From 4a302ee7c75f3d4fd1a73a9d1f6c34b3bde8d620 Mon Sep 17 00:00:00 2001
From: John Lo <loj@cisco.com>
Date: Tue, 12 May 2020 22:34:39 -0400
Subject: ethernet: fix DMAC check and skip unnecessary ones (VPP-1868)

Fix and optimize DMAC check in ethernet-input node to utilize NIC or
driver which support L3 DMAC-filtering mode so that DMAC check can be
bypassed safely for interfaces/sub-interfaces in L3 mode.
Checking of interface in L3-DMAC-filtering state to avoid DMAC check
require the following:
a) Fix interface driver init sequence for devices which supports L3
   DMAC-filtering to indicate its capability and initialize interface
   to L3 DMAC-filtering state.
b) Fix ethernet_set_flags() function and its associated callback
   flags_change() functions registered by various drivers in interface
   infra to provide proper L3 DMAC filtering status.
Maintain interface/sub-interface L3 config count so DMAC checks can be
bypassed if L3 forwarding is not setup on any main/sub-interfaces.

Type: fix
Ticket: VPP-1868

Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I204d90459c13e9e486cfcba4e64e3d479bc9f2ae
---
 src/vnet/ethernet/node.c | 52 ++++++++++++++++++++++++++++++------------------
 1 file changed, 33 insertions(+), 19 deletions(-)

(limited to 'src/vnet/ethernet/node.c')

diff --git a/src/vnet/ethernet/node.c b/src/vnet/ethernet/node.c
index 3c4330e6225..e26c3617667 100644
--- a/src/vnet/ethernet/node.c
+++ b/src/vnet/ethernet/node.c
@@ -220,9 +220,10 @@ identify_subint (vnet_hw_interface_t * hi,
   if (matched)
     {
       // Perform L3 my-mac filter
-      // A unicast packet arriving on an L3 interface must have a dmac matching the interface mac.
-      // This is required for promiscuous mode, else we will forward packets we aren't supposed to.
-      if (!(*is_l2))
+      // A unicast packet arriving on an L3 interface must have a dmac
+      // matching the interface mac. If interface has STATUS_L3 bit set
+      // mac filter is already done.
+      if (!(*is_l2 || (hi->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3)))
 	{
 	  u64 dmacs[2];
 	  u8 dmacs_bad[2];
@@ -241,7 +242,6 @@ identify_subint (vnet_hw_interface_t * hi,
 	    ethernet_input_inline_dmac_check (hi, dmacs, dmacs_bad,
 					      1 /* n_packets */ , ei0,
 					      0 /* have_sec_dmac */ );
-
 	  if (dmacs_bad[0])
 	    *error0 = ETHERNET_ERROR_L3_MAC_MISMATCH;
 	}
@@ -1085,29 +1085,35 @@ eth_input_single_int (vlib_main_t * vm, vlib_node_runtime_t * node,
   subint_config_t *subint0 = &intf0->untagged_subint;
 
   int main_is_l3 = (subint0->flags & SUBINT_CONFIG_L2) == 0;
-  int promisc = (ei->flags & ETHERNET_INTERFACE_FLAG_ACCEPT_ALL) != 0;
+  int int_is_l3 = ei->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3;
 
   if (main_is_l3)
     {
-      /* main interface is L3, we dont expect tagged packets and interface
-         is not in promisc node, so we dont't need to check DMAC */
-      int is_l3 = 1;
-
-      if (promisc == 0)
-	eth_input_process_frame (vm, node, hi, from, n_pkts, is_l3,
-				 ip4_cksum_ok, 0);
+      if (int_is_l3 ||		/* DMAC filter already done by NIC */
+	  ((hi->l2_if_count != 0) && (hi->l3_if_count == 0)))
+	{			/* All L2 usage - DMAC check not needed */
+	  eth_input_process_frame (vm, node, hi, from, n_pkts,
+				   /*is_l3 */ 1, ip4_cksum_ok, 0);
+	}
       else
-	/* subinterfaces and promisc mode so DMAC check is needed */
-	eth_input_process_frame (vm, node, hi, from, n_pkts, is_l3,
-				 ip4_cksum_ok, 1);
+	{			/* DMAC check needed for L3 */
+	  eth_input_process_frame (vm, node, hi, from, n_pkts,
+				   /*is_l3 */ 1, ip4_cksum_ok, 1);
+	}
       return;
     }
   else
     {
-      /* untagged packets are treated as L2 */
-      int is_l3 = 0;
-      eth_input_process_frame (vm, node, hi, from, n_pkts, is_l3,
-			       ip4_cksum_ok, 1);
+      if (hi->l3_if_count == 0)
+	{			/* All L2 usage - DMAC check not needed */
+	  eth_input_process_frame (vm, node, hi, from, n_pkts,
+				   /*is_l3 */ 0, ip4_cksum_ok, 0);
+	}
+      else
+	{			/* DMAC check needed for L3 */
+	  eth_input_process_frame (vm, node, hi, from, n_pkts,
+				   /*is_l3 */ 0, ip4_cksum_ok, 1);
+	}
       return;
     }
 }
@@ -1325,6 +1331,9 @@ ethernet_input_inline (vlib_main_t * vm,
 		}
 	      else
 		{
+		  if (hi->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3)
+		    goto skip_dmac_check01;
+
 		  dmacs[0] = *(u64 *) e0;
 		  dmacs[1] = *(u64 *) e1;
 
@@ -1346,6 +1355,7 @@ ethernet_input_inline (vlib_main_t * vm,
 		  if (dmacs_bad[1])
 		    error1 = ETHERNET_ERROR_L3_MAC_MISMATCH;
 
+		skip_dmac_check01:
 		  vlib_buffer_advance (b0, sizeof (ethernet_header_t));
 		  determine_next_node (em, variant, 0, type0, b0,
 				       &error0, &next0);
@@ -1563,6 +1573,9 @@ ethernet_input_inline (vlib_main_t * vm,
 		}
 	      else
 		{
+		  if (hi->flags & ETHERNET_INTERFACE_FLAG_STATUS_L3)
+		    goto skip_dmac_check0;
+
 		  dmacs[0] = *(u64 *) e0;
 
 		  if (ei && vec_len (ei->secondary_addrs))
@@ -1581,6 +1594,7 @@ ethernet_input_inline (vlib_main_t * vm,
 		  if (dmacs_bad[0])
 		    error0 = ETHERNET_ERROR_L3_MAC_MISMATCH;
 
+		skip_dmac_check0:
 		  vlib_buffer_advance (b0, sizeof (ethernet_header_t));
 		  determine_next_node (em, variant, 0, type0, b0,
 				       &error0, &next0);
-- 
cgit 1.2.3-korg