summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/vnet/ethernet/packet.h10
-rw-r--r--src/vnet/mfib/mfib_entry.c58
-rw-r--r--src/vnet/mfib/mfib_itf.c73
-rw-r--r--src/vnet/mfib/mfib_itf.h5
-rw-r--r--src/vnet/pg/input.c118
-rw-r--r--src/vnet/pg/pg.h4
-rw-r--r--src/vnet/pg/stream.c37
-rw-r--r--test/test_ip_mcast.py35
8 files changed, 331 insertions, 9 deletions
diff --git a/src/vnet/ethernet/packet.h b/src/vnet/ethernet/packet.h
index 13d7dafabfc..e1e42badd06 100644
--- a/src/vnet/ethernet/packet.h
+++ b/src/vnet/ethernet/packet.h
@@ -64,20 +64,20 @@ typedef struct
/* I/G bit: individual (unicast)/group (broadcast/multicast). */
always_inline uword
-ethernet_address_cast (u8 * a)
+ethernet_address_cast (const u8 * a)
{
return (a[0] >> 0) & 1;
}
always_inline int
-ethernet_address_is_broadcast (u8 * a)
+ethernet_address_is_broadcast (const u8 * a)
{
return clib_mem_unaligned (a, u32) == 0xffffffff &&
clib_mem_unaligned (a + 4, u16) == 0xffff;
}
always_inline uword
-ethernet_address_is_locally_administered (u8 * a)
+ethernet_address_is_locally_administered (const u8 * a)
{
return (a[0] >> 1) & 1;
}
@@ -89,7 +89,7 @@ ethernet_address_set_locally_administered (u8 * a)
}
always_inline int
-eh_dst_addr_to_rx_ctype (ethernet_header_t * eh)
+eh_dst_addr_to_rx_ctype (const ethernet_header_t * eh)
{
if (PREDICT_TRUE (ethernet_address_cast (eh->dst_address) ==
ETHERNET_ADDRESS_UNICAST))
@@ -107,7 +107,7 @@ eh_dst_addr_to_rx_ctype (ethernet_header_t * eh)
}
always_inline int
-eh_dst_addr_to_tx_ctype (ethernet_header_t * eh)
+eh_dst_addr_to_tx_ctype (const ethernet_header_t * eh)
{
if (PREDICT_TRUE (ethernet_address_cast (eh->dst_address) ==
ETHERNET_ADDRESS_UNICAST))
diff --git a/src/vnet/mfib/mfib_entry.c b/src/vnet/mfib/mfib_entry.c
index c08565d966c..471a6895b52 100644
--- a/src/vnet/mfib/mfib_entry.c
+++ b/src/vnet/mfib/mfib_entry.c
@@ -992,12 +992,14 @@ mfib_entry_path_update (fib_node_index_t mfib_entry_index,
const fib_route_path_t *rpath;
mfib_source_t current_best;
mfib_path_ext_t *path_ext;
+ const mfib_prefix_t *pfx;
mfib_entry_t *mfib_entry;
mfib_entry_src_t *msrc;
mfib_itf_flags_t old;
u32 ii;
mfib_entry = mfib_entry_get(mfib_entry_index);
+ pfx = mfib_entry_get_prefix(mfib_entry_index);
ASSERT(NULL != mfib_entry);
current_best = mfib_entry_get_best_source(mfib_entry);
msrc = mfib_entry_src_find_or_create(mfib_entry, source);
@@ -1051,13 +1053,23 @@ mfib_entry_path_update (fib_node_index_t mfib_entry_index,
if (NULL == mfib_itf)
{
+ index_t mfib_itf_i = mfib_itf_create(path_index,
+ rpath->frp_mitf_flags);
mfib_entry_itf_add(msrc,
rpath->frp_sw_if_index,
- mfib_itf_create(path_index,
- rpath->frp_mitf_flags));
+ mfib_itf_i);
+
+ if (MFIB_ITF_FLAG_ACCEPT & rpath->frp_mitf_flags)
+ {
+ /* new accepting interface - add the mac to the driver */
+ mfib_itf_mac_add(mfib_itf_get(mfib_itf_i), pfx);
+ }
}
else
{
+ u8 was_accept = !!(old & MFIB_ITF_FLAG_ACCEPT);
+ u8 is_accept = !!(rpath->frp_mitf_flags & MFIB_ITF_FLAG_ACCEPT);
+
if (mfib_itf_update(mfib_itf,
path_index,
rpath->frp_mitf_flags))
@@ -1066,8 +1078,32 @@ mfib_entry_path_update (fib_node_index_t mfib_entry_index,
* no more interface flags on this path, remove
* from the data-plane set
*/
+ if (was_accept)
+ {
+ mfib_itf_mac_del(mfib_itf, pfx);
+
+ }
mfib_entry_itf_remove(msrc, rpath->frp_sw_if_index);
}
+ else
+ {
+ /*
+ * is there a change to the ACCEPT flag that
+ * requires us to update hte driver with the
+ * MAC
+ */
+ if (is_accept != was_accept)
+ {
+ if (is_accept)
+ {
+ mfib_itf_mac_add(mfib_itf, pfx);
+ }
+ else if (was_accept)
+ {
+ mfib_itf_mac_del(mfib_itf, pfx);
+ }
+ }
+ }
}
}
}
@@ -1091,11 +1127,13 @@ mfib_entry_path_remove (fib_node_index_t mfib_entry_index,
fib_node_index_t path_index, *path_indices;
const fib_route_path_t *rpath;
mfib_source_t current_best;
+ const mfib_prefix_t *pfx;
mfib_entry_t *mfib_entry;
mfib_entry_src_t *msrc;
u32 ii;
mfib_entry = mfib_entry_get(mfib_entry_index);
+ pfx = mfib_entry_get_prefix(mfib_entry_index);
ASSERT(NULL != mfib_entry);
current_best = mfib_entry_get_best_source(mfib_entry);
msrc = mfib_entry_src_find(mfib_entry, source, NULL);
@@ -1128,21 +1166,37 @@ mfib_entry_path_remove (fib_node_index_t mfib_entry_index,
mfib_path_ext_remove(msrc, path_index);
if (mfib_entry_path_itf_based(rpath))
{
+ u8 was_accept, is_accept;
mfib_itf_t *mfib_itf;
mfib_itf = mfib_entry_itf_find(msrc->mfes_itfs,
rpath->frp_sw_if_index);
+ was_accept = !!(MFIB_ITF_FLAG_ACCEPT & mfib_itf->mfi_flags);
if (mfib_itf_update(mfib_itf,
path_index,
MFIB_ITF_FLAG_NONE))
{
+ if (was_accept)
+ {
+ mfib_itf_mac_del(mfib_itf, pfx);
+ }
+
/*
* no more interface flags on this path, remove
* from the data-plane set
*/
mfib_entry_itf_remove(msrc, rpath->frp_sw_if_index);
}
+ else
+ {
+ is_accept = !!(MFIB_ITF_FLAG_ACCEPT & mfib_itf->mfi_flags);
+
+ if (was_accept && !is_accept)
+ {
+ mfib_itf_mac_del(mfib_itf, pfx);
+ }
+ }
}
}
vec_free(path_indices);
diff --git a/src/vnet/mfib/mfib_itf.c b/src/vnet/mfib/mfib_itf.c
index 33ef98764e2..decf7650c94 100644
--- a/src/vnet/mfib/mfib_itf.c
+++ b/src/vnet/mfib/mfib_itf.c
@@ -109,6 +109,79 @@ mfib_itf_hash_flush (mfib_itf_t *mfi)
};
}
+static void
+mfib_itf_prefix4_to_mac (const mfib_prefix_t *pfx,
+ mac_address_t *mac)
+{
+ mac->bytes[0] = 0x01;
+ mac->bytes[1] = 0x0;
+ mac->bytes[2] = 0x5e;
+ mac->bytes[3] = pfx->fp_grp_addr.ip4.as_u8[1] & 0x7f;
+ mac->bytes[4] = pfx->fp_grp_addr.ip4.as_u8[2];
+ mac->bytes[5] = pfx->fp_grp_addr.ip4.as_u8[3];
+}
+
+static void
+mfib_itf_prefix6_to_mac (const mfib_prefix_t *pfx,
+ mac_address_t *mac)
+{
+ mac->bytes[0] = 0x33;
+ mac->bytes[1] = 0x33;
+ mac->bytes[2] = pfx->fp_grp_addr.ip6.as_u8[12];
+ mac->bytes[3] = pfx->fp_grp_addr.ip6.as_u8[13];
+ mac->bytes[4] = pfx->fp_grp_addr.ip6.as_u8[14];
+ mac->bytes[5] = pfx->fp_grp_addr.ip6.as_u8[15];
+}
+
+static void
+mfib_itf_prefix_to_mac (const mfib_prefix_t *pfx,
+ mac_address_t *mac)
+{
+ switch (pfx->fp_proto)
+ {
+ case FIB_PROTOCOL_IP4:
+ mfib_itf_prefix4_to_mac(pfx, mac);
+ break;
+ case FIB_PROTOCOL_IP6:
+ mfib_itf_prefix6_to_mac(pfx, mac);
+ break;
+ case FIB_PROTOCOL_MPLS:
+ break;
+ }
+}
+
+static void
+mfib_itf_mac_add_del (mfib_itf_t *itf,
+ const mfib_prefix_t *pfx,
+ int add)
+{
+ vnet_sw_interface_t *si;
+ vnet_main_t *vnm;
+ mac_address_t mac;
+
+ vnm = vnet_get_main();
+ mfib_itf_prefix_to_mac(pfx, &mac);
+
+ si = vnet_get_sw_interface(vnm, itf->mfi_sw_if_index);
+ vnet_hw_interface_add_del_mac_address (vnet_get_main(),
+ si->hw_if_index,
+ mac.bytes, add);
+}
+
+void
+mfib_itf_mac_add (mfib_itf_t *itf,
+ const mfib_prefix_t *pfx)
+{
+ mfib_itf_mac_add_del(itf, pfx, 1);
+}
+
+void
+mfib_itf_mac_del (mfib_itf_t *itf,
+ const mfib_prefix_t *pfx)
+{
+ mfib_itf_mac_add_del(itf, pfx, 0);
+}
+
void
mfib_itf_delete (mfib_itf_t *mfi)
{
diff --git a/src/vnet/mfib/mfib_itf.h b/src/vnet/mfib/mfib_itf.h
index 295be1b20e5..656f12d0e9d 100644
--- a/src/vnet/mfib/mfib_itf.h
+++ b/src/vnet/mfib/mfib_itf.h
@@ -69,6 +69,11 @@ extern void mfib_itf_delete(mfib_itf_t *itf);
extern u8 *format_mfib_itf(u8 * s, va_list * args);
+extern void mfib_itf_mac_add(mfib_itf_t *itf,
+ const mfib_prefix_t *pfx);
+extern void mfib_itf_mac_del(mfib_itf_t *itf,
+ const mfib_prefix_t *pfx);
+
extern mfib_itf_t *mfib_itf_pool;
/**
diff --git a/src/vnet/pg/input.c b/src/vnet/pg/input.c
index 785592f3618..60fc96e6faa 100644
--- a/src/vnet/pg/input.c
+++ b/src/vnet/pg/input.c
@@ -1823,6 +1823,124 @@ VLIB_REGISTER_NODE (pg_input_node) = {
};
/* *INDENT-ON* */
+VLIB_NODE_FN (pg_input_mac_filter) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
+{
+ vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
+ u16 nexts[VLIB_FRAME_SIZE], *next;
+ pg_main_t *pg = &pg_main;
+ u32 n_left, *from;
+
+ from = vlib_frame_vector_args (frame);
+ n_left = frame->n_vectors;
+ next = nexts;
+
+ clib_memset_u16 (next, 0, VLIB_FRAME_SIZE);
+
+ vlib_get_buffers (vm, from, bufs, n_left);
+
+ while (n_left)
+ {
+ const ethernet_header_t *eth;
+ pg_interface_t *pi;
+ mac_address_t in;
+
+ pi = pool_elt_at_index
+ (pg->interfaces,
+ pg->if_id_by_sw_if_index[vnet_buffer (b[0])->sw_if_index[VLIB_RX]]);
+ eth = vlib_buffer_get_current (b[0]);
+
+ mac_address_from_bytes (&in, eth->dst_address);
+
+ if (PREDICT_FALSE (ethernet_address_cast (in.bytes)))
+ {
+ mac_address_t *allowed;
+
+ if (0 != vec_len (pi->allowed_mcast_macs))
+ {
+ vec_foreach (allowed, pi->allowed_mcast_macs)
+ {
+ if (0 != mac_address_cmp (allowed, &in))
+ break;
+ }
+
+ if (vec_is_member (allowed, pi->allowed_mcast_macs))
+ vnet_feature_next_u16 (&next[0], b[0]);
+ }
+ }
+
+ b += 1;
+ next += 1;
+ n_left -= 1;
+ }
+
+ vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
+
+ return (frame->n_vectors);
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (pg_input_mac_filter) = {
+ .name = "pg-input-mac-filter",
+ .vector_size = sizeof (u32),
+ .format_trace = format_pg_input_trace,
+ .n_next_nodes = 1,
+ .next_nodes = {
+ [0] = "error-drop",
+ },
+};
+VNET_FEATURE_INIT (pg_input_mac_filter_feat, static) = {
+ .arc_name = "device-input",
+ .node_name = "pg-input-mac-filter",
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+pg_input_mac_filter_cfg (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ u32 sw_if_index = ~0;
+ int is_enable;
+
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "%U",
+ unformat_vnet_sw_interface,
+ vnet_get_main (), &sw_if_index))
+ ;
+ else if (unformat (line_input, "%U",
+ unformat_vlib_enable_disable, &is_enable))
+ ;
+ else
+ return clib_error_create ("unknown input `%U'",
+ format_unformat_error, line_input);
+ }
+ unformat_free (line_input);
+
+ if (~0 == sw_if_index)
+ return clib_error_create ("specify interface");
+
+ vnet_feature_enable_disable ("device-input",
+ "pg-input-mac-filter",
+ sw_if_index, is_enable, 0, 0);
+
+ return NULL;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (enable_streams_cli, static) = {
+ .path = "packet-generator mac-filter",
+ .short_help = "packet-generator mac-filter <INTERFACE> <on|off>",
+ .function = pg_input_mac_filter_cfg,
+};
+/* *INDENT-ON* */
+
+
/*
* fd.io coding-style-patch-verification: ON
*
diff --git a/src/vnet/pg/pg.h b/src/vnet/pg/pg.h
index 06e61261b7d..f5b5e5ac358 100644
--- a/src/vnet/pg/pg.h
+++ b/src/vnet/pg/pg.h
@@ -45,6 +45,7 @@
#include <vppinfra/fifo.h> /* for buffer_fifo */
#include <vppinfra/pcap.h>
#include <vnet/interface.h>
+#include <vnet/ethernet/mac_address.h>
#include <vnet/gso/gro.h>
extern vnet_device_class_t pg_dev_class;
@@ -312,6 +313,8 @@ typedef struct
u32 gso_size;
pcap_main_t pcap_main;
char *pcap_file_name;
+
+ mac_address_t *allowed_mcast_macs;
} pg_interface_t;
/* Per VLIB node data. */
@@ -335,6 +338,7 @@ typedef struct pg_main_t
/* Pool of interfaces. */
pg_interface_t *interfaces;
uword *if_index_by_if_id;
+ uword *if_id_by_sw_if_index;
/* Vector of buffer indices for use in pg_stream_fill_replay, per thread */
u32 **replay_buffers_by_thread;
diff --git a/src/vnet/pg/stream.c b/src/vnet/pg/stream.c
index 88c89371c6c..6ea80903de0 100644
--- a/src/vnet/pg/stream.c
+++ b/src/vnet/pg/stream.c
@@ -139,6 +139,39 @@ pg_interface_admin_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags)
return 0;
}
+static int
+pg_mac_address_cmp (const mac_address_t * m1, const mac_address_t * m2)
+{
+ return (!mac_address_cmp (m1, m2));
+}
+
+static clib_error_t *
+pg_add_del_mac_address (vnet_hw_interface_t * hi,
+ const u8 * address, u8 is_add)
+{
+ pg_main_t *pg = &pg_main;
+
+ if (ethernet_address_cast (address))
+ {
+ mac_address_t mac;
+ pg_interface_t *pi;
+
+ pi = pool_elt_at_index (pg->interfaces, hi->dev_instance);
+
+ mac_address_from_bytes (&mac, address);
+ if (is_add)
+ vec_add1 (pi->allowed_mcast_macs, mac);
+ else
+ {
+ u32 pos = vec_search_with_function (pi->allowed_mcast_macs, &mac,
+ pg_mac_address_cmp);
+ if (~0 != pos)
+ vec_del1 (pi->allowed_mcast_macs, pos);
+ }
+ }
+ return (NULL);
+}
+
/* *INDENT-OFF* */
VNET_DEVICE_CLASS (pg_dev_class) = {
.name = "pg",
@@ -146,6 +179,7 @@ VNET_DEVICE_CLASS (pg_dev_class) = {
.format_device_name = format_pg_interface_name,
.format_tx_trace = format_pg_output_trace,
.admin_up_down_function = pg_interface_admin_up_down,
+ .mac_addr_add_del_function = pg_add_del_mac_address,
};
/* *INDENT-ON* */
@@ -245,6 +279,9 @@ pg_interface_add_or_get (pg_main_t * pg, uword if_id, u8 gso_enabled,
hash_set (pg->if_index_by_if_id, if_id, i);
+ vec_validate (pg->if_id_by_sw_if_index, hi->sw_if_index);
+ pg->if_id_by_sw_if_index[hi->sw_if_index] = i;
+
if (vlib_num_workers ())
{
pi->lockp = clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES,
diff --git a/test/test_ip_mcast.py b/test/test_ip_mcast.py
index d7a8238e35b..64d37060d43 100644
--- a/test/test_ip_mcast.py
+++ b/test/test_ip_mcast.py
@@ -95,7 +95,7 @@ class TestIPMcast(VppTestCase):
def create_stream_ip4(self, src_if, src_ip, dst_ip, payload_size=0):
pkts = []
# default to small packet sizes
- p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
+ p = (Ether(dst=getmacbyip(dst_ip), src=src_if.remote_mac) /
IP(src=src_ip, dst=dst_ip) /
UDP(sport=1234, dport=1234))
if not payload_size:
@@ -111,7 +111,7 @@ class TestIPMcast(VppTestCase):
for i in range(0, N_PKTS_IN_STREAM):
info = self.create_packet_info(src_if, src_if)
payload = self.info_to_payload(info)
- p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
+ p = (Ether(dst=getmacbyip6(dst_ip), src=src_if.remote_mac) /
IPv6(src=src_ip, dst=dst_ip) /
UDP(sport=1234, dport=1234) /
Raw(payload))
@@ -189,6 +189,14 @@ class TestIPMcast(VppTestCase):
# a stream that matches the default route. gets dropped.
#
self.vapi.cli("clear trace")
+ self.vapi.cli("packet mac-filter pg0 on")
+ self.vapi.cli("packet mac-filter pg1 on")
+ self.vapi.cli("packet mac-filter pg2 on")
+ self.vapi.cli("packet mac-filter pg4 on")
+ self.vapi.cli("packet mac-filter pg5 on")
+ self.vapi.cli("packet mac-filter pg6 on")
+ self.vapi.cli("packet mac-filter pg7 on")
+
tx = self.create_stream_ip4(self.pg0, "1.1.1.1", "232.1.1.1")
self.pg0.add_stream(tx)
@@ -395,9 +403,24 @@ class TestIPMcast(VppTestCase):
self.pg0.assert_nothing_captured(
remark="IP multicast packets forwarded on PG0")
+ self.vapi.cli("packet mac-filter pg0 off")
+ self.vapi.cli("packet mac-filter pg1 off")
+ self.vapi.cli("packet mac-filter pg2 off")
+ self.vapi.cli("packet mac-filter pg4 off")
+ self.vapi.cli("packet mac-filter pg5 off")
+ self.vapi.cli("packet mac-filter pg6 off")
+ self.vapi.cli("packet mac-filter pg7 off")
+
def test_ip6_mcast(self):
""" IPv6 Multicast Replication """
+ self.vapi.cli("packet mac-filter pg0 on")
+ self.vapi.cli("packet mac-filter pg1 on")
+ self.vapi.cli("packet mac-filter pg2 on")
+ self.vapi.cli("packet mac-filter pg4 on")
+ self.vapi.cli("packet mac-filter pg5 on")
+ self.vapi.cli("packet mac-filter pg6 on")
+ self.vapi.cli("packet mac-filter pg7 on")
#
# a stream that matches the default route. gets dropped.
#
@@ -556,6 +579,14 @@ class TestIPMcast(VppTestCase):
self.pg3.assert_nothing_captured(
remark="IP multicast packets forwarded on PG3")
+ self.vapi.cli("packet mac-filter pg0 off")
+ self.vapi.cli("packet mac-filter pg1 off")
+ self.vapi.cli("packet mac-filter pg2 off")
+ self.vapi.cli("packet mac-filter pg4 off")
+ self.vapi.cli("packet mac-filter pg5 off")
+ self.vapi.cli("packet mac-filter pg6 off")
+ self.vapi.cli("packet mac-filter pg7 off")
+
def _mcast_connected_send_stream(self, dst_ip):
self.vapi.cli("clear trace")
tx = self.create_stream_ip4(self.pg0,