From 061c542db7c6616d3698717d6b857914c3e2ca92 Mon Sep 17 00:00:00 2001 From: Jeff Shaw Date: Fri, 17 Jun 2016 12:02:48 -0700 Subject: router: initial commit Change-Id: Ief5544e58f002e8d33b72dd87295c29f93345d37 Signed-off-by: Jeff Shaw --- router/.gitignore | 11 + router/LICENSE | 202 +++++++++++++++++ router/Makefile.am | 14 ++ router/README.md | 74 +++++++ router/configure.ac | 18 ++ router/router.mk | 34 +++ router/router/router.c | 579 +++++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 932 insertions(+) create mode 100644 router/.gitignore create mode 100644 router/LICENSE create mode 100644 router/Makefile.am create mode 100644 router/README.md create mode 100644 router/configure.ac create mode 100644 router/router.mk create mode 100644 router/router/router.c diff --git a/router/.gitignore b/router/.gitignore new file mode 100644 index 0000000..28c6672 --- /dev/null +++ b/router/.gitignore @@ -0,0 +1,11 @@ +Makefile.in +aclocal.m4 +autom4te.cache +compile +config.guess +config.sub +configure +depcomp +install-sh +ltmain.sh +missing diff --git a/router/LICENSE b/router/LICENSE new file mode 100644 index 0000000..7a4a3ea --- /dev/null +++ b/router/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/router/Makefile.am b/router/Makefile.am new file mode 100644 index 0000000..2e9b38f --- /dev/null +++ b/router/Makefile.am @@ -0,0 +1,14 @@ +AUTOMAKE_OPTIONS = foreign subdir-objects + +AM_CFLAGS = -Wall -I@TOOLKIT_INCLUDE@ + +lib_LTLIBRARIES = router.la +router_la_SOURCES = router/router.c +router_la_LDFLAGS = -module +router_la_LIBADD = -lrtnl + +if WITH_PLUGIN_TOOLKIT +install-data-hook: + mkdir /usr/lib/vpp_plugins || true + cp $(prefix)/lib/router.so.*.*.* /usr/lib/vpp_plugins +endif diff --git a/router/README.md b/router/README.md new file mode 100644 index 0000000..5796b83 --- /dev/null +++ b/router/README.md @@ -0,0 +1,74 @@ +# A plugin to help accelerate IPv4 routing + +This repository provides a plugin to hook up data plane interfaces, via +tap interfaces, to a host operating system. The host operating system +can run a route daemon referencing the tap interface(s) as if they were +the data plane interfaces. IPv4 packet forwarding decisions are taken +in the data path, while control traffic is sent to and handled by the host. + +More information can be found on the wiki page: +- http://wiki.fd.io/view/VPP_Sandbox/router + +## Build/Install + +The router is implemented as a plugin to inject, e.g. arp, icmp4, traffic +from data plane devices. To use it, you must build the plugin and put it +in VPPs runtime plugin directory. The plugin depends on vpp and the netlink +repository from the vppsb project. This README assumes familiarity with the +build environment for both projects. + +Build vpp, netlink, and router all at once by creating symbolic links in the +top level vpp directory to the netlink and router directories as well as +symbolic links to the respective .mk files in 'build-data/packages'. + +``` +$ cd /git/vpp +$ ln -sf /git/vppsb/netlink +$ ln -sf /git/vppsb/router +$ ln -sf ../../netlink/netlink.mk build-data/packages/ +$ ln -sf ../../router/router.mk build-data/packages/ +``` + +Now build everything and create a link to the plugin in vpp's plugin path. + +``` +$ cd build-root +$ ./bootstrap.sh +$ make V=0 PLATFORM=vpp TAG=vpp_debug router-install +$ ln -sf /git/vpp/build-root/install-vpp_debug-native/router/lib64/router.so.0.0.0 \ + /usr/lib/vpp_plugins/ +``` + +NOTE: The 'make' command above may fail twice when building netlink. If an +error occurs, retry the make command two more times. + +Once VPP is running and the plugin is loaded, data plane interfaces can +be tapped. + +``` +$ vppctl tap inject arp,icmp4 from TenGigabitEthernet2/0/0 as vpp0 +``` + +The host operating system should see a tap named 'vpp0' with the same hardware +address as 'TenGigabitEthernet2/0/0'. Adding an IPv4 interface address to 'vpp0' +should cause the address to be added to the data plane interface as well. If +the address is a network address, a route should be added to the data +plane's default fib. + +## Administrative + +### Current status + +Currently the router plugin handles ARP, locally destined ICMPv4 and OSPF +traffic. It supports the classifier directing packets from an ip4-table to +the 'tap-inject-classified' node (for handling multicast OSPF and IGMP). + +### Objective + +The objective of this project is to continue to build out better integration +with host operating system and for providing a basis to enable completely +or partially unmodified applications to take advantage of a fast datapath. + +### Main contributors + +Jeff Shaw - LF-ID:jbshaw diff --git a/router/configure.ac b/router/configure.ac new file mode 100644 index 0000000..940558e --- /dev/null +++ b/router/configure.ac @@ -0,0 +1,18 @@ +AC_INIT(router, 1.0) +LT_INIT +AM_INIT_AUTOMAKE + +AM_PROG_AS +AC_PROG_CC +AM_PROG_CC_C_O + +AC_ARG_WITH(plugin-toolkit, + AC_HELP_STRING([--with-plugin-toolkit], + [build using the vpp toolkit]), + [with_plugin_toolkit=${prefix}/include], + [with_plugin_toolkit=.]) + +AC_SUBST(TOOLKIT_INCLUDE,[${with_plugin_toolkit}]) +AM_CONDITIONAL(WITH_PLUGIN_TOOLKIT, test "$with_plugin_toolkit" != ".") + +AC_OUTPUT([Makefile]) diff --git a/router/router.mk b/router/router.mk new file mode 100644 index 0000000..f9bb917 --- /dev/null +++ b/router/router.mk @@ -0,0 +1,34 @@ +router_configure_depend = \ + vppinfra-install \ + dpdk-install \ + svm-install \ + vlib-api-install \ + vlib-install \ + vnet-install \ + vpp-install \ + netlink-install \ + vpp-api-test-install + +router_CPPFLAGS = $(call installed_includes_fn, \ + vppinfra \ + dpdk \ + openssl \ + svm \ + vlib \ + vlib-api \ + vnet \ + vpp \ + netlink \ + vpp-api-test) + +router_LDFLAGS = $(call installed_libs_fn, \ + vppinfra \ + dpdk \ + openssl \ + svm \ + vlib \ + vlib-api \ + vnet \ + vpp \ + netlink \ + vpp-api-test) diff --git a/router/router/router.c b/router/router/router.c new file mode 100644 index 0000000..571db20 --- /dev/null +++ b/router/router/router.c @@ -0,0 +1,579 @@ +/* + * Copyright 2016 Intel Corporation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +enum { + NEXT_ARP = 0, + NEXT_ICMP = 0, + NEXT_INJECT_ARP_ICMP, +}; + +enum { + NEXT_DROP, + NEXT_INJECT_CLASSIFIED, +}; + +enum { + ERROR_DROP = 0, + ERROR_INJECT_ARP, + ERROR_INJECT_ICMP, + ERROR_INJECT_CLASSIFIED, +}; + +static char *error_strings[] = { + [ERROR_DROP] = "Untapped interface", + [ERROR_INJECT_ARP] = "Inject ARP", + [ERROR_INJECT_ICMP] = "Inject ICMP", + [ERROR_INJECT_CLASSIFIED] = "Inject Classified", +}; + +vlib_node_registration_t tap_inject_arp_node; +vlib_node_registration_t tap_inject_icmp_node; +vlib_node_registration_t tap_inject_classified_node; + +struct tap_to_iface { + u32 tap; + u32 iface; +}; + +struct router_main { + vnet_main_t *vnet_main; + u32 *iface_to_tap; + struct tap_to_iface *tap_to_iface; + u32 ns_index; +}; + +static struct router_main rm; + +static int +set_tap_hwaddr(vlib_main_t *m, char *name, u8 *hwaddr) +{ + int fd, rc; + struct ifreq ifr; + + fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); + if (fd < 0) + return -1; + + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_name, (char *)name, sizeof(ifr.ifr_name) - 1); + memcpy(ifr.ifr_hwaddr.sa_data, hwaddr, ETHER_ADDR_LEN); + ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER; + rc = ioctl(fd, SIOCSIFHWADDR, &ifr) < 0 ? -1 : 0; + close(fd); + return rc; +} + +static clib_error_t * +do_tap_connect(vlib_main_t *m, char *name, u32 iface, u32 *tap) +{ + vnet_hw_interface_t *hw = vnet_get_hw_interface(rm.vnet_main, iface); + + *tap = ~0; + if (!hw) + return clib_error_return(0, "invalid interface"); + + if (vnet_tap_connect(m, (u8 *)name, hw->hw_address, tap)) + return clib_error_return(0, "failed to connect tap"); + + if (set_tap_hwaddr(m, name, hw->hw_address)) + return clib_error_return(0, "failed to set tap hw address"); + + if (set_int_l2_mode(m, rm.vnet_main, MODE_L2_XC, *tap, 0, 0, 0, iface)) + return clib_error_return(0, "failed to xconnect to interface"); + + return vnet_sw_interface_set_flags(rm.vnet_main, *tap, + VNET_SW_INTERFACE_FLAG_ADMIN_UP); +} + +enum { + PROTO_ARP = 0, + PROTO_ICMP4, + PROTO_OSPF2, + PROTO_N_TOTAL, +}; + +enum { + PROTO_BIT_ARP = 1 << PROTO_ARP, + PROTO_BIT_ICMP4 = 1 << PROTO_ICMP4, + PROTO_BIT_OSPF2 = 1 << PROTO_OSPF2, +}; + +static char *proto_strings[PROTO_N_TOTAL] = { + [PROTO_ARP] = "arp", + [PROTO_ICMP4] = "icmp4", + [PROTO_OSPF2] = "ospf2", +}; + +static inline u32 parse_protos(char *proto_string) +{ + u32 protos = 0; + char *tok, **proto; + + for (tok = strtok(proto_string, ","); tok; tok = strtok(NULL, ",")) + for (proto = proto_strings; proto && *proto; ++proto) + if (!strncmp(tok, *proto, 16)) + protos |= 1 << (proto - proto_strings); + return protos; +} + +static uword unformat_protos(unformat_input_t *input, va_list *args) +{ + u32 *protos = va_arg(*args, u32 *); + u8 *proto_string; + + if (unformat(input, "%s", &proto_string)) + *protos = parse_protos((char *)proto_string); + return 1; +} + +static void add_del_addr(ns_addr_t *a, int is_del) +{ + struct tap_to_iface *map = NULL; + u32 sw_if_index = ~0; + + vec_foreach(map, rm.tap_to_iface) { + if (a->ifaddr.ifa_index == map->tap) { + sw_if_index = map->iface; + break; + } + } + + if (sw_if_index == ~0) + return; + + ip4_add_del_interface_address(vlib_get_main(), + sw_if_index, (ip4_address_t *)a->local, + a->ifaddr.ifa_prefixlen, is_del); +} + +static void add_del_route(ns_route_t *r, int is_del) +{ + struct tap_to_iface *map = NULL; + u32 sw_if_index = ~0; + + vec_foreach(map, rm.tap_to_iface) { + if (r->oif == map->tap) { + sw_if_index = map->iface; + break; + } + } + + if (sw_if_index == ~0 || r->table != 254) + return; + + ip4_add_del_route_next_hop(&ip4_main, + is_del ? IP4_ROUTE_FLAG_DEL : IP4_ROUTE_FLAG_ADD, + (ip4_address_t *)r->dst, r->rtm.rtm_dst_len, + (ip4_address_t *)r->gateway, sw_if_index, 0, ~0, 0); +} + +static void +netns_notify_cb(void *obj, netns_type_t type, u32 flags, uword opaque) +{ + if (type == NETNS_TYPE_ADDR) + add_del_addr((ns_addr_t *)obj, flags & NETNS_F_DEL); + else if (type == NETNS_TYPE_ROUTE) + add_del_route((ns_route_t *)obj, flags & NETNS_F_DEL); +} + +static void insert_tap_to_iface(u32 tap, u32 iface) +{ + struct tap_to_iface map = { + .tap = tap, + .iface = iface, + }; + + vec_add1(rm.tap_to_iface, map); +} + +static clib_error_t * +tap_inject(vlib_main_t *m, unformat_input_t *input, vlib_cli_command_t *cmd) +{ + char *name = NULL; + u32 iface = ~0, tap = ~0, protos = 0; + clib_error_t *err; + + while (unformat_check_input(input) != UNFORMAT_END_OF_INPUT) { + if (unformat(input, "from %U", unformat_vnet_sw_interface, + rm.vnet_main, &iface)) + ; + else if (unformat(input, "as %s", &name)) + ; + else if (unformat(input, "%U", unformat_protos, &protos)) + ; + else + break; + } + + if (!protos) + return clib_error_return(0, + "no protocols specified"); + else if (iface == ~0) + return clib_error_return(0, + "interface name is missing or invalid"); + else if (!name) + return clib_error_return(0, + "host interface name is missing or invalid"); + + if (protos & PROTO_BIT_OSPF2) /* Require arp and icmp4 for ospf2. */ + if (!(protos & PROTO_BIT_ARP) || !(protos & PROTO_BIT_ICMP4)) + return clib_error_return(0, + "ospf2 requires arp and icmp4"); + + err = do_tap_connect(m, name, iface, &tap); + if (err) { + if (tap != ~0) + vnet_tap_delete(m, tap); + return err; + } + + if ((protos & PROTO_BIT_ARP) || (protos & PROTO_BIT_ICMP4)) { + if (rm.ns_index == ~0) { + char nsname = 0; + netns_sub_t sub = { + .notify = netns_notify_cb, + .opaque = 0, + }; + + rm.ns_index = netns_open(&nsname, &sub); + if (rm.ns_index == ~0) { + vnet_tap_delete(m, tap); + clib_error_return(0, + "failed to open namespace"); + } + } + } + + if (protos & PROTO_BIT_ARP) + ethernet_register_input_type(m, ETHERNET_TYPE_ARP, + tap_inject_arp_node.index); + + if (protos & PROTO_BIT_ICMP4) + ip4_register_protocol(IP_PROTOCOL_ICMP, + tap_inject_icmp_node.index); + + if (protos & PROTO_BIT_OSPF2) + ip4_register_protocol(IP_PROTOCOL_OSPF, + tap_inject_icmp_node.index); + + /* Find sw_if_index of tap associated with data plane interface. */ + rm.iface_to_tap[iface] = tap; + + /* Find data plane interface associated with host tap ifindex. */ + insert_tap_to_iface(if_nametoindex(name), iface); + + return 0; +} + +VLIB_CLI_COMMAND(tap_inject_command, static) = { + .path = "tap inject", + .short_help = "tap inject from as ", + .function = tap_inject, +}; + +static uword +tap_inject_arp_icmp(vlib_main_t *m, vlib_node_runtime_t *node, + vlib_frame_t *f, int arp) +{ + u32 n_left_from = f->n_vectors; + u32 *from = vlib_frame_vector_args(f); + u32 next_index = node->cached_next_index; + u32 *to_next; + u32 me = arp ? tap_inject_arp_node.index : tap_inject_icmp_node.index; + + while (n_left_from) { + vlib_buffer_t *b0; + u32 next0; + u32 bi0; + u32 n_left_to_next; + u32 vlib_rx, vlib_tx; + u32 counter; + + vlib_get_next_frame(m, node, next_index, to_next, + n_left_to_next); + + *(to_next++) = bi0 = *(from++); + --n_left_from; + --n_left_to_next; + + b0 = vlib_get_buffer(m, bi0); + + /* FIXME: What about VLAN? */ + b0->current_data -= sizeof(ethernet_header_t); + b0->current_length += sizeof(ethernet_header_t); + + vlib_rx = vnet_buffer(b0)->sw_if_index[VLIB_RX]; + vlib_tx = rm.iface_to_tap[vlib_rx]; + vnet_buffer(b0)->sw_if_index[VLIB_TX] = vlib_tx; + + if (vlib_tx == 0 || vlib_tx == ~0) + next0 = arp ? NEXT_ARP : NEXT_ICMP; + else { + next0 = NEXT_INJECT_ARP_ICMP; + counter = arp ? ERROR_INJECT_ARP : ERROR_INJECT_ICMP; + vlib_node_increment_counter(m, me, counter, 1); + } + + vlib_validate_buffer_enqueue_x1(m, node, next_index, to_next, + n_left_to_next, bi0, next0); + vlib_put_next_frame(m, node, next_index, n_left_to_next); + } + return f->n_vectors; +} + +static uword +tap_inject_icmp(vlib_main_t *m, vlib_node_runtime_t *node, vlib_frame_t *f) +{ + return tap_inject_arp_icmp(m, node, f, 0 /* ICMP */); +} + +VLIB_REGISTER_NODE(tap_inject_icmp_node) = { + .function = tap_inject_icmp, + .name = "tap-inject-icmp", + .vector_size = sizeof(u32), + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(error_strings), + .error_strings = error_strings, + .n_next_nodes = 2, + .next_nodes = { + [NEXT_ICMP] = "ip4-icmp-input", + [NEXT_INJECT_ARP_ICMP] = "interface-output", + }, +}; + +static uword +tap_inject_classified(vlib_main_t *m, vlib_node_runtime_t *node, + vlib_frame_t *f) +{ + u32 n_left_from = f->n_vectors; + u32 *from = vlib_frame_vector_args(f); + u32 next_index = node->cached_next_index; + u32 *to_next; + u32 out = 0, drop = 0; + + while (n_left_from) { + vlib_buffer_t *b0; + u32 next0; + u32 bi0; + u32 n_left_to_next; + u32 vlib_rx, vlib_tx; + + vlib_get_next_frame(m, node, next_index, to_next, + n_left_to_next); + + *(to_next++) = bi0 = *(from++); + --n_left_from; + --n_left_to_next; + + b0 = vlib_get_buffer(m, bi0); + + /* FIXME: What about VLAN? */ + b0->current_data -= sizeof(ethernet_header_t); + b0->current_length += sizeof(ethernet_header_t); + + vlib_rx = vnet_buffer(b0)->sw_if_index[VLIB_RX]; + vlib_tx = rm.iface_to_tap[vlib_rx]; + vnet_buffer(b0)->sw_if_index[VLIB_TX] = vlib_tx; + + if (vlib_tx == 0 || vlib_tx == ~0) { + next0 = NEXT_DROP; + ++drop; + } else { + next0 = NEXT_INJECT_CLASSIFIED; + ++out; + } + vlib_validate_buffer_enqueue_x1(m, node, next_index, to_next, + n_left_to_next, bi0, next0); + vlib_put_next_frame(m, node, next_index, n_left_to_next); + } + vlib_node_increment_counter(m, tap_inject_classified_node.index, + ERROR_DROP, drop); + vlib_node_increment_counter(m, tap_inject_classified_node.index, + ERROR_INJECT_CLASSIFIED, out); + return f->n_vectors; +} + +VLIB_REGISTER_NODE(tap_inject_classified_node) = { + .function = tap_inject_classified, + .name = "tap-inject-classified", + .vector_size = sizeof(u32), + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(error_strings), + .error_strings = error_strings, + .n_next_nodes = 2, + .next_nodes = { + [NEXT_DROP] = "error-drop", + [NEXT_INJECT_CLASSIFIED] = "interface-output", + }, +}; + +static clib_error_t * +interface_add_del(struct vnet_main_t *m, u32 hw_if_index, u32 add) +{ + vnet_hw_interface_t *hw = vnet_get_hw_interface(m, hw_if_index); + vnet_sw_interface_t *sw = vnet_get_sw_interface(m, hw->sw_if_index); + ASSERT(hw->sw_if_index == sw->sw_if_index); + + vec_validate(rm.iface_to_tap, sw->sw_if_index); + rm.iface_to_tap[sw->sw_if_index] = ~0; + return 0; +} +VNET_HW_INTERFACE_ADD_DEL_FUNCTION(interface_add_del); + +clib_error_t * +vlib_plugin_register(vlib_main_t *m, vnet_plugin_handoff_t *h, int f) +{ + rm.vnet_main = h->vnet_main; + rm.ns_index = ~0; + return 0; +} + +static clib_error_t *router_init(vlib_main_t *m) +{ + return 0; +} +VLIB_INIT_FUNCTION(router_init); + +static inline void +update_arp_entry(vlib_buffer_t *b0, ethernet_arp_header_t *arp, u32 vlib_rx) +{ + ethernet_header_t *eth; + ip4_address_t *if_addr; + ip_interface_address_t *ifa; + + if (arp->l2_type != ntohs(ETHERNET_ARP_HARDWARE_TYPE_ethernet) || + arp->l3_type != ntohs(ETHERNET_TYPE_IP4)) + return; + + /* Check that IP address is local and matches incoming interface. */ + if_addr = ip4_interface_address_matching_destination(&ip4_main, + &arp->ip4_over_ethernet[1].ip4, + vlib_rx, &ifa); + if (!if_addr) + return; + + /* Source must also be local to subnet of matching interface address. */ + if (!ip4_destination_matches_interface(&ip4_main, + &arp->ip4_over_ethernet[0].ip4, ifa)) + return; + + /* Reject replies with our local interface address. */ + if (if_addr->as_u32 == arp->ip4_over_ethernet[0].ip4.as_u32) + return; + + if (if_addr->as_u32 != arp->ip4_over_ethernet[1].ip4.as_u32) + return; + + eth = ethernet_buffer_get_header(b0); + + /* Trash ARP packets whose ARP-level source addresses do not + * match their L2-frame-level source addresses */ + if (memcmp(eth->src_address, arp->ip4_over_ethernet[0].ethernet, + sizeof(eth->src_address))) + return; + + if (arp->ip4_over_ethernet[0].ip4.as_u32 == 0 || + (arp->ip4_over_ethernet[0].ip4.as_u32 == + arp->ip4_over_ethernet[1].ip4.as_u32)) + return; + + /* Learn or update sender's mapping only for requests or unicasts + * that don't match local interface address. */ + if (ethernet_address_cast(eth->dst_address) != ETHERNET_ADDRESS_UNICAST) + return; + + vnet_arp_set_ip4_over_ethernet(rm.vnet_main, vlib_rx, ~0, + &arp->ip4_over_ethernet[0], 0); +} + +static uword +tap_inject_arp(vlib_main_t *m, vlib_node_runtime_t *node, vlib_frame_t *f) +{ + u32 n_left_from = f->n_vectors; + u32 *from = vlib_frame_vector_args(f); + u32 next_index = node->cached_next_index; + u32 *to_next; + u32 out = 0; + + while (n_left_from) { + vlib_buffer_t *b0; + u32 next0, bi0, n_left; + u32 vlib_rx, vlib_tx; + ethernet_arp_header_t *arp; + + vlib_get_next_frame(m, node, next_index, to_next, n_left); + + *(to_next++) = bi0 = *(from++); + --n_left_from; + --n_left; + + b0 = vlib_get_buffer(m, bi0); + arp = vlib_buffer_get_current(b0); + + /* FIXME: What about VLAN? */ + b0->current_data -= sizeof(ethernet_header_t); + b0->current_length += sizeof(ethernet_header_t); + + vlib_rx = vnet_buffer(b0)->sw_if_index[VLIB_RX]; + vlib_tx = rm.iface_to_tap[vlib_rx]; + vnet_buffer(b0)->sw_if_index[VLIB_TX] = vlib_tx; + + if (vlib_tx == 0 || vlib_tx == ~0) + next0 = NEXT_ARP; + else { + next0 = NEXT_INJECT_ARP_ICMP; + ++out; + } + + /* Add an ARP entry for injected replies. */ + if (next0 == NEXT_INJECT_ARP_ICMP && + arp->opcode == ntohs(ETHERNET_ARP_OPCODE_reply)) + update_arp_entry(b0, arp, vlib_rx); + + vlib_validate_buffer_enqueue_x1(m, node, next_index, to_next, + n_left, bi0, next0); + vlib_put_next_frame(m, node, next_index, n_left); + } + + vlib_node_increment_counter(m, tap_inject_arp_node.index, + ERROR_INJECT_ARP, out); + return f->n_vectors; +} + +VLIB_REGISTER_NODE(tap_inject_arp_node) = { + .function = tap_inject_arp, + .name = "tap-inject-arp", + .vector_size = sizeof(u32), + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(error_strings), + .error_strings = error_strings, + .n_next_nodes = 2, + .next_nodes = { + [NEXT_ARP] = "arp-input", + [NEXT_INJECT_ARP_ICMP] = "interface-output", + }, +}; -- cgit 1.2.3-korg