*outer_dst = ip0->dst_address;
}
+always_inline int
+gbp_endpoint_update_required (const gbp_endpoint_t * ge0,
+ u32 rx_sw_if_index, sclass_t sclass)
+{
+ /* Conditions for [re]learning this EP */
+
+ /* 1. it doesn't have a dataplane source */
+ if (!gbp_endpoint_is_learnt (ge0))
+ return (!0);
+
+ /* 2. has the input interface changed */
+ if (gbp_itf_get_sw_if_index (ge0->ge_fwd.gef_itf) != rx_sw_if_index)
+ return (!0);
+
+ /* 3. has the sclass changed */
+ if (sclass != ge0->ge_fwd.gef_sclass)
+ return (!0);
+
+ /* otherwise it's unchanged */
+ return (0);
+}
+
VLIB_NODE_FN (gbp_learn_l2_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
* check for new EP or a moved EP
*/
if (NULL == ge0 ||
- gbp_itf_get_sw_if_index (ge0->ge_fwd.gef_itf) != sw_if_index0)
+ gbp_endpoint_update_required (ge0, sw_if_index0, sclass0))
{
/*
* use the last 4 bytes of the mac address as the hash for the EP
ge0 = gbp_endpoint_find_ip6 (&ip6_0->src_address, fib_index0);
- if ((NULL == ge0) || !gbp_endpoint_is_learnt (ge0))
+ if ((NULL == ge0) ||
+ gbp_endpoint_update_required (ge0, sw_if_index0, sclass0))
{
t0 = throttle_check (&glm->gl_l3_throttle,
thread_index,
gbp_learn_get_outer (eth0, &outer_src, &outer_dst);
ge0 = gbp_endpoint_find_ip4 (&ip4_0->src_address, fib_index0);
- if ((NULL == ge0) || !gbp_endpoint_is_learnt (ge0))
+ if ((NULL == ge0) ||
+ gbp_endpoint_update_required (ge0, sw_if_index0, sclass0))
{
t0 = throttle_check (&glm->gl_l3_throttle, thread_index,
ip4_0->src_address.as_u32, seed);
NUM_PKTS = 67
-def find_gbp_endpoint(test, sw_if_index=None, ip=None, mac=None, tep=None):
+def find_gbp_endpoint(test, sw_if_index=None, ip=None, mac=None,
+ tep=None, sclass=None):
if ip:
vip = VppIpAddress(ip)
if mac:
if sw_if_index:
if ep.endpoint.sw_if_index != sw_if_index:
continue
+ if sclass:
+ if ep.endpoint.sclass != sclass:
+ continue
if ip:
for eip in ep.endpoint.ips:
if vip == eip:
self.assertTrue(find_gbp_endpoint(
self,
vx_tun_l2_1.sw_if_index,
+ sclass=113,
mac=l['mac'],
tep=[self.pg2.local_ip4,
self.pg2.remote_hosts[2].ip4]))
self.assertFalse(rx[VXLAN].gpflags.D)
self.assertEqual(rx[IPv6].dst, l['ip6'])
+ #
+ # EP changes sclass
+ #
+ for l in learnt:
+ # a packet with an sclass from a known EPG
+ p = (Ether(src=self.pg2.remote_mac,
+ dst=self.pg2.local_mac) /
+ IP(src=self.pg2.remote_hosts[2].ip4,
+ dst=self.pg2.local_ip4) /
+ UDP(sport=1234, dport=48879) /
+ VXLAN(vni=99, gpid=112, flags=0x88) /
+ Ether(src=l['mac'], dst=ep.mac) /
+ IPv6(src=l['ip6'], dst=ep.ip6.address) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ rx = self.send_and_expect(self.pg2, p * 1, self.pg0)
+ rx = self.send_and_expect(self.pg2, p * NUM_PKTS, self.pg0)
+
+ self.assertTrue(find_gbp_endpoint(
+ self,
+ vx_tun_l2_1.sw_if_index,
+ mac=l['mac'],
+ sclass=112,
+ tep=[self.pg2.local_ip4,
+ self.pg2.remote_hosts[2].ip4]))
+
+ #
+ # check reachability and contract intra-epg
+ #
+ allow_intra_class = self.statistics.get_err_counter(
+ '/err/gbp-policy-mac/allow-intra-sclass')
+
+ for l in learnt:
+ p = (Ether(src=ep.mac, dst=l['mac']) /
+ IPv6(dst=l['ip6'], src=ep.ip6.address) /
+ UDP(sport=1234, dport=1234) /
+ Raw('\xa5' * 100))
+
+ rxs = self.send_and_expect(self.pg0, p * NUM_PKTS, self.pg2)
+
+ for rx in rxs:
+ self.assertEqual(rx[IP].src, self.pg2.local_ip4)
+ self.assertEqual(rx[IP].dst, self.pg2.remote_hosts[2].ip4)
+ self.assertEqual(rx[UDP].dport, 48879)
+ self.assertEqual(rx[VXLAN].gpid, 112)
+ self.assertEqual(rx[VXLAN].vni, 99)
+ self.assertTrue(rx[VXLAN].flags.G)
+ self.assertTrue(rx[VXLAN].flags.Instance)
+ self.assertTrue(rx[VXLAN].gpflags.A)
+ self.assertFalse(rx[VXLAN].gpflags.D)
+ self.assertEqual(rx[IPv6].dst, l['ip6'])
+
+ allow_intra_class += NUM_PKTS
+
+ self.assert_error_counter_equal(
+ '/err/gbp-policy-mac/allow-intra-sclass',
+ allow_intra_class)
+
#
# clean up
#