2 * ethernet/arp.c: IP v4 ARP node
4 * Copyright (c) 2010 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/ip/ip.h>
19 #include <vnet/ethernet/ethernet.h>
20 #include <vnet/ethernet/arp_packet.h>
21 #include <vnet/l2/l2_input.h>
22 #include <vppinfra/mhash.h>
24 void vl_api_rpc_call_main_thread (void *fp, u8 * data, u32 data_length);
29 ip4_address_t ip4_address;
30 } ethernet_arp_ip4_key_t;
33 ethernet_arp_ip4_key_t key;
34 u8 ethernet_address[6];
37 #define ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC (1 << 0)
38 #define ETHERNET_ARP_IP4_ENTRY_FLAG_GLEAN (2 << 0)
40 u64 cpu_time_last_updated;
43 } ethernet_arp_ip4_entry_t;
49 } ethernet_proxy_arp_t;
56 /* Used for arp event notification only */
59 } pending_resolution_t;
62 /* Hash tables mapping name to opcode. */
63 uword * opcode_by_name;
65 /* lite beer "glean" adjacency handling */
66 uword * pending_resolutions_by_address;
67 pending_resolution_t * pending_resolutions;
69 /* Mac address change notification */
70 uword * mac_changes_by_address;
71 pending_resolution_t * mac_changes;
73 ethernet_arp_ip4_entry_t * ip4_entry_pool;
75 mhash_t ip4_entry_by_key;
77 /* ARP attack mitigation */
79 u32 limit_arp_cache_size;
81 /* Proxy arp vector */
82 ethernet_proxy_arp_t * proxy_arps;
83 } ethernet_arp_main_t;
85 static ethernet_arp_main_t ethernet_arp_main;
87 static u8 * format_ethernet_arp_hardware_type (u8 * s, va_list * va)
89 ethernet_arp_hardware_type_t h = va_arg (*va, ethernet_arp_hardware_type_t);
93 #define _(n,f) case n: t = #f; break;
94 foreach_ethernet_arp_hardware_type;
98 return format (s, "unknown 0x%x", h);
101 return format (s, "%s", t);
104 static u8 * format_ethernet_arp_opcode (u8 * s, va_list * va)
106 ethernet_arp_opcode_t o = va_arg (*va, ethernet_arp_opcode_t);
110 #define _(f) case ETHERNET_ARP_OPCODE_##f: t = #f; break;
111 foreach_ethernet_arp_opcode;
115 return format (s, "unknown 0x%x", o);
118 return format (s, "%s", t);
122 unformat_ethernet_arp_opcode_host_byte_order (unformat_input_t * input,
125 int * result = va_arg (*args, int *);
126 ethernet_arp_main_t * am = ðernet_arp_main;
129 /* Numeric opcode. */
130 if (unformat (input, "0x%x", &x)
131 || unformat (input, "%d", &x))
140 if (unformat_user (input, unformat_vlib_number_by_name,
141 am->opcode_by_name, &i))
151 unformat_ethernet_arp_opcode_net_byte_order (unformat_input_t * input,
154 int * result = va_arg (*args, int *);
155 if (! unformat_user (input, unformat_ethernet_arp_opcode_host_byte_order, result))
158 *result = clib_host_to_net_u16 ((u16) *result);
162 static u8 * format_ethernet_arp_header (u8 * s, va_list * va)
164 ethernet_arp_header_t * a = va_arg (*va, ethernet_arp_header_t *);
165 u32 max_header_bytes = va_arg (*va, u32);
167 u16 l2_type, l3_type;
169 if (max_header_bytes != 0 && sizeof (a[0]) > max_header_bytes)
170 return format (s, "ARP header truncated");
172 l2_type = clib_net_to_host_u16 (a->l2_type);
173 l3_type = clib_net_to_host_u16 (a->l3_type);
175 indent = format_get_indent (s);
177 s = format (s, "%U, type %U/%U, address size %d/%d",
178 format_ethernet_arp_opcode, clib_net_to_host_u16 (a->opcode),
179 format_ethernet_arp_hardware_type, l2_type,
180 format_ethernet_type, l3_type,
181 a->n_l2_address_bytes, a->n_l3_address_bytes);
183 if (l2_type == ETHERNET_ARP_HARDWARE_TYPE_ethernet
184 && l3_type == ETHERNET_TYPE_IP4)
186 s = format (s, "\n%U%U/%U -> %U/%U",
187 format_white_space, indent,
188 format_ethernet_address, a->ip4_over_ethernet[0].ethernet,
189 format_ip4_address, &a->ip4_over_ethernet[0].ip4,
190 format_ethernet_address, a->ip4_over_ethernet[1].ethernet,
191 format_ip4_address, &a->ip4_over_ethernet[1].ip4);
195 uword n2 = a->n_l2_address_bytes;
196 uword n3 = a->n_l3_address_bytes;
197 s = format (s, "\n%U%U/%U -> %U/%U",
198 format_white_space, indent,
199 format_hex_bytes, a->data + 0*n2 + 0*n3, n2,
200 format_hex_bytes, a->data + 1*n2 + 0*n3, n3,
201 format_hex_bytes, a->data + 1*n2 + 1*n3, n2,
202 format_hex_bytes, a->data + 2*n2 + 1*n3, n3);
208 static u8 * format_ethernet_arp_ip4_entry (u8 * s, va_list * va)
210 vnet_main_t * vnm = va_arg (*va, vnet_main_t *);
211 ethernet_arp_ip4_entry_t * e = va_arg (*va, ethernet_arp_ip4_entry_t *);
212 vnet_sw_interface_t * si;
217 return format (s, "%=12s%=6s%=16s%=6s%=20s%=24s", "Time", "FIB", "IP4",
218 "Flags", "Ethernet", "Interface");
220 fib = find_ip4_fib_by_table_index_or_id (&ip4_main, e->key.fib_index,
221 IP4_ROUTE_FLAG_FIB_INDEX);
222 si = vnet_get_sw_interface (vnm, e->key.sw_if_index);
224 if (e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_GLEAN)
225 flags = format(flags, "G");
227 if (e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC)
228 flags = format(flags, "S");
230 s = format (s, "%=12U%=6u%=16U%=6s%=20U%=24U",
231 format_vlib_cpu_time, vnm->vlib_main, e->cpu_time_last_updated,
233 format_ip4_address, &e->key.ip4_address,
234 flags ? (char *) flags : "",
235 format_ethernet_address, e->ethernet_address,
236 format_vnet_sw_interface_name, vnm, si);
244 } ethernet_arp_input_trace_t;
246 static u8 * format_ethernet_arp_input_trace (u8 * s, va_list * va)
248 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *);
249 CLIB_UNUSED (vlib_node_t * node) = va_arg (*va, vlib_node_t *);
250 ethernet_arp_input_trace_t * t = va_arg (*va, ethernet_arp_input_trace_t *);
253 format_ethernet_arp_header,
254 t->packet_data, sizeof (t->packet_data));
260 ethernet_arp_sw_interface_up_down (vnet_main_t * vnm,
264 ethernet_arp_main_t * am = ðernet_arp_main;
265 ethernet_arp_ip4_entry_t * e;
267 u32 * to_add_del = 0;
269 pool_foreach (e, am->ip4_entry_pool, ({
270 if (e->key.sw_if_index == sw_if_index)
271 vec_add1 (to_add_del, e - am->ip4_entry_pool);
274 for (i = 0; i < vec_len (to_add_del); i++)
276 ethernet_arp_ip4_over_ethernet_address_t arp_add;
277 e = pool_elt_at_index (am->ip4_entry_pool, to_add_del[i]);
279 clib_memcpy (&arp_add.ethernet, e->ethernet_address, 6);
280 arp_add.ip4.as_u32 = e->key.ip4_address.as_u32;
282 if (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP)
284 vnet_arp_set_ip4_over_ethernet (vnm,
285 e->key.sw_if_index, e->key.fib_index, &arp_add,
286 e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC);
288 else if ((e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC) == 0)
290 vnet_arp_unset_ip4_over_ethernet (vnm,
291 e->key.sw_if_index, e->key.fib_index, &arp_add);
295 vec_free (to_add_del);
299 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ethernet_arp_sw_interface_up_down);
302 vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm,
309 vnet_arp_unset_ip4_over_ethernet_internal (vnet_main_t * vnm,
317 ethernet_arp_ip4_over_ethernet_address_t a;
319 int is_remove; /* set is_remove=1 to clear arp entry */
320 } vnet_arp_set_ip4_over_ethernet_rpc_args_t;
322 static void set_ip4_over_ethernet_rpc_callback
323 ( vnet_arp_set_ip4_over_ethernet_rpc_args_t * a)
325 vnet_main_t * vm = vnet_get_main();
326 ASSERT(os_get_cpu_number() == 0);
329 vnet_arp_unset_ip4_over_ethernet_internal(vm,
334 vnet_arp_set_ip4_over_ethernet_internal (vm,
342 vnet_arp_set_ip4_over_ethernet (vnet_main_t * vnm,
348 ethernet_arp_ip4_over_ethernet_address_t * a = a_arg;
349 vnet_arp_set_ip4_over_ethernet_rpc_args_t args;
351 args.sw_if_index = sw_if_index;
352 args.fib_index = fib_index;
353 args.is_static = is_static;
355 clib_memcpy (&args.a, a, sizeof (*a));
357 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
358 (u8 *) &args, sizeof (args));
363 vnet_arp_set_ip4_over_ethernet_internal (vnet_main_t * vnm,
369 ethernet_arp_ip4_key_t k;
370 ethernet_arp_ip4_entry_t * e = 0;
371 ethernet_arp_main_t * am = ðernet_arp_main;
372 ethernet_arp_ip4_over_ethernet_address_t * a = a_arg;
373 vlib_main_t * vm = vlib_get_main();
374 ip4_main_t * im = &ip4_main;
375 ip_lookup_main_t * lm = &im->lookup_main;
376 int make_new_arp_cache_entry=1;
378 ip4_add_del_route_args_t args;
379 ip_adjacency_t adj, * existing_adj;
380 pending_resolution_t * pr, * mc;
385 fib_index = (fib_index != (u32)~0)
386 ? fib_index : im->fib_index_by_sw_if_index[sw_if_index];
388 k.sw_if_index = sw_if_index;
389 k.ip4_address = a->ip4;
390 k.fib_index = fib_index;
392 p = mhash_get (&am->ip4_entry_by_key, &k);
395 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
397 /* Refuse to over-write static arp. */
399 (e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC))
401 make_new_arp_cache_entry = 0;
404 /* Note: always install the route. It might have been deleted */
405 memset(&adj, 0, sizeof(adj));
406 adj.lookup_next_index = IP_LOOKUP_NEXT_REWRITE;
407 adj.n_adj = 1; /* otherwise signature compare fails */
409 vnet_rewrite_for_sw_interface
411 VNET_L3_PACKET_TYPE_IP4,
413 ip4_rewrite_node.index,
414 a->ethernet, /* destination address */
416 sizeof (adj.rewrite_data));
418 /* result of this lookup should be next-hop adjacency */
419 adj_index = ip4_fib_lookup_with_table (im, fib_index, &a->ip4, 0);
420 existing_adj = ip_get_adjacency(lm, adj_index);
422 if (existing_adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
423 existing_adj->arp.next_hop.ip4.as_u32 == a->ip4.as_u32)
426 u32 * adjs = vec_dup(e->adjacencies);
427 /* Update all adj assigned to this arp entry */
428 vec_foreach(ai, adjs)
431 ip_adjacency_t * uadj = ip_get_adjacency(lm, *ai);
432 for (i = 0; i < uadj->n_adj; i++)
433 if (uadj[i].lookup_next_index == IP_LOOKUP_NEXT_ARP &&
434 uadj[i].arp.next_hop.ip4.as_u32 == a->ip4.as_u32)
435 ip_update_adjacency (lm, *ai + i, &adj);
441 /* Check that new adjacency actually isn't exactly the same as
442 * what is already there. If we over-write the adjacency with
443 * exactly the same info, its technically a new adjacency with
444 * new counters, but to user it appears as counters reset.
446 if (vnet_ip_adjacency_share_compare (&adj, existing_adj) == 0) {
448 args.table_index_or_table_id = fib_index;
449 args.flags = IP4_ROUTE_FLAG_FIB_INDEX | IP4_ROUTE_FLAG_ADD | IP4_ROUTE_FLAG_NEIGHBOR;
450 args.dst_address = a->ip4;
451 args.dst_address_length = 32;
455 ip4_add_del_route (im, &args);
459 if (make_new_arp_cache_entry)
461 pool_get (am->ip4_entry_pool, e);
462 mhash_set (&am->ip4_entry_by_key, &k,
463 e - am->ip4_entry_pool,
468 /* Update time stamp and ethernet address. */
469 clib_memcpy (e->ethernet_address, a->ethernet, sizeof (e->ethernet_address));
470 e->cpu_time_last_updated = clib_cpu_time_now ();
472 e->flags |= ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC;
474 /* Customer(s) waiting for this address to be resolved? */
475 p = hash_get (am->pending_resolutions_by_address, a->ip4.as_u32);
480 while (next_index != (u32)~0)
482 pr = pool_elt_at_index (am->pending_resolutions, next_index);
483 vlib_process_signal_event (vm, pr->node_index,
486 next_index = pr->next_index;
487 pool_put (am->pending_resolutions, pr);
490 hash_unset (am->pending_resolutions_by_address, a->ip4.as_u32);
493 /* Customer(s) requesting ARP event for this address? */
494 p = hash_get (am->mac_changes_by_address, a->ip4.as_u32);
499 while (next_index != (u32)~0)
501 int (*fp)(u32, u8 *, u32, u32);
503 mc = pool_elt_at_index (am->mac_changes, next_index);
504 fp = mc->data_callback;
506 /* Call the user's data callback, return 1 to suppress dup events */
508 rv = (*fp)(mc->data, a->ethernet, sw_if_index, 0);
511 * Signal the resolver process, as long as the user
512 * says they want to be notified
515 vlib_process_signal_event (vm, mc->node_index,
518 next_index = mc->next_index;
525 void vnet_register_ip4_arp_resolution_event (vnet_main_t * vnm,
531 ethernet_arp_main_t * am = ðernet_arp_main;
532 ip4_address_t * address = address_arg;
534 pending_resolution_t * pr;
536 pool_get (am->pending_resolutions, pr);
539 pr->node_index = node_index;
540 pr->type_opaque = type_opaque;
542 pr->data_callback = 0;
544 p = hash_get (am->pending_resolutions_by_address, address->as_u32);
547 /* Insert new resolution at the head of the list */
548 pr->next_index = p[0];
549 hash_unset (am->pending_resolutions_by_address, address->as_u32);
552 hash_set (am->pending_resolutions_by_address, address->as_u32,
553 pr - am->pending_resolutions);
556 int vnet_add_del_ip4_arp_change_event (vnet_main_t * vnm,
557 void * data_callback,
562 uword data, int is_add)
564 ethernet_arp_main_t * am = ðernet_arp_main;
565 ip4_address_t * address = address_arg;
567 pending_resolution_t * mc;
568 void (*fp)(u32, u8 *) = data_callback;
572 pool_get (am->mac_changes, mc);
575 mc->node_index = node_index;
576 mc->type_opaque = type_opaque;
578 mc->data_callback = data_callback;
581 p = hash_get (am->mac_changes_by_address, address->as_u32);
584 /* Insert new resolution at the head of the list */
585 mc->next_index = p[0];
586 hash_unset (am->mac_changes_by_address, address->as_u32);
589 hash_set (am->mac_changes_by_address, address->as_u32,
590 mc - am->mac_changes);
596 pending_resolution_t * mc_last = 0;
598 p = hash_get (am->mac_changes_by_address, address->as_u32);
600 return VNET_API_ERROR_NO_SUCH_ENTRY;
604 while (index != (u32)~0)
606 mc = pool_elt_at_index (am->mac_changes, index);
607 if (mc->node_index == node_index &&
608 mc->type_opaque == type_opaque &&
611 /* Clients may need to clean up pool entries, too */
613 (*fp)(mc->data, 0 /* no new mac addrs */);
616 hash_unset (am->mac_changes_by_address, address->as_u32);
617 if (mc->next_index != ~0)
618 hash_set (am->mac_changes_by_address, address->as_u32,
620 pool_put (am->mac_changes, mc);
626 mc_last->next_index = mc->next_index;
627 pool_put (am->mac_changes, mc);
632 index = mc->next_index;
635 return VNET_API_ERROR_NO_SUCH_ENTRY;
639 /* Either we drop the packet or we send a reply to the sender. */
642 ARP_INPUT_NEXT_REPLY_TX,
646 #define foreach_ethernet_arp_error \
647 _ (replies_sent, "ARP replies sent") \
648 _ (l2_type_not_ethernet, "L2 type not ethernet") \
649 _ (l3_type_not_ip4, "L3 type not IP4") \
650 _ (l3_src_address_not_local, "IP4 source address not local to subnet") \
651 _ (l3_dst_address_not_local, "IP4 destination address not local to subnet") \
652 _ (l3_src_address_is_local, "IP4 source address matches local interface") \
653 _ (l3_src_address_learned, "ARP request IP4 source address learned") \
654 _ (replies_received, "ARP replies received") \
655 _ (opcode_not_request, "ARP opcode not request") \
656 _ (proxy_arp_replies_sent, "Proxy ARP replies sent") \
657 _ (l2_address_mismatch, "ARP hw addr does not match L2 frame src addr") \
658 _ (missing_interface_address, "ARP missing interface address") \
659 _ (gratuitous_arp, "ARP probe or announcement dropped") \
662 #define _(sym,string) ETHERNET_ARP_ERROR_##sym,
663 foreach_ethernet_arp_error
665 ETHERNET_ARP_N_ERROR,
666 } ethernet_arp_input_error_t;
668 /* get first interface address */
670 ip4_interface_first_address (ip4_main_t * im, u32 sw_if_index,
671 ip_interface_address_t ** result_ia)
673 ip_lookup_main_t * lm = &im->lookup_main;
674 ip_interface_address_t * ia = 0;
675 ip4_address_t * result = 0;
677 foreach_ip_interface_address (lm, ia, sw_if_index,
678 1 /* honor unnumbered */,
680 ip4_address_t * a = ip_interface_address_get_address (lm, ia);
685 *result_ia = result ? ia : 0;
689 static void unset_random_arp_entry (void)
691 ethernet_arp_main_t * am = ðernet_arp_main;
692 ethernet_arp_ip4_entry_t * e;
693 vnet_main_t * vnm = vnet_get_main();
694 ethernet_arp_ip4_over_ethernet_address_t delme;
697 index = pool_next_index (am->ip4_entry_pool, am->arp_delete_rotor);
698 am->arp_delete_rotor = index;
700 /* Try again from elt 0, could happen if an intfc goes down */
703 index = pool_next_index (am->ip4_entry_pool, am->arp_delete_rotor);
704 am->arp_delete_rotor = index;
707 /* Nothing left in the pool */
711 e = pool_elt_at_index (am->ip4_entry_pool, index);
713 clib_memcpy (&delme.ethernet, e->ethernet_address, 6);
714 delme.ip4.as_u32 = e->key.ip4_address.as_u32;
716 vnet_arp_unset_ip4_over_ethernet (vnm, e->key.sw_if_index,
717 e->key.fib_index, &delme);
720 static void arp_unnumbered (vlib_buffer_t * p0,
722 ethernet_header_t * eth0,
723 ip_interface_address_t * ifa0)
725 vlib_main_t * vm = vlib_get_main();
726 vnet_main_t * vnm = vnet_get_main();
727 vnet_interface_main_t * vim = &vnm->interface_main;
728 vnet_sw_interface_t * si;
729 vnet_hw_interface_t * hi;
730 u32 unnum_src_sw_if_index;
731 u32 * broadcast_swifs = 0;
736 u8 dst_mac_address[6];
738 ethernet_arp_header_t * arp0;
740 /* Save the dst mac address */
741 clib_memcpy(dst_mac_address, eth0->dst_address, sizeof (dst_mac_address));
743 /* Figure out which sw_if_index supplied the address */
744 unnum_src_sw_if_index = ifa0->sw_if_index;
746 /* Track down all users of the unnumbered source */
747 pool_foreach (si, vim->sw_interfaces,
749 if (si->flags & VNET_SW_INTERFACE_FLAG_UNNUMBERED &&
750 (si->unnumbered_sw_if_index == unnum_src_sw_if_index))
752 vec_add1 (broadcast_swifs, si->sw_if_index);
757 ASSERT (vec_len(broadcast_swifs));
759 /* Allocate buffering if we need it */
760 if (vec_len(broadcast_swifs) > 1)
762 vec_validate (buffers, vec_len(broadcast_swifs)-2);
763 n_alloc = vlib_buffer_alloc (vm, buffers, vec_len(buffers));
764 _vec_len (buffers) = n_alloc;
765 for (i = 0; i < n_alloc; i++)
767 b0 = vlib_get_buffer (vm, buffers[i]);
769 /* xerox (partially built) ARP pkt */
770 clib_memcpy (b0->data, p0->data, p0->current_length + p0->current_data);
771 b0->current_data = p0->current_data;
772 b0->current_length = p0->current_length;
773 vnet_buffer(b0)->sw_if_index[VLIB_RX] =
774 vnet_buffer(p0)->sw_if_index[VLIB_RX];
778 vec_insert (buffers, 1, 0);
781 for (i = 0; i < vec_len(buffers); i++)
783 b0 = vlib_get_buffer(vm, buffers[i]);
784 arp0 = vlib_buffer_get_current (b0);
786 hi = vnet_get_sup_hw_interface (vnm, broadcast_swifs[i]);
787 si = vnet_get_sw_interface (vnm, broadcast_swifs[i]);
789 /* For decoration, most likely */
790 vnet_buffer(b0)->sw_if_index[VLIB_TX] = hi->sw_if_index;
792 /* Fix ARP pkt src address */
793 clib_memcpy (arp0->ip4_over_ethernet[0].ethernet, hi->hw_address, 6);
795 /* Build L2 encaps for this swif */
796 header_size = sizeof (ethernet_header_t);
797 if (si->sub.eth.flags.one_tag)
799 else if (si->sub.eth.flags.two_tags)
802 vlib_buffer_advance (b0, -header_size);
803 eth0 = vlib_buffer_get_current (b0);
805 if (si->sub.eth.flags.one_tag) {
806 ethernet_vlan_header_t * outer = (void *) (eth0 + 1);
808 eth0->type = si->sub.eth.flags.dot1ad ?
809 clib_host_to_net_u16 (ETHERNET_TYPE_DOT1AD) :
810 clib_host_to_net_u16 (ETHERNET_TYPE_VLAN);
811 outer->priority_cfi_and_id =
812 clib_host_to_net_u16 (si->sub.eth.outer_vlan_id);
813 outer->type = clib_host_to_net_u16 (ETHERNET_TYPE_ARP);
815 } else if (si->sub.eth.flags.two_tags) {
816 ethernet_vlan_header_t * outer = (void *) (eth0 + 1);
817 ethernet_vlan_header_t * inner = (void *) (outer + 1);
819 eth0->type = si->sub.eth.flags.dot1ad ?
820 clib_host_to_net_u16 (ETHERNET_TYPE_DOT1AD) :
821 clib_host_to_net_u16 (ETHERNET_TYPE_VLAN);
822 outer->priority_cfi_and_id =
823 clib_host_to_net_u16 (si->sub.eth.outer_vlan_id);
824 outer->type = clib_host_to_net_u16 (ETHERNET_TYPE_VLAN);
825 inner->priority_cfi_and_id =
826 clib_host_to_net_u16 (si->sub.eth.inner_vlan_id);
827 inner->type = clib_host_to_net_u16 (ETHERNET_TYPE_ARP);
830 eth0->type = clib_host_to_net_u16 (ETHERNET_TYPE_ARP);
833 /* Restore the original dst address, set src address */
834 clib_memcpy (eth0->dst_address, dst_mac_address, sizeof (eth0->dst_address));
835 clib_memcpy (eth0->src_address, hi->hw_address, sizeof (eth0->src_address));
837 /* Transmit replicas */
840 vlib_frame_t * f = vlib_get_frame_to_node (vm, hi->output_node_index);
841 u32 * to_next = vlib_frame_vector_args (f);
842 to_next[0] = buffers[i];
844 vlib_put_frame_to_node (vm, hi->output_node_index, f);
848 /* The regular path outputs the original pkt.. */
849 vnet_buffer (p0)->sw_if_index[VLIB_TX] = broadcast_swifs[0];
851 vec_free (broadcast_swifs);
856 arp_input (vlib_main_t * vm,
857 vlib_node_runtime_t * node,
858 vlib_frame_t * frame)
860 ethernet_arp_main_t * am = ðernet_arp_main;
861 vnet_main_t * vnm = vnet_get_main();
862 ip4_main_t * im4 = &ip4_main;
863 u32 n_left_from, next_index, * from, * to_next;
864 u32 n_replies_sent = 0, n_proxy_arp_replies_sent = 0;
866 from = vlib_frame_vector_args (frame);
867 n_left_from = frame->n_vectors;
868 next_index = node->cached_next_index;
870 if (node->flags & VLIB_NODE_FLAG_TRACE)
871 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
873 sizeof (ethernet_arp_input_trace_t));
875 while (n_left_from > 0)
879 vlib_get_next_frame (vm, node, next_index,
880 to_next, n_left_to_next);
882 while (n_left_from > 0 && n_left_to_next > 0)
885 vnet_hw_interface_t * hw_if0;
886 ethernet_arp_header_t * arp0;
887 ethernet_header_t * eth0;
888 ip_interface_address_t * ifa0;
889 ip_adjacency_t * adj0;
890 ip4_address_t * if_addr0;
891 ip4_address_t proxy_src;
892 u32 pi0, error0, next0, sw_if_index0;
893 u8 is_request0, src_is_local0, dst_is_local0, is_unnum0;
894 ethernet_proxy_arp_t * pa;
903 p0 = vlib_get_buffer (vm, pi0);
904 arp0 = vlib_buffer_get_current (p0);
906 is_request0 = arp0->opcode
907 == clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request);
909 error0 = ETHERNET_ARP_ERROR_replies_sent;
911 error0 = (arp0->l2_type != clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet)
912 ? ETHERNET_ARP_ERROR_l2_type_not_ethernet
914 error0 = (arp0->l3_type != clib_net_to_host_u16 (ETHERNET_TYPE_IP4)
915 ? ETHERNET_ARP_ERROR_l3_type_not_ip4
918 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
923 /* Check that IP address is local and matches incoming interface. */
924 if_addr0 = ip4_interface_address_matching_destination (im4,
925 &arp0->ip4_over_ethernet[1].ip4,
930 error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
934 /* Honor unnumbered interface, if any */
935 is_unnum0 = sw_if_index0 != ifa0->sw_if_index;
937 /* Source must also be local to subnet of matching interface address. */
938 if (! ip4_destination_matches_interface (im4, &arp0->ip4_over_ethernet[0].ip4, ifa0))
940 error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
944 /* Reject requests/replies with our local interface address. */
945 src_is_local0 = if_addr0->as_u32 == arp0->ip4_over_ethernet[0].ip4.as_u32;
948 error0 = ETHERNET_ARP_ERROR_l3_src_address_is_local;
952 dst_is_local0 = if_addr0->as_u32 == arp0->ip4_over_ethernet[1].ip4.as_u32;
954 /* Fill in ethernet header. */
955 eth0 = ethernet_buffer_get_header (p0);
957 /* Trash ARP packets whose ARP-level source addresses do not
958 match their L2-frame-level source addresses */
959 if (memcmp (eth0->src_address, arp0->ip4_over_ethernet[0].ethernet,
960 sizeof (eth0->src_address)))
962 error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
966 /* Learn or update sender's mapping only for requests or unicasts
967 that don't match local interface address. */
968 if (ethernet_address_cast (eth0->dst_address) == ETHERNET_ADDRESS_UNICAST
971 if (am->limit_arp_cache_size &&
972 pool_elts (am->ip4_entry_pool) >= am->limit_arp_cache_size)
973 unset_random_arp_entry();
975 vnet_arp_set_ip4_over_ethernet (vnm, sw_if_index0,
976 (u32)~0 /* default fib */,
977 &arp0->ip4_over_ethernet[0],
979 error0 = ETHERNET_ARP_ERROR_l3_src_address_learned;
982 /* Only send a reply for requests sent which match a local interface. */
983 if (! (is_request0 && dst_is_local0))
985 error0 = (arp0->opcode == clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply)
986 ? ETHERNET_ARP_ERROR_replies_received : error0);
992 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
993 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
995 /* Send reply back through input interface */
996 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
997 next0 = ARP_INPUT_NEXT_REPLY_TX;
999 arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
1001 arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
1003 clib_memcpy (arp0->ip4_over_ethernet[0].ethernet, hw_if0->hw_address, 6);
1004 clib_mem_unaligned (&arp0->ip4_over_ethernet[0].ip4.data_u32, u32) = if_addr0->data_u32;
1006 /* Hardware must be ethernet-like. */
1007 ASSERT (vec_len (hw_if0->hw_address) == 6);
1009 clib_memcpy (eth0->dst_address, eth0->src_address, 6);
1010 clib_memcpy (eth0->src_address, hw_if0->hw_address, 6);
1012 /* Figure out how much to rewind current data from adjacency. */
1015 adj0 = ip_get_adjacency (&ip4_main.lookup_main,
1016 ifa0->neighbor_probe_adj_index);
1017 if (adj0->lookup_next_index != IP_LOOKUP_NEXT_ARP)
1019 error0 = ETHERNET_ARP_ERROR_missing_interface_address;
1023 arp_unnumbered (p0, pi0, eth0, ifa0);
1025 vlib_buffer_advance (p0, -adj0->rewrite_header.data_bytes);
1028 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,to_next,
1029 n_left_to_next,pi0,next0);
1031 n_replies_sent += 1;
1035 if (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ||
1036 (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
1037 arp0->ip4_over_ethernet[1].ip4.as_u32))
1039 error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
1042 /* See if proxy arp is configured for the address */
1045 vnet_sw_interface_t * si;
1046 u32 this_addr = clib_net_to_host_u32
1047 (arp0->ip4_over_ethernet[1].ip4.as_u32);
1050 si = vnet_get_sw_interface (vnm, sw_if_index0);
1052 if (!(si->flags & VNET_SW_INTERFACE_FLAG_PROXY_ARP))
1055 fib_index0 = vec_elt (im4->fib_index_by_sw_if_index,
1058 vec_foreach (pa, am->proxy_arps)
1060 u32 lo_addr = clib_net_to_host_u32 (pa->lo_addr);
1061 u32 hi_addr = clib_net_to_host_u32 (pa->hi_addr);
1063 /* an ARP request hit in the proxy-arp table? */
1064 if ((this_addr >= lo_addr && this_addr <= hi_addr) &&
1065 (fib_index0 == pa->fib_index))
1067 eth0 = ethernet_buffer_get_header (p0);
1069 arp0->ip4_over_ethernet[1].ip4.data_u32;
1072 * Rewind buffer, direct code above not to
1073 * think too hard about it.
1074 * $$$ is the answer ever anything other than
1075 * vlib_buffer_reset(..)?
1078 if_addr0 = &proxy_src;
1079 vlib_buffer_reset (p0);
1080 n_proxy_arp_replies_sent++;
1088 next0 = ARP_INPUT_NEXT_DROP;
1089 p0->error = node->errors[error0];
1091 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,to_next,
1092 n_left_to_next,pi0,next0);
1095 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1098 vlib_error_count (vm, node->node_index,
1099 ETHERNET_ARP_ERROR_replies_sent,
1100 n_replies_sent - n_proxy_arp_replies_sent);
1102 vlib_error_count (vm, node->node_index,
1103 ETHERNET_ARP_ERROR_proxy_arp_replies_sent,
1104 n_proxy_arp_replies_sent);
1105 return frame->n_vectors;
1108 static char * ethernet_arp_error_strings[] = {
1109 #define _(sym,string) string,
1110 foreach_ethernet_arp_error
1114 VLIB_REGISTER_NODE (arp_input_node,static) = {
1115 .function = arp_input,
1116 .name = "arp-input",
1117 .vector_size = sizeof (u32),
1119 .n_errors = ETHERNET_ARP_N_ERROR,
1120 .error_strings = ethernet_arp_error_strings,
1122 .n_next_nodes = ARP_INPUT_N_NEXT,
1124 [ARP_INPUT_NEXT_DROP] = "error-drop",
1125 [ARP_INPUT_NEXT_REPLY_TX] = "interface-output",
1128 .format_buffer = format_ethernet_arp_header,
1129 .format_trace = format_ethernet_arp_input_trace,
1133 ip4_arp_entry_sort (void *a1, void *a2)
1135 ethernet_arp_ip4_entry_t * e1 = a1;
1136 ethernet_arp_ip4_entry_t * e2 = a2;
1139 vnet_main_t * vnm = vnet_get_main();
1141 cmp = vnet_sw_interface_compare
1142 (vnm, e1->key.sw_if_index, e2->key.sw_if_index);
1144 cmp = ip4_address_compare (&e1->key.ip4_address, &e2->key.ip4_address);
1148 static clib_error_t *
1149 show_ip4_arp (vlib_main_t * vm,
1150 unformat_input_t * input,
1151 vlib_cli_command_t * cmd)
1153 vnet_main_t * vnm = vnet_get_main();
1154 ethernet_arp_main_t * am = ðernet_arp_main;
1155 ethernet_arp_ip4_entry_t * e, * es;
1156 ethernet_proxy_arp_t * pa;
1157 clib_error_t * error = 0;
1160 /* Filter entries by interface if given. */
1162 (void) unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index);
1165 pool_foreach (e, am->ip4_entry_pool, ({ vec_add1 (es, e[0]); }));
1168 vec_sort_with_function (es, ip4_arp_entry_sort);
1169 vlib_cli_output (vm, "%U", format_ethernet_arp_ip4_entry, vnm, 0);
1170 vec_foreach (e, es) {
1171 if (sw_if_index != ~0 && e->key.sw_if_index != sw_if_index)
1173 vlib_cli_output (vm, "%U", format_ethernet_arp_ip4_entry, vnm, e);
1178 if (vec_len (am->proxy_arps))
1180 vlib_cli_output (vm, "Proxy arps enabled for:");
1181 vec_foreach(pa, am->proxy_arps)
1183 vlib_cli_output (vm, "Fib_index %d %U - %U ",
1185 format_ip4_address, &pa->lo_addr,
1186 format_ip4_address, &pa->hi_addr);
1193 VLIB_CLI_COMMAND (show_ip4_arp_command, static) = {
1194 .path = "show ip arp",
1195 .function = show_ip4_arp,
1196 .short_help = "Show ARP table",
1200 pg_edit_t l2_type, l3_type;
1201 pg_edit_t n_l2_address_bytes, n_l3_address_bytes;
1206 } ip4_over_ethernet[2];
1207 } pg_ethernet_arp_header_t;
1210 pg_ethernet_arp_header_init (pg_ethernet_arp_header_t * p)
1212 /* Initialize fields that are not bit fields in the IP header. */
1213 #define _(f) pg_edit_init (&p->f, ethernet_arp_header_t, f);
1216 _ (n_l2_address_bytes);
1217 _ (n_l3_address_bytes);
1219 _ (ip4_over_ethernet[0].ethernet);
1220 _ (ip4_over_ethernet[0].ip4);
1221 _ (ip4_over_ethernet[1].ethernet);
1222 _ (ip4_over_ethernet[1].ip4);
1227 unformat_pg_arp_header (unformat_input_t * input, va_list * args)
1229 pg_stream_t * s = va_arg (*args, pg_stream_t *);
1230 pg_ethernet_arp_header_t * p;
1233 p = pg_create_edit_group (s, sizeof (p[0]), sizeof (ethernet_arp_header_t),
1235 pg_ethernet_arp_header_init (p);
1238 pg_edit_set_fixed (&p->l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
1239 pg_edit_set_fixed (&p->l3_type, ETHERNET_TYPE_IP4);
1240 pg_edit_set_fixed (&p->n_l2_address_bytes, 6);
1241 pg_edit_set_fixed (&p->n_l3_address_bytes, 4);
1243 if (! unformat (input, "%U: %U/%U -> %U/%U",
1245 unformat_ethernet_arp_opcode_net_byte_order, &p->opcode,
1247 unformat_ethernet_address, &p->ip4_over_ethernet[0].ethernet,
1249 unformat_ip4_address, &p->ip4_over_ethernet[0].ip4,
1251 unformat_ethernet_address, &p->ip4_over_ethernet[1].ethernet,
1253 unformat_ip4_address, &p->ip4_over_ethernet[1].ip4))
1255 /* Free up any edits we may have added. */
1256 pg_free_edit_group (s);
1262 clib_error_t *ip4_set_arp_limit (u32 arp_limit)
1264 ethernet_arp_main_t * am = ðernet_arp_main;
1266 am->limit_arp_cache_size = arp_limit;
1271 arp_ip4_entry_del_adj(ethernet_arp_ip4_entry_t *e, u32 adj_index)
1278 vec_foreach_index(i, e->adjacencies)
1279 if (vec_elt(e->adjacencies, i) == adj_index)
1281 vec_del1(e->adjacencies, i);
1289 arp_ip4_entry_add_adj(ethernet_arp_ip4_entry_t *e, u32 adj_index)
1292 vec_foreach_index(i, e->adjacencies)
1293 if (vec_elt(e->adjacencies, i) == adj_index)
1295 vec_add1(e->adjacencies, adj_index);
1299 arp_add_del_adj_cb (struct ip_lookup_main_t * lm,
1301 ip_adjacency_t * adj,
1304 ethernet_arp_main_t * am = ðernet_arp_main;
1305 ip4_main_t * im = &ip4_main;
1306 ethernet_arp_ip4_key_t k;
1307 ethernet_arp_ip4_entry_t * e = 0;
1311 for(ai = adj->heap_handle; ai < adj->heap_handle + adj->n_adj ; ai++)
1313 adj = ip_get_adjacency (lm, ai);
1314 if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP && adj->arp.next_hop.ip4.as_u32)
1316 k.sw_if_index = adj->rewrite_header.sw_if_index;
1317 k.ip4_address.as_u32 = adj->arp.next_hop.ip4.as_u32;
1318 k.fib_index = im->fib_index_by_sw_if_index[adj->rewrite_header.sw_if_index];
1319 p = mhash_get (&am->ip4_entry_by_key, &k);
1321 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
1329 clib_warning("Adjacency contains unknown ARP next hop %U (del)",
1330 format_ip46_address, &adj->arp.next_hop, IP46_TYPE_IP4);
1332 arp_ip4_entry_del_adj(e, adj->heap_handle);
1337 clib_warning("Adjacency contains unknown ARP next hop %U (add)",
1338 format_ip46_address, &adj->arp.next_hop, IP46_TYPE_IP4);
1340 arp_ip4_entry_add_adj(e, adj->heap_handle);
1345 static clib_error_t * ethernet_arp_init (vlib_main_t * vm)
1347 ethernet_arp_main_t * am = ðernet_arp_main;
1349 clib_error_t * error;
1350 ip4_main_t * im = &ip4_main;
1351 ip_lookup_main_t * lm = &im->lookup_main;
1353 if ((error = vlib_call_init_function (vm, ethernet_init)))
1356 ethernet_register_input_type (vm, ETHERNET_TYPE_ARP, arp_input_node.index);
1358 pn = pg_get_node (arp_input_node.index);
1359 pn->unformat_edit = unformat_pg_arp_header;
1361 am->opcode_by_name = hash_create_string (0, sizeof (uword));
1362 #define _(o) hash_set_mem (am->opcode_by_name, #o, ETHERNET_ARP_OPCODE_##o);
1363 foreach_ethernet_arp_opcode;
1366 mhash_init (&am->ip4_entry_by_key,
1367 /* value size */ sizeof (uword),
1368 /* key size */ sizeof (ethernet_arp_ip4_key_t));
1370 /* $$$ configurable */
1371 am->limit_arp_cache_size = 50000;
1373 am->pending_resolutions_by_address = hash_create (0, sizeof (uword));
1374 am->mac_changes_by_address = hash_create (0, sizeof (uword));
1376 /* don't trace ARP error packets */
1378 vlib_node_runtime_t *rt =
1379 vlib_node_get_runtime (vm, arp_input_node.index);
1382 vnet_pcap_drop_trace_filter_add_del \
1383 (rt->errors[ETHERNET_ARP_ERROR_##a], \
1385 foreach_ethernet_arp_error
1389 ip_register_add_del_adjacency_callback(lm, arp_add_del_adj_cb);
1394 VLIB_INIT_FUNCTION (ethernet_arp_init);
1397 vnet_arp_unset_ip4_over_ethernet (vnet_main_t * vnm,
1398 u32 sw_if_index, u32 fib_index,
1401 ethernet_arp_ip4_over_ethernet_address_t * a = a_arg;
1402 vnet_arp_set_ip4_over_ethernet_rpc_args_t args;
1404 args.sw_if_index = sw_if_index;
1405 args.fib_index = fib_index;
1407 clib_memcpy (&args.a, a, sizeof (*a));
1409 vl_api_rpc_call_main_thread (set_ip4_over_ethernet_rpc_callback,
1410 (u8 *) &args, sizeof (args));
1415 vnet_arp_unset_ip4_over_ethernet_internal (vnet_main_t * vnm,
1420 ethernet_arp_ip4_entry_t * e;
1421 ethernet_arp_main_t * am = ðernet_arp_main;
1422 ethernet_arp_ip4_over_ethernet_address_t * a = a_arg;
1423 ethernet_arp_ip4_key_t k;
1425 ip4_add_del_route_args_t args;
1426 ip4_main_t * im = &ip4_main;
1427 ip_lookup_main_t * lm = &im->lookup_main;
1429 ip_adjacency_t * adj;
1431 k.sw_if_index = sw_if_index;
1432 k.ip4_address = a->ip4;
1433 k.fib_index = fib_index;
1434 p = mhash_get (&am->ip4_entry_by_key, &k);
1438 memset(&args, 0, sizeof(args));
1441 * Make sure that the route actually exists before we try to delete it,
1442 * and make sure that it's a rewrite adjacency.
1444 * If we point 1-N unnumbered interfaces at a loopback interface and
1445 * shut down the loopback before shutting down 1-N unnumbered
1446 * interfaces, the ARP cache will still have an entry,
1447 * but the route will have disappeared.
1449 * See also ip4_del_interface_routes (...)
1450 * -> ip4_delete_matching_routes (...).
1453 adj_index = ip4_fib_lookup_with_table
1454 (im, fib_index, &a->ip4, 1 /* disable default route */);
1456 /* Miss adj? Forget it... */
1457 if (adj_index != lm->miss_adj_index) {
1458 adj = ip_get_adjacency (lm, adj_index);
1460 * Stupid control-plane trick:
1461 * admin down an interface (removes arp routes from fib),
1462 * bring the interface back up (does not reinstall them)
1463 * then remove the arp cache entry (yuck). When that happens,
1464 * the adj we find here will be the interface subnet ARP adj.
1466 if (adj->lookup_next_index == IP_LOOKUP_NEXT_REWRITE) {
1467 args.table_index_or_table_id = fib_index;
1468 args.flags = IP4_ROUTE_FLAG_FIB_INDEX | IP4_ROUTE_FLAG_DEL
1469 | IP4_ROUTE_FLAG_NEIGHBOR;
1470 args.dst_address = a->ip4;
1471 args.dst_address_length = 32;
1472 ip4_add_del_route (im, &args);
1473 ip4_maybe_remap_adjacencies (im, fib_index, args.flags);
1477 e = pool_elt_at_index (am->ip4_entry_pool, p[0]);
1478 mhash_unset (&am->ip4_entry_by_key, &e->key, 0);
1479 pool_put (am->ip4_entry_pool, e);
1484 increment_ip4_and_mac_address (ethernet_arp_ip4_over_ethernet_address_t *a)
1489 for (i = 3; i >= 0; i--)
1491 old = a->ip4.as_u8[i];
1492 a->ip4.as_u8[i] += 1;
1493 if (old < a->ip4.as_u8[i])
1497 for (i = 5; i >= 0; i--)
1499 old = a->ethernet[i];
1500 a->ethernet[i] += 1;
1501 if (old < a->ethernet[i])
1506 int vnet_proxy_arp_add_del (ip4_address_t *lo_addr,
1507 ip4_address_t *hi_addr,
1508 u32 fib_index, int is_del)
1510 ethernet_arp_main_t *am = ðernet_arp_main;
1511 ethernet_proxy_arp_t *pa;
1512 u32 found_at_index = ~0;
1514 vec_foreach (pa, am->proxy_arps)
1516 if (pa->lo_addr == lo_addr->as_u32
1517 && pa->hi_addr == hi_addr->as_u32
1518 && pa->fib_index == fib_index)
1520 found_at_index = pa - am->proxy_arps;
1525 if (found_at_index != ~0)
1527 /* Delete, otherwise it's already in the table */
1529 vec_delete (am->proxy_arps, 1, found_at_index);
1532 /* delete, no such entry */
1534 return VNET_API_ERROR_NO_SUCH_ENTRY;
1536 /* add, not in table */
1537 vec_add2 (am->proxy_arps, pa, 1);
1538 pa->lo_addr = lo_addr->as_u32;
1539 pa->hi_addr = hi_addr->as_u32;
1540 pa->fib_index = fib_index;
1545 * Remove any proxy arp entries asdociated with the
1548 int vnet_proxy_arp_fib_reset (u32 fib_id)
1550 ip4_main_t * im = &ip4_main;
1551 ethernet_arp_main_t *am = ðernet_arp_main;
1552 ethernet_proxy_arp_t *pa;
1553 u32 * entries_to_delete = 0;
1558 p = hash_get (im->fib_index_by_table_id, fib_id);
1560 return VNET_API_ERROR_NO_SUCH_ENTRY;
1563 vec_foreach (pa, am->proxy_arps)
1565 if (pa->fib_index == fib_index)
1567 vec_add1 (entries_to_delete, pa - am->proxy_arps);
1571 for (i = 0; i < vec_len(entries_to_delete); i++)
1573 vec_delete (am->proxy_arps, 1, entries_to_delete[i]);
1576 vec_free (entries_to_delete);
1582 vnet_arp_glean_add(u32 fib_index, void * next_hop_arg)
1584 ethernet_arp_main_t * am = ðernet_arp_main;
1585 ip4_main_t * im = &ip4_main;
1586 ip_lookup_main_t * lm = &im->lookup_main;
1587 ip4_address_t * next_hop = next_hop_arg;
1588 ip_adjacency_t add_adj, *adj;
1589 ip4_add_del_route_args_t args;
1590 ethernet_arp_ip4_entry_t * e;
1591 ethernet_arp_ip4_key_t k;
1594 adj_index = ip4_fib_lookup_with_table(im, fib_index, next_hop, 0);
1595 adj = ip_get_adjacency(lm, adj_index);
1597 if (!adj || adj->lookup_next_index != IP_LOOKUP_NEXT_ARP)
1600 if (adj->arp.next_hop.ip4.as_u32 != 0)
1603 k.sw_if_index = adj->rewrite_header.sw_if_index;
1604 k.fib_index = fib_index;
1605 k.ip4_address.as_u32 = next_hop->as_u32;
1607 if (mhash_get (&am->ip4_entry_by_key, &k))
1610 pool_get (am->ip4_entry_pool, e);
1611 mhash_set (&am->ip4_entry_by_key, &k, e - am->ip4_entry_pool, /* old value */ 0);
1613 e->cpu_time_last_updated = clib_cpu_time_now ();
1614 e->flags = ETHERNET_ARP_IP4_ENTRY_FLAG_GLEAN;
1616 memset(&args, 0, sizeof(args));
1617 clib_memcpy(&add_adj, adj, sizeof(add_adj));
1618 ip46_address_set_ip4(&add_adj.arp.next_hop, next_hop); /* install neighbor /32 route */
1619 args.table_index_or_table_id = fib_index;
1620 args.flags = IP4_ROUTE_FLAG_FIB_INDEX | IP4_ROUTE_FLAG_ADD| IP4_ROUTE_FLAG_NEIGHBOR;
1621 args.dst_address.as_u32 = next_hop->as_u32;
1622 args.dst_address_length = 32;
1623 args.adj_index = ~0;
1624 args.add_adj = &add_adj;
1626 ip4_add_del_route (im, &args);
1627 return ip4_fib_lookup_with_table (im, fib_index, next_hop, 0);
1630 static clib_error_t *
1631 ip_arp_add_del_command_fn (vlib_main_t * vm,
1632 unformat_input_t * input,
1633 vlib_cli_command_t * cmd)
1635 vnet_main_t * vnm = vnet_get_main();
1637 ethernet_arp_ip4_over_ethernet_address_t lo_addr, hi_addr, addr;
1646 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1648 /* set ip arp TenGigE1/1/0/1 1.2.3.4 aa:bb:... or aabb.ccdd... */
1649 if (unformat (input, "%U %U %U",
1650 unformat_vnet_sw_interface, vnm, &sw_if_index,
1651 unformat_ip4_address, &addr.ip4,
1652 unformat_ethernet_address, &addr.ethernet))
1655 else if (unformat (input, "delete") || unformat (input, "del"))
1658 else if (unformat (input, "static"))
1661 else if (unformat (input, "count %d", &count))
1664 else if (unformat (input, "fib-id %d", &fib_id))
1666 ip4_main_t * im = &ip4_main;
1667 uword * p = hash_get (im->fib_index_by_table_id, fib_id);
1669 return clib_error_return (0, "fib ID %d doesn't exist\n",
1674 else if (unformat (input, "proxy %U - %U",
1675 unformat_ip4_address, &lo_addr.ip4,
1676 unformat_ip4_address, &hi_addr.ip4))
1684 (void) vnet_proxy_arp_add_del (&lo_addr.ip4, &hi_addr.ip4,
1693 for (i = 0; i < count; i++)
1697 uword event_type, * event_data = 0;
1699 /* Park the debug CLI until the arp entry is installed */
1700 vnet_register_ip4_arp_resolution_event
1701 (vnm, &addr.ip4, vlib_current_process(vm),
1702 1 /* type */, 0 /* data */);
1704 vnet_arp_set_ip4_over_ethernet
1705 (vnm, sw_if_index, fib_index, &addr, is_static);
1707 vlib_process_wait_for_event (vm);
1708 event_type = vlib_process_get_events (vm, &event_data);
1709 vec_reset_length(event_data);
1710 if (event_type != 1)
1711 clib_warning ("event type %d unexpected", event_type);
1714 vnet_arp_unset_ip4_over_ethernet
1715 (vnm, sw_if_index, fib_index, &addr);
1717 increment_ip4_and_mac_address (&addr);
1722 return clib_error_return (0, "unknown input `%U'",
1723 format_unformat_error, input);
1729 VLIB_CLI_COMMAND (ip_arp_add_del_command, static) = {
1730 .path = "set ip arp",
1731 .short_help = "set ip arp [del] <intfc> <ip-address> <mac-address> [static] [count <count>] [fib-id <fib-id>] [proxy <lo-addr> - <hi-addr>]",
1732 .function = ip_arp_add_del_command_fn,
1735 static clib_error_t *
1736 set_int_proxy_arp_command_fn (vlib_main_t * vm,
1737 unformat_input_t * input,
1738 vlib_cli_command_t * cmd)
1740 vnet_main_t * vnm = vnet_get_main();
1742 vnet_sw_interface_t * si;
1746 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
1748 if (unformat (input, "%U", unformat_vnet_sw_interface,
1751 else if (unformat (input, "enable") || unformat (input, "on"))
1753 else if (unformat (input, "disable") || unformat (input, "off"))
1760 return clib_error_return (0, "unknown input '%U'",
1761 format_unformat_error, input);
1763 si = vnet_get_sw_interface (vnm, sw_if_index);
1766 si->flags |= VNET_SW_INTERFACE_FLAG_PROXY_ARP;
1768 si->flags &= ~VNET_SW_INTERFACE_FLAG_PROXY_ARP;
1773 VLIB_CLI_COMMAND (set_int_proxy_enable_command, static) = {
1774 .path = "set interface proxy-arp",
1775 .short_help = "set interface proxy-arp <intfc> [enable|disable]",
1776 .function = set_int_proxy_arp_command_fn,
1781 * ARP Termination in a L2 Bridge Domain based on an
1782 * IP4 to MAC hash table mac_by_ip4 for each BD.
1785 ARP_TERM_NEXT_L2_OUTPUT,
1790 u32 arp_term_next_node_index[32];
1793 arp_term_l2bd (vlib_main_t * vm,
1794 vlib_node_runtime_t * node,
1795 vlib_frame_t * frame)
1797 l2input_main_t * l2im = &l2input_main;
1798 u32 n_left_from, next_index, * from, * to_next;
1799 u32 n_replies_sent = 0;
1800 u16 last_bd_index = ~0;
1801 l2_bridge_domain_t * last_bd_config = 0;
1802 l2_input_config_t * cfg0;
1804 from = vlib_frame_vector_args (frame);
1805 n_left_from = frame->n_vectors;
1806 next_index = node->cached_next_index;
1808 while (n_left_from > 0)
1812 vlib_get_next_frame (vm, node, next_index,
1813 to_next, n_left_to_next);
1815 while (n_left_from > 0 && n_left_to_next > 0)
1818 ethernet_header_t * eth0;
1819 ethernet_arp_header_t * arp0;
1821 u32 pi0, error0, next0, sw_if_index0;
1832 n_left_to_next -= 1;
1834 p0 = vlib_get_buffer (vm, pi0);
1835 eth0 = vlib_buffer_get_current (p0);
1836 l3h0 = (u8 *)eth0 + vnet_buffer(p0)->l2.l2_len;
1837 ethertype0 = clib_net_to_host_u16(*(u16 *)(l3h0 - 2));
1838 arp0 = (ethernet_arp_header_t *) l3h0;
1840 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
1841 (p0->flags & VLIB_BUFFER_IS_TRACED)))
1843 u8 *t0 = vlib_add_trace (
1844 vm, node, p0, sizeof(ethernet_arp_input_trace_t));
1845 clib_memcpy (t0, l3h0, sizeof(ethernet_arp_input_trace_t));
1849 (ethertype0 != ETHERNET_TYPE_ARP) ||
1850 (arp0->opcode != clib_host_to_net_u16(ETHERNET_ARP_OPCODE_request))))
1851 goto next_l2_feature;
1853 error0 = ETHERNET_ARP_ERROR_replies_sent;
1854 error0 = (arp0->l2_type != clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet)
1855 ? ETHERNET_ARP_ERROR_l2_type_not_ethernet
1857 error0 = (arp0->l3_type != clib_net_to_host_u16 (ETHERNET_TYPE_IP4)
1858 ? ETHERNET_ARP_ERROR_l3_type_not_ip4
1861 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1866 // Trash ARP packets whose ARP-level source addresses do not
1867 // match their L2-frame-level source addresses */
1869 memcmp (eth0->src_address, arp0->ip4_over_ethernet[0].ethernet,
1870 sizeof (eth0->src_address))))
1872 error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
1876 // Check if anyone want ARP request events for L2 BDs
1878 pending_resolution_t * mc;
1879 ethernet_arp_main_t * am = ðernet_arp_main;
1880 uword *p = hash_get (am->mac_changes_by_address, 0);
1881 if (p && (vnet_buffer(p0)->l2.shg == 0))
1882 { // Only SHG 0 interface which is more likely local
1883 u32 next_index = p[0];
1884 while (next_index != (u32)~0)
1886 int (*fp)(u32, u8 *, u32, u32);
1888 mc = pool_elt_at_index (am->mac_changes, next_index);
1889 fp = mc->data_callback;
1890 // Call the callback, return 1 to suppress dup events */
1891 if (fp) rv = (*fp)(mc->data,
1892 arp0->ip4_over_ethernet[0].ethernet,
1894 arp0->ip4_over_ethernet[0].ip4.as_u32);
1895 // Signal the resolver process
1897 vlib_process_signal_event (vm, mc->node_index,
1900 next_index = mc->next_index;
1905 // lookup BD mac_by_ip4 hash table for MAC entry
1906 ip0 = arp0->ip4_over_ethernet[1].ip4.as_u32;
1907 bd_index0 = vnet_buffer(p0)->l2.bd_index;
1909 (bd_index0 != last_bd_index) || (last_bd_index == (u16) ~0)))
1911 last_bd_index = bd_index0;
1912 last_bd_config = vec_elt_at_index(l2im->bd_configs, bd_index0);
1914 macp0 = (u8 *) hash_get (last_bd_config->mac_by_ip4, ip0);
1916 if (PREDICT_FALSE(!macp0))
1917 goto next_l2_feature; // MAC not found
1919 // MAC found, send ARP reply -
1920 // Convert ARP request packet to ARP reply
1921 arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply);
1922 arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0];
1923 arp0->ip4_over_ethernet[0].ip4.as_u32 = ip0;
1924 clib_memcpy (arp0->ip4_over_ethernet[0].ethernet, macp0, 6);
1925 clib_memcpy (eth0->dst_address, eth0->src_address, 6);
1926 clib_memcpy (eth0->src_address, macp0, 6);
1927 n_replies_sent += 1;
1929 // For BVI, need to use l2-fwd node to send ARP reply as
1930 // l2-output node cannot output packet to BVI properly
1931 cfg0 = vec_elt_at_index(l2im->configs, sw_if_index0);
1932 if (PREDICT_FALSE (cfg0->bvi))
1934 vnet_buffer(p0)->l2.feature_bitmap |= L2INPUT_FEAT_FWD;
1935 vnet_buffer (p0)->sw_if_index[VLIB_RX] = 0;
1936 goto next_l2_feature;
1939 // Send ARP reply back out input interface through l2-output
1940 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1941 next0 = ARP_TERM_NEXT_L2_OUTPUT;
1942 // Note that output to VXLAN tunnel will fail due to SHG which
1943 // is probably desireable since ARP termination is not intended
1944 // for ARP requests from other hosts. If output to VXLAN tunnel is
1945 // required, however, can just clear the SHG in packet as follows:
1946 // vnet_buffer(p0)->l2.shg = 0;
1948 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,to_next,
1949 n_left_to_next,pi0,next0);
1954 u32 feature_bitmap0 =
1955 vnet_buffer(p0)->l2.feature_bitmap & ~L2INPUT_FEAT_ARP_TERM;
1956 vnet_buffer(p0)->l2.feature_bitmap = feature_bitmap0;
1957 next0 = feat_bitmap_get_next_node_index(arp_term_next_node_index,
1959 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,to_next,
1960 n_left_to_next,pi0,next0);
1965 if (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ||
1966 (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
1967 arp0->ip4_over_ethernet[1].ip4.as_u32))
1969 error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
1971 next0 = ARP_TERM_NEXT_DROP;
1972 p0->error = node->errors[error0];
1974 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,to_next,
1975 n_left_to_next,pi0,next0);
1978 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1981 vlib_error_count (vm, node->node_index,
1982 ETHERNET_ARP_ERROR_replies_sent,
1984 return frame->n_vectors;
1987 VLIB_REGISTER_NODE (arp_term_l2bd_node,static) = {
1988 .function = arp_term_l2bd,
1989 .name = "arp-term-l2bd",
1990 .vector_size = sizeof (u32),
1992 .n_errors = ETHERNET_ARP_N_ERROR,
1993 .error_strings = ethernet_arp_error_strings,
1995 .n_next_nodes = ARP_TERM_N_NEXT,
1997 [ARP_TERM_NEXT_L2_OUTPUT] = "l2-output",
1998 [ARP_TERM_NEXT_DROP] = "error-drop",
2001 .format_buffer = format_ethernet_arp_header,
2002 .format_trace = format_ethernet_arp_input_trace,
2005 clib_error_t *arp_term_init (vlib_main_t *vm)
2006 { // Initialize the feature next-node indexes
2007 feat_bitmap_init_next_nodes(vm,
2008 arp_term_l2bd_node.index,
2010 l2input_get_feat_names(),
2011 arp_term_next_node_index);
2015 VLIB_INIT_FUNCTION (arp_term_init);
Code Review / vpp.git / blob