From 6ee4051139409eb53cd41b2b73dac838e8c4e8a0 Mon Sep 17 00:00:00 2001 From: Ole Troan Date: Mon, 12 Feb 2018 18:14:39 +0100 Subject: [PATCH] 6RD: Rewritten 6RD RFC5969 support. Change-Id: Ic30fbcb2630f39e45345d7215babf5d7ed4b33a0 Signed-off-by: Ole Troan --- src/plugins/sixrd.am | 9 +- src/plugins/sixrd/ip4_sixrd.c | 114 +++-- src/plugins/sixrd/ip6_sixrd.c | 129 ----- src/plugins/sixrd/sixrd.api | 44 ++ src/plugins/sixrd/sixrd.c | 934 +++++++++++++++++++++++++---------- src/plugins/sixrd/sixrd.h | 158 +++--- src/plugins/sixrd/sixrd_all_api_h.h | 16 + src/plugins/sixrd/sixrd_dpo.c | 132 ----- src/plugins/sixrd/sixrd_dpo.h | 61 --- src/plugins/sixrd/sixrd_msg_enum.h | 28 ++ src/vnet/adj/adj_delegate.h | 1 - src/vnet/adj/adj_glean.c | 9 + src/vnet/adj/adj_glean.h | 1 + src/vnet/adj/rewrite.c | 2 + src/vnet/fib/fib_entry.h | 5 - src/vnet/fib/fib_entry_src_special.c | 1 - src/vnet/fib/fib_path.c | 1 + src/vnet/ip/ip4_forward.c | 3 +- src/vnet/ip/ip6_forward.c | 3 +- test/Makefile | 2 +- test/test_sixrd.py | 289 +++++++++++ test/vpp_papi_provider.py | 19 + 22 files changed, 1230 insertions(+), 731 deletions(-) delete mode 100644 src/plugins/sixrd/ip6_sixrd.c create mode 100644 src/plugins/sixrd/sixrd.api create mode 100644 src/plugins/sixrd/sixrd_all_api_h.h delete mode 100644 src/plugins/sixrd/sixrd_dpo.c delete mode 100644 src/plugins/sixrd/sixrd_dpo.h create mode 100644 src/plugins/sixrd/sixrd_msg_enum.h create mode 100644 test/test_sixrd.py diff --git a/src/plugins/sixrd.am b/src/plugins/sixrd.am index 0de4508831e..77a4b2187eb 100644 --- a/src/plugins/sixrd.am +++ b/src/plugins/sixrd.am @@ -13,14 +13,15 @@ libsixrd_plugin_la_SOURCES = \ sixrd/sixrd.c \ - sixrd/sixrd_dpo.c \ - sixrd/ip4_sixrd.c \ - sixrd/ip6_sixrd.c + sixrd/ip4_sixrd.c noinst_HEADERS += \ sixrd/sixrd.h \ - sixrd/sixrd_dpo.h + sixrd/sixrd_all_api_h.h \ + sixrd/sixrd_msg_enum.h vppplugins_LTLIBRARIES += libsixrd_plugin.la +API_FILES += sixrd/sixrd.api + # vi:syntax=automake diff --git a/src/plugins/sixrd/ip4_sixrd.c b/src/plugins/sixrd/ip4_sixrd.c index 2fb8015d994..f700f14978c 100644 --- a/src/plugins/sixrd/ip4_sixrd.c +++ b/src/plugins/sixrd/ip4_sixrd.c @@ -13,9 +13,10 @@ * limitations under the License. *--------------------------------------------------------------------------- */ + #include "sixrd.h" -static vlib_node_registration_t ip4_sixrd_node; +vlib_node_registration_t ip4_sixrd_node; typedef enum { IP4_SIXRD_NEXT_IP6_LOOKUP, @@ -23,29 +24,45 @@ typedef enum { IP4_SIXRD_N_NEXT, } ip4_sixrd_next_t; +typedef struct { + u32 tunnel_id; + u32 length; + ip4_address_t src; + ip4_address_t dst; +} sixrd_rx_trace_t; + +u8 * +format_sixrd_rx_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + sixrd_rx_trace_t *t = va_arg (*args, sixrd_rx_trace_t *); + + s = format (s, "6RD: tunnel %d len %d src %U dst %U", + t->tunnel_id, clib_net_to_host_u16 (t->length), + format_ip4_address, &t->src, format_ip4_address, &t->dst); + return s; +} + /* * ip4_sixrd_sec_check */ static_always_inline void -ip4_sixrd_sec_check (sixrd_domain_t *d, ip4_address_t sa4, ip6_address_t sa6, u8 *error) -{ - u32 a = sixrd_get_addr(d, sa6.as_u64[0]); - clib_warning("Security check: %U %U", format_ip4_address, &a, format_ip4_address, &sa4); - if (PREDICT_FALSE(sixrd_get_addr(d, sa6.as_u64[0]) != sa4.as_u32)) +ip4_sixrd_sec_check(sixrd_tunnel_t *t, ip4_address_t sa4, + ip6_address_t sa6, u8 *error) { + if (PREDICT_FALSE(sixrd_get_addr_net(t, sa6.as_u64[0]) != sa4.as_u32)) *error = SIXRD_ERROR_SEC_CHECK; } /* * ip4_sixrd */ -static uword -ip4_sixrd (vlib_main_t *vm, - vlib_node_runtime_t *node, - vlib_frame_t *frame) -{ +uword ip4_sixrd(vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_frame_t *frame) { u32 n_left_from, *from, next_index, *to_next, n_left_to_next; vlib_node_runtime_t *error_node = vlib_node_get_runtime(vm, ip4_sixrd_node.index); - u32 decap = 0; + vnet_interface_main_t * im = &vnet_get_main()->interface_main; + u32 thread_index = vlib_get_thread_index (); from = vlib_frame_vector_args(frame); n_left_from = frame->n_vectors; @@ -58,16 +75,16 @@ ip4_sixrd (vlib_main_t *vm, u32 pi0; vlib_buffer_t *p0; u8 error0 = SIXRD_ERROR_NONE; - sixrd_domain_t *d0 = 0; + sixrd_tunnel_t *t0 = 0; ip4_header_t *ip40; ip6_header_t *ip60; - u32 sixrd_domain_index0 = ~0; - u32 next0; + u32 tunnel_sw_if_index = ~0; + u32 next0 = IP4_SIXRD_NEXT_DROP; pi0 = to_next[0] = from[0]; from += 1; n_left_from -= 1; - to_next +=1; + to_next += 1; n_left_to_next -= 1; p0 = vlib_get_buffer(vm, pi0); @@ -75,52 +92,73 @@ ip4_sixrd (vlib_main_t *vm, /* Throw away anything that isn't IP in IP. */ if (PREDICT_TRUE(ip40->protocol == IP_PROTOCOL_IPV6 && clib_net_to_host_u16(ip40->length) >= 60)) { - vlib_buffer_advance(p0, sizeof(ip4_header_t)); - ip60 = vlib_buffer_get_current(p0); - d0 = ip4_sixrd_get_domain(vnet_buffer(p0)->ip.adj_index[VLIB_TX], (ip6_address_t *)&ip60->src_address, - &sixrd_domain_index0, &error0); + vlib_buffer_advance(p0, sizeof(ip4_header_t)); + t0 = ip4_sixrd_get_tunnel(vnet_buffer(p0)->ip.adj_index[VLIB_TX], (ip4_address_t *)&ip40->dst_address, &error0); } else { - error0 = SIXRD_ERROR_BAD_PROTOCOL; + error0 = SIXRD_ERROR_BAD_PROTOCOL; } - if (d0) { - /* SIXRD inbound security check */ - ip4_sixrd_sec_check(d0, ip40->src_address, ip60->src_address, &error0); + + if (!t0) { + error0 = SIXRD_ERROR_NO_TUNNEL; + goto error; } - next0 = error0 == SIXRD_ERROR_NONE ? IP4_SIXRD_NEXT_IP6_LOOKUP : IP4_SIXRD_NEXT_DROP; + tunnel_sw_if_index = t0->sw_if_index; - if (PREDICT_FALSE(p0->flags & VLIB_BUFFER_IS_TRACED)) { - sixrd_trace_t *tr = vlib_add_trace(vm, node, p0, sizeof(*tr)); - tr->sixrd_domain_index = sixrd_domain_index0; + /* SIXRD inbound security check */ + if (t0->security_check) { + ip60 = vlib_buffer_get_current(p0); + ip4_sixrd_sec_check(t0, ip40->src_address, ip60->src_address, &error0); } + next0 = error0 == SIXRD_ERROR_NONE ? IP4_SIXRD_NEXT_IP6_LOOKUP + : IP4_SIXRD_NEXT_DROP; - p0->error = error_node->errors[error0]; - if (PREDICT_TRUE(error0 == SIXRD_ERROR_NONE)) decap++; - vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, pi0, next0); + if (PREDICT_FALSE(p0->flags & VLIB_BUFFER_IS_TRACED)) { + sixrd_rx_trace_t *tr = vlib_add_trace(vm, node, p0, sizeof(*tr)); + tr->tunnel_id = tunnel_sw_if_index; + tr->length = ip40->length; + tr->src.as_u32 = ip40->src_address.as_u32; + tr->dst.as_u32 = ip40->dst_address.as_u32; + } + error: + if (PREDICT_TRUE(error0 == SIXRD_ERROR_NONE)) { + u32 len = vlib_buffer_length_in_chain (vm, p0); + vlib_increment_combined_counter (im->combined_sw_if_counters + + VNET_INTERFACE_COUNTER_RX, + thread_index, + tunnel_sw_if_index, + 1 /* packets */ , + len /* bytes */ ); + + vnet_buffer (p0)->sw_if_index[VLIB_RX] = tunnel_sw_if_index; + } else { + p0->error = error_node->errors[error0]; + } + vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, + n_left_to_next, pi0, next0); } vlib_put_next_frame(vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter(vm, ip4_sixrd_node.index, SIXRD_ERROR_DECAPSULATED, decap); - return frame->n_vectors; } static char *sixrd_error_strings[] = { -#define _(sym,string) string, - foreach_sixrd_error +#define _(sym, string) string, + foreach_sixrd_error #undef _ }; -VLIB_REGISTER_NODE(ip4_sixrd_node,static) = { +VLIB_REGISTER_NODE(ip4_sixrd_node) = { .function = ip4_sixrd, .name = "ip4-sixrd", .vector_size = sizeof(u32), - .format_trace = format_sixrd_trace, + .format_trace = format_sixrd_rx_trace, .n_errors = SIXRD_N_ERROR, .error_strings = sixrd_error_strings, .n_next_nodes = IP4_SIXRD_N_NEXT, - .next_nodes = { + .next_nodes = + { [IP4_SIXRD_NEXT_IP6_LOOKUP] = "ip6-lookup", [IP4_SIXRD_NEXT_DROP] = "error-drop", }, diff --git a/src/plugins/sixrd/ip6_sixrd.c b/src/plugins/sixrd/ip6_sixrd.c deleted file mode 100644 index 36f3fab320b..00000000000 --- a/src/plugins/sixrd/ip6_sixrd.c +++ /dev/null @@ -1,129 +0,0 @@ -/*--------------------------------------------------------------------------- - * Copyright (c) 2009-2014 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *--------------------------------------------------------------------------- - */ -/* - * Defines used for testing various optimisation schemes - */ -#define SIXRD_ENCAP_DUAL 0 - -#include "sixrd.h" - -static vlib_node_registration_t ip6_sixrd_node; - -typedef enum { - IP6_SIXRD_NEXT_IP4_LOOKUP, - IP6_SIXRD_NEXT_DROP, - IP6_SIXRD_N_NEXT, -} ip6_sixrd_next_t; - -/* - * ip6_sixrd - */ -static uword -ip6_sixrd (vlib_main_t *vm, - vlib_node_runtime_t *node, - vlib_frame_t *frame) -{ - u32 n_left_from, *from, next_index, *to_next, n_left_to_next; - vlib_node_runtime_t *error_node = vlib_node_get_runtime(vm, ip6_sixrd_node.index); - u32 encap = 0; - from = vlib_frame_vector_args(frame); - n_left_from = frame->n_vectors; - next_index = node->cached_next_index; - - while (n_left_from > 0) { - vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next); - - while (n_left_from > 0 && n_left_to_next > 0) { - u32 pi0; - vlib_buffer_t *p0; - sixrd_domain_t *d0; - u8 error0 = SIXRD_ERROR_NONE; - ip6_header_t *ip60; - ip4_header_t *ip4h0; - u32 next0 = IP6_SIXRD_NEXT_IP4_LOOKUP; - u32 sixrd_domain_index0 = ~0; - - pi0 = to_next[0] = from[0]; - from += 1; - n_left_from -= 1; - to_next +=1; - n_left_to_next -= 1; - - p0 = vlib_get_buffer(vm, pi0); - ip60 = vlib_buffer_get_current(p0); - // p0->current_length = clib_net_to_host_u16(ip40->length); - d0 = ip6_sixrd_get_domain(vnet_buffer(p0)->ip.adj_index[VLIB_TX], &sixrd_domain_index0); - ASSERT(d0); - - /* SIXRD calc */ - u64 dal60 = clib_net_to_host_u64(ip60->dst_address.as_u64[0]); - u32 da40 = sixrd_get_addr(d0, dal60); - u16 len = clib_net_to_host_u16(ip60->payload_length) + 60; - if (da40 == 0) error0 = SIXRD_ERROR_UNKNOWN; - - /* construct ipv4 header */ - vlib_buffer_advance(p0, - (sizeof(ip4_header_t))); - ip4h0 = vlib_buffer_get_current(p0); - vnet_buffer(p0)->sw_if_index[VLIB_TX] = (u32)~0; - ip4h0->ip_version_and_header_length = 0x45; - ip4h0->tos = 0; - ip4h0->length = clib_host_to_net_u16(len); - ip4h0->fragment_id = 0; - ip4h0->flags_and_fragment_offset = 0; - ip4h0->ttl = 0x40; - ip4h0->protocol = IP_PROTOCOL_IPV6; - ip4h0->src_address = d0->ip4_src; - ip4h0->dst_address.as_u32 = clib_host_to_net_u32(da40); - ip4h0->checksum = ip4_header_checksum(ip4h0); - - next0 = error0 == SIXRD_ERROR_NONE ? IP6_SIXRD_NEXT_IP4_LOOKUP : IP6_SIXRD_NEXT_DROP; - - if (PREDICT_FALSE(p0->flags & VLIB_BUFFER_IS_TRACED)) { - sixrd_trace_t *tr = vlib_add_trace(vm, node, p0, sizeof(*tr)); - tr->sixrd_domain_index = sixrd_domain_index0; - } - - p0->error = error_node->errors[error0]; - if (PREDICT_TRUE(error0 == SIXRD_ERROR_NONE)) encap++; - - vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, pi0, next0); - } - vlib_put_next_frame(vm, node, next_index, n_left_to_next); - } - vlib_node_increment_counter(vm, ip6_sixrd_node.index, SIXRD_ERROR_ENCAPSULATED, encap); - - return frame->n_vectors; -} - -static char *sixrd_error_strings[] = { -#define _(sym,string) string, - foreach_sixrd_error -#undef _ -}; - -VLIB_REGISTER_NODE(ip6_sixrd_node,static) = { - .function = ip6_sixrd, - .name = "ip6-sixrd", - .vector_size = sizeof(u32), - .format_trace = format_sixrd_trace, - .n_errors = SIXRD_N_ERROR, - .error_strings = sixrd_error_strings, - .n_next_nodes = IP6_SIXRD_N_NEXT, - .next_nodes = { - [IP6_SIXRD_NEXT_IP4_LOOKUP] = "ip4-lookup", - [IP6_SIXRD_NEXT_DROP] = "error-drop", - }, -}; diff --git a/src/plugins/sixrd/sixrd.api b/src/plugins/sixrd/sixrd.api new file mode 100644 index 00000000000..7057bbb1b16 --- /dev/null +++ b/src/plugins/sixrd/sixrd.api @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option version = "2.0.0"; + +define sixrd_add_tunnel +{ + u32 client_index; + u32 context; + u32 fib_index; + u8 ip6_prefix[16]; + u8 ip4_prefix[4]; + u8 ip4_src[4]; + u8 ip6_prefix_len; + u8 ip4_prefix_len; + u16 mtu; + u8 security_check; +}; + +define sixrd_add_tunnel_reply +{ + u32 context; + u32 sw_if_index; + i32 retval; +}; + +autoreply define sixrd_del_tunnel +{ + u32 client_index; + u32 context; + u32 sw_if_index; +}; diff --git a/src/plugins/sixrd/sixrd.c b/src/plugins/sixrd/sixrd.c index ee198f21004..66ad19b7811 100644 --- a/src/plugins/sixrd/sixrd.c +++ b/src/plugins/sixrd/sixrd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Cisco and/or its affiliates. + * Copyright (c) 2018 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -12,18 +12,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -#include "sixrd.h" -#include - -#include -#include -#include -#include - -/* +/** * This code supports the following sixrd modes: - * + * * 32 EA bits (Complete IPv4 address is embedded): * ea_bits_len = 32 * IPv4 suffix is embedded: @@ -32,196 +23,544 @@ * ea_bits_len = 0 */ +#include "sixrd.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include // Really needed? + +/* define message IDs */ +#include "sixrd_msg_enum.h" + +/* define message structures */ +#define vl_typedefs +#include "sixrd_all_api_h.h" +#undef vl_typedefs + +/* define generated endian-swappers */ +#define vl_endianfun +#include "sixrd_all_api_h.h" +#undef vl_endianfun + +/* instantiate all the print functions we know about */ +#define vl_print(handle, ...) vlib_cli_output(handle, __VA_ARGS__) +#define vl_printfun +#include "sixrd_all_api_h.h" +#undef vl_printfun + +/* Get the API version number */ +#define vl_api_version(n, v) static u32 api_version = (v); +#include "sixrd_all_api_h.h" +#undef vl_api_version + +#define REPLY_MSG_ID_BASE sm->msg_id_base +#include + +extern vlib_node_registration_t ip4_sixrd_node; + +/** + * Adj delegate data + */ +typedef struct sixrd_adj_delegate_t_ +{ + /** + * linkage to the adj + */ + u32 adj_index; + + /** + * Linnkage to the FIB node graph + */ + fib_node_t sixrd_node; + + /** + * tracking of the IPv4 next-hop + */ + fib_node_index_t sixrd_fib_entry_index; + + /** + * sibling on the fib-entry + */ + u32 sixrd_sibling; +} sixrd_adj_delegate_t; + +/** + * Pool of delegate structs + */ +static sixrd_adj_delegate_t *sixrd_adj_delegate_pool; + +/** + * Adj delegate registered type + */ +static adj_delegate_type_t sixrd_adj_delegate_type; + +/** + * FIB node registered type + */ +static fib_node_type_t sixrd_fib_node_type; + +static inline sixrd_adj_delegate_t * +sixrd_adj_from_base (adj_delegate_t * ad) +{ + if (NULL == ad) + { + return (NULL); + } + return (pool_elt_at_index (sixrd_adj_delegate_pool, ad->ad_index)); +} + +static inline const sixrd_adj_delegate_t * +sixrd_adj_from_const_base (const adj_delegate_t * ad) +{ + if (NULL == ad) + { + return (NULL); + } + return (pool_elt_at_index (sixrd_adj_delegate_pool, ad->ad_index)); +} + sixrd_main_t sixrd_main; -int -sixrd_create_domain (ip6_address_t *ip6_prefix, - u8 ip6_prefix_len, - ip4_address_t *ip4_prefix, - u8 ip4_prefix_len, - ip4_address_t *ip4_src, - u32 *sixrd_domain_index, - u16 mtu) +static void +sixrd_fixup (vlib_main_t * vm, + ip_adjacency_t * adj, vlib_buffer_t * b0, const void *data) { - dpo_id_t dpo_v6 = DPO_INVALID, dpo_v4 = DPO_INVALID; - sixrd_main_t *mm = &sixrd_main; - fib_node_index_t fei; - sixrd_domain_t *d; - - /* Get domain index */ - pool_get_aligned(mm->domains, d, CLIB_CACHE_LINE_BYTES); - memset(d, 0, sizeof (*d)); - *sixrd_domain_index = d - mm->domains; - - /* Init domain struct */ - d->ip4_prefix.as_u32 = ip4_prefix->as_u32; - d->ip4_prefix_len = ip4_prefix_len; - d->ip6_prefix = *ip6_prefix; - d->ip6_prefix_len = ip6_prefix_len; - d->ip4_src = *ip4_src; - d->mtu = mtu; - - if (ip4_prefix_len < 32) - d->shift = 64 - ip6_prefix_len + (32 - ip4_prefix_len); - - /* Create IPv6 route/adjacency */ - fib_prefix_t pfx6 = { - .fp_proto = FIB_PROTOCOL_IP6, - .fp_len = d->ip6_prefix_len, - .fp_addr = { - .ip6 = d->ip6_prefix, - }, - }; - sixrd_dpo_create(DPO_PROTO_IP6, - *sixrd_domain_index, - &dpo_v6); - fib_table_entry_special_dpo_add(0, &pfx6, - FIB_SOURCE_SIXRD, - FIB_ENTRY_FLAG_EXCLUSIVE, - &dpo_v6); - dpo_reset (&dpo_v6); + ip4_header_t *ip4 = vlib_buffer_get_current (b0); + ip6_header_t *ip6 = vlib_buffer_get_current (b0) + sizeof (ip4_header_t); + const sixrd_tunnel_t *t = data; + + ip4->length = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)); + ip4->dst_address.as_u32 = + sixrd_get_addr_net (t, ip6->dst_address.as_u64[0]); + ip4->checksum = ip4_header_checksum (ip4); +} + +static void +ip6ip_fixup (vlib_main_t * vm, + ip_adjacency_t * adj, vlib_buffer_t * b0, const void *data) +{ + const sixrd_tunnel_t *t = data; + ip4_header_t *ip4 = vlib_buffer_get_current (b0); + ip4->length = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)); + ip4->dst_address.as_u32 = + sixrd_get_addr_net (t, adj->sub_type.nbr.next_hop.as_u64[0]); + ip4->checksum = ip4_header_checksum (ip4); +} + +static sixrd_tunnel_t * +find_tunnel_by_sw_if_index (u32 sw_if_index) +{ + sixrd_main_t *sm = &sixrd_main; + u32 ti = sm->tunnel_index_by_sw_if_index[sw_if_index]; + if (ti == ~0) + { + clib_warning ("Not our tunnel\n"); + return (0); + } + return pool_elt_at_index (sm->tunnels, ti); +} + +static sixrd_tunnel_t * +find_tunnel (ip6_address_t * ip6_prefix) +{ + sixrd_main_t *sm = &sixrd_main; + sixrd_tunnel_t *d; + + /* *INDENT-OFF* */ + pool_foreach (d, sm->tunnels, + ({ + if (!memcmp (&d->ip6_prefix, ip6_prefix, 16)) + return d; + })); + /* *INDENT-ON* */ + return 0; +} + + +static u8 * +sixrd_build_rewrite (vnet_main_t * vnm, + u32 sw_if_index, + vnet_link_t link_type, const void *dst_address) +{ + u8 *rewrite = NULL; + sixrd_tunnel_t *t; + + t = find_tunnel_by_sw_if_index (sw_if_index); + if (!t) + { + return 0; + } + + vec_validate (rewrite, sizeof (ip4_header_t) - 1); + ip4_header_t *ip4 = (ip4_header_t *) rewrite; + ip4->ip_version_and_header_length = 0x45; + ip4->ttl = 64; + ip4->protocol = IP_PROTOCOL_IPV6; + /* fixup ip4 header length and checksum after-the-fact */ + ip4->src_address.as_u32 = t->ip4_src.as_u32; + ip4->dst_address.as_u32 = 0; + ip4->checksum = ip4_header_checksum (ip4); + + return rewrite; +} + +static void +ip6ip_tunnel_stack (adj_index_t ai, u32 fib_entry_index) +{ + sixrd_main_t *sm = &sixrd_main; + ip_adjacency_t *adj = adj_get (ai); + sixrd_tunnel_t *t; + u32 sw_if_index = adj->rewrite_header.sw_if_index; + + if ((vec_len (sm->tunnel_index_by_sw_if_index) < sw_if_index) || + (~0 == sm->tunnel_index_by_sw_if_index[sw_if_index])) + return; + + t = + pool_elt_at_index (sm->tunnels, + sm->tunnel_index_by_sw_if_index[sw_if_index]); /* - * Multiple SIXRD domains may share same source IPv4 TEP - * In this case the route will exist and be SixRD sourced. - * Find the adj (if any) already contributed and modify it + * find the adjacency that is contributed by the FIB entry + * that this tunnel resolves via, and use it as the next adj + * in the midchain */ - fib_prefix_t pfx4 = { - .fp_proto = FIB_PROTOCOL_IP4, - .fp_len = 32, - .fp_addr = { - .ip4 = d->ip4_src, - }, + if (vnet_hw_interface_get_flags (vnet_get_main (), t->hw_if_index) & + VNET_HW_INTERFACE_FLAG_LINK_UP) + { + adj_nbr_midchain_stack (ai, + fib_entry_contribute_ip_forwarding + (fib_entry_index)); + } + else + { + adj_nbr_midchain_unstack (ai); + } +} + +static void +sixrd_tunnel_stack (adj_index_t ai, u32 fib_index) +{ + dpo_id_t dpo = DPO_INVALID; + sixrd_main_t *sm = &sixrd_main; + ip_adjacency_t *adj = adj_get (ai); + u32 sw_if_index = adj->rewrite_header.sw_if_index; + + if ((vec_len (sm->tunnel_index_by_sw_if_index) < sw_if_index) || + (~0 == sm->tunnel_index_by_sw_if_index[sw_if_index])) + return; + + if ((vec_len (sm->tunnel_index_by_sw_if_index) < sw_if_index) || + (sm->tunnel_index_by_sw_if_index[sw_if_index] == ~0)) + return; + + lookup_dpo_add_or_lock_w_fib_index (fib_index, DPO_PROTO_IP4, + LOOKUP_UNICAST, LOOKUP_INPUT_DST_ADDR, + LOOKUP_TABLE_FROM_CONFIG, &dpo); + adj_nbr_midchain_stack (ai, &dpo); +} + +const static ip46_address_t sixrd_special_nh = { + .ip6 = { + .as_u64 = { + [0] = 0xffffffffffffffff, + [1] = 0xffffffffffffffff, + }, + }, +}; + +static void +sixrd_update_adj (vnet_main_t * vnm, u32 sw_if_index, adj_index_t ai) +{ + ip_adjacency_t *adj = adj_get (ai); + sixrd_tunnel_t *t = find_tunnel_by_sw_if_index (sw_if_index); + + if (!memcmp (&sixrd_special_nh, + &adj->sub_type.nbr.next_hop, sizeof (sixrd_special_nh))) + { + adj_nbr_midchain_update_rewrite (ai, sixrd_fixup, t, ADJ_FLAG_NONE, + sixrd_build_rewrite (vnm, sw_if_index, + adj_get_link_type + (ai), NULL)); + sixrd_tunnel_stack (ai, t->fib_index); + } + else + { + sixrd_adj_delegate_t *sixrd_ad; + ip4_address_t da4; + + da4.as_u32 = + sixrd_get_addr_net (t, adj->sub_type.nbr.next_hop.as_u64[0]); + + fib_prefix_t pfx = { + .fp_proto = FIB_PROTOCOL_IP4, + .fp_len = 32, + .fp_addr = {.ip4 = da4,} + , + }; + + adj_nbr_midchain_update_rewrite + (ai, ip6ip_fixup, t, + ADJ_FLAG_NONE, + sixrd_build_rewrite (vnm, sw_if_index, + adj_get_link_type (ai), NULL)); + + sixrd_ad = + sixrd_adj_from_base (adj_delegate_get (adj, sixrd_adj_delegate_type)); + if (NULL == sixrd_ad) + { + pool_get (sixrd_adj_delegate_pool, sixrd_ad); + fib_node_init (&sixrd_ad->sixrd_node, sixrd_fib_node_type); + sixrd_ad->adj_index = ai; + sixrd_ad->sixrd_fib_entry_index = + fib_table_entry_special_add (t->fib_index, &pfx, + FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE); + sixrd_ad->sixrd_sibling = + fib_entry_child_add (sixrd_ad->sixrd_fib_entry_index, + sixrd_fib_node_type, + sixrd_ad - sixrd_adj_delegate_pool); + + adj_delegate_add (adj, + sixrd_adj_delegate_type, + sixrd_ad - sixrd_adj_delegate_pool); + + ip6ip_tunnel_stack (ai, sixrd_ad->sixrd_fib_entry_index); + } + } +} + + +clib_error_t * +sixrd_interface_admin_up_down (vnet_main_t * vnm, u32 hw_if_index, u32 flags) +{ + /* Always up */ + vnet_hw_interface_set_flags (vnm, hw_if_index, + VNET_HW_INTERFACE_FLAG_LINK_UP); + return /* no error */ 0; +} + +/* *INDENT-OFF* */ +VNET_HW_INTERFACE_CLASS (sixrd_hw_interface_class) = +{ + .name = "ip6ip-6rd", + .build_rewrite = sixrd_build_rewrite, + .update_adjacency = sixrd_update_adj, +}; + +VNET_DEVICE_CLASS (sixrd_device_class) = +{ + .name = "ip6ip-6rd", + .admin_up_down_function = sixrd_interface_admin_up_down, +#ifdef SOON + .clear counter = 0; +#endif +}; +/* *INDENT-ON* */ + +static int +sixrd_create_tunnel (ip6_address_t * ip6_prefix, u8 ip6_prefix_len, + ip4_address_t * ip4_prefix, u8 ip4_prefix_len, + ip4_address_t * ip4_src, u16 mtu, bool security_check, + u32 fib_index, u32 * sixrd_tunnel_index) +{ + sixrd_main_t *sm = &sixrd_main; + sixrd_tunnel_t *t; + + if (fib_index == ~0) + return VNET_API_ERROR_NO_SUCH_FIB; + + if ((ip6_prefix_len + 32 - ip4_prefix_len) > 64) + return VNET_API_ERROR_INVALID_VALUE; + + /* Tunnel already configured */ + if (find_tunnel (ip6_prefix)) + return VNET_API_ERROR_INVALID_VALUE; + /* Tunnel already configured for this source */ + if (find_tunnel_by_ip4_address (ip4_src)) + return VNET_API_ERROR_INVALID_VALUE; + + /* Get tunnel index */ + pool_get_aligned (sm->tunnels, t, CLIB_CACHE_LINE_BYTES); + memset (t, 0, sizeof (*t)); + t->tunnel_index = t - sm->tunnels; + + /* Init tunnel struct */ + t->ip4_prefix.as_u32 = ip4_prefix->as_u32; + t->ip4_prefix_len = ip4_prefix_len; + t->ip6_prefix = *ip6_prefix; + t->ip6_prefix_len = ip6_prefix_len; + t->ip4_src = *ip4_src; + t->mtu = mtu ? mtu : SIXRD_DEFAULT_MTU; + t->security_check = security_check; + + t->shift = (ip4_prefix_len < 32) ? + 64 - ip6_prefix_len - (32 - ip4_prefix_len) : 0; + + /* Create interface */ + u32 hw_if_index = vnet_register_interface (vnet_get_main (), + sixrd_device_class.index, + t->tunnel_index, + sixrd_hw_interface_class.index, + t->tunnel_index); + + /* Default the interface to up and enable IPv6 (payload) */ + vnet_hw_interface_t *hi = + vnet_get_hw_interface (vnet_get_main (), hw_if_index); + t->hw_if_index = hw_if_index; + t->fib_index = fib_index; + t->sw_if_index = hi->sw_if_index; + + hi->max_l3_packet_bytes[VLIB_RX] = hi->max_l3_packet_bytes[VLIB_TX] = + t->mtu; + + vec_validate_init_empty (sm->tunnel_index_by_sw_if_index, hi->sw_if_index, + ~0); + sm->tunnel_index_by_sw_if_index[hi->sw_if_index] = t->tunnel_index; + + hash_set (sm->tunnel_by_ip, ip4_src->as_u32, t->tunnel_index); + + vnet_hw_interface_set_flags (vnet_get_main (), hw_if_index, + VNET_HW_INTERFACE_FLAG_LINK_UP); + vnet_sw_interface_set_flags (vnet_get_main (), hi->sw_if_index, + VNET_SW_INTERFACE_FLAG_ADMIN_UP); + + /* Create IPv6 route/adjacency */ + fib_prefix_t pfx6 = { + .fp_proto = FIB_PROTOCOL_IP6, + .fp_len = t->ip6_prefix_len, + .fp_addr = {.ip6 = t->ip6_prefix,} + , }; - fei = fib_table_lookup_exact_match(0, &pfx4); - - if (FIB_NODE_INDEX_INVALID != fei) - { - dpo_id_t dpo = DPO_INVALID; - - if (fib_entry_get_dpo_for_source (fei, FIB_SOURCE_SIXRD, &dpo)) - { - /* - * modify the existing adj to indicate it's shared - * skip to route add. - * It is locked to pair with the unlock below. - */ - const dpo_id_t *sd_dpo; - sixrd_dpo_t *sd; - - ASSERT(DPO_LOAD_BALANCE == dpo.dpoi_type); - - sd_dpo = load_balance_get_bucket(dpo.dpoi_index, 0); - sd = sixrd_dpo_get (sd_dpo->dpoi_index); - - sd->sd_domain = ~0; - dpo_copy (&dpo_v4, sd_dpo); - dpo_reset (&dpo); - - goto route_add; - } - } - /* first time addition of the route */ - sixrd_dpo_create(DPO_PROTO_IP4, - *sixrd_domain_index, - &dpo_v4); - -route_add: - /* - * Create ip4 route. This is a reference counted add. If the prefix - * already exists and is SixRD sourced, it is now SixRD source n+1 times - * and will need to be removed n+1 times. - */ - fib_table_entry_special_dpo_add(0, &pfx4, - FIB_SOURCE_SIXRD, - FIB_ENTRY_FLAG_EXCLUSIVE, - &dpo_v4); - dpo_reset (&dpo_v4); + + fib_table_entry_update_one_path (fib_index, &pfx6, + FIB_SOURCE_CLI, FIB_ENTRY_FLAG_ATTACHED, + DPO_PROTO_IP6, &sixrd_special_nh, + hi->sw_if_index, + ~0, 1, NULL, FIB_ROUTE_PATH_FLAG_NONE); + + *sixrd_tunnel_index = hi->sw_if_index; + + ip4_register_protocol (IP_PROTOCOL_IPV6, ip4_sixrd_node.index); return 0; } /* - * sixrd_delete_domain + * sixrd_delete_tunnel */ int -sixrd_delete_domain (u32 sixrd_domain_index) +sixrd_delete_tunnel (u32 sw_if_index) { - sixrd_main_t *mm = &sixrd_main; - sixrd_domain_t *d; - - if (pool_is_free_index(mm->domains, sixrd_domain_index)) { - clib_warning("SIXRD domain delete: domain does not exist: %d", - sixrd_domain_index); - return -1; - } - - d = pool_elt_at_index(mm->domains, sixrd_domain_index); - - fib_prefix_t pfx = { - .fp_proto = FIB_PROTOCOL_IP4, - .fp_len = 32, - .fp_addr = { - .ip4 = d->ip4_src, - }, - }; - fib_table_entry_special_remove(0, &pfx, FIB_SOURCE_SIXRD); + sixrd_main_t *sm = &sixrd_main; + sixrd_tunnel_t *t = find_tunnel_by_sw_if_index (sw_if_index); + + if (!t) + { + clib_warning ("SIXRD tunnel delete: tunnel does not exist: %d", + sw_if_index); + return -1; + } fib_prefix_t pfx6 = { - .fp_proto = FIB_PROTOCOL_IP6, - .fp_len = d->ip6_prefix_len, - .fp_addr = { - .ip6 = d->ip6_prefix, - }, + .fp_proto = FIB_PROTOCOL_IP6, + .fp_len = t->ip6_prefix_len, + .fp_addr = {.ip6 = t->ip6_prefix,} + , }; - fib_table_entry_special_remove(0, &pfx6, FIB_SOURCE_SIXRD); + fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_CLI); + vnet_sw_interface_set_flags (vnet_get_main (), t->sw_if_index, + 0 /* down */ ); + + sm->tunnel_index_by_sw_if_index[t->sw_if_index] = ~0; + + hash_unset (sm->tunnel_by_ip, t->ip4_src.as_u32); - pool_put(mm->domains, d); + vnet_delete_hw_interface (vnet_get_main (), t->hw_if_index); + + pool_put (sm->tunnels, t); return 0; } static clib_error_t * -sixrd_add_domain_command_fn (vlib_main_t *vm, - unformat_input_t *input, - vlib_cli_command_t *cmd) +sixrd_add_del_tunnel_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; ip4_address_t ip4_prefix; ip6_address_t ip6_prefix; ip4_address_t ip4_src; - u32 ip6_prefix_len=0, ip4_prefix_len=0, sixrd_domain_index; + u32 ip6_prefix_len = 0, ip4_prefix_len = 0, sixrd_tunnel_index; u32 num_m_args = 0; /* Optional arguments */ u32 mtu = 0; + u32 fib_index = 0; clib_error_t *error = 0; + bool is_add = true, security_check = false; /* Get a line of input. */ - if (!unformat_user(input, unformat_line_input, line_input)) + if (!unformat_user (input, unformat_line_input, line_input)) return 0; - while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) { - if (unformat(line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix, &ip6_prefix_len)) - num_m_args++; - else if (unformat(line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix, &ip4_prefix_len)) - num_m_args++; - else if (unformat(line_input, "ip4-src %U", unformat_ip4_address, &ip4_src)) - num_m_args++; - else if (unformat(line_input, "mtu %d", &mtu)) - num_m_args++; - else { - error = clib_error_return(0, "unknown input `%U'", - format_unformat_error, line_input); - goto done; + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "del")) + is_add = false; + if (unformat (line_input, "security-check")) + security_check = true; + else + if (unformat + (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix, + &ip6_prefix_len)) + num_m_args++; + else if (unformat (line_input, "ip4-pfx %U/%d", unformat_ip4_address, + &ip4_prefix, &ip4_prefix_len)) + num_m_args++; + else + if (unformat + (line_input, "ip4-src %U", unformat_ip4_address, &ip4_src)) + num_m_args++; + else if (unformat (line_input, "mtu %d", &mtu)) + num_m_args++; + else if (unformat (line_input, "fib-id %d", &fib_index)) + ; + else + { + error = + clib_error_return (0, "unknown input `%U'", format_unformat_error, + line_input); + goto done; + } } - } - - if (num_m_args < 3) { - error = clib_error_return(0, "mandatory argument(s) missing"); - goto done; - } - sixrd_create_domain(&ip6_prefix, ip6_prefix_len, &ip4_prefix, ip4_prefix_len, - &ip4_src, &sixrd_domain_index, mtu); + if (num_m_args < 3) + { + error = clib_error_return (0, "mandatory argument(s) missing"); + goto done; + } + if (is_add) + { + int rv = sixrd_create_tunnel (&ip6_prefix, ip6_prefix_len, &ip4_prefix, + ip4_prefix_len, &ip4_src, mtu, + security_check, + fib_index, &sixrd_tunnel_index); + if (rv) + error = clib_error_return (0, "adding tunnel failed"); + } + else + { + sixrd_tunnel_t *t = find_tunnel (&ip6_prefix); + if (t) + { + sixrd_delete_tunnel (t->sw_if_index); + } + } done: unformat_free (line_input); @@ -229,151 +568,208 @@ done: return error; } -static clib_error_t * -sixrd_del_domain_command_fn (vlib_main_t *vm, - unformat_input_t *input, - vlib_cli_command_t *cmd) +/* *INDENT-OFF* */ +VLIB_CLI_COMMAND (sixrd_add_del_tunnel_command, static) = { - unformat_input_t _line_input, *line_input = &_line_input; - u32 num_m_args = 0; - u32 sixrd_domain_index; - clib_error_t *error = 0; - - /* Get a line of input. */ - if (! unformat_user(input, unformat_line_input, line_input)) - return 0; - - while (unformat_check_input(line_input) != UNFORMAT_END_OF_INPUT) { - if (unformat(line_input, "index %d", &sixrd_domain_index)) - num_m_args++; - else { - error = clib_error_return(0, "unknown input `%U'", - format_unformat_error, line_input); - goto done; - } - } + .path = "create 6rd tunnel", + .short_help = "create 6rd tunnel ip6-pfx ip4-pfx " + "ip4-src [del]", + .function = sixrd_add_del_tunnel_command_fn, +}; +/* *INDENT-ON* */ - if (num_m_args != 1) { - error = clib_error_return(0, "mandatory argument(s) missing"); - goto done; - } +static void +vl_api_sixrd_add_tunnel_t_handler (vl_api_sixrd_add_tunnel_t * mp) +{ + sixrd_main_t *sm = &sixrd_main; + vl_api_sixrd_add_tunnel_reply_t *rmp; + u32 sixrd_tunnel_index; + + int rv = sixrd_create_tunnel ((ip6_address_t *) & mp->ip6_prefix, + mp->ip6_prefix_len, + (ip4_address_t *) & mp->ip4_prefix, + mp->ip4_prefix_len, + (ip4_address_t *) & mp->ip4_src, + ntohs (mp->mtu), + mp->security_check, ntohl (mp->fib_index), + &sixrd_tunnel_index); + + REPLY_MACRO2 (VL_API_SIXRD_ADD_TUNNEL_REPLY, ( + { + rmp->sw_if_index = + htonl (sixrd_tunnel_index); + })); +} - sixrd_delete_domain(sixrd_domain_index); +static void +vl_api_sixrd_del_tunnel_t_handler (vl_api_sixrd_del_tunnel_t * mp) +{ + sixrd_main_t *sm = &sixrd_main; + vl_api_sixrd_del_tunnel_reply_t *rmp; -done: - unformat_free (line_input); + int rv = sixrd_delete_tunnel (ntohl (mp->sw_if_index)); - return error; + REPLY_MACRO (VL_API_SIXRD_DEL_TUNNEL_REPLY); } -static u8 * -format_sixrd_domain (u8 *s, va_list *args) +/* List of message types that this plugin understands */ + +#define foreach_sixrd_plugin_api_msg \ +_(SIXRD_ADD_TUNNEL, sixrd_add_tunnel) \ +_(SIXRD_DEL_TUNNEL, sixrd_del_tunnel) + +/* *INDENT-OFF* */ +VLIB_PLUGIN_REGISTER() = { + .version = VPP_BUILD_VER, + .description = "IPv6 Rapid Deployment on IPv4 Infrastructure (RFC5969)", +}; +/* *INDENT-ON* */ + +/** + * @brief Set up the API message handling tables. + */ +static clib_error_t * +sixrd_plugin_api_hookup (vlib_main_t * vm) { - sixrd_domain_t *d = va_arg(*args, sixrd_domain_t *); - sixrd_main_t *mm = &sixrd_main; + sixrd_main_t *sm = &sixrd_main; - s = format(s, - "[%d] ip6-pfx %U/%d ip4-pfx %U/%d ip4-src %U mtu %d", - d - mm->domains, - format_ip6_address, &d->ip6_prefix, d->ip6_prefix_len, - format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len, - format_ip4_address, &d->ip4_src, d->mtu); +#define _(N, n) \ + vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), #n, \ + vl_api_##n##_t_handler, vl_noop_handler, \ + vl_api_##n##_t_endian, vl_api_##n##_t_print, \ + sizeof(vl_api_##n##_t), 1); + foreach_sixrd_plugin_api_msg; +#undef _ - return s; + return 0; } -static clib_error_t * -show_sixrd_domain_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) +#define vl_msg_name_crc_list +#include "sixrd_all_api_h.h" +#undef vl_msg_name_crc_list + +static void +setup_message_id_table (sixrd_main_t * sm, api_main_t * am) { - sixrd_main_t *mm = &sixrd_main; - sixrd_domain_t *d; +#define _(id, n, crc) \ + vl_msg_api_add_msg_name_crc(am, #n "_" #crc, id + sm->msg_id_base); + foreach_vl_msg_name_crc_sixrd; +#undef _ +} - if (pool_elts(mm->domains) == 0) - vlib_cli_output(vm, "No SIXRD domains are configured..."); +static void +sixrd_adj_delegate_adj_deleted (adj_delegate_t * aed) +{ + sixrd_adj_delegate_t *sixrd_ad; - pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_sixrd_domain, d);})); + sixrd_ad = sixrd_adj_from_base (aed); - return 0; + fib_entry_child_remove (sixrd_ad->sixrd_fib_entry_index, + sixrd_ad->sixrd_sibling); + fib_table_entry_delete_index (sixrd_ad->sixrd_fib_entry_index, + FIB_SOURCE_RR); + pool_put (sixrd_adj_delegate_pool, sixrd_ad); } -static clib_error_t * -show_sixrd_stats_command_fn (vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd) +static u8 * +sixrd_adj_delegate_format (const adj_delegate_t * aed, u8 * s) { - sixrd_main_t *mm = &sixrd_main; - sixrd_domain_t *d; - int domains = 0, domaincount = 0; - if (pool_elts (mm->domains) == 0) - vlib_cli_output (vm, "No SIXRD domains are configured..."); - - pool_foreach(d, mm->domains, ({ - domains += sizeof(*d); - domaincount++; - })); + const sixrd_adj_delegate_t *sixrd_ad; - vlib_cli_output(vm, "SIXRD domains structure: %d\n", sizeof (sixrd_domain_t)); - vlib_cli_output(vm, "SIXRD domains: %d (%d bytes)\n", domaincount, domains); + sixrd_ad = sixrd_adj_from_const_base (aed); - return 0; + s = format (s, "SIXRD:[fib-entry:%d]", sixrd_ad->sixrd_fib_entry_index); + + return (s); } -/* - * packet trace format function - */ -u8 * -format_sixrd_trace (u8 *s, va_list *args) +static void +sixrd_fib_node_last_lock_gone (fib_node_t * node) +{ + // top of the dependency tree, locks not managed here. +} + +static sixrd_adj_delegate_t * +sixrd_adj_delegate_from_fib_node (fib_node_t * node) +{ + return ((sixrd_adj_delegate_t *) (((char *) node) - + STRUCT_OFFSET_OF (sixrd_adj_delegate_t, + sixrd_node))); +} + +static fib_node_back_walk_rc_t +sixrd_fib_node_back_walk_notify (fib_node_t * node, + fib_node_back_walk_ctx_t * ctx) { - CLIB_UNUSED(vlib_main_t *vm) = va_arg (*args, vlib_main_t *); - CLIB_UNUSED(vlib_node_t *node) = va_arg (*args, vlib_node_t *); - sixrd_trace_t *t = va_arg (*args, sixrd_trace_t *); - u32 sixrd_domain_index = t->sixrd_domain_index; + sixrd_adj_delegate_t *sixrd_ad; - s = format(s, "SIXRD domain index: %d", sixrd_domain_index); + sixrd_ad = sixrd_adj_delegate_from_fib_node (node); - return s; + ip6ip_tunnel_stack (sixrd_ad->adj_index, sixrd_ad->sixrd_fib_entry_index); + + return (FIB_NODE_BACK_WALK_CONTINUE); } -VLIB_CLI_COMMAND(sixrd_add_domain_command, static) = { - .path = "sixrd add domain", - .short_help = - "sixrd add domain ip6-pfx ip4-pfx ip4-src ", - .function = sixrd_add_domain_command_fn, -}; +/** + * Function definition to get a FIB node from its index + */ +static fib_node_t * +sixrd_fib_node_get (fib_node_index_t index) +{ + sixrd_adj_delegate_t *sixrd_ad; -VLIB_CLI_COMMAND(sixrd_del_command, static) = { - .path = "sixrd del domain", - .short_help = - "sixrd del domain index ", - .function = sixrd_del_domain_command_fn, -}; + sixrd_ad = pool_elt_at_index (sixrd_adj_delegate_pool, index); -VLIB_CLI_COMMAND(show_sixrd_domain_command, static) = { - .path = "show sixrd domain", - .function = show_sixrd_domain_command_fn, -}; + return (&sixrd_ad->sixrd_node); +} -VLIB_CLI_COMMAND(show_sixrd_stats_command, static) = { - .path = "show sixrd stats", - .function = show_sixrd_stats_command_fn, +/** + * VFT registered with the adjacency delegate + */ +const static adj_delegate_vft_t sixrd_adj_delegate_vft = { + .adv_adj_deleted = sixrd_adj_delegate_adj_deleted, + .adv_format = sixrd_adj_delegate_format, }; -/* *INDENT-OFF* */ -VLIB_PLUGIN_REGISTER () ={ - .version = VPP_BUILD_VER, - .description = "IPv6 Rapid Deployment on IPv4 Infrastructure (RFC5969)", +/** + * VFT registered with the FIB node for the adj delegate + */ +const static fib_node_vft_t sixrd_fib_node_vft = { + .fnv_get = sixrd_fib_node_get, + .fnv_last_lock = sixrd_fib_node_last_lock_gone, + .fnv_back_walk = sixrd_fib_node_back_walk_notify, }; -/* *INDENT-ON* */ -static clib_error_t * sixrd_init (vlib_main_t * vm) +static clib_error_t * +sixrd_init (vlib_main_t * vm) { - sixrd_main_t *mm = &sixrd_main; + sixrd_main_t *sm = &sixrd_main; + clib_error_t *error = 0; + u8 *name; + + name = format (0, "sixrd_%08x%c", api_version, 0); + + sm->msg_id_base = + vl_msg_api_get_msg_ids ((char *) name, VL_MSG_FIRST_AVAILABLE); + vec_free (name); + error = sixrd_plugin_api_hookup (vm); - mm->vnet_main = vnet_get_main(); - mm->vlib_main = vm; + setup_message_id_table (sm, &api_main); - sixrd_dpo_module_init (); + sixrd_adj_delegate_type = + adj_delegate_register_new_type (&sixrd_adj_delegate_vft); + sixrd_fib_node_type = fib_node_register_new_type (&sixrd_fib_node_vft); - return (NULL); + return error; } VLIB_INIT_FUNCTION (sixrd_init); + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/plugins/sixrd/sixrd.h b/src/plugins/sixrd/sixrd.h index f911461b1cd..f443c039a13 100644 --- a/src/plugins/sixrd/sixrd.h +++ b/src/plugins/sixrd/sixrd.h @@ -14,20 +14,19 @@ *--------------------------------------------------------------------------- */ #include -#include -#include -#include #include +#include +#include +#include -#include "sixrd_dpo.h" - -int sixrd_create_domain(ip6_address_t *ip6_prefix, u8 ip6_prefix_len, - ip4_address_t *ip4_prefix, u8 ip4_prefix_len, - ip4_address_t *ip4_src, u32 *sixrd_domain_index, u16 mtu); -int sixrd_delete_domain(u32 sixrd_domain_index); -u8 *format_sixrd_trace(u8 *s, va_list *args); +#define SIXRD_DEFAULT_MTU 1480 /* 1500 - IPv4 header */ -typedef struct { +typedef struct +{ + u32 fib_index; + u32 hw_if_index; + u32 sw_if_index; + u32 tunnel_index; ip6_address_t ip6_prefix; ip4_address_t ip4_prefix; ip4_address_t ip4_src; @@ -38,46 +37,35 @@ typedef struct { u8 shift; u16 mtu; -} sixrd_domain_t; + bool security_check; +} sixrd_tunnel_t; + +typedef struct +{ + u16 msg_id_base; -typedef struct { /* pool of SIXRD domains */ - sixrd_domain_t *domains; + sixrd_tunnel_t *tunnels; + u32 *tunnel_index_by_sw_if_index; + uword *tunnel_by_ip; - /* convenience */ - vlib_main_t *vlib_main; - vnet_main_t *vnet_main; } sixrd_main_t; -#define foreach_sixrd_error \ - /* Must be first. */ \ - _(NONE, "valid SIXRD packets") \ - _(BAD_PROTOCOL, "bad protocol") \ - _(WRONG_ICMP_TYPE, "wrong icmp type") \ - _(SEC_CHECK, "security check failed") \ - _(ICMP, "unable to translate ICMP") \ - _(UNKNOWN, "unknown") \ - _(NO_DOMAIN, "no domain") \ - _(ENCAPSULATED, "encapsulated") \ - _(DECAPSULATED, "decapsulated") \ - _(TRANSLATED_4TO6, "translated 4 to 6") \ - _(TRANSLATED_6TO4, "translated 6 to 4") \ - _(FRAGMENT, "fragment handling error") \ - _(FRAGMENT_QUEUED, "dropped, missing first fragment") \ - _(FRAGMENTED, "packets requiring fragmentation") \ - _(FRAGMENT_PARTS, "fragment parts") \ - _(MALFORMED, "malformed packet") - -typedef enum { -#define _(sym,str) SIXRD_ERROR_##sym, - foreach_sixrd_error -#undef _ - SIXRD_N_ERROR, - } sixrd_error_t; +#define foreach_sixrd_error \ + /* Must be first. */ \ + _(NONE, "valid SIXRD packets") \ + _(BAD_PROTOCOL, "bad protocol") \ + _(SEC_CHECK, "security check failed") \ + _(NO_TUNNEL, "no tunnel") -typedef struct { - u32 sixrd_domain_index; -} sixrd_trace_t; + +typedef enum +{ +#define _(sym, str) SIXRD_ERROR_##sym, + foreach_sixrd_error +#undef _ + SIXRD_N_ERROR, +} sixrd_error_t; extern sixrd_main_t sixrd_main; @@ -85,57 +73,51 @@ extern sixrd_main_t sixrd_main; * sixrd_get_addr */ static_always_inline u32 -sixrd_get_addr (sixrd_domain_t *d, u64 dal) +sixrd_get_addr_net (const sixrd_tunnel_t * t, u64 dal) { - /* 1:1 mode */ - if (d->ip4_prefix_len == 32) return (d->ip4_prefix.as_u32); - - /* Grab 32 - ip4_prefix_len bits out of IPv6 address from offset ip6_prefix_len */ - return (d->ip4_prefix.as_u32 | (u32)(dal >> d->shift)); + if (t->ip4_prefix_len == 32) + return (t->ip4_prefix.as_u32); + + dal = clib_net_to_host_u64 (dal); + + /* Grab 32 - ip4_prefix_len bits out of IPv6 address from offset + * ip6_prefix_len */ + u32 mask = ~(~0ULL << (32 - t->ip4_prefix_len)); + u32 ip4 = + clib_net_to_host_u32 (t-> + ip4_prefix.as_u32) | ((u32) (dal >> t-> + shift) & mask); + return clib_host_to_net_u32 (ip4); } -/* - * Get the SIXRD domain from an IPv6 lookup adjacency. - */ -static_always_inline sixrd_domain_t * -ip6_sixrd_get_domain (u32 sdi, u32 *sixrd_domain_index) +static_always_inline sixrd_tunnel_t * +find_tunnel_by_ip4_address (ip4_address_t * ip) { - sixrd_main_t *mm = &sixrd_main; - sixrd_dpo_t *sd; - - sd = sixrd_dpo_get(sdi); - - ASSERT(sd); - *sixrd_domain_index = sd->sd_domain; - return pool_elt_at_index(mm->domains, *sixrd_domain_index); + sixrd_main_t *sm = &sixrd_main; + uword *p; + p = hash_get (sm->tunnel_by_ip, ip->as_u32); + if (!p) + return NULL; + return pool_elt_at_index (sm->tunnels, p[0]); } -/* - * Get the SIXRD domain from an IPv4 lookup adjacency. - * If the IPv4 address is not shared, no lookup is required. - * The IPv6 address is used otherwise. - */ -static_always_inline sixrd_domain_t * -ip4_sixrd_get_domain (u32 sdi, ip6_address_t *addr, - u32 *sixrd_domain_index, u8 *error) +static_always_inline sixrd_tunnel_t * +ip4_sixrd_get_tunnel (u32 sdi, ip4_address_t * addr, u8 * error) { - sixrd_main_t *mm = &sixrd_main; - sixrd_dpo_t *sd; - - sd = sixrd_dpo_get(sdi); - *sixrd_domain_index = sd->sd_domain; - if (*sixrd_domain_index != ~0) - return pool_elt_at_index(mm->domains, *sixrd_domain_index); - - u32 lbi = ip6_fib_table_fwding_lookup(&ip6_main, 0, addr); - const dpo_id_t *dpo = load_balance_get_bucket(lbi, 0); - if (PREDICT_TRUE(dpo->dpoi_type == sixrd_dpo_type)) + sixrd_tunnel_t *t = find_tunnel_by_ip4_address (addr); + if (!t) { - sd = sixrd_dpo_get(dpo->dpoi_index); - *sixrd_domain_index = sd->sd_domain; - return pool_elt_at_index(mm->domains, *sixrd_domain_index); + *error = SIXRD_ERROR_NO_TUNNEL; + return NULL; } - *error = SIXRD_ERROR_NO_DOMAIN; - return NULL; + return t; } + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/plugins/sixrd/sixrd_all_api_h.h b/src/plugins/sixrd/sixrd_all_api_h.h new file mode 100644 index 00000000000..21111c28b95 --- /dev/null +++ b/src/plugins/sixrd/sixrd_all_api_h.h @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* Include the generated file, see BUILT_SOURCES in Makefile.am */ +#include diff --git a/src/plugins/sixrd/sixrd_dpo.c b/src/plugins/sixrd/sixrd_dpo.c deleted file mode 100644 index 88a079350a3..00000000000 --- a/src/plugins/sixrd/sixrd_dpo.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sixrd_dpo.h" -#include - -/** - * pool of all MPLS Label DPOs - */ -sixrd_dpo_t *sixrd_dpo_pool; - -/** - * The register SIXRD DPO type - */ -dpo_type_t sixrd_dpo_type; - -static sixrd_dpo_t * -sixrd_dpo_alloc (void) -{ - sixrd_dpo_t *sd; - - pool_get_aligned(sixrd_dpo_pool, sd, CLIB_CACHE_LINE_BYTES); - memset(sd, 0, sizeof(*sd)); - - return (sd); -} - -static index_t -sixrd_dpo_get_index (sixrd_dpo_t *sd) -{ - return (sd - sixrd_dpo_pool); -} - -void -sixrd_dpo_create (dpo_proto_t dproto, - u32 domain_index, - dpo_id_t *dpo) -{ - sixrd_dpo_t *sd; - - sd = sixrd_dpo_alloc(); - sd->sd_domain = domain_index; - sd->sd_proto = dproto; - - dpo_set(dpo, - sixrd_dpo_type, - dproto, - sixrd_dpo_get_index(sd)); -} - -u8* -format_sixrd_dpo (u8 *s, va_list *args) -{ - index_t index = va_arg (*args, index_t); - CLIB_UNUSED(u32 indent) = va_arg (*args, u32); - sixrd_dpo_t *sd; - - sd = sixrd_dpo_get(index); - - return (format(s, "sixrd:[%d]:%U domain:%d", - index, - format_dpo_proto, sd->sd_proto, - sd->sd_domain)); -} - - -static void -sixrd_dpo_lock (dpo_id_t *dpo) -{ - sixrd_dpo_t *sd; - - sd = sixrd_dpo_get(dpo->dpoi_index); - - sd->sd_locks++; -} - -static void -sixrd_dpo_unlock (dpo_id_t *dpo) -{ - sixrd_dpo_t *sd; - - sd = sixrd_dpo_get(dpo->dpoi_index); - - sd->sd_locks--; - - if (0 == sd->sd_locks) - { - pool_put(sixrd_dpo_pool, sd); - } -} - -const static dpo_vft_t sd_vft = { - .dv_lock = sixrd_dpo_lock, - .dv_unlock = sixrd_dpo_unlock, - .dv_format = format_sixrd_dpo, -}; - -const static char* const sixrd_ip4_nodes[] = -{ - "ip4-sixrd", - NULL, -}; -const static char* const sixrd_ip6_nodes[] = -{ - "ip6-sixrd", - NULL, -}; - -const static char* const * const sixrd_nodes[DPO_PROTO_NUM] = -{ - [DPO_PROTO_IP4] = sixrd_ip4_nodes, - [DPO_PROTO_IP6] = sixrd_ip6_nodes, - [DPO_PROTO_MPLS] = NULL, -}; - -void -sixrd_dpo_module_init (void) -{ - sixrd_dpo_type = dpo_register_new_type(&sd_vft, sixrd_nodes); -} diff --git a/src/plugins/sixrd/sixrd_dpo.h b/src/plugins/sixrd/sixrd_dpo.h deleted file mode 100644 index 17142288451..00000000000 --- a/src/plugins/sixrd/sixrd_dpo.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __SIXRD_DPO_H__ -#define __SIXRD_DPO_H__ - -#include -#include - -/** - * A representation of a 6RD DPO - */ -typedef struct sixrd_dpo_t -{ - /** - * The dat-plane protocol - */ - dpo_proto_t sd_proto; - - /** - * the SIXRD domain index - */ - u32 sd_domain; - - /** - * Number of locks/users of the label - */ - u16 sd_locks; -} sixrd_dpo_t; - -extern void sixrd_dpo_create (dpo_proto_t dproto, - u32 domain_index, - dpo_id_t *dpo); - -/* - * Encapsulation violation for fast data-path access - */ -extern sixrd_dpo_t *sixrd_dpo_pool; -extern dpo_type_t sixrd_dpo_type; - -static inline sixrd_dpo_t * -sixrd_dpo_get (index_t index) -{ - return (pool_elt_at_index(sixrd_dpo_pool, index)); -} - -extern void sixrd_dpo_module_init(void); - -#endif diff --git a/src/plugins/sixrd/sixrd_msg_enum.h b/src/plugins/sixrd/sixrd_msg_enum.h new file mode 100644 index 00000000000..46528c198b3 --- /dev/null +++ b/src/plugins/sixrd/sixrd_msg_enum.h @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef included_sixrd_msg_enum_h +#define included_sixrd_msg_enum_h + +#include + +#define vl_msg_id(n,h) n, +typedef enum { +#include + /* We'll want to know how many messages IDs we need... */ + VL_MSG_FIRST_AVAILABLE, +} vl_msg_id_t; +#undef vl_msg_id + +#endif diff --git a/src/vnet/adj/adj_delegate.h b/src/vnet/adj/adj_delegate.h index c47380012f1..13bf911c5a6 100644 --- a/src/vnet/adj/adj_delegate.h +++ b/src/vnet/adj/adj_delegate.h @@ -99,7 +99,6 @@ extern int adj_delegate_add(ip_adjacency_t *adj, adj_delegate_type_t fdt, index_t adi); - /** * @brief Get a delegate from an adjacency * diff --git a/src/vnet/adj/adj_glean.c b/src/vnet/adj/adj_glean.c index 82d0a46eb1f..7de8e397737 100644 --- a/src/vnet/adj/adj_glean.c +++ b/src/vnet/adj/adj_glean.c @@ -48,6 +48,7 @@ adj_get_glean_node (fib_protocol_t proto) */ adj_index_t adj_glean_add_or_lock (fib_protocol_t proto, + vnet_link_t linkt, u32 sw_if_index, const ip46_address_t *nh_addr) { @@ -61,15 +62,23 @@ adj_glean_add_or_lock (fib_protocol_t proto, adj->lookup_next_index = IP_LOOKUP_NEXT_GLEAN; adj->ia_nh_proto = proto; + adj->ia_link = linkt; adj_gleans[proto][sw_if_index] = adj_get_index(adj); if (NULL != nh_addr) { adj->sub_type.glean.receive_addr = *nh_addr; } + else + { + adj->sub_type.glean.receive_addr = zero_addr; + } adj->rewrite_header.sw_if_index = sw_if_index; adj->rewrite_header.data_bytes = 0; + adj->rewrite_header.max_l3_packet_bytes = + vnet_sw_interface_get_mtu(vnet_get_main(), sw_if_index, VLIB_TX); + adj_lock(adj_get_index(adj)); vnet_update_adjacency_for_sw_interface(vnet_get_main(), diff --git a/src/vnet/adj/adj_glean.h b/src/vnet/adj/adj_glean.h index 47cddfbed2b..3ffbe36b51c 100644 --- a/src/vnet/adj/adj_glean.h +++ b/src/vnet/adj/adj_glean.h @@ -44,6 +44,7 @@ * as the source address in packets when the ARP/ND packet is sent */ extern adj_index_t adj_glean_add_or_lock(fib_protocol_t proto, + vnet_link_t linkt, u32 sw_if_index, const ip46_address_t *nh_addr); diff --git a/src/vnet/adj/rewrite.c b/src/vnet/adj/rewrite.c index c21495a9644..f4b26a9d0dd 100644 --- a/src/vnet/adj/rewrite.c +++ b/src/vnet/adj/rewrite.c @@ -82,6 +82,8 @@ format_vnet_rewrite (u8 * s, va_list * args) s = format (s, "DELETED:%d", rw->sw_if_index); } + s = format (s, " mtu:%d", rw->max_l3_packet_bytes); + /* Format rewrite string. */ if (rw->data_bytes > 0) s = format (s, " %U", diff --git a/src/vnet/fib/fib_entry.h b/src/vnet/fib/fib_entry.h index 273a5e66b15..d905a839c48 100644 --- a/src/vnet/fib/fib_entry.h +++ b/src/vnet/fib/fib_entry.h @@ -80,10 +80,6 @@ typedef enum fib_source_t_ { * IPv[46] Mapping */ FIB_SOURCE_MAP, - /** - * SIXRD - */ - FIB_SOURCE_SIXRD, /** * DHCP */ @@ -151,7 +147,6 @@ STATIC_ASSERT (sizeof(fib_source_t) == 1, [FIB_SOURCE_ADJ] = "adjacency", \ [FIB_SOURCE_MAP] = "MAP", \ [FIB_SOURCE_SR] = "SR", \ - [FIB_SOURCE_SIXRD] = "SixRD", \ [FIB_SOURCE_LISP] = "LISP", \ [FIB_SOURCE_CLASSIFY] = "classify", \ [FIB_SOURCE_DHCP] = "DHCP", \ diff --git a/src/vnet/fib/fib_entry_src_special.c b/src/vnet/fib/fib_entry_src_special.c index a2493bb5be9..a2899161c8f 100644 --- a/src/vnet/fib/fib_entry_src_special.c +++ b/src/vnet/fib/fib_entry_src_special.c @@ -64,7 +64,6 @@ fib_entry_src_special_register (void) { fib_entry_src_register(FIB_SOURCE_SPECIAL, &special_src_vft); fib_entry_src_register(FIB_SOURCE_MAP, &special_src_vft); - fib_entry_src_register(FIB_SOURCE_SIXRD, &special_src_vft); fib_entry_src_register(FIB_SOURCE_CLASSIFY, &special_src_vft); fib_entry_src_register(FIB_SOURCE_AE, &special_src_vft); fib_entry_src_register(FIB_SOURCE_PROXY, &special_src_vft); diff --git a/src/vnet/fib/fib_path.c b/src/vnet/fib/fib_path.c index ffb7ad228f1..b4f9971f52e 100644 --- a/src/vnet/fib/fib_path.c +++ b/src/vnet/fib/fib_path.c @@ -707,6 +707,7 @@ fib_path_attached_get_adj (fib_path_t *path, else { return (adj_glean_add_or_lock(dpo_proto_to_fib(path->fp_nh_proto), + link, path->attached.fp_interface, NULL)); } diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c index b9875d72b8e..6b7eb9c0f30 100644 --- a/src/vnet/ip/ip4_forward.c +++ b/src/vnet/ip/ip4_forward.c @@ -1923,7 +1923,8 @@ ip4_probe_neighbor (vlib_main_t * vm, ip4_address_t * dst, u32 sw_if_index) if (adj->lookup_next_index == IP_LOOKUP_NEXT_REWRITE) { adj_unlock (ai); - ai = adj_glean_add_or_lock (FIB_PROTOCOL_IP4, sw_if_index, &nh); + ai = adj_glean_add_or_lock (FIB_PROTOCOL_IP4, + VNET_LINK_IP4, sw_if_index, &nh); adj = adj_get (ai); } diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index 4fd7129e408..30b717f5545 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -1744,7 +1744,8 @@ ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index) if (adj->lookup_next_index == IP_LOOKUP_NEXT_REWRITE) { adj_unlock (ai); - ai = adj_glean_add_or_lock (FIB_PROTOCOL_IP6, sw_if_index, &nh); + ai = adj_glean_add_or_lock (FIB_PROTOCOL_IP6, + VNET_LINK_IP6, sw_if_index, &nh); adj = adj_get (ai); } diff --git a/test/Makefile b/test/Makefile index 712dab07bde..b8826f6a88f 100644 --- a/test/Makefile +++ b/test/Makefile @@ -54,7 +54,7 @@ PYTHON_EXTRA_DEPENDS= endif PYTHON_VENV_PATH=$(VPP_PYTHON_PREFIX)/virtualenv -PYTHON_DEPENDS=$(PYTHON_EXTRA_DEPENDS) faulthandler six scapy==2.3.3 pexpect pycrypto subprocess32 cffi git+https://github.com/klement/py-lispnetworking@setup +PYTHON_DEPENDS=$(PYTHON_EXTRA_DEPENDS) faulthandler six scapy==2.3.3 pexpect pycrypto subprocess32 cffi git+https://github.com/klement/py-lispnetworking@setup py2-ipaddress SCAPY_SOURCE=$(shell find $(PYTHON_VENV_PATH) -name site-packages) BUILD_COV_DIR=$(BR)/test-cov diff --git a/test/test_sixrd.py b/test/test_sixrd.py new file mode 100644 index 00000000000..32ebdf4cca0 --- /dev/null +++ b/test/test_sixrd.py @@ -0,0 +1,289 @@ +# +# 6RD RFC5969 functional tests +# + +import unittest +from scapy.layers.inet import IP, UDP, ICMP +from scapy.layers.inet6 import IPv6 +from scapy.layers.l2 import Ether, GRE +from scapy.packet import Raw + +from framework import VppTestCase +from vpp_ip_route import VppIpRoute, VppRoutePath, DpoProto +from util import ppp +from ipaddress import * + +""" Test6rd is a subclass of VPPTestCase classes. + +6RD tests. + +""" + + +class Test6RD(VppTestCase): + """ 6RD Test Case """ + + @classmethod + def setUpClass(cls): + super(Test6RD, cls).setUpClass() + try: + cls.create_pg_interfaces(range(2)) + cls.interfaces = list(cls.pg_interfaces) + except Exception: + super(Test6RD, cls).tearDownClass() + raise + + def setUp(cls): + super(Test6RD, cls).setUp() + try: + for i in cls.interfaces: + i.admin_up() + i.config_ip4() + i.config_ip6() + i.disable_ipv6_ra() + i.resolve_arp() + i.resolve_ndp() + except Exception: + super(Test6RD, cls).tearDown() + raise + + def tearDown(self): + super(Test6RD, self).tearDown() + if not self.vpp_dead: + self.vapi.cli("show hardware") + for i in self.pg_interfaces: + i.unconfig_ip4() + i.unconfig_ip6() + i.admin_down() + if type(self.tunnel_index) is list: + for sw_if_index in self.tunnel_index: + self.vapi.sixrd_del_tunnel(sw_if_index) + else: + self.vapi.sixrd_del_tunnel(self.tunnel_index) + self.vapi.cli("show error") + + def validate_6in4(self, rx, expected): + if IP not in rx: + self.fail() + if IPv6 not in rx: + self.fail() + + self.assertEqual(rx[IP].src, expected[IP].src) + self.assertEqual(rx[IP].dst, expected[IP].dst) + self.assertEqual(rx[IP].proto, expected[IP].proto) + self.assertEqual(rx[IPv6].src, expected[IPv6].src) + self.assertEqual(rx[IPv6].dst, expected[IPv6].dst) + + def validate_4in6(self, rx, expected): + if IPv6 not in rx: + self.fail() + if IP in rx: + self.fail() + + self.assertTrue(rx[IPv6].src == expected[IPv6].src) + self.assertTrue(rx[IPv6].dst == expected[IPv6].dst) + self.assertTrue(rx[IPv6].nh == expected[IPv6].nh) + + def payload(self, len): + return 'x' * len + + def test_6rd_ip6_to_ip4(self): + """ ip6 -> ip4 (encap) 6rd test """ + p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + p_ip6 = IPv6(src="1::1", dst="2002:AC10:0202::1", nh='UDP') + + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2002::').packed), 16, + str(ip_address('0.0.0.0').packed), 0, + str(ip_address(self.pg0.local_ip4).packed), 0, True) + + self.assertEqual(rv.retval, 0) + self.tunnel_index = rv.sw_if_index + self.vapi.cli("show ip6 fib") + p_payload = UDP(sport=1234, dport=1234) + p = (p_ether / p_ip6 / p_payload) + + p_reply = (IP(src=self.pg0.local_ip4, dst=self.pg1.remote_ip4, + proto='ipv6') / p_ip6) + + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_6in4(p, p_reply) + + # MTU tests (default is 1480) + plen = 1481 - 40 - 8 + p_ip6 = IPv6(src="1::1", dst="2002:AC10:0202::1") + p_payload = UDP(sport=1234, dport=1234) / Raw(self.payload(plen)) + p = (p_ether / p_ip6 / p_payload) + + p_reply = (IP(src=self.pg0.local_ip4, dst=self.pg1.remote_ip4, + proto='ipv6') / p_ip6) + + rx = self.send_and_assert_no_replies(self.pg0, p*10) + + def test_6rd_ip4_to_ip6(self): + """ ip4 -> ip6 (decap) 6rd test """ + + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2002::').packed), + 16, str(ip_address('0.0.0.0').packed), + 0, str(ip_address(self.pg0.local_ip4).packed), 0, True) + self.assertEqual(rv.retval, 0) + self.tunnel_index = rv.sw_if_index + self.vapi.cli("show ip6 fib") + p_ip6 = (IPv6(src="2002:AC10:0202::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + + p = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4) / + p_ip6) + + p_reply = p_ip6 + + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_4in6(p, p_reply) + + def test_6rd_ip4_to_ip6_multiple(self): + """ ip4 -> ip6 (decap) 6rd test """ + + self.tunnel_index = [] + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2002::').packed), + 16, str(ip_address('0.0.0.0').packed), + 0, str(ip_address(self.pg0.local_ip4).packed), 0, True) + self.assertEqual(rv.retval, 0) + self.tunnel_index.append(rv.sw_if_index) + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2003::').packed), + 16, str(ip_address('0.0.0.0').packed), + 0, str(ip_address(self.pg1.local_ip4).packed), 0, True) + self.assertEqual(rv.retval, 0) + + self.tunnel_index.append(rv.sw_if_index) + + self.vapi.cli("show ip6 fib") + p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4) + p_ip6_1 = (IPv6(src="2002:AC10:0202::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + p_ip6_2 = (IPv6(src="2003:AC10:0202::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + + p = (p_ether / p_ip4 / p_ip6_1) + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_4in6(p, p_ip6_1) + + p = (p_ether / p_ip4 / p_ip6_2) + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_4in6(p, p_ip6_2) + + def test_6rd_ip4_to_ip6_suffix(self): + """ ip4 -> ip6 (decap) 6rd test """ + + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2002::').packed), 16, + str(ip_address('172.0.0.0').packed), 8, + str(ip_address(self.pg0.local_ip4).packed), 0, True) + self.assertEqual(rv.retval, 0) + + self.tunnel_index = rv.sw_if_index + + self.vapi.cli("show ip6 fib") + p_ether = Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) + p_ip4 = IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4) + p_ip6 = (IPv6(src="2002:1002:0200::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + + p = (p_ether / p_ip4 / p_ip6) + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_4in6(p, p_ip6) + + def test_6rd_ip4_to_ip6_sec_check(self): + """ ip4 -> ip6 (decap) security check 6rd test """ + + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2002::').packed), + 16, str(ip_address('0.0.0.0').packed), + 0, str(ip_address(self.pg0.local_ip4).packed), 0, True) + self.assertEqual(rv.retval, 0) + self.tunnel_index = rv.sw_if_index + self.vapi.cli("show ip6 fib") + p_ip6 = (IPv6(src="2002:AC10:0202::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + p_ip6_fail = (IPv6(src="2002:DEAD:0202::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + + p = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4) / + p_ip6) + + p_reply = p_ip6 + + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_4in6(p, p_reply) + + p = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(src=self.pg1.remote_ip4, dst=self.pg0.local_ip4) / + p_ip6_fail) + rx = self.send_and_assert_no_replies(self.pg0, p*10) + + def test_6rd_bgp_tunnel(self): + """ 6rd BGP tunnel """ + + rv = self.vapi.sixrd_add_tunnel( + 0, str(ip_address('2002::').packed), + 16, str(ip_address('0.0.0.0').packed), + 0, str(ip_address(self.pg0.local_ip4).packed), 0, False) + self.assertEqual(rv.retval, 0) + self.tunnel_index = rv.sw_if_index + + default_route = VppIpRoute( + self, "DEAD::", 16, [VppRoutePath("2002:0808:0808::", + self.tunnel_index, + proto=DpoProto.DPO_PROTO_IP6)], + is_ip6=1) + default_route.add_vpp_config() + + ip4_route = VppIpRoute(self, "8.0.0.0", 8, + [VppRoutePath(self.pg1.remote_ip4, 0xFFFFFFFF)]) + ip4_route.add_vpp_config() + + # Via recursive route 6 -> 4 + p = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IPv6(src="1::1", dst="DEAD:BEEF::1") / + UDP(sport=1234, dport=1234)) + + p_reply = (IP(src=self.pg0.local_ip4, dst="8.8.8.8", + proto='ipv6') / + IPv6(src='1::1', dst='DEAD:BEEF::1', nh='UDP')) + + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_6in4(p, p_reply) + + # Via recursive route 4 -> 6 (Security check must be disabled) + p_ip6 = (IPv6(src="DEAD:BEEF::1", dst=self.pg1.remote_ip6) / + UDP(sport=1234, dport=1234)) + p = (Ether(src=self.pg0.remote_mac, + dst=self.pg0.local_mac) / + IP(src="8.8.8.8", dst=self.pg0.local_ip4) / + p_ip6) + + p_reply = p_ip6 + + rx = self.send_and_expect(self.pg0, p*10, self.pg1) + for p in rx: + self.validate_4in6(p, p_reply) + + +if __name__ == '__main__': + unittest.main(testRunner=VppTestRunner) diff --git a/test/vpp_papi_provider.py b/test/vpp_papi_provider.py index 8e53333b624..99e320bfe60 100644 --- a/test/vpp_papi_provider.py +++ b/test/vpp_papi_provider.py @@ -3210,3 +3210,22 @@ class VppPapiProvider(object): def gbp_contract_dump(self): """ GBP contract Dump """ return self.api(self.papi.gbp_contract_dump, {}) + + def sixrd_add_tunnel(self, fib_index, ip6_prefix, ip6_prefix_len, + ip4_prefix, ip4_prefix_len, ip4_src, mtu, + security_check): + """ 6RD tunnel Add """ + return self.api(self.papi.sixrd_add_tunnel, + {'fib_index': fib_index, + 'ip6_prefix': ip6_prefix, + 'ip6_prefix_len': ip6_prefix_len, + 'ip4_prefix': ip4_prefix, + 'ip4_prefix_len': ip4_prefix_len, + 'ip4_src': ip4_src, + 'mtu': mtu, + 'security_check': security_check}) + + def sixrd_del_tunnel(self, sw_if_index): + """ 6RD tunnel Delete """ + return self.api(self.papi.sixrd_del_tunnel, + {'sw_if_index': sw_if_index}) -- 2.16.6