summaryrefslogtreecommitdiffstats
path: root/vnet
diff options
context:
space:
mode:
Diffstat (limited to 'vnet')
-rw-r--r--vnet/vnet/lisp-cp/control.c315
-rw-r--r--vnet/vnet/lisp-cp/control.h2
-rw-r--r--vnet/vnet/lisp-cp/gid_dictionary.c4
-rw-r--r--vnet/vnet/lisp-cp/lisp_msg_serdes.c2
-rw-r--r--vnet/vnet/lisp-cp/lisp_types.h2
5 files changed, 215 insertions, 110 deletions
diff --git a/vnet/vnet/lisp-cp/control.c b/vnet/vnet/lisp-cp/control.c
index 49f5d889e31..de048a4144a 100644
--- a/vnet/vnet/lisp-cp/control.c
+++ b/vnet/vnet/lisp-cp/control.c
@@ -36,9 +36,14 @@ typedef struct
typedef struct
{
- mapping_t *mappings;
u64 nonce;
-} map_reply_args_t;
+ u8 is_rloc_probe;
+ mapping_t *mappings;
+} map_records_arg_t;
+
+static int
+lisp_add_del_adjacency (lisp_cp_main_t * lcm, gid_address_t * local_eid,
+ gid_address_t * remote_eid, u8 is_add);
u8
vnet_lisp_get_map_request_mode (void)
@@ -366,6 +371,7 @@ get_locator_pairs (lisp_cp_main_t * lcm, mapping_t * lcl_map,
&gid_address_ip (&rmt->address));
ip_address_copy (&pair.lcl_loc, lcl_addr);
pair.weight = rmt->weight;
+ pair.priority = rmt->priority;
vec_add1 (locator_pairs[0], pair);
found = 1;
}
@@ -1156,7 +1162,10 @@ remove_overlapping_sub_prefixes (lisp_cp_main_t * lcm, gid_address_t * eid,
remove_mapping_if_needed, &a);
vec_foreach (e, a.eids_to_be_deleted)
+ {
+ lisp_add_del_adjacency (lcm, 0, e, 0 /* is_add */ );
vnet_lisp_add_del_mapping (e, 0, 0, 0, 0, 0 /* is add */ , 0, 0);
+ }
vec_free (a.eids_to_be_deleted);
}
@@ -1351,7 +1360,7 @@ cleanup:
* Note that adjacencies are not stored, they only result in forwarding entries
* being created.
*/
-int
+static int
lisp_add_del_adjacency (lisp_cp_main_t * lcm, gid_address_t * local_eid,
gid_address_t * remote_eid, u8 is_add)
{
@@ -3519,13 +3528,18 @@ send_rloc_probe (lisp_cp_main_t * lcm, gid_address_t * deid,
static int
send_rloc_probes (lisp_cp_main_t * lcm)
{
+ u8 lprio = 0;
mapping_t *lm;
fwd_entry_t *e;
+ locator_pair_t *lp;
u32 si;
/* *INDENT-OFF* */
pool_foreach (e, lcm->fwd_entry_pool,
{
+ if (vec_len (e->locator_pairs) == 0)
+ continue;
+
si = gid_dictionary_lookup (&lcm->mapping_index_by_gid, &e->leid);
if (~0 == si)
{
@@ -3535,16 +3549,19 @@ send_rloc_probes (lisp_cp_main_t * lcm)
}
lm = pool_elt_at_index (lcm->mapping_pool, si);
- if (vec_len (e->locator_pairs) == 0)
- continue;
+ /* get the best (lowest) priority */
+ lprio = e->locator_pairs[0].priority;
- /* TODO send rloc-probe for each pair? for now assume there is only one
- pair at a time */
- locator_pair_t *lp = &e->locator_pairs[0];
+ /* send rloc-probe for pair(s) with the best remote locator priority */
+ vec_foreach (lp, e->locator_pairs)
+ {
+ if (lp->priority != lprio)
+ break;
- /* get first remote locator */
- send_rloc_probe (lcm, &e->reid, lm->locator_set_index, &lp->lcl_loc,
- &lp->rmt_loc);
+ /* get first remote locator */
+ send_rloc_probe (lcm, &e->reid, lm->locator_set_index, &lp->lcl_loc,
+ &lp->rmt_loc);
+ }
});
/* *INDENT-ON* */
@@ -3561,6 +3578,7 @@ send_map_register (lisp_cp_main_t * lcm, u8 want_map_notif)
u64 nonce = 0;
u32 next_index, *to_next;
ip_address_t *ms = 0;
+ mapping_t *records, *r, *g;
// TODO: support multiple map servers and do election
if (0 == vec_len (lcm->map_servers))
@@ -3575,38 +3593,44 @@ send_map_register (lisp_cp_main_t * lcm, u8 want_map_notif)
return -1;
}
- /* TODO build mapping records grouped by secret key and send one map-register
- per group. Currently only one secret key per vpp is supported */
- mapping_t *records = build_map_register_record_list (lcm);
+ records = build_map_register_record_list (lcm);
if (!records)
return -1;
- u8 *key = records[0].key;
- u8 key_id = records[0].key_id;
+ vec_foreach (r, records)
+ {
+ u8 *key = r->key;
+ u8 key_id = r->key_id;
+
+ if (!key)
+ continue; /* no secret key -> map-register cannot be sent */
+
+ g = 0;
+ // TODO: group mappings that share common key
+ vec_add1 (g, r[0]);
+ b = build_map_register (lcm, &sloc, ms, &nonce, want_map_notif, g,
+ key_id, key, &bi);
+ vec_free (g);
+ if (!b)
+ continue;
- if (!key)
- return 0; /* no secret key -> map-register cannot be sent */
+ vnet_buffer (b)->sw_if_index[VLIB_TX] = 0;
- b = build_map_register (lcm, &sloc, ms, &nonce, want_map_notif, records,
- key_id, key, &bi);
- if (!b)
- return -1;
- free_map_register_records (records);
-
- vnet_buffer (b)->sw_if_index[VLIB_TX] = 0;
+ next_index = (ip_addr_version (&lcm->active_map_resolver) == IP4) ?
+ ip4_lookup_node.index : ip6_lookup_node.index;
- next_index = (ip_addr_version (&lcm->active_map_resolver) == IP4) ?
- ip4_lookup_node.index : ip6_lookup_node.index;
+ f = vlib_get_frame_to_node (lcm->vlib_main, next_index);
- f = vlib_get_frame_to_node (lcm->vlib_main, next_index);
+ /* Enqueue the packet */
+ to_next = vlib_frame_vector_args (f);
+ to_next[0] = bi;
+ f->n_vectors = 1;
+ vlib_put_frame_to_node (lcm->vlib_main, next_index, f);
- /* Enqueue the packet */
- to_next = vlib_frame_vector_args (f);
- to_next[0] = bi;
- f->n_vectors = 1;
- vlib_put_frame_to_node (lcm->vlib_main, next_index, f);
+ hash_set (lcm->map_register_messages_by_nonce, nonce, 0);
+ }
+ free_map_register_records (records);
- hash_set (lcm->map_register_messages_by_nonce, nonce, 0);
return 0;
}
@@ -4110,26 +4134,30 @@ mapping_start_expiration_timer (lisp_cp_main_t * lcm, u32 mi,
}
static void
-map_reply_args_free (map_reply_args_t * a)
+map_records_arg_free (map_records_arg_t * a)
{
mapping_t *m;
vec_foreach (m, a->mappings)
{
- gid_address_free (&m->eid);
vec_free (m->locators);
+ gid_address_free (&m->eid);
}
+
clib_mem_free (a);
}
void *
-process_map_reply (map_reply_args_t * a)
+process_map_reply (map_records_arg_t * a)
{
- u64 *noncep;
+ mapping_t *m;
lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
- u32 dst_map_index = ~0;
+ u32 dst_map_index = 0;
pending_map_request_t *pmr;
+ u64 *noncep;
uword *pmr_index;
- mapping_t *m;
+
+ if (a->is_rloc_probe)
+ goto done;
/* Check pending requests table and nonce */
pmr_index = hash_get (lcm->pending_map_requests_by_nonce, a->nonce);
@@ -4168,7 +4196,7 @@ process_map_reply (map_reply_args_t * a)
pool_put (lcm->pending_map_requests_pool, pmr);
done:
- map_reply_args_free (a);
+ map_records_arg_free (a);
return 0;
}
@@ -4206,83 +4234,151 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len,
}
static void
-process_map_notify (vlib_main_t * vm, lisp_cp_main_t * lcm, vlib_buffer_t * b)
+process_map_notify (map_records_arg_t * a)
{
- lisp_key_type_t key_id;
- gid_address_t deid;
- mapping_t *m;
- u32 i, mi, len;
- map_notify_hdr_t *mnotif_hdr;
- u64 nonce;
+ lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
uword *pmr_index;
- locator_t *locators = 0, *loc;
- u16 auth_data_len = 0;
- mnotif_hdr = vlib_buffer_get_current (b);
- vlib_buffer_pull (b, sizeof (*mnotif_hdr));
- memset (&deid, 0, sizeof (deid));
-
- nonce = MNOTIFY_NONCE (mnotif_hdr);
- key_id = clib_net_to_host_u16 (MNOTIFY_KEY_ID (mnotif_hdr));
- auth_data_len = auth_data_len_by_key_id (key_id);
-
- pmr_index = hash_get (lcm->map_register_messages_by_nonce, nonce);
+ pmr_index = hash_get (lcm->map_register_messages_by_nonce, a->nonce);
if (!pmr_index)
{
- clib_warning ("No pending map-register entry with nonce %lu!", nonce);
+ clib_warning ("No pending map-register entry with nonce %lu!",
+ a->nonce);
return;
}
- /* advance buffer by authentication data */
- vlib_buffer_pull (b, auth_data_len);
+ map_records_arg_free (a);
+ hash_unset (lcm->map_register_messages_by_nonce, a->nonce);
+}
+
+static mapping_t *
+get_mapping (lisp_cp_main_t * lcm, gid_address_t * e)
+{
+ u32 mi;
+
+ mi = gid_dictionary_lookup (&lcm->mapping_index_by_gid, e);
+ if (~0 == mi)
+ {
+ clib_warning ("eid %U not found in map-cache!", unformat_gid_address,
+ e);
+ return 0;
+ }
+ return pool_elt_at_index (lcm->mapping_pool, mi);
+}
+
+/**
+ * When map-notify is received it is necessary that all EIDs in the record
+ * list share common key. The key is then used to verify authentication
+ * data in map-notify message.
+ */
+static int
+map_record_integrity_check (lisp_cp_main_t * lcm, mapping_t * maps,
+ u32 key_id, u8 ** key_out)
+{
+ u32 i, len = vec_len (maps);
+ mapping_t *m;
+
+ /* get key of the first mapping */
+ m = get_mapping (lcm, &maps[0].eid);
+ if (!m || !m->key)
+ return -1;
+
+ key_out[0] = m->key;
+
+ for (i = 1; i < len; i++)
+ {
+ m = get_mapping (lcm, &maps[i].eid);
+ if (!m || !m->key)
+ return -1;
+
+ if (key_id != m->key_id || vec_cmp (m->key, key_out[0]))
+ {
+ clib_warning ("keys does not match! %v, %v", key_out[0], m->key);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static int
+parse_map_records (vlib_buffer_t * b, map_records_arg_t * a, u8 count)
+{
+ locator_t *locators = 0;
+ u32 i, len;
+ gid_address_t deid;
+ mapping_t m;
+ locator_t *loc;
/* parse record eid */
- for (i = 0; i < MNOTIFY_REC_COUNT (mnotif_hdr); i++)
+ for (i = 0; i < count; i++)
{
len = lisp_msg_parse_mapping_record (b, &deid, &locators, NULL);
if (len == ~0)
{
clib_warning ("Failed to parse mapping record!");
- vec_foreach (loc, locators)
- {
- locator_free (loc);
- }
+ vec_foreach (loc, locators) locator_free (loc);
vec_free (locators);
- return;
+ return -1;
}
- vec_free (locators);
+ m.locators = locators;
+ gid_address_copy (&m.eid, &deid);
+ vec_add1 (a->mappings, m);
}
- /* lookup eid in map-cache */
- mi = gid_dictionary_lookup (&lcm->mapping_index_by_gid, &deid);
- if (~0 == mi)
+ return 0;
+}
+
+static map_records_arg_t *
+parse_map_notify (vlib_buffer_t * b)
+{
+ int rc = 0;
+ map_notify_hdr_t *mnotif_hdr;
+ lisp_key_type_t key_id;
+ lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
+ u8 *key = 0;
+ gid_address_t deid;
+ u16 auth_data_len = 0;
+ u8 record_count;
+ map_records_arg_t *a = clib_mem_alloc (sizeof (*a));
+
+ memset (a, 0, sizeof (*a));
+ mnotif_hdr = vlib_buffer_get_current (b);
+ vlib_buffer_pull (b, sizeof (*mnotif_hdr));
+ memset (&deid, 0, sizeof (deid));
+
+ a->nonce = MNOTIFY_NONCE (mnotif_hdr);
+ key_id = clib_net_to_host_u16 (MNOTIFY_KEY_ID (mnotif_hdr));
+ auth_data_len = auth_data_len_by_key_id (key_id);
+
+ /* advance buffer by authentication data */
+ vlib_buffer_pull (b, auth_data_len);
+
+ record_count = MNOTIFY_REC_COUNT (mnotif_hdr);
+ rc = parse_map_records (b, a, record_count);
+ if (rc != 0)
{
- clib_warning ("eid %U not found in map-cache!", unformat_gid_address,
- &deid);
- return;
+ map_records_arg_free (a);
+ return 0;
}
- m = pool_elt_at_index (lcm->mapping_pool, mi);
- if (!m->key)
+ rc = map_record_integrity_check (lcm, a->mappings, key_id, &key);
+ if (rc != 0)
{
- clib_warning ("There is no secret key assigned to %U!",
- format_gid_address, &deid);
- goto done;
+ map_records_arg_free (a);
+ return 0;
}
/* verify authentication data */
if (!is_auth_data_valid (mnotif_hdr, vlib_buffer_get_tail (b)
- - (u8 *) mnotif_hdr, m->key_id, m->key))
+ - (u8 *) mnotif_hdr, key_id, key))
{
clib_warning ("Map-notify auth data verification failed for nonce %lu!",
- nonce);
- goto done;
+ a->nonce);
+ map_records_arg_free (a);
+ return 0;
}
-
-done:
- hash_unset (lcm->map_register_messages_by_nonce, nonce);
- gid_address_free (&deid);
+ return a;
}
static vlib_buffer_t *
@@ -4374,7 +4470,7 @@ process_map_request (vlib_main_t * vm, lisp_cp_main_t * lcm,
gid_address_t src, dst;
u64 nonce;
u32 i, len = 0;
- gid_address_t *itr_rlocs = 0, *rloc;
+ gid_address_t *itr_rlocs = 0;
mreq_hdr = vlib_buffer_get_current (b);
@@ -4416,10 +4512,8 @@ process_map_request (vlib_main_t * vm, lisp_cp_main_t * lcm,
if (len == ~0)
return;
- /* for now we don't do anything with the itr's rlocs */
- len =
- lisp_msg_parse_itr_rlocs (b, &itr_rlocs,
- MREQ_ITR_RLOC_COUNT (mreq_hdr) + 1);
+ len = lisp_msg_parse_itr_rlocs (b, &itr_rlocs,
+ MREQ_ITR_RLOC_COUNT (mreq_hdr) + 1);
if (len == ~0)
return;
@@ -4459,19 +4553,10 @@ process_map_request (vlib_main_t * vm, lisp_cp_main_t * lcm,
}
done:
- vec_foreach (rloc, itr_rlocs)
- {
- gid_address_free (rloc);
- }
-}
-
-static void
-queue_map_reply_for_processing (map_reply_args_t * a)
-{
- vl_api_rpc_call_main_thread (process_map_reply, (u8 *) a, sizeof (a));
+ vec_free (itr_rlocs);
}
-static map_reply_args_t *
+static map_records_arg_t *
parse_map_reply (vlib_buffer_t * b)
{
locator_t probed;
@@ -4480,12 +4565,13 @@ parse_map_reply (vlib_buffer_t * b)
u32 i, len = 0;
mapping_t m;
map_reply_hdr_t *mrep_hdr;
- map_reply_args_t *a = clib_mem_alloc (sizeof (*a));
+ map_records_arg_t *a = clib_mem_alloc (sizeof (*a));
memset (a, 0, sizeof (*a));
locator_t *locators;
mrep_hdr = vlib_buffer_get_current (b);
a->nonce = MREP_NONCE (mrep_hdr);
+ a->is_rloc_probe = MREP_RLOC_PROBE (mrep_hdr);
vlib_buffer_pull (b, sizeof (*mrep_hdr));
for (i = 0; i < MREP_REC_COUNT (mrep_hdr); i++)
@@ -4502,7 +4588,7 @@ parse_map_reply (vlib_buffer_t * b)
if (len == ~0)
{
clib_warning ("Failed to parse mapping record!");
- map_reply_args_free (a);
+ map_records_arg_free (a);
return 0;
}
@@ -4513,18 +4599,31 @@ parse_map_reply (vlib_buffer_t * b)
return a;
}
+static void
+queue_map_reply_for_processing (map_records_arg_t * a)
+{
+ vl_api_rpc_call_main_thread (process_map_reply, (u8 *) a, sizeof (a));
+}
+
+static void
+queue_map_notify_for_processing (map_records_arg_t * a)
+{
+ vl_api_rpc_call_main_thread (process_map_notify, (u8 *) a, sizeof (a[0]));
+}
+
static uword
lisp_cp_input (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * from_frame)
{
- map_reply_args_t *a;
u32 n_left_from, *from, *to_next_drop;
lisp_msg_type_e type;
lisp_cp_main_t *lcm = vnet_lisp_cp_get_main ();
+ map_records_arg_t *a;
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
+
while (n_left_from > 0)
{
u32 n_left_to_next_drop;
@@ -4557,7 +4656,9 @@ lisp_cp_input (vlib_main_t * vm, vlib_node_runtime_t * node,
process_map_request (vm, lcm, b0);
break;
case LISP_MAP_NOTIFY:
- process_map_notify (vm, lcm, b0);
+ a = parse_map_notify (b0);
+ if (a)
+ queue_map_notify_for_processing (a);
break;
default:
clib_warning ("Unsupported LISP message type %d", type);
diff --git a/vnet/vnet/lisp-cp/control.h b/vnet/vnet/lisp-cp/control.h
index 7f5390a91e5..e89c6fd6e8d 100644
--- a/vnet/vnet/lisp-cp/control.h
+++ b/vnet/vnet/lisp-cp/control.h
@@ -36,6 +36,8 @@
/* normal map-register period */
#define MAP_REGISTER_INTERVAL 60.0
+/* 15 minutes */
+#define MAP_REGISTER_DEFAULT_TTL 900
typedef struct
{
diff --git a/vnet/vnet/lisp-cp/gid_dictionary.c b/vnet/vnet/lisp-cp/gid_dictionary.c
index 9efc1a08cd2..d238124ecd8 100644
--- a/vnet/vnet/lisp-cp/gid_dictionary.c
+++ b/vnet/vnet/lisp-cp/gid_dictionary.c
@@ -42,8 +42,10 @@ foreach_sfib4_subprefix (BVT (clib_bihash_kv) * kvp, void *arg)
ASSERT (plen <= 32);
mask = &a->ip4_table->ip4_fib_masks[plen];
- u32 src_ip = clib_host_to_net_u32 (ip_prefix_v4 (&a->src).as_u32);
+ u32 src_ip = ip_prefix_v4 (&a->src).as_u32;
src_ip &= mask->as_u32;
+ ip &= mask->as_u32;
+
if (src_ip == ip)
{
/* found sub-prefix of src prefix */
diff --git a/vnet/vnet/lisp-cp/lisp_msg_serdes.c b/vnet/vnet/lisp-cp/lisp_msg_serdes.c
index 57a04547967..eee1885cd9b 100644
--- a/vnet/vnet/lisp-cp/lisp_msg_serdes.c
+++ b/vnet/vnet/lisp-cp/lisp_msg_serdes.c
@@ -47,7 +47,7 @@ lisp_msg_put_mapping_record (vlib_buffer_t * b, mapping_t * record)
memset (p, 0, sizeof (*p));
MAP_REC_EID_PLEN (p) = gid_address_len (eid);
- MAP_REC_TTL (p) = clib_host_to_net_u32 (record->ttl);
+ MAP_REC_TTL (p) = clib_host_to_net_u32 (MAP_REGISTER_DEFAULT_TTL);
MAP_REC_AUTH (p) = record->authoritative ? 1 : 0;
MAP_REC_LOC_COUNT (p) = vec_len (record->locators);
diff --git a/vnet/vnet/lisp-cp/lisp_types.h b/vnet/vnet/lisp-cp/lisp_types.h
index 1a3cfdefa0d..ac58b894c2d 100644
--- a/vnet/vnet/lisp-cp/lisp_types.h
+++ b/vnet/vnet/lisp-cp/lisp_types.h
@@ -334,7 +334,7 @@ typedef struct locator_pair
ip_address_t lcl_loc;
ip_address_t rmt_loc;
- u8 priority; /* TODO remove */
+ u8 priority;
u8 weight;
} locator_pair_t;