Age | Commit message (Collapse) | Author | Files | Lines |
|
there are, intentionally, no validation checks in the ARP/ND code to prevent an ARP/ND entry from being installed for an address that is not local to the interface's sub-net. This is ok, since the adjacency/FIB code is designed to handle this case using the 'refinement' criteria - i.e. only installing a FIB entry for the address if the address 'refines' (i.e. is more specific than) the interface's sub-net.
However, the refinement criteria currently operates on the FIB entry's prefix (which is a /32, so on the address) and not on the next-hop in the path.
So, enter multiple ARP entries for the same address on different links, and this refinement criteria uses only the last added path, and so will remove the FIB entry should the ARP entries be added in the 'wrong' order.
This fix updates the refinement criteria to work on each path of the FIB entry. The entry is installed if one of the paths refines the covers and only paths refining the cover contribute forwarding.
Per-path refinement checks are stored in path-extensions. The patch is rather large as path-extension, which were previously used only for out-going MPLS labels, have been generalized.
Change-Id: I00be359148cb948c32c52109e832a70537a7920a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Check whether an ARP src hw addr starts with 00:00:5e:00:01
before rejecting due to a mismatch between ARP src hw addr
and ethernet frame src addr.
Change-Id: Ia3ecd5d6dba34876aca8d90bc622a0a1397e48fb
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
|
|
learn ARP peers if, 1) it's a reply to a local address, 2) we are sending a response to a request.
send proxy ARP responses only in the interface the request was sent.
Change-Id: I22b949c65122824233076492b7dd537daca07bc2
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: I4c3ce4d58df7977490fc94991291422ea1e31ee3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ic16bc10d0b2877b2afdf052615f9334f31b9519f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
1 - interface-DPO
Used in the Data-plane to change a packet's input interface
2 - MPLS multicast FIB entry
Same as a unicast entry but it links to a replicate not a load-balance DPO
3 - Multicast MPLS tunnel
Update MPLS tunnels to use a FIB path-list to describe the endpoint[s]. Use the path-list to generate the forwarding chain (DPOs) to link to .
4 - Resolve a path via a local label (of an mLDP LSP)
For IP multicast entries to use an LSP in the replication list, we need to decribe the 'resolve-via-label' where the label is that of a multicast LSP.
5 - MPLS disposition path sets RPF-ID
For a interface-less LSP (i.e. mLDP not RSVP-TE) at the tail of the LSP we still need to perform an RPF check. An MPLS disposition DPO performs the MPLS pop validation checks and sets the RPF-ID in the packet.
6 - RPF check with per-entry RPF-ID
An RPF-ID is used instead of a real interface SW if index in the case the IP traffic arrives from an LSP that does not have an associated interface.
Change-Id: Ib92e177be919147bafeb599729abf3d1abc2f4b3
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
This patch deprecates stack-based thread identification,
Also removes requirement that thread stacks are adjacent.
Finally, possibly annoying for some folks, it renames
all occurences of cpu_index and cpu_number with thread
index. Using word "cpu" is misleading here as thread can
be migrated ti different CPU, and also it is not related
to linux cpu index.
Change-Id: I68cdaf661e701d2336fc953dcb9978d10a70f7c1
Signed-off-by: Damjan Marion <damarion@cisco.com>
|
|
Change-Id: I03195a86c69f84a301051c6b3ab64456bbf28645
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia3acf87d3e07a7d41c047869de504e1972334b55
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
we should not suppress arps on remote interface instead we should flood them to the local one
used shg != 0 to identify packets from remote interfaces and disable arp term l2 input feature for them
Change-Id: I701537c05df7451a25ccb5bfc9e2b03ea70cff20
Signed-off-by: Eyal Bari <ebari@cisco.com>
|
|
use a 32bit mask in the adjacency to AND with the IP address and OR into the rewrite.
Change-Id: I80b0f246c18fd74f3e43c5d49e25833412f34665
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
allow this config to function:
set int ip address loop0 169.254.1.1/32 (the default GW address for attached hosts)
set int unnumbered af_packet0 use loop0 ('enable' IP on the host interface)
ip route add 192.168.1.1/32 via af_packet0 (where to find the host)
repeat for each host and host interface.
Inter-host communication is throught the /32 routes.
To allow this:
1 - attached host routes have the ATTACHED flag set, so the ARP code accepts then as legitimate sources
2 - unnumbered interfaces inherit the source address from the IP interface
Change-Id: Ib66c5f0e848c528f79372813adc3a0c11b50717f
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
neighbor entry
Change-Id: I952039e101031ee6a06e63f4c73d8eb359423e1a
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Ia9c6790436f8f6337b5351e3017ef5e441a8a4e9
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit 5e323329ed6ded6f6944c56069329207ad9069c0)
|
|
Use FIB_SOURCE_PLUGIN_HI and modify ARP input to use non-source variants for
flags and resolving interface get.
Change-Id: I3bab76f36e0b1ee86e430a416099f1654e02740a
Signed-off-by: Matus Fabian <matfabia@cisco.com>
|
|
- IPv[46] mfib tables with support for (*,G/m), (*,G) and (S,G) exact and longest prefix match
- Replication represented via a new replicate DPO.
- RPF configuration and data-plane checking
- data-plane signals sent to listening control planes.
The functions of multicast forwarding entries differ from their unicast conterparts, so we introduce a new mfib_table_t and mfib_entry_t objects. However, we re-use the fib_path_list to resolve and build the entry's output list. the fib_path_list provides the service to construct a replicate DPO for multicast.
'make tests' is added to with two new suites; TEST=mfib, this is invocation of the CLI command 'test mfib' which deals with many path add/remove, flag set/unset scenarios, TEST=ip-mcast, data-plane forwarding tests.
Updated applications to use the new MIFB functions;
- IPv6 NS/RA.
- DHCPv6
unit tests for these are undated accordingly.
Change-Id: I49ec37b01f1b170335a5697541c8fd30e6d3a961
Signed-off-by: Neale Ranns <nranns@cisco.com>
|
|
Change-Id: Iea1e2c31c016c3bb6344f73173d082a2c548ffee
Signed-off-by: Neale Ranns <neale.ranns@cisco.com>
|
|
Change-Id: I7b51f88292e057c6443b12224486f2d0c9f8ae23
Signed-off-by: Damjan Marion <damarion@cisco.com>
|