diff options
-rw-r--r-- | src/vat/api_format.c | 77 | ||||
-rw-r--r-- | src/vnet.am | 2 | ||||
-rw-r--r-- | src/vnet/ethernet/arp.c | 16 | ||||
-rw-r--r-- | src/vnet/ethernet/arp_packet.h | 3 | ||||
-rw-r--r-- | src/vnet/ip/ip.api | 26 | ||||
-rw-r--r-- | src/vnet/ip/ip6_neighbor.c | 16 | ||||
-rw-r--r-- | src/vnet/ip/ip6_neighbor.h | 4 | ||||
-rw-r--r-- | src/vnet/ip/ip_api.c | 21 | ||||
-rw-r--r-- | src/vnet/ip/ip_neighbor.c | 408 | ||||
-rw-r--r-- | src/vnet/ip/ip_neighbor.h | 46 | ||||
-rw-r--r-- | src/vnet/l2/l2_fib.c | 7 | ||||
-rw-r--r-- | src/vpp/api/custom_dump.c | 33 | ||||
-rw-r--r-- | src/vppinfra/pool.h | 3 | ||||
-rw-r--r-- | src/vppinfra/time.h | 3 |
14 files changed, 651 insertions, 14 deletions
diff --git a/src/vat/api_format.c b/src/vat/api_format.c index eebad05fa3c..b1aaa6992c5 100644 --- a/src/vat/api_format.c +++ b/src/vat/api_format.c @@ -22,6 +22,7 @@ #include <vlibapi/api.h> #include <vlibmemory/api.h> #include <vnet/ip/ip.h> +#include <vnet/ip/ip_neighbor.h> #include <vnet/l2/l2_input.h> #include <vnet/l2tp/l2tp.h> #include <vnet/vxlan/vxlan.h> @@ -5450,6 +5451,7 @@ _(l2_interface_vlan_tag_rewrite_reply) \ _(modify_vhost_user_if_reply) \ _(delete_vhost_user_if_reply) \ _(ip_probe_neighbor_reply) \ +_(ip_scan_neighbor_enable_disable_reply) \ _(want_ip4_arp_events_reply) \ _(want_ip6_nd_events_reply) \ _(want_l2_macs_events_reply) \ @@ -5697,6 +5699,7 @@ _(VXLAN_GPE_ADD_DEL_TUNNEL_REPLY, vxlan_gpe_add_del_tunnel_reply) \ _(VXLAN_GPE_TUNNEL_DETAILS, vxlan_gpe_tunnel_details) \ _(INTERFACE_NAME_RENUMBER_REPLY, interface_name_renumber_reply) \ _(IP_PROBE_NEIGHBOR_REPLY, ip_probe_neighbor_reply) \ +_(IP_SCAN_NEIGHBOR_ENABLE_DISABLE_REPLY, ip_scan_neighbor_enable_disable_reply) \ _(WANT_IP4_ARP_EVENTS_REPLY, want_ip4_arp_events_reply) \ _(IP4_ARP_EVENT, ip4_arp_event) \ _(WANT_IP6_ND_EVENTS_REPLY, want_ip6_nd_events_reply) \ @@ -14416,6 +14419,78 @@ api_ip_probe_neighbor (vat_main_t * vam) } static int +api_ip_scan_neighbor_enable_disable (vat_main_t * vam) +{ + unformat_input_t *i = vam->input; + vl_api_ip_scan_neighbor_enable_disable_t *mp; + u8 mode = IP_SCAN_V46_NEIGHBORS; + u32 interval = 0, time = 0, update = 0, delay = 0, stale = 0; + int ret; + + while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) + { + if (unformat (i, "ip4")) + mode = IP_SCAN_V4_NEIGHBORS; + else if (unformat (i, "ip6")) + mode = IP_SCAN_V6_NEIGHBORS; + if (unformat (i, "both")) + mode = IP_SCAN_V46_NEIGHBORS; + else if (unformat (i, "disable")) + mode = IP_SCAN_DISABLED; + else if (unformat (i, "interval %d", &interval)) + ; + else if (unformat (i, "max-time %d", &time)) + ; + else if (unformat (i, "max-update %d", &update)) + ; + else if (unformat (i, "delay %d", &delay)) + ; + else if (unformat (i, "stale %d", &stale)) + ; + else + break; + } + + if (interval > 255) + { + errmsg ("interval cannot exceed 255 minutes."); + return -99; + } + if (time > 255) + { + errmsg ("max-time cannot exceed 255 usec."); + return -99; + } + if (update > 255) + { + errmsg ("max-update cannot exceed 255."); + return -99; + } + if (delay > 255) + { + errmsg ("delay cannot exceed 255 msec."); + return -99; + } + if (stale > 255) + { + errmsg ("stale cannot exceed 255 minutes."); + return -99; + } + + M (IP_SCAN_NEIGHBOR_ENABLE_DISABLE, mp); + mp->mode = mode; + mp->scan_interval = interval; + mp->max_proc_time = time; + mp->max_update = update; + mp->scan_int_delay = delay; + mp->stale_threshold = stale; + + S (mp); + W (ret); + return ret; +} + +static int api_want_ip4_arp_events (vat_main_t * vam) { unformat_input_t *line_input = vam->input; @@ -23406,6 +23481,8 @@ _(input_acl_set_interface, \ "<intfc> | sw_if_index <nn> [ip4-table <nn>] [ip6-table <nn>]\n" \ " [l2-table <nn>] [del]") \ _(ip_probe_neighbor, "(<intc> | sw_if_index <nn>) address <ip4|ip6-addr>") \ +_(ip_scan_neighbor_enable_disable, "[ip4|ip6|both|disable] [interval <n-min>]\n" \ + " [max-time <n-usec>] [max-update <n>] [delay <n-msec>] [stale <n-min>]") \ _(want_ip4_arp_events, "address <ip4-address> [del]") \ _(want_ip6_nd_events, "address <ip6-address> [del]") \ _(want_l2_macs_events, "[disable] [learn-limit <n>] [scan-delay <n>] [max-entries <n>]") \ diff --git a/src/vnet.am b/src/vnet.am index 2a5a4b83286..3a1e10d7d8b 100644 --- a/src/vnet.am +++ b/src/vnet.am @@ -362,6 +362,7 @@ libvnet_la_SOURCES += \ vnet/ip/ip6_pg.c \ vnet/ip/ip6_reassembly.c \ vnet/ip/rd_cp.c \ + vnet/ip/ip_neighbor.c \ vnet/ip/ip_api.c \ vnet/ip/ip_checksum.c \ vnet/ip/ip_frag.c \ @@ -394,6 +395,7 @@ nobase_include_HEADERS += \ vnet/ip/ip.h \ vnet/ip/ip_packet.h \ vnet/ip/ip_source_and_port_range_check.h \ + vnet/ip/ip_neighbor.h \ vnet/ip/lookup.h \ vnet/ip/ports.def \ vnet/ip/protocols.def \ diff --git a/src/vnet/ethernet/arp.c b/src/vnet/ethernet/arp.c index 0d692cc1070..8df96f6a0f1 100644 --- a/src/vnet/ethernet/arp.c +++ b/src/vnet/ethernet/arp.c @@ -269,7 +269,7 @@ format_ethernet_arp_ip4_entry (u8 * s, va_list * va) flags = format (flags, "N"); s = format (s, "%=12U%=16U%=6s%=20U%U", - format_vlib_cpu_time, vnm->vlib_main, e->cpu_time_last_updated, + format_vlib_time, vnm->vlib_main, e->time_last_updated, format_ip4_address, &e->ip4_address, flags ? (char *) flags : "", format_ethernet_address, e->ethernet_address, @@ -616,14 +616,17 @@ vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm, */ if (0 == memcmp (e->ethernet_address, a->ethernet, sizeof (e->ethernet_address))) - goto check_customers; + { + e->time_last_updated = vlib_time_now (vm); + goto check_customers; + } /* Update time stamp and ethernet address. */ clib_memcpy (e->ethernet_address, a->ethernet, sizeof (e->ethernet_address)); } - e->cpu_time_last_updated = clib_cpu_time_now (); + e->time_last_updated = vlib_time_now (vm); if (is_static) e->flags |= ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC; else @@ -1300,6 +1303,13 @@ ip4_arp_entry_sort (void *a1, void *a2) } ethernet_arp_ip4_entry_t * +ip4_neighbors_pool (void) +{ + ethernet_arp_main_t *am = ðernet_arp_main; + return am->ip4_entry_pool; +} + +ethernet_arp_ip4_entry_t * ip4_neighbor_entries (u32 sw_if_index) { ethernet_arp_main_t *am = ðernet_arp_main; diff --git a/src/vnet/ethernet/arp_packet.h b/src/vnet/ethernet/arp_packet.h index 4b7b0482fb7..d2a23a5949f 100644 --- a/src/vnet/ethernet/arp_packet.h +++ b/src/vnet/ethernet/arp_packet.h @@ -156,7 +156,7 @@ typedef struct ethernet_arp_entry_flags_t flags; - u64 cpu_time_last_updated; + f64 time_last_updated; /** * The index of the adj-fib entry created @@ -164,6 +164,7 @@ typedef struct fib_node_index_t fib_entry_index; } ethernet_arp_ip4_entry_t; +ethernet_arp_ip4_entry_t *ip4_neighbors_pool (void); ethernet_arp_ip4_entry_t *ip4_neighbor_entries (u32 sw_if_index); u8 *format_ethernet_arp_ip4_entry (u8 * s, va_list * va); diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api index bf16c180d4d..d59297b1c20 100644 --- a/src/vnet/ip/ip.api +++ b/src/vnet/ip/ip.api @@ -19,7 +19,7 @@ called through a shared memory interface. */ -option version = "1.2.2"; +option version = "1.2.3"; import "vnet/fib/fib_types.api"; /** \brief Add / del table request @@ -651,6 +651,30 @@ autoreply define ip_source_and_port_range_check_interface_add_del u32 udp_out_vrf_id; }; +/** \brief Enable/disable periodic IP neighbor scan + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param mode - 0: disable, 1: IPv4, 2: IPv6, 3: both IPv4/v6 + @param scan_interval - neighbor scan interval in minutes, 0: default to 1 + @param max_proc_time - max processing time per run in usec, 0: default to 20 + @param max_update - max neighbor probe/delete per run, 0: default to 10 + @param scan_int_delay - delay in msec to resume scan if exceed max proc + time or update, 0: default to 1 + @param stale_threshold - threshold in minutes for neighbor deletion, + 0: default to 4*scan_interval +*/ +autoreply define ip_scan_neighbor_enable_disable +{ + u32 client_index; + u32 context; + u8 mode; + u8 scan_interval; + u8 max_proc_time; + u8 max_update; + u8 scan_int_delay; + u8 stale_threshold; +}; + /** \brief IP probe neighbor address on an interface by sending an ARP request (for IP4) or ICMP6 Neighbor Solicitation (for IP6) @param client_index - opaque cookie to identify the sender diff --git a/src/vnet/ip/ip6_neighbor.c b/src/vnet/ip/ip6_neighbor.c index 81a57ca38ec..6b63e6fbbf6 100644 --- a/src/vnet/ip/ip6_neighbor.c +++ b/src/vnet/ip/ip6_neighbor.c @@ -332,7 +332,7 @@ format_ip6_neighbor_ip6_entry (u8 * s, va_list * va) si = vnet_get_sw_interface (vnm, n->key.sw_if_index); s = format (s, "%=12U%=25U%=6s%=20U%=40U", - format_vlib_cpu_time, vm, n->cpu_time_last_updated, + format_vlib_time, vm, n->time_last_updated, format_ip6_address, &n->key.ip6_address, flags ? (char *) flags : "", format_ethernet_address, n->link_layer_address, @@ -792,14 +792,17 @@ vnet_set_ip6_ethernet_neighbor (vlib_main_t * vm, */ if (0 == memcmp (n->link_layer_address, link_layer_address, n_bytes_link_layer_address)) - goto check_customers; + { + n->time_last_updated = vlib_time_now (vm); + goto check_customers; + } clib_memcpy (n->link_layer_address, link_layer_address, n_bytes_link_layer_address); } /* Update time stamp and flags. */ - n->cpu_time_last_updated = clib_cpu_time_now (); + n->time_last_updated = vlib_time_now (vm); if (is_static) n->flags |= IP6_NEIGHBOR_FLAG_STATIC; else @@ -943,6 +946,13 @@ ip6_neighbor_sort (void *a1, void *a2) } ip6_neighbor_t * +ip6_neighbors_pool (void) +{ + ip6_neighbor_main_t *nm = &ip6_neighbor_main; + return nm->neighbor_pool; +} + +ip6_neighbor_t * ip6_neighbors_entries (u32 sw_if_index) { ip6_neighbor_main_t *nm = &ip6_neighbor_main; diff --git a/src/vnet/ip/ip6_neighbor.h b/src/vnet/ip/ip6_neighbor.h index e46a6b14221..753de56072e 100644 --- a/src/vnet/ip/ip6_neighbor.h +++ b/src/vnet/ip/ip6_neighbor.h @@ -40,10 +40,12 @@ typedef struct ip6_neighbor_key_t key; u8 link_layer_address[8]; ip6_neighbor_flags_t flags; - u64 cpu_time_last_updated; + f64 time_last_updated; fib_node_index_t fib_entry_index; } ip6_neighbor_t; +extern ip6_neighbor_t *ip6_neighbors_pool (void); + extern ip6_neighbor_t *ip6_neighbors_entries (u32 sw_if_index); extern int ip6_neighbor_ra_config (vlib_main_t * vm, u32 sw_if_index, diff --git a/src/vnet/ip/ip_api.c b/src/vnet/ip/ip_api.c index b4d942b6bef..3711c40343b 100644 --- a/src/vnet/ip/ip_api.c +++ b/src/vnet/ip/ip_api.c @@ -25,6 +25,7 @@ #include <vnet/api_errno.h> #include <vnet/ethernet/ethernet.h> #include <vnet/ip/ip.h> +#include <vnet/ip/ip_neighbor.h> #include <vnet/ip/ip6_neighbor.h> #include <vnet/fib/fib_table.h> #include <vnet/fib/fib_api.h> @@ -77,6 +78,7 @@ _(IP_DUMP, ip_dump) \ _(IP_NEIGHBOR_ADD_DEL, ip_neighbor_add_del) \ _(SET_ARP_NEIGHBOR_LIMIT, set_arp_neighbor_limit) \ _(IP_PROBE_NEIGHBOR, ip_probe_neighbor) \ +_(IP_SCAN_NEIGHBOR_ENABLE_DISABLE, ip_scan_neighbor_enable_disable) \ _(WANT_IP4_ARP_EVENTS, want_ip4_arp_events) \ _(WANT_IP6_ND_EVENTS, want_ip6_nd_events) \ _(WANT_IP6_RA_EVENTS, want_ip6_ra_events) \ @@ -2722,6 +2724,25 @@ vl_api_ip_probe_neighbor_t_handler (vl_api_ip_probe_neighbor_t * mp) REPLY_MACRO (VL_API_PROXY_ARP_INTFC_ENABLE_DISABLE_REPLY); } +static void + vl_api_ip_scan_neighbor_enable_disable_t_handler + (vl_api_ip_scan_neighbor_enable_disable_t * mp) +{ + int rv = 0; + vl_api_ip_scan_neighbor_enable_disable_reply_t *rmp; + ip_neighbor_scan_arg_t arg; + + arg.mode = mp->mode; + arg.scan_interval = mp->scan_interval; + arg.max_proc_time = mp->max_proc_time; + arg.max_update = mp->max_update; + arg.scan_int_delay = mp->scan_int_delay; + arg.stale_threshold = mp->stale_threshold; + ip_neighbor_scan_enable_disable (&arg); + + REPLY_MACRO (VL_API_IP_SCAN_NEIGHBOR_ENABLE_DISABLE_REPLY); +} + static int ip4_reset_fib_t_handler (vl_api_reset_fib_t * mp) { diff --git a/src/vnet/ip/ip_neighbor.c b/src/vnet/ip/ip_neighbor.c new file mode 100644 index 00000000000..a43fdfd58b3 --- /dev/null +++ b/src/vnet/ip/ip_neighbor.c @@ -0,0 +1,408 @@ +/* + * src/vnet/ip/ip_neighboor.c: ip neighbor generic handling + * + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <vnet/vnet.h> +#include <vnet/ip/ip.h> +#include <vnet/ip/ip6_neighbor.h> +#include <vnet/ip/ip_neighbor.h> +#include <vnet/ethernet/arp_packet.h> + +/* + * IP neighbor scan parameter defaults are as follows: + * - Scan interval : 60 sec + * - Max processing allowed per run : 20 usec + * - Max probe/delete operations per run : 10 + * - Scan interrupt delay to resume scan : 1 msec + * - Neighbor stale threashold : 4 x scan-interval + */ +#define IP_NEIGHBOR_DEF_SCAN_INTERVAL (60.0) +#define IP_NEIGHBOR_DEF_MAX_PROC_TIME (20e-6) +#define IP_NEIGHBOR_DEF_SCAN_INT_DELAY (1e-3) +#define IP_NEIGHBOR_DEF_STALE (4*IP_NEIGHBOR_DEF_SCAN_INTERVAL) +#define IP_NEIGHBOR_DEF_MAX_UPDATE 10 + +typedef struct +{ + f64 scan_interval; /* Periodic scan interval */ + f64 max_proc_time; /* Max processing time allowed per run */ + f64 scan_int_delay; /* Scan interrupt delay to resume scan */ + f64 stale_threshold; /* IP neighbor stale threshod */ + u8 max_update; /* Max probe/delete actions allowed per run */ + u8 mode; /* IP neighbor scan mode */ +} ip_neighbor_scan_config_t; + +static ip_neighbor_scan_config_t ip_neighbor_scan_conf; + +void +ip_neighbor_scan_enable_disable (ip_neighbor_scan_arg_t * arg) +{ + ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf; + + cfg->mode = arg->mode; + + if (arg->mode) + { + cfg->scan_interval = arg->scan_interval ? + arg->scan_interval * 1.0 : IP_NEIGHBOR_DEF_SCAN_INTERVAL; + cfg->max_proc_time = arg->max_proc_time ? + arg->max_proc_time * 1e-6 : IP_NEIGHBOR_DEF_MAX_PROC_TIME; + cfg->scan_int_delay = arg->scan_int_delay ? + arg->scan_int_delay * 1e-3 : IP_NEIGHBOR_DEF_SCAN_INT_DELAY; + cfg->stale_threshold = arg->stale_threshold ? + arg->stale_threshold * 1.0 : cfg->scan_interval * 4; + cfg->max_update = arg->max_update ? + cfg->max_update : IP_NEIGHBOR_DEF_MAX_UPDATE; + } + else + cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL; +} + +static_always_inline u32 +ip_neighbor_scan (vlib_main_t * vm, f64 start_time, u32 start_idx, + u8 is_ip6, u8 delete_stale, u8 * update_count) +{ + vnet_main_t *vnm = vnet_get_main (); + ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf; + ethernet_arp_ip4_entry_t *np4 = ip4_neighbors_pool (); + ip6_neighbor_t *np6 = ip6_neighbors_pool (); + ethernet_arp_ip4_entry_t *n4; + ip6_neighbor_t *n6; + u32 curr_idx = start_idx; + u32 loop_count = 0; + f64 delta, update_time; + + if (!is_ip6) + { + if (pool_is_free_index (np4, start_idx)) + curr_idx = pool_next_index (np4, start_idx); + } + else + { + if (pool_is_free_index (np6, start_idx)) + curr_idx = pool_next_index (np6, start_idx); + } + + while (curr_idx != ~0) + { + /* allow no more than 10 neighbor updates or 20 usec of scan */ + if ((update_count[0] >= cfg->max_update) || + (((loop_count % 100) == 0) && + ((vlib_time_now (vm) - start_time) > cfg->max_proc_time))) + break; + + if (!is_ip6) + { + n4 = pool_elt_at_index (np4, curr_idx); + if (n4->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC) + goto next_neighbor; + update_time = n4->time_last_updated; + } + else + { + n6 = pool_elt_at_index (np6, curr_idx); + if (n6->flags & IP6_NEIGHBOR_FLAG_STATIC) + goto next_neighbor; + update_time = n6->time_last_updated; + } + + delta = start_time - update_time; + if (delete_stale && (delta >= cfg->stale_threshold)) + { + update_count[0]++; + /* delete stale neighbor */ + if (!is_ip6) + { + ethernet_arp_ip4_over_ethernet_address_t delme; + clib_memcpy (&delme.ethernet, n4->ethernet_address, 6); + delme.ip4.as_u32 = n4->ip4_address.as_u32; + vnet_arp_unset_ip4_over_ethernet (vnm, n4->sw_if_index, &delme); + } + else + { + vnet_unset_ip6_ethernet_neighbor + (vm, n6->key.sw_if_index, &n6->key.ip6_address, + n6->link_layer_address, 6); + } + } + else if (delta >= cfg->scan_interval) + { + update_count[0]++; + /* probe neighbor */ + if (!is_ip6) + ip4_probe_neighbor (vm, &n4->ip4_address, n4->sw_if_index); + else + ip6_probe_neighbor (vm, &n6->key.ip6_address, + n6->key.sw_if_index); + } + + next_neighbor: + loop_count++; + + if (!is_ip6) + curr_idx = pool_next_index (np4, curr_idx); + else + curr_idx = pool_next_index (np6, curr_idx); + } + + return curr_idx; +} + +static uword +neighbor_scan_process (vlib_main_t * vm, + vlib_node_runtime_t * rt, vlib_frame_t * f) +{ + ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf; + f64 timeout = IP_NEIGHBOR_DEF_SCAN_INTERVAL; + f64 start, next_scan = CLIB_TIME_MAX; + u32 ip4_nidx = 0; /* ip4 neighbor pool index */ + u32 ip6_nidx = 0; /* ip6 neighbor pool index */ + uword *event_data = 0; + u8 purge4 = 0, purge6 = 0; /* flags to purge stale entry during scan */ + u8 update; + + cfg->mode = IP_SCAN_DISABLED; + cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL; + cfg->scan_int_delay = IP_NEIGHBOR_DEF_SCAN_INTERVAL; + + while (1) + { + vlib_process_wait_for_event_or_clock (vm, timeout); + vlib_process_get_events (vm, &event_data); + vec_reset_length (event_data); + + start = vlib_time_now (vm); + update = 0; + + if ((ip4_nidx == 0) && (ip6_nidx == 0)) /* starting a fresh scan */ + next_scan = start + cfg->scan_interval; + + if ((cfg->mode & IP_SCAN_V4_NEIGHBORS) == 0) + ip4_nidx = ~0; /* disable ip4 neighbor scan */ + + if ((cfg->mode & IP_SCAN_V6_NEIGHBORS) == 0) + ip6_nidx = ~0; /* disable ip6 neighbor scan */ + + if (ip4_nidx != ~0) /* scan ip4 neighbors */ + ip4_nidx = ip_neighbor_scan (vm, start, ip4_nidx, /* ip4 */ 0, + purge4, &update); + + if (ip6_nidx != ~0) /* scan ip6 neighbors */ + ip6_nidx = ip_neighbor_scan (vm, start, ip6_nidx, /* ip6 */ 1, + purge6, &update); + + if ((ip4_nidx == ~0) && (ip6_nidx == ~0)) + { /* scan complete */ + timeout = next_scan - vlib_time_now (vm); + ip4_nidx = ip6_nidx = 0; + purge4 = cfg->mode & IP_SCAN_V4_NEIGHBORS; + purge6 = cfg->mode & IP_SCAN_V6_NEIGHBORS; + } + else /* scan incomplete */ + timeout = cfg->scan_int_delay; + + if (timeout > cfg->scan_interval) + timeout = cfg->scan_interval; + else if (timeout < cfg->scan_int_delay) + timeout = cfg->scan_int_delay; + + } + return 0; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (neighbor_scan_process_node,static) = { + .function = neighbor_scan_process, + .type = VLIB_NODE_TYPE_PROCESS, + .name = "ip-neighbor-scan-process", +}; +/* *INDENT-ON* */ + +static clib_error_t * +ip_neighbor_scan_cli (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *error = 0; + u32 interval = 0, time = 0, update = 0, delay = 0, stale = 0; + ip_neighbor_scan_arg_t arg; + + memset (&arg, 0, sizeof (arg)); + arg.mode = IP_SCAN_V46_NEIGHBORS; + + /* Get a line of input. */ + if (!unformat_user (input, unformat_line_input, line_input)) + { + ip_neighbor_scan_enable_disable (&arg); + return error; + } + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "ip4")) + arg.mode = IP_SCAN_V4_NEIGHBORS; + + else if (unformat (line_input, "ip6")) + arg.mode = IP_SCAN_V6_NEIGHBORS; + + else if (unformat (line_input, "both")) + arg.mode = IP_SCAN_V46_NEIGHBORS; + + else if (unformat (line_input, "disable")) + arg.mode = IP_SCAN_DISABLED; + + else if (unformat (line_input, "interval %d", &interval)) + arg.scan_interval = interval; + + else if (unformat (line_input, "max-time %d", &time)) + arg.max_proc_time = time; + + else if (unformat (line_input, "max-update %d", &update)) + arg.max_update = update; + + else if (unformat (line_input, "delay %d", &delay)) + arg.scan_int_delay = delay; + + else if (unformat (line_input, "stale %d", &stale)) + arg.stale_threshold = stale; + + else + { + error = clib_error_return (0, "unknown input '%U'", + format_unformat_error, line_input); + goto done; + } + } + + if (interval > 255) + { + error = clib_error_return (0, "interval cannot exceed 255 minutes."); + goto done; + } + if (time > 255) + { + error = clib_error_return (0, "max-time cannot exceed 255 usec."); + goto done; + } + if (update > 255) + { + error = clib_error_return (0, "max-update cannot exceed 255."); + goto done; + } + if (delay > 255) + { + error = clib_error_return (0, "delay cannot exceed 255 msec."); + goto done; + } + if (stale > 255) + { + error = clib_error_return (0, "stale cannot exceed 255 minutes."); + goto done; + } + + ip_neighbor_scan_enable_disable (&arg); + +done: + unformat_free (line_input); + + return error; +} + +/*? + * The '<em>ip scan-neighbor</em>' command can be used to enable and disable + * periodic IP neighbor scan and change various scan parameneters. + * + * @note The default parameters used for IP neighbor scan should work fine + * under normal conditions. They should not be changed from the default unless + * properly tested to work as desied. + * + * @cliexpar + * Example of enabling IP neighbor scan: + * @cliexcmd{ip neighbor-scan enable} +?*/ +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (ip_scan_neighbor_command, static) = { + .path = "ip scan-neighbor", + .function = ip_neighbor_scan_cli, + .short_help = "ip scan-neighbor [ip4|ip6|both|disable] [interval <n-min>] [max-time <n-usec>] [max-update <n>] [delay <n-msec>] [stale <n-min>]", + .is_mp_safe = 1, +}; +/* *INDENT-ON* */ + +static u8 * +format_ip_scan_mode (u8 * s, va_list * args) +{ + u8 mode = va_arg (*args, u32); + switch (mode) + { + case IP_SCAN_V4_NEIGHBORS: + return format (s, "IPv4"); + case IP_SCAN_V6_NEIGHBORS: + return format (s, "IPv6"); + case IP_SCAN_V46_NEIGHBORS: + return format (s, "IPv4 and IPv6"); + } + return format (s, "unknown"); +} + +static clib_error_t * +show_ip_neighbor_scan (vlib_main_t * vm, unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf; + + if (cfg->mode == 0) + vlib_cli_output (vm, + "IP neighbor scan disabled - current time is %.4f sec", + vlib_time_now (vm)); + else + vlib_cli_output (vm, "IP neighbor scan enabled for %U neighbors - " + "current time is %.4f sec\n " + "Full_scan_interval: %f min " + "Stale_purge_threshod: %f min\n " + "Max_process_time: %f usec Max_updates %d " + "Delay_to_resume_after_max_limit: %f msec", + format_ip_scan_mode, cfg->mode, + vlib_time_now (vm), cfg->scan_interval / 60.0, + cfg->stale_threshold / 60.0, cfg->max_proc_time / 1e-6, + cfg->max_update, cfg->scan_int_delay / 1e-3); + return 0; +} + +/*? + * The '<em>show ip scan-neighbor</em>' command can be used to show the current + * periodic IP neighbor scan parameters + * + * @cliexpar + * Example of showing IP neighbor scan current parameters: + * @cliexcmd{show ip neighbor-scan} +?*/ +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (show_ip_scan_neighbor_command, static) = { + .path = "show ip scan-neighbor", + .function = show_ip_neighbor_scan, + .short_help = "show ip scan-neighbor", + .is_mp_safe = 1, +}; +/* *INDENT-ON* */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ip/ip_neighbor.h b/src/vnet/ip/ip_neighbor.h new file mode 100644 index 00000000000..d2790bcce5e --- /dev/null +++ b/src/vnet/ip/ip_neighbor.h @@ -0,0 +1,46 @@ +/* + * ip_neighboor.h: ip neighbor generic services + * + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef included_ip_neighbor_h +#define included_ip_neighbor_h + +#define IP_SCAN_DISABLED 0 +#define IP_SCAN_V4_NEIGHBORS (1 << 0) +#define IP_SCAN_V6_NEIGHBORS (1 << 1) +#define IP_SCAN_V46_NEIGHBORS (IP_SCAN_V4_NEIGHBORS | IP_SCAN_V6_NEIGHBORS) + +typedef struct +{ + u8 mode; /* 0: disable, 1: ip4, 2: ip6, 3: both */ + u8 scan_interval; /* neighbor scan interval in minutes */ + u8 max_proc_time; /* max processing time per run, in usecs */ + u8 max_update; /* max probe/delete operations per run */ + u8 scan_int_delay; /* delay in msecs, to resume scan on max */ + u8 stale_threshold; /* Threashold in minutes to delete nei entry */ +} ip_neighbor_scan_arg_t; + +void ip_neighbor_scan_enable_disable (ip_neighbor_scan_arg_t * arg); + +#endif /* included_ip_neighbor_h */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/l2/l2_fib.c b/src/vnet/l2/l2_fib.c index 99d99c57f73..918700b2129 100644 --- a/src/vnet/l2/l2_fib.c +++ b/src/vnet/l2/l2_fib.c @@ -1122,9 +1122,6 @@ l2fib_scan (vlib_main_t * vm, f64 start_time, u8 event_only) return delta_t + accum_t; } -/* Maximum f64 value */ -#define TIME_MAX (1.7976931348623157e+308) - static uword l2fib_mac_age_scanner_process (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) @@ -1133,7 +1130,7 @@ l2fib_mac_age_scanner_process (vlib_main_t * vm, vlib_node_runtime_t * rt, l2fib_main_t *fm = &l2fib_main; l2learn_main_t *lm = &l2learn_main; bool enabled = 0; - f64 start_time, next_age_scan_time = TIME_MAX; + f64 start_time, next_age_scan_time = CLIB_TIME_MAX; while (1) { @@ -1192,7 +1189,7 @@ l2fib_mac_age_scanner_process (vlib_main_t * vm, vlib_node_runtime_t * rt, if (enabled) next_age_scan_time = start_time + L2FIB_AGE_SCAN_INTERVAL; else - next_age_scan_time = TIME_MAX; + next_age_scan_time = CLIB_TIME_MAX; } } return 0; diff --git a/src/vpp/api/custom_dump.c b/src/vpp/api/custom_dump.c index 26e87d67cbc..ba5515044e0 100644 --- a/src/vpp/api/custom_dump.c +++ b/src/vpp/api/custom_dump.c @@ -19,6 +19,7 @@ #include <vnet/vnet.h> #include <vnet/ip/ip.h> +#include <vnet/ip/ip_neighbor.h> #include <vnet/unix/tuntap.h> #include <vnet/mpls/mpls.h> #include <vnet/dhcp/dhcp_proxy.h> @@ -2011,6 +2012,37 @@ static void *vl_api_ip_probe_neighbor_t_print FINISH; } +static void *vl_api_ip_scan_neighbor_enable_disable_t_print + (vl_api_ip_scan_neighbor_enable_disable_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: ip_scan_neighbor_enable_disable "); + + switch (mp->mode) + { + case IP_SCAN_V4_NEIGHBORS: + s = format (s, "ip4 "); + break; + case IP_SCAN_V6_NEIGHBORS: + s = format (s, "ip6 "); + break; + case IP_SCAN_V46_NEIGHBORS: + s = format (s, "both "); + break; + default: + s = format (s, "disable "); + } + + s = format (s, "interval %d ", mp->scan_interval); + s = format (s, "max-time %d ", mp->max_proc_time); + s = format (s, "max-update %d ", mp->max_update); + s = format (s, "delay %d ", mp->scan_int_delay); + s = format (s, "stale %d ", mp->stale_threshold); + + FINISH; +} + static void *vl_api_want_ip4_arp_events_t_print (vl_api_want_ip4_arp_events_t * mp, void *handle) { @@ -3545,6 +3577,7 @@ _(VXLAN_GPE_ADD_DEL_TUNNEL, vxlan_gpe_add_del_tunnel) \ _(VXLAN_GPE_TUNNEL_DUMP, vxlan_gpe_tunnel_dump) \ _(INTERFACE_NAME_RENUMBER, interface_name_renumber) \ _(IP_PROBE_NEIGHBOR, ip_probe_neighbor) \ +_(IP_SCAN_NEIGHBOR_ENABLE_DISABLE, ip_scan_neighbor_enable_disable) \ _(WANT_IP4_ARP_EVENTS, want_ip4_arp_events) \ _(WANT_IP6_ND_EVENTS, want_ip6_nd_events) \ _(WANT_L2_MACS_EVENTS, want_l2_macs_events) \ diff --git a/src/vppinfra/pool.h b/src/vppinfra/pool.h index 8b39a914eb5..0f64262abf1 100644 --- a/src/vppinfra/pool.h +++ b/src/vppinfra/pool.h @@ -475,6 +475,9 @@ do { \ (_pool_var (rv) < vec_len (P) ? \ clib_bitmap_next_clear (_pool_var (p)->free_bitmap, _pool_var(rv)) \ : ~0); \ + _pool_var(rv) = \ + (_pool_var (rv) < vec_len (P) ? \ + _pool_var (rv) : ~0); \ _pool_var(rv); \ }) diff --git a/src/vppinfra/time.h b/src/vppinfra/time.h index ead4b7d8ea4..39bc188ebe5 100644 --- a/src/vppinfra/time.h +++ b/src/vppinfra/time.h @@ -196,6 +196,9 @@ clib_time_now_internal (clib_time_t * c, u64 n) return t * c->seconds_per_clock; } +/* Maximum f64 value as max clib_time */ +#define CLIB_TIME_MAX (1.7976931348623157e+308) + always_inline f64 clib_time_now (clib_time_t * c) { |