2 * src/vnet/ip/ip_neighbor.c: ip neighbor generic handling
4 * Copyright (c) 2018 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/vnet.h>
19 #include <vnet/ip/ip.h>
20 #include <vnet/ip/ip6_neighbor.h>
21 #include <vnet/ip/ip_neighbor.h>
22 #include <vnet/ethernet/arp.h>
25 * IP neighbor scan parameter defaults are as follows:
26 * - Scan interval : 60 sec
27 * - Max processing allowed per run : 20 usec
28 * - Max probe/delete operations per run : 10
29 * - Scan interrupt delay to resume scan : 1 msec
30 * - Neighbor stale threshold : 4 x scan-interval
32 #define IP_NEIGHBOR_DEF_SCAN_INTERVAL (60.0)
33 #define IP_NEIGHBOR_DEF_MAX_PROC_TIME (20e-6)
34 #define IP_NEIGHBOR_DEF_SCAN_INT_DELAY (1e-3)
35 #define IP_NEIGHBOR_DEF_STALE (4*IP_NEIGHBOR_DEF_SCAN_INTERVAL)
36 #define IP_NEIGHBOR_DEF_MAX_UPDATE 10
40 f64 scan_interval; /* Periodic scan interval */
41 f64 max_proc_time; /* Max processing time allowed per run */
42 f64 scan_int_delay; /* Scan interrupt delay to resume scan */
43 f64 stale_threshold; /* IP neighbor stale threshod */
44 u8 max_update; /* Max probe/delete actions allowed per run */
45 u8 mode; /* IP neighbor scan mode */
46 } ip_neighbor_scan_config_t;
48 static ip_neighbor_scan_config_t ip_neighbor_scan_conf;
51 format_ip_neighbor_flags (u8 * s, va_list * args)
53 const ip_neighbor_flags_t flags = va_arg (*args, int);
55 if (flags & IP_NEIGHBOR_FLAG_STATIC)
58 if (flags & IP_NEIGHBOR_FLAG_DYNAMIC)
61 if (flags & IP_NEIGHBOR_FLAG_NO_FIB_ENTRY)
68 ip_neighbor_add (const ip46_address_t * ip,
70 const mac_address_t * mac,
72 ip_neighbor_flags_t flags, u32 * stats_index)
74 fib_protocol_t fproto;
79 * there's no validation here of the ND/ARP entry being added.
80 * The expectation is that the FIB will ensure that nothing bad
81 * will come of adding bogus entries.
83 if (IP46_TYPE_IP6 == type)
85 rv = vnet_set_ip6_ethernet_neighbor (vlib_get_main (),
86 sw_if_index, &ip->ip6, mac, flags);
87 fproto = FIB_PROTOCOL_IP6;
88 linkt = VNET_LINK_IP6;
92 ethernet_arp_ip4_over_ethernet_address_t a = {
98 vnet_arp_set_ip4_over_ethernet (vnet_get_main (), sw_if_index, &a,
100 fproto = FIB_PROTOCOL_IP4;
101 linkt = VNET_LINK_IP4;
104 if (0 == rv && stats_index)
105 *stats_index = adj_nbr_find (fproto, linkt, ip, sw_if_index);
111 ip_neighbor_del (const ip46_address_t * ip, ip46_type_t type, u32 sw_if_index)
115 if (IP46_TYPE_IP6 == type)
117 rv = vnet_unset_ip6_ethernet_neighbor (vlib_get_main (),
118 sw_if_index, &ip->ip6);
122 ethernet_arp_ip4_over_ethernet_address_t a = {
127 vnet_arp_unset_ip4_over_ethernet (vnet_get_main (), sw_if_index, &a);
134 ip_neighbor_scan_enable_disable (ip_neighbor_scan_arg_t * arg)
136 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
138 cfg->mode = arg->mode;
142 cfg->scan_interval = arg->scan_interval ?
143 arg->scan_interval * 60.0 : IP_NEIGHBOR_DEF_SCAN_INTERVAL;
144 cfg->max_proc_time = arg->max_proc_time ?
145 arg->max_proc_time * 1e-6 : IP_NEIGHBOR_DEF_MAX_PROC_TIME;
146 cfg->scan_int_delay = arg->scan_int_delay ?
147 arg->scan_int_delay * 1e-3 : IP_NEIGHBOR_DEF_SCAN_INT_DELAY;
148 cfg->stale_threshold = arg->stale_threshold ?
149 arg->stale_threshold * 60.0 : cfg->scan_interval * 4;
150 cfg->max_update = arg->max_update ?
151 cfg->max_update : IP_NEIGHBOR_DEF_MAX_UPDATE;
154 cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
157 static_always_inline u32
158 ip_neighbor_scan (vlib_main_t * vm, f64 start_time, u32 start_idx,
159 u8 is_ip6, u8 delete_stale, u8 * update_count)
161 vnet_main_t *vnm = vnet_get_main ();
162 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
163 ethernet_arp_ip4_entry_t *np4 = ip4_neighbors_pool ();
164 ip6_neighbor_t *np6 = ip6_neighbors_pool ();
165 ethernet_arp_ip4_entry_t *n4;
167 u32 curr_idx = start_idx;
169 f64 delta, update_time;
173 if (pool_is_free_index (np4, start_idx))
174 curr_idx = pool_next_index (np4, start_idx);
178 if (pool_is_free_index (np6, start_idx))
179 curr_idx = pool_next_index (np6, start_idx);
182 while (curr_idx != ~0)
184 /* allow no more than 10 neighbor updates or 20 usec of scan */
185 if ((update_count[0] >= cfg->max_update) ||
186 (((loop_count % 100) == 0) &&
187 ((vlib_time_now (vm) - start_time) > cfg->max_proc_time)))
192 n4 = pool_elt_at_index (np4, curr_idx);
193 if (n4->flags & IP_NEIGHBOR_FLAG_STATIC)
195 update_time = n4->time_last_updated;
199 n6 = pool_elt_at_index (np6, curr_idx);
200 if (n6->flags & IP_NEIGHBOR_FLAG_STATIC)
202 update_time = n6->time_last_updated;
205 delta = start_time - update_time;
206 if (delete_stale && (delta >= cfg->stale_threshold))
209 /* delete stale neighbor */
212 ethernet_arp_ip4_over_ethernet_address_t delme = {
213 .ip4.as_u32 = n4->ip4_address.as_u32,
217 vnet_arp_unset_ip4_over_ethernet (vnm, n4->sw_if_index, &delme);
221 vnet_unset_ip6_ethernet_neighbor
222 (vm, n6->key.sw_if_index, &n6->key.ip6_address);
225 else if (delta >= cfg->scan_interval)
230 ip4_probe_neighbor (vm, &n4->ip4_address, n4->sw_if_index, 1);
232 ip6_probe_neighbor (vm, &n6->key.ip6_address,
233 n6->key.sw_if_index, 1);
240 curr_idx = pool_next_index (np4, curr_idx);
242 curr_idx = pool_next_index (np6, curr_idx);
249 neighbor_scan_process (vlib_main_t * vm,
250 vlib_node_runtime_t * rt, vlib_frame_t * f)
252 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
253 f64 timeout = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
254 f64 start, next_scan = CLIB_TIME_MAX;
255 u32 ip4_nidx = 0; /* ip4 neighbor pool index */
256 u32 ip6_nidx = 0; /* ip6 neighbor pool index */
257 uword *event_data = 0;
258 u8 purge4 = 0, purge6 = 0; /* flags to purge stale entry during scan */
261 cfg->mode = IP_SCAN_DISABLED;
262 cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
263 cfg->scan_int_delay = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
267 vlib_process_wait_for_event_or_clock (vm, timeout);
268 vlib_process_get_events (vm, &event_data);
269 vec_reset_length (event_data);
271 start = vlib_time_now (vm);
274 if ((ip4_nidx == 0) && (ip6_nidx == 0)) /* starting a fresh scan */
275 next_scan = start + cfg->scan_interval;
277 if ((cfg->mode & IP_SCAN_V4_NEIGHBORS) == 0)
278 ip4_nidx = ~0; /* disable ip4 neighbor scan */
280 if ((cfg->mode & IP_SCAN_V6_NEIGHBORS) == 0)
281 ip6_nidx = ~0; /* disable ip6 neighbor scan */
283 if (ip4_nidx != ~0) /* scan ip4 neighbors */
284 ip4_nidx = ip_neighbor_scan (vm, start, ip4_nidx, /* ip4 */ 0,
287 if (ip6_nidx != ~0) /* scan ip6 neighbors */
288 ip6_nidx = ip_neighbor_scan (vm, start, ip6_nidx, /* ip6 */ 1,
291 if ((ip4_nidx == ~0) && (ip6_nidx == ~0))
292 { /* scan complete */
293 timeout = next_scan - vlib_time_now (vm);
294 ip4_nidx = ip6_nidx = 0;
295 purge4 = cfg->mode & IP_SCAN_V4_NEIGHBORS;
296 purge6 = cfg->mode & IP_SCAN_V6_NEIGHBORS;
298 else /* scan incomplete */
299 timeout = cfg->scan_int_delay;
301 if (timeout > cfg->scan_interval)
302 timeout = cfg->scan_interval;
303 else if (timeout < cfg->scan_int_delay)
304 timeout = cfg->scan_int_delay;
311 VLIB_REGISTER_NODE (neighbor_scan_process_node,static) = {
312 .function = neighbor_scan_process,
313 .type = VLIB_NODE_TYPE_PROCESS,
314 .name = "ip-neighbor-scan-process",
318 static clib_error_t *
319 ip_neighbor_scan_cli (vlib_main_t * vm, unformat_input_t * input,
320 vlib_cli_command_t * cmd)
322 unformat_input_t _line_input, *line_input = &_line_input;
323 clib_error_t *error = 0;
324 u32 interval = 0, time = 0, update = 0, delay = 0, stale = 0;
325 ip_neighbor_scan_arg_t arg;
327 clib_memset (&arg, 0, sizeof (arg));
328 arg.mode = IP_SCAN_V46_NEIGHBORS;
330 /* Get a line of input. */
331 if (!unformat_user (input, unformat_line_input, line_input))
333 ip_neighbor_scan_enable_disable (&arg);
337 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
339 if (unformat (line_input, "ip4"))
340 arg.mode = IP_SCAN_V4_NEIGHBORS;
342 else if (unformat (line_input, "ip6"))
343 arg.mode = IP_SCAN_V6_NEIGHBORS;
345 else if (unformat (line_input, "both"))
346 arg.mode = IP_SCAN_V46_NEIGHBORS;
348 else if (unformat (line_input, "disable"))
349 arg.mode = IP_SCAN_DISABLED;
351 else if (unformat (line_input, "interval %d", &interval))
352 arg.scan_interval = interval;
354 else if (unformat (line_input, "max-time %d", &time))
355 arg.max_proc_time = time;
357 else if (unformat (line_input, "max-update %d", &update))
358 arg.max_update = update;
360 else if (unformat (line_input, "delay %d", &delay))
361 arg.scan_int_delay = delay;
363 else if (unformat (line_input, "stale %d", &stale))
364 arg.stale_threshold = stale;
368 error = clib_error_return (0, "unknown input '%U'",
369 format_unformat_error, line_input);
376 error = clib_error_return (0, "interval cannot exceed 255 minutes.");
381 error = clib_error_return (0, "max-time cannot exceed 255 usec.");
386 error = clib_error_return (0, "max-update cannot exceed 255.");
391 error = clib_error_return (0, "delay cannot exceed 255 msec.");
396 error = clib_error_return (0, "stale cannot exceed 255 minutes.");
400 ip_neighbor_scan_enable_disable (&arg);
403 unformat_free (line_input);
409 * The '<em>ip scan-neighbor</em>' command can be used to enable and disable
410 * periodic IP neighbor scan and change various scan parameters.
412 * @note The default parameters used for IP neighbor scan should work fine
413 * under normal conditions. They should not be changed from the default unless
414 * properly tested to work as desired.
417 * Example of enabling IP neighbor scan:
418 * @cliexcmd{ip neighbor-scan enable}
421 VLIB_CLI_COMMAND (ip_scan_neighbor_command, static) = {
422 .path = "ip scan-neighbor",
423 .function = ip_neighbor_scan_cli,
424 .short_help = "ip scan-neighbor [ip4|ip6|both|disable] [interval <n-min>] [max-time <n-usec>] [max-update <n>] [delay <n-msec>] [stale <n-min>]",
430 format_ip_scan_mode (u8 * s, va_list * args)
432 u8 mode = va_arg (*args, u32);
435 case IP_SCAN_V4_NEIGHBORS:
436 return format (s, "IPv4");
437 case IP_SCAN_V6_NEIGHBORS:
438 return format (s, "IPv6");
439 case IP_SCAN_V46_NEIGHBORS:
440 return format (s, "IPv4 and IPv6");
442 return format (s, "unknown");
445 static clib_error_t *
446 show_ip_neighbor_scan (vlib_main_t * vm, unformat_input_t * input,
447 vlib_cli_command_t * cmd)
449 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
453 "IP neighbor scan disabled - current time is %.4f sec",
456 vlib_cli_output (vm, "IP neighbor scan enabled for %U neighbors - "
457 "current time is %.4f sec\n "
458 "Full_scan_interval: %f min "
459 "Stale_purge_threshod: %f min\n "
460 "Max_process_time: %f usec Max_updates %d "
461 "Delay_to_resume_after_max_limit: %f msec",
462 format_ip_scan_mode, cfg->mode,
463 vlib_time_now (vm), cfg->scan_interval / 60.0,
464 cfg->stale_threshold / 60.0, cfg->max_proc_time / 1e-6,
465 cfg->max_update, cfg->scan_int_delay / 1e-3);
470 * The '<em>show ip scan-neighbor</em>' command can be used to show the current
471 * periodic IP neighbor scan parameters
474 * Example of showing IP neighbor scan current parameters:
475 * @cliexcmd{show ip neighbor-scan}
478 VLIB_CLI_COMMAND (show_ip_scan_neighbor_command, static) = {
479 .path = "show ip scan-neighbor",
480 .function = show_ip_neighbor_scan,
481 .short_help = "show ip scan-neighbor",
487 * fd.io coding-style-patch-verification: ON
490 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob