vxlan_header_t * vxlan0, * vxlan1;
uword * p0, * p1;
u32 tunnel_index0, tunnel_index1;
- vxlan_tunnel_t * t0, * t1;
+ vxlan_tunnel_t * t0, * t1, * mt0 = NULL, * mt1 = NULL;
vxlan4_tunnel_key_t key4_0, key4_1;
vxlan6_tunnel_key_t key6_0, key6_1;
u32 error0, error1;
/* udp leaves current_data pointing at the vxlan header */
vxlan0 = vlib_buffer_get_current (b0);
vxlan1 = vlib_buffer_get_current (b1);
-
- next0 = next1 = VXLAN_INPUT_NEXT_L2_INPUT;
-
if (is_ip4) {
vlib_buffer_advance
(b0, -(word)(sizeof(udp_header_t)+sizeof(ip4_header_t)));
key4_0.src = ip4_0->src_address.as_u32;
key4_0.vni = vxlan0->vni_reserved;
- if (PREDICT_FALSE (key4_0.as_u64 != last_key4.as_u64))
+ /* Make sure VXLAN tunnel exist according to packet SIP and VNI */
+ if (PREDICT_FALSE (key4_0.as_u64 != last_key4.as_u64))
{
p0 = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64);
-
- if (p0 == 0)
+ if (PREDICT_FALSE (p0 == NULL))
{
error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
next0 = VXLAN_INPUT_NEXT_DROP;
goto trace0;
}
-
last_key4.as_u64 = key4_0.as_u64;
tunnel_index0 = last_tunnel_index = p0[0];
}
else
tunnel_index0 = last_tunnel_index;
- } else /* !is_ip4 */ {
+ t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0);
+
+ /* Validate VXLAN tunnel SIP against packet DIP */
+ if (PREDICT_TRUE (ip4_0->dst_address.as_u32 == t0->src.ip4.as_u32))
+ goto next0; /* valid packet */
+ if (PREDICT_FALSE (ip4_address_is_multicast (&ip4_0->dst_address)))
+ {
+ key4_0.src = ip4_0->dst_address.as_u32;
+ key4_0.vni = vxlan0->vni_reserved;
+ /* Make sure mcast VXLAN tunnel exist by packet DIP and VNI */
+ p0 = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64);
+ if (PREDICT_TRUE (p0 != NULL))
+ {
+ mt0 = pool_elt_at_index (vxm->tunnels, p0[0]);
+ goto next0; /* valid packet */
+ }
+ }
+ error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
+ next0 = VXLAN_INPUT_NEXT_DROP;
+ goto trace0;
+
+ } else /* !is_ip4 */ {
key6_0.src.as_u64[0] = ip6_0->src_address.as_u64[0];
key6_0.src.as_u64[1] = ip6_0->src_address.as_u64[1];
key6_0.vni = vxlan0->vni_reserved;
- if (PREDICT_FALSE (memcmp(&key6_0, &last_key6, sizeof(last_key6)) != 0))
+ /* Make sure VXLAN tunnel exist according to packet SIP and VNI */
+ if (PREDICT_FALSE (memcmp(&key6_0, &last_key6, sizeof(last_key6)) != 0))
{
p0 = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6_0);
-
- if (p0 == 0)
+ if (PREDICT_FALSE (p0 == NULL))
{
error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
next0 = VXLAN_INPUT_NEXT_DROP;
goto trace0;
}
-
clib_memcpy (&last_key6, &key6_0, sizeof(key6_0));
tunnel_index0 = last_tunnel_index = p0[0];
}
else
tunnel_index0 = last_tunnel_index;
+ t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0);
+
+ /* Validate VXLAN tunnel SIP against packet DIP */
+ if (PREDICT_TRUE (ip6_address_is_equal (&ip6_0->dst_address,
+ &t0->src.ip6)))
+ goto next0; /* valid packet */
+ if (PREDICT_FALSE (ip6_address_is_multicast (&ip6_0->dst_address)))
+ {
+ key6_0.src.as_u64[0] = ip6_0->dst_address.as_u64[0];
+ key6_0.src.as_u64[1] = ip6_0->dst_address.as_u64[1];
+ key6_0.vni = vxlan0->vni_reserved;
+ p0 = hash_get (vxm->vxlan6_tunnel_by_key, &key6_0);
+ if (PREDICT_TRUE (p0 != NULL))
+ {
+ mt0 = pool_elt_at_index (vxm->tunnels, p0[0]);
+ goto next0; /* valid packet */
+ }
+ }
+ error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
+ next0 = VXLAN_INPUT_NEXT_DROP;
+ goto trace0;
}
- t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0);
+ next0:
next0 = t0->decap_next_index;
sw_if_index0 = t0->sw_if_index;
len0 = vlib_buffer_length_in_chain (vm, b0);
if (PREDICT_TRUE(next0 == VXLAN_INPUT_NEXT_L2_INPUT))
vnet_update_l2_len (b0);
- /* Set input sw_if_index to VXLAN tunnel for learning */
+ /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0;
+ sw_if_index0 = (mt0) ? mt0->sw_if_index : sw_if_index0;
pkts_decapsulated ++;
stats_n_packets += 1;
key4_1.src = ip4_1->src_address.as_u32;
key4_1.vni = vxlan1->vni_reserved;
- if (PREDICT_FALSE (key4_1.as_u64 != last_key4.as_u64))
+ /* Make sure unicast VXLAN tunnel exist by packet SIP and VNI */
+ if (PREDICT_FALSE (key4_1.as_u64 != last_key4.as_u64))
{
p1 = hash_get (vxm->vxlan4_tunnel_by_key, key4_1.as_u64);
-
- if (p1 == 0)
+ if (PREDICT_FALSE (p1 == NULL))
{
error1 = VXLAN_ERROR_NO_SUCH_TUNNEL;
next1 = VXLAN_INPUT_NEXT_DROP;
goto trace1;
}
-
last_key4.as_u64 = key4_1.as_u64;
tunnel_index1 = last_tunnel_index = p1[0];
}
else
tunnel_index1 = last_tunnel_index;
- } else /* !is_ip4 */ {
+ t1 = pool_elt_at_index (vxm->tunnels, tunnel_index1);
+
+ /* Validate VXLAN tunnel SIP against packet DIP */
+ if (PREDICT_TRUE (ip4_1->dst_address.as_u32 == t1->src.ip4.as_u32))
+ goto next1; /* valid packet */
+ if (PREDICT_FALSE (ip4_address_is_multicast (&ip4_1->dst_address)))
+ {
+ key4_1.src = ip4_1->dst_address.as_u32;
+ key4_1.vni = vxlan1->vni_reserved;
+ /* Make sure mcast VXLAN tunnel exist by packet DIP and VNI */
+ p1 = hash_get (vxm->vxlan4_tunnel_by_key, key4_1.as_u64);
+ if (PREDICT_TRUE (p1 != NULL))
+ {
+ mt1 = pool_elt_at_index (vxm->tunnels, p1[0]);
+ goto next1; /* valid packet */
+ }
+ }
+ error1 = VXLAN_ERROR_NO_SUCH_TUNNEL;
+ next1 = VXLAN_INPUT_NEXT_DROP;
+ goto trace1;
+
+ } else /* !is_ip4 */ {
key6_1.src.as_u64[0] = ip6_1->src_address.as_u64[0];
key6_1.src.as_u64[1] = ip6_1->src_address.as_u64[1];
key6_1.vni = vxlan1->vni_reserved;
+ /* Make sure VXLAN tunnel exist according to packet SIP and VNI */
if (PREDICT_FALSE (memcmp(&key6_1, &last_key6, sizeof(last_key6)) != 0))
{
p1 = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6_1);
- if (p1 == 0)
+ if (PREDICT_FALSE (p1 == NULL))
{
error1 = VXLAN_ERROR_NO_SUCH_TUNNEL;
next1 = VXLAN_INPUT_NEXT_DROP;
}
else
tunnel_index1 = last_tunnel_index;
- }
+ t1 = pool_elt_at_index (vxm->tunnels, tunnel_index1);
+
+ /* Validate VXLAN tunnel SIP against packet DIP */
+ if (PREDICT_TRUE (ip6_address_is_equal (&ip6_1->dst_address,
+ &t1->src.ip6)))
+ goto next1; /* valid packet */
+ if (PREDICT_FALSE (ip6_address_is_multicast (&ip6_1->dst_address)))
+ {
+ key6_1.src.as_u64[0] = ip6_1->dst_address.as_u64[0];
+ key6_1.src.as_u64[1] = ip6_1->dst_address.as_u64[1];
+ key6_1.vni = vxlan1->vni_reserved;
+ p1 = hash_get (vxm->vxlan6_tunnel_by_key, &key6_1);
+ if (PREDICT_TRUE (p1 != NULL))
+ {
+ mt1 = pool_elt_at_index (vxm->tunnels, p1[0]);
+ goto next1; /* valid packet */
+ }
+ }
+ error1 = VXLAN_ERROR_NO_SUCH_TUNNEL;
+ next1 = VXLAN_INPUT_NEXT_DROP;
+ goto trace1;
+ }
- t1 = pool_elt_at_index (vxm->tunnels, tunnel_index1);
+ next1:
next1 = t1->decap_next_index;
sw_if_index1 = t1->sw_if_index;
len1 = vlib_buffer_length_in_chain (vm, b1);
if (PREDICT_TRUE(next1 == VXLAN_INPUT_NEXT_L2_INPUT))
vnet_update_l2_len (b1);
- /* Set input sw_if_index to VXLAN tunnel for learning */
+ /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
vnet_buffer(b1)->sw_if_index[VLIB_RX] = sw_if_index1;
+ sw_if_index1 = (mt1) ? mt1->sw_if_index : sw_if_index1;
pkts_decapsulated ++;
stats_n_packets += 1;
vxlan_header_t * vxlan0;
uword * p0;
u32 tunnel_index0;
- vxlan_tunnel_t * t0;
+ vxlan_tunnel_t * t0, * mt0 = NULL;
vxlan4_tunnel_key_t key4_0;
vxlan6_tunnel_key_t key6_0;
u32 error0;
/* udp leaves current_data pointing at the vxlan header */
vxlan0 = vlib_buffer_get_current (b0);
-
- next0 = VXLAN_INPUT_NEXT_L2_INPUT;
-
if (is_ip4) {
vlib_buffer_advance
(b0, -(word)(sizeof(udp_header_t)+sizeof(ip4_header_t)));
key4_0.src = ip4_0->src_address.as_u32;
key4_0.vni = vxlan0->vni_reserved;
+ /* Make sure unicast VXLAN tunnel exist by packet SIP and VNI */
if (PREDICT_FALSE (key4_0.as_u64 != last_key4.as_u64))
{
p0 = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64);
-
- if (p0 == 0)
+ if (PREDICT_FALSE (p0 == NULL))
{
error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
next0 = VXLAN_INPUT_NEXT_DROP;
goto trace00;
}
-
last_key4.as_u64 = key4_0.as_u64;
tunnel_index0 = last_tunnel_index = p0[0];
}
else
tunnel_index0 = last_tunnel_index;
+ t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0);
+
+ /* Validate VXLAN tunnel SIP against packet DIP */
+ if (PREDICT_TRUE (ip4_0->dst_address.as_u32 == t0->src.ip4.as_u32))
+ goto next00; /* valid packet */
+ if (PREDICT_FALSE (ip4_address_is_multicast (&ip4_0->dst_address)))
+ {
+ key4_0.src = ip4_0->dst_address.as_u32;
+ key4_0.vni = vxlan0->vni_reserved;
+ /* Make sure mcast VXLAN tunnel exist by packet DIP and VNI */
+ p0 = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64);
+ if (PREDICT_TRUE (p0 != NULL))
+ {
+ mt0 = pool_elt_at_index (vxm->tunnels, p0[0]);
+ goto next00; /* valid packet */
+ }
+ }
+ error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
+ next0 = VXLAN_INPUT_NEXT_DROP;
+ goto trace00;
+
} else /* !is_ip4 */ {
key6_0.src.as_u64[0] = ip6_0->src_address.as_u64[0];
key6_0.src.as_u64[1] = ip6_0->src_address.as_u64[1];
key6_0.vni = vxlan0->vni_reserved;
+ /* Make sure VXLAN tunnel exist according to packet SIP and VNI */
if (PREDICT_FALSE (memcmp(&key6_0, &last_key6, sizeof(last_key6)) != 0))
{
p0 = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6_0);
-
- if (p0 == 0)
+ if (PREDICT_FALSE (p0 == NULL))
{
error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
next0 = VXLAN_INPUT_NEXT_DROP;
goto trace00;
}
-
clib_memcpy (&last_key6, &key6_0, sizeof(key6_0));
tunnel_index0 = last_tunnel_index = p0[0];
}
else
tunnel_index0 = last_tunnel_index;
+ t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0);
+
+ /* Validate VXLAN tunnel SIP against packet DIP */
+ if (PREDICT_TRUE (ip6_address_is_equal (&ip6_0->dst_address,
+ &t0->src.ip6)))
+ goto next00; /* valid packet */
+ if (PREDICT_FALSE (ip6_address_is_multicast (&ip6_0->dst_address)))
+ {
+ key6_0.src.as_u64[0] = ip6_0->dst_address.as_u64[0];
+ key6_0.src.as_u64[1] = ip6_0->dst_address.as_u64[1];
+ key6_0.vni = vxlan0->vni_reserved;
+ p0 = hash_get (vxm->vxlan6_tunnel_by_key, &key6_0);
+ if (PREDICT_TRUE (p0 != NULL))
+ {
+ mt0 = pool_elt_at_index (vxm->tunnels, p0[0]);
+ goto next00; /* valid packet */
+ }
+ }
+ error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
+ next0 = VXLAN_INPUT_NEXT_DROP;
+ goto trace00;
}
- t0 = pool_elt_at_index (vxm->tunnels, tunnel_index0);
+ next00:
next0 = t0->decap_next_index;
sw_if_index0 = t0->sw_if_index;
len0 = vlib_buffer_length_in_chain (vm, b0);
if (PREDICT_TRUE(next0 == VXLAN_INPUT_NEXT_L2_INPUT))
vnet_update_l2_len (b0);
- /* Set input sw_if_index to VXLAN tunnel for learning */
+ /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0;
+ sw_if_index0 = (mt0) ? mt0->sw_if_index : sw_if_index0;
pkts_decapsulated ++;
stats_n_packets += 1;
case VXLAN_INPUT_NEXT_L2_INPUT:
return format (s, "l2");
default:
- return format (s, "next-index %d", next_index);
+ return format (s, "index %d", next_index);
}
return s;
}
vxlan_tunnel_t * t = va_arg (*args, vxlan_tunnel_t *);
vxlan_main_t * ngm = &vxlan_main;
- s = format (s,
- "[%d] src %U dst %U vni %d encap_fib_index %d sw_if_index %d "
- "fib_entry_index %d",
+ s = format (s, "[%d] src %U dst %U vni %d sw_if_index %d ",
t - ngm->tunnels,
format_ip46_address, &t->src, IP46_TYPE_ANY,
format_ip46_address, &t->dst, IP46_TYPE_ANY,
- t->vni, t->encap_fib_index, t->sw_if_index, t->fib_entry_index);
- s = format (s, " decap_next %U\n", format_decap_next, t->decap_next_index);
+ t->vni, t->sw_if_index);
+
+ if (ip46_address_is_multicast (&t->dst))
+ s = format (s, "mcast_sw_if_index %d ", t->mcast_sw_if_index);
+
+ s = format (s, "encap_fib_index %d fib_entry_index %d decap_next %U\n",
+ t->encap_fib_index, t->fib_entry_index,
+ format_decap_next, t->decap_next_index);
return s;
}
vxlan6_tunnel_key_t key6;
u32 is_ip6 = a->is_ip6;
- if (!is_ip6) {
- key4.src = a->dst.ip4.as_u32; /* decap src in key is encap dst in config */
- key4.vni = clib_host_to_net_u32 (a->vni << 8);
-
- p = hash_get (vxm->vxlan4_tunnel_by_key, key4.as_u64);
- pvtep = hash_get (vxm->vtep4, a->src.ip4.as_u32);
- } else {
- key6.src.as_u64[0] = a->dst.ip6.as_u64[0];
- key6.src.as_u64[1] = a->dst.ip6.as_u64[1];
- key6.vni = clib_host_to_net_u32 (a->vni << 8);
-
- p = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6);
- pvtep = NULL; /* ip6 vxlan-bypass not yet implemented */
- }
+ if (!is_ip6)
+ {
+ key4.src = a->dst.ip4.as_u32; /* decap src in key is encap dst in config */
+ key4.vni = clib_host_to_net_u32 (a->vni << 8);
+ p = hash_get (vxm->vxlan4_tunnel_by_key, key4.as_u64);
+ if (ip4_address_is_multicast (&a->dst.ip4))
+ pvtep = hash_get (vxm->vtep4, a->dst.ip4.as_u32);
+ else
+ pvtep = hash_get (vxm->vtep4, a->src.ip4.as_u32);
+ }
+ else
+ {
+ key6.src.as_u64[0] = a->dst.ip6.as_u64[0];
+ key6.src.as_u64[1] = a->dst.ip6.as_u64[1];
+ key6.vni = clib_host_to_net_u32 (a->vni << 8);
+ p = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6);
+ pvtep = NULL; /* ip6 vxlan-bypass not yet implemented */
+ }
if (a->is_add)
{
t->key4 = 0; /* not yet used */
}
- if (!is_ip6) {
+ if (!is_ip6)
rv = vxlan4_rewrite (t);
- } else {
- rv = vxlan6_rewrite (t);
- }
+ else
+ rv = vxlan6_rewrite (t);
if (rv)
{
if (!is_ip6)
{
hash_set (vxm->vxlan4_tunnel_by_key, key4.as_u64, t - vxm->tunnels);
- if (pvtep) pvtep[0]++;
- else hash_set (vxm->vtep4, a->src.ip4.as_u32, 1);
+ if (pvtep)
+ pvtep[0]++;
+ else
+ {
+ if (ip4_address_is_multicast (&a->dst.ip4))
+ hash_set (vxm->vtep4, a->dst.ip4.as_u32, 1);
+ else
+ hash_set (vxm->vtep4, a->src.ip4.as_u32, 1);
+ }
}
else
hash_set_mem (vxm->vxlan6_tunnel_by_key, t->key6, t - vxm->tunnels);
vnet_flood_class_t flood_class = VNET_FLOOD_CLASS_TUNNEL_NORMAL;
fib_prefix_from_ip46_addr(&t->dst, &tun_dst_pfx);
- if (ip46_address_is_multicast(&t->dst))
- {
+ if (!ip46_address_is_multicast(&t->dst))
+ {
+ /* Unicast tunnel -
+ * source the FIB entry for the tunnel's destination
+ * and become a child thereof. The tunnel will then get poked
+ * when the forwarding for the entry updates, and the tunnel can
+ * re-stack accordingly
+ */
+ t->fib_entry_index = fib_table_entry_special_add
+ (t->encap_fib_index, &tun_dst_pfx, FIB_SOURCE_RR,
+ FIB_ENTRY_FLAG_NONE, ADJ_INDEX_INVALID);
+ t->sibling_index = fib_entry_child_add
+ (t->fib_entry_index, FIB_NODE_TYPE_VXLAN_TUNNEL, t - vxm->tunnels);
+ vxlan_tunnel_restack_dpo(t);
+ }
+ else if (pvtep == NULL)
+ {
+ /* Multicast tunnel -
+ * as the same mcast group can be used for mutiple mcast tunnels
+ * with different VNIs, create the output fib adjecency only if
+ * it does not already exist
+ */
fib_protocol_t fp;
u8 mcast_mac[6];
if (!is_ip6) {
/* Add local mcast adj. */
receive_dpo_add_or_lock(dproto, ~0, NULL, &dpo);
t->fib_entry_index = fib_table_entry_special_dpo_add
- (t->encap_fib_index, &tun_dst_pfx, FIB_SOURCE_SPECIAL, FIB_ENTRY_FLAG_NONE, &dpo);
+ (t->encap_fib_index, &tun_dst_pfx,
+ FIB_SOURCE_SPECIAL, FIB_ENTRY_FLAG_NONE, &dpo);
dpo_reset(&dpo);
- } else {
- /*
- * source the FIB entry for the tunnel's destination
- * and become a child thereof. The tunnel will then get poked
- * when the forwarding for the entry updates, and the tunnel can
- * re-stack accordingly
- */
- t->fib_entry_index = fib_table_entry_special_add
- (t->encap_fib_index, &tun_dst_pfx, FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE, ADJ_INDEX_INVALID);
- t->sibling_index = fib_entry_child_add
- (t->fib_entry_index, FIB_NODE_TYPE_VXLAN_TUNNEL, t - vxm->tunnels);
- vxlan_tunnel_restack_dpo(t);
- }
+ }
+
/* Set vxlan tunnel output node */
hi->output_node_index = encap_index;
vxm->tunnel_index_by_sw_if_index[t->sw_if_index] = ~0;
- if (ip46_address_is_multicast(&t->dst))
- {
- adj_unlock(t->mcast_adj_index);
- fib_table_entry_delete_index(t->fib_entry_index, FIB_SOURCE_SPECIAL);
- }
- else
- {
- fib_entry_child_remove(t->fib_entry_index, t->sibling_index);
- fib_table_entry_delete_index(t->fib_entry_index, FIB_SOURCE_RR);
- }
- fib_node_deinit(&t->node);
+ if (!ip46_address_is_multicast(&t->dst))
+ {
+ fib_entry_child_remove(t->fib_entry_index, t->sibling_index);
+ fib_table_entry_delete_index(t->fib_entry_index, FIB_SOURCE_RR);
+ fib_node_deinit(&t->node);
+ }
+ else if (pvtep == NULL || pvtep[0] == 1)
+ {
+ adj_unlock(t->mcast_adj_index);
+ fib_table_entry_delete_index(t->fib_entry_index, FIB_SOURCE_SPECIAL);
+ fib_node_deinit(&t->node);
+ }
if (!is_ip6)
{
{
pvtep[0]--;
if (pvtep[0] == 0)
- hash_unset (vxm->vtep4, a->src.ip4.as_u32);
+ {
+ if (ip4_address_is_multicast (&a->dst.ip4))
+ hash_unset (vxm->vtep4, a->dst.ip4.as_u32);
+ else
+ hash_unset (vxm->vtep4, a->src.ip4.as_u32);
+ }
}
}
else
if (grp_set && !ip46_address_is_multicast(&dst))
return clib_error_return (0, "tunnel group address not multicast");
+ if (grp_set == 0 && ip46_address_is_multicast(&dst))
+ return clib_error_return (0, "dst address must be unicast");
+
if (grp_set && mcast_sw_if_index == ~0)
return clib_error_return (0, "tunnel nonexistent multicast device");
Code Review / vpp.git / commitdiff