#include <vnet/adj/adj_nbr.h>
#include <vnet/adj/adj_mcast.h>
#include <vnet/mpls/mpls.h>
+#include <vnet/l2/feat_bitmap.h>
/**
* @file
h =
vlib_packet_template_get_packet (vm, &im->ip4_arp_request_packet_template,
&bi);
+ if (!h)
+ return;
hi = vnet_get_sup_hw_interface (vnm, adj->rewrite_header.sw_if_index);
arp_nbr_probe (adj);
}
break;
+ case IP_LOOKUP_NEXT_BCAST:
+ adj_nbr_update_rewrite (ai,
+ ADJ_NBR_REWRITE_FLAG_COMPLETE,
+ ethernet_build_rewrite
+ (vnm,
+ sw_if_index,
+ VNET_LINK_IP4,
+ VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
+ break;
case IP_LOOKUP_NEXT_MCAST:
{
/*
/* Refuse to over-write static arp. */
if (!is_static && (e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC))
- return -2;
+ {
+ /* if MAC address match, still check to send event */
+ if (0 == memcmp (e->ethernet_address,
+ a->ethernet, sizeof (e->ethernet_address)))
+ goto check_customers;
+ return -2;
+ }
make_new_arp_cache_entry = 0;
}
}
goto check_customers;
}
- /* Update time stamp and ethernet address. */
+ /* Update ethernet address. */
clib_memcpy (e->ethernet_address, a->ethernet,
sizeof (e->ethernet_address));
}
+ /* Update time stamp and flags. */
e->time_last_updated = vlib_time_now (vm);
if (is_static)
{
_ (l3_type_not_ip4, "L3 type not IP4") \
_ (l3_src_address_not_local, "IP4 source address not local to subnet") \
_ (l3_dst_address_not_local, "IP4 destination address not local to subnet") \
+ _ (l3_dst_address_unset, "IP4 destination address is unset") \
_ (l3_src_address_is_local, "IP4 source address matches local interface") \
_ (l3_src_address_learned, "ARP request IP4 source address learned") \
_ (replies_received, "ARP replies received") \
vnet_hw_interface_t *hw_if0;
ethernet_arp_header_t *arp0;
ethernet_header_t *eth_rx, *eth_tx;
- ip4_address_t *if_addr0, proxy_src;
+ const ip4_address_t *if_addr0;
+ ip4_address_t proxy_src;
u32 pi0, error0, next0, sw_if_index0, conn_sw_if_index0, fib_index0;
u8 is_request0, dst_is_local0, is_unnum0, is_vrrp_reply0;
ethernet_proxy_arp_t *pa;
fib_node_index_t dst_fei, src_fei;
- fib_prefix_t pfx0;
+ const fib_prefix_t *pfx0;
fib_entry_flag_t src_flags, dst_flags;
u8 *rewrite0, rewrite0_len;
(arp0->l3_type !=
clib_net_to_host_u16 (ETHERNET_TYPE_IP4) ?
ETHERNET_ARP_ERROR_l3_type_not_ip4 : error0);
+ error0 =
+ (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ?
+ ETHERNET_ARP_ERROR_l3_dst_address_unset : error0);
sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
* to reach us, they only affect how we reach the sender.
*/
fib_entry_t *src_fib_entry;
+ const fib_prefix_t *pfx;
fib_entry_src_t *src;
fib_source_t source;
- fib_prefix_t pfx;
int attached;
int mask;
/*
* shorter mask lookup for the next iteration.
*/
- fib_entry_get_prefix (src_fei, &pfx);
- mask = pfx.fp_len - 1;
+ pfx = fib_entry_get_prefix (src_fei);
+ mask = pfx->fp_len - 1;
/*
* continue until we hit the default route or we find
}
}
- if (!(FIB_ENTRY_FLAG_CONNECTED & dst_flags))
+ if (fib_entry_is_sourced (dst_fei, FIB_SOURCE_ADJ))
+ {
+ /*
+ * We matched an adj-fib on ths source subnet (a /32 previously
+ * added as a result of ARP). If this request is a gratuitous
+ * ARP, then learn from it.
+ * The check for matching an adj-fib, is to prevent hosts
+ * from spamming us with gratuitous ARPS that might otherwise
+ * blow our ARP cache
+ */
+ if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
+ arp0->ip4_over_ethernet[1].ip4.as_u32)
+ error0 = arp_learn (vnm, am, sw_if_index0,
+ &arp0->ip4_over_ethernet[0]);
+ goto drop2;
+ }
+ else if (!(FIB_ENTRY_FLAG_CONNECTED & dst_flags))
{
error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
goto drop1;
}
dst_is_local0 = (FIB_ENTRY_FLAG_LOCAL & dst_flags);
- fib_entry_get_prefix (dst_fei, &pfx0);
- if_addr0 = &pfx0.fp_addr.ip4;
+ pfx0 = fib_entry_get_prefix (dst_fei);
+ if_addr0 = &pfx0->fp_addr.ip4;
is_vrrp_reply0 =
((arp0->opcode ==
/* Learn or update sender's mapping only for replies to addresses
* that are local to the subnet */
if (arp0->opcode ==
- clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply) &&
- dst_is_local0)
+ clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
{
- error0 = arp_learn (vnm, am, sw_if_index0,
- &arp0->ip4_over_ethernet[0]);
+ if (dst_is_local0)
+ error0 = arp_learn (vnm, am, sw_if_index0,
+ &arp0->ip4_over_ethernet[0]);
+ else
+ /* a reply for a non-local destination could be a GARP.
+ * GARPs for hosts we know were handled above, so this one
+ * we drop */
+ error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
+
goto drop1;
}
else if (arp0->opcode ==
clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request) &&
(dst_is_local0 == 0))
{
- /* learn from GARP packet */
- if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
- arp0->ip4_over_ethernet[1].ip4.as_u32)
- error0 = arp_learn (vnm, am, sw_if_index0,
- &arp0->ip4_over_ethernet[0]);
goto drop1;
}
continue;
drop1:
- if (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ||
- (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
- arp0->ip4_over_ethernet[1].ip4.as_u32))
+ if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
+ arp0->ip4_over_ethernet[1].ip4.as_u32)
{
error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
goto drop2;
u16 bd_index0;
u32 ip0;
u8 *macp0;
- u8 is_vrrp_reply0;
pi0 = from[0];
to_next[0] = pi0;
ethertype0 = clib_net_to_host_u16 (*(u16 *) (l3h0 - 2));
arp0 = (ethernet_arp_header_t *) l3h0;
- if (PREDICT_FALSE ((ethertype0 != ETHERNET_TYPE_ARP) ||
- (arp0->opcode !=
- clib_host_to_net_u16
- (ETHERNET_ARP_OPCODE_request))))
+ if (ethertype0 != ETHERNET_TYPE_ARP)
+ goto check_ip6_nd;
+
+ if ((arp0->opcode !=
+ clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request)) &&
+ (arp0->opcode !=
+ clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply)))
goto check_ip6_nd;
- /* Must be ARP request packet here */
+ /* Must be ARP request/reply packet here */
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
(p0->flags & VLIB_BUFFER_IS_TRACED)))
{
clib_memcpy (t0, l3h0, sizeof (ethernet_arp_input_trace_t));
}
- error0 = ETHERNET_ARP_ERROR_replies_sent;
+ error0 = 0;
error0 =
(arp0->l2_type !=
clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet)
if (error0)
goto drop;
- is_vrrp_reply0 =
- ((arp0->opcode ==
- clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
- &&
- (!memcmp
- (arp0->ip4_over_ethernet[0].ethernet, vrrp_prefix,
- sizeof (vrrp_prefix))));
-
/* Trash ARP packets whose ARP-level source addresses do not
- match their L2-frame-level source addresses, unless it's
- a reply from a VRRP virtual router */
+ match, or if requester address is mcast */
if (PREDICT_FALSE
(memcmp (eth0->src_address, arp0->ip4_over_ethernet[0].ethernet,
- sizeof (eth0->src_address)) && !is_vrrp_reply0))
+ sizeof (eth0->src_address)) ||
+ ethernet_address_cast (arp0->ip4_over_ethernet[0].ethernet)))
{
- error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
+ /* VRRP virtual MAC may be different to SMAC in ARP reply */
+ if (memcmp (arp0->ip4_over_ethernet[0].ethernet, vrrp_prefix,
+ sizeof (vrrp_prefix)))
+ {
+ error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
+ goto drop;
+ }
+ }
+ if (PREDICT_FALSE
+ (ip4_address_is_multicast (&arp0->ip4_over_ethernet[0].ip4)))
+ {
+ error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
goto drop;
}
u32 bi = 0;
ethernet_arp_header_t *h = vlib_packet_template_get_packet
(vm, &i4m->ip4_arp_request_packet_template, &bi);
+
+ if (!h)
+ return;
+
clib_memcpy (h->ip4_over_ethernet[0].ethernet, hi->hw_address,
sizeof (h->ip4_over_ethernet[0].ethernet));
clib_memcpy (h->ip4_over_ethernet[1].ethernet, hi->hw_address,