2 * ethernet/arp.c: IP v4 ARP node
4 * Copyright (c) 2010 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/ip/ip.h>
19 #include <vnet/ip/ip_neighbor.h>
20 #include <vnet/ip/ip6.h>
21 #include <vnet/ethernet/ethernet.h>
22 #include <vnet/ethernet/arp.h>
23 #include <vnet/l2/l2_input.h>
24 #include <vppinfra/mhash.h>
25 #include <vnet/fib/ip4_fib.h>
26 #include <vnet/fib/fib_entry_src.h>
27 #include <vnet/adj/adj_nbr.h>
28 #include <vnet/adj/adj_mcast.h>
29 #include <vnet/mpls/mpls.h>
30 #include <vnet/l2/feat_bitmap.h>
32 #include <vlibmemory/api.h>
38 * This file contains code to manage the IPv4 ARP tables (IP Address
39 * to MAC Address lookup).
44 * @brief Per-interface ARP configuration and state
46 typedef struct ethernet_arp_interface_t_
49 * Hash table of ARP entries.
50 * Since this hash table is per-interface, the key is only the IPv4 address.
54 * Is ARP enabled on this interface
58 * Is Proxy ARP enabled on this interface
61 } ethernet_arp_interface_t;
65 ip4_address_t lo_addr;
66 ip4_address_t hi_addr;
68 } ethernet_proxy_arp_t;
76 /* Used for arp event notification only */
77 arp_change_event_cb_t data_callback;
79 } pending_resolution_t;
83 /* Hash tables mapping name to opcode. */
84 uword *opcode_by_name;
86 /* lite beer "glean" adjacency handling */
87 uword *pending_resolutions_by_address;
88 pending_resolution_t *pending_resolutions;
90 /* Mac address change notification */
91 uword *mac_changes_by_address;
92 pending_resolution_t *mac_changes;
94 ethernet_arp_ip4_entry_t *ip4_entry_pool;
96 /* ARP attack mitigation */
98 u32 limit_arp_cache_size;
100 /** Per interface state */
101 ethernet_arp_interface_t *ethernet_arp_by_sw_if_index;
103 /* Proxy arp vector */
104 ethernet_proxy_arp_t *proxy_arps;
106 uword wc_ip4_arp_publisher_node;
107 uword wc_ip4_arp_publisher_et;
109 /* ARP feature arc index */
110 u8 feature_arc_index;
111 } ethernet_arp_main_t;
113 static ethernet_arp_main_t ethernet_arp_main;
120 ip_neighbor_flags_t nbr_flags;
122 #define ETHERNET_ARP_ARGS_REMOVE (1<<0)
123 #define ETHERNET_ARP_ARGS_FLUSH (1<<1)
124 #define ETHERNET_ARP_ARGS_POPULATE (1<<2)
125 #define ETHERNET_ARP_ARGS_WC_PUB (1<<3)
126 } vnet_arp_set_ip4_over_ethernet_rpc_args_t;
128 static const u8 vrrp_prefix[] = { 0x00, 0x00, 0x5E, 0x00, 0x01 };
130 /* Node index for send_garp_na_process */
131 u32 send_garp_na_process_node_index;
134 set_ip4_over_ethernet_rpc_callback (vnet_arp_set_ip4_over_ethernet_rpc_args_t
138 format_ethernet_arp_hardware_type (u8 * s, va_list * va)
140 ethernet_arp_hardware_type_t h = va_arg (*va, ethernet_arp_hardware_type_t);
144 #define _(n,f) case n: t = #f; break;
145 foreach_ethernet_arp_hardware_type;
149 return format (s, "unknown 0x%x", h);
152 return format (s, "%s", t);
156 format_ethernet_arp_opcode (u8 * s, va_list * va)
158 ethernet_arp_opcode_t o = va_arg (*va, ethernet_arp_opcode_t);
162 #define _(f) case ETHERNET_ARP_OPCODE_##f: t = #f; break;
163 foreach_ethernet_arp_opcode;
167 return format (s, "unknown 0x%x", o);
170 return format (s, "%s", t);
174 unformat_ethernet_arp_opcode_host_byte_order (unformat_input_t * input,
177 int *result = va_arg (*args, int *);
178 ethernet_arp_main_t *am = ðernet_arp_main;
181 /* Numeric opcode. */
182 if (unformat (input, "0x%x", &x) || unformat (input, "%d", &x))
191 if (unformat_user (input, unformat_vlib_number_by_name,
192 am->opcode_by_name, &i))
202 unformat_ethernet_arp_opcode_net_byte_order (unformat_input_t * input,
205 int *result = va_arg (*args, int *);
207 (input, unformat_ethernet_arp_opcode_host_byte_order, result))
210 *result = clib_host_to_net_u16 ((u16) * result);
215 format_ethernet_arp_header (u8 * s, va_list * va)
217 ethernet_arp_header_t *a = va_arg (*va, ethernet_arp_header_t *);
218 u32 max_header_bytes = va_arg (*va, u32);
220 u16 l2_type, l3_type;
222 if (max_header_bytes != 0 && sizeof (a[0]) > max_header_bytes)
223 return format (s, "ARP header truncated");
225 l2_type = clib_net_to_host_u16 (a->l2_type);
226 l3_type = clib_net_to_host_u16 (a->l3_type);
228 indent = format_get_indent (s);
230 s = format (s, "%U, type %U/%U, address size %d/%d",
231 format_ethernet_arp_opcode, clib_net_to_host_u16 (a->opcode),
232 format_ethernet_arp_hardware_type, l2_type,
233 format_ethernet_type, l3_type,
234 a->n_l2_address_bytes, a->n_l3_address_bytes);
236 if (l2_type == ETHERNET_ARP_HARDWARE_TYPE_ethernet
237 && l3_type == ETHERNET_TYPE_IP4)
239 s = format (s, "\n%U%U/%U -> %U/%U",
240 format_white_space, indent,
241 format_mac_address_t, &a->ip4_over_ethernet[0].mac,
242 format_ip4_address, &a->ip4_over_ethernet[0].ip4,
243 format_mac_address_t, &a->ip4_over_ethernet[1].mac,
244 format_ip4_address, &a->ip4_over_ethernet[1].ip4);
248 uword n2 = a->n_l2_address_bytes;
249 uword n3 = a->n_l3_address_bytes;
250 s = format (s, "\n%U%U/%U -> %U/%U",
251 format_white_space, indent,
252 format_hex_bytes, a->data + 0 * n2 + 0 * n3, n2,
253 format_hex_bytes, a->data + 1 * n2 + 0 * n3, n3,
254 format_hex_bytes, a->data + 1 * n2 + 1 * n3, n2,
255 format_hex_bytes, a->data + 2 * n2 + 1 * n3, n3);
262 format_ethernet_arp_ip4_entry (u8 * s, va_list * va)
264 vnet_main_t *vnm = va_arg (*va, vnet_main_t *);
265 ethernet_arp_ip4_entry_t *e = va_arg (*va, ethernet_arp_ip4_entry_t *);
266 vnet_sw_interface_t *si;
270 return format (s, "%=12s%=16s%=6s%=20s%=24s", "Time", "IP4",
271 "Flags", "Ethernet", "Interface");
273 si = vnet_get_sw_interface (vnm, e->sw_if_index);
275 if (e->flags & IP_NEIGHBOR_FLAG_STATIC)
276 flags = format (flags, "S");
278 if (e->flags & IP_NEIGHBOR_FLAG_DYNAMIC)
279 flags = format (flags, "D");
281 if (e->flags & IP_NEIGHBOR_FLAG_NO_FIB_ENTRY)
282 flags = format (flags, "N");
284 s = format (s, "%=12U%=16U%=6s%=20U%U",
285 format_vlib_time, vnm->vlib_main, e->time_last_updated,
286 format_ip4_address, &e->ip4_address,
287 flags ? (char *) flags : "",
288 format_mac_address_t, &e->mac,
289 format_vnet_sw_interface_name, vnm, si);
298 } ethernet_arp_input_trace_t;
301 format_ethernet_arp_input_trace (u8 * s, va_list * va)
303 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *);
304 CLIB_UNUSED (vlib_node_t * node) = va_arg (*va, vlib_node_t *);
305 ethernet_arp_input_trace_t *t = va_arg (*va, ethernet_arp_input_trace_t *);
308 format_ethernet_arp_header,
309 t->packet_data, sizeof (t->packet_data));
315 format_arp_term_input_trace (u8 * s, va_list * va)
317 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *);
318 CLIB_UNUSED (vlib_node_t * node) = va_arg (*va, vlib_node_t *);
319 ethernet_arp_input_trace_t *t = va_arg (*va, ethernet_arp_input_trace_t *);
321 /* arp-term trace data saved is either arp or ip6/icmp6 packet:
322 - for arp, the 1st 16-bit field is hw type of value of 0x0001.
323 - for ip6, the first nibble has value of 6. */
324 s = format (s, "%U", t->packet_data[0] == 0 ?
325 format_ethernet_arp_header : format_ip6_header,
326 t->packet_data, sizeof (t->packet_data));
332 arp_nbr_probe (ip_adjacency_t * adj)
334 vnet_main_t *vnm = vnet_get_main ();
335 ip4_main_t *im = &ip4_main;
336 ip_interface_address_t *ia;
337 ethernet_arp_header_t *h;
338 vnet_hw_interface_t *hi;
339 vnet_sw_interface_t *si;
345 vm = vlib_get_main ();
347 si = vnet_get_sw_interface (vnm, adj->rewrite_header.sw_if_index);
349 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
355 ip4_interface_address_matching_destination (im,
356 &adj->sub_type.nbr.next_hop.
366 vlib_packet_template_get_packet (vm, &im->ip4_arp_request_packet_template,
371 hi = vnet_get_sup_hw_interface (vnm, adj->rewrite_header.sw_if_index);
373 mac_address_from_bytes (&h->ip4_over_ethernet[0].mac, hi->hw_address);
375 h->ip4_over_ethernet[0].ip4 = src[0];
376 h->ip4_over_ethernet[1].ip4 = adj->sub_type.nbr.next_hop.ip4;
378 b = vlib_get_buffer (vm, bi);
379 vnet_buffer (b)->sw_if_index[VLIB_RX] =
380 vnet_buffer (b)->sw_if_index[VLIB_TX] = adj->rewrite_header.sw_if_index;
382 /* Add encapsulation string for software interface (e.g. ethernet header). */
383 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
384 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
387 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
388 u32 *to_next = vlib_frame_vector_args (f);
391 vlib_put_frame_to_node (vm, hi->output_node_index, f);
396 arp_mk_complete (adj_index_t ai, ethernet_arp_ip4_entry_t * e)
398 adj_nbr_update_rewrite
399 (ai, ADJ_NBR_REWRITE_FLAG_COMPLETE,
400 ethernet_build_rewrite (vnet_get_main (),
402 adj_get_link_type (ai), &e->mac));
406 arp_mk_incomplete (adj_index_t ai)
408 ip_adjacency_t *adj = adj_get (ai);
410 adj_nbr_update_rewrite
412 ADJ_NBR_REWRITE_FLAG_INCOMPLETE,
413 ethernet_build_rewrite (vnet_get_main (),
414 adj->rewrite_header.sw_if_index,
416 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
419 static ethernet_arp_ip4_entry_t *
420 arp_entry_find (ethernet_arp_interface_t * eai, const ip4_address_t * addr)
422 ethernet_arp_main_t *am = ðernet_arp_main;
423 ethernet_arp_ip4_entry_t *e = NULL;
426 if (NULL != eai->arp_entries)
428 p = hash_get (eai->arp_entries, addr->as_u32);
432 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
439 arp_mk_complete_walk (adj_index_t ai, void *ctx)
441 ethernet_arp_ip4_entry_t *e = ctx;
443 arp_mk_complete (ai, e);
445 return (ADJ_WALK_RC_CONTINUE);
449 arp_mk_incomplete_walk (adj_index_t ai, void *ctx)
451 arp_mk_incomplete (ai);
453 return (ADJ_WALK_RC_CONTINUE);
457 arp_is_enabled (ethernet_arp_main_t * am, u32 sw_if_index)
459 if (vec_len (am->ethernet_arp_by_sw_if_index) <= sw_if_index)
462 return (am->ethernet_arp_by_sw_if_index[sw_if_index].enabled);
466 arp_enable (ethernet_arp_main_t * am, u32 sw_if_index)
468 if (arp_is_enabled (am, sw_if_index))
471 vec_validate (am->ethernet_arp_by_sw_if_index, sw_if_index);
473 am->ethernet_arp_by_sw_if_index[sw_if_index].enabled = 1;
475 vnet_feature_enable_disable ("arp", "arp-reply", sw_if_index, 1, NULL, 0);
479 vnet_arp_flush_ip4_over_ethernet_internal (vnet_main_t * vnm,
480 vnet_arp_set_ip4_over_ethernet_rpc_args_t
484 arp_disable (ethernet_arp_main_t * am, u32 sw_if_index)
486 ethernet_arp_interface_t *eai;
487 ethernet_arp_ip4_entry_t *e;
488 u32 i, *to_delete = 0;
491 if (!arp_is_enabled (am, sw_if_index))
494 vnet_feature_enable_disable ("arp", "arp-reply", sw_if_index, 0, NULL, 0);
496 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
500 hash_foreach_pair (pair, eai->arp_entries,
502 e = pool_elt_at_index(am->ip4_entry_pool,
504 vec_add1 (to_delete, e - am->ip4_entry_pool);
508 for (i = 0; i < vec_len (to_delete); i++)
510 e = pool_elt_at_index (am->ip4_entry_pool, to_delete[i]);
512 vnet_arp_set_ip4_over_ethernet_rpc_args_t delme = {
513 .ip4.as_u32 = e->ip4_address.as_u32,
514 .sw_if_index = e->sw_if_index,
515 .flags = ETHERNET_ARP_ARGS_FLUSH,
517 mac_address_copy (&delme.mac, &e->mac);
519 vnet_arp_flush_ip4_over_ethernet_internal (vnet_get_main (), &delme);
522 vec_free (to_delete);
528 arp_update_adjacency (vnet_main_t * vnm, u32 sw_if_index, u32 ai)
530 ethernet_arp_main_t *am = ðernet_arp_main;
531 ethernet_arp_interface_t *arp_int;
532 ethernet_arp_ip4_entry_t *e;
537 arp_enable (am, sw_if_index);
538 arp_int = &am->ethernet_arp_by_sw_if_index[sw_if_index];
539 e = arp_entry_find (arp_int, &adj->sub_type.nbr.next_hop.ip4);
541 switch (adj->lookup_next_index)
543 case IP_LOOKUP_NEXT_GLEAN:
544 adj_glean_update_rewrite (ai);
546 case IP_LOOKUP_NEXT_ARP:
549 adj_nbr_walk_nh4 (sw_if_index,
550 &e->ip4_address, arp_mk_complete_walk, e);
555 * no matching ARP entry.
556 * construct the rewrite required to for an ARP packet, and stick
557 * that in the adj's pipe to smoke.
559 adj_nbr_update_rewrite
561 ADJ_NBR_REWRITE_FLAG_INCOMPLETE,
562 ethernet_build_rewrite
566 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
569 * since the FIB has added this adj for a route, it makes sense it
570 * may want to forward traffic sometime soon. Let's send a
571 * speculative ARP. just one. If we were to do periodically that
572 * wouldn't be bad either, but that's more code than i'm prepared to
573 * write at this time for relatively little reward.
578 case IP_LOOKUP_NEXT_BCAST:
579 adj_nbr_update_rewrite (ai,
580 ADJ_NBR_REWRITE_FLAG_COMPLETE,
581 ethernet_build_rewrite
585 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
587 case IP_LOOKUP_NEXT_MCAST:
590 * Construct a partial rewrite from the known ethernet mcast dest MAC
595 rewrite = ethernet_build_rewrite (vnm,
598 ethernet_ip4_mcast_dst_addr ());
599 offset = vec_len (rewrite) - 2;
602 * Complete the remaining fields of the adj's rewrite to direct the
603 * complete of the rewrite at switch time by copying in the IP
604 * dst address's bytes.
605 * Offset is 2 bytes into the MAC destination address.
607 adj_mcast_update_rewrite (ai, rewrite, offset);
611 case IP_LOOKUP_NEXT_DROP:
612 case IP_LOOKUP_NEXT_PUNT:
613 case IP_LOOKUP_NEXT_LOCAL:
614 case IP_LOOKUP_NEXT_REWRITE:
615 case IP_LOOKUP_NEXT_MCAST_MIDCHAIN:
616 case IP_LOOKUP_NEXT_MIDCHAIN:
617 case IP_LOOKUP_NEXT_ICMP_ERROR:
618 case IP_LOOKUP_N_NEXT:
625 arp_adj_fib_add (ethernet_arp_ip4_entry_t * e, u32 fib_index)
629 .fp_proto = FIB_PROTOCOL_IP4,
630 .fp_addr.ip4 = e->ip4_address,
634 fib_table_entry_path_add (fib_index, &pfx, FIB_SOURCE_ADJ,
635 FIB_ENTRY_FLAG_ATTACHED,
636 DPO_PROTO_IP4, &pfx.fp_addr,
637 e->sw_if_index, ~0, 1, NULL,
638 FIB_ROUTE_PATH_FLAG_NONE);
639 fib_table_lock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_ADJ);
643 arp_adj_fib_remove (ethernet_arp_ip4_entry_t * e, u32 fib_index)
645 if (FIB_NODE_INDEX_INVALID != e->fib_entry_index)
649 .fp_proto = FIB_PROTOCOL_IP4,
650 .fp_addr.ip4 = e->ip4_address,
654 fib_index = ip4_fib_table_get_index_for_sw_if_index (e->sw_if_index);
656 fib_table_entry_path_remove (fib_index, &pfx,
660 e->sw_if_index, ~0, 1,
661 FIB_ROUTE_PATH_FLAG_NONE);
662 fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_ADJ);
666 static ethernet_arp_ip4_entry_t *
667 force_reuse_arp_entry (void)
669 ethernet_arp_ip4_entry_t *e;
670 ethernet_arp_main_t *am = ðernet_arp_main;
672 u32 index = pool_next_index (am->ip4_entry_pool, am->arp_delete_rotor);
673 if (index == ~0) /* Try again from elt 0 */
674 index = pool_next_index (am->ip4_entry_pool, index);
676 /* Find a non-static random entry to free up for reuse */
679 if ((count++ == 100) || (index == ~0))
680 return NULL; /* give up after 100 entries */
681 e = pool_elt_at_index (am->ip4_entry_pool, index);
682 am->arp_delete_rotor = index;
683 index = pool_next_index (am->ip4_entry_pool, index);
685 while (e->flags & IP_NEIGHBOR_FLAG_STATIC);
687 /* Remove ARP entry from its interface and update fib */
689 (am->ethernet_arp_by_sw_if_index[e->sw_if_index].arp_entries,
690 e->ip4_address.as_u32);
692 (e, ip4_fib_table_get_index_for_sw_if_index (e->sw_if_index));
693 adj_nbr_walk_nh4 (e->sw_if_index,
694 &e->ip4_address, arp_mk_incomplete_walk, e);
699 vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm,
700 vnet_arp_set_ip4_over_ethernet_rpc_args_t
703 ethernet_arp_ip4_entry_t *e = 0;
704 ethernet_arp_main_t *am = ðernet_arp_main;
705 vlib_main_t *vm = vlib_get_main ();
706 int make_new_arp_cache_entry = 1;
708 pending_resolution_t *pr, *mc;
709 ethernet_arp_interface_t *arp_int;
710 u32 sw_if_index = args->sw_if_index;
712 arp_enable (am, sw_if_index);
714 arp_int = &am->ethernet_arp_by_sw_if_index[sw_if_index];
716 if (NULL != arp_int->arp_entries)
718 p = hash_get (arp_int->arp_entries, args->ip4.as_u32);
721 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
723 /* Refuse to over-write static arp. */
724 if (!(args->nbr_flags & IP_NEIGHBOR_FLAG_STATIC) &&
725 (e->flags & IP_NEIGHBOR_FLAG_STATIC))
727 /* if MAC address match, still check to send event */
728 if (mac_address_equal (&e->mac, &args->mac))
729 goto check_customers;
732 make_new_arp_cache_entry = 0;
736 if (make_new_arp_cache_entry)
738 if (am->limit_arp_cache_size &&
739 pool_elts (am->ip4_entry_pool) >= am->limit_arp_cache_size)
741 e = force_reuse_arp_entry ();
746 pool_get (am->ip4_entry_pool, e);
748 if (NULL == arp_int->arp_entries)
749 arp_int->arp_entries = hash_create (0, sizeof (u32));
751 hash_set (arp_int->arp_entries, args->ip4.as_u32,
752 e - am->ip4_entry_pool);
754 e->sw_if_index = sw_if_index;
755 e->ip4_address = args->ip4;
756 e->fib_entry_index = FIB_NODE_INDEX_INVALID;
757 mac_address_copy (&e->mac, &args->mac);
759 if (!(args->nbr_flags & IP_NEIGHBOR_FLAG_NO_FIB_ENTRY))
762 ip4_fib_table_get_index_for_sw_if_index
767 e->flags |= IP_NEIGHBOR_FLAG_NO_FIB_ENTRY;
773 * prevent a DoS attack from the data-plane that
774 * spams us with no-op updates to the MAC address
776 if (mac_address_equal (&e->mac, &args->mac))
778 e->time_last_updated = vlib_time_now (vm);
779 goto check_customers;
782 /* Update ethernet address. */
783 mac_address_copy (&e->mac, &args->mac);
786 /* Update time stamp and flags. */
787 e->time_last_updated = vlib_time_now (vm);
788 if (args->nbr_flags & IP_NEIGHBOR_FLAG_STATIC)
790 e->flags &= ~IP_NEIGHBOR_FLAG_DYNAMIC;
791 e->flags |= IP_NEIGHBOR_FLAG_STATIC;
795 e->flags &= ~IP_NEIGHBOR_FLAG_STATIC;
796 e->flags |= IP_NEIGHBOR_FLAG_DYNAMIC;
799 adj_nbr_walk_nh4 (sw_if_index, &e->ip4_address, arp_mk_complete_walk, e);
802 /* Customer(s) waiting for this address to be resolved? */
803 p = hash_get (am->pending_resolutions_by_address, args->ip4.as_u32);
809 while (next_index != (u32) ~ 0)
811 pr = pool_elt_at_index (am->pending_resolutions, next_index);
812 vlib_process_signal_event (vm, pr->node_index,
813 pr->type_opaque, pr->data);
814 next_index = pr->next_index;
815 pool_put (am->pending_resolutions, pr);
818 hash_unset (am->pending_resolutions_by_address, args->ip4.as_u32);
821 /* Customer(s) requesting ARP event for this address? */
822 p = hash_get (am->mac_changes_by_address, args->ip4.as_u32);
828 while (next_index != (u32) ~ 0)
831 mc = pool_elt_at_index (am->mac_changes, next_index);
833 /* Call the user's data callback, return 1 to suppress dup events */
834 if (mc->data_callback)
835 rv = (mc->data_callback) (mc->data, &args->mac, sw_if_index, 0);
838 * Signal the resolver process, as long as the user
839 * says they want to be notified
842 vlib_process_signal_event (vm, mc->node_index,
843 mc->type_opaque, mc->data);
844 next_index = mc->next_index;
852 vnet_register_ip4_arp_resolution_event (vnet_main_t * vnm,
855 uword type_opaque, uword data)
857 ethernet_arp_main_t *am = ðernet_arp_main;
858 ip4_address_t *address = address_arg;
860 pending_resolution_t *pr;
862 pool_get (am->pending_resolutions, pr);
865 pr->node_index = node_index;
866 pr->type_opaque = type_opaque;
868 pr->data_callback = 0;
870 p = hash_get (am->pending_resolutions_by_address, address->as_u32);
873 /* Insert new resolution at the head of the list */
874 pr->next_index = p[0];
875 hash_unset (am->pending_resolutions_by_address, address->as_u32);
878 hash_set (am->pending_resolutions_by_address, address->as_u32,
879 pr - am->pending_resolutions);
883 vnet_add_del_ip4_arp_change_event (vnet_main_t * vnm,
884 arp_change_event_cb_t data_callback,
888 uword type_opaque, uword data, int is_add)
890 ethernet_arp_main_t *am = ðernet_arp_main;
891 ip4_address_t *address = address_arg;
893 /* Try to find an existing entry */
894 u32 *first = (u32 *) hash_get (am->mac_changes_by_address, address->as_u32);
896 pending_resolution_t *mc;
897 while (p && *p != ~0)
899 mc = pool_elt_at_index (am->mac_changes, *p);
900 if (mc->node_index == node_index && mc->type_opaque == type_opaque
906 int found = p && *p != ~0;
910 return VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
912 pool_get (am->mac_changes, mc);
914 *mc = (pending_resolution_t)
917 .node_index = node_index,
918 .type_opaque = type_opaque,
920 .data_callback = data_callback,
925 /* Insert new resolution at the end of the list */
926 u32 new_idx = mc - am->mac_changes;
930 hash_set (am->mac_changes_by_address, address->as_u32, new_idx);
935 return VNET_API_ERROR_NO_SUCH_ENTRY;
937 /* Clients may need to clean up pool entries, too */
939 /* no new mac addrs */
940 (data_callback) (mc->data, NULL, ~0, NULL);
942 /* Remove the entry from the list and delete the entry */
944 pool_put (am->mac_changes, mc);
946 /* Remove from hash if we deleted the last entry */
947 if (*p == ~0 && p == first)
948 hash_unset (am->mac_changes_by_address, address->as_u32);
953 /* Either we drop the packet or we send a reply to the sender. */
957 ARP_REPLY_NEXT_REPLY_TX,
961 #define foreach_ethernet_arp_error \
962 _ (replies_sent, "ARP replies sent") \
963 _ (l2_type_not_ethernet, "L2 type not ethernet") \
964 _ (l3_type_not_ip4, "L3 type not IP4") \
965 _ (l3_src_address_not_local, "IP4 source address not local to subnet") \
966 _ (l3_dst_address_not_local, "IP4 destination address not local to subnet") \
967 _ (l3_dst_address_unset, "IP4 destination address is unset") \
968 _ (l3_src_address_is_local, "IP4 source address matches local interface") \
969 _ (l3_src_address_learned, "ARP request IP4 source address learned") \
970 _ (replies_received, "ARP replies received") \
971 _ (opcode_not_request, "ARP opcode not request") \
972 _ (proxy_arp_replies_sent, "Proxy ARP replies sent") \
973 _ (l2_address_mismatch, "ARP hw addr does not match L2 frame src addr") \
974 _ (gratuitous_arp, "ARP probe or announcement dropped") \
975 _ (interface_no_table, "Interface is not mapped to an IP table") \
976 _ (interface_not_ip_enabled, "Interface is not IP enabled") \
977 _ (unnumbered_mismatch, "RX interface is unnumbered to different subnet") \
981 #define _(sym,string) ETHERNET_ARP_ERROR_##sym,
982 foreach_ethernet_arp_error
984 ETHERNET_ARP_N_ERROR,
985 } ethernet_arp_reply_error_t;
988 arp_unnumbered (vlib_buffer_t * p0,
989 u32 input_sw_if_index, u32 conn_sw_if_index)
991 vnet_main_t *vnm = vnet_get_main ();
992 vnet_interface_main_t *vim = &vnm->interface_main;
993 vnet_sw_interface_t *si;
995 /* verify that the input interface is unnumbered to the connected.
996 * the connected interface is the interface on which the subnet is
998 si = &vim->sw_interfaces[input_sw_if_index];
1000 if (!(si->flags & VNET_SW_INTERFACE_FLAG_UNNUMBERED &&
1001 (si->unnumbered_sw_if_index == conn_sw_if_index)))
1003 /* the input interface is not unnumbered to the interface on which
1004 * the sub-net is configured that covers the ARP request.
1005 * So this is not the case for unnumbered.. */
1013 arp_learn (vnet_main_t * vnm,
1014 ethernet_arp_main_t * am, u32 sw_if_index,
1015 const ethernet_arp_ip4_over_ethernet_address_t * addr)
1017 vnet_arp_set_ip4_over_ethernet (vnm, sw_if_index, addr, 0);
1018 return (ETHERNET_ARP_ERROR_l3_src_address_learned);
1021 typedef enum arp_input_next_t_
1023 ARP_INPUT_NEXT_DROP,
1028 arp_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1030 u32 n_left_from, next_index, *from, *to_next, n_left_to_next;
1031 ethernet_arp_main_t *am = ðernet_arp_main;
1033 from = vlib_frame_vector_args (frame);
1034 n_left_from = frame->n_vectors;
1035 next_index = node->cached_next_index;
1037 if (node->flags & VLIB_NODE_FLAG_TRACE)
1038 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
1040 sizeof (ethernet_arp_input_trace_t));
1042 while (n_left_from > 0)
1044 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1046 while (n_left_from > 0 && n_left_to_next > 0)
1048 const ethernet_arp_header_t *arp0;
1049 arp_input_next_t next0;
1053 pi0 = to_next[0] = from[0];
1057 n_left_to_next -= 1;
1059 p0 = vlib_get_buffer (vm, pi0);
1060 arp0 = vlib_buffer_get_current (p0);
1062 error0 = ETHERNET_ARP_ERROR_replies_sent;
1063 next0 = ARP_INPUT_NEXT_DROP;
1067 clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet) ?
1068 ETHERNET_ARP_ERROR_l2_type_not_ethernet : error0);
1071 clib_net_to_host_u16 (ETHERNET_TYPE_IP4) ?
1072 ETHERNET_ARP_ERROR_l3_type_not_ip4 : error0);
1074 (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ?
1075 ETHERNET_ARP_ERROR_l3_dst_address_unset : error0);
1077 if (ETHERNET_ARP_ERROR_replies_sent == error0)
1078 vnet_feature_arc_start (am->feature_arc_index,
1079 vnet_buffer (p0)->sw_if_index[VLIB_RX],
1082 p0->error = node->errors[error0];
1084 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1085 n_left_to_next, pi0, next0);
1088 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1091 return frame->n_vectors;
1094 static_always_inline u32
1095 arp_mk_reply (vnet_main_t * vnm,
1098 const ip4_address_t * if_addr0,
1099 ethernet_arp_header_t * arp0, ethernet_header_t * eth_rx)
1101 vnet_hw_interface_t *hw_if0;
1102 u8 *rewrite0, rewrite0_len;
1103 ethernet_header_t *eth_tx;
1107 An adjacency to the sender is not always present,
1108 so we use the interface to build us a rewrite string
1109 which will contain all the necessary tags. */
1110 rewrite0 = ethernet_build_rewrite (vnm, sw_if_index0,
1111 VNET_LINK_ARP, eth_rx->src_address);
1112 rewrite0_len = vec_len (rewrite0);
1114 /* Figure out how much to rewind current data from adjacency. */
1115 vlib_buffer_advance (p0, -rewrite0_len);
1116 eth_tx = vlib_buffer_get_current (p0);
1118 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1119 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1121 /* Send reply back through input interface */
1122 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1123 next0 = ARP_REPLY_NEXT_REPLY_TX;
1125 arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
1127 arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
1129 mac_address_from_bytes (&arp0->ip4_over_ethernet[0].mac,
1130 hw_if0->hw_address);
1131 clib_mem_unaligned (&arp0->ip4_over_ethernet[0].ip4.data_u32, u32) =
1134 /* Hardware must be ethernet-like. */
1135 ASSERT (vec_len (hw_if0->hw_address) == 6);
1137 /* the rx nd tx ethernet headers wil overlap in the case
1138 * when we received a tagged VLAN=0 packet, but we are sending
1140 clib_memcpy_fast (eth_tx, rewrite0, vec_len (rewrite0));
1141 vec_free (rewrite0);
1147 arp_reply (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1149 ethernet_arp_main_t *am = ðernet_arp_main;
1150 vnet_main_t *vnm = vnet_get_main ();
1151 u32 n_left_from, next_index, *from, *to_next;
1152 u32 n_replies_sent = 0;
1154 from = vlib_frame_vector_args (frame);
1155 n_left_from = frame->n_vectors;
1156 next_index = node->cached_next_index;
1158 if (node->flags & VLIB_NODE_FLAG_TRACE)
1159 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
1161 sizeof (ethernet_arp_input_trace_t));
1163 while (n_left_from > 0)
1167 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1169 while (n_left_from > 0 && n_left_to_next > 0)
1172 ethernet_arp_header_t *arp0;
1173 ethernet_header_t *eth_rx;
1174 const ip4_address_t *if_addr0;
1175 u32 pi0, error0, next0, sw_if_index0, conn_sw_if_index0, fib_index0;
1176 u8 dst_is_local0, is_unnum0, is_vrrp_reply0;
1177 fib_node_index_t dst_fei, src_fei;
1178 const fib_prefix_t *pfx0;
1179 fib_entry_flag_t src_flags, dst_flags;
1186 n_left_to_next -= 1;
1188 p0 = vlib_get_buffer (vm, pi0);
1189 arp0 = vlib_buffer_get_current (p0);
1190 /* Fill in ethernet header. */
1191 eth_rx = ethernet_buffer_get_header (p0);
1193 next0 = ARP_REPLY_NEXT_DROP;
1194 error0 = ETHERNET_ARP_ERROR_replies_sent;
1195 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1197 /* Check that IP address is local and matches incoming interface. */
1198 fib_index0 = ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
1199 if (~0 == fib_index0)
1201 error0 = ETHERNET_ARP_ERROR_interface_no_table;
1205 dst_fei = ip4_fib_table_lookup (ip4_fib_get (fib_index0),
1206 &arp0->ip4_over_ethernet[1].ip4,
1208 dst_flags = fib_entry_get_flags (dst_fei);
1210 conn_sw_if_index0 = fib_entry_get_resolving_interface (dst_fei);
1212 /* Honor unnumbered interface, if any */
1213 is_unnum0 = sw_if_index0 != conn_sw_if_index0;
1217 * we're looking for FIB entries that indicate the source
1218 * is attached. There may be more specific non-attached
1219 * routes that match the source, but these do not influence
1220 * whether we respond to an ARP request, i.e. they do not
1221 * influence whether we are the correct way for the sender
1222 * to reach us, they only affect how we reach the sender.
1224 fib_entry_t *src_fib_entry;
1225 const fib_prefix_t *pfx;
1226 fib_entry_src_t *src;
1227 fib_source_t source;
1236 src_fei = ip4_fib_table_lookup (ip4_fib_get (fib_index0),
1238 ip4_over_ethernet[0].ip4,
1240 src_fib_entry = fib_entry_get (src_fei);
1243 * It's possible that the source that provides the
1244 * flags we need, or the flags we must not have,
1245 * is not the best source, so check then all.
1248 FOR_EACH_SRC_ADDED(src_fib_entry, src, source,
1250 src_flags = fib_entry_get_flags_for_source (src_fei, source);
1252 /* Reject requests/replies with our local interface
1254 if (FIB_ENTRY_FLAG_LOCAL & src_flags)
1256 error0 = ETHERNET_ARP_ERROR_l3_src_address_is_local;
1258 * When VPP has an interface whose address is also
1259 * applied to a TAP interface on the host, then VPP's
1260 * TAP interface will be unnumbered to the 'real'
1261 * interface and do proxy ARP from the host.
1262 * The curious aspect of this setup is that ARP requests
1263 * from the host will come from the VPP's own address.
1264 * So don't drop immediately here, instead go see if this
1265 * is a proxy ARP case.
1269 /* A Source must also be local to subnet of matching
1270 * interface address. */
1271 if ((FIB_ENTRY_FLAG_ATTACHED & src_flags) ||
1272 (FIB_ENTRY_FLAG_CONNECTED & src_flags))
1279 * The packet was sent from an address that is not
1280 * connected nor attached i.e. it is not from an
1281 * address that is covered by a link's sub-net,
1282 * nor is it a already learned host resp.
1288 * shorter mask lookup for the next iteration.
1290 pfx = fib_entry_get_prefix (src_fei);
1291 mask = pfx->fp_len - 1;
1294 * continue until we hit the default route or we find
1295 * the attached we are looking for. The most likely
1296 * outcome is we find the attached with the first source
1297 * on the first lookup.
1301 !fib_entry_is_sourced (src_fei, FIB_SOURCE_DEFAULT_ROUTE));
1306 * the matching route is a not attached, i.e. it was
1307 * added as a result of routing, rather than interface/ARP
1308 * configuration. If the matching route is not a host route
1311 error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
1316 if (fib_entry_is_sourced (dst_fei, FIB_SOURCE_ADJ))
1319 * We matched an adj-fib on ths source subnet (a /32 previously
1320 * added as a result of ARP). If this request is a gratuitous
1321 * ARP, then learn from it.
1322 * The check for matching an adj-fib, is to prevent hosts
1323 * from spamming us with gratuitous ARPS that might otherwise
1324 * blow our ARP cache
1326 if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
1327 arp0->ip4_over_ethernet[1].ip4.as_u32)
1328 error0 = arp_learn (vnm, am, sw_if_index0,
1329 &arp0->ip4_over_ethernet[0]);
1332 else if (!(FIB_ENTRY_FLAG_CONNECTED & dst_flags))
1334 error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
1338 if (sw_if_index0 != fib_entry_get_resolving_interface (src_fei))
1341 * The interface the ARP was received on is not the interface
1342 * on which the covering prefix is configured. Maybe this is a
1343 * case for unnumbered.
1348 dst_is_local0 = (FIB_ENTRY_FLAG_LOCAL & dst_flags);
1349 pfx0 = fib_entry_get_prefix (dst_fei);
1350 if_addr0 = &pfx0->fp_addr.ip4;
1354 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
1357 (arp0->ip4_over_ethernet[0].mac.bytes, vrrp_prefix,
1358 sizeof (vrrp_prefix))));
1360 /* Trash ARP packets whose ARP-level source addresses do not
1361 match their L2-frame-level source addresses, unless it's
1362 a reply from a VRRP virtual router */
1363 if (!ethernet_mac_address_equal
1364 (eth_rx->src_address,
1365 arp0->ip4_over_ethernet[0].mac.bytes) && !is_vrrp_reply0)
1367 error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
1371 /* Learn or update sender's mapping only for replies to addresses
1372 * that are local to the subnet */
1374 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
1377 error0 = arp_learn (vnm, am, sw_if_index0,
1378 &arp0->ip4_over_ethernet[0]);
1380 /* a reply for a non-local destination could be a GARP.
1381 * GARPs for hosts we know were handled above, so this one
1383 error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
1387 else if (arp0->opcode ==
1388 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request) &&
1389 (dst_is_local0 == 0))
1395 if (!arp_unnumbered (p0, sw_if_index0, conn_sw_if_index0))
1397 error0 = ETHERNET_ARP_ERROR_unnumbered_mismatch;
1401 if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
1402 arp0->ip4_over_ethernet[1].ip4.as_u32)
1404 error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
1408 next0 = arp_mk_reply (vnm, p0, sw_if_index0,
1409 if_addr0, arp0, eth_rx);
1411 /* We are going to reply to this request, so, in the absence of
1412 errors, learn the sender */
1414 error0 = arp_learn (vnm, am, sw_if_index0,
1415 &arp0->ip4_over_ethernet[1]);
1417 n_replies_sent += 1;
1421 vnet_feature_next (&next0, p0);
1425 p0->error = node->errors[error0];
1428 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1429 n_left_to_next, pi0, next0);
1432 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1435 vlib_error_count (vm, node->node_index,
1436 ETHERNET_ARP_ERROR_replies_sent, n_replies_sent);
1438 return frame->n_vectors;
1442 arp_proxy (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1444 ethernet_arp_main_t *am = ðernet_arp_main;
1445 vnet_main_t *vnm = vnet_get_main ();
1446 u32 n_left_from, next_index, *from, *to_next;
1447 u32 n_arp_replies_sent = 0;
1449 from = vlib_frame_vector_args (frame);
1450 n_left_from = frame->n_vectors;
1451 next_index = node->cached_next_index;
1453 if (node->flags & VLIB_NODE_FLAG_TRACE)
1454 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
1456 sizeof (ethernet_arp_input_trace_t));
1458 while (n_left_from > 0)
1462 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1464 while (n_left_from > 0 && n_left_to_next > 0)
1467 ethernet_arp_header_t *arp0;
1468 ethernet_header_t *eth_rx;
1469 ip4_address_t proxy_src;
1470 u32 pi0, error0, next0, sw_if_index0, fib_index0;
1472 ethernet_proxy_arp_t *pa;
1479 n_left_to_next -= 1;
1481 p0 = vlib_get_buffer (vm, pi0);
1482 arp0 = vlib_buffer_get_current (p0);
1483 /* Fill in ethernet header. */
1484 eth_rx = ethernet_buffer_get_header (p0);
1486 is_request0 = arp0->opcode
1487 == clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request);
1489 error0 = ETHERNET_ARP_ERROR_replies_sent;
1490 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1491 next0 = ARP_REPLY_NEXT_DROP;
1493 fib_index0 = ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
1494 if (~0 == fib_index0)
1496 error0 = ETHERNET_ARP_ERROR_interface_no_table;
1499 if (0 == error0 && is_request0)
1501 u32 this_addr = clib_net_to_host_u32
1502 (arp0->ip4_over_ethernet[1].ip4.as_u32);
1504 vec_foreach (pa, am->proxy_arps)
1506 u32 lo_addr = clib_net_to_host_u32 (pa->lo_addr.as_u32);
1507 u32 hi_addr = clib_net_to_host_u32 (pa->hi_addr.as_u32);
1509 /* an ARP request hit in the proxy-arp table? */
1510 if ((this_addr >= lo_addr && this_addr <= hi_addr) &&
1511 (fib_index0 == pa->fib_index))
1514 arp0->ip4_over_ethernet[1].ip4.data_u32;
1517 * change the interface address to the proxied
1519 n_arp_replies_sent++;
1522 arp_mk_reply (vnm, p0, sw_if_index0, &proxy_src, arp0,
1529 p0->error = node->errors[error0];
1532 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1533 n_left_to_next, pi0, next0);
1536 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1539 vlib_error_count (vm, node->node_index,
1540 ETHERNET_ARP_ERROR_replies_sent, n_arp_replies_sent);
1542 return frame->n_vectors;
1545 static char *ethernet_arp_error_strings[] = {
1546 #define _(sym,string) string,
1547 foreach_ethernet_arp_error
1553 /* Built-in ARP rx feature path definition */
1554 VNET_FEATURE_ARC_INIT (arp_feat, static) =
1557 .start_nodes = VNET_FEATURES ("arp-input"),
1558 .last_in_arc = "error-drop",
1559 .arc_index_ptr = ðernet_arp_main.feature_arc_index,
1562 VLIB_REGISTER_NODE (arp_input_node, static) =
1564 .function = arp_input,
1565 .name = "arp-input",
1566 .vector_size = sizeof (u32),
1567 .n_errors = ETHERNET_ARP_N_ERROR,
1568 .error_strings = ethernet_arp_error_strings,
1569 .n_next_nodes = ARP_INPUT_N_NEXT,
1571 [ARP_INPUT_NEXT_DROP] = "error-drop",
1573 .format_buffer = format_ethernet_arp_header,
1574 .format_trace = format_ethernet_arp_input_trace,
1577 VLIB_REGISTER_NODE (arp_reply_node, static) =
1579 .function = arp_reply,
1580 .name = "arp-reply",
1581 .vector_size = sizeof (u32),
1582 .n_errors = ETHERNET_ARP_N_ERROR,
1583 .error_strings = ethernet_arp_error_strings,
1584 .n_next_nodes = ARP_REPLY_N_NEXT,
1586 [ARP_REPLY_NEXT_DROP] = "error-drop",
1587 [ARP_REPLY_NEXT_REPLY_TX] = "interface-output",
1589 .format_buffer = format_ethernet_arp_header,
1590 .format_trace = format_ethernet_arp_input_trace,
1593 VLIB_REGISTER_NODE (arp_proxy_node, static) =
1595 .function = arp_proxy,
1596 .name = "arp-proxy",
1597 .vector_size = sizeof (u32),
1598 .n_errors = ETHERNET_ARP_N_ERROR,
1599 .error_strings = ethernet_arp_error_strings,
1600 .n_next_nodes = ARP_REPLY_N_NEXT,
1602 [ARP_REPLY_NEXT_DROP] = "error-drop",
1603 [ARP_REPLY_NEXT_REPLY_TX] = "interface-output",
1605 .format_buffer = format_ethernet_arp_header,
1606 .format_trace = format_ethernet_arp_input_trace,
1609 VNET_FEATURE_INIT (arp_reply_feat_node, static) =
1612 .node_name = "arp-reply",
1613 .runs_before = VNET_FEATURES ("error-drop"),
1616 VNET_FEATURE_INIT (arp_proxy_feat_node, static) =
1619 .node_name = "arp-proxy",
1620 .runs_after = VNET_FEATURES ("arp-reply"),
1621 .runs_before = VNET_FEATURES ("error-drop"),
1624 VNET_FEATURE_INIT (arp_drop_feat_node, static) =
1627 .node_name = "error-drop",
1633 ip4_arp_entry_sort (void *a1, void *a2)
1635 ethernet_arp_ip4_entry_t *e1 = a1;
1636 ethernet_arp_ip4_entry_t *e2 = a2;
1639 vnet_main_t *vnm = vnet_get_main ();
1641 cmp = vnet_sw_interface_compare (vnm, e1->sw_if_index, e2->sw_if_index);
1643 cmp = ip4_address_compare (&e1->ip4_address, &e2->ip4_address);
1647 ethernet_arp_ip4_entry_t *
1648 ip4_neighbors_pool (void)
1650 ethernet_arp_main_t *am = ðernet_arp_main;
1651 return am->ip4_entry_pool;
1654 ethernet_arp_ip4_entry_t *
1655 ip4_neighbor_entries (u32 sw_if_index)
1657 ethernet_arp_main_t *am = ðernet_arp_main;
1658 ethernet_arp_ip4_entry_t *n, *ns = 0;
1661 pool_foreach (n, am->ip4_entry_pool, ({
1662 if (sw_if_index != ~0 && n->sw_if_index != sw_if_index)
1664 vec_add1 (ns, n[0]);
1669 vec_sort_with_function (ns, ip4_arp_entry_sort);
1673 static clib_error_t *
1674 show_ip4_arp (vlib_main_t * vm,
1675 unformat_input_t * input, vlib_cli_command_t * cmd)
1677 vnet_main_t *vnm = vnet_get_main ();
1678 ethernet_arp_main_t *am = ðernet_arp_main;
1679 ethernet_arp_ip4_entry_t *e, *es;
1680 ethernet_proxy_arp_t *pa;
1681 clib_error_t *error = 0;
1684 /* Filter entries by interface if given. */
1686 (void) unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index);
1688 es = ip4_neighbor_entries (sw_if_index);
1691 vlib_cli_output (vm, "%U", format_ethernet_arp_ip4_entry, vnm, 0);
1694 vlib_cli_output (vm, "%U", format_ethernet_arp_ip4_entry, vnm, e);
1699 if (vec_len (am->proxy_arps))
1701 vlib_cli_output (vm, "Proxy arps enabled for:");
1702 vec_foreach (pa, am->proxy_arps)
1704 vlib_cli_output (vm, "Fib_index %d %U - %U ",
1706 format_ip4_address, &pa->lo_addr,
1707 format_ip4_address, &pa->hi_addr);
1715 * Display all the IPv4 ARP entries.
1718 * Example of how to display the IPv4 ARP table:
1719 * @cliexstart{show ip arp}
1720 * Time FIB IP4 Flags Ethernet Interface
1721 * 346.3028 0 6.1.1.3 de:ad:be:ef:ba:be GigabitEthernet2/0/0
1722 * 3077.4271 0 6.1.1.4 S de:ad:be:ef:ff:ff GigabitEthernet2/0/0
1723 * 2998.6409 1 6.2.2.3 de:ad:be:ef:00:01 GigabitEthernet2/0/0
1724 * Proxy arps enabled for:
1725 * Fib_index 0 6.0.0.1 - 6.0.0.11
1729 VLIB_CLI_COMMAND (show_ip4_arp_command, static) = {
1730 .path = "show ip arp",
1731 .function = show_ip4_arp,
1732 .short_help = "show ip arp",
1738 pg_edit_t l2_type, l3_type;
1739 pg_edit_t n_l2_address_bytes, n_l3_address_bytes;
1745 } ip4_over_ethernet[2];
1746 } pg_ethernet_arp_header_t;
1749 pg_ethernet_arp_header_init (pg_ethernet_arp_header_t * p)
1751 /* Initialize fields that are not bit fields in the IP header. */
1752 #define _(f) pg_edit_init (&p->f, ethernet_arp_header_t, f);
1755 _(n_l2_address_bytes);
1756 _(n_l3_address_bytes);
1758 _(ip4_over_ethernet[0].mac);
1759 _(ip4_over_ethernet[0].ip4);
1760 _(ip4_over_ethernet[1].mac);
1761 _(ip4_over_ethernet[1].ip4);
1766 unformat_pg_arp_header (unformat_input_t * input, va_list * args)
1768 pg_stream_t *s = va_arg (*args, pg_stream_t *);
1769 pg_ethernet_arp_header_t *p;
1772 p = pg_create_edit_group (s, sizeof (p[0]), sizeof (ethernet_arp_header_t),
1774 pg_ethernet_arp_header_init (p);
1777 pg_edit_set_fixed (&p->l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
1778 pg_edit_set_fixed (&p->l3_type, ETHERNET_TYPE_IP4);
1779 pg_edit_set_fixed (&p->n_l2_address_bytes, 6);
1780 pg_edit_set_fixed (&p->n_l3_address_bytes, 4);
1782 if (!unformat (input, "%U: %U/%U -> %U/%U",
1784 unformat_ethernet_arp_opcode_net_byte_order, &p->opcode,
1786 unformat_mac_address_t, &p->ip4_over_ethernet[0].mac,
1788 unformat_ip4_address, &p->ip4_over_ethernet[0].ip4,
1790 unformat_mac_address_t, &p->ip4_over_ethernet[1].mac,
1792 unformat_ip4_address, &p->ip4_over_ethernet[1].ip4))
1794 /* Free up any edits we may have added. */
1795 pg_free_edit_group (s);
1802 ip4_set_arp_limit (u32 arp_limit)
1804 ethernet_arp_main_t *am = ðernet_arp_main;
1806 am->limit_arp_cache_size = arp_limit;
1811 * @brief Control Plane hook to remove an ARP entry
1814 vnet_arp_unset_ip4_over_ethernet (vnet_main_t * vnm,
1817 ethernet_arp_ip4_over_ethernet_address_t *
1820 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
1821 .sw_if_index = sw_if_index,
1822 .flags = ETHERNET_ARP_ARGS_REMOVE,
1827 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
1828 (u8 *) & args, sizeof (args));
1833 * @brief publish wildcard arp event
1834 * @param sw_if_index The interface on which the ARP entries are acted
1837 vnet_arp_wc_publish (u32 sw_if_index,
1838 const ethernet_arp_ip4_over_ethernet_address_t * a)
1840 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
1841 .flags = ETHERNET_ARP_ARGS_WC_PUB,
1842 .sw_if_index = sw_if_index,
1847 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
1848 (u8 *) & args, sizeof (args));
1853 vnet_arp_wc_publish_internal (vnet_main_t * vnm,
1854 vnet_arp_set_ip4_over_ethernet_rpc_args_t *
1857 vlib_main_t *vm = vlib_get_main ();
1858 ethernet_arp_main_t *am = ðernet_arp_main;
1859 uword ni = am->wc_ip4_arp_publisher_node;
1860 uword et = am->wc_ip4_arp_publisher_et;
1862 if (ni == (uword) ~ 0)
1864 wc_arp_report_t *r =
1865 vlib_process_signal_event_data (vm, ni, et, 1, sizeof *r);
1866 r->ip.as_u32 = args->ip4.as_u32;
1867 r->sw_if_index = args->sw_if_index;
1868 mac_address_copy (&r->mac, &args->mac);
1872 wc_arp_set_publisher_node (uword node_index, uword event_type)
1874 ethernet_arp_main_t *am = ðernet_arp_main;
1875 am->wc_ip4_arp_publisher_node = node_index;
1876 am->wc_ip4_arp_publisher_et = event_type;
1880 arp_entry_free (ethernet_arp_interface_t * eai, ethernet_arp_ip4_entry_t * e);
1883 vnet_arp_flush_ip4_over_ethernet_internal (vnet_main_t * vnm,
1884 vnet_arp_set_ip4_over_ethernet_rpc_args_t
1887 ethernet_arp_main_t *am = ðernet_arp_main;
1888 ethernet_arp_ip4_entry_t *e;
1889 ethernet_arp_interface_t *eai;
1891 if (vec_len (am->ethernet_arp_by_sw_if_index) <= args->sw_if_index)
1894 eai = &am->ethernet_arp_by_sw_if_index[args->sw_if_index];
1896 e = arp_entry_find (eai, &args->ip4);
1900 adj_nbr_walk_nh4 (e->sw_if_index,
1901 &e->ip4_address, arp_mk_incomplete_walk, e);
1904 * The difference between flush and unset, is that an unset
1905 * means delete for static and dynamic entries. A flush
1906 * means delete only for dynamic. Flushing is what the DP
1907 * does in response to interface events. unset is only done
1908 * by the control plane.
1910 if (e->flags & IP_NEIGHBOR_FLAG_STATIC)
1912 e->flags &= ~IP_NEIGHBOR_FLAG_DYNAMIC;
1914 else if (e->flags & IP_NEIGHBOR_FLAG_DYNAMIC)
1916 arp_entry_free (eai, e);
1923 * arp_add_del_interface_address
1925 * callback when an interface address is added or deleted
1928 arp_enable_disable_interface (ip4_main_t * im,
1929 uword opaque, u32 sw_if_index, u32 is_enable)
1931 ethernet_arp_main_t *am = ðernet_arp_main;
1934 arp_enable (am, sw_if_index);
1936 arp_disable (am, sw_if_index);
1940 * arp_add_del_interface_address
1942 * callback when an interface address is added or deleted
1945 arp_add_del_interface_address (ip4_main_t * im,
1948 ip4_address_t * address,
1950 u32 if_address_index, u32 is_del)
1953 * Flush the ARP cache of all entries covered by the address
1954 * that is being removed.
1956 ethernet_arp_main_t *am = ðernet_arp_main;
1957 ethernet_arp_ip4_entry_t *e;
1959 if (vec_len (am->ethernet_arp_by_sw_if_index) <= sw_if_index)
1964 ethernet_arp_interface_t *eai;
1965 u32 i, *to_delete = 0;
1968 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
1971 hash_foreach_pair (pair, eai->arp_entries,
1973 e = pool_elt_at_index(am->ip4_entry_pool,
1975 if (ip4_destination_matches_route (im, &e->ip4_address,
1976 address, address_length))
1978 vec_add1 (to_delete, e - am->ip4_entry_pool);
1983 for (i = 0; i < vec_len (to_delete); i++)
1985 e = pool_elt_at_index (am->ip4_entry_pool, to_delete[i]);
1987 vnet_arp_set_ip4_over_ethernet_rpc_args_t delme = {
1988 .ip4.as_u32 = e->ip4_address.as_u32,
1989 .sw_if_index = e->sw_if_index,
1990 .flags = ETHERNET_ARP_ARGS_FLUSH,
1992 mac_address_copy (&delme.mac, &e->mac);
1994 vnet_arp_flush_ip4_over_ethernet_internal (vnet_get_main (),
1998 vec_free (to_delete);
2003 arp_table_bind (ip4_main_t * im,
2005 u32 sw_if_index, u32 new_fib_index, u32 old_fib_index)
2007 ethernet_arp_main_t *am = ðernet_arp_main;
2008 ethernet_arp_interface_t *eai;
2009 ethernet_arp_ip4_entry_t *e;
2013 * the IP table that the interface is bound to has changed.
2014 * reinstall all the adj fibs.
2017 if (vec_len (am->ethernet_arp_by_sw_if_index) <= sw_if_index)
2020 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
2023 hash_foreach_pair (pair, eai->arp_entries,
2025 e = pool_elt_at_index(am->ip4_entry_pool,
2028 * remove the adj-fib from the old table and add to the new
2030 arp_adj_fib_remove(e, old_fib_index);
2031 arp_adj_fib_add(e, new_fib_index);
2037 static clib_error_t *
2038 ethernet_arp_init (vlib_main_t * vm)
2040 ethernet_arp_main_t *am = ðernet_arp_main;
2041 ip4_main_t *im = &ip4_main;
2044 ethernet_register_input_type (vm, ETHERNET_TYPE_ARP, arp_input_node.index);
2046 pn = pg_get_node (arp_input_node.index);
2047 pn->unformat_edit = unformat_pg_arp_header;
2049 am->opcode_by_name = hash_create_string (0, sizeof (uword));
2050 #define _(o) hash_set_mem (am->opcode_by_name, #o, ETHERNET_ARP_OPCODE_##o);
2051 foreach_ethernet_arp_opcode;
2054 /* $$$ configurable */
2055 am->limit_arp_cache_size = 50000;
2057 am->pending_resolutions_by_address = hash_create (0, sizeof (uword));
2058 am->mac_changes_by_address = hash_create (0, sizeof (uword));
2059 am->wc_ip4_arp_publisher_node = (uword) ~ 0;
2061 /* don't trace ARP error packets */
2063 vlib_node_runtime_t *rt =
2064 vlib_node_get_runtime (vm, arp_input_node.index);
2067 vnet_pcap_drop_trace_filter_add_del \
2068 (rt->errors[ETHERNET_ARP_ERROR_##a], \
2070 foreach_ethernet_arp_error
2074 ip4_add_del_interface_address_callback_t cb;
2075 cb.function = arp_add_del_interface_address;
2076 cb.function_opaque = 0;
2077 vec_add1 (im->add_del_interface_address_callbacks, cb);
2079 ip4_enable_disable_interface_callback_t cbe;
2080 cbe.function = arp_enable_disable_interface;
2081 cbe.function_opaque = 0;
2082 vec_add1 (im->enable_disable_interface_callbacks, cbe);
2084 ip4_table_bind_callback_t cbt;
2085 cbt.function = arp_table_bind;
2086 cbt.function_opaque = 0;
2087 vec_add1 (im->table_bind_callbacks, cbt);
2092 VLIB_INIT_FUNCTION (ethernet_arp_init) =
2094 .runs_after = VLIB_INITS("ethernet_init"),
2099 arp_entry_free (ethernet_arp_interface_t * eai, ethernet_arp_ip4_entry_t * e)
2101 ethernet_arp_main_t *am = ðernet_arp_main;
2104 (e, ip4_fib_table_get_index_for_sw_if_index (e->sw_if_index));
2105 hash_unset (eai->arp_entries, e->ip4_address.as_u32);
2106 pool_put (am->ip4_entry_pool, e);
2110 vnet_arp_unset_ip4_over_ethernet_internal (vnet_main_t * vnm,
2111 vnet_arp_set_ip4_over_ethernet_rpc_args_t
2114 ethernet_arp_main_t *am = ðernet_arp_main;
2115 ethernet_arp_ip4_entry_t *e;
2116 ethernet_arp_interface_t *eai;
2118 if (vec_len (am->ethernet_arp_by_sw_if_index) <= args->sw_if_index)
2121 eai = &am->ethernet_arp_by_sw_if_index[args->sw_if_index];
2123 e = arp_entry_find (eai, &args->ip4);
2127 adj_nbr_walk_nh4 (e->sw_if_index,
2128 &e->ip4_address, arp_mk_incomplete_walk, e);
2129 arp_entry_free (eai, e);
2137 vnet_arp_populate_ip4_over_ethernet_internal (vnet_main_t * vnm,
2138 vnet_arp_set_ip4_over_ethernet_rpc_args_t
2141 ethernet_arp_main_t *am = ðernet_arp_main;
2142 ethernet_arp_ip4_entry_t *e;
2143 ethernet_arp_interface_t *eai;
2145 arp_enable (am, args->sw_if_index);
2146 eai = &am->ethernet_arp_by_sw_if_index[args->sw_if_index];
2148 e = arp_entry_find (eai, &args->ip4);
2152 adj_nbr_walk_nh4 (e->sw_if_index,
2153 &e->ip4_address, arp_mk_complete_walk, e);
2159 set_ip4_over_ethernet_rpc_callback (vnet_arp_set_ip4_over_ethernet_rpc_args_t
2162 vnet_main_t *vm = vnet_get_main ();
2163 ASSERT (vlib_get_thread_index () == 0);
2165 if (a->flags & ETHERNET_ARP_ARGS_REMOVE)
2166 vnet_arp_unset_ip4_over_ethernet_internal (vm, a);
2167 else if (a->flags & ETHERNET_ARP_ARGS_FLUSH)
2168 vnet_arp_flush_ip4_over_ethernet_internal (vm, a);
2169 else if (a->flags & ETHERNET_ARP_ARGS_POPULATE)
2170 vnet_arp_populate_ip4_over_ethernet_internal (vm, a);
2171 else if (a->flags & ETHERNET_ARP_ARGS_WC_PUB)
2172 vnet_arp_wc_publish_internal (vm, a);
2174 vnet_arp_set_ip4_over_ethernet_internal (vm, a);
2178 * @brief Invoked when the interface's admin state changes
2180 static clib_error_t *
2181 ethernet_arp_sw_interface_up_down (vnet_main_t * vnm,
2182 u32 sw_if_index, u32 flags)
2184 ethernet_arp_main_t *am = ðernet_arp_main;
2185 ethernet_arp_ip4_entry_t *e;
2186 u32 i, *to_update = 0;
2189 pool_foreach (e, am->ip4_entry_pool,
2191 if (e->sw_if_index == sw_if_index)
2192 vec_add1 (to_update,
2193 e - am->ip4_entry_pool);
2197 for (i = 0; i < vec_len (to_update); i++)
2199 e = pool_elt_at_index (am->ip4_entry_pool, to_update[i]);
2201 vnet_arp_set_ip4_over_ethernet_rpc_args_t update_me = {
2202 .ip4.as_u32 = e->ip4_address.as_u32,
2203 .sw_if_index = e->sw_if_index,
2205 mac_address_copy (&update_me.mac, &e->mac);
2207 if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
2209 update_me.flags = ETHERNET_ARP_ARGS_POPULATE;
2210 vnet_arp_populate_ip4_over_ethernet_internal (vnm, &update_me);
2214 update_me.flags = ETHERNET_ARP_ARGS_FLUSH;
2215 vnet_arp_flush_ip4_over_ethernet_internal (vnm, &update_me);
2218 vec_free (to_update);
2223 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ethernet_arp_sw_interface_up_down);
2226 increment_ip4_and_mac_address (ethernet_arp_ip4_over_ethernet_address_t * a)
2231 for (i = 3; i >= 0; i--)
2233 old = a->ip4.as_u8[i];
2234 a->ip4.as_u8[i] += 1;
2235 if (old < a->ip4.as_u8[i])
2239 for (i = 5; i >= 0; i--)
2241 old = a->mac.bytes[i];
2242 a->mac.bytes[i] += 1;
2243 if (old < a->mac.bytes[i])
2249 vnet_arp_set_ip4_over_ethernet (vnet_main_t * vnm,
2251 const ethernet_arp_ip4_over_ethernet_address_t
2252 * a, ip_neighbor_flags_t flags)
2254 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
2255 .sw_if_index = sw_if_index,
2258 .ip4.as_u32 = a->ip4.as_u32,
2262 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
2263 (u8 *) & args, sizeof (args));
2268 proxy_arp_walk (proxy_arp_walk_t cb, void *data)
2270 ethernet_arp_main_t *am = ðernet_arp_main;
2271 ethernet_proxy_arp_t *pa;
2273 vec_foreach (pa, am->proxy_arps)
2275 if (!cb (&pa->lo_addr, &pa->hi_addr, pa->fib_index, data))
2281 vnet_proxy_arp_enable_disable (vnet_main_t * vnm, u32 sw_if_index, u8 enable)
2283 ethernet_arp_main_t *am = ðernet_arp_main;
2284 ethernet_arp_interface_t *eai;
2286 vec_validate (am->ethernet_arp_by_sw_if_index, sw_if_index);
2288 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
2292 if (!eai->proxy_enabled)
2294 vnet_feature_enable_disable ("arp", "arp-proxy",
2295 sw_if_index, 1, NULL, 0);
2297 eai->proxy_enabled = 1;
2301 if (eai->proxy_enabled)
2303 vnet_feature_enable_disable ("arp", "arp-proxy",
2304 sw_if_index, 0, NULL, 0);
2306 eai->proxy_enabled = 0;
2313 vnet_proxy_arp_add_del (ip4_address_t * lo_addr,
2314 ip4_address_t * hi_addr, u32 fib_index, int is_del)
2316 ethernet_arp_main_t *am = ðernet_arp_main;
2317 ethernet_proxy_arp_t *pa;
2318 u32 found_at_index = ~0;
2320 vec_foreach (pa, am->proxy_arps)
2322 if (pa->lo_addr.as_u32 == lo_addr->as_u32 &&
2323 pa->hi_addr.as_u32 == hi_addr->as_u32 && pa->fib_index == fib_index)
2325 found_at_index = pa - am->proxy_arps;
2330 if (found_at_index != ~0)
2332 /* Delete, otherwise it's already in the table */
2334 vec_delete (am->proxy_arps, 1, found_at_index);
2337 /* delete, no such entry */
2339 return VNET_API_ERROR_NO_SUCH_ENTRY;
2341 /* add, not in table */
2342 vec_add2 (am->proxy_arps, pa, 1);
2343 pa->lo_addr.as_u32 = lo_addr->as_u32;
2344 pa->hi_addr.as_u32 = hi_addr->as_u32;
2345 pa->fib_index = fib_index;
2350 proxy_arp_intfc_walk (proxy_arp_intf_walk_t cb, void *data)
2352 ethernet_arp_main_t *am = ðernet_arp_main;
2353 ethernet_arp_interface_t *eai;
2355 vec_foreach (eai, am->ethernet_arp_by_sw_if_index)
2357 if (eai->proxy_enabled)
2358 cb (eai - am->ethernet_arp_by_sw_if_index, data);
2363 * Remove any proxy arp entries associated with the
2367 vnet_proxy_arp_fib_reset (u32 fib_id)
2369 ethernet_arp_main_t *am = ðernet_arp_main;
2370 ethernet_proxy_arp_t *pa;
2371 u32 *entries_to_delete = 0;
2375 fib_index = fib_table_find (FIB_PROTOCOL_IP4, fib_id);
2376 if (~0 == fib_index)
2377 return VNET_API_ERROR_NO_SUCH_ENTRY;
2379 vec_foreach (pa, am->proxy_arps)
2381 if (pa->fib_index == fib_index)
2383 vec_add1 (entries_to_delete, pa - am->proxy_arps);
2387 for (i = 0; i < vec_len (entries_to_delete); i++)
2389 vec_delete (am->proxy_arps, 1, entries_to_delete[i]);
2392 vec_free (entries_to_delete);
2397 static clib_error_t *
2398 ip_arp_add_del_command_fn (vlib_main_t * vm,
2399 unformat_input_t * input, vlib_cli_command_t * cmd)
2401 vnet_main_t *vnm = vnet_get_main ();
2403 ethernet_arp_ip4_over_ethernet_address_t lo_addr, hi_addr, addr;
2410 ip_neighbor_flags_t flags;
2412 flags = IP_NEIGHBOR_FLAG_NONE;
2414 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2416 /* set ip arp TenGigE1/1/0/1 1.2.3.4 aa:bb:... or aabb.ccdd... */
2417 if (unformat (input, "%U %U %U",
2418 unformat_vnet_sw_interface, vnm, &sw_if_index,
2419 unformat_ip4_address, &addr.ip4,
2420 unformat_mac_address_t, &addr.mac))
2423 else if (unformat (input, "delete") || unformat (input, "del"))
2426 else if (unformat (input, "static"))
2427 flags |= IP_NEIGHBOR_FLAG_STATIC;
2429 else if (unformat (input, "no-fib-entry"))
2430 flags |= IP_NEIGHBOR_FLAG_NO_FIB_ENTRY;
2432 else if (unformat (input, "count %d", &count))
2435 else if (unformat (input, "fib-id %d", &fib_id))
2437 fib_index = fib_table_find (FIB_PROTOCOL_IP4, fib_id);
2439 if (~0 == fib_index)
2440 return clib_error_return (0, "fib ID %d doesn't exist\n", fib_id);
2443 else if (unformat (input, "proxy %U - %U",
2444 unformat_ip4_address, &lo_addr.ip4,
2445 unformat_ip4_address, &hi_addr.ip4))
2453 (void) vnet_proxy_arp_add_del (&lo_addr.ip4, &hi_addr.ip4,
2462 for (i = 0; i < count; i++)
2466 uword event_type, *event_data = 0;
2468 /* Park the debug CLI until the arp entry is installed */
2469 vnet_register_ip4_arp_resolution_event
2470 (vnm, &addr.ip4, vlib_current_process (vm),
2471 1 /* type */ , 0 /* data */ );
2473 vnet_arp_set_ip4_over_ethernet (vnm, sw_if_index, &addr, flags);
2475 vlib_process_wait_for_event (vm);
2476 event_type = vlib_process_get_events (vm, &event_data);
2477 vec_reset_length (event_data);
2478 if (event_type != 1)
2479 clib_warning ("event type %d unexpected", event_type);
2482 vnet_arp_unset_ip4_over_ethernet (vnm, sw_if_index, &addr);
2484 increment_ip4_and_mac_address (&addr);
2489 return clib_error_return (0, "unknown input `%U'",
2490 format_unformat_error, input);
2498 * Add or delete IPv4 ARP cache entries.
2500 * @note 'set ip arp' options (e.g. delete, static, 'fib-id <id>',
2501 * 'count <number>', 'interface ip4_addr mac_addr') can be added in
2502 * any order and combination.
2506 * Add or delete IPv4 ARP cache entries as follows. MAC Address can be in
2507 * either aa:bb:cc:dd:ee:ff format or aabb.ccdd.eeff format.
2508 * @cliexcmd{set ip arp GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2509 * @cliexcmd{set ip arp delete GigabitEthernet2/0/0 6.0.0.3 de:ad:be:ef:ba:be}
2511 * To add or delete an IPv4 ARP cache entry to or from a specific fib
2513 * @cliexcmd{set ip arp fib-id 1 GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2514 * @cliexcmd{set ip arp fib-id 1 delete GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2516 * Add or delete IPv4 static ARP cache entries as follows:
2517 * @cliexcmd{set ip arp static GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2518 * @cliexcmd{set ip arp static delete GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2520 * For testing / debugging purposes, the 'set ip arp' command can add or
2521 * delete multiple entries. Supply the 'count N' parameter:
2522 * @cliexcmd{set ip arp count 10 GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2525 VLIB_CLI_COMMAND (ip_arp_add_del_command, static) = {
2526 .path = "set ip arp",
2528 "set ip arp [del] <intfc> <ip-address> <mac-address> [static] [no-fib-entry] [count <count>] [fib-id <fib-id>] [proxy <lo-addr> - <hi-addr>]",
2529 .function = ip_arp_add_del_command_fn,
2533 static clib_error_t *
2534 set_int_proxy_arp_command_fn (vlib_main_t * vm,
2536 input, vlib_cli_command_t * cmd)
2538 vnet_main_t *vnm = vnet_get_main ();
2544 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2546 if (unformat (input, "%U", unformat_vnet_sw_interface,
2549 else if (unformat (input, "enable") || unformat (input, "on"))
2551 else if (unformat (input, "disable") || unformat (input, "off"))
2557 if (~0 == sw_if_index)
2558 return clib_error_return (0, "unknown input '%U'",
2559 format_unformat_error, input);
2561 vnet_proxy_arp_enable_disable (vnm, sw_if_index, enable);
2568 * Enable proxy-arp on an interface. The vpp stack will answer ARP
2569 * requests for the indicated address range. Multiple proxy-arp
2570 * ranges may be provisioned.
2572 * @note Proxy ARP as a technology is infamous for blackholing traffic.
2573 * Also, the underlying implementation has not been performance-tuned.
2574 * Avoid creating an unnecessarily large set of ranges.
2577 * To enable proxy arp on a range of addresses, use:
2578 * @cliexcmd{set ip arp proxy 6.0.0.1 - 6.0.0.11}
2579 * Append 'del' to delete a range of proxy ARP addresses:
2580 * @cliexcmd{set ip arp proxy 6.0.0.1 - 6.0.0.11 del}
2581 * You must then specifically enable proxy arp on individual interfaces:
2582 * @cliexcmd{set interface proxy-arp GigabitEthernet0/8/0 enable}
2583 * To disable proxy arp on an individual interface:
2584 * @cliexcmd{set interface proxy-arp GigabitEthernet0/8/0 disable}
2586 VLIB_CLI_COMMAND (set_int_proxy_enable_command, static) = {
2587 .path = "set interface proxy-arp",
2589 "set interface proxy-arp <intfc> [enable|disable]",
2590 .function = set_int_proxy_arp_command_fn,
2596 * ARP/ND Termination in a L2 Bridge Domain based on IP4/IP6 to MAC
2597 * hash tables mac_by_ip4 and mac_by_ip6 for each BD.
2601 ARP_TERM_NEXT_L2_OUTPUT,
2606 u32 arp_term_next_node_index[32];
2609 arp_term_l2bd (vlib_main_t * vm,
2610 vlib_node_runtime_t * node, vlib_frame_t * frame)
2612 l2input_main_t *l2im = &l2input_main;
2613 u32 n_left_from, next_index, *from, *to_next;
2614 u32 n_replies_sent = 0;
2615 u16 last_bd_index = ~0;
2616 l2_bridge_domain_t *last_bd_config = 0;
2617 l2_input_config_t *cfg0;
2619 from = vlib_frame_vector_args (frame);
2620 n_left_from = frame->n_vectors;
2621 next_index = node->cached_next_index;
2623 while (n_left_from > 0)
2627 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2629 while (n_left_from > 0 && n_left_to_next > 0)
2632 ethernet_header_t *eth0;
2633 ethernet_arp_header_t *arp0;
2636 u32 pi0, error0, next0, sw_if_index0;
2647 n_left_to_next -= 1;
2649 p0 = vlib_get_buffer (vm, pi0);
2650 // Terminate only local (SHG == 0) ARP
2651 if (vnet_buffer (p0)->l2.shg != 0)
2652 goto next_l2_feature;
2654 eth0 = vlib_buffer_get_current (p0);
2655 l3h0 = (u8 *) eth0 + vnet_buffer (p0)->l2.l2_len;
2656 ethertype0 = clib_net_to_host_u16 (*(u16 *) (l3h0 - 2));
2657 arp0 = (ethernet_arp_header_t *) l3h0;
2659 if (ethertype0 != ETHERNET_TYPE_ARP)
2662 if ((arp0->opcode !=
2663 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request)) &&
2665 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply)))
2668 /* Must be ARP request/reply packet here */
2669 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
2670 (p0->flags & VLIB_BUFFER_IS_TRACED)))
2672 u8 *t0 = vlib_add_trace (vm, node, p0,
2673 sizeof (ethernet_arp_input_trace_t));
2674 clib_memcpy_fast (t0, l3h0,
2675 sizeof (ethernet_arp_input_trace_t));
2681 clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet)
2682 ? ETHERNET_ARP_ERROR_l2_type_not_ethernet : error0);
2685 clib_net_to_host_u16 (ETHERNET_TYPE_IP4) ?
2686 ETHERNET_ARP_ERROR_l3_type_not_ip4 : error0);
2688 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
2693 /* Trash ARP packets whose ARP-level source addresses do not
2694 match, or if requester address is mcast */
2696 (!ethernet_mac_address_equal (eth0->src_address,
2697 arp0->ip4_over_ethernet[0].
2699 || ethernet_address_cast (arp0->ip4_over_ethernet[0].mac.bytes))
2701 /* VRRP virtual MAC may be different to SMAC in ARP reply */
2702 if (!ethernet_mac_address_equal
2703 (arp0->ip4_over_ethernet[0].mac.bytes, vrrp_prefix))
2705 error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
2710 (ip4_address_is_multicast (&arp0->ip4_over_ethernet[0].ip4)))
2712 error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
2716 /* Check if anyone want ARP request events for L2 BDs */
2718 ethernet_arp_main_t *am = ðernet_arp_main;
2719 if (am->wc_ip4_arp_publisher_node != (uword) ~ 0)
2720 vnet_arp_wc_publish (sw_if_index0, &arp0->ip4_over_ethernet[0]);
2723 /* lookup BD mac_by_ip4 hash table for MAC entry */
2724 ip0 = arp0->ip4_over_ethernet[1].ip4.as_u32;
2725 bd_index0 = vnet_buffer (p0)->l2.bd_index;
2726 if (PREDICT_FALSE ((bd_index0 != last_bd_index)
2727 || (last_bd_index == (u16) ~ 0)))
2729 last_bd_index = bd_index0;
2730 last_bd_config = vec_elt_at_index (l2im->bd_configs, bd_index0);
2732 macp0 = (u8 *) hash_get (last_bd_config->mac_by_ip4, ip0);
2734 if (PREDICT_FALSE (!macp0))
2735 goto next_l2_feature; /* MAC not found */
2736 if (PREDICT_FALSE (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
2737 arp0->ip4_over_ethernet[1].ip4.as_u32))
2738 goto next_l2_feature; /* GARP */
2740 /* MAC found, send ARP reply -
2741 Convert ARP request packet to ARP reply */
2742 arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
2743 arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
2744 arp0->ip4_over_ethernet[0].ip4.as_u32 = ip0;
2745 mac_address_from_bytes (&arp0->ip4_over_ethernet[0].mac, macp0);
2746 clib_memcpy_fast (eth0->dst_address, eth0->src_address, 6);
2747 clib_memcpy_fast (eth0->src_address, macp0, 6);
2748 n_replies_sent += 1;
2751 /* For BVI, need to use l2-fwd node to send ARP reply as
2752 l2-output node cannot output packet to BVI properly */
2753 cfg0 = vec_elt_at_index (l2im->configs, sw_if_index0);
2754 if (PREDICT_FALSE (cfg0->bvi))
2756 vnet_buffer (p0)->l2.feature_bitmap |= L2INPUT_FEAT_FWD;
2757 vnet_buffer (p0)->sw_if_index[VLIB_RX] = 0;
2758 goto next_l2_feature;
2761 /* Send ARP/ND reply back out input interface through l2-output */
2762 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
2763 next0 = ARP_TERM_NEXT_L2_OUTPUT;
2764 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2765 to_next, n_left_to_next, pi0,
2770 /* IP6 ND event notification or solicitation handling to generate
2771 local response instead of flooding */
2772 iph0 = (ip6_header_t *) l3h0;
2773 if (PREDICT_FALSE (ethertype0 == ETHERNET_TYPE_IP6 &&
2774 iph0->protocol == IP_PROTOCOL_ICMP6 &&
2775 !ip6_address_is_unspecified
2776 (&iph0->src_address)))
2778 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
2779 if (vnet_ip6_nd_term
2780 (vm, node, p0, eth0, iph0, sw_if_index0,
2781 vnet_buffer (p0)->l2.bd_index))
2782 goto output_response;
2787 next0 = vnet_l2_feature_next (p0, arp_term_next_node_index,
2788 L2INPUT_FEAT_ARP_TERM);
2789 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2790 to_next, n_left_to_next,
2796 if (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ||
2797 (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
2798 arp0->ip4_over_ethernet[1].ip4.as_u32))
2800 error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
2802 next0 = ARP_TERM_NEXT_DROP;
2803 p0->error = node->errors[error0];
2805 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2806 to_next, n_left_to_next, pi0,
2810 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2813 vlib_error_count (vm, node->node_index,
2814 ETHERNET_ARP_ERROR_replies_sent, n_replies_sent);
2815 return frame->n_vectors;
2819 VLIB_REGISTER_NODE (arp_term_l2bd_node, static) = {
2820 .function = arp_term_l2bd,
2821 .name = "arp-term-l2bd",
2822 .vector_size = sizeof (u32),
2823 .n_errors = ETHERNET_ARP_N_ERROR,
2824 .error_strings = ethernet_arp_error_strings,
2825 .n_next_nodes = ARP_TERM_N_NEXT,
2827 [ARP_TERM_NEXT_L2_OUTPUT] = "l2-output",
2828 [ARP_TERM_NEXT_DROP] = "error-drop",
2830 .format_buffer = format_ethernet_arp_header,
2831 .format_trace = format_arp_term_input_trace,
2836 arp_term_init (vlib_main_t * vm)
2838 // Initialize the feature next-node indexes
2839 feat_bitmap_init_next_nodes (vm,
2840 arp_term_l2bd_node.index,
2842 l2input_get_feat_names (),
2843 arp_term_next_node_index);
2847 VLIB_INIT_FUNCTION (arp_term_init);
2850 change_arp_mac (u32 sw_if_index, ethernet_arp_ip4_entry_t * e)
2852 if (e->sw_if_index == sw_if_index)
2854 adj_nbr_walk_nh4 (e->sw_if_index,
2855 &e->ip4_address, arp_mk_complete_walk, e);
2860 ethernet_arp_change_mac (u32 sw_if_index)
2862 ethernet_arp_main_t *am = ðernet_arp_main;
2863 ethernet_arp_ip4_entry_t *e;
2867 pool_foreach (e, am->ip4_entry_pool,
2869 change_arp_mac (sw_if_index, e);
2873 ai = adj_glean_get (FIB_PROTOCOL_IP4, sw_if_index);
2875 if (ADJ_INDEX_INVALID != ai)
2876 adj_glean_update_rewrite (ai);
2880 send_ip4_garp (vlib_main_t * vm, u32 sw_if_index)
2882 ip4_main_t *i4m = &ip4_main;
2883 ip4_address_t *ip4_addr = ip4_interface_first_address (i4m, sw_if_index, 0);
2885 send_ip4_garp_w_addr (vm, ip4_addr, sw_if_index);
2889 send_ip4_garp_w_addr (vlib_main_t * vm,
2890 const ip4_address_t * ip4_addr, u32 sw_if_index)
2892 ip4_main_t *i4m = &ip4_main;
2893 vnet_main_t *vnm = vnet_get_main ();
2894 u8 *rewrite, rewrite_len;
2895 vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
2899 clib_warning ("Sending GARP for IP4 address %U on sw_if_idex %d",
2900 format_ip4_address, ip4_addr, sw_if_index);
2902 /* Form GARP packet for output - Gratuitous ARP is an ARP request packet
2903 where the interface IP/MAC pair is used for both source and request
2904 MAC/IP pairs in the request */
2906 ethernet_arp_header_t *h = vlib_packet_template_get_packet
2907 (vm, &i4m->ip4_arp_request_packet_template, &bi);
2912 mac_address_from_bytes (&h->ip4_over_ethernet[0].mac, hi->hw_address);
2913 mac_address_from_bytes (&h->ip4_over_ethernet[1].mac, hi->hw_address);
2914 h->ip4_over_ethernet[0].ip4 = ip4_addr[0];
2915 h->ip4_over_ethernet[1].ip4 = ip4_addr[0];
2917 /* Setup MAC header with ARP Etype and broadcast DMAC */
2918 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
2920 ethernet_build_rewrite (vnm, sw_if_index, VNET_LINK_ARP,
2921 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST);
2922 rewrite_len = vec_len (rewrite);
2923 vlib_buffer_advance (b, -rewrite_len);
2924 ethernet_header_t *e = vlib_buffer_get_current (b);
2925 clib_memcpy_fast (e->dst_address, rewrite, rewrite_len);
2928 /* Send GARP packet out the specified interface */
2929 vnet_buffer (b)->sw_if_index[VLIB_RX] =
2930 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
2931 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
2932 u32 *to_next = vlib_frame_vector_args (f);
2935 vlib_put_frame_to_node (vm, hi->output_node_index, f);
2940 * Remove any arp entries associated with the specified interface
2942 static clib_error_t *
2943 vnet_arp_delete_sw_interface (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
2945 if (!is_add && sw_if_index != ~0)
2947 ethernet_arp_main_t *am = ðernet_arp_main;
2948 ethernet_arp_ip4_entry_t *e;
2950 pool_foreach (e, am->ip4_entry_pool, ({
2951 if (e->sw_if_index != sw_if_index)
2953 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
2954 .sw_if_index = sw_if_index,
2955 .ip4 = e->ip4_address,
2957 vnet_arp_unset_ip4_over_ethernet_internal (vnm, &args);
2965 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (vnet_arp_delete_sw_interface);
2968 * fd.io coding-style-patch-verification: ON
2971 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob