2 * ethernet/arp.c: IP v4 ARP node
4 * Copyright (c) 2010 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/ip/ip.h>
19 #include <vnet/ip/ip_neighbor.h>
20 #include <vnet/ip/ip6.h>
21 #include <vnet/ethernet/ethernet.h>
22 #include <vnet/ethernet/arp.h>
23 #include <vnet/l2/l2_input.h>
24 #include <vppinfra/mhash.h>
25 #include <vnet/fib/ip4_fib.h>
26 #include <vnet/fib/fib_entry_src.h>
27 #include <vnet/adj/adj_nbr.h>
28 #include <vnet/adj/adj_mcast.h>
29 #include <vnet/mpls/mpls.h>
30 #include <vnet/l2/feat_bitmap.h>
32 #include <vlibmemory/api.h>
38 * This file contains code to manage the IPv4 ARP tables (IP Address
39 * to MAC Address lookup).
44 * @brief Per-interface ARP configuration and state
46 typedef struct ethernet_arp_interface_t_
49 * Hash table of ARP entries.
50 * Since this hash table is per-interface, the key is only the IPv4 address.
54 * Is ARP enabled on this interface
58 * Is Proxy ARP enabled on this interface
61 } ethernet_arp_interface_t;
65 ip4_address_t lo_addr;
66 ip4_address_t hi_addr;
68 } ethernet_proxy_arp_t;
76 /* Used for arp event notification only */
77 arp_change_event_cb_t data_callback;
79 } pending_resolution_t;
83 /* Hash tables mapping name to opcode. */
84 uword *opcode_by_name;
86 /* lite beer "glean" adjacency handling */
87 uword *pending_resolutions_by_address;
88 pending_resolution_t *pending_resolutions;
90 /* Mac address change notification */
91 uword *mac_changes_by_address;
92 pending_resolution_t *mac_changes;
94 ethernet_arp_ip4_entry_t *ip4_entry_pool;
96 /* ARP attack mitigation */
98 u32 limit_arp_cache_size;
100 /** Per interface state */
101 ethernet_arp_interface_t *ethernet_arp_by_sw_if_index;
103 /* Proxy arp vector */
104 ethernet_proxy_arp_t *proxy_arps;
106 uword wc_ip4_arp_publisher_node;
107 uword wc_ip4_arp_publisher_et;
109 /* ARP feature arc index */
110 u8 feature_arc_index;
111 } ethernet_arp_main_t;
113 static ethernet_arp_main_t ethernet_arp_main;
120 ip_neighbor_flags_t nbr_flags;
122 #define ETHERNET_ARP_ARGS_REMOVE (1<<0)
123 #define ETHERNET_ARP_ARGS_FLUSH (1<<1)
124 #define ETHERNET_ARP_ARGS_POPULATE (1<<2)
125 #define ETHERNET_ARP_ARGS_WC_PUB (1<<3)
126 } vnet_arp_set_ip4_over_ethernet_rpc_args_t;
128 static const u8 vrrp_prefix[] = { 0x00, 0x00, 0x5E, 0x00, 0x01 };
130 /* Node index for send_garp_na_process */
131 u32 send_garp_na_process_node_index;
134 set_ip4_over_ethernet_rpc_callback (vnet_arp_set_ip4_over_ethernet_rpc_args_t
138 format_ethernet_arp_hardware_type (u8 * s, va_list * va)
140 ethernet_arp_hardware_type_t h = va_arg (*va, ethernet_arp_hardware_type_t);
144 #define _(n,f) case n: t = #f; break;
145 foreach_ethernet_arp_hardware_type;
149 return format (s, "unknown 0x%x", h);
152 return format (s, "%s", t);
156 format_ethernet_arp_opcode (u8 * s, va_list * va)
158 ethernet_arp_opcode_t o = va_arg (*va, ethernet_arp_opcode_t);
162 #define _(f) case ETHERNET_ARP_OPCODE_##f: t = #f; break;
163 foreach_ethernet_arp_opcode;
167 return format (s, "unknown 0x%x", o);
170 return format (s, "%s", t);
174 unformat_ethernet_arp_opcode_host_byte_order (unformat_input_t * input,
177 int *result = va_arg (*args, int *);
178 ethernet_arp_main_t *am = ðernet_arp_main;
181 /* Numeric opcode. */
182 if (unformat (input, "0x%x", &x) || unformat (input, "%d", &x))
191 if (unformat_user (input, unformat_vlib_number_by_name,
192 am->opcode_by_name, &i))
202 unformat_ethernet_arp_opcode_net_byte_order (unformat_input_t * input,
205 int *result = va_arg (*args, int *);
207 (input, unformat_ethernet_arp_opcode_host_byte_order, result))
210 *result = clib_host_to_net_u16 ((u16) * result);
215 format_ethernet_arp_header (u8 * s, va_list * va)
217 ethernet_arp_header_t *a = va_arg (*va, ethernet_arp_header_t *);
218 u32 max_header_bytes = va_arg (*va, u32);
220 u16 l2_type, l3_type;
222 if (max_header_bytes != 0 && sizeof (a[0]) > max_header_bytes)
223 return format (s, "ARP header truncated");
225 l2_type = clib_net_to_host_u16 (a->l2_type);
226 l3_type = clib_net_to_host_u16 (a->l3_type);
228 indent = format_get_indent (s);
230 s = format (s, "%U, type %U/%U, address size %d/%d",
231 format_ethernet_arp_opcode, clib_net_to_host_u16 (a->opcode),
232 format_ethernet_arp_hardware_type, l2_type,
233 format_ethernet_type, l3_type,
234 a->n_l2_address_bytes, a->n_l3_address_bytes);
236 if (l2_type == ETHERNET_ARP_HARDWARE_TYPE_ethernet
237 && l3_type == ETHERNET_TYPE_IP4)
239 s = format (s, "\n%U%U/%U -> %U/%U",
240 format_white_space, indent,
241 format_mac_address_t, &a->ip4_over_ethernet[0].mac,
242 format_ip4_address, &a->ip4_over_ethernet[0].ip4,
243 format_mac_address_t, &a->ip4_over_ethernet[1].mac,
244 format_ip4_address, &a->ip4_over_ethernet[1].ip4);
248 uword n2 = a->n_l2_address_bytes;
249 uword n3 = a->n_l3_address_bytes;
250 s = format (s, "\n%U%U/%U -> %U/%U",
251 format_white_space, indent,
252 format_hex_bytes, a->data + 0 * n2 + 0 * n3, n2,
253 format_hex_bytes, a->data + 1 * n2 + 0 * n3, n3,
254 format_hex_bytes, a->data + 1 * n2 + 1 * n3, n2,
255 format_hex_bytes, a->data + 2 * n2 + 1 * n3, n3);
262 format_ethernet_arp_ip4_entry (u8 * s, va_list * va)
264 vnet_main_t *vnm = va_arg (*va, vnet_main_t *);
265 ethernet_arp_ip4_entry_t *e = va_arg (*va, ethernet_arp_ip4_entry_t *);
266 vnet_sw_interface_t *si;
270 return format (s, "%=12s%=16s%=6s%=20s%=24s", "Time", "IP4",
271 "Flags", "Ethernet", "Interface");
273 si = vnet_get_sw_interface (vnm, e->sw_if_index);
275 if (e->flags & IP_NEIGHBOR_FLAG_STATIC)
276 flags = format (flags, "S");
278 if (e->flags & IP_NEIGHBOR_FLAG_DYNAMIC)
279 flags = format (flags, "D");
281 if (e->flags & IP_NEIGHBOR_FLAG_NO_FIB_ENTRY)
282 flags = format (flags, "N");
284 s = format (s, "%=12U%=16U%=6s%=20U%U",
285 format_vlib_time, vnm->vlib_main, e->time_last_updated,
286 format_ip4_address, &e->ip4_address,
287 flags ? (char *) flags : "",
288 format_mac_address_t, &e->mac,
289 format_vnet_sw_interface_name, vnm, si);
298 } ethernet_arp_input_trace_t;
301 format_ethernet_arp_input_trace (u8 * s, va_list * va)
303 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *);
304 CLIB_UNUSED (vlib_node_t * node) = va_arg (*va, vlib_node_t *);
305 ethernet_arp_input_trace_t *t = va_arg (*va, ethernet_arp_input_trace_t *);
308 format_ethernet_arp_header,
309 t->packet_data, sizeof (t->packet_data));
315 format_arp_term_input_trace (u8 * s, va_list * va)
317 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *);
318 CLIB_UNUSED (vlib_node_t * node) = va_arg (*va, vlib_node_t *);
319 ethernet_arp_input_trace_t *t = va_arg (*va, ethernet_arp_input_trace_t *);
321 /* arp-term trace data saved is either arp or ip6/icmp6 packet:
322 - for arp, the 1st 16-bit field is hw type of value of 0x0001.
323 - for ip6, the first nibble has value of 6. */
324 s = format (s, "%U", t->packet_data[0] == 0 ?
325 format_ethernet_arp_header : format_ip6_header,
326 t->packet_data, sizeof (t->packet_data));
332 arp_nbr_probe (ip_adjacency_t * adj)
334 vnet_main_t *vnm = vnet_get_main ();
335 ip4_main_t *im = &ip4_main;
336 ip_interface_address_t *ia;
337 ethernet_arp_header_t *h;
338 vnet_hw_interface_t *hi;
339 vnet_sw_interface_t *si;
345 vm = vlib_get_main ();
347 si = vnet_get_sw_interface (vnm, adj->rewrite_header.sw_if_index);
349 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
355 ip4_interface_address_matching_destination (im,
356 &adj->sub_type.nbr.next_hop.
366 vlib_packet_template_get_packet (vm, &im->ip4_arp_request_packet_template,
371 hi = vnet_get_sup_hw_interface (vnm, adj->rewrite_header.sw_if_index);
373 mac_address_from_bytes (&h->ip4_over_ethernet[0].mac, hi->hw_address);
375 h->ip4_over_ethernet[0].ip4 = src[0];
376 h->ip4_over_ethernet[1].ip4 = adj->sub_type.nbr.next_hop.ip4;
378 b = vlib_get_buffer (vm, bi);
379 vnet_buffer (b)->sw_if_index[VLIB_RX] =
380 vnet_buffer (b)->sw_if_index[VLIB_TX] = adj->rewrite_header.sw_if_index;
382 /* Add encapsulation string for software interface (e.g. ethernet header). */
383 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
384 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
387 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
388 u32 *to_next = vlib_frame_vector_args (f);
391 vlib_put_frame_to_node (vm, hi->output_node_index, f);
396 arp_mk_complete (adj_index_t ai, ethernet_arp_ip4_entry_t * e)
398 adj_nbr_update_rewrite
399 (ai, ADJ_NBR_REWRITE_FLAG_COMPLETE,
400 ethernet_build_rewrite (vnet_get_main (),
402 adj_get_link_type (ai), &e->mac));
406 arp_mk_incomplete (adj_index_t ai)
408 ip_adjacency_t *adj = adj_get (ai);
410 adj_nbr_update_rewrite
412 ADJ_NBR_REWRITE_FLAG_INCOMPLETE,
413 ethernet_build_rewrite (vnet_get_main (),
414 adj->rewrite_header.sw_if_index,
416 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
419 static ethernet_arp_ip4_entry_t *
420 arp_entry_find (ethernet_arp_interface_t * eai, const ip4_address_t * addr)
422 ethernet_arp_main_t *am = ðernet_arp_main;
423 ethernet_arp_ip4_entry_t *e = NULL;
426 if (NULL != eai->arp_entries)
428 p = hash_get (eai->arp_entries, addr->as_u32);
432 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
439 arp_mk_complete_walk (adj_index_t ai, void *ctx)
441 ethernet_arp_ip4_entry_t *e = ctx;
443 arp_mk_complete (ai, e);
445 return (ADJ_WALK_RC_CONTINUE);
449 arp_mk_incomplete_walk (adj_index_t ai, void *ctx)
451 arp_mk_incomplete (ai);
453 return (ADJ_WALK_RC_CONTINUE);
457 arp_is_enabled (ethernet_arp_main_t * am, u32 sw_if_index)
459 if (vec_len (am->ethernet_arp_by_sw_if_index) <= sw_if_index)
462 return (am->ethernet_arp_by_sw_if_index[sw_if_index].enabled);
466 arp_enable (ethernet_arp_main_t * am, u32 sw_if_index)
468 if (arp_is_enabled (am, sw_if_index))
471 vec_validate (am->ethernet_arp_by_sw_if_index, sw_if_index);
473 am->ethernet_arp_by_sw_if_index[sw_if_index].enabled = 1;
475 vnet_feature_enable_disable ("arp", "arp-reply", sw_if_index, 1, NULL, 0);
479 vnet_arp_flush_ip4_over_ethernet_internal (vnet_main_t * vnm,
480 vnet_arp_set_ip4_over_ethernet_rpc_args_t
484 arp_disable (ethernet_arp_main_t * am, u32 sw_if_index)
486 ethernet_arp_interface_t *eai;
487 ethernet_arp_ip4_entry_t *e;
488 u32 i, *to_delete = 0;
491 if (!arp_is_enabled (am, sw_if_index))
494 vnet_feature_enable_disable ("arp", "arp-reply", sw_if_index, 0, NULL, 0);
496 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
500 hash_foreach_pair (pair, eai->arp_entries,
502 e = pool_elt_at_index(am->ip4_entry_pool,
504 vec_add1 (to_delete, e - am->ip4_entry_pool);
508 for (i = 0; i < vec_len (to_delete); i++)
510 e = pool_elt_at_index (am->ip4_entry_pool, to_delete[i]);
512 vnet_arp_set_ip4_over_ethernet_rpc_args_t delme = {
513 .ip4.as_u32 = e->ip4_address.as_u32,
514 .sw_if_index = e->sw_if_index,
515 .flags = ETHERNET_ARP_ARGS_FLUSH,
517 mac_address_copy (&delme.mac, &e->mac);
519 vnet_arp_flush_ip4_over_ethernet_internal (vnet_get_main (), &delme);
522 vec_free (to_delete);
528 arp_update_adjacency (vnet_main_t * vnm, u32 sw_if_index, u32 ai)
530 ethernet_arp_main_t *am = ðernet_arp_main;
531 ethernet_arp_interface_t *arp_int;
532 ethernet_arp_ip4_entry_t *e;
537 arp_enable (am, sw_if_index);
538 arp_int = &am->ethernet_arp_by_sw_if_index[sw_if_index];
539 e = arp_entry_find (arp_int, &adj->sub_type.nbr.next_hop.ip4);
541 switch (adj->lookup_next_index)
543 case IP_LOOKUP_NEXT_GLEAN:
544 adj_glean_update_rewrite (ai);
546 case IP_LOOKUP_NEXT_ARP:
549 adj_nbr_walk_nh4 (sw_if_index,
550 &e->ip4_address, arp_mk_complete_walk, e);
555 * no matching ARP entry.
556 * construct the rewrite required to for an ARP packet, and stick
557 * that in the adj's pipe to smoke.
559 adj_nbr_update_rewrite
561 ADJ_NBR_REWRITE_FLAG_INCOMPLETE,
562 ethernet_build_rewrite
566 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
569 * since the FIB has added this adj for a route, it makes sense it
570 * may want to forward traffic sometime soon. Let's send a
571 * speculative ARP. just one. If we were to do periodically that
572 * wouldn't be bad either, but that's more code than i'm prepared to
573 * write at this time for relatively little reward.
578 case IP_LOOKUP_NEXT_BCAST:
579 adj_nbr_update_rewrite (ai,
580 ADJ_NBR_REWRITE_FLAG_COMPLETE,
581 ethernet_build_rewrite
585 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
587 case IP_LOOKUP_NEXT_MCAST:
590 * Construct a partial rewrite from the known ethernet mcast dest MAC
595 rewrite = ethernet_build_rewrite (vnm,
598 ethernet_ip4_mcast_dst_addr ());
599 offset = vec_len (rewrite) - 2;
602 * Complete the remaining fields of the adj's rewrite to direct the
603 * complete of the rewrite at switch time by copying in the IP
604 * dst address's bytes.
605 * Offset is 2 bytes into the MAC destination address.
607 adj_mcast_update_rewrite (ai, rewrite, offset);
611 case IP_LOOKUP_NEXT_DROP:
612 case IP_LOOKUP_NEXT_PUNT:
613 case IP_LOOKUP_NEXT_LOCAL:
614 case IP_LOOKUP_NEXT_REWRITE:
615 case IP_LOOKUP_NEXT_MCAST_MIDCHAIN:
616 case IP_LOOKUP_NEXT_MIDCHAIN:
617 case IP_LOOKUP_NEXT_ICMP_ERROR:
618 case IP_LOOKUP_N_NEXT:
625 arp_adj_fib_add (ethernet_arp_ip4_entry_t * e, u32 fib_index)
629 .fp_proto = FIB_PROTOCOL_IP4,
630 .fp_addr.ip4 = e->ip4_address,
634 fib_table_entry_path_add (fib_index, &pfx, FIB_SOURCE_ADJ,
635 FIB_ENTRY_FLAG_ATTACHED,
636 DPO_PROTO_IP4, &pfx.fp_addr,
637 e->sw_if_index, ~0, 1, NULL,
638 FIB_ROUTE_PATH_FLAG_NONE);
639 fib_table_lock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_ADJ);
643 arp_adj_fib_remove (ethernet_arp_ip4_entry_t * e, u32 fib_index)
645 if (FIB_NODE_INDEX_INVALID != e->fib_entry_index)
649 .fp_proto = FIB_PROTOCOL_IP4,
650 .fp_addr.ip4 = e->ip4_address,
654 fib_index = ip4_fib_table_get_index_for_sw_if_index (e->sw_if_index);
656 fib_table_entry_path_remove (fib_index, &pfx,
660 e->sw_if_index, ~0, 1,
661 FIB_ROUTE_PATH_FLAG_NONE);
662 fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_ADJ);
666 static ethernet_arp_ip4_entry_t *
667 force_reuse_arp_entry (void)
669 ethernet_arp_ip4_entry_t *e;
670 ethernet_arp_main_t *am = ðernet_arp_main;
672 u32 index = pool_next_index (am->ip4_entry_pool, am->arp_delete_rotor);
673 if (index == ~0) /* Try again from elt 0 */
674 index = pool_next_index (am->ip4_entry_pool, index);
676 /* Find a non-static random entry to free up for reuse */
679 if ((count++ == 100) || (index == ~0))
680 return NULL; /* give up after 100 entries */
681 e = pool_elt_at_index (am->ip4_entry_pool, index);
682 am->arp_delete_rotor = index;
683 index = pool_next_index (am->ip4_entry_pool, index);
685 while (e->flags & IP_NEIGHBOR_FLAG_STATIC);
687 /* Remove ARP entry from its interface and update fib */
689 (am->ethernet_arp_by_sw_if_index[e->sw_if_index].arp_entries,
690 e->ip4_address.as_u32);
692 (e, ip4_fib_table_get_index_for_sw_if_index (e->sw_if_index));
693 adj_nbr_walk_nh4 (e->sw_if_index,
694 &e->ip4_address, arp_mk_incomplete_walk, e);
699 vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm,
700 vnet_arp_set_ip4_over_ethernet_rpc_args_t
703 ethernet_arp_ip4_entry_t *e = 0;
704 ethernet_arp_main_t *am = ðernet_arp_main;
705 vlib_main_t *vm = vlib_get_main ();
706 int make_new_arp_cache_entry = 1;
708 pending_resolution_t *pr, *mc;
709 ethernet_arp_interface_t *arp_int;
710 u32 sw_if_index = args->sw_if_index;
712 arp_enable (am, sw_if_index);
714 arp_int = &am->ethernet_arp_by_sw_if_index[sw_if_index];
716 if (NULL != arp_int->arp_entries)
718 p = hash_get (arp_int->arp_entries, args->ip4.as_u32);
721 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
723 /* Refuse to over-write static arp. */
724 if (!(args->nbr_flags & IP_NEIGHBOR_FLAG_STATIC) &&
725 (e->flags & IP_NEIGHBOR_FLAG_STATIC))
727 /* if MAC address match, still check to send event */
728 if (mac_address_equal (&e->mac, &args->mac))
729 goto check_customers;
732 make_new_arp_cache_entry = 0;
736 if (make_new_arp_cache_entry)
738 if (am->limit_arp_cache_size &&
739 pool_elts (am->ip4_entry_pool) >= am->limit_arp_cache_size)
741 e = force_reuse_arp_entry ();
746 pool_get (am->ip4_entry_pool, e);
748 if (NULL == arp_int->arp_entries)
749 arp_int->arp_entries = hash_create (0, sizeof (u32));
751 hash_set (arp_int->arp_entries, args->ip4.as_u32,
752 e - am->ip4_entry_pool);
754 e->sw_if_index = sw_if_index;
755 e->ip4_address = args->ip4;
756 e->fib_entry_index = FIB_NODE_INDEX_INVALID;
757 mac_address_copy (&e->mac, &args->mac);
759 if (!(args->nbr_flags & IP_NEIGHBOR_FLAG_NO_FIB_ENTRY))
762 ip4_fib_table_get_index_for_sw_if_index
767 e->flags |= IP_NEIGHBOR_FLAG_NO_FIB_ENTRY;
773 * prevent a DoS attack from the data-plane that
774 * spams us with no-op updates to the MAC address
776 if (mac_address_equal (&e->mac, &args->mac))
778 e->time_last_updated = vlib_time_now (vm);
779 goto check_customers;
782 /* Update ethernet address. */
783 mac_address_copy (&e->mac, &args->mac);
786 /* Update time stamp and flags. */
787 e->time_last_updated = vlib_time_now (vm);
788 if (args->nbr_flags & IP_NEIGHBOR_FLAG_STATIC)
790 e->flags &= ~IP_NEIGHBOR_FLAG_DYNAMIC;
791 e->flags |= IP_NEIGHBOR_FLAG_STATIC;
795 e->flags &= ~IP_NEIGHBOR_FLAG_STATIC;
796 e->flags |= IP_NEIGHBOR_FLAG_DYNAMIC;
799 adj_nbr_walk_nh4 (sw_if_index, &e->ip4_address, arp_mk_complete_walk, e);
802 /* Customer(s) waiting for this address to be resolved? */
803 p = hash_get (am->pending_resolutions_by_address, args->ip4.as_u32);
809 while (next_index != (u32) ~ 0)
811 pr = pool_elt_at_index (am->pending_resolutions, next_index);
812 vlib_process_signal_event (vm, pr->node_index,
813 pr->type_opaque, pr->data);
814 next_index = pr->next_index;
815 pool_put (am->pending_resolutions, pr);
818 hash_unset (am->pending_resolutions_by_address, args->ip4.as_u32);
821 /* Customer(s) requesting ARP event for this address? */
822 p = hash_get (am->mac_changes_by_address, args->ip4.as_u32);
828 while (next_index != (u32) ~ 0)
831 mc = pool_elt_at_index (am->mac_changes, next_index);
833 /* Call the user's data callback, return 1 to suppress dup events */
834 if (mc->data_callback)
835 rv = (mc->data_callback) (mc->data, &args->mac, sw_if_index, 0);
838 * Signal the resolver process, as long as the user
839 * says they want to be notified
842 vlib_process_signal_event (vm, mc->node_index,
843 mc->type_opaque, mc->data);
844 next_index = mc->next_index;
852 vnet_register_ip4_arp_resolution_event (vnet_main_t * vnm,
855 uword type_opaque, uword data)
857 ethernet_arp_main_t *am = ðernet_arp_main;
858 ip4_address_t *address = address_arg;
860 pending_resolution_t *pr;
862 pool_get (am->pending_resolutions, pr);
865 pr->node_index = node_index;
866 pr->type_opaque = type_opaque;
868 pr->data_callback = 0;
870 p = hash_get (am->pending_resolutions_by_address, address->as_u32);
873 /* Insert new resolution at the head of the list */
874 pr->next_index = p[0];
875 hash_unset (am->pending_resolutions_by_address, address->as_u32);
878 hash_set (am->pending_resolutions_by_address, address->as_u32,
879 pr - am->pending_resolutions);
883 vnet_add_del_ip4_arp_change_event (vnet_main_t * vnm,
884 arp_change_event_cb_t data_callback,
888 uword type_opaque, uword data, int is_add)
890 ethernet_arp_main_t *am = ðernet_arp_main;
891 ip4_address_t *address = address_arg;
893 /* Try to find an existing entry */
894 u32 *first = (u32 *) hash_get (am->mac_changes_by_address, address->as_u32);
896 pending_resolution_t *mc;
897 while (p && *p != ~0)
899 mc = pool_elt_at_index (am->mac_changes, *p);
900 if (mc->node_index == node_index && mc->type_opaque == type_opaque
906 int found = p && *p != ~0;
910 return VNET_API_ERROR_ENTRY_ALREADY_EXISTS;
912 pool_get (am->mac_changes, mc);
914 *mc = (pending_resolution_t)
917 .node_index = node_index,
918 .type_opaque = type_opaque,
920 .data_callback = data_callback,
925 /* Insert new resolution at the end of the list */
926 u32 new_idx = mc - am->mac_changes;
930 hash_set (am->mac_changes_by_address, address->as_u32, new_idx);
935 return VNET_API_ERROR_NO_SUCH_ENTRY;
937 /* Clients may need to clean up pool entries, too */
939 /* no new mac addrs */
940 (data_callback) (mc->data, NULL, ~0, NULL);
942 /* Remove the entry from the list and delete the entry */
944 pool_put (am->mac_changes, mc);
946 /* Remove from hash if we deleted the last entry */
947 if (*p == ~0 && p == first)
948 hash_unset (am->mac_changes_by_address, address->as_u32);
953 /* Either we drop the packet or we send a reply to the sender. */
957 ARP_REPLY_NEXT_REPLY_TX,
961 #define foreach_ethernet_arp_error \
962 _ (replies_sent, "ARP replies sent") \
963 _ (l2_type_not_ethernet, "L2 type not ethernet") \
964 _ (l3_type_not_ip4, "L3 type not IP4") \
965 _ (l3_src_address_not_local, "IP4 source address not local to subnet") \
966 _ (l3_dst_address_not_local, "IP4 destination address not local to subnet") \
967 _ (l3_dst_address_unset, "IP4 destination address is unset") \
968 _ (l3_src_address_is_local, "IP4 source address matches local interface") \
969 _ (l3_src_address_learned, "ARP request IP4 source address learned") \
970 _ (replies_received, "ARP replies received") \
971 _ (opcode_not_request, "ARP opcode not request") \
972 _ (proxy_arp_replies_sent, "Proxy ARP replies sent") \
973 _ (l2_address_mismatch, "ARP hw addr does not match L2 frame src addr") \
974 _ (gratuitous_arp, "ARP probe or announcement dropped") \
975 _ (interface_no_table, "Interface is not mapped to an IP table") \
976 _ (interface_not_ip_enabled, "Interface is not IP enabled") \
977 _ (unnumbered_mismatch, "RX interface is unnumbered to different subnet") \
981 #define _(sym,string) ETHERNET_ARP_ERROR_##sym,
982 foreach_ethernet_arp_error
984 ETHERNET_ARP_N_ERROR,
985 } ethernet_arp_reply_error_t;
988 arp_unnumbered (vlib_buffer_t * p0,
989 u32 input_sw_if_index, u32 conn_sw_if_index)
991 vnet_main_t *vnm = vnet_get_main ();
992 vnet_interface_main_t *vim = &vnm->interface_main;
993 vnet_sw_interface_t *si;
995 /* verify that the input interface is unnumbered to the connected.
996 * the connected interface is the interface on which the subnet is
998 si = &vim->sw_interfaces[input_sw_if_index];
1000 if (!(si->flags & VNET_SW_INTERFACE_FLAG_UNNUMBERED &&
1001 (si->unnumbered_sw_if_index == conn_sw_if_index)))
1003 /* the input interface is not unnumbered to the interface on which
1004 * the sub-net is configured that covers the ARP request.
1005 * So this is not the case for unnumbered.. */
1013 arp_learn (vnet_main_t * vnm,
1014 ethernet_arp_main_t * am, u32 sw_if_index,
1015 const ethernet_arp_ip4_over_ethernet_address_t * addr)
1017 vnet_arp_set_ip4_over_ethernet (vnm, sw_if_index, addr, 0);
1018 return (ETHERNET_ARP_ERROR_l3_src_address_learned);
1021 typedef enum arp_input_next_t_
1023 ARP_INPUT_NEXT_DROP,
1028 arp_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1030 u32 n_left_from, next_index, *from, *to_next, n_left_to_next;
1031 ethernet_arp_main_t *am = ðernet_arp_main;
1033 from = vlib_frame_vector_args (frame);
1034 n_left_from = frame->n_vectors;
1035 next_index = node->cached_next_index;
1037 if (node->flags & VLIB_NODE_FLAG_TRACE)
1038 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
1040 sizeof (ethernet_arp_input_trace_t));
1042 while (n_left_from > 0)
1044 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1046 while (n_left_from > 0 && n_left_to_next > 0)
1048 const ethernet_arp_header_t *arp0;
1049 arp_input_next_t next0;
1053 pi0 = to_next[0] = from[0];
1057 n_left_to_next -= 1;
1059 p0 = vlib_get_buffer (vm, pi0);
1060 arp0 = vlib_buffer_get_current (p0);
1062 error0 = ETHERNET_ARP_ERROR_replies_sent;
1063 next0 = ARP_INPUT_NEXT_DROP;
1067 clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet) ?
1068 ETHERNET_ARP_ERROR_l2_type_not_ethernet : error0);
1071 clib_net_to_host_u16 (ETHERNET_TYPE_IP4) ?
1072 ETHERNET_ARP_ERROR_l3_type_not_ip4 : error0);
1074 (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ?
1075 ETHERNET_ARP_ERROR_l3_dst_address_unset : error0);
1077 if (ETHERNET_ARP_ERROR_replies_sent == error0)
1078 vnet_feature_arc_start (am->feature_arc_index,
1079 vnet_buffer (p0)->sw_if_index[VLIB_RX],
1082 p0->error = node->errors[error0];
1084 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1085 n_left_to_next, pi0, next0);
1088 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1091 return frame->n_vectors;
1094 static_always_inline u32
1095 arp_mk_reply (vnet_main_t * vnm,
1098 const ip4_address_t * if_addr0,
1099 ethernet_arp_header_t * arp0, ethernet_header_t * eth_rx)
1101 vnet_hw_interface_t *hw_if0;
1102 u8 *rewrite0, rewrite0_len;
1103 ethernet_header_t *eth_tx;
1107 An adjacency to the sender is not always present,
1108 so we use the interface to build us a rewrite string
1109 which will contain all the necessary tags. */
1110 rewrite0 = ethernet_build_rewrite (vnm, sw_if_index0,
1111 VNET_LINK_ARP, eth_rx->src_address);
1112 rewrite0_len = vec_len (rewrite0);
1114 /* Figure out how much to rewind current data from adjacency. */
1115 vlib_buffer_advance (p0, -rewrite0_len);
1116 eth_tx = vlib_buffer_get_current (p0);
1118 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1119 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1121 /* Send reply back through input interface */
1122 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1123 next0 = ARP_REPLY_NEXT_REPLY_TX;
1125 arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
1127 arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
1129 mac_address_from_bytes (&arp0->ip4_over_ethernet[0].mac,
1130 hw_if0->hw_address);
1131 clib_mem_unaligned (&arp0->ip4_over_ethernet[0].ip4.data_u32, u32) =
1134 /* Hardware must be ethernet-like. */
1135 ASSERT (vec_len (hw_if0->hw_address) == 6);
1137 /* the rx nd tx ethernet headers wil overlap in the case
1138 * when we received a tagged VLAN=0 packet, but we are sending
1140 clib_memcpy_fast (eth_tx, rewrite0, vec_len (rewrite0));
1141 vec_free (rewrite0);
1146 enum arp_dst_fib_type
1154 * we're looking for FIB sources that indicate the destination
1155 * is attached. There may be interposed DPO prior to the one
1156 * we are looking for
1158 static enum arp_dst_fib_type
1159 arp_dst_fib_check (const fib_node_index_t fei, fib_entry_flag_t * flags)
1161 const fib_entry_t *entry = fib_entry_get (fei);
1162 const fib_entry_src_t *entry_src;
1165 FOR_EACH_SRC_ADDED(entry, entry_src, src,
1167 *flags = fib_entry_get_flags_for_source (fei, src);
1168 if (fib_entry_is_sourced (fei, FIB_SOURCE_ADJ))
1169 return ARP_DST_FIB_ADJ;
1170 else if (FIB_ENTRY_FLAG_CONNECTED & *flags)
1171 return ARP_DST_FIB_CONN;
1175 return ARP_DST_FIB_NONE;
1179 arp_reply (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1181 ethernet_arp_main_t *am = ðernet_arp_main;
1182 vnet_main_t *vnm = vnet_get_main ();
1183 u32 n_left_from, next_index, *from, *to_next;
1184 u32 n_replies_sent = 0;
1186 from = vlib_frame_vector_args (frame);
1187 n_left_from = frame->n_vectors;
1188 next_index = node->cached_next_index;
1190 if (node->flags & VLIB_NODE_FLAG_TRACE)
1191 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
1193 sizeof (ethernet_arp_input_trace_t));
1195 while (n_left_from > 0)
1199 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1201 while (n_left_from > 0 && n_left_to_next > 0)
1204 ethernet_arp_header_t *arp0;
1205 ethernet_header_t *eth_rx;
1206 const ip4_address_t *if_addr0;
1207 u32 pi0, error0, next0, sw_if_index0, conn_sw_if_index0, fib_index0;
1208 u8 dst_is_local0, is_vrrp_reply0;
1209 fib_node_index_t dst_fei, src_fei;
1210 const fib_prefix_t *pfx0;
1211 fib_entry_flag_t src_flags, dst_flags;
1218 n_left_to_next -= 1;
1220 p0 = vlib_get_buffer (vm, pi0);
1221 arp0 = vlib_buffer_get_current (p0);
1222 /* Fill in ethernet header. */
1223 eth_rx = ethernet_buffer_get_header (p0);
1225 next0 = ARP_REPLY_NEXT_DROP;
1226 error0 = ETHERNET_ARP_ERROR_replies_sent;
1227 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1229 /* Check that IP address is local and matches incoming interface. */
1230 fib_index0 = ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
1231 if (~0 == fib_index0)
1233 error0 = ETHERNET_ARP_ERROR_interface_no_table;
1240 * we're looking for FIB entries that indicate the source
1241 * is attached. There may be more specific non-attached
1242 * routes that match the source, but these do not influence
1243 * whether we respond to an ARP request, i.e. they do not
1244 * influence whether we are the correct way for the sender
1245 * to reach us, they only affect how we reach the sender.
1247 fib_entry_t *src_fib_entry;
1248 const fib_prefix_t *pfx;
1249 fib_entry_src_t *src;
1250 fib_source_t source;
1259 src_fei = ip4_fib_table_lookup (ip4_fib_get (fib_index0),
1261 ip4_over_ethernet[0].ip4,
1263 src_fib_entry = fib_entry_get (src_fei);
1266 * It's possible that the source that provides the
1267 * flags we need, or the flags we must not have,
1268 * is not the best source, so check then all.
1271 FOR_EACH_SRC_ADDED(src_fib_entry, src, source,
1273 src_flags = fib_entry_get_flags_for_source (src_fei, source);
1275 /* Reject requests/replies with our local interface
1277 if (FIB_ENTRY_FLAG_LOCAL & src_flags)
1279 error0 = ETHERNET_ARP_ERROR_l3_src_address_is_local;
1281 * When VPP has an interface whose address is also
1282 * applied to a TAP interface on the host, then VPP's
1283 * TAP interface will be unnumbered to the 'real'
1284 * interface and do proxy ARP from the host.
1285 * The curious aspect of this setup is that ARP requests
1286 * from the host will come from the VPP's own address.
1287 * So don't drop immediately here, instead go see if this
1288 * is a proxy ARP case.
1292 /* A Source must also be local to subnet of matching
1293 * interface address. */
1294 if ((FIB_ENTRY_FLAG_ATTACHED & src_flags) ||
1295 (FIB_ENTRY_FLAG_CONNECTED & src_flags))
1302 * The packet was sent from an address that is not
1303 * connected nor attached i.e. it is not from an
1304 * address that is covered by a link's sub-net,
1305 * nor is it a already learned host resp.
1311 * shorter mask lookup for the next iteration.
1313 pfx = fib_entry_get_prefix (src_fei);
1314 mask = pfx->fp_len - 1;
1317 * continue until we hit the default route or we find
1318 * the attached we are looking for. The most likely
1319 * outcome is we find the attached with the first source
1320 * on the first lookup.
1324 !fib_entry_is_sourced (src_fei, FIB_SOURCE_DEFAULT_ROUTE));
1329 * the matching route is a not attached, i.e. it was
1330 * added as a result of routing, rather than interface/ARP
1331 * configuration. If the matching route is not a host route
1334 error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
1339 dst_fei = ip4_fib_table_lookup (ip4_fib_get (fib_index0),
1340 &arp0->ip4_over_ethernet[1].ip4,
1342 switch (arp_dst_fib_check (dst_fei, &dst_flags))
1344 case ARP_DST_FIB_ADJ:
1346 * We matched an adj-fib on ths source subnet (a /32 previously
1347 * added as a result of ARP). If this request is a gratuitous
1348 * ARP, then learn from it.
1349 * The check for matching an adj-fib, is to prevent hosts
1350 * from spamming us with gratuitous ARPS that might otherwise
1351 * blow our ARP cache
1353 if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
1354 arp0->ip4_over_ethernet[1].ip4.as_u32)
1355 error0 = arp_learn (vnm, am, sw_if_index0,
1356 &arp0->ip4_over_ethernet[0]);
1358 case ARP_DST_FIB_CONN:
1359 /* destination is connected, continue to process */
1361 case ARP_DST_FIB_NONE:
1362 /* destination is not connected, stop here */
1363 error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
1367 dst_is_local0 = (FIB_ENTRY_FLAG_LOCAL & dst_flags);
1368 pfx0 = fib_entry_get_prefix (dst_fei);
1369 if_addr0 = &pfx0->fp_addr.ip4;
1373 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
1376 (arp0->ip4_over_ethernet[0].mac.bytes, vrrp_prefix,
1377 sizeof (vrrp_prefix))));
1379 /* Trash ARP packets whose ARP-level source addresses do not
1380 match their L2-frame-level source addresses, unless it's
1381 a reply from a VRRP virtual router */
1382 if (!ethernet_mac_address_equal
1383 (eth_rx->src_address,
1384 arp0->ip4_over_ethernet[0].mac.bytes) && !is_vrrp_reply0)
1386 error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
1390 /* Learn or update sender's mapping only for replies to addresses
1391 * that are local to the subnet */
1393 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
1396 error0 = arp_learn (vnm, am, sw_if_index0,
1397 &arp0->ip4_over_ethernet[0]);
1399 /* a reply for a non-local destination could be a GARP.
1400 * GARPs for hosts we know were handled above, so this one
1402 error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
1406 else if (arp0->opcode ==
1407 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request) &&
1408 (dst_is_local0 == 0))
1413 /* Honor unnumbered interface, if any */
1414 conn_sw_if_index0 = fib_entry_get_resolving_interface (dst_fei);
1415 if (sw_if_index0 != conn_sw_if_index0 ||
1416 sw_if_index0 != fib_entry_get_resolving_interface (src_fei))
1419 * The interface the ARP is sent to or was received on is not the
1420 * interface on which the covering prefix is configured.
1421 * Maybe this is a case for unnumbered.
1423 if (!arp_unnumbered (p0, sw_if_index0, conn_sw_if_index0))
1425 error0 = ETHERNET_ARP_ERROR_unnumbered_mismatch;
1429 if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
1430 arp0->ip4_over_ethernet[1].ip4.as_u32)
1432 error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
1436 next0 = arp_mk_reply (vnm, p0, sw_if_index0,
1437 if_addr0, arp0, eth_rx);
1439 /* We are going to reply to this request, so, in the absence of
1440 errors, learn the sender */
1442 error0 = arp_learn (vnm, am, sw_if_index0,
1443 &arp0->ip4_over_ethernet[1]);
1445 n_replies_sent += 1;
1449 vnet_feature_next (&next0, p0);
1453 p0->error = node->errors[error0];
1456 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1457 n_left_to_next, pi0, next0);
1460 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1463 vlib_error_count (vm, node->node_index,
1464 ETHERNET_ARP_ERROR_replies_sent, n_replies_sent);
1466 return frame->n_vectors;
1470 arp_proxy (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1472 ethernet_arp_main_t *am = ðernet_arp_main;
1473 vnet_main_t *vnm = vnet_get_main ();
1474 u32 n_left_from, next_index, *from, *to_next;
1475 u32 n_arp_replies_sent = 0;
1477 from = vlib_frame_vector_args (frame);
1478 n_left_from = frame->n_vectors;
1479 next_index = node->cached_next_index;
1481 if (node->flags & VLIB_NODE_FLAG_TRACE)
1482 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
1484 sizeof (ethernet_arp_input_trace_t));
1486 while (n_left_from > 0)
1490 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1492 while (n_left_from > 0 && n_left_to_next > 0)
1495 ethernet_arp_header_t *arp0;
1496 ethernet_header_t *eth_rx;
1497 ip4_address_t proxy_src;
1498 u32 pi0, error0, next0, sw_if_index0, fib_index0;
1500 ethernet_proxy_arp_t *pa;
1507 n_left_to_next -= 1;
1509 p0 = vlib_get_buffer (vm, pi0);
1510 arp0 = vlib_buffer_get_current (p0);
1511 /* Fill in ethernet header. */
1512 eth_rx = ethernet_buffer_get_header (p0);
1514 is_request0 = arp0->opcode
1515 == clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request);
1517 error0 = ETHERNET_ARP_ERROR_replies_sent;
1518 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1519 next0 = ARP_REPLY_NEXT_DROP;
1521 fib_index0 = ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
1522 if (~0 == fib_index0)
1524 error0 = ETHERNET_ARP_ERROR_interface_no_table;
1527 if (0 == error0 && is_request0)
1529 u32 this_addr = clib_net_to_host_u32
1530 (arp0->ip4_over_ethernet[1].ip4.as_u32);
1532 vec_foreach (pa, am->proxy_arps)
1534 u32 lo_addr = clib_net_to_host_u32 (pa->lo_addr.as_u32);
1535 u32 hi_addr = clib_net_to_host_u32 (pa->hi_addr.as_u32);
1537 /* an ARP request hit in the proxy-arp table? */
1538 if ((this_addr >= lo_addr && this_addr <= hi_addr) &&
1539 (fib_index0 == pa->fib_index))
1542 arp0->ip4_over_ethernet[1].ip4.data_u32;
1545 * change the interface address to the proxied
1547 n_arp_replies_sent++;
1550 arp_mk_reply (vnm, p0, sw_if_index0, &proxy_src, arp0,
1557 p0->error = node->errors[error0];
1560 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1561 n_left_to_next, pi0, next0);
1564 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1567 vlib_error_count (vm, node->node_index,
1568 ETHERNET_ARP_ERROR_replies_sent, n_arp_replies_sent);
1570 return frame->n_vectors;
1573 static char *ethernet_arp_error_strings[] = {
1574 #define _(sym,string) string,
1575 foreach_ethernet_arp_error
1581 /* Built-in ARP rx feature path definition */
1582 VNET_FEATURE_ARC_INIT (arp_feat, static) =
1585 .start_nodes = VNET_FEATURES ("arp-input"),
1586 .last_in_arc = "error-drop",
1587 .arc_index_ptr = ðernet_arp_main.feature_arc_index,
1590 VLIB_REGISTER_NODE (arp_input_node, static) =
1592 .function = arp_input,
1593 .name = "arp-input",
1594 .vector_size = sizeof (u32),
1595 .n_errors = ETHERNET_ARP_N_ERROR,
1596 .error_strings = ethernet_arp_error_strings,
1597 .n_next_nodes = ARP_INPUT_N_NEXT,
1599 [ARP_INPUT_NEXT_DROP] = "error-drop",
1601 .format_buffer = format_ethernet_arp_header,
1602 .format_trace = format_ethernet_arp_input_trace,
1605 VLIB_REGISTER_NODE (arp_reply_node, static) =
1607 .function = arp_reply,
1608 .name = "arp-reply",
1609 .vector_size = sizeof (u32),
1610 .n_errors = ETHERNET_ARP_N_ERROR,
1611 .error_strings = ethernet_arp_error_strings,
1612 .n_next_nodes = ARP_REPLY_N_NEXT,
1614 [ARP_REPLY_NEXT_DROP] = "error-drop",
1615 [ARP_REPLY_NEXT_REPLY_TX] = "interface-output",
1617 .format_buffer = format_ethernet_arp_header,
1618 .format_trace = format_ethernet_arp_input_trace,
1621 VLIB_REGISTER_NODE (arp_proxy_node, static) =
1623 .function = arp_proxy,
1624 .name = "arp-proxy",
1625 .vector_size = sizeof (u32),
1626 .n_errors = ETHERNET_ARP_N_ERROR,
1627 .error_strings = ethernet_arp_error_strings,
1628 .n_next_nodes = ARP_REPLY_N_NEXT,
1630 [ARP_REPLY_NEXT_DROP] = "error-drop",
1631 [ARP_REPLY_NEXT_REPLY_TX] = "interface-output",
1633 .format_buffer = format_ethernet_arp_header,
1634 .format_trace = format_ethernet_arp_input_trace,
1637 VNET_FEATURE_INIT (arp_reply_feat_node, static) =
1640 .node_name = "arp-reply",
1641 .runs_before = VNET_FEATURES ("error-drop"),
1644 VNET_FEATURE_INIT (arp_proxy_feat_node, static) =
1647 .node_name = "arp-proxy",
1648 .runs_after = VNET_FEATURES ("arp-reply"),
1649 .runs_before = VNET_FEATURES ("error-drop"),
1652 VNET_FEATURE_INIT (arp_drop_feat_node, static) =
1655 .node_name = "error-drop",
1661 ip4_arp_entry_sort (void *a1, void *a2)
1663 ethernet_arp_ip4_entry_t *e1 = a1;
1664 ethernet_arp_ip4_entry_t *e2 = a2;
1667 vnet_main_t *vnm = vnet_get_main ();
1669 cmp = vnet_sw_interface_compare (vnm, e1->sw_if_index, e2->sw_if_index);
1671 cmp = ip4_address_compare (&e1->ip4_address, &e2->ip4_address);
1675 ethernet_arp_ip4_entry_t *
1676 ip4_neighbors_pool (void)
1678 ethernet_arp_main_t *am = ðernet_arp_main;
1679 return am->ip4_entry_pool;
1682 ethernet_arp_ip4_entry_t *
1683 ip4_neighbor_entries (u32 sw_if_index)
1685 ethernet_arp_main_t *am = ðernet_arp_main;
1686 ethernet_arp_ip4_entry_t *n, *ns = 0;
1689 pool_foreach (n, am->ip4_entry_pool, ({
1690 if (sw_if_index != ~0 && n->sw_if_index != sw_if_index)
1692 vec_add1 (ns, n[0]);
1697 vec_sort_with_function (ns, ip4_arp_entry_sort);
1701 static clib_error_t *
1702 show_ip4_arp (vlib_main_t * vm,
1703 unformat_input_t * input, vlib_cli_command_t * cmd)
1705 vnet_main_t *vnm = vnet_get_main ();
1706 ethernet_arp_main_t *am = ðernet_arp_main;
1707 ethernet_arp_ip4_entry_t *e, *es;
1708 ethernet_proxy_arp_t *pa;
1709 clib_error_t *error = 0;
1712 /* Filter entries by interface if given. */
1714 (void) unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index);
1716 es = ip4_neighbor_entries (sw_if_index);
1719 vlib_cli_output (vm, "%U", format_ethernet_arp_ip4_entry, vnm, 0);
1722 vlib_cli_output (vm, "%U", format_ethernet_arp_ip4_entry, vnm, e);
1727 if (vec_len (am->proxy_arps))
1729 vlib_cli_output (vm, "Proxy arps enabled for:");
1730 vec_foreach (pa, am->proxy_arps)
1732 vlib_cli_output (vm, "Fib_index %d %U - %U ",
1734 format_ip4_address, &pa->lo_addr,
1735 format_ip4_address, &pa->hi_addr);
1743 * Display all the IPv4 ARP entries.
1746 * Example of how to display the IPv4 ARP table:
1747 * @cliexstart{show ip arp}
1748 * Time FIB IP4 Flags Ethernet Interface
1749 * 346.3028 0 6.1.1.3 de:ad:be:ef:ba:be GigabitEthernet2/0/0
1750 * 3077.4271 0 6.1.1.4 S de:ad:be:ef:ff:ff GigabitEthernet2/0/0
1751 * 2998.6409 1 6.2.2.3 de:ad:be:ef:00:01 GigabitEthernet2/0/0
1752 * Proxy arps enabled for:
1753 * Fib_index 0 6.0.0.1 - 6.0.0.11
1757 VLIB_CLI_COMMAND (show_ip4_arp_command, static) = {
1758 .path = "show ip arp",
1759 .function = show_ip4_arp,
1760 .short_help = "show ip arp",
1766 pg_edit_t l2_type, l3_type;
1767 pg_edit_t n_l2_address_bytes, n_l3_address_bytes;
1773 } ip4_over_ethernet[2];
1774 } pg_ethernet_arp_header_t;
1777 pg_ethernet_arp_header_init (pg_ethernet_arp_header_t * p)
1779 /* Initialize fields that are not bit fields in the IP header. */
1780 #define _(f) pg_edit_init (&p->f, ethernet_arp_header_t, f);
1783 _(n_l2_address_bytes);
1784 _(n_l3_address_bytes);
1786 _(ip4_over_ethernet[0].mac);
1787 _(ip4_over_ethernet[0].ip4);
1788 _(ip4_over_ethernet[1].mac);
1789 _(ip4_over_ethernet[1].ip4);
1794 unformat_pg_arp_header (unformat_input_t * input, va_list * args)
1796 pg_stream_t *s = va_arg (*args, pg_stream_t *);
1797 pg_ethernet_arp_header_t *p;
1800 p = pg_create_edit_group (s, sizeof (p[0]), sizeof (ethernet_arp_header_t),
1802 pg_ethernet_arp_header_init (p);
1805 pg_edit_set_fixed (&p->l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
1806 pg_edit_set_fixed (&p->l3_type, ETHERNET_TYPE_IP4);
1807 pg_edit_set_fixed (&p->n_l2_address_bytes, 6);
1808 pg_edit_set_fixed (&p->n_l3_address_bytes, 4);
1810 if (!unformat (input, "%U: %U/%U -> %U/%U",
1812 unformat_ethernet_arp_opcode_net_byte_order, &p->opcode,
1814 unformat_mac_address_t, &p->ip4_over_ethernet[0].mac,
1816 unformat_ip4_address, &p->ip4_over_ethernet[0].ip4,
1818 unformat_mac_address_t, &p->ip4_over_ethernet[1].mac,
1820 unformat_ip4_address, &p->ip4_over_ethernet[1].ip4))
1822 /* Free up any edits we may have added. */
1823 pg_free_edit_group (s);
1830 ip4_set_arp_limit (u32 arp_limit)
1832 ethernet_arp_main_t *am = ðernet_arp_main;
1834 am->limit_arp_cache_size = arp_limit;
1839 * @brief Control Plane hook to remove an ARP entry
1842 vnet_arp_unset_ip4_over_ethernet (vnet_main_t * vnm,
1845 ethernet_arp_ip4_over_ethernet_address_t *
1848 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
1849 .sw_if_index = sw_if_index,
1850 .flags = ETHERNET_ARP_ARGS_REMOVE,
1855 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
1856 (u8 *) & args, sizeof (args));
1861 * @brief publish wildcard arp event
1862 * @param sw_if_index The interface on which the ARP entries are acted
1865 vnet_arp_wc_publish (u32 sw_if_index,
1866 const ethernet_arp_ip4_over_ethernet_address_t * a)
1868 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
1869 .flags = ETHERNET_ARP_ARGS_WC_PUB,
1870 .sw_if_index = sw_if_index,
1875 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
1876 (u8 *) & args, sizeof (args));
1881 vnet_arp_wc_publish_internal (vnet_main_t * vnm,
1882 vnet_arp_set_ip4_over_ethernet_rpc_args_t *
1885 vlib_main_t *vm = vlib_get_main ();
1886 ethernet_arp_main_t *am = ðernet_arp_main;
1887 uword ni = am->wc_ip4_arp_publisher_node;
1888 uword et = am->wc_ip4_arp_publisher_et;
1890 if (ni == (uword) ~ 0)
1892 wc_arp_report_t *r =
1893 vlib_process_signal_event_data (vm, ni, et, 1, sizeof *r);
1894 r->ip.as_u32 = args->ip4.as_u32;
1895 r->sw_if_index = args->sw_if_index;
1896 mac_address_copy (&r->mac, &args->mac);
1900 wc_arp_set_publisher_node (uword node_index, uword event_type)
1902 ethernet_arp_main_t *am = ðernet_arp_main;
1903 am->wc_ip4_arp_publisher_node = node_index;
1904 am->wc_ip4_arp_publisher_et = event_type;
1908 arp_entry_free (ethernet_arp_interface_t * eai, ethernet_arp_ip4_entry_t * e);
1911 vnet_arp_flush_ip4_over_ethernet_internal (vnet_main_t * vnm,
1912 vnet_arp_set_ip4_over_ethernet_rpc_args_t
1915 ethernet_arp_main_t *am = ðernet_arp_main;
1916 ethernet_arp_ip4_entry_t *e;
1917 ethernet_arp_interface_t *eai;
1919 if (vec_len (am->ethernet_arp_by_sw_if_index) <= args->sw_if_index)
1922 eai = &am->ethernet_arp_by_sw_if_index[args->sw_if_index];
1924 e = arp_entry_find (eai, &args->ip4);
1928 adj_nbr_walk_nh4 (e->sw_if_index,
1929 &e->ip4_address, arp_mk_incomplete_walk, e);
1932 * The difference between flush and unset, is that an unset
1933 * means delete for static and dynamic entries. A flush
1934 * means delete only for dynamic. Flushing is what the DP
1935 * does in response to interface events. unset is only done
1936 * by the control plane.
1938 if (e->flags & IP_NEIGHBOR_FLAG_STATIC)
1940 e->flags &= ~IP_NEIGHBOR_FLAG_DYNAMIC;
1942 else if (e->flags & IP_NEIGHBOR_FLAG_DYNAMIC)
1944 arp_entry_free (eai, e);
1951 * arp_add_del_interface_address
1953 * callback when an interface address is added or deleted
1956 arp_enable_disable_interface (ip4_main_t * im,
1957 uword opaque, u32 sw_if_index, u32 is_enable)
1959 ethernet_arp_main_t *am = ðernet_arp_main;
1962 arp_enable (am, sw_if_index);
1964 arp_disable (am, sw_if_index);
1968 * arp_add_del_interface_address
1970 * callback when an interface address is added or deleted
1973 arp_add_del_interface_address (ip4_main_t * im,
1976 ip4_address_t * address,
1978 u32 if_address_index, u32 is_del)
1981 * Flush the ARP cache of all entries covered by the address
1982 * that is being removed.
1984 ethernet_arp_main_t *am = ðernet_arp_main;
1985 ethernet_arp_ip4_entry_t *e;
1987 if (vec_len (am->ethernet_arp_by_sw_if_index) <= sw_if_index)
1992 ethernet_arp_interface_t *eai;
1993 u32 i, *to_delete = 0;
1996 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
1999 hash_foreach_pair (pair, eai->arp_entries,
2001 e = pool_elt_at_index(am->ip4_entry_pool,
2003 if (ip4_destination_matches_route (im, &e->ip4_address,
2004 address, address_length))
2006 vec_add1 (to_delete, e - am->ip4_entry_pool);
2011 for (i = 0; i < vec_len (to_delete); i++)
2013 e = pool_elt_at_index (am->ip4_entry_pool, to_delete[i]);
2015 vnet_arp_set_ip4_over_ethernet_rpc_args_t delme = {
2016 .ip4.as_u32 = e->ip4_address.as_u32,
2017 .sw_if_index = e->sw_if_index,
2018 .flags = ETHERNET_ARP_ARGS_FLUSH,
2020 mac_address_copy (&delme.mac, &e->mac);
2022 vnet_arp_flush_ip4_over_ethernet_internal (vnet_get_main (),
2026 vec_free (to_delete);
2031 arp_table_bind (ip4_main_t * im,
2033 u32 sw_if_index, u32 new_fib_index, u32 old_fib_index)
2035 ethernet_arp_main_t *am = ðernet_arp_main;
2036 ethernet_arp_interface_t *eai;
2037 ethernet_arp_ip4_entry_t *e;
2041 * the IP table that the interface is bound to has changed.
2042 * reinstall all the adj fibs.
2045 if (vec_len (am->ethernet_arp_by_sw_if_index) <= sw_if_index)
2048 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
2051 hash_foreach_pair (pair, eai->arp_entries,
2053 e = pool_elt_at_index(am->ip4_entry_pool,
2056 * remove the adj-fib from the old table and add to the new
2058 arp_adj_fib_remove(e, old_fib_index);
2059 arp_adj_fib_add(e, new_fib_index);
2065 static clib_error_t *
2066 ethernet_arp_init (vlib_main_t * vm)
2068 ethernet_arp_main_t *am = ðernet_arp_main;
2069 ip4_main_t *im = &ip4_main;
2072 ethernet_register_input_type (vm, ETHERNET_TYPE_ARP, arp_input_node.index);
2074 pn = pg_get_node (arp_input_node.index);
2075 pn->unformat_edit = unformat_pg_arp_header;
2077 am->opcode_by_name = hash_create_string (0, sizeof (uword));
2078 #define _(o) hash_set_mem (am->opcode_by_name, #o, ETHERNET_ARP_OPCODE_##o);
2079 foreach_ethernet_arp_opcode;
2082 /* $$$ configurable */
2083 am->limit_arp_cache_size = 50000;
2085 am->pending_resolutions_by_address = hash_create (0, sizeof (uword));
2086 am->mac_changes_by_address = hash_create (0, sizeof (uword));
2087 am->wc_ip4_arp_publisher_node = (uword) ~ 0;
2089 /* don't trace ARP error packets */
2091 vlib_node_runtime_t *rt =
2092 vlib_node_get_runtime (vm, arp_input_node.index);
2095 vnet_pcap_drop_trace_filter_add_del \
2096 (rt->errors[ETHERNET_ARP_ERROR_##a], \
2098 foreach_ethernet_arp_error
2102 ip4_add_del_interface_address_callback_t cb;
2103 cb.function = arp_add_del_interface_address;
2104 cb.function_opaque = 0;
2105 vec_add1 (im->add_del_interface_address_callbacks, cb);
2107 ip4_enable_disable_interface_callback_t cbe;
2108 cbe.function = arp_enable_disable_interface;
2109 cbe.function_opaque = 0;
2110 vec_add1 (im->enable_disable_interface_callbacks, cbe);
2112 ip4_table_bind_callback_t cbt;
2113 cbt.function = arp_table_bind;
2114 cbt.function_opaque = 0;
2115 vec_add1 (im->table_bind_callbacks, cbt);
2120 VLIB_INIT_FUNCTION (ethernet_arp_init) =
2122 .runs_after = VLIB_INITS("ethernet_init"),
2127 arp_entry_free (ethernet_arp_interface_t * eai, ethernet_arp_ip4_entry_t * e)
2129 ethernet_arp_main_t *am = ðernet_arp_main;
2132 (e, ip4_fib_table_get_index_for_sw_if_index (e->sw_if_index));
2133 hash_unset (eai->arp_entries, e->ip4_address.as_u32);
2134 pool_put (am->ip4_entry_pool, e);
2138 vnet_arp_unset_ip4_over_ethernet_internal (vnet_main_t * vnm,
2139 vnet_arp_set_ip4_over_ethernet_rpc_args_t
2142 ethernet_arp_main_t *am = ðernet_arp_main;
2143 ethernet_arp_ip4_entry_t *e;
2144 ethernet_arp_interface_t *eai;
2146 if (vec_len (am->ethernet_arp_by_sw_if_index) <= args->sw_if_index)
2149 eai = &am->ethernet_arp_by_sw_if_index[args->sw_if_index];
2151 e = arp_entry_find (eai, &args->ip4);
2155 adj_nbr_walk_nh4 (e->sw_if_index,
2156 &e->ip4_address, arp_mk_incomplete_walk, e);
2157 arp_entry_free (eai, e);
2165 vnet_arp_populate_ip4_over_ethernet_internal (vnet_main_t * vnm,
2166 vnet_arp_set_ip4_over_ethernet_rpc_args_t
2169 ethernet_arp_main_t *am = ðernet_arp_main;
2170 ethernet_arp_ip4_entry_t *e;
2171 ethernet_arp_interface_t *eai;
2173 arp_enable (am, args->sw_if_index);
2174 eai = &am->ethernet_arp_by_sw_if_index[args->sw_if_index];
2176 e = arp_entry_find (eai, &args->ip4);
2180 adj_nbr_walk_nh4 (e->sw_if_index,
2181 &e->ip4_address, arp_mk_complete_walk, e);
2187 set_ip4_over_ethernet_rpc_callback (vnet_arp_set_ip4_over_ethernet_rpc_args_t
2190 vnet_main_t *vm = vnet_get_main ();
2191 ASSERT (vlib_get_thread_index () == 0);
2193 if (a->flags & ETHERNET_ARP_ARGS_REMOVE)
2194 vnet_arp_unset_ip4_over_ethernet_internal (vm, a);
2195 else if (a->flags & ETHERNET_ARP_ARGS_FLUSH)
2196 vnet_arp_flush_ip4_over_ethernet_internal (vm, a);
2197 else if (a->flags & ETHERNET_ARP_ARGS_POPULATE)
2198 vnet_arp_populate_ip4_over_ethernet_internal (vm, a);
2199 else if (a->flags & ETHERNET_ARP_ARGS_WC_PUB)
2200 vnet_arp_wc_publish_internal (vm, a);
2202 vnet_arp_set_ip4_over_ethernet_internal (vm, a);
2206 * @brief Invoked when the interface's admin state changes
2208 static clib_error_t *
2209 ethernet_arp_sw_interface_up_down (vnet_main_t * vnm,
2210 u32 sw_if_index, u32 flags)
2212 ethernet_arp_main_t *am = ðernet_arp_main;
2213 ethernet_arp_ip4_entry_t *e;
2214 u32 i, *to_update = 0;
2217 pool_foreach (e, am->ip4_entry_pool,
2219 if (e->sw_if_index == sw_if_index)
2220 vec_add1 (to_update,
2221 e - am->ip4_entry_pool);
2225 for (i = 0; i < vec_len (to_update); i++)
2227 e = pool_elt_at_index (am->ip4_entry_pool, to_update[i]);
2229 vnet_arp_set_ip4_over_ethernet_rpc_args_t update_me = {
2230 .ip4.as_u32 = e->ip4_address.as_u32,
2231 .sw_if_index = e->sw_if_index,
2233 mac_address_copy (&update_me.mac, &e->mac);
2235 if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
2237 update_me.flags = ETHERNET_ARP_ARGS_POPULATE;
2238 vnet_arp_populate_ip4_over_ethernet_internal (vnm, &update_me);
2242 update_me.flags = ETHERNET_ARP_ARGS_FLUSH;
2243 vnet_arp_flush_ip4_over_ethernet_internal (vnm, &update_me);
2246 vec_free (to_update);
2251 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ethernet_arp_sw_interface_up_down);
2254 increment_ip4_and_mac_address (ethernet_arp_ip4_over_ethernet_address_t * a)
2259 for (i = 3; i >= 0; i--)
2261 old = a->ip4.as_u8[i];
2262 a->ip4.as_u8[i] += 1;
2263 if (old < a->ip4.as_u8[i])
2267 for (i = 5; i >= 0; i--)
2269 old = a->mac.bytes[i];
2270 a->mac.bytes[i] += 1;
2271 if (old < a->mac.bytes[i])
2277 vnet_arp_set_ip4_over_ethernet (vnet_main_t * vnm,
2279 const ethernet_arp_ip4_over_ethernet_address_t
2280 * a, ip_neighbor_flags_t flags)
2282 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
2283 .sw_if_index = sw_if_index,
2286 .ip4.as_u32 = a->ip4.as_u32,
2290 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
2291 (u8 *) & args, sizeof (args));
2296 proxy_arp_walk (proxy_arp_walk_t cb, void *data)
2298 ethernet_arp_main_t *am = ðernet_arp_main;
2299 ethernet_proxy_arp_t *pa;
2301 vec_foreach (pa, am->proxy_arps)
2303 if (!cb (&pa->lo_addr, &pa->hi_addr, pa->fib_index, data))
2309 vnet_proxy_arp_enable_disable (vnet_main_t * vnm, u32 sw_if_index, u8 enable)
2311 ethernet_arp_main_t *am = ðernet_arp_main;
2312 ethernet_arp_interface_t *eai;
2314 vec_validate (am->ethernet_arp_by_sw_if_index, sw_if_index);
2316 eai = &am->ethernet_arp_by_sw_if_index[sw_if_index];
2320 if (!eai->proxy_enabled)
2322 vnet_feature_enable_disable ("arp", "arp-proxy",
2323 sw_if_index, 1, NULL, 0);
2325 eai->proxy_enabled = 1;
2329 if (eai->proxy_enabled)
2331 vnet_feature_enable_disable ("arp", "arp-proxy",
2332 sw_if_index, 0, NULL, 0);
2334 eai->proxy_enabled = 0;
2341 vnet_proxy_arp_add_del (ip4_address_t * lo_addr,
2342 ip4_address_t * hi_addr, u32 fib_index, int is_del)
2344 ethernet_arp_main_t *am = ðernet_arp_main;
2345 ethernet_proxy_arp_t *pa;
2346 u32 found_at_index = ~0;
2348 vec_foreach (pa, am->proxy_arps)
2350 if (pa->lo_addr.as_u32 == lo_addr->as_u32 &&
2351 pa->hi_addr.as_u32 == hi_addr->as_u32 && pa->fib_index == fib_index)
2353 found_at_index = pa - am->proxy_arps;
2358 if (found_at_index != ~0)
2360 /* Delete, otherwise it's already in the table */
2362 vec_delete (am->proxy_arps, 1, found_at_index);
2365 /* delete, no such entry */
2367 return VNET_API_ERROR_NO_SUCH_ENTRY;
2369 /* add, not in table */
2370 vec_add2 (am->proxy_arps, pa, 1);
2371 pa->lo_addr.as_u32 = lo_addr->as_u32;
2372 pa->hi_addr.as_u32 = hi_addr->as_u32;
2373 pa->fib_index = fib_index;
2378 proxy_arp_intfc_walk (proxy_arp_intf_walk_t cb, void *data)
2380 ethernet_arp_main_t *am = ðernet_arp_main;
2381 ethernet_arp_interface_t *eai;
2383 vec_foreach (eai, am->ethernet_arp_by_sw_if_index)
2385 if (eai->proxy_enabled)
2386 cb (eai - am->ethernet_arp_by_sw_if_index, data);
2391 * Remove any proxy arp entries associated with the
2395 vnet_proxy_arp_fib_reset (u32 fib_id)
2397 ethernet_arp_main_t *am = ðernet_arp_main;
2398 ethernet_proxy_arp_t *pa;
2399 u32 *entries_to_delete = 0;
2403 fib_index = fib_table_find (FIB_PROTOCOL_IP4, fib_id);
2404 if (~0 == fib_index)
2405 return VNET_API_ERROR_NO_SUCH_ENTRY;
2407 vec_foreach (pa, am->proxy_arps)
2409 if (pa->fib_index == fib_index)
2411 vec_add1 (entries_to_delete, pa - am->proxy_arps);
2415 for (i = 0; i < vec_len (entries_to_delete); i++)
2417 vec_delete (am->proxy_arps, 1, entries_to_delete[i]);
2420 vec_free (entries_to_delete);
2425 static clib_error_t *
2426 ip_arp_add_del_command_fn (vlib_main_t * vm,
2427 unformat_input_t * input, vlib_cli_command_t * cmd)
2429 vnet_main_t *vnm = vnet_get_main ();
2431 ethernet_arp_ip4_over_ethernet_address_t lo_addr, hi_addr, addr;
2438 ip_neighbor_flags_t flags;
2440 flags = IP_NEIGHBOR_FLAG_NONE;
2442 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2444 /* set ip arp TenGigE1/1/0/1 1.2.3.4 aa:bb:... or aabb.ccdd... */
2445 if (unformat (input, "%U %U %U",
2446 unformat_vnet_sw_interface, vnm, &sw_if_index,
2447 unformat_ip4_address, &addr.ip4,
2448 unformat_mac_address_t, &addr.mac))
2451 else if (unformat (input, "delete") || unformat (input, "del"))
2454 else if (unformat (input, "static"))
2455 flags |= IP_NEIGHBOR_FLAG_STATIC;
2457 else if (unformat (input, "no-fib-entry"))
2458 flags |= IP_NEIGHBOR_FLAG_NO_FIB_ENTRY;
2460 else if (unformat (input, "count %d", &count))
2463 else if (unformat (input, "fib-id %d", &fib_id))
2465 fib_index = fib_table_find (FIB_PROTOCOL_IP4, fib_id);
2467 if (~0 == fib_index)
2468 return clib_error_return (0, "fib ID %d doesn't exist\n", fib_id);
2471 else if (unformat (input, "proxy %U - %U",
2472 unformat_ip4_address, &lo_addr.ip4,
2473 unformat_ip4_address, &hi_addr.ip4))
2481 (void) vnet_proxy_arp_add_del (&lo_addr.ip4, &hi_addr.ip4,
2490 for (i = 0; i < count; i++)
2494 uword event_type, *event_data = 0;
2496 /* Park the debug CLI until the arp entry is installed */
2497 vnet_register_ip4_arp_resolution_event
2498 (vnm, &addr.ip4, vlib_current_process (vm),
2499 1 /* type */ , 0 /* data */ );
2501 vnet_arp_set_ip4_over_ethernet (vnm, sw_if_index, &addr, flags);
2503 vlib_process_wait_for_event (vm);
2504 event_type = vlib_process_get_events (vm, &event_data);
2505 vec_reset_length (event_data);
2506 if (event_type != 1)
2507 clib_warning ("event type %d unexpected", event_type);
2510 vnet_arp_unset_ip4_over_ethernet (vnm, sw_if_index, &addr);
2512 increment_ip4_and_mac_address (&addr);
2517 return clib_error_return (0, "unknown input `%U'",
2518 format_unformat_error, input);
2526 * Add or delete IPv4 ARP cache entries.
2528 * @note 'set ip arp' options (e.g. delete, static, 'fib-id <id>',
2529 * 'count <number>', 'interface ip4_addr mac_addr') can be added in
2530 * any order and combination.
2534 * Add or delete IPv4 ARP cache entries as follows. MAC Address can be in
2535 * either aa:bb:cc:dd:ee:ff format or aabb.ccdd.eeff format.
2536 * @cliexcmd{set ip arp GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2537 * @cliexcmd{set ip arp delete GigabitEthernet2/0/0 6.0.0.3 de:ad:be:ef:ba:be}
2539 * To add or delete an IPv4 ARP cache entry to or from a specific fib
2541 * @cliexcmd{set ip arp fib-id 1 GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2542 * @cliexcmd{set ip arp fib-id 1 delete GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2544 * Add or delete IPv4 static ARP cache entries as follows:
2545 * @cliexcmd{set ip arp static GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2546 * @cliexcmd{set ip arp static delete GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2548 * For testing / debugging purposes, the 'set ip arp' command can add or
2549 * delete multiple entries. Supply the 'count N' parameter:
2550 * @cliexcmd{set ip arp count 10 GigabitEthernet2/0/0 6.0.0.3 dead.beef.babe}
2553 VLIB_CLI_COMMAND (ip_arp_add_del_command, static) = {
2554 .path = "set ip arp",
2556 "set ip arp [del] <intfc> <ip-address> <mac-address> [static] [no-fib-entry] [count <count>] [fib-id <fib-id>] [proxy <lo-addr> - <hi-addr>]",
2557 .function = ip_arp_add_del_command_fn,
2561 static clib_error_t *
2562 set_int_proxy_arp_command_fn (vlib_main_t * vm,
2564 input, vlib_cli_command_t * cmd)
2566 vnet_main_t *vnm = vnet_get_main ();
2572 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2574 if (unformat (input, "%U", unformat_vnet_sw_interface,
2577 else if (unformat (input, "enable") || unformat (input, "on"))
2579 else if (unformat (input, "disable") || unformat (input, "off"))
2585 if (~0 == sw_if_index)
2586 return clib_error_return (0, "unknown input '%U'",
2587 format_unformat_error, input);
2589 vnet_proxy_arp_enable_disable (vnm, sw_if_index, enable);
2596 * Enable proxy-arp on an interface. The vpp stack will answer ARP
2597 * requests for the indicated address range. Multiple proxy-arp
2598 * ranges may be provisioned.
2600 * @note Proxy ARP as a technology is infamous for blackholing traffic.
2601 * Also, the underlying implementation has not been performance-tuned.
2602 * Avoid creating an unnecessarily large set of ranges.
2605 * To enable proxy arp on a range of addresses, use:
2606 * @cliexcmd{set ip arp proxy 6.0.0.1 - 6.0.0.11}
2607 * Append 'del' to delete a range of proxy ARP addresses:
2608 * @cliexcmd{set ip arp proxy 6.0.0.1 - 6.0.0.11 del}
2609 * You must then specifically enable proxy arp on individual interfaces:
2610 * @cliexcmd{set interface proxy-arp GigabitEthernet0/8/0 enable}
2611 * To disable proxy arp on an individual interface:
2612 * @cliexcmd{set interface proxy-arp GigabitEthernet0/8/0 disable}
2614 VLIB_CLI_COMMAND (set_int_proxy_enable_command, static) = {
2615 .path = "set interface proxy-arp",
2617 "set interface proxy-arp <intfc> [enable|disable]",
2618 .function = set_int_proxy_arp_command_fn,
2624 * ARP/ND Termination in a L2 Bridge Domain based on IP4/IP6 to MAC
2625 * hash tables mac_by_ip4 and mac_by_ip6 for each BD.
2629 ARP_TERM_NEXT_L2_OUTPUT,
2634 u32 arp_term_next_node_index[32];
2637 arp_term_l2bd (vlib_main_t * vm,
2638 vlib_node_runtime_t * node, vlib_frame_t * frame)
2640 l2input_main_t *l2im = &l2input_main;
2641 u32 n_left_from, next_index, *from, *to_next;
2642 u32 n_replies_sent = 0;
2643 u16 last_bd_index = ~0;
2644 l2_bridge_domain_t *last_bd_config = 0;
2645 l2_input_config_t *cfg0;
2647 from = vlib_frame_vector_args (frame);
2648 n_left_from = frame->n_vectors;
2649 next_index = node->cached_next_index;
2651 while (n_left_from > 0)
2655 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2657 while (n_left_from > 0 && n_left_to_next > 0)
2660 ethernet_header_t *eth0;
2661 ethernet_arp_header_t *arp0;
2664 u32 pi0, error0, next0, sw_if_index0;
2675 n_left_to_next -= 1;
2677 p0 = vlib_get_buffer (vm, pi0);
2678 // Terminate only local (SHG == 0) ARP
2679 if (vnet_buffer (p0)->l2.shg != 0)
2680 goto next_l2_feature;
2682 eth0 = vlib_buffer_get_current (p0);
2683 l3h0 = (u8 *) eth0 + vnet_buffer (p0)->l2.l2_len;
2684 ethertype0 = clib_net_to_host_u16 (*(u16 *) (l3h0 - 2));
2685 arp0 = (ethernet_arp_header_t *) l3h0;
2687 if (ethertype0 != ETHERNET_TYPE_ARP)
2690 if ((arp0->opcode !=
2691 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request)) &&
2693 clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply)))
2696 /* Must be ARP request/reply packet here */
2697 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
2698 (p0->flags & VLIB_BUFFER_IS_TRACED)))
2700 u8 *t0 = vlib_add_trace (vm, node, p0,
2701 sizeof (ethernet_arp_input_trace_t));
2702 clib_memcpy_fast (t0, l3h0,
2703 sizeof (ethernet_arp_input_trace_t));
2709 clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet)
2710 ? ETHERNET_ARP_ERROR_l2_type_not_ethernet : error0);
2713 clib_net_to_host_u16 (ETHERNET_TYPE_IP4) ?
2714 ETHERNET_ARP_ERROR_l3_type_not_ip4 : error0);
2716 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
2721 /* Trash ARP packets whose ARP-level source addresses do not
2722 match, or if requester address is mcast */
2724 (!ethernet_mac_address_equal (eth0->src_address,
2725 arp0->ip4_over_ethernet[0].
2727 || ethernet_address_cast (arp0->ip4_over_ethernet[0].mac.bytes))
2729 /* VRRP virtual MAC may be different to SMAC in ARP reply */
2730 if (!ethernet_mac_address_equal
2731 (arp0->ip4_over_ethernet[0].mac.bytes, vrrp_prefix))
2733 error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
2738 (ip4_address_is_multicast (&arp0->ip4_over_ethernet[0].ip4)))
2740 error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
2744 /* Check if anyone want ARP request events for L2 BDs */
2746 ethernet_arp_main_t *am = ðernet_arp_main;
2747 if (am->wc_ip4_arp_publisher_node != (uword) ~ 0)
2748 vnet_arp_wc_publish (sw_if_index0, &arp0->ip4_over_ethernet[0]);
2751 /* lookup BD mac_by_ip4 hash table for MAC entry */
2752 ip0 = arp0->ip4_over_ethernet[1].ip4.as_u32;
2753 bd_index0 = vnet_buffer (p0)->l2.bd_index;
2754 if (PREDICT_FALSE ((bd_index0 != last_bd_index)
2755 || (last_bd_index == (u16) ~ 0)))
2757 last_bd_index = bd_index0;
2758 last_bd_config = vec_elt_at_index (l2im->bd_configs, bd_index0);
2760 macp0 = (u8 *) hash_get (last_bd_config->mac_by_ip4, ip0);
2762 if (PREDICT_FALSE (!macp0))
2763 goto next_l2_feature; /* MAC not found */
2764 if (PREDICT_FALSE (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
2765 arp0->ip4_over_ethernet[1].ip4.as_u32))
2766 goto next_l2_feature; /* GARP */
2768 /* MAC found, send ARP reply -
2769 Convert ARP request packet to ARP reply */
2770 arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
2771 arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
2772 arp0->ip4_over_ethernet[0].ip4.as_u32 = ip0;
2773 mac_address_from_bytes (&arp0->ip4_over_ethernet[0].mac, macp0);
2774 clib_memcpy_fast (eth0->dst_address, eth0->src_address, 6);
2775 clib_memcpy_fast (eth0->src_address, macp0, 6);
2776 n_replies_sent += 1;
2779 /* For BVI, need to use l2-fwd node to send ARP reply as
2780 l2-output node cannot output packet to BVI properly */
2781 cfg0 = vec_elt_at_index (l2im->configs, sw_if_index0);
2782 if (PREDICT_FALSE (cfg0->bvi))
2784 vnet_buffer (p0)->l2.feature_bitmap |= L2INPUT_FEAT_FWD;
2785 vnet_buffer (p0)->sw_if_index[VLIB_RX] = 0;
2786 goto next_l2_feature;
2789 /* Send ARP/ND reply back out input interface through l2-output */
2790 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
2791 next0 = ARP_TERM_NEXT_L2_OUTPUT;
2792 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2793 to_next, n_left_to_next, pi0,
2798 /* IP6 ND event notification or solicitation handling to generate
2799 local response instead of flooding */
2800 iph0 = (ip6_header_t *) l3h0;
2801 if (PREDICT_FALSE (ethertype0 == ETHERNET_TYPE_IP6 &&
2802 iph0->protocol == IP_PROTOCOL_ICMP6 &&
2803 !ip6_address_is_unspecified
2804 (&iph0->src_address)))
2806 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
2807 if (vnet_ip6_nd_term
2808 (vm, node, p0, eth0, iph0, sw_if_index0,
2809 vnet_buffer (p0)->l2.bd_index))
2810 goto output_response;
2815 next0 = vnet_l2_feature_next (p0, arp_term_next_node_index,
2816 L2INPUT_FEAT_ARP_TERM);
2817 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2818 to_next, n_left_to_next,
2824 if (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ||
2825 (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
2826 arp0->ip4_over_ethernet[1].ip4.as_u32))
2828 error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
2830 next0 = ARP_TERM_NEXT_DROP;
2831 p0->error = node->errors[error0];
2833 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2834 to_next, n_left_to_next, pi0,
2838 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2841 vlib_error_count (vm, node->node_index,
2842 ETHERNET_ARP_ERROR_replies_sent, n_replies_sent);
2843 return frame->n_vectors;
2847 VLIB_REGISTER_NODE (arp_term_l2bd_node, static) = {
2848 .function = arp_term_l2bd,
2849 .name = "arp-term-l2bd",
2850 .vector_size = sizeof (u32),
2851 .n_errors = ETHERNET_ARP_N_ERROR,
2852 .error_strings = ethernet_arp_error_strings,
2853 .n_next_nodes = ARP_TERM_N_NEXT,
2855 [ARP_TERM_NEXT_L2_OUTPUT] = "l2-output",
2856 [ARP_TERM_NEXT_DROP] = "error-drop",
2858 .format_buffer = format_ethernet_arp_header,
2859 .format_trace = format_arp_term_input_trace,
2864 arp_term_init (vlib_main_t * vm)
2866 // Initialize the feature next-node indexes
2867 feat_bitmap_init_next_nodes (vm,
2868 arp_term_l2bd_node.index,
2870 l2input_get_feat_names (),
2871 arp_term_next_node_index);
2875 VLIB_INIT_FUNCTION (arp_term_init);
2878 change_arp_mac (u32 sw_if_index, ethernet_arp_ip4_entry_t * e)
2880 if (e->sw_if_index == sw_if_index)
2882 adj_nbr_walk_nh4 (e->sw_if_index,
2883 &e->ip4_address, arp_mk_complete_walk, e);
2888 ethernet_arp_change_mac (u32 sw_if_index)
2890 ethernet_arp_main_t *am = ðernet_arp_main;
2891 ethernet_arp_ip4_entry_t *e;
2895 pool_foreach (e, am->ip4_entry_pool,
2897 change_arp_mac (sw_if_index, e);
2901 ai = adj_glean_get (FIB_PROTOCOL_IP4, sw_if_index);
2903 if (ADJ_INDEX_INVALID != ai)
2904 adj_glean_update_rewrite (ai);
2908 send_ip4_garp (vlib_main_t * vm, u32 sw_if_index)
2910 ip4_main_t *i4m = &ip4_main;
2911 ip4_address_t *ip4_addr = ip4_interface_first_address (i4m, sw_if_index, 0);
2913 send_ip4_garp_w_addr (vm, ip4_addr, sw_if_index);
2917 send_ip4_garp_w_addr (vlib_main_t * vm,
2918 const ip4_address_t * ip4_addr, u32 sw_if_index)
2920 ip4_main_t *i4m = &ip4_main;
2921 vnet_main_t *vnm = vnet_get_main ();
2922 u8 *rewrite, rewrite_len;
2923 vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
2927 clib_warning ("Sending GARP for IP4 address %U on sw_if_idex %d",
2928 format_ip4_address, ip4_addr, sw_if_index);
2930 /* Form GARP packet for output - Gratuitous ARP is an ARP request packet
2931 where the interface IP/MAC pair is used for both source and request
2932 MAC/IP pairs in the request */
2934 ethernet_arp_header_t *h = vlib_packet_template_get_packet
2935 (vm, &i4m->ip4_arp_request_packet_template, &bi);
2940 mac_address_from_bytes (&h->ip4_over_ethernet[0].mac, hi->hw_address);
2941 mac_address_from_bytes (&h->ip4_over_ethernet[1].mac, hi->hw_address);
2942 h->ip4_over_ethernet[0].ip4 = ip4_addr[0];
2943 h->ip4_over_ethernet[1].ip4 = ip4_addr[0];
2945 /* Setup MAC header with ARP Etype and broadcast DMAC */
2946 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
2948 ethernet_build_rewrite (vnm, sw_if_index, VNET_LINK_ARP,
2949 VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST);
2950 rewrite_len = vec_len (rewrite);
2951 vlib_buffer_advance (b, -rewrite_len);
2952 ethernet_header_t *e = vlib_buffer_get_current (b);
2953 clib_memcpy_fast (e->dst_address, rewrite, rewrite_len);
2956 /* Send GARP packet out the specified interface */
2957 vnet_buffer (b)->sw_if_index[VLIB_RX] =
2958 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
2959 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
2960 u32 *to_next = vlib_frame_vector_args (f);
2963 vlib_put_frame_to_node (vm, hi->output_node_index, f);
2968 * Remove any arp entries associated with the specified interface
2970 static clib_error_t *
2971 vnet_arp_delete_sw_interface (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
2973 if (!is_add && sw_if_index != ~0)
2975 ethernet_arp_main_t *am = ðernet_arp_main;
2976 ethernet_arp_ip4_entry_t *e;
2978 pool_foreach (e, am->ip4_entry_pool, ({
2979 if (e->sw_if_index != sw_if_index)
2981 vnet_arp_set_ip4_over_ethernet_rpc_args_t args = {
2982 .sw_if_index = sw_if_index,
2983 .ip4 = e->ip4_address,
2985 vnet_arp_unset_ip4_over_ethernet_internal (vnm, &args);
2993 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (vnet_arp_delete_sw_interface);
2996 * fd.io coding-style-patch-verification: ON
2999 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob