From 525c9d0f8645ef9901316f042c195adc970b4546 Mon Sep 17 00:00:00 2001
From: Dave Barach <dave@barachs.net>
Date: Sat, 26 May 2018 10:48:55 -0400
Subject: VPP-1294: add missing feature arc constraint

the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or
inbound dhcp broadcast packets will be dropped. Certain dhcp servers
answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading
to unrecoverable lease loss.

In detail, this constraint:

VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
  .arc_name = "ip4-unicast",
  .node_name = "nat44-out2in",
  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
};

doesn't get the job done:

ip4-unicast:
  [17] nat44-out2in
  [23] ip4-dhcp-client-detect
  [26] ip4-not-enabled

Add a proper constraint:

VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
  .arc_name = "ip4-unicast",
  .node_name = "nat44-out2in",
  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa",
                               "ip4-dhcp-client-detect"),
};

and the interface feature order is OK, at least in this regard:

ip4-unicast:
  [17] ip4-dhcp-client-detect
  [18] nat44-out2in
  [26] ip4-not-enabled

We need to carefully audit (especially) the ip4-unicast feature arc,
which has [gasp] 37 features on it!

Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad
Signed-off-by: Dave Barach <dave@barachs.net>
---
 src/vnet/interface_cli.c | 90 +++++++++++++++++++++++++++---------------------
 1 file changed, 51 insertions(+), 39 deletions(-)

(limited to 'src/vnet/interface_cli.c')

diff --git a/src/vnet/interface_cli.c b/src/vnet/interface_cli.c
index d151335aa1f..b803a31c05f 100644
--- a/src/vnet/interface_cli.c
+++ b/src/vnet/interface_cli.c
@@ -270,36 +270,47 @@ show_sw_interfaces (vlib_main_t * vm,
 {
   clib_error_t *error = 0;
   vnet_main_t *vnm = vnet_get_main ();
+  unformat_input_t _linput, *linput = &_linput;
   vnet_interface_main_t *im = &vnm->interface_main;
   vnet_sw_interface_t *si, *sorted_sis = 0;
   u32 sw_if_index = ~(u32) 0;
   u8 show_addresses = 0;
   u8 show_features = 0;
   u8 show_tag = 0;
+  int verbose = 0;
 
-  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+  /*
+   * Get a line of input. Won't work if the user typed
+   * "show interface" and nothing more.
+   */
+  if (unformat_user (input, unformat_line_input, linput))
     {
-      /* See if user wants to show specific interface */
-      if (unformat
-	  (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
+      while (unformat_check_input (linput) != UNFORMAT_END_OF_INPUT)
 	{
-	  si = pool_elt_at_index (im->sw_interfaces, sw_if_index);
-	  vec_add1 (sorted_sis, si[0]);
-	}
-      else if (unformat (input, "address") || unformat (input, "addr"))
-	show_addresses = 1;
-      else if (unformat (input, "features") || unformat (input, "feat"))
-	show_features = 1;
-      else if (unformat (input, "tag"))
-	show_tag = 1;
-      else
-	{
-	  error = clib_error_return (0, "unknown input `%U'",
-				     format_unformat_error, input);
-	  goto done;
+	  /* See if user wants to show specific interface */
+	  if (unformat
+	      (linput, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
+	    {
+	      si = pool_elt_at_index (im->sw_interfaces, sw_if_index);
+	      vec_add1 (sorted_sis, si[0]);
+	    }
+	  else if (unformat (linput, "address") || unformat (linput, "addr"))
+	    show_addresses = 1;
+	  else if (unformat (linput, "features") || unformat (linput, "feat"))
+	    show_features = 1;
+	  else if (unformat (linput, "tag"))
+	    show_tag = 1;
+	  else if (unformat (linput, "verbose"))
+	    verbose = 1;
+	  else
+	    {
+	      error = clib_error_return (0, "unknown input `%U'",
+					 format_unformat_error, linput);
+	      goto done;
+	    }
 	}
+      unformat_free (linput);
     }
-
   if (show_features || show_tag)
     {
       if (sw_if_index == ~(u32) 0)
@@ -308,7 +319,7 @@ show_sw_interfaces (vlib_main_t * vm,
 
   if (show_features)
     {
-      vnet_interface_features_show (vm, sw_if_index);
+      vnet_interface_features_show (vm, sw_if_index, verbose);
 
       l2_input_config_t *l2_input = l2input_intf_config (sw_if_index);
       u32 fb = l2_input->feature_bitmap;
@@ -344,14 +355,14 @@ show_sw_interfaces (vlib_main_t * vm,
       sorted_sis =
 	vec_new (vnet_sw_interface_t, pool_elts (im->sw_interfaces));
       _vec_len (sorted_sis) = 0;
-      pool_foreach (si, im->sw_interfaces, (
-					     {
-					     int visible =
-					     vnet_swif_is_api_visible (si);
-					     if (visible)
-					     vec_add1 (sorted_sis, si[0]);}
-		    ));
-
+      /* *INDENT-OFF* */
+      pool_foreach (si, im->sw_interfaces,
+      ({
+        int visible = vnet_swif_is_api_visible (si);
+        if (visible)
+          vec_add1 (sorted_sis, si[0]);}
+        ));
+      /* *INDENT-OFF* */
       /* Sort by name. */
       vec_sort_with_function (sorted_sis, sw_interface_name_compare);
     }
@@ -438,25 +449,26 @@ show_sw_interfaces (vlib_main_t * vm,
 			     format_ip6_address, r6, ia->address_length);
         }));
 	/* *INDENT-ON* */
-      }
-    }
-  else
-    {
-      vec_foreach (si, sorted_sis)
-      {
-	vlib_cli_output (vm, "%U\n", format_vnet_sw_interface, vnm, si);
-      }
     }
+}
+
+else
+{
+  vec_foreach (si, sorted_sis)
+  {
+    vlib_cli_output (vm, "%U\n", format_vnet_sw_interface, vnm, si);
+  }
+}
 
 done:
-  vec_free (sorted_sis);
-  return error;
+vec_free (sorted_sis);
+return error;
 }
 
 /* *INDENT-OFF* */
 VLIB_CLI_COMMAND (show_sw_interfaces_command, static) = {
   .path = "show interface",
-  .short_help = "show interface [address|addr|features|feat] [<interface> [<interface> [..]]]",
+  .short_help = "show interface [address|addr|features|feat] [<interface> [<interface> [..]]] [verbose]",
   .function = show_sw_interfaces,
 };
 /* *INDENT-ON* */
-- 
cgit 1.2.3-korg