h =
vlib_packet_template_get_packet (vm, &im->ip4_arp_request_packet_template,
&bi);
+ if (!h)
+ return;
hi = vnet_get_sup_hw_interface (vnm, adj->rewrite_header.sw_if_index);
arp_nbr_probe (adj);
}
break;
+ case IP_LOOKUP_NEXT_BCAST:
+ adj_nbr_update_rewrite (ai,
+ ADJ_NBR_REWRITE_FLAG_COMPLETE,
+ ethernet_build_rewrite
+ (vnm,
+ sw_if_index,
+ VNET_LINK_IP4,
+ VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST));
+ break;
case IP_LOOKUP_NEXT_MCAST:
{
/*
/* Refuse to over-write static arp. */
if (!is_static && (e->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC))
- return -2;
+ {
+ /* if MAC address match, still check to send event */
+ if (0 == memcmp (e->ethernet_address,
+ a->ethernet, sizeof (e->ethernet_address)))
+ goto check_customers;
+ return -2;
+ }
make_new_arp_cache_entry = 0;
}
}
goto check_customers;
}
- /* Update time stamp and ethernet address. */
+ /* Update ethernet address. */
clib_memcpy (e->ethernet_address, a->ethernet,
sizeof (e->ethernet_address));
}
+ /* Update time stamp and flags. */
e->time_last_updated = vlib_time_now (vm);
if (is_static)
{
_ (l3_type_not_ip4, "L3 type not IP4") \
_ (l3_src_address_not_local, "IP4 source address not local to subnet") \
_ (l3_dst_address_not_local, "IP4 destination address not local to subnet") \
+ _ (l3_dst_address_unset, "IP4 destination address is unset") \
_ (l3_src_address_is_local, "IP4 source address matches local interface") \
_ (l3_src_address_learned, "ARP request IP4 source address learned") \
_ (replies_received, "ARP replies received") \
(arp0->l3_type !=
clib_net_to_host_u16 (ETHERNET_TYPE_IP4) ?
ETHERNET_ARP_ERROR_l3_type_not_ip4 : error0);
+ error0 =
+ (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ?
+ ETHERNET_ARP_ERROR_l3_dst_address_unset : error0);
sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
}
}
- if (!(FIB_ENTRY_FLAG_CONNECTED & dst_flags))
+ if (fib_entry_is_sourced (dst_fei, FIB_SOURCE_ADJ))
+ {
+ /*
+ * We matched an adj-fib on ths source subnet (a /32 previously
+ * added as a result of ARP). If this request is a gratuitous
+ * ARP, then learn from it.
+ * The check for matching an adj-fib, is to prevent hosts
+ * from spamming us with gratuitous ARPS that might otherwise
+ * blow our ARP cache
+ */
+ if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
+ arp0->ip4_over_ethernet[1].ip4.as_u32)
+ error0 = arp_learn (vnm, am, sw_if_index0,
+ &arp0->ip4_over_ethernet[0]);
+ goto drop2;
+ }
+ else if (!(FIB_ENTRY_FLAG_CONNECTED & dst_flags))
{
error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
goto drop1;
/* Learn or update sender's mapping only for replies to addresses
* that are local to the subnet */
if (arp0->opcode ==
- clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply) &&
- dst_is_local0)
+ clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
{
- error0 = arp_learn (vnm, am, sw_if_index0,
- &arp0->ip4_over_ethernet[0]);
+ if (dst_is_local0)
+ error0 = arp_learn (vnm, am, sw_if_index0,
+ &arp0->ip4_over_ethernet[0]);
+ else
+ /* a reply for a non-local destination could be a GARP.
+ * GARPs for hosts we know were handled above, so this one
+ * we drop */
+ error0 = ETHERNET_ARP_ERROR_l3_dst_address_not_local;
+
goto drop1;
}
else if (arp0->opcode ==
continue;
drop1:
- if (0 == arp0->ip4_over_ethernet[0].ip4.as_u32 ||
- (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
- arp0->ip4_over_ethernet[1].ip4.as_u32))
+ if (arp0->ip4_over_ethernet[0].ip4.as_u32 ==
+ arp0->ip4_over_ethernet[1].ip4.as_u32)
{
error0 = ETHERNET_ARP_ERROR_gratuitous_arp;
goto drop2;
u16 bd_index0;
u32 ip0;
u8 *macp0;
- u8 is_vrrp_reply0;
pi0 = from[0];
to_next[0] = pi0;
ethertype0 = clib_net_to_host_u16 (*(u16 *) (l3h0 - 2));
arp0 = (ethernet_arp_header_t *) l3h0;
- if (PREDICT_FALSE ((ethertype0 != ETHERNET_TYPE_ARP) ||
- (arp0->opcode !=
- clib_host_to_net_u16
- (ETHERNET_ARP_OPCODE_request))))
+ if (ethertype0 != ETHERNET_TYPE_ARP)
+ goto check_ip6_nd;
+
+ if ((arp0->opcode !=
+ clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_request)) &&
+ (arp0->opcode !=
+ clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply)))
goto check_ip6_nd;
- /* Must be ARP request packet here */
+ /* Must be ARP request/reply packet here */
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
(p0->flags & VLIB_BUFFER_IS_TRACED)))
{
clib_memcpy (t0, l3h0, sizeof (ethernet_arp_input_trace_t));
}
- error0 = ETHERNET_ARP_ERROR_replies_sent;
+ error0 = 0;
error0 =
(arp0->l2_type !=
clib_net_to_host_u16 (ETHERNET_ARP_HARDWARE_TYPE_ethernet)
if (error0)
goto drop;
- is_vrrp_reply0 =
- ((arp0->opcode ==
- clib_host_to_net_u16 (ETHERNET_ARP_OPCODE_reply))
- &&
- (!memcmp
- (arp0->ip4_over_ethernet[0].ethernet, vrrp_prefix,
- sizeof (vrrp_prefix))));
-
/* Trash ARP packets whose ARP-level source addresses do not
- match their L2-frame-level source addresses, unless it's
- a reply from a VRRP virtual router */
+ match, or if requester address is mcast */
if (PREDICT_FALSE
(memcmp (eth0->src_address, arp0->ip4_over_ethernet[0].ethernet,
- sizeof (eth0->src_address)) && !is_vrrp_reply0))
+ sizeof (eth0->src_address)) ||
+ ethernet_address_cast (arp0->ip4_over_ethernet[0].ethernet)))
{
- error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
+ /* VRRP virtual MAC may be different to SMAC in ARP reply */
+ if (memcmp (arp0->ip4_over_ethernet[0].ethernet, vrrp_prefix,
+ sizeof (vrrp_prefix)))
+ {
+ error0 = ETHERNET_ARP_ERROR_l2_address_mismatch;
+ goto drop;
+ }
+ }
+ if (PREDICT_FALSE
+ (ip4_address_is_multicast (&arp0->ip4_over_ethernet[0].ip4)))
+ {
+ error0 = ETHERNET_ARP_ERROR_l3_src_address_not_local;
goto drop;
}
}
void
-send_ip4_garp (vlib_main_t * vm, const vnet_hw_interface_t * hi)
+send_ip4_garp (vlib_main_t * vm, u32 sw_if_index)
{
ip4_main_t *i4m = &ip4_main;
- ip4_address_t *ip4_addr =
- ip4_interface_first_address (i4m, hi->sw_if_index, 0);
+ ip4_address_t *ip4_addr = ip4_interface_first_address (i4m, sw_if_index, 0);
- send_ip4_garp_w_addr (vm, ip4_addr, hi);
+ send_ip4_garp_w_addr (vm, ip4_addr, sw_if_index);
}
void
send_ip4_garp_w_addr (vlib_main_t * vm,
- const ip4_address_t * ip4_addr,
- const vnet_hw_interface_t * hi)
+ const ip4_address_t * ip4_addr, u32 sw_if_index)
{
ip4_main_t *i4m = &ip4_main;
- u32 sw_if_index = hi->sw_if_index;
+ vnet_main_t *vnm = vnet_get_main ();
+ u8 *rewrite, rewrite_len;
+ vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
if (ip4_addr)
{
u32 bi = 0;
ethernet_arp_header_t *h = vlib_packet_template_get_packet
(vm, &i4m->ip4_arp_request_packet_template, &bi);
+
+ if (!h)
+ return;
+
clib_memcpy (h->ip4_over_ethernet[0].ethernet, hi->hw_address,
sizeof (h->ip4_over_ethernet[0].ethernet));
clib_memcpy (h->ip4_over_ethernet[1].ethernet, hi->hw_address,
/* Setup MAC header with ARP Etype and broadcast DMAC */
vlib_buffer_t *b = vlib_get_buffer (vm, bi);
- vlib_buffer_advance (b, -sizeof (ethernet_header_t));
+ rewrite =
+ ethernet_build_rewrite (vnm, sw_if_index, VNET_LINK_ARP,
+ VNET_REWRITE_FOR_SW_INTERFACE_ADDRESS_BROADCAST);
+ rewrite_len = vec_len (rewrite);
+ vlib_buffer_advance (b, -rewrite_len);
ethernet_header_t *e = vlib_buffer_get_current (b);
- e->type = clib_host_to_net_u16 (ETHERNET_TYPE_ARP);
- clib_memcpy (e->src_address, hi->hw_address, sizeof (e->src_address));
- memset (e->dst_address, 0xff, sizeof (e->dst_address));
+ clib_memcpy (e->dst_address, rewrite, rewrite_len);
+ vec_free (rewrite);
/* Send GARP packet out the specified interface */
vnet_buffer (b)->sw_if_index[VLIB_RX] =
Code Review / vpp.git / blobdiff