From 0e6f4d6af4191340a5f542c9eeb0f34dda32e745 Mon Sep 17 00:00:00 2001 From: John Lo Date: Fri, 13 Jul 2018 17:29:58 -0400 Subject: Improve IP4 ARP and IP6 ND Events Notification For L2 ARP termination, use both brodcast ARP request and reply packets to provide MAC/IP binding events. For IP4/IP6 neighbor adress resolution, send resolution events if there is an address resolution attemp with a static neighbor entry where both IP and MAC matches. This allow probe of an IP neighbor with a static entry to confirm it is responding with a reply matching that of the static entry. Change-Id: Iffb923bb5aea3f9021436735d5ca06e7b24f966f Signed-off-by: John Lo --- src/vnet/ethernet/arp.c | 35 +++++++++++++++++++++++++---------- src/vnet/ip/ip6_neighbor.c | 8 +++++++- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/src/vnet/ethernet/arp.c b/src/vnet/ethernet/arp.c index c6f9324eabe..09f5661f435 100644 --- a/src/vnet/ethernet/arp.c +++ b/src/vnet/ethernet/arp.c @@ -633,7 +633,13 @@ vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm, /* Refuse to over-write static arp. */ if (!is_static && (e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC)) - return -2; + { + /* if MAC address match, still check to send event */ + if (0 == memcmp (e->ethernet_address, + a->ethernet, sizeof (e->ethernet_address))) + goto check_customers; + return -2; + } make_new_arp_cache_entry = 0; } } @@ -685,11 +691,12 @@ vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm, goto check_customers; } - /* Update time stamp and ethernet address. */ + /* Update ethernet address. */ clib_memcpy (e->ethernet_address, a->ethernet, sizeof (e->ethernet_address)); } + /* Update time stamp and flags. */ e->time_last_updated = vlib_time_now (vm); if (is_static) { @@ -2342,13 +2349,16 @@ arp_term_l2bd (vlib_main_t * vm, ethertype0 = clib_net_to_host_u16 (*(u16 *) (l3h0 - 2)); arp0 = (ethernet_arp_header_t *) l3h0; - if (PREDICT_FALSE ((ethertype0 != ETHERNET_TYPE_ARP) || - (arp0->opcode != - clib_host_to_net_u16 - (ETHERNET_ARP_OPCODE_request)))) + if (ethertype0 != ETHERNET_TYPE_ARP) + goto check_ip6_nd; + + if ((arp0->opcode != + clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request)) && + (arp0->opcode != + clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))) goto check_ip6_nd; - /* Must be ARP request packet here */ + /* Must be ARP request/reply packet here */ if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (p0->flags & VLIB_BUFFER_IS_TRACED))) { @@ -2357,7 +2367,7 @@ arp_term_l2bd (vlib_main_t * vm, clib_memcpy (t0, l3h0, sizeof (ethernet_arp_input_trace_t)); } - error0 = ETHERNET_ARP_ERROR_replies_sent; + error0 = 0; error0 = (arp0->l2_type != clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet) @@ -2379,8 +2389,13 @@ arp_term_l2bd (vlib_main_t * vm, sizeof (eth0->src_address)) || ethernet_address_cast (arp0->ip4_over_ethernet[0].ethernet))) { - error0 = ETHERNET_ARP_ERROR_l2_address_mismatch; - goto drop; + /* VRRP virtual MAC may be different to SMAC in ARP reply */ + if (memcmp (arp0->ip4_over_ethernet[0].ethernet, vrrp_prefix, + sizeof (vrrp_prefix))) + { + error0 = ETHERNET_ARP_ERROR_l2_address_mismatch; + goto drop; + } } if (PREDICT_FALSE (ip4_address_is_multicast (&arp0->ip4_over_ethernet[0].ip4))) diff --git a/src/vnet/ip/ip6_neighbor.c b/src/vnet/ip/ip6_neighbor.c index 87bda439ae5..a6227fc413a 100644 --- a/src/vnet/ip/ip6_neighbor.c +++ b/src/vnet/ip/ip6_neighbor.c @@ -794,7 +794,13 @@ vnet_set_ip6_ethernet_neighbor (vlib_main_t * vm, n = pool_elt_at_index (nm->neighbor_pool, p[0]); /* Refuse to over-write static neighbor entry. */ if (!is_static && (n->flags & IP6_NEIGHBOR_FLAG_STATIC)) - return -2; + { + /* if MAC address match, still check to send event */ + if (0 == memcmp (n->link_layer_address, + link_layer_address, n_bytes_link_layer_address)) + goto check_customers; + return -2; + } make_new_nd_cache_entry = 0; } -- cgit 1.2.3-korg