From 2b600184f3f43e740b54a1c51d3a35f8c1a77868 Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Fri, 29 Mar 2019 05:08:27 -0700 Subject: GBP: iVXLAN reflection check packets should not egress on an iVXLAN tunnel if they arrived on one. Change-Id: I9adca30252364b4878f99e254aebc73b70a5d4d6 Signed-off-by: Neale Ranns --- src/vnet/vxlan-gbp/decap.c | 11 ++++++++--- src/vnet/vxlan-gbp/vxlan_gbp.h | 11 +++++++++++ src/vnet/vxlan-gbp/vxlan_gbp_packet.h | 8 +++++++- 3 files changed, 26 insertions(+), 4 deletions(-) (limited to 'src/vnet/vxlan-gbp') diff --git a/src/vnet/vxlan-gbp/decap.c b/src/vnet/vxlan-gbp/decap.c index c520e25dcf2..23995c49fcb 100644 --- a/src/vnet/vxlan-gbp/decap.c +++ b/src/vnet/vxlan-gbp/decap.c @@ -330,7 +330,8 @@ vxlan_gbp_input (vlib_main_t * vm, pkts_decapsulated++; } - vnet_buffer2 (b0)->gbp.flags = vxlan_gbp_get_gpflags (vxlan_gbp0); + vnet_buffer2 (b0)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp0) | + VXLAN_GBP_GPFLAGS_R); vnet_buffer2 (b0)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp0); @@ -370,7 +371,9 @@ vxlan_gbp_input (vlib_main_t * vm, (rx_counter, thread_index, t1->sw_if_index, 1, len1); } - vnet_buffer2 (b1)->gbp.flags = vxlan_gbp_get_gpflags (vxlan_gbp1); + vnet_buffer2 (b1)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp1) | + VXLAN_GBP_GPFLAGS_R); + vnet_buffer2 (b1)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp1); vnet_update_l2_len (b0); @@ -476,7 +479,9 @@ vxlan_gbp_input (vlib_main_t * vm, vlib_increment_combined_counter (rx_counter, thread_index, t0->sw_if_index, 1, len0); } - vnet_buffer2 (b0)->gbp.flags = vxlan_gbp_get_gpflags (vxlan_gbp0); + vnet_buffer2 (b0)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp0) | + VXLAN_GBP_GPFLAGS_R); + vnet_buffer2 (b0)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp0); /* Required to make the l2 tag push / pop code work on l2 subifs */ diff --git a/src/vnet/vxlan-gbp/vxlan_gbp.h b/src/vnet/vxlan-gbp/vxlan_gbp.h index 6580f38e119..af2e1809099 100644 --- a/src/vnet/vxlan-gbp/vxlan_gbp.h +++ b/src/vnet/vxlan-gbp/vxlan_gbp.h @@ -226,6 +226,17 @@ int vnet_vxlan_gbp_tunnel_del (u32 sw_if_indexp); void vnet_int_vxlan_gbp_bypass_mode (u32 sw_if_index, u8 is_ip6, u8 is_enable); +always_inline u32 +vxlan_gbp_tunnel_by_sw_if_index (u32 sw_if_index) +{ + vxlan_gbp_main_t *vxm = &vxlan_gbp_main; + + if (sw_if_index >= vec_len (vxm->tunnel_index_by_sw_if_index)) + return ~0; + + return (vxm->tunnel_index_by_sw_if_index[sw_if_index]); +} + #endif /* included_vnet_vxlan_gbp_h */ /* diff --git a/src/vnet/vxlan-gbp/vxlan_gbp_packet.h b/src/vnet/vxlan-gbp/vxlan_gbp_packet.h index 33bccd6aed6..58fe00323b0 100644 --- a/src/vnet/vxlan-gbp/vxlan_gbp_packet.h +++ b/src/vnet/vxlan-gbp/vxlan_gbp_packet.h @@ -63,6 +63,11 @@ * Group membership being encapsulated by VXLAN. Its value is source * class id. * + * FOR INTERNAL USE ONLY + * R bit: Bit 12 of the initial word is defined as the reflection bit + * Set on packet rx checked on tx and dropped if set. this prevents + * packets recieved on an iVXLAN tunnel being reflected back to + * another. */ typedef struct @@ -103,7 +108,8 @@ typedef enum _ (0x40, D) \ _ (0x20, E) \ _ (0x10, S) \ -_ (0x08, A) +_ (0x08, A) \ +_ (0x04, R) typedef enum { -- cgit 1.2.3-korg