X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Flisp-cp%2Fcontrol.c;h=09f5c0a652dc4ab4bf30c51afc7b457df7b7efb5;hb=3ec09e9243dceb78e7548725281b0da8eddf72b1;hp=67b1fc4822a40fe610910aceeaa8c4d55ba03b8c;hpb=bdc0e6b7204ea0211d4f7881497e4306586fb9ef;p=vpp.git diff --git a/src/vnet/lisp-cp/control.c b/src/vnet/lisp-cp/control.c index 67b1fc4822a..09f5c0a652d 100644 --- a/src/vnet/lisp-cp/control.c +++ b/src/vnet/lisp-cp/control.c @@ -26,7 +26,7 @@ #include #include -#include +#include #define MAX_VALUE_U24 0xffffff @@ -76,22 +76,6 @@ auth_data_len_by_key_id (lisp_key_type_t key_id) return (u16) ~ 0; } -static const EVP_MD * -get_encrypt_fcn (lisp_key_type_t key_id) -{ - switch (key_id) - { - case HMAC_SHA_1_96: - return EVP_sha1 (); - case HMAC_SHA_256_128: - return EVP_sha256 (); - default: - clib_warning ("unsupported encryption key type: %d!", key_id); - break; - } - return 0; -} - static int queue_map_request (gid_address_t * seid, gid_address_t * deid, u8 smr_invoked, u8 is_resend); @@ -130,7 +114,7 @@ ip_interface_get_first_ip_address (lisp_cp_main_t * lcm, u32 sw_if_index, ip_lookup_main_t *lm; void *addr; - lm = (version == IP4) ? &lcm->im4->lookup_main : &lcm->im6->lookup_main; + lm = (version == AF_IP4) ? &lcm->im4->lookup_main : &lcm->im6->lookup_main; addr = ip_interface_get_first_address (lm, sw_if_index, version); if (!addr) return 0; @@ -145,19 +129,22 @@ ip_interface_get_first_ip_address (lisp_cp_main_t * lcm, u32 sw_if_index, void ip_address_to_fib_prefix (const ip_address_t * addr, fib_prefix_t * prefix) { - if (addr->version == IP4) + if (addr->version == AF_IP4) { prefix->fp_len = 32; prefix->fp_proto = FIB_PROTOCOL_IP4; - memset (&prefix->fp_addr.pad, 0, sizeof (prefix->fp_addr.pad)); - memcpy (&prefix->fp_addr.ip4, &addr->ip, sizeof (prefix->fp_addr.ip4)); + clib_memset (&prefix->fp_addr.pad, 0, sizeof (prefix->fp_addr.pad)); + memcpy (&prefix->fp_addr.ip4, &addr->ip.ip4, + sizeof (prefix->fp_addr.ip4)); } else { prefix->fp_len = 128; prefix->fp_proto = FIB_PROTOCOL_IP6; - memcpy (&prefix->fp_addr.ip6, &addr->ip, sizeof (prefix->fp_addr.ip6)); + memcpy (&prefix->fp_addr.ip6, &addr->ip.ip6, + sizeof (prefix->fp_addr.ip6)); } + prefix->___fp___pad = 0; } /** @@ -205,7 +192,7 @@ ip_fib_get_first_egress_ip_for_dst (lisp_cp_main_t * lcm, ip_address_t * dst, ipver = ip_addr_version (dst); - lm = (ipver == IP4) ? &lcm->im4->lookup_main : &lcm->im6->lookup_main; + lm = (ipver == AF_IP4) ? &lcm->im4->lookup_main : &lcm->im6->lookup_main; si = ip_fib_get_egress_iface_for_dst (lcm, dst); if ((u32) ~ 0 == si) @@ -272,7 +259,7 @@ dp_del_fwd_entry (lisp_cp_main_t * lcm, u32 dst_map_index) vnet_lisp_gpe_add_del_fwd_entry_args_t _a, *a = &_a; fwd_entry_t *fe = 0; uword *feip = 0; - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); feip = hash_get (lcm->fwd_entry_by_mapping_index, dst_map_index); if (!feip) @@ -377,7 +364,7 @@ get_locator_pairs (lisp_cp_main_t * lcm, mapping_t * lcl_map, lcl_addr)) continue; - memset (&pair, 0, sizeof (pair)); + clib_memset (&pair, 0, sizeof (pair)); ip_address_copy (&pair.rmt_loc, &gid_address_ip (&rmt->address)); ip_address_copy (&pair.lcl_loc, lcl_addr); @@ -446,7 +433,7 @@ dp_add_fwd_entry (lisp_cp_main_t * lcm, u32 src_map_index, u32 dst_map_index) u8 type, is_src_dst = 0; int rv; - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); /* remove entry if it already exists */ feip = hash_get (lcm->fwd_entry_by_mapping_index, dst_map_index); @@ -574,7 +561,7 @@ dp_add_fwd_entry (lisp_cp_main_t * lcm, u32 src_map_index, u32 dst_map_index) if (!rmts_stored_idxp) { pool_get (lcm->lcl_to_rmt_adjacencies, rmts); - memset (rmts, 0, sizeof (*rmts)); + clib_memset (rmts, 0, sizeof (*rmts)); rmts_idx = rmts - lcm->lcl_to_rmt_adjacencies; hash_set (lcm->lcl_to_rmt_adjs_by_lcl_idx, src_map_index, rmts_idx); } @@ -606,7 +593,7 @@ dp_add_fwd_entry_from_mt (u32 si, u32 di) { fwd_entry_mt_arg_t a; - memset (&a, 0, sizeof (a)); + clib_memset (&a, 0, sizeof (a)); a.si = si; a.di = di; @@ -699,7 +686,7 @@ vnet_lisp_add_del_map_server (ip_address_t * addr, u8 is_add) return -1; } - memset (ms, 0, sizeof (*ms)); + clib_memset (ms, 0, sizeof (*ms)); ip_address_copy (&ms->address, addr); vec_add1 (lcm->map_servers, ms[0]); @@ -774,6 +761,7 @@ vnet_lisp_map_cache_add_del (vnet_lisp_add_del_mapping_args_t * a, m->is_static = a->is_static; m->key = vec_dup (a->key); m->key_id = a->key_id; + m->authoritative = a->authoritative; map_index = m - lcm->mapping_pool; gid_dictionary_add_del (&lcm->mapping_index_by_gid, &a->eid, map_index, @@ -914,16 +902,17 @@ vnet_lisp_add_del_local_mapping (vnet_lisp_add_del_mapping_args_t * a, return vnet_lisp_map_cache_add_del (a, map_index_result); } -static void +static int add_l2_arp_bd (BVT (clib_bihash_kv) * kvp, void *arg) { u32 **ht = arg; u32 version = (u32) kvp->key[0]; - if (IP6 == version) - return; + if (AF_IP6 == version) + return (BIHASH_WALK_CONTINUE); u32 bd = (u32) (kvp->key[0] >> 32); hash_set (ht[0], bd, 0); + return (BIHASH_WALK_CONTINUE); } u32 * @@ -937,16 +926,17 @@ vnet_lisp_l2_arp_bds_get (void) return bds; } -static void +static int add_ndp_bd (BVT (clib_bihash_kv) * kvp, void *arg) { u32 **ht = arg; u32 version = (u32) kvp->key[0]; - if (IP4 == version) - return; + if (AF_IP4 == version) + return (BIHASH_WALK_CONTINUE); u32 bd = (u32) (kvp->key[0] >> 32); hash_set (ht[0], bd, 0); + return (BIHASH_WALK_CONTINUE); } u32 * @@ -966,15 +956,15 @@ typedef struct u32 bd; } lisp_add_l2_arp_ndp_args_t; -static void +static int add_l2_arp_entry (BVT (clib_bihash_kv) * kvp, void *arg) { lisp_add_l2_arp_ndp_args_t *a = arg; lisp_api_l2_arp_entry_t **vector = a->vector, e; u32 version = (u32) kvp->key[0]; - if (IP6 == version) - return; + if (AF_IP6 == version) + return (BIHASH_WALK_CONTINUE); u32 bd = (u32) (kvp->key[0] >> 32); @@ -984,6 +974,7 @@ add_l2_arp_entry (BVT (clib_bihash_kv) * kvp, void *arg) e.ip4 = (u32) kvp->key[1]; vec_add1 (vector[0], e); } + return (BIHASH_WALK_CONTINUE); } lisp_api_l2_arp_entry_t * @@ -1001,15 +992,15 @@ vnet_lisp_l2_arp_entries_get_by_bd (u32 bd) return entries; } -static void +static int add_ndp_entry (BVT (clib_bihash_kv) * kvp, void *arg) { lisp_add_l2_arp_ndp_args_t *a = arg; lisp_api_ndp_entry_t **vector = a->vector, e; u32 version = (u32) kvp->key[0]; - if (IP4 == version) - return; + if (AF_IP4 == version) + return (BIHASH_WALK_CONTINUE); u32 bd = (u32) (kvp->key[0] >> 32); @@ -1019,6 +1010,7 @@ add_ndp_entry (BVT (clib_bihash_kv) * kvp, void *arg) clib_memcpy (e.ip6, &kvp->key[1], 16); vec_add1 (vector[0], e); } + return (BIHASH_WALK_CONTINUE); } lisp_api_ndp_entry_t * @@ -1213,7 +1205,7 @@ remove_overlapping_sub_prefixes (lisp_cp_main_t * lcm, gid_address_t * eid, gid_address_t *e; remove_mapping_args_t a; - memset (&a, 0, sizeof (a)); + clib_memset (&a, 0, sizeof (a)); /* do this only in src/dst mode ... */ if (MR_MODE_SRC_DST != lcm->map_request_mode) @@ -1234,7 +1226,7 @@ remove_overlapping_sub_prefixes (lisp_cp_main_t * lcm, gid_address_t * eid, { vnet_lisp_add_del_adjacency_args_t _adj_args, *adj_args = &_adj_args; - memset (adj_args, 0, sizeof (adj_args[0])); + clib_memset (adj_args, 0, sizeof (adj_args[0])); gid_address_copy (&adj_args->reid, e); adj_args->is_add = 0; if (vnet_lisp_add_del_adjacency (adj_args)) @@ -1297,7 +1289,7 @@ vnet_lisp_add_mapping (vnet_lisp_add_del_mapping_args_t * a, if (is_updated) is_updated[0] = 0; - memset (ls_args, 0, sizeof (ls_args[0])); + clib_memset (ls_args, 0, sizeof (ls_args[0])); ls_args->locators = rlocs; mi = gid_dictionary_lookup (&lcm->mapping_index_by_gid, &a->eid); @@ -1393,8 +1385,8 @@ vnet_lisp_del_mapping (gid_address_t * eid, u32 * res_map_index) mapping_t *old_map; u32 mi; - memset (ls_args, 0, sizeof (ls_args[0])); - memset (m_args, 0, sizeof (m_args[0])); + clib_memset (ls_args, 0, sizeof (ls_args[0])); + clib_memset (m_args, 0, sizeof (m_args[0])); if (res_map_index) res_map_index[0] = ~0; @@ -1604,7 +1596,7 @@ vnet_lisp_nsh_set_locator_set (u8 * locator_set_name, u8 is_add) locator_set_index = p[0]; pool_get (lcm->mapping_pool, m); - memset (m, 0, sizeof *m); + clib_memset (m, 0, sizeof *m); m->locator_set_index = locator_set_index; m->local = 1; m->nsh_set = 1; @@ -1709,12 +1701,12 @@ vnet_lisp_use_petr (ip_address_t * ip, u8 is_add) return VNET_API_ERROR_LISP_DISABLED; } - memset (ls_args, 0, sizeof (*ls_args)); + clib_memset (ls_args, 0, sizeof (*ls_args)); if (is_add) { /* Create dummy petr locator-set */ - memset (&loc, 0, sizeof (loc)); + clib_memset (&loc, 0, sizeof (loc)); gid_address_from_ip (&loc.address, ip); loc.priority = 1; loc.state = loc.weight = 1; @@ -1848,7 +1840,7 @@ update_adjacencies_by_map_index (lisp_cp_main_t * lcm, uword *fei = 0, *rmts_idxp = 0; u32 **rmts = 0, *remote_idxp = 0, *rmts_copy = 0; vnet_lisp_add_del_adjacency_args_t _a, *a = &_a; - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); map = pool_elt_at_index (lcm->mapping_pool, mapping_index); @@ -2089,7 +2081,7 @@ vnet_lisp_add_del_locator_set (vnet_lisp_add_del_locator_set_args_t * a, else { pool_get (lcm->locator_set_pool, ls); - memset (ls, 0, sizeof (*ls)); + clib_memset (ls, 0, sizeof (*ls)); ls_index = ls - lcm->locator_set_pool; if (a->local) @@ -2312,6 +2304,9 @@ vnet_lisp_enable_disable (u8 is_enable) } } + if (is_enable) + vnet_lisp_create_retry_process (lcm); + /* update global flag */ lcm->is_enabled = is_enable; @@ -2348,7 +2343,7 @@ vnet_lisp_add_del_map_resolver (vnet_lisp_add_del_map_resolver_args_t * a) return -1; } - memset (mr, 0, sizeof (*mr)); + clib_memset (mr, 0, sizeof (*mr)); ip_address_copy (&mr->address, &a->address); vec_add1 (lcm->map_resolvers, *mr); @@ -2511,7 +2506,7 @@ build_itr_rloc_list (lisp_cp_main_t * lcm, locator_set_t * loc_set) ip_prefix_t *ippref = &gid_address_ippref (gid); ip_address_t *rloc = &ip_prefix_addr (ippref); - memset (gid, 0, sizeof (gid[0])); + clib_memset (gid, 0, sizeof (gid[0])); gid_address_type (gid) = GID_ADDR_IP_PREFIX; for (i = 0; i < vec_len (loc_set->locator_indices); i++) { @@ -2525,7 +2520,7 @@ build_itr_rloc_list (lisp_cp_main_t * lcm, locator_set_t * loc_set) loc->sw_if_index, 1 /* unnumbered */, ({ addr = ip_interface_address_get_address (&lcm->im4->lookup_main, ia); - ip_address_set (rloc, addr, IP4); + ip_address_set (rloc, addr, AF_IP4); ip_prefix_len (ippref) = 32; ip_prefix_normalize (ippref); vec_add1 (rlocs, gid[0]); @@ -2536,7 +2531,7 @@ build_itr_rloc_list (lisp_cp_main_t * lcm, locator_set_t * loc_set) loc->sw_if_index, 1 /* unnumbered */, ({ addr = ip_interface_address_get_address (&lcm->im6->lookup_main, ia); - ip_address_set (rloc, addr, IP6); + ip_address_set (rloc, addr, AF_IP6); ip_prefix_len (ippref) = 128; ip_prefix_normalize (ippref); vec_add1 (rlocs, gid[0]); @@ -2611,7 +2606,7 @@ build_encapsulated_map_request (lisp_cp_main_t * lcm, && GID_ADDR_SRC_DST != gid_address_type (deid)) { gid_address_t sd; - memset (&sd, 0, sizeof (sd)); + clib_memset (&sd, 0, sizeof (sd)); build_src_dst (&sd, seid, deid); lisp_msg_put_mreq (lcm, b, seid, &sd, rlocs, is_smr_invoked, 0 /* rloc probe */ , nonce_res); @@ -2699,7 +2694,7 @@ add_locators (lisp_cp_main_t * lcm, mapping_t * m, u32 locator_set_index, ({ addr = ip_interface_address_get_address (&lcm->im4->lookup_main, ia); - ip_address_set (new_ip, addr, IP4); + ip_address_set (new_ip, addr, AF_IP4); })); /* Add ipv6 locators */ @@ -2708,7 +2703,7 @@ add_locators (lisp_cp_main_t * lcm, mapping_t * m, u32 locator_set_index, ({ addr = ip_interface_address_get_address (&lcm->im6->lookup_main, ia); - ip_address_set (new_ip, addr, IP6); + ip_address_set (new_ip, addr, AF_IP6); })); /* *INDENT-ON* */ @@ -2740,18 +2735,64 @@ build_map_register_record_list (lisp_cp_main_t * lcm) return recs; } +static vnet_crypto_alg_t +lisp_key_type_to_crypto_alg (lisp_key_type_t key_id) +{ + switch (key_id) + { + case HMAC_SHA_1_96: + return VNET_CRYPTO_ALG_HMAC_SHA1; + case HMAC_SHA_256_128: + return VNET_CRYPTO_ALG_HMAC_SHA256; + default: + clib_warning ("unsupported encryption key type: %d!", key_id); + break; + } + return VNET_CRYPTO_ALG_NONE; +} + +static vnet_crypto_op_id_t +lisp_key_type_to_crypto_op (lisp_key_type_t key_id) +{ + switch (key_id) + { + case HMAC_SHA_1_96: + return VNET_CRYPTO_OP_SHA1_HMAC; + case HMAC_SHA_256_128: + return VNET_CRYPTO_OP_SHA256_HMAC; + default: + clib_warning ("unsupported encryption key type: %d!", key_id); + break; + } + return VNET_CRYPTO_OP_NONE; +} + static int update_map_register_auth_data (map_register_hdr_t * map_reg_hdr, lisp_key_type_t key_id, u8 * key, u16 auth_data_len, u32 msg_len) { + lisp_cp_main_t *lcm = vnet_lisp_cp_get_main (); MREG_KEY_ID (map_reg_hdr) = clib_host_to_net_u16 (key_id); MREG_AUTH_DATA_LEN (map_reg_hdr) = clib_host_to_net_u16 (auth_data_len); + vnet_crypto_op_t _op, *op = &_op; + vnet_crypto_key_index_t ki; + + vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id)); + op->len = msg_len; + op->digest = MREG_DATA (map_reg_hdr); + op->src = (u8 *) map_reg_hdr; + op->digest_len = 0; + op->iv = 0; - unsigned char *result = HMAC (get_encrypt_fcn (key_id), key, vec_len (key), - (unsigned char *) map_reg_hdr, msg_len, NULL, - NULL); - clib_memcpy (MREG_DATA (map_reg_hdr), result, auth_data_len); + ki = vnet_crypto_key_add (lcm->vlib_main, + lisp_key_type_to_crypto_alg (key_id), key, + vec_len (key)); + + op->key_index = ki; + + vnet_crypto_process_ops (lcm->vlib_main, op, 1); + vnet_crypto_key_del (lcm->vlib_main, ki); return 0; } @@ -2885,7 +2926,7 @@ send_rloc_probe (lisp_cp_main_t * lcm, gid_address_t * deid, vnet_buffer (b)->sw_if_index[VLIB_TX] = 0; - next_index = (ip_addr_version (rloc) == IP4) ? + next_index = (ip_addr_version (rloc) == AF_IP4) ? ip4_lookup_node.index : ip6_lookup_node.index; f = vlib_get_frame_to_node (lcm->vlib_main, next_index); @@ -2997,7 +3038,7 @@ send_map_register (lisp_cp_main_t * lcm, u8 want_map_notif) vnet_buffer (b)->sw_if_index[VLIB_TX] = 0; - next_index = (ip_addr_version (&lcm->active_map_server) == IP4) ? + next_index = (ip_addr_version (&lcm->active_map_server) == AF_IP4) ? ip4_lookup_node.index : ip6_lookup_node.index; f = vlib_get_frame_to_node (lcm->vlib_main, next_index); @@ -3010,7 +3051,7 @@ send_map_register (lisp_cp_main_t * lcm, u8 want_map_notif) map_registers_sent++; pool_get (lcm->pending_map_registers_pool, pmr); - memset (pmr, 0, sizeof (*pmr)); + clib_memset (pmr, 0, sizeof (*pmr)); pmr->time_to_expire = PENDING_MREG_EXPIRATION_TIME; hash_set (lcm->map_register_messages_by_nonce, nonce, pmr - lcm->pending_map_registers_pool); @@ -3144,7 +3185,7 @@ _send_encapsulated_map_request (lisp_cp_main_t * lcm, /* set fib index to default and lookup node */ vnet_buffer (b)->sw_if_index[VLIB_TX] = 0; - next_index = (ip_addr_version (&lcm->active_map_resolver) == IP4) ? + next_index = (ip_addr_version (&lcm->active_map_resolver) == AF_IP4) ? ip4_lookup_node.index : ip6_lookup_node.index; f = vlib_get_frame_to_node (lcm->vlib_main, next_index); @@ -3178,7 +3219,7 @@ _send_encapsulated_map_request (lisp_cp_main_t * lcm, { /* add map-request to pending requests table */ pool_get (lcm->pending_map_requests_pool, pmr); - memset (pmr, 0, sizeof (*pmr)); + clib_memset (pmr, 0, sizeof (*pmr)); gid_address_copy (&pmr->src, seid); gid_address_copy (&pmr->dst, deid); clib_fifo_add1 (pmr->nonces, nonce); @@ -3199,14 +3240,14 @@ get_src_and_dst_ip (void *hdr, ip_address_t * src, ip_address_t * dst) if ((ip4->ip_version_and_header_length & 0xF0) == 0x40) { - ip_address_set (src, &ip4->src_address, IP4); - ip_address_set (dst, &ip4->dst_address, IP4); + ip_address_set (src, &ip4->src_address, AF_IP4); + ip_address_set (dst, &ip4->dst_address, AF_IP4); } else { ip6 = hdr; - ip_address_set (src, &ip6->src_address, IP6); - ip_address_set (dst, &ip6->dst_address, IP6); + ip_address_set (src, &ip6->src_address, AF_IP6); + ip_address_set (dst, &ip6->dst_address, AF_IP6); } } @@ -3218,7 +3259,8 @@ lisp_get_vni_from_buffer_ip (lisp_cp_main_t * lcm, vlib_buffer_t * b, u32 vni = ~0, table_id = ~0; table_id = fib_table_get_table_id_for_sw_if_index ((version == - IP4 ? FIB_PROTOCOL_IP4 : + AF_IP4 ? + FIB_PROTOCOL_IP4 : FIB_PROTOCOL_IP6), vnet_buffer (b)->sw_if_index @@ -3274,8 +3316,8 @@ get_src_and_dst_eids_from_buffer (lisp_cp_main_t * lcm, vlib_buffer_t * b, u32 vni = 0; icmp6_neighbor_discovery_ethernet_link_layer_address_option_t *opt; - memset (src, 0, sizeof (*src)); - memset (dst, 0, sizeof (*dst)); + clib_memset (src, 0, sizeof (*src)); + clib_memset (dst, 0, sizeof (*dst)); gid_address_type (dst) = GID_ADDR_NO_ADDRESS; gid_address_type (src) = GID_ADDR_NO_ADDRESS; @@ -3314,9 +3356,9 @@ get_src_and_dst_eids_from_buffer (lisp_cp_main_t * lcm, vlib_buffer_t * b, if (clib_net_to_host_u16 (ah->opcode) != ETHERNET_ARP_OPCODE_request) { - memset (&gid_address_arp_ndp_ip (dst), 0, - sizeof (ip_address_t)); - ip_addr_version (&gid_address_arp_ndp_ip (dst)) = IP4; + clib_memset (&gid_address_arp_ndp_ip (dst), 0, + sizeof (ip_address_t)); + ip_addr_version (&gid_address_arp_ndp_ip (dst)) = AF_IP4; gid_address_arp_ndp_bd (dst) = ~0; return; } @@ -3346,10 +3388,10 @@ get_src_and_dst_eids_from_buffer (lisp_cp_main_t * lcm, vlib_buffer_t * b, ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address) || (opt->header.n_data_u64s != 1)) { - memset (&gid_address_arp_ndp_ip (dst), 0, - sizeof (ip_address_t)); + clib_memset (&gid_address_arp_ndp_ip (dst), 0, + sizeof (ip_address_t)); ip_addr_version (&gid_address_arp_ndp_ip (dst)) = - IP6; + AF_IP6; gid_address_arp_ndp_bd (dst) = ~0; gid_address_type (src) = GID_ADDR_NO_ADDRESS; return; @@ -3358,7 +3400,7 @@ get_src_and_dst_eids_from_buffer (lisp_cp_main_t * lcm, vlib_buffer_t * b, gid_address_ndp_bd (dst) = lisp_get_bd_from_buffer_eth (b); ip_address_set (&gid_address_arp_ndp_ip (dst), - &ndh->target_address, IP6); + &ndh->target_address, AF_IP6); return; } } @@ -3457,8 +3499,7 @@ lisp_cp_lookup_inline (vlib_main_t * vm, + sizeof (*eth0)); arp0->opcode = clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply); arp0->ip4_over_ethernet[1] = arp0->ip4_over_ethernet[0]; - clib_memcpy (arp0->ip4_over_ethernet[0].ethernet, - (u8 *) & mac0, 6); + mac_address_from_u64 (&arp0->ip4_over_ethernet[0].mac, mac0); clib_memcpy (&arp0->ip4_over_ethernet[0].ip4, &gid_address_arp_ip4 (&dst), 4); @@ -3556,7 +3597,7 @@ lisp_cp_lookup_inline (vlib_main_t * vm, lisp_cp_lookup_trace_t *tr = vlib_add_trace (vm, node, b0, sizeof (*tr)); - memset (tr, 0, sizeof (*tr)); + clib_memset (tr, 0, sizeof (*tr)); gid_address_copy (&tr->dst_eid, &dst); ip_address_copy (&tr->map_resolver_ip, &lcm->active_map_resolver); @@ -3727,7 +3768,7 @@ remove_expired_mapping (lisp_cp_main_t * lcm, u32 mi) { mapping_t *m; vnet_lisp_add_del_adjacency_args_t _adj_args, *adj_args = &_adj_args; - memset (adj_args, 0, sizeof (adj_args[0])); + clib_memset (adj_args, 0, sizeof (adj_args[0])); m = pool_elt_at_index (lcm->mapping_pool, mi); @@ -3778,7 +3819,7 @@ process_expired_mapping (lisp_cp_main_t * lcm, u32 mi) fe = pool_elt_at_index (lcm->fwd_entry_pool, fei[0]); - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); a->rmt_eid = fe->reid; if (fe->is_src_dst) a->lcl_eid = fe->leid; @@ -3797,7 +3838,7 @@ process_expired_mapping (lisp_cp_main_t * lcm, u32 mi) { /* mapping is in use, re-fetch */ map_request_args_t mr_args; - memset (&mr_args, 0, sizeof (mr_args)); + clib_memset (&mr_args, 0, sizeof (mr_args)); mr_args.seid = fe->leid; mr_args.deid = fe->reid; @@ -3861,7 +3902,7 @@ process_map_reply (map_records_arg_t * a) vec_foreach (m, a->mappings) { vnet_lisp_add_del_mapping_args_t _m_args, *m_args = &_m_args; - memset (m_args, 0, sizeof (m_args[0])); + clib_memset (m_args, 0, sizeof (m_args[0])); gid_address_copy (&m_args->eid, &m->eid); m_args->action = m->action; m_args->authoritative = m->authoritative; @@ -3878,7 +3919,7 @@ process_map_reply (map_records_arg_t * a) { /* try to program forwarding only if mapping saved or updated */ vnet_lisp_add_del_adjacency_args_t _adj_args, *adj_args = &_adj_args; - memset (adj_args, 0, sizeof (adj_args[0])); + clib_memset (adj_args, 0, sizeof (adj_args[0])); gid_address_copy (&adj_args->leid, &pmr->src); gid_address_copy (&adj_args->reid, &m->eid); @@ -3913,9 +3954,13 @@ static int is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len, lisp_key_type_t key_id, u8 * key) { + lisp_cp_main_t *lcm = vnet_lisp_cp_get_main (); u8 *auth_data = 0; u16 auth_data_len; int result; + vnet_crypto_op_t _op, *op = &_op; + vnet_crypto_key_index_t ki; + u8 out[EVP_MAX_MD_SIZE] = { 0, }; auth_data_len = auth_data_len_by_key_id (key_id); if ((u16) ~ 0 == auth_data_len) @@ -3929,13 +3974,25 @@ is_auth_data_valid (map_notify_hdr_t * h, u32 msg_len, clib_memcpy (auth_data, MNOTIFY_DATA (h), auth_data_len); /* clear auth data */ - memset (MNOTIFY_DATA (h), 0, auth_data_len); + clib_memset (MNOTIFY_DATA (h), 0, auth_data_len); + + vnet_crypto_op_init (op, lisp_key_type_to_crypto_op (key_id)); + op->len = msg_len; + op->digest = out; + op->src = (u8 *) h; + op->digest_len = 0; + op->iv = 0; - /* get hash of the message */ - unsigned char *code = HMAC (get_encrypt_fcn (key_id), key, vec_len (key), - (unsigned char *) h, msg_len, NULL, NULL); + ki = vnet_crypto_key_add (lcm->vlib_main, + lisp_key_type_to_crypto_alg (key_id), key, + vec_len (key)); - result = memcmp (code, auth_data, auth_data_len); + op->key_index = ki; + + vnet_crypto_process_ops (lcm->vlib_main, op, 1); + vnet_crypto_key_del (lcm->vlib_main, ki); + + result = memcmp (out, auth_data, auth_data_len); vec_free (auth_data); @@ -4022,7 +4079,7 @@ parse_map_records (vlib_buffer_t * b, map_records_arg_t * a, u8 count) mapping_t m; locator_t *loc; - memset (&m, 0, sizeof (m)); + clib_memset (&m, 0, sizeof (m)); /* parse record eid */ for (i = 0; i < count; i++) @@ -4077,10 +4134,10 @@ parse_map_notify (vlib_buffer_t * b) map_records_arg_t *a; a = map_record_args_get (); - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); mnotif_hdr = vlib_buffer_get_current (b); vlib_buffer_pull (b, sizeof (*mnotif_hdr)); - memset (&deid, 0, sizeof (deid)); + clib_memset (&deid, 0, sizeof (deid)); a->nonce = MNOTIFY_NONCE (mnotif_hdr); key_id = clib_net_to_host_u16 (MNOTIFY_KEY_ID (mnotif_hdr)); @@ -4163,7 +4220,7 @@ send_map_reply (lisp_cp_main_t * lcm, u32 mi, ip_address_t * dst, vec_add1 (records, m[0]); add_locators (lcm, &records[0], m->locator_set_index, probed_loc); - memset (&src, 0, sizeof (src)); + clib_memset (&src, 0, sizeof (src)); if (!ip_fib_get_first_egress_ip_for_dst (lcm, dst, &src)) { @@ -4179,7 +4236,7 @@ send_map_reply (lisp_cp_main_t * lcm, u32 mi, ip_address_t * dst, free_map_register_records (records); vnet_buffer (b)->sw_if_index[VLIB_TX] = 0; - next_index = (ip_addr_version (&lcm->active_map_resolver) == IP4) ? + next_index = (ip_addr_version (&lcm->active_map_resolver) == AF_IP4) ? ip4_lookup_node.index : ip6_lookup_node.index; f = vlib_get_frame_to_node (lcm->vlib_main, next_index); @@ -4244,7 +4301,7 @@ process_map_request (vlib_main_t * vm, vlib_node_runtime_t * node, /* parse eid records and send SMR-invoked map-requests */ for (i = 0; i < MREQ_REC_COUNT (mreq_hdr); i++) { - memset (&dst, 0, sizeof (dst)); + clib_memset (&dst, 0, sizeof (dst)); len = lisp_msg_parse_eid_rec (b, &dst); if (len == ~0) { @@ -4266,7 +4323,7 @@ process_map_request (vlib_main_t * vm, vlib_node_runtime_t * node, goto done; } rloc_probe_recv++; - memset (&m, 0, sizeof (m)); + clib_memset (&m, 0, sizeof (m)); u32 mi = gid_dictionary_lookup (&lcm->mapping_index_by_gid, &dst); // TODO: select best locator; for now use the first one @@ -4302,7 +4359,7 @@ parse_map_reply (vlib_buffer_t * b) map_records_arg_t *a; a = map_record_args_get (); - memset (a, 0, sizeof (*a)); + clib_memset (a, 0, sizeof (*a)); locator_t *locators; @@ -4311,14 +4368,14 @@ parse_map_reply (vlib_buffer_t * b) a->is_rloc_probe = MREP_RLOC_PROBE (mrep_hdr); if (!vlib_buffer_has_space (b, sizeof (*mrep_hdr))) { - clib_mem_free (a); + map_records_arg_free (a); return 0; } vlib_buffer_pull (b, sizeof (*mrep_hdr)); for (i = 0; i < MREP_REC_COUNT (mrep_hdr); i++) { - memset (&m, 0, sizeof (m)); + clib_memset (&m, 0, sizeof (m)); locators = 0; h = vlib_buffer_get_current (b); @@ -4473,8 +4530,9 @@ lisp_cp_init (vlib_main_t * vm) lcm->flags = 0; lcm->pitr_map_index = ~0; lcm->petr_map_index = ~0; - memset (&lcm->active_map_resolver, 0, sizeof (lcm->active_map_resolver)); - memset (&lcm->active_map_server, 0, sizeof (lcm->active_map_server)); + clib_memset (&lcm->active_map_resolver, 0, + sizeof (lcm->active_map_resolver)); + clib_memset (&lcm->active_map_server, 0, sizeof (lcm->active_map_server)); gid_dictionary_init (&lcm->mapping_index_by_gid); lcm->do_map_resolver_election = 1; @@ -4488,8 +4546,6 @@ lisp_cp_init (vlib_main_t * vm) hash_set (lcm->table_id_by_vni, 0, 0); hash_set (lcm->vni_by_table_id, 0, 0); - lisp_cp_register_dst_port (vm); - u64 now = clib_cpu_time_now (); timing_wheel_init (&lcm->wheel, now, vm->clib_time.clocks_per_second); lcm->nsh_map_index = ~0; @@ -4512,8 +4568,8 @@ lisp_stats_api_fill (lisp_cp_main_t * lcm, lisp_gpe_main_t * lgm, const lisp_gpe_tunnel_t *lgt; fwd_entry_t *fe; - memset (stat, 0, sizeof (*stat)); - memset (&fwd_key, 0, sizeof (fwd_key)); + clib_memset (stat, 0, sizeof (*stat)); + clib_memset (&fwd_key, 0, sizeof (fwd_key)); fe = pool_elt_at_index (lcm->fwd_entry_pool, key->fwd_entry_index); ASSERT (fe != 0); @@ -4858,14 +4914,17 @@ vnet_lisp_stats_enable_disable_state (void) return lcm->flags & LISP_FLAG_STATS_ENABLED; } -/* *INDENT-OFF* */ -VLIB_REGISTER_NODE (lisp_retry_service_node,static) = { - .function = send_map_resolver_service, - .type = VLIB_NODE_TYPE_PROCESS, - .name = "lisp-retry-service", - .process_log2_n_stack_bytes = 16, -}; -/* *INDENT-ON* */ +void +vnet_lisp_create_retry_process (lisp_cp_main_t * lcm) +{ + if (lcm->retry_service_index) + return; + + lcm->retry_service_index = vlib_process_create (vlib_get_main (), + "lisp-retry-service", + send_map_resolver_service, + 16 /* stack_bytes */ ); +} u32 vnet_lisp_set_transport_protocol (u8 protocol)