->frp_mitf_flags)); + mfib_itf_i); + + if (MFIB_ITF_FLAG_ACCEPT & rpath->frp_mitf_flags) + { + /* new accepting interface - add the mac to the driver */ + mfib_itf_mac_add(mfib_itf_get(mfib_itf_i), pfx); + } } else { + u8 was_accept = !!(old & MFIB_ITF_FLAG_ACCEPT); + u8 is_accept = !!(rpath->frp_mitf_flags & MFIB_ITF_FLAG_ACCEPT); + if (mfib_itf_update(mfib_itf, path_index, rpath->frp_mitf_flags)) @@ -1066,8 +1078,32 @@ mfib_entry_path_update (fib_node_index_t mfib_entry_index, * no more interface flags on this path, remove * from the data-plane set */ + if (was_accept) + { + mfib_itf_mac_del(mfib_itf, pfx); + + } mfib_entry_itf_remove(msrc, rpath->frp_sw_if_index); } + else + { + /* + * is there a change to the ACCEPT flag that + * requires us to update hte driver with the + * MAC + */ + if (is_accept != was_accept) + { + if (is_accept) + { + mfib_itf_mac_add(mfib_itf, pfx); + } + else if (was_accept) + { + mfib_itf_mac_del(mfib_itf, pfx); + } + } + } } } } @@ -1091,11 +1127,13 @@ mfib_entry_path_remove (fib_node_index_t mfib_entry_index, fib_node_index_t path_index, *path_indices; const fib_route_path_t *rpath; mfib_source_t current_best; + const mfib_prefix_t *pfx; mfib_entry_t *mfib_entry; mfib_entry_src_t *msrc; u32 ii; mfib_entry = mfib_entry_get(mfib_entry_index); + pfx = mfib_entry_get_prefix(mfib_entry_index); ASSERT(NULL != mfib_entry); current_best = mfib_entry_get_best_source(mfib_entry); msrc = mfib_entry_src_find(mfib_entry, source, NULL); @@ -1128,21 +1166,37 @@ mfib_entry_path_remove (fib_node_index_t mfib_entry_index, mfib_path_ext_remove(msrc, path_index); if (mfib_entry_path_itf_based(rpath)) { + u8 was_accept, is_accept; mfib_itf_t *mfib_itf; mfib_itf = mfib_entry_itf_find(msrc->mfes_itfs, rpath->frp_sw_if_index); + was_accept = !!(MFIB_ITF_FLAG_ACCEPT & mfib_itf->mfi_flags); if (mfib_itf_update(mfib_itf, path_index, MFIB_ITF_FLAG_NONE)) { + if (was_accept) + { + mfib_itf_mac_del(mfib_itf, pfx); + } + /* * no more interface flags on this path, remove * from the data-plane set */ mfib_entry_itf_remove(msrc, rpath->frp_sw_if_index); } + else + { + is_accept = !!(MFIB_ITF_FLAG_ACCEPT & mfib_itf->mfi_flags); + + if (was_accept && !is_accept) + { + mfib_itf_mac_del(mfib_itf, pfx); + } + } } } vec_free(path_indices); diff --git a/src/vnet/mfib/mfib_itf.c b/src/vnet/mfib/mfib_itf.c index 33ef98764e2..decf7650c94 100644 --- a/src/vnet/mfib/mfib_itf.c +++ b/src/vnet/mfib/mfib_itf.c @@ -109,6 +109,79 @@ mfib_itf_hash_flush (mfib_itf_t *mfi) }; } +static void +mfib_itf_prefix4_to_mac (const mfib_prefix_t *pfx, + mac_address_t *mac) +{ + mac->bytes[0] = 0x01; + mac->bytes[1] = 0x0; + mac->bytes[2] = 0x5e; + mac->bytes[3] = pfx->fp_grp_addr.ip4.as_u8[1] & 0x7f; + mac->bytes[4] = pfx->fp_grp_addr.ip4.as_u8[2]; + mac->bytes[5] = pfx->fp_grp_addr.ip4.as_u8[3]; +} + +static void +mfib_itf_prefix6_to_mac (const mfib_prefix_t *pfx, + mac_address_t *mac) +{ + mac->bytes[0] = 0x33; + mac->bytes[1] = 0x33; + mac->bytes[2] = pfx->fp_grp_addr.ip6.as_u8[12]; + mac->bytes[3] = pfx->fp_grp_addr.ip6.as_u8[13]; + mac->bytes[4] = pfx->fp_grp_addr.ip6.as_u8[14]; + mac->bytes[5] = pfx->fp_grp_addr.ip6.as_u8[15]; +} + +static void +mfib_itf_prefix_to_mac (const mfib_prefix_t *pfx, + mac_address_t *mac) +{ + switch (pfx->fp_proto) + { + case FIB_PROTOCOL_IP4: + mfib_itf_prefix4_to_mac(pfx, mac); + break; + case FIB_PROTOCOL_IP6: + mfib_itf_prefix6_to_mac(pfx, mac); + break; + case FIB_PROTOCOL_MPLS: + break; + } +} + +static void +mfib_itf_mac_add_del (mfib_itf_t *itf, + const mfib_prefix_t *pfx, + int add) +{ + vnet_sw_interface_t *si; + vnet_main_t *vnm; + mac_address_t mac; + + vnm = vnet_get_main(); + mfib_itf_prefix_to_mac(pfx, &mac); + + si = vnet_get_sw_interface(vnm, itf->mfi_sw_if_index); + vnet_hw_interface_add_del_mac_address (vnet_get_main(), + si->hw_if_index, + mac.bytes, add); +} + +void +mfib_itf_mac_add (mfib_itf_t *itf, + const mfib_prefix_t *pfx) +{ + mfib_itf_mac_add_del(itf, pfx, 1); +} + +void +mfib_itf_mac_del (mfib_itf_t *itf, + const mfib_prefix_t *pfx) +{ + mfib_itf_mac_add_del(itf, pfx, 0); +} + void mfib_itf_delete (mfib_itf_t *mfi) { diff --git a/src/vnet/mfib/mfib_itf.h b/src/vnet/mfib/mfib_itf.h index 295be1b20e5..656f12d0e9d 100644 --- a/src/vnet/mfib/mfib_itf.h +++ b/src/vnet/mfib/mfib_itf.h @@ -69,6 +69,11 @@ extern void mfib_itf_delete(mfib_itf_t *itf); extern u8 *format_mfib_itf(u8 * s, va_list * args); +extern void mfib_itf_mac_add(mfib_itf_t *itf, + const mfib_prefix_t *pfx); +extern void mfib_itf_mac_del(mfib_itf_t *itf, + const mfib_prefix_t *pfx); + extern mfib_itf_t *mfib_itf_pool; /** diff --git a/src/vnet/pg/input.c b/src/vnet/pg/input.c index 785592f3618..60fc96e6faa 100644 --- a/src/vnet/pg/input.c +++ b/src/vnet/pg/input.c @@ -1823,6 +1823,124 @@ VLIB_REGISTER_NODE (pg_input_node) = { }; /* *INDENT-ON* */ +VLIB_NODE_FN (pg_input_mac_filter) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) +{ + vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs; + u16 nexts[VLIB_FRAME_SIZE], *next; + pg_main_t *pg = &pg_main; + u32 n_left, *from; + + from = vlib_frame_vector_args (frame); + n_left = frame->n_vectors; + next = nexts; + + clib_memset_u16 (next, 0, VLIB_FRAME_SIZE); + + vlib_get_buffers (vm, from, bufs, n_left); + + while (n_left) + { + const ethernet_header_t *eth; + pg_interface_t *pi; + mac_address_t in; + + pi = pool_elt_at_index + (pg->interfaces, + pg->if_id_by_sw_if_index[vnet_buffer (b[0])->sw_if_index[VLIB_RX]]); + eth = vlib_buffer_get_current (b[0]); + + mac_address_from_bytes (&in, eth->dst_address); + + if (PREDICT_FALSE (ethernet_address_cast (in.bytes))) + { + mac_address_t *allowed; + + if (0 != vec_len (pi->allowed_mcast_macs)) + { + vec_foreach (allowed, pi->allowed_mcast_macs) + { + if (0 != mac_address_cmp (allowed, &in)) + break; + } + + if (vec_is_member (allowed, pi->allowed_mcast_macs)) + vnet_feature_next_u16 (&next[0], b[0]); + } + } + + b += 1; + next += 1; + n_left -= 1; + } + + vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors); + + return (frame->n_vectors); +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (pg_input_mac_filter) = { + .name = "pg-input-mac-filter", + .vector_size = sizeof (u32), + .format_trace = format_pg_input_trace, + .n_next_nodes = 1, + .next_nodes = { + [0] = "error-drop", + }, +}; +VNET_FEATURE_INIT (pg_input_mac_filter_feat, static) = { + .arc_name = "device-input", + .node_name = "pg-input-mac-filter", +}; +/* *INDENT-ON* */ + +static clib_error_t * +pg_input_mac_filter_cfg (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + u32 sw_if_index = ~0; + int is_enable; + + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "%U", + unformat_vnet_sw_interface, + vnet_get_main (), &sw_if_index)) + ; + else if (unformat (line_input, "%U", + unformat_vlib_enable_disable, &is_enable)) + ; + else + return clib_error_create ("unknown input `%U'", + format_unformat_error, line_input); + } + unformat_free (line_input); + + if (~0 == sw_if_index) + return clib_error_create ("specify interface"); + + vnet_feature_enable_disable ("device-input", + "pg-input-mac-filter", + sw_if_index, is_enable, 0, 0); + + return NULL; +} + +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (enable_streams_cli, static) = { + .path = "packet-generator mac-filter", + .short_help = "packet-generator mac-filter <INTERFACE> <on|off>", + .function = pg_input_mac_filter_cfg, +}; +/* *INDENT-ON* */ + + /* * fd.io coding-style-patch-verification: ON * diff --git a/src/vnet/pg/pg.h b/src/vnet/pg/pg.h index 06e61261b7d..f5b5e5ac358 100644 --- a/src/vnet/pg/pg.h +++ b/src/vnet/pg/pg.h @@ -45,6 +45,7 @@ #include <vppinfra/fifo.h> /* for buffer_fifo */ #include <vppinfra/pcap.h> #include <vnet/interface.h> +#include <vnet/ethernet/mac_address.h> #include <vnet/gso/gro.h> extern vnet_device_class_t pg_dev_class; @@ -312,6 +313,8 @@ typedef struct u32 gso_size; pcap_main_t pcap_main; char *pcap_file_name; + + mac_address_t *allowed_mcast_macs; } pg_interface_t; /* Per VLIB node data. */ @@ -335,6 +338,7 @@ typedef struct pg_main_t /* Pool of interfaces. */ pg_interface_t *interfaces; uword *if_index_by_if_id; + uword *if_id_by_sw_if_index; /* Vector of buffer indices for use in pg_stream_fill_replay, per thread */ u32 **replay_buffers_by_thread; diff --git a/src/vnet/pg/stream.c b/src/vnet/pg/stream.c index 88c89371c6c..6ea80903de0 100644 --- a/src/vnet/pg/stream.c +++ b/src/vnet/pg/stream.c @@ -139,6 +139,39 @@ pg_interface_admin_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags) return 0; } +static int +pg_mac_address_cmp (const mac_address_t * m1, const mac_address_t * m2) +{ + return (!mac_address_cmp (m1, m2)); +} + +static clib_error_t * +pg_add_del_mac_address (vnet_hw_interface_t * hi, + const u8 * address, u8 is_add) +{ + pg_main_t *pg = &pg_main; + + if (ethernet_address_cast (address)) + { + mac_address_t mac; + pg_interface_t *pi; + + pi = pool_elt_at_index (pg->interfaces, hi->dev_instance); + + mac_address_from_bytes (&mac, address); + if (is_add) + vec_add1 (pi->allowed_mcast_macs, mac); + else + { + u32 pos = vec_search_with_function (pi->allowed_mcast_macs, &mac, + pg_mac_address_cmp); + if (~0 != pos) + vec_del1 (pi->allowed_mcast_macs, pos); + } + } + return (NULL); +} + /* *INDENT-OFF* */ VNET_DEVICE_CLASS (pg_dev_class) = { .name = "pg", @@ -146,6 +179,7 @@ VNET_DEVICE_CLASS (pg_dev_class) = { .format_device_name = format_pg_interface_name, .format_tx_trace = format_pg_output_trace, .admin_up_down_function = pg_interface_admin_up_down, + .mac_addr_add_del_function = pg_add_del_mac_address, }; /* *INDENT-ON* */ @@ -245,6 +279,9 @@ pg_interface_add_or_get (pg_main_t * pg, uword if_id, u8 gso_enabled, hash_set (pg->if_index_by_if_id, if_id, i); + vec_validate (pg->if_id_by_sw_if_index, hi->sw_if_index); + pg->if_id_by_sw_if_index[hi->sw_if_index] = i; + if (vlib_num_workers ()) { pi->lockp = clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, diff --git a/test/test_ip_mcast.py b/test/test_ip_mcast.py index d7a8238e35b..64d37060d43 100644 --- a/test/test_ip_mcast.py +++ b/test/test_ip_mcast.py @@ -95,7 +95,7 @@ class TestIPMcast(VppTestCase): def create_stream_ip4(self, src_if, src_ip, dst_ip, payload_size=0): pkts = [] # default to small packet sizes - p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / + p = (Ether(dst=getmacbyip(dst_ip), src=src_if.remote_mac) / IP(src=src_ip, dst=dst_ip) / UDP(sport=1234, dport=1234)) if not payload_size: @@ -111,7 +111,7 @@ class TestIPMcast(VppTestCase): for i in range(0, N_PKTS_IN_STREAM): info = self.create_packet_info(src_if, src_if) payload = self.info_to_payload(info) - p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) / + p = (Ether(dst=getmacbyip6(dst_ip), src=src_if.remote_mac) / IPv6(src=src_ip, dst=dst_ip) / UDP(sport=1234, dport=1234) / Raw(payload)) @@ -189,6 +189,14 @@ class TestIPMcast(VppTestCase): # a stream that matches the default route. gets dropped. # self.vapi.cli("clear trace") + self.vapi.cli("packet mac-filter pg0 on") + self.vapi.cli("packet mac-filter pg1 on") + self.vapi.cli("packet mac-filter pg2 on") + self.vapi.cli("packet mac-filter pg4 on") + self.vapi.cli("packet mac-filter pg5 on") + self.vapi.cli("packet mac-filter pg6 on") + self.vapi.cli("packet mac-filter pg7 on") + tx = self.create_stream_ip4(self.pg0, "1.1.1.1", "232.1.1.1") self.pg0.add_stream(tx) @@ -395,9 +403,24 @@ class TestIPMcast(VppTestCase): self.pg0.assert_nothing_captured( remark="IP multicast packets forwarded on PG0") + self.vapi.cli("packet mac-filter pg0 off") + self.vapi.cli("packet mac-filter pg1 off") + self.vapi.cli("packet mac-filter pg2 off") + self.vapi.cli("packet mac-filter pg4 off") + self.vapi.cli("packet mac-filter pg5 off") + self.vapi.cli("packet mac-filter pg6 off") + self.vapi.cli("packet mac-filter pg7 off") + def test_ip6_mcast(self): """ IPv6 Multicast Replication """ + self.vapi.cli("packet mac-filter pg0 on") + self.vapi.cli("packet mac-filter pg1 on") + self.vapi.cli("packet mac-filter pg2 on") + self.vapi.cli("packet mac-filter pg4 on") + self.vapi.cli("packet mac-filter pg5 on") + self.vapi.cli("packet mac-filter pg6 on") + self.vapi.cli("packet mac-filter pg7 on") # # a stream that matches the default route. gets dropped. # @@ -556,6 +579,14 @@ class TestIPMcast(VppTestCase): self.pg3.assert_nothing_captured( remark="IP multicast packets forwarded on PG3") + self.vapi.cli("packet mac-filter pg0 off") + self.vapi.cli("packet mac-filter pg1 off") + self.vapi.cli("packet mac-filter pg2 off") + self.vapi.cli("packet mac-filter pg4 off") + self.vapi.cli("packet mac-filter pg5 off") + self.vapi.cli("packet mac-filter pg6 off") + self.vapi.cli("packet mac-filter pg7 off") + def _mcast_connected_send_stream(self, dst_ip): self.vapi.cli("clear trace") tx = self.create_stream_ip4(self.pg0, |