From 27518c2ffd0ef75e973a64870da0e3339f39ccce Mon Sep 17 00:00:00 2001 From: Nick Zavaritsky Date: Thu, 27 Feb 2020 15:54:58 +0000 Subject: geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94 --- src/vnet/vxlan-gpe/decap.c | 58 ++++++++++++++-------------------------------- 1 file changed, 18 insertions(+), 40 deletions(-) (limited to 'src/vnet/vxlan-gpe/decap.c') diff --git a/src/vnet/vxlan-gpe/decap.c b/src/vnet/vxlan-gpe/decap.c index dec0788c653..f2961d5ff5b 100644 --- a/src/vnet/vxlan-gpe/decap.c +++ b/src/vnet/vxlan-gpe/decap.c @@ -788,8 +788,10 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, u32 *from, *to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -799,9 +801,9 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, ip4_forward_next_trace (vm, node, frame, VLIB_TX); if (is_ip4) - addr4.data_u32 = ~0; + vtep4_key_init (&last_vtep4); else - ip6_address_set_zero (&addr6); + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -883,21 +885,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; @@ -969,21 +963,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for VXLAN packet */ } flags1 = b1->flags; @@ -1089,21 +1075,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; -- cgit 1.2.3-korg