From: Nick Zavaritsky Date: Thu, 27 Feb 2020 15:54:58 +0000 (+0000) Subject: geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node X-Git-Tag: v20.09-rc0~468 X-Git-Url: https://gerrit.fd.io/r/gitweb?a=commitdiff_plain;ds=inline;h=27518c2ffd0ef75e973a64870da0e3339f39ccce;p=vpp.git geneve gtpu vxlan vxlan-gpe: VRF-aware bypass node Bypass node MUST NOT intercept a packet if destination IP doesn’t match a local address. However IP address interpretation depends on the VRF, hence bypass node must take that into account. This patch also factors-out common VTEP management and checking code. Type: improvement Signed-off-by: Nick Zavaritsky Change-Id: I5665d94882bbf45d15f8da140c7ada528ec7fa94 --- diff --git a/src/plugins/gtpu/gtpu.c b/src/plugins/gtpu/gtpu.c index 0abac0053db..baa4d2481e2 100644 --- a/src/plugins/gtpu/gtpu.c +++ b/src/plugins/gtpu/gtpu.c @@ -298,35 +298,6 @@ gtpu_decap_next_is_valid (gtpu_main_t * gtm, u32 is_ip6, u32 decap_next_index) return decap_next_index < r->n_next_nodes; } -static uword -vtep_addr_ref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (gtpu_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (gtpu_main.vtep6, &ip->ip6); - if (vtep) - return ++(*vtep); - ip46_address_is_ip4 (ip) ? - hash_set (gtpu_main.vtep4, ip->ip4.as_u32, 1) : - hash_set_mem_alloc (>pu_main.vtep6, &ip->ip6, 1); - return 1; -} - -static uword -vtep_addr_unref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (gtpu_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (gtpu_main.vtep6, &ip->ip6); - ALWAYS_ASSERT (vtep); - if (--(*vtep) != 0) - return *vtep; - ip46_address_is_ip4 (ip) ? - hash_unset (gtpu_main.vtep4, ip->ip4.as_u32) : - hash_unset_mem_free (>pu_main.vtep6, &ip->ip6); - return 0; -} - typedef CLIB_PACKED (union { struct @@ -498,7 +469,7 @@ int vnet_gtpu_add_del_tunnel * when the forwarding for the entry updates, and the tunnel can * re-stack accordingly */ - vtep_addr_ref (&t->src); + vtep_addr_ref (>m->vtep_table, t->encap_fib_index, &t->src); t->fib_entry_index = fib_entry_track (t->encap_fib_index, &tun_dst_pfx, gtm->fib_node_type, @@ -515,7 +486,8 @@ int vnet_gtpu_add_del_tunnel */ fib_protocol_t fp = fib_ip_proto (is_ip6); - if (vtep_addr_ref (&t->dst) == 1) + if (vtep_addr_ref (>m->vtep_table, + t->encap_fib_index, &t->dst) == 1) { fib_node_index_t mfei; adj_index_t ai; @@ -608,10 +580,11 @@ int vnet_gtpu_add_del_tunnel if (t->flow_index != ~0) vnet_flow_del (vnm, t->flow_index); - vtep_addr_unref (&t->src); + vtep_addr_unref (>m->vtep_table, t->encap_fib_index, &t->src); fib_entry_untrack (t->fib_entry_index, t->sibling_index); } - else if (vtep_addr_unref (&t->dst) == 0) + else if (vtep_addr_unref (>m->vtep_table, + t->encap_fib_index, &t->dst) == 0) { mcast_shared_remove (&t->dst); } @@ -1243,7 +1216,7 @@ gtpu_init (vlib_main_t * vm) gtm->gtpu6_tunnel_by_key = hash_create_mem (0, sizeof (gtpu6_tunnel_key_t), sizeof (uword)); - gtm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword)); + gtm->vtep_table = vtep_table_create (); gtm->mcast_shared = hash_create_mem (0, sizeof (ip46_address_t), sizeof (mcast_shared_t)); diff --git a/src/plugins/gtpu/gtpu.h b/src/plugins/gtpu/gtpu.h index 1d47f2d1b93..6a758ee6847 100644 --- a/src/plugins/gtpu/gtpu.h +++ b/src/plugins/gtpu/gtpu.h @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -210,8 +211,7 @@ typedef struct /* local VTEP IPs ref count used by gtpu-bypass node to check if received gtpu packet DIP matches any local VTEP address */ - uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */ - uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */ + vtep_table_t vtep_table; /* mcast shared info */ uword *mcast_shared; /* keyed on mcast ip46 addr */ diff --git a/src/plugins/gtpu/gtpu_decap.c b/src/plugins/gtpu/gtpu_decap.c index 99af7300025..4193e89c008 100644 --- a/src/plugins/gtpu/gtpu_decap.c +++ b/src/plugins/gtpu/gtpu_decap.c @@ -51,20 +51,7 @@ static u8 * format_gtpu_rx_trace (u8 * s, va_list * args) always_inline u32 validate_gtpu_fib (vlib_buffer_t *b, gtpu_tunnel_t *t, u32 is_ip4) { - u32 fib_index, sw_if_index; - - sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX]; - - if (is_ip4) - fib_index = (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ? - vec_elt (ip4_main.fib_index_by_sw_if_index, sw_if_index) : - vnet_buffer (b)->sw_if_index[VLIB_TX]; - else - fib_index = (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ? - vec_elt (ip6_main.fib_index_by_sw_if_index, sw_if_index) : - vnet_buffer (b)->sw_if_index[VLIB_TX]; - - return (fib_index == t->encap_fib_index); + return t->encap_fib_index == vlib_buffer_get_ip_fib_index (b, is_ip4); } always_inline uword @@ -813,8 +800,10 @@ ip_gtpu_bypass_inline (vlib_main_t * vm, gtpu_main_t * gtm = >pu_main; u32 * from, * to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -823,8 +812,10 @@ ip_gtpu_bypass_inline (vlib_main_t * vm, if (node->flags & VLIB_NODE_FLAG_TRACE) ip4_forward_next_trace (vm, node, frame, VLIB_TX); - if (is_ip4) addr4.data_u32 = ~0; - else ip6_address_set_zero (&addr6); + if (is_ip4) + vtep4_key_init (&last_vtep4); + else + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -908,21 +899,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs*/ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (gtm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for GTPU packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (>m->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for GTPU packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (gtm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for GTPU packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (>m->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for GTPU packet */ } flags0 = b0->flags; @@ -990,21 +973,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs*/ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (gtm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for GTPU packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (>m->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for GTPU packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (gtm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for GTPU packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (>m->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for GTPU packet */ } flags1 = b1->flags; @@ -1108,21 +1083,13 @@ ip_gtpu_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs*/ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (gtm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for GTPU packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (>m->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for GTPU packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (gtm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for GTPU packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (>m->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for GTPU packet */ } flags0 = b0->flags; diff --git a/src/vnet/CMakeLists.txt b/src/vnet/CMakeLists.txt index 5a9ae4c1a7f..a0873a61b38 100644 --- a/src/vnet/CMakeLists.txt +++ b/src/vnet/CMakeLists.txt @@ -460,6 +460,7 @@ list(APPEND VNET_SOURCES ip/punt_api.c ip/punt.c ip/punt_node.c + ip/vtep.c ) list(APPEND VNET_MULTIARCH_SOURCES diff --git a/src/vnet/geneve/decap.c b/src/vnet/geneve/decap.c index e30a56c0327..a04c1d41e90 100644 --- a/src/vnet/geneve/decap.c +++ b/src/vnet/geneve/decap.c @@ -865,8 +865,10 @@ ip_geneve_bypass_inline (vlib_main_t * vm, u32 *from, *to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -876,9 +878,9 @@ ip_geneve_bypass_inline (vlib_main_t * vm, ip4_forward_next_trace (vm, node, frame, VLIB_TX); if (is_ip4) - addr4.data_u32 = ~0; + vtep4_key_init (&last_vtep4); else - ip6_address_set_zero (&addr6); + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -962,21 +964,13 @@ ip_geneve_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for GENEVE packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for GENEVE packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for GENEVE packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for GENEVE packet */ } flags0 = b0->flags; @@ -1048,21 +1042,13 @@ ip_geneve_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for GENEVE packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for GENEVE packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for GENEVE packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for GENEVE packet */ } flags1 = b1->flags; @@ -1170,21 +1156,13 @@ ip_geneve_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for GENEVE packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for GENEVE packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for GENEVE packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for GENEVE packet */ } flags0 = b0->flags; diff --git a/src/vnet/geneve/geneve.c b/src/vnet/geneve/geneve.c index 501ab7f9845..52664b389a4 100644 --- a/src/vnet/geneve/geneve.c +++ b/src/vnet/geneve/geneve.c @@ -292,35 +292,6 @@ geneve_decap_next_is_valid (geneve_main_t * vxm, u32 is_ip6, return decap_next_index < r->n_next_nodes; } -static uword -vtep_addr_ref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (geneve_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (geneve_main.vtep6, &ip->ip6); - if (vtep) - return ++(*vtep); - ip46_address_is_ip4 (ip) ? - hash_set (geneve_main.vtep4, ip->ip4.as_u32, 1) : - hash_set_mem_alloc (&geneve_main.vtep6, &ip->ip6, 1); - return 1; -} - -static uword -vtep_addr_unref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (geneve_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (geneve_main.vtep6, &ip->ip6); - ALWAYS_ASSERT (vtep); - if (--(*vtep) != 0) - return *vtep; - ip46_address_is_ip4 (ip) ? - hash_unset (geneve_main.vtep4, ip->ip4.as_u32) : - hash_unset_mem_free (&geneve_main.vtep6, &ip->ip6); - return 0; -} - typedef CLIB_PACKED (union { struct @@ -498,7 +469,7 @@ int vnet_geneve_add_del_tunnel * when the forwarding for the entry updates, and the tunnel can * re-stack accordingly */ - vtep_addr_ref (&t->local); + vtep_addr_ref (&vxm->vtep_table, t->encap_fib_index, &t->local); t->fib_entry_index = fib_entry_track (t->encap_fib_index, &tun_remote_pfx, FIB_NODE_TYPE_GENEVE_TUNNEL, @@ -515,7 +486,8 @@ int vnet_geneve_add_del_tunnel */ fib_protocol_t fp = fib_ip_proto (is_ip6); - if (vtep_addr_ref (&t->remote) == 1) + if (vtep_addr_ref (&vxm->vtep_table, + t->encap_fib_index, &t->remote) == 1) { fib_node_index_t mfei; adj_index_t ai; @@ -604,10 +576,11 @@ int vnet_geneve_add_del_tunnel if (!ip46_address_is_multicast (&t->remote)) { - vtep_addr_unref (&t->local); + vtep_addr_unref (&vxm->vtep_table, t->encap_fib_index, &t->local); fib_entry_untrack (t->fib_entry_index, t->sibling_index); } - else if (vtep_addr_unref (&t->remote) == 0) + else if (vtep_addr_unref (&vxm->vtep_table, + t->encap_fib_index, &t->remote) == 0) { mcast_shared_remove (&t->remote); } @@ -1118,7 +1091,7 @@ geneve_init (vlib_main_t * vm) vxm->geneve6_tunnel_by_key = hash_create_mem (0, sizeof (geneve6_tunnel_key_t), sizeof (uword)); - vxm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword)); + vxm->vtep_table = vtep_table_create (); vxm->mcast_shared = hash_create_mem (0, sizeof (ip46_address_t), sizeof (mcast_shared_t)); diff --git a/src/vnet/geneve/geneve.h b/src/vnet/geneve/geneve.h index 3bb9083fbd5..491ae23242f 100644 --- a/src/vnet/geneve/geneve.h +++ b/src/vnet/geneve/geneve.h @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -167,8 +168,7 @@ typedef struct /* local VTEP IPs ref count used by geneve-bypass node to check if received GENEVE packet DIP matches any local VTEP address */ - uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */ - uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */ + vtep_table_t vtep_table; /* mcast shared info */ uword *mcast_shared; /* keyed on mcast ip46 addr */ diff --git a/src/vnet/ip/ip.h b/src/vnet/ip/ip.h index 040e580c3a1..75750c5a192 100644 --- a/src/vnet/ip/ip.h +++ b/src/vnet/ip/ip.h @@ -289,6 +289,15 @@ void ip6_prefix_max_address_host_order (ip6_address_t * ip, u8 plen, void ip6_preflen_to_mask (u8 pref_len, ip6_address_t * mask); u32 ip6_mask_to_preflen (ip6_address_t * mask); +always_inline u32 vlib_buffer_get_ip4_fib_index (vlib_buffer_t * b); +always_inline u32 vlib_buffer_get_ip6_fib_index (vlib_buffer_t * b); +always_inline u32 +vlib_buffer_get_ip_fib_index (vlib_buffer_t * b, u8 is_ip4) +{ + return (is_ip4 ? vlib_buffer_get_ip4_fib_index + : vlib_buffer_get_ip6_fib_index) (b); +} + #endif /* included_ip_main_h */ /* diff --git a/src/vnet/ip/ip4.h b/src/vnet/ip/ip4.h index bed552b982c..7a42510166f 100644 --- a/src/vnet/ip/ip4.h +++ b/src/vnet/ip/ip4.h @@ -410,6 +410,16 @@ vlib_buffer_push_ip4 (vlib_main_t * vm, vlib_buffer_t * b, return ih; } + +always_inline u32 +vlib_buffer_get_ip4_fib_index (vlib_buffer_t * b) +{ + u32 fib_index, sw_if_index; + sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX]; + fib_index = vnet_buffer (b)->sw_if_index[VLIB_TX]; + return (fib_index == (u32) ~ 0) ? + vec_elt (ip4_main.fib_index_by_sw_if_index, sw_if_index) : fib_index; +} #endif /* included_ip_ip4_h */ /* diff --git a/src/vnet/ip/ip6.h b/src/vnet/ip/ip6.h index 575c6a0eec5..d12756d421b 100644 --- a/src/vnet/ip/ip6.h +++ b/src/vnet/ip/ip6.h @@ -608,6 +608,16 @@ vlib_buffer_push_ip6 (vlib_main_t * vm, vlib_buffer_t * b, 0 /* flow label */ ); } + +always_inline u32 +vlib_buffer_get_ip6_fib_index (vlib_buffer_t * b) +{ + u32 fib_index, sw_if_index; + sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX]; + fib_index = vnet_buffer (b)->sw_if_index[VLIB_TX]; + return (fib_index == (u32) ~ 0) ? + vec_elt (ip6_main.fib_index_by_sw_if_index, sw_if_index) : fib_index; +} #endif /* included_ip_ip6_h */ /* diff --git a/src/vnet/ip/vtep.c b/src/vnet/ip/vtep.c new file mode 100644 index 00000000000..d0493f8cd2f --- /dev/null +++ b/src/vnet/ip/vtep.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2020 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +uword +vtep_addr_ref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip) +{ + vtep4_key_t key4 = {.addr = ip->ip4,.fib_index = fib_index }; + vtep6_key_t key6 = {.addr = ip->ip6,.fib_index = fib_index }; + uword *vtep = ip46_address_is_ip4 (ip) ? + hash_get (t->vtep4, key4.as_u64) : hash_get_mem (t->vtep6, &key6); + if (vtep) + return ++(*vtep); + ip46_address_is_ip4 (ip) ? + hash_set (t->vtep4, key4.as_u64, 1) : + hash_set_mem_alloc (&t->vtep6, &key6, 1); + return 1; +} + +uword +vtep_addr_unref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip) +{ + vtep4_key_t key4 = {.addr = ip->ip4,.fib_index = fib_index }; + vtep6_key_t key6 = {.addr = ip->ip6,.fib_index = fib_index }; + uword *vtep = ip46_address_is_ip4 (ip) ? + hash_get (t->vtep4, key4.as_u64) : hash_get_mem (t->vtep6, &key6); + ALWAYS_ASSERT (vtep); + if (--(*vtep) != 0) + return *vtep; + ip46_address_is_ip4 (ip) ? + hash_unset (t->vtep4, key4.as_u64) : + hash_unset_mem_free (&t->vtep6, &key6); + return 0; +} + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ip/vtep.h b/src/vnet/ip/vtep.h new file mode 100644 index 00000000000..703ace18dba --- /dev/null +++ b/src/vnet/ip/vtep.h @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2020 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef included_ip_vtep_h +#define included_ip_vtep_h + +#include +#include +#include +#include + +/** + * @brief Tunnel endpoint key (IPv4) + * + * Tunnel modules maintain a set of vtep4_key_t-s to track local IP + * addresses that have tunnels established. Bypass node consults the + * corresponding set to decide whether a packet should bypass normal + * processing and go directly to the tunnel protocol handler node. + */ + +/* *INDENT-OFF* */ +typedef CLIB_PACKED +(struct { + union { + struct { + ip4_address_t addr; + u32 fib_index; + }; + u64 as_u64; + }; +}) vtep4_key_t; +/* *INDENT-ON* */ + +/** + * @brief Tunnel endpoint key (IPv6) + * + * Tunnel modules maintain a set of vtep6_key_t-s to track local IP + * addresses that have tunnels established. Bypass node consults the + * corresponding set to decide whether a packet should bypass normal + * processing and go directly to the tunnel protocol handler node. + */ + +/* *INDENT-OFF* */ +typedef CLIB_PACKED +(struct { + ip6_address_t addr; + u32 fib_index; +}) vtep6_key_t; +/* *INDENT-ON* */ + +typedef struct +{ + uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr + fib_index */ + uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr + fib_index */ +} vtep_table_t; + +always_inline vtep_table_t +vtep_table_create () +{ + vtep_table_t t = { }; + t.vtep6 = hash_create_mem (0, sizeof (vtep6_key_t), sizeof (uword)); + return t; +} + +uword vtep_addr_ref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip); +uword vtep_addr_unref (vtep_table_t * t, u32 fib_index, ip46_address_t * ip); + +always_inline void +vtep4_key_init (vtep4_key_t * k4) +{ + k4->as_u64 = ~((u64) 0); +} + +always_inline void +vtep6_key_init (vtep6_key_t * k6) +{ + ip6_address_set_zero (&k6->addr); + k6->fib_index = (u32) ~ 0; +} + +enum +{ + VTEP_CHECK_FAIL = 0, + VTEP_CHECK_PASS = 1, + VTEP_CHECK_PASS_UNCHANGED = 2 +}; + +always_inline u8 +vtep4_check (vtep_table_t * t, vlib_buffer_t * b0, ip4_header_t * ip40, + vtep4_key_t * last_k4) +{ + vtep4_key_t k4; + k4.addr.as_u32 = ip40->dst_address.as_u32; + k4.fib_index = vlib_buffer_get_ip4_fib_index (b0); + if (PREDICT_TRUE (k4.as_u64 == last_k4->as_u64)) + return VTEP_CHECK_PASS_UNCHANGED; + if (PREDICT_FALSE (!hash_get (t->vtep4, k4.as_u64))) + return VTEP_CHECK_FAIL; + last_k4->as_u64 = k4.as_u64; + return VTEP_CHECK_PASS; +} + +always_inline u8 +vtep6_check (vtep_table_t * t, vlib_buffer_t * b0, ip6_header_t * ip60, + vtep6_key_t * last_k6) +{ + vtep6_key_t k6; + k6.fib_index = vlib_buffer_get_ip6_fib_index (b0); + if (PREDICT_TRUE (k6.fib_index == last_k6->fib_index + && ip60->dst_address.as_u64[0] == last_k6->addr.as_u64[0] + && ip60->dst_address.as_u64[1] == + last_k6->addr.as_u64[1])) + { + return VTEP_CHECK_PASS_UNCHANGED; + } + k6.addr = ip60->dst_address; + if (PREDICT_FALSE (!hash_get_mem (t->vtep6, &k6))) + return VTEP_CHECK_FAIL; + *last_k6 = k6; + return VTEP_CHECK_PASS; +} +#endif /* included_ip_vtep_h */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/vxlan-gpe/decap.c b/src/vnet/vxlan-gpe/decap.c index dec0788c653..f2961d5ff5b 100644 --- a/src/vnet/vxlan-gpe/decap.c +++ b/src/vnet/vxlan-gpe/decap.c @@ -788,8 +788,10 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, u32 *from, *to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -799,9 +801,9 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, ip4_forward_next_trace (vm, node, frame, VLIB_TX); if (is_ip4) - addr4.data_u32 = ~0; + vtep4_key_init (&last_vtep4); else - ip6_address_set_zero (&addr6); + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -883,21 +885,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; @@ -969,21 +963,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for VXLAN packet */ } flags1 = b1->flags; @@ -1089,21 +1075,13 @@ ip_vxlan_gpe_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (ngm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&ngm->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (ngm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&ngm->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; diff --git a/src/vnet/vxlan-gpe/vxlan_gpe.c b/src/vnet/vxlan-gpe/vxlan_gpe.c index 07b7ac96542..3ce8ad619fa 100644 --- a/src/vnet/vxlan-gpe/vxlan_gpe.c +++ b/src/vnet/vxlan-gpe/vxlan_gpe.c @@ -384,35 +384,6 @@ vxlan6_gpe_rewrite (vxlan_gpe_tunnel_t * t, u32 extension_size, return (0); } -static uword -vtep_addr_ref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (vxlan_gpe_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (vxlan_gpe_main.vtep6, &ip->ip6); - if (vtep) - return ++(*vtep); - ip46_address_is_ip4 (ip) ? - hash_set (vxlan_gpe_main.vtep4, ip->ip4.as_u32, 1) : - hash_set_mem_alloc (&vxlan_gpe_main.vtep6, &ip->ip6, 1); - return 1; -} - -static uword -vtep_addr_unref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (vxlan_gpe_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (vxlan_gpe_main.vtep6, &ip->ip6); - ALWAYS_ASSERT (vtep); - if (--(*vtep) != 0) - return *vtep; - ip46_address_is_ip4 (ip) ? - hash_unset (vxlan_gpe_main.vtep4, ip->ip4.as_u32) : - hash_unset_mem_free (&vxlan_gpe_main.vtep6, &ip->ip6); - return 0; -} - /* *INDENT-OFF* */ typedef CLIB_PACKED(union { struct { @@ -620,7 +591,7 @@ int vnet_vxlan_gpe_add_del_tunnel * when the forwarding for the entry updates, and the tunnel can * re-stack accordingly */ - vtep_addr_ref (&t->local); + vtep_addr_ref (&ngm->vtep_table, t->encap_fib_index, &t->local); t->fib_entry_index = fib_entry_track (t->encap_fib_index, &tun_remote_pfx, FIB_NODE_TYPE_VXLAN_GPE_TUNNEL, @@ -637,7 +608,8 @@ int vnet_vxlan_gpe_add_del_tunnel */ fib_protocol_t fp = fib_ip_proto (is_ip6); - if (vtep_addr_ref (&t->remote) == 1) + if (vtep_addr_ref (&ngm->vtep_table, + t->encap_fib_index, &t->remote) == 1) { fib_node_index_t mfei; adj_index_t ai; @@ -726,10 +698,11 @@ int vnet_vxlan_gpe_add_del_tunnel if (!ip46_address_is_multicast (&t->remote)) { - vtep_addr_unref (&t->local); + vtep_addr_unref (&ngm->vtep_table, t->encap_fib_index, &t->local); fib_entry_untrack (t->fib_entry_index, t->sibling_index); } - else if (vtep_addr_unref (&t->remote) == 0) + else if (vtep_addr_unref (&ngm->vtep_table, + t->encap_fib_index, &t->remote) == 0) { mcast_shared_remove (&t->remote); } @@ -1261,7 +1234,7 @@ vxlan_gpe_init (vlib_main_t * vm) ngm->mcast_shared = hash_create_mem (0, sizeof (ip46_address_t), sizeof (mcast_shared_t)); - ngm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword)); + ngm->vtep_table = vtep_table_create (); /* Register the list of standard decap protocols supported */ vxlan_gpe_register_decap_protocol (VXLAN_GPE_PROTOCOL_IP4, diff --git a/src/vnet/vxlan-gpe/vxlan_gpe.h b/src/vnet/vxlan-gpe/vxlan_gpe.h index b93487b08fe..a50be3914ee 100644 --- a/src/vnet/vxlan-gpe/vxlan_gpe.h +++ b/src/vnet/vxlan-gpe/vxlan_gpe.h @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -205,8 +206,7 @@ typedef struct /* local VTEP IPs ref count used by vxlan-bypass node to check if received VXLAN packet DIP matches any local VTEP address */ - uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */ - uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */ + vtep_table_t vtep_table; /* mcast shared info */ uword *mcast_shared; /* keyed on mcast ip46 addr */ /** Free vlib hw_if_indices */ diff --git a/src/vnet/vxlan/decap.c b/src/vnet/vxlan/decap.c index 764dfca4820..3b428be35e4 100644 --- a/src/vnet/vxlan/decap.c +++ b/src/vnet/vxlan/decap.c @@ -46,20 +46,6 @@ format_vxlan_rx_trace (u8 * s, va_list * args) t->tunnel_index, t->vni, t->next_index, t->error); } -always_inline u32 -buf_fib_index (vlib_buffer_t * b, u32 is_ip4) -{ - u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX]; - if (sw_if_index != (u32) ~ 0) - return sw_if_index; - - u32 *fib_index_by_sw_if_index = is_ip4 ? - ip4_main.fib_index_by_sw_if_index : ip6_main.fib_index_by_sw_if_index; - sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX]; - - return vec_elt (fib_index_by_sw_if_index, sw_if_index); -} - typedef vxlan4_tunnel_key_t last_tunnel_cache4; static const vxlan_decap_info_t decap_not_found = { @@ -246,8 +232,8 @@ vxlan_input (vlib_main_t * vm, vlib_buffer_advance (b[0], sizeof *vxlan0); vlib_buffer_advance (b[1], sizeof *vxlan1); - u32 fi0 = buf_fib_index (b[0], is_ip4); - u32 fi1 = buf_fib_index (b[1], is_ip4); + u32 fi0 = vlib_buffer_get_ip_fib_index (b[0], is_ip4); + u32 fi1 = vlib_buffer_get_ip_fib_index (b[1], is_ip4); vxlan_decap_info_t di0 = is_ip4 ? vxlan4_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan0, &stats_if0) : @@ -349,7 +335,7 @@ vxlan_input (vlib_main_t * vm, /* pop (ip, udp, vxlan) */ vlib_buffer_advance (b[0], sizeof (*vxlan0)); - u32 fi0 = buf_fib_index (b[0], is_ip4); + u32 fi0 = vlib_buffer_get_ip_fib_index (b[0], is_ip4); vxlan_decap_info_t di0 = is_ip4 ? vxlan4_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan0, &stats_if0) : @@ -468,8 +454,10 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, u32 *from, *to_next, n_left_from, n_left_to_next, next_index; vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, ip4_input_node.index); - ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */ - ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */ + vtep4_key_t last_vtep4; /* last IPv4 address / fib index + matching a local VTEP address */ + vtep6_key_t last_vtep6; /* last IPv6 address / fib index + matching a local VTEP address */ from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -479,9 +467,9 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, ip4_forward_next_trace (vm, node, frame, VLIB_TX); if (is_ip4) - addr4.data_u32 = ~0; + vtep4_key_init (&last_vtep4); else - ip6_address_set_zero (&addr6); + vtep6_key_init (&last_vtep6); while (n_left_from > 0) { @@ -565,21 +553,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4)) + goto exit0; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip60->dst_address)) - goto exit0; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6)) + goto exit0; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; @@ -651,21 +631,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip41->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr4 = ip41->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b1, ip41, &last_vtep4)) + goto exit1; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip61->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip61->dst_address)) - goto exit1; /* no local VTEP for VXLAN packet */ - addr6 = ip61->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b1, ip61, &last_vtep6)) + goto exit1; /* no local VTEP for VXLAN packet */ } flags1 = b1->flags; @@ -773,21 +745,13 @@ ip_vxlan_bypass_inline (vlib_main_t * vm, /* Validate DIP against VTEPs */ if (is_ip4) { - if (addr4.as_u32 != ip40->dst_address.as_u32) - { - if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32)) - goto exit; /* no local VTEP for VXLAN packet */ - addr4 = ip40->dst_address; - } + if (!vtep4_check (&vxm->vtep_table, b0, ip40, &last_vtep4)) + goto exit; /* no local VTEP for VXLAN packet */ } else { - if (!ip6_address_is_equal (&addr6, &ip60->dst_address)) - { - if (!hash_get_mem (vxm->vtep6, &ip60->dst_address)) - goto exit; /* no local VTEP for VXLAN packet */ - addr6 = ip60->dst_address; - } + if (!vtep6_check (&vxm->vtep_table, b0, ip60, &last_vtep6)) + goto exit; /* no local VTEP for VXLAN packet */ } flags0 = b0->flags; diff --git a/src/vnet/vxlan/vxlan.c b/src/vnet/vxlan/vxlan.c index 32647496a76..ea1748ce4a8 100644 --- a/src/vnet/vxlan/vxlan.c +++ b/src/vnet/vxlan/vxlan.c @@ -291,35 +291,6 @@ vxlan_decap_next_is_valid (vxlan_main_t * vxm, u32 is_ip6, return decap_next_index < r->n_next_nodes; } -static uword -vtep_addr_ref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (vxlan_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (vxlan_main.vtep6, &ip->ip6); - if (vtep) - return ++(*vtep); - ip46_address_is_ip4 (ip) ? - hash_set (vxlan_main.vtep4, ip->ip4.as_u32, 1) : - hash_set_mem_alloc (&vxlan_main.vtep6, &ip->ip6, 1); - return 1; -} - -static uword -vtep_addr_unref (ip46_address_t * ip) -{ - uword *vtep = ip46_address_is_ip4 (ip) ? - hash_get (vxlan_main.vtep4, ip->ip4.as_u32) : - hash_get_mem (vxlan_main.vtep6, &ip->ip6); - ALWAYS_ASSERT (vtep); - if (--(*vtep) != 0) - return *vtep; - ip46_address_is_ip4 (ip) ? - hash_unset (vxlan_main.vtep4, ip->ip4.as_u32) : - hash_unset_mem_free (&vxlan_main.vtep6, &ip->ip6); - return 0; -} - /* *INDENT-OFF* */ typedef CLIB_PACKED(union { @@ -513,7 +484,7 @@ int vnet_vxlan_add_del_tunnel * when the forwarding for the entry updates, and the tunnel can * re-stack accordingly */ - vtep_addr_ref (&t->src); + vtep_addr_ref (&vxm->vtep_table, t->encap_fib_index, &t->src); t->fib_entry_index = fib_entry_track (t->encap_fib_index, &tun_dst_pfx, FIB_NODE_TYPE_VXLAN_TUNNEL, @@ -530,7 +501,8 @@ int vnet_vxlan_add_del_tunnel */ fib_protocol_t fp = fib_ip_proto (is_ip6); - if (vtep_addr_ref (&t->dst) == 1) + if (vtep_addr_ref (&vxm->vtep_table, + t->encap_fib_index, &t->dst) == 1) { fib_node_index_t mfei; adj_index_t ai; @@ -619,10 +591,11 @@ int vnet_vxlan_add_del_tunnel if (t->flow_index != ~0) vnet_flow_del (vnm, t->flow_index); - vtep_addr_unref (&t->src); + vtep_addr_unref (&vxm->vtep_table, t->encap_fib_index, &t->src); fib_entry_untrack (t->fib_entry_index, t->sibling_index); } - else if (vtep_addr_unref (&t->dst) == 0) + else if (vtep_addr_unref (&vxm->vtep_table, + t->encap_fib_index, &t->dst) == 0) { mcast_shared_remove (&t->dst); } @@ -1261,7 +1234,7 @@ vxlan_init (vlib_main_t * vm) VXLAN_HASH_NUM_BUCKETS, VXLAN_HASH_MEMORY_SIZE); clib_bihash_init_24_8 (&vxm->vxlan6_tunnel_by_key, "vxlan6", VXLAN_HASH_NUM_BUCKETS, VXLAN_HASH_MEMORY_SIZE); - vxm->vtep6 = hash_create_mem (0, sizeof (ip6_address_t), sizeof (uword)); + vxm->vtep_table = vtep_table_create (); vxm->mcast_shared = hash_create_mem (0, sizeof (ip46_address_t), sizeof (mcast_shared_t)); diff --git a/src/vnet/vxlan/vxlan.h b/src/vnet/vxlan/vxlan.h index e8fc15be3ce..772c9d77c93 100644 --- a/src/vnet/vxlan/vxlan.h +++ b/src/vnet/vxlan/vxlan.h @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -163,8 +164,7 @@ typedef struct /* local VTEP IPs ref count used by vxlan-bypass node to check if received VXLAN packet DIP matches any local VTEP address */ - uword *vtep4; /* local ip4 VTEPs keyed on their ip4 addr */ - uword *vtep6; /* local ip6 VTEPs keyed on their ip6 addr */ + vtep_table_t vtep_table; /* mcast shared info */ uword *mcast_shared; /* keyed on mcast ip46 addr */