2 * vrrp.c - vrrp plugin action functions
4 * Copyright 2019-2020 Rubicon Communications, LLC (Netgate)
6 * SPDX-License-Identifier: Apache-2.0
10 #include <vnet/vnet.h>
11 #include <vnet/plugin/plugin.h>
12 #include <vnet/mfib/mfib_entry.h>
13 #include <vnet/mfib/mfib_table.h>
14 #include <vnet/adj/adj.h>
15 #include <vnet/adj/adj_mcast.h>
16 #include <vnet/fib/fib_table.h>
17 #include <vnet/fib/fib_sas.h>
18 #include <vnet/ip/igmp_packet.h>
19 #include <vnet/ip/ip6_link.h>
20 #include <vnet/ethernet/arp_packet.h>
22 #include <vrrp/vrrp.h>
23 #include <vrrp/vrrp_packet.h>
25 #include <vpp/app/version.h>
27 static const u8 vrrp4_dst_mac[6] = { 0x1, 0x0, 0x5e, 0x0, 0x0, 0x12 };
28 static const u8 vrrp6_dst_mac[6] = { 0x33, 0x33, 0x0, 0x0, 0x0, 0x12 };
29 static const u8 vrrp_src_mac_prefix[4] = { 0x0, 0x0, 0x5e, 0x0 };
32 vrrp_adv_l2_build_multicast (vrrp_vr_t * vr, vlib_buffer_t * b)
34 vnet_main_t *vnm = vnet_get_main ();
35 vnet_link_t link_type;
36 ethernet_header_t *eth;
42 eth = vlib_buffer_get_current (b);
44 if (vrrp_vr_is_ipv6 (vr))
46 dst_mac = vrrp6_dst_mac;
47 link_type = VNET_LINK_IP6;
52 dst_mac = vrrp4_dst_mac;
53 link_type = VNET_LINK_IP4;
57 rewrite = ethernet_build_rewrite (vnm, vr->config.sw_if_index, link_type,
59 clib_memcpy (eth, rewrite, vec_len (rewrite));
61 /* change the source mac from the HW addr to the VRRP virtual MAC */
63 (eth->src_address, vrrp_src_mac_prefix, sizeof (vrrp_src_mac_prefix));
64 eth->src_address[4] = mac_byte_ipver;
65 eth->src_address[5] = vr->config.vr_id;
67 n_bytes += vec_len (rewrite);
69 vlib_buffer_chain_increase_length (b, b, n_bytes);
70 vlib_buffer_advance (b, n_bytes);
77 #define VRRP4_MCAST_ADDR_AS_U8 { 224, 0, 0, 18 }
78 #define VRRP6_MCAST_ADDR_AS_U8 \
79 { 0xff, 0x2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x12 }
81 static const ip46_address_t vrrp4_mcast_addr = {
82 .ip4 = {.as_u8 = VRRP4_MCAST_ADDR_AS_U8,},
85 static const ip46_address_t vrrp6_mcast_addr = {
86 .ip6 = {.as_u8 = VRRP6_MCAST_ADDR_AS_U8,},
89 /* size of static parts of header + (# addrs * addr length) */
91 vrrp_adv_payload_len (vrrp_vr_t * vr)
93 u16 addr_len = vrrp_vr_is_ipv6 (vr) ? 16 : 4;
95 return sizeof (vrrp_header_t) + (vec_len (vr->config.vr_addrs) * addr_len);
99 vrrp_adv_l3_build (vrrp_vr_t * vr, vlib_buffer_t * b,
100 const ip46_address_t * dst)
102 if (!vrrp_vr_is_ipv6 (vr)) /* IPv4 */
104 ip4_header_t *ip4 = vlib_buffer_get_current (b);
107 clib_memset (ip4, 0, sizeof (*ip4));
108 ip4->ip_version_and_header_length = 0x45;
110 ip4->protocol = IP_PROTOCOL_VRRP;
111 clib_memcpy (&ip4->dst_address, &dst->ip4, sizeof (dst->ip4));
113 /* RFC 5798 Section 5.1.1.1 - Source Address "is the primary IPv4
114 * address of the interface the packet is being sent from". Assume
115 * this is the first address on the interface.
117 src4 = ip_interface_get_first_ip (vr->config.sw_if_index, 1);
118 ip4->src_address.as_u32 = src4->as_u32;
119 ip4->length = clib_host_to_net_u16 (sizeof (*ip4) +
120 vrrp_adv_payload_len (vr));
121 ip4->checksum = ip4_header_checksum (ip4);
123 vlib_buffer_chain_increase_length (b, b, sizeof (*ip4));
124 vlib_buffer_advance (b, sizeof (*ip4));
126 return sizeof (*ip4);
130 ip6_header_t *ip6 = vlib_buffer_get_current (b);
132 clib_memset (ip6, 0, sizeof (*ip6));
133 ip6->ip_version_traffic_class_and_flow_label = 0x00000060;
134 ip6->hop_limit = 255;
135 ip6->protocol = IP_PROTOCOL_VRRP;
136 clib_memcpy (&ip6->dst_address, &dst->ip6, sizeof (dst->ip6));
137 ip6_address_copy (&ip6->src_address,
138 ip6_get_link_local_address (vr->config.sw_if_index));
139 ip6->payload_length = clib_host_to_net_u16 (vrrp_adv_payload_len (vr));
141 vlib_buffer_chain_increase_length (b, b, sizeof (*ip6));
142 vlib_buffer_advance (b, sizeof (*ip6));
144 return sizeof (*ip6);
150 vrrp_adv_csum (void *l3_hdr, void *payload, u8 is_ipv6, u16 len)
153 u8 proto = IP_PROTOCOL_VRRP;
155 int word_size = sizeof (uword);
162 src_addr = &(((ip6_header_t *) l3_hdr)->src_address);
167 src_addr = &(((ip4_header_t *) l3_hdr)->src_address);
170 for (i = 0; i < (2 * addr_len); i += word_size)
172 if (word_size == sizeof (u64))
174 ip_csum_with_carry (csum, clib_mem_unaligned (src_addr + i, u64));
177 ip_csum_with_carry (csum, clib_mem_unaligned (src_addr + i, u32));
180 csum = ip_csum_with_carry (csum,
181 clib_host_to_net_u32 (len + (proto << 16)));
183 /* now do the payload */
184 csum = ip_incremental_checksum (csum, payload, len);
186 csum = ~ip_csum_fold (csum);
192 vrrp_adv_payload_build (vrrp_vr_t * vr, vlib_buffer_t * b, int shutdown)
194 vrrp_header_t *vrrp = vlib_buffer_get_current (b);
196 ip46_address_t *vr_addr;
202 n_addrs = vec_len (vr->config.vr_addrs);
203 is_ipv6 = vrrp_vr_is_ipv6 (vr);
209 len = sizeof (*vrrp) + n_addrs * sizeof (ip6_address_t);;
210 l3_hdr = vlib_buffer_get_current (b) - sizeof (ip6_header_t);
212 ip6->payload_length = clib_host_to_net_u16 (len);
216 len = sizeof (*vrrp) + n_addrs * sizeof (ip4_address_t);
217 l3_hdr = vlib_buffer_get_current (b) - sizeof (ip4_header_t);
220 vrrp->vrrp_version_and_type = 0x31;
221 vrrp->vr_id = vr->config.vr_id;
222 vrrp->priority = (shutdown) ? 0 : vrrp_vr_priority (vr);
223 vrrp->n_addrs = vec_len (vr->config.vr_addrs);
224 vrrp->rsvd_and_max_adv_int = clib_host_to_net_u16 (vr->config.adv_interval);
227 hdr_addr = (void *) (vrrp + 1);
229 vec_foreach (vr_addr, vr->config.vr_addrs)
233 clib_memcpy (hdr_addr, &vr_addr->ip6, 16);
238 clib_memcpy (hdr_addr, &vr_addr->ip4, 4);
243 vlib_buffer_chain_increase_length (b, b, vrrp_adv_payload_len (vr));
246 vrrp_adv_csum (l3_hdr, vrrp, is_ipv6, vrrp_adv_payload_len (vr));
251 static_always_inline u32
252 vrrp_adv_next_node (vrrp_vr_t * vr)
254 if (vrrp_vr_is_unicast (vr))
256 if (vrrp_vr_is_ipv6 (vr))
257 return ip6_lookup_node.index;
259 return ip4_lookup_node.index;
263 vrrp_main_t *vmp = &vrrp_main;
265 return vmp->intf_output_node_idx;
269 static_always_inline const ip46_address_t *
270 vrrp_adv_mcast_addr (vrrp_vr_t * vr)
272 if (vrrp_vr_is_ipv6 (vr))
273 return &vrrp6_mcast_addr;
275 return &vrrp4_mcast_addr;
279 vrrp_adv_send (vrrp_vr_t * vr, int shutdown)
281 vlib_main_t *vm = vlib_get_main ();
282 vlib_frame_t *to_frame;
283 int i, n_buffers = 1;
284 u32 node_index, *to_next, *bi = 0;
285 u8 is_unicast = vrrp_vr_is_unicast (vr);
287 node_index = vrrp_adv_next_node (vr);
290 n_buffers = vec_len (vr->config.peer_addrs);
294 /* A unicast VR will not start without peers added so this should
295 * not happen. Just avoiding a crash if it happened somehow.
297 clib_warning ("Unicast VR configuration corrupted for %U",
298 format_vrrp_vr_key, vr);
302 vec_validate (bi, n_buffers - 1);
303 if (vlib_buffer_alloc (vm, bi, n_buffers) != n_buffers)
305 clib_warning ("Buffer allocation failed for %U", format_vrrp_vr_key,
311 to_frame = vlib_get_frame_to_node (vm, node_index);
312 to_next = vlib_frame_vector_args (to_frame);
314 for (i = 0; i < n_buffers; i++)
318 const ip46_address_t *dst = vrrp_adv_mcast_addr (vr);
320 bi0 = vec_elt (bi, i);
321 b = vlib_get_buffer (vm, bi0);
323 b->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
324 vnet_buffer (b)->sw_if_index[VLIB_RX] = 0;
325 vnet_buffer (b)->sw_if_index[VLIB_TX] = vr->config.sw_if_index;
329 dst = vec_elt_at_index (vr->config.peer_addrs, i);
330 vnet_buffer (b)->sw_if_index[VLIB_TX] = ~0;
333 vrrp_adv_l2_build_multicast (vr, b);
335 vrrp_adv_l3_build (vr, b, dst);
336 vrrp_adv_payload_build (vr, b, shutdown);
338 vlib_buffer_reset (b);
343 to_frame->n_vectors = n_buffers;
345 vlib_put_frame_to_node (vm, node_index, to_frame);
353 vrrp6_na_pkt_build (vrrp_vr_t * vr, vlib_buffer_t * b, ip6_address_t * addr6)
355 vnet_main_t *vnm = vnet_get_main ();
356 vlib_main_t *vm = vlib_get_main ();
357 ethernet_header_t *eth;
359 icmp6_neighbor_solicitation_or_advertisement_header_t *na;
360 icmp6_neighbor_discovery_ethernet_link_layer_address_option_t *ll_opt;
361 int payload_length, bogus_length;
362 int rewrite_bytes = 0;
367 eth = vlib_buffer_get_current (b);
369 ip6_multicast_ethernet_address (dst_mac, IP6_MULTICAST_GROUP_ID_all_hosts);
371 ethernet_build_rewrite (vnm, vr->config.sw_if_index, VNET_LINK_IP6,
373 rewrite_bytes += vec_len (rewrite);
374 clib_memcpy (eth, rewrite, vec_len (rewrite));
377 b->current_length += rewrite_bytes;
378 vlib_buffer_advance (b, rewrite_bytes);
381 ip6 = vlib_buffer_get_current (b);
383 b->current_length += sizeof (*ip6);
384 clib_memset (ip6, 0, sizeof (*ip6));
386 ip6->ip_version_traffic_class_and_flow_label = 0x00000060;
387 ip6->protocol = IP_PROTOCOL_ICMP6;
388 ip6->hop_limit = 255;
389 ip6_set_reserved_multicast_address (&ip6->dst_address,
390 IP6_MULTICAST_SCOPE_link_local,
391 IP6_MULTICAST_GROUP_ID_all_hosts);
392 ip6_address_copy (&ip6->src_address,
393 ip6_get_link_local_address (vr->config.sw_if_index));
397 na = (icmp6_neighbor_solicitation_or_advertisement_header_t *) (ip6 + 1);
399 (icmp6_neighbor_discovery_ethernet_link_layer_address_option_t *) (na +
402 payload_length = sizeof (*na) + sizeof (*ll_opt);
403 b->current_length += payload_length;
404 clib_memset (na, 0, payload_length);
406 na->icmp.type = ICMP6_neighbor_advertisement; /* icmp code, csum are 0 */
407 na->target_address = *addr6;
408 na->advertisement_flags = clib_host_to_net_u32
409 (ICMP6_NEIGHBOR_ADVERTISEMENT_FLAG_OVERRIDE
410 | ICMP6_NEIGHBOR_ADVERTISEMENT_FLAG_ROUTER);
412 ll_opt->header.type =
413 ICMP6_NEIGHBOR_DISCOVERY_OPTION_target_link_layer_address;
414 ll_opt->header.n_data_u64s = 1;
415 clib_memcpy (ll_opt->ethernet_address, vr->runtime.mac.bytes,
416 sizeof (vr->runtime.mac));
418 ip6->payload_length = clib_host_to_net_u16 (payload_length);
420 ip6_tcp_udp_icmp_compute_checksum (vm, b, ip6, &bogus_length);
423 const mac_address_t broadcast_mac = {
424 .bytes = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff,},
428 vrrp4_garp_pkt_build (vrrp_vr_t * vr, vlib_buffer_t * b, ip4_address_t * ip4)
430 vnet_main_t *vnm = vnet_get_main ();
431 ethernet_header_t *eth;
432 ethernet_arp_header_t *arp;
436 eth = vlib_buffer_get_current (b);
439 ethernet_build_rewrite (vnm, vr->config.sw_if_index, VNET_LINK_ARP,
440 broadcast_mac.bytes);
441 rewrite_bytes = vec_len (rewrite);
442 clib_memcpy (eth, rewrite, rewrite_bytes);
445 b->current_length += rewrite_bytes;
446 vlib_buffer_advance (b, rewrite_bytes);
448 arp = vlib_buffer_get_current (b);
449 b->current_length += sizeof (*arp);
451 clib_memset (arp, 0, sizeof (*arp));
453 arp->l2_type = clib_host_to_net_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet);
454 arp->l3_type = clib_host_to_net_u16 (ETHERNET_TYPE_IP4);
455 arp->n_l2_address_bytes = 6;
456 arp->n_l3_address_bytes = 4;
457 arp->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request);
458 arp->ip4_over_ethernet[0].mac = vr->runtime.mac;
459 arp->ip4_over_ethernet[0].ip4 = *ip4;
460 arp->ip4_over_ethernet[1].mac = broadcast_mac;
461 arp->ip4_over_ethernet[1].ip4 = *ip4;
465 vrrp_garp_or_na_send (vrrp_vr_t * vr)
467 vlib_main_t *vm = vlib_get_main ();
468 vrrp_main_t *vmp = &vrrp_main;
469 vlib_frame_t *to_frame;
475 if (vec_len (vr->config.peer_addrs))
476 return 0; /* unicast is used in routed environments - don't garp */
478 n_buffers = vec_len (vr->config.vr_addrs);
481 clib_warning ("Unable to send gratuitous ARP for VR %U - no addresses",
482 format_vrrp_vr_key, vr);
486 /* need to send a packet for each VR address */
487 vec_validate (bi, n_buffers - 1);
489 if (vlib_buffer_alloc (vm, bi, n_buffers) != n_buffers)
491 clib_warning ("Buffer allocation failed for %U", format_vrrp_vr_key,
497 to_frame = vlib_get_frame_to_node (vm, vmp->intf_output_node_idx);
498 to_frame->n_vectors = 0;
499 to_next = vlib_frame_vector_args (to_frame);
501 for (i = 0; i < n_buffers; i++)
504 ip46_address_t *addr;
506 addr = vec_elt_at_index (vr->config.vr_addrs, i);
507 b = vlib_get_buffer (vm, bi[i]);
509 b->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
510 vnet_buffer (b)->sw_if_index[VLIB_RX] = 0;
511 vnet_buffer (b)->sw_if_index[VLIB_TX] = vr->config.sw_if_index;
513 if (vrrp_vr_is_ipv6 (vr))
514 vrrp6_na_pkt_build (vr, b, &addr->ip6);
516 vrrp4_garp_pkt_build (vr, b, &addr->ip4);
518 vlib_buffer_reset (b);
521 to_frame->n_vectors++;
524 vlib_put_frame_to_node (vm, vmp->intf_output_node_idx, to_frame);
529 #define IGMP4_MCAST_ADDR_AS_U8 { 224, 0, 0, 22 }
531 static const ip4_header_t igmp_ip4_mcast = {
532 .ip_version_and_header_length = 0x46, /* there's options! */
534 .protocol = IP_PROTOCOL_IGMP,
536 .dst_address = {.as_u8 = IGMP4_MCAST_ADDR_AS_U8,},
540 vrrp_igmp_pkt_build (vrrp_vr_t * vr, vlib_buffer_t * b)
544 igmp_membership_report_v3_t *report;
545 igmp_membership_group_v3_t *group;
548 ip4 = vlib_buffer_get_current (b);
549 clib_memcpy (ip4, &igmp_ip4_mcast, sizeof (*ip4));
551 /* Use the source address advertisements will use to join mcast group */
552 src4 = ip_interface_get_first_ip (vr->config.sw_if_index, 1);
553 ip4->src_address.as_u32 = src4->as_u32;
555 vlib_buffer_chain_increase_length (b, b, sizeof (*ip4));
556 vlib_buffer_advance (b, sizeof (*ip4));
558 ip4_options = (u8 *) (ip4 + 1);
559 ip4_options[0] = 0x94; /* 10010100 == the router alert option */
560 ip4_options[1] = 0x04; /* length == 4 bytes */
561 ip4_options[2] = 0x0; /* value == Router shall examine packet */
562 ip4_options[3] = 0x0; /* reserved */
564 vlib_buffer_chain_increase_length (b, b, 4);
565 vlib_buffer_advance (b, 4);
567 report = vlib_buffer_get_current (b);
569 report->header.type = IGMP_TYPE_membership_report_v3;
570 report->header.code = 0;
571 report->header.checksum = 0;
573 report->n_groups = clib_host_to_net_u16 (1);
575 vlib_buffer_chain_increase_length (b, b, sizeof (*report));
576 vlib_buffer_advance (b, sizeof (*report));
578 group = vlib_buffer_get_current (b);
579 group->type = IGMP_MEMBERSHIP_GROUP_change_to_exclude;
580 group->n_aux_u32s = 0;
581 group->n_src_addresses = 0;
582 group->group_address.as_u32 = clib_host_to_net_u32 (0xe0000012);
584 vlib_buffer_chain_increase_length (b, b, sizeof (*group));
585 vlib_buffer_advance (b, sizeof (*group));
587 ip4->length = clib_host_to_net_u16 (b->current_data);
588 ip4->checksum = ip4_header_checksum (ip4);
590 int payload_len = vlib_buffer_get_current (b) - ((void *) report);
591 report->header.checksum =
592 ~ip_csum_fold (ip_incremental_checksum (0, report, payload_len));
594 vlib_buffer_reset (b);
597 /* multicast listener report packet format for ethernet. */
598 typedef CLIB_PACKED (struct
600 ip6_hop_by_hop_ext_t ext_hdr;
601 ip6_router_alert_option_t alert;
602 ip6_padN_option_t pad;
603 icmp46_header_t icmp;
605 u16 num_addr_records;
606 icmp6_multicast_address_record_t records[0];
607 }) icmp6_multicast_listener_report_header_t;
610 vrrp_icmp6_mlr_pkt_build (vrrp_vr_t * vr, vlib_buffer_t * b)
612 vlib_main_t *vm = vlib_get_main ();
614 icmp6_multicast_listener_report_header_t *rh;
615 icmp6_multicast_address_record_t *rr;
616 ip46_address_t *vr_addr;
617 int bogus_length, n_addrs;
620 n_addrs = vec_len (vr->config.vr_addrs) + 1;
621 payload_length = sizeof (*rh) + (n_addrs * sizeof (*rr));
622 b->current_length = sizeof (*ip6) + payload_length;
623 b->error = ICMP6_ERROR_NONE;
625 ip6 = vlib_buffer_get_current (b);
626 rh = (icmp6_multicast_listener_report_header_t *) (ip6 + 1);
627 rr = (icmp6_multicast_address_record_t *) (rh + 1);
630 clib_memset (ip6, 0, b->current_length);
631 ip6->ip_version_traffic_class_and_flow_label =
632 clib_host_to_net_u32 (0x60000000);
634 ip6->protocol = IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS;
635 ip6_set_reserved_multicast_address (&ip6->dst_address,
636 IP6_MULTICAST_SCOPE_link_local,
637 IP6_MULTICAST_GROUP_ID_mldv2_routers);
638 ip6_address_copy (&ip6->src_address,
639 ip6_get_link_local_address (vr->config.sw_if_index));
641 clib_memset (rh, 0, sizeof (*rh));
643 /* v6 hop by hop extension header */
644 rh->ext_hdr.next_hdr = IP_PROTOCOL_ICMP6;
645 rh->ext_hdr.n_data_u64s = 0;
647 rh->alert.type = IP6_MLDP_ALERT_TYPE;
655 rh->icmp.type = ICMP6_multicast_listener_report_v2;
656 rh->icmp.checksum = 0;
659 rh->num_addr_records = clib_host_to_net_u16 (n_addrs);
661 /* group addresses */
663 /* All VRRP routers group */
665 rr->aux_data_len_u32s = 0;
668 (&rr->mcast_addr, &vrrp6_mcast_addr.ip6, sizeof (ip6_address_t));
670 /* solicited node multicast addresses for VR addrs */
671 vec_foreach (vr_addr, vr->config.vr_addrs)
677 rr->aux_data_len_u32s = 0;
680 id = clib_net_to_host_u32 (vr_addr->ip6.as_u32[3]) & 0x00ffffff;
681 ip6_set_solicited_node_multicast_address (&rr->mcast_addr, id);
684 ip6->payload_length = clib_host_to_net_u16 (payload_length);
685 rh->icmp.checksum = ip6_tcp_udp_icmp_compute_checksum (vm, b, ip6,
690 vrrp_vr_multicast_group_join (vrrp_vr_t * vr)
692 vlib_main_t *vm = vlib_get_main ();
695 vnet_main_t *vnm = vnet_get_main ();
697 u32 bi = 0, *to_next;
702 if (!vnet_sw_interface_is_up (vnm, vr->config.sw_if_index))
705 is_ipv6 = vrrp_vr_is_ipv6 (vr);
707 if (is_ipv6 && ip6_link_is_enabled (vr->config.sw_if_index) == 0)
710 if (vlib_buffer_alloc (vm, &bi, n_buffers) != n_buffers)
712 clib_warning ("Buffer allocation failed for %U", format_vrrp_vr_key,
717 b = vlib_get_buffer (vm, bi);
719 b->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
721 vnet_buffer (b)->sw_if_index[VLIB_RX] = 0;
722 vnet_buffer (b)->sw_if_index[VLIB_TX] = vr->config.sw_if_index;
724 intf = vrrp_intf_get (vr->config.sw_if_index);
725 vnet_buffer (b)->ip.adj_index[VLIB_TX] = intf->mcast_adj_index[is_ipv6];
729 vrrp_icmp6_mlr_pkt_build (vr, b);
730 node_index = ip6_rewrite_mcast_node.index;
734 vrrp_igmp_pkt_build (vr, b);
735 node_index = ip4_rewrite_mcast_node.index;
738 f = vlib_get_frame_to_node (vm, node_index);
739 to_next = vlib_frame_vector_args (f);
743 vlib_put_frame_to_node (vm, node_index, f);
750 * fd.io coding-style-patch-verification: ON
753 * eval: (c-set-style "gnu")