Interface can be in promiscuous mode if more than one of its sub-
interface is in L2 mode. In promiscuous mode, L3 interface need to
verify DMAC of packet to match that of the interface and drop if not.
This check was done on sub-interface only and now also added to main
interface path.
Fix incorrect MAC addresses in the flow-per-pkt plugin test, which
caused it to fail.
Fix MAC address usage in BFD tests.
Change-Id: I12a17ec05c7ab298ad10d400c90d082c97eca521
Signed-off-by: John Lo <loj@cisco.com>
Signed-off-by: Klement Sekera <ksekera@cisco.com>
u32 cpu_index = os_get_cpu_number ();
u32 cached_sw_if_index = ~0;
u32 cached_is_l2 = 0; /* shut up gcc */
u32 cpu_index = os_get_cpu_number ();
u32 cached_sw_if_index = ~0;
u32 cached_is_l2 = 0; /* shut up gcc */
+ vnet_hw_interface_t *hi = NULL; /* used for main interface only */
if (variant != ETHERNET_INPUT_VARIANT_ETHERNET)
error_node = vlib_node_get_runtime (vm, ethernet_input_node.index);
if (variant != ETHERNET_INPUT_VARIANT_ETHERNET)
error_node = vlib_node_get_runtime (vm, ethernet_input_node.index);
if (PREDICT_FALSE (sw_if_index0 != sw_if_index1))
goto slowpath;
if (PREDICT_FALSE (sw_if_index0 != sw_if_index1))
goto slowpath;
+ /* Now sw_if_index0 == sw_if_index1 */
if (PREDICT_FALSE (cached_sw_if_index != sw_if_index0))
{
cached_sw_if_index = sw_if_index0;
if (PREDICT_FALSE (cached_sw_if_index != sw_if_index0))
{
cached_sw_if_index = sw_if_index0;
- hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
- intf0 = vec_elt_at_index (em->main_intfs, hi0->hw_if_index);
+ hi = vnet_get_sup_hw_interface (vnm, sw_if_index0);
+ intf0 = vec_elt_at_index (em->main_intfs, hi->hw_if_index);
subint0 = &intf0->untagged_subint;
cached_is_l2 = is_l20 = subint0->flags & SUBINT_CONFIG_L2;
}
subint0 = &intf0->untagged_subint;
cached_is_l2 = is_l20 = subint0->flags & SUBINT_CONFIG_L2;
}
+ if (!ethernet_address_cast (e0->dst_address) &&
+ !eth_mac_equal ((u8 *) e0, hi->hw_address))
+ error0 = ETHERNET_ERROR_L3_MAC_MISMATCH;
+ if (!ethernet_address_cast (e1->dst_address) &&
+ !eth_mac_equal ((u8 *) e1, hi->hw_address))
+ error1 = ETHERNET_ERROR_L3_MAC_MISMATCH;
determine_next_node (em, variant, 0, type0, b0,
&error0, &next0);
vlib_buffer_advance (b0, sizeof (ethernet_header_t));
determine_next_node (em, variant, 0, type0, b0,
&error0, &next0);
vlib_buffer_advance (b0, sizeof (ethernet_header_t));
determine_next_node (em, variant, is_l21, type1, b1, &error1,
&next1);
determine_next_node (em, variant, is_l21, type1, b1, &error1,
&next1);
b0->error = error_node->errors[error0];
b1->error = error_node->errors[error1];
b0->error = error_node->errors[error0];
b1->error = error_node->errors[error1];
// verify speculative enqueue
vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
n_left_to_next, bi0, bi1, next0,
// verify speculative enqueue
vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
n_left_to_next, bi0, bi1, next0,
if (PREDICT_FALSE (cached_sw_if_index != sw_if_index0))
{
cached_sw_if_index = sw_if_index0;
if (PREDICT_FALSE (cached_sw_if_index != sw_if_index0))
{
cached_sw_if_index = sw_if_index0;
- hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
- intf0 = vec_elt_at_index (em->main_intfs, hi0->hw_if_index);
+ hi = vnet_get_sup_hw_interface (vnm, sw_if_index0);
+ intf0 = vec_elt_at_index (em->main_intfs, hi->hw_if_index);
subint0 = &intf0->untagged_subint;
cached_is_l2 = is_l20 = subint0->flags & SUBINT_CONFIG_L2;
}
subint0 = &intf0->untagged_subint;
cached_is_l2 = is_l20 = subint0->flags & SUBINT_CONFIG_L2;
}
+ if (!ethernet_address_cast (e0->dst_address) &&
+ !eth_mac_equal ((u8 *) e0, hi->hw_address))
+ error0 = ETHERNET_ERROR_L3_MAC_MISMATCH;
determine_next_node (em, variant, 0, type0, b0,
&error0, &next0);
vlib_buffer_advance (b0, sizeof (ethernet_header_t));
determine_next_node (em, variant, 0, type0, b0,
&error0, &next0);
vlib_buffer_advance (b0, sizeof (ethernet_header_t));
determine_next_node (em, variant, is_l20, type0, b0, &error0,
&next0);
determine_next_node (em, variant, is_l20, type0, b0, &error0,
&next0);
b0->error = error_node->errors[error0];
// verify speculative enqueue
b0->error = error_node->errors[error0];
// verify speculative enqueue
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next,
bi0, next0);
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next,
bi0, next0);
self.assertNotEqual(p[IP].src, self.loopback0.local_ip4,
"BFD ECHO src IP equal to loopback IP")
self.logger.debug(ppp("Looping back packet:", p))
self.assertNotEqual(p[IP].src, self.loopback0.local_ip4,
"BFD ECHO src IP equal to loopback IP")
self.logger.debug(ppp("Looping back packet:", p))
+ self.assert_equal(p[Ether].dst, self.pg0.remote_mac,
+ "ECHO packet destination MAC address")
+ p[Ether].dst = self.pg0.local_mac
self.pg0.add_stream(p)
self.pg_start()
elif p.haslayer(BFD):
self.pg0.add_stream(p)
self.pg_start()
elif p.haslayer(BFD):
self.logger.debug(ppp("Got packet:", p))
if p[UDP].dport == BFD.udp_dport_echo:
self.logger.debug(ppp("Looping back packet:", p))
self.logger.debug(ppp("Got packet:", p))
if p[UDP].dport == BFD.udp_dport_echo:
self.logger.debug(ppp("Looping back packet:", p))
+ p[Ether].dst = self.pg0.local_mac
self.pg0.add_stream(p)
self.pg_start()
break
self.pg0.add_stream(p)
self.pg_start()
break
self.logger.debug(ppp("Got packet:", p))
if p[UDP].dport == BFD.udp_dport_echo:
self.logger.debug(ppp("Looping back packet:", p))
self.logger.debug(ppp("Got packet:", p))
if p[UDP].dport == BFD.udp_dport_echo:
self.logger.debug(ppp("Looping back packet:", p))
+ p[Ether].dst = self.pg0.local_mac
self.pg0.add_stream(p)
self.pg_start()
break
self.pg0.add_stream(p)
self.pg_start()
break
else:
self.logger.debug(ppp("Got followup echo packet:", p))
self.logger.debug(ppp("Looping back first echo packet:", p))
else:
self.logger.debug(ppp("Got followup echo packet:", p))
self.logger.debug(ppp("Looping back first echo packet:", p))
+ echo_packet[Ether].dst = self.pg0.local_mac
self.pg0.add_stream(echo_packet)
self.pg_start()
elif p.haslayer(BFD):
self.pg0.add_stream(echo_packet)
self.pg_start()
elif p.haslayer(BFD):
timeout_at = time.time() + self.vpp_session.detect_mult * \
self.test_session.required_min_echo_rx / USEC_IN_SEC
p[BFD_vpp_echo].checksum = getrandbits(64)
timeout_at = time.time() + self.vpp_session.detect_mult * \
self.test_session.required_min_echo_rx / USEC_IN_SEC
p[BFD_vpp_echo].checksum = getrandbits(64)
+ p[Ether].dst = self.pg0.local_mac
self.logger.debug(ppp("Looping back modified echo packet:", p))
self.pg0.add_stream(p)
self.pg_start()
self.logger.debug(ppp("Looping back modified echo packet:", p))
self.pg0.add_stream(p)
self.pg_start()
self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== "
"ECHO packet identifier for test purposes)")
self.assert_equal(udp_sport_tx, udp_sport_rx, "UDP source port (== "
"ECHO packet identifier for test purposes)")
- @unittest.skipUnless(running_extended_tests(), "part of extended tests")
def test_echo(self):
""" echo function used """
bfd_session_up(self)
def test_echo(self):
""" echo function used """
bfd_session_up(self)
self.assertNotEqual(p[IPv6].src, self.loopback0.local_ip6,
"BFD ECHO src IP equal to loopback IP")
self.logger.debug(ppp("Looping back packet:", p))
self.assertNotEqual(p[IPv6].src, self.loopback0.local_ip6,
"BFD ECHO src IP equal to loopback IP")
self.logger.debug(ppp("Looping back packet:", p))
+ self.assert_equal(p[Ether].dst, self.pg0.remote_mac,
+ "ECHO packet destination MAC address")
+ p[Ether].dst = self.pg0.local_mac
self.pg0.add_stream(p)
self.pg_start()
elif p.haslayer(BFD):
self.pg0.add_stream(p)
self.pg_start()
elif p.haslayer(BFD):
for size in packet_sizes:
info = self.create_packet_info(src_if, dst_if)
payload = self.info_to_payload(info)
for size in packet_sizes:
info = self.create_packet_info(src_if, dst_if)
payload = self.info_to_payload(info)
- p = (Ether(src=src_if.local_mac, dst=dst_if.remote_mac) /
+ p = (Ether(src=src_if.remote_mac, dst=src_if.local_mac) /
IP(src=src_if.remote_ip4, dst=dst_if.remote_ip4) /
UDP(sport=1234, dport=4321) /
Raw(payload))
IP(src=src_if.remote_ip4, dst=dst_if.remote_ip4) /
UDP(sport=1234, dport=4321) /
Raw(payload))