diff options
author | Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-07-28 13:19:09 +0530 |
---|---|---|
committer | Anand B Jyoti <anand.b.jyoti@intel.com> | 2017-09-27 03:29:29 +0530 |
commit | 2f85c34421d730cf990e6a03be8c4b40be7e144d (patch) | |
tree | f4779fc51124d2b94d20af724be71a81037c5390 /VNFs/vFW | |
parent | 3ec896179c547d54a18b40494a2871d7e328c0bf (diff) |
vFW: changes for gateway packet forwarding
JIRA: SAMPLEVNF-59
Changes to support gateway packet forwarding to vFW.
Change-Id: Ie9164b092f6864cfcdb02e7b325c4e8796a7e422
Signed-off-by: Anand B Jyoti <anand.b.jyoti@intel.com>
Diffstat (limited to 'VNFs/vFW')
-rw-r--r-- | VNFs/vFW/Makefile | 4 | ||||
-rw-r--r-- | VNFs/vFW/config/VFW_HWLB_MultiPortPair_script.tc | 23 | ||||
-rw-r--r-- | VNFs/vFW/config/VFW_HWLB_SinglePortPair_script.tc | 12 | ||||
-rw-r--r-- | VNFs/vFW/config/VFW_SWLB_MultiPortPair_script.tc | 22 | ||||
-rw-r--r-- | VNFs/vFW/config/VFW_SWLB_SinglePortPair_script.tc | 20 | ||||
-rw-r--r-- | VNFs/vFW/pipeline/pipeline_vfw_be.c | 448 |
6 files changed, 296 insertions, 233 deletions
diff --git a/VNFs/vFW/Makefile b/VNFs/vFW/Makefile index c96246b9..1e79646d 100644 --- a/VNFs/vFW/Makefile +++ b/VNFs/vFW/Makefile @@ -41,6 +41,7 @@ VPATH += $(SRCDIR)/pipeline VPATH += $(VNF_CORE)/common/VIL/pipeline_txrx VPATH += $(VNF_CORE)/common/VIL/acl VPATH += $(VNF_CORE)/common/VIL/l2l3_stack +VPATH += $(VNF_CORE)/common/VIL/gateway INC += $(wildcard *.h) INC += $(wildcard pipeline/*.h) @@ -54,6 +55,7 @@ INC += $(wildcard $(VNF_CORE)/common/VIL/pipeline_master/*.h) INC += $(wildcard $(VNF_CORE)/common/VIL/pipeline_passthrough/*.h) INC += $(wildcard $(VNF_CORE)/common/VIL/pipeline_txrx/*.h) INC += $(wildcard $(VNF_CORE)/common/VIL/acl/*.h) +INC += $(wildcard $(VNF_CORE)/common/VIL/gateway/*.h) CFLAGS += -I$(SRCDIR) -mrtm -mhle -I$(SRCDIR)/pipeline -I$(VNF_CORE)/common/vnf_common CFLAGS += -I$(VNF_CORE)/common/VIL/conntrack -I$(VNF_CORE)/common/VIL/l2l3_stack @@ -62,6 +64,7 @@ CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_master -I$(VNF_CORE)/common/VIL/pipe CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_txrx CFLAGS += -I$(VNF_CORE)/common/VIL/acl CFLAGS += -I$(VNF_CORE)/common/VIL/pipeline_arpicmp +CFLAGS += -I$(VNF_CORE)/common/VIL/gateway # all source are stored in SRCS-y SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) := main.c @@ -104,6 +107,7 @@ SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_arpicmp_be.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_txrx.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += pipeline_txrx_be.c SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += lib_acl.c +SRCS-$(CONFIG_RTE_LIBRTE_PIPELINE) += gateway.c CFLAGS += -O3 diff --git a/VNFs/vFW/config/VFW_HWLB_MultiPortPair_script.tc b/VNFs/vFW/config/VFW_HWLB_MultiPortPair_script.tc index 46355bee..b27c66fa 100644 --- a/VNFs/vFW/config/VFW_HWLB_MultiPortPair_script.tc +++ b/VNFs/vFW/config/VFW_HWLB_MultiPortPair_script.tc @@ -32,18 +32,17 @@ link 3 config 172.16.40.10 8 ;link 3 config 2016:0000:0000:0000:6a05:caff:fe30:2071 64 link 3 up -; routeadd <port #> <ipv4 nhip address in decimal> <Mask> -routeadd 0 203.16.100.20 0xff000000 -routeadd 1 202.16.100.20 0xff000000 -routeadd 2 173.16.40.20 0xff000000 -routeadd 3 172.16.40.20 0xff000000 - -;routeadd <port #> <ipv6 nhip address in hex> <Depth> -;routeadd 0 fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 -;routeadd 1 fec1:0000:0000:0000:6a05:caff:fe30:21a0 64 -;routeadd 2 2012:0000:0000:0000:6a05:caff:fe30:2071 64 -;routeadd 3 2016:0000:0000:0000:6a05:caff:fe30:2071 64 - +; routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> +routeadd net 0 203.16.100.20 0xff000000 +routeadd net 1 202.16.100.20 0xff000000 +routeadd net 2 173.16.40.20 0xff000000 +routeadd net 3 172.16.40.20 0xff000000 + +;routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> +;routeadd net 0 fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 +;routeadd net 1 fec1:0000:0000:0000:6a05:caff:fe30:21a0 64 +;routeadd net 2 2012:0000:0000:0000:6a05:caff:fe30:2071 64 +;routeadd net 3 2016:0000:0000:0000:6a05:caff:fe30:2071 64 ; IPv4 Static ARP ;p 1 arpadd 0 203.16.100.20 00:00:00:00:00:01 diff --git a/VNFs/vFW/config/VFW_HWLB_SinglePortPair_script.tc b/VNFs/vFW/config/VFW_HWLB_SinglePortPair_script.tc index f20796ac..35bb519d 100644 --- a/VNFs/vFW/config/VFW_HWLB_SinglePortPair_script.tc +++ b/VNFs/vFW/config/VFW_HWLB_SinglePortPair_script.tc @@ -22,13 +22,13 @@ link 1 config 172.16.40.10 8 ;link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 link 1 up -; routeadd <port #> <ipv4 nhip address in decimal> <Mask> -routeadd 0 202.16.100.20 0xff000000 -routeadd 1 172.16.40.20 0xff000000 +; routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> +routeadd net 0 202.16.100.20 0xff000000 +routeadd net 1 172.16.40.20 0xff000000 -;routeadd <port #> <ipv6 nhip address in hex> <Depth> -;routeadd 0 fec0::6a05:caff:fe30:21b0 64 -;routeadd 1 2012::6a05:caff:fe30:2081 64 +;routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> +;routeadd net 0 fec0::6a05:caff:fe30:21b0 64 +;routeadd net 1 2012::6a05:caff:fe30:2081 64 ; IPv4 static ARP ;p 1 arpadd 1 172.16.40.20 00:00:00:00:00:04 diff --git a/VNFs/vFW/config/VFW_SWLB_MultiPortPair_script.tc b/VNFs/vFW/config/VFW_SWLB_MultiPortPair_script.tc index 392320e3..ff502e55 100644 --- a/VNFs/vFW/config/VFW_SWLB_MultiPortPair_script.tc +++ b/VNFs/vFW/config/VFW_SWLB_MultiPortPair_script.tc @@ -32,17 +32,17 @@ link 3 config 172.16.40.10 8 ;link 3 config 2016:0000:0000:0000:6a05:caff:fe30:2071 64 link 3 up -; routeadd <port #> <ipv4 nhip address in decimal> <Mask> -routeadd 0 203.16.100.20 0xff000000 -routeadd 1 202.16.100.20 0xff000000 -routeadd 2 173.16.40.20 0xff000000 -routeadd 3 172.16.40.20 0xff000000 - -;routeadd <port #> <ipv6 nhip address in hex> <Depth> -;routeadd 0 fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 -;routeadd 1 fec1:0000:0000:0000:6a05:caff:fe30:21a0 64 -;routeadd 2 2012:0000:0000:0000:6a05:caff:fe30:2071 64 -;routeadd 3 2016:0000:0000:0000:6a05:caff:fe30:2071 64 +; routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> +routeadd net 0 203.16.100.20 0xff000000 +routeadd net 1 202.16.100.20 0xff000000 +routeadd net 2 173.16.40.20 0xff000000 +routeadd net 3 172.16.40.20 0xff000000 + +;routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> +;routeadd net 0 fec0:0000:0000:0000:6a05:caff:fe30:21a0 64 +;routeadd net 1 fec1:0000:0000:0000:6a05:caff:fe30:21a0 64 +;routeadd net 2 2012:0000:0000:0000:6a05:caff:fe30:2071 64 +;routeadd net 3 2016:0000:0000:0000:6a05:caff:fe30:2071 64 ; IPv4 Static ARP ;p 1 arpadd 0 203.16.100.20 00:00:00:00:00:01 diff --git a/VNFs/vFW/config/VFW_SWLB_SinglePortPair_script.tc b/VNFs/vFW/config/VFW_SWLB_SinglePortPair_script.tc index d85e17b9..b9dd226b 100644 --- a/VNFs/vFW/config/VFW_SWLB_SinglePortPair_script.tc +++ b/VNFs/vFW/config/VFW_SWLB_SinglePortPair_script.tc @@ -22,17 +22,21 @@ link 1 config 172.16.40.10 8 ;link 1 config 2012:0000:0000:0000:6a05:caff:fe30:2071 64 link 1 up -; routeadd <port #> <ipv4 nhip address in decimal> <Mask> -routeadd 0 202.16.100.20 0xff000000 -routeadd 1 172.16.40.20 0xff000000 +; routeadd <net/host> <port #> <ipv4 nhip address in decimal> <Mask/NotApplicable> +;routeadd host 0 202.16.100.20 +;routeadd host 1 172.16.40.20 +routeadd net 0 202.16.100.20 0xff000000 +routeadd net 1 172.16.40.20 0xff000000 -;routeadd <port #> <ipv6 nhip address in hex> <Depth> -;routeadd 0 fec0::6a05:caff:fe30:21b0 64 -;routeadd 1 2012::6a05:caff:fe30:2081 64 +;routeadd <net/host> <port #> <ipv6 nhip address in hex> <Depth/NotApplicable> +;routeadd host 0 fec0::6a05:caff:fe30:21b0 +;routeadd host 1 2012::6a05:caff:fe30:2081 +routeadd net 0 fec0::6a05:caff:fe30:21b0 64 +routeadd net 1 2012::6a05:caff:fe30:2081 64 ; IPv4 static ARP -;p 1 arpadd 1 172.16.40.20 00:00:00:00:00:04 -;p 1 arpadd 0 202.16.100.20 00:00:00:00:00:01 +p 1 arpadd 1 172.16.40.20 00:00:00:00:00:02 +p 1 arpadd 0 202.16.100.20 00:00:00:00:00:01 ; IPv6 static ARP ;p 1 arpadd 0 fec0::6a05:caff:fe30:21b0 00:00:00:00:00:01 diff --git a/VNFs/vFW/pipeline/pipeline_vfw_be.c b/VNFs/vFW/pipeline/pipeline_vfw_be.c index fed424e5..f0eab34b 100644 --- a/VNFs/vFW/pipeline/pipeline_vfw_be.c +++ b/VNFs/vFW/pipeline/pipeline_vfw_be.c @@ -24,7 +24,7 @@ */ #define EN_SWP_ACL 1 -#define EN_SWP_ARP 1 +//#define EN_SWP_ARP 1 #include <stdio.h> #include <stdlib.h> @@ -64,6 +64,7 @@ #include "lib_arp.h" #include "lib_icmpv6.h" #include "pipeline_common_fe.h" +#include "gateway.h" uint32_t timer_lcore; @@ -94,13 +95,6 @@ struct pipeline_vfw { uint8_t traffic_type; uint8_t links_map[PIPELINE_MAX_PORT_IN]; uint8_t outport_id[PIPELINE_MAX_PORT_IN]; - /* Local ARP & ND Tables */ - struct lib_arp_route_table_entry - local_lib_arp_route_table[MAX_ARP_RT_ENTRY]; - uint8_t local_lib_arp_route_ent_cnt; - struct lib_nd_route_table_entry - local_lib_nd_route_table[MAX_ND_RT_ENTRY]; - uint8_t local_lib_nd_route_ent_cnt; } __rte_cache_aligned; /** @@ -799,10 +793,12 @@ pkt4_work_vfw_arp_ipv4_packets(struct rte_mbuf **pkts, if (ret_arp_data->num_pkts >= NUM_DESC) { /* ICMP req sent, drop packet by * changing the mask */ - vfw_pipe->counters->pkts_drop_without_arp_entry++; + vfw_pipe->counters-> + pkts_drop_without_arp_entry++; continue; } else { - arp_pkts_mask |= pkt_mask; + //arp_pkts_mask |= pkt_mask; + *arp_hijack_mask |= pkt_mask; arp_queue_unresolved_packet(ret_arp_data, pkt); continue; } @@ -895,7 +891,8 @@ pkt_work_vfw_arp_ipv4_packets(struct rte_mbuf *pkts, if (ret_arp_data->num_pkts >= NUM_DESC) { /* ICMP req sent, drop packet by * changing the mask */ - vfw_pipe->counters->pkts_drop_without_arp_entry++; + vfw_pipe->counters-> + pkts_drop_without_arp_entry++; return; } else { arp_pkts_mask |= pkt_mask; @@ -999,7 +996,8 @@ pkt4_work_vfw_arp_ipv6_packets(struct rte_mbuf **pkts, if (ret_nd_data->num_pkts >= NUM_DESC) { /* Drop the pkt */ *pkts_mask &= ~pkt_mask; - vfw_pipe->counters->pkts_drop_without_arp_entry++; + vfw_pipe->counters-> + pkts_drop_without_arp_entry++; continue; } else { arp_pkts_mask |= pkt_mask; @@ -1099,7 +1097,8 @@ pkt_work_vfw_arp_ipv6_packets(struct rte_mbuf *pkts, if (ret_nd_data->num_pkts >= NUM_DESC) { /* Drop the pkt */ *pkts_mask &= ~pkt_mask; - vfw_pipe->counters->pkts_drop_without_arp_entry++; + vfw_pipe->counters-> + pkts_drop_without_arp_entry++; return; } else { arp_pkts_mask |= pkt_mask; @@ -1116,211 +1115,257 @@ pkt_work_vfw_arp_ipv6_packets(struct rte_mbuf *pkts, #else /** - * walk every valid mbuf (denoted by pkts_mask) and apply arp to the packet. + * walk every valid mbuf (denoted by pkts_mask) and forward the packet. * To support synproxy, some (altered) packets may need to be sent back where * they came from. The ip header has already been adjusted, but the ethernet * header has not, so this must be performed here. - * Return an updated pkts_mask, since arp may drop some packets + * Return an updated pkts_mask and arp_hijack_mask since arp may drop some packets * * @param pkts - * A pointer to the packet. + * A pointer to the packet array. * @param pkts_mask - * Packet mask - * @param synproxy_reply_mask - * Reply Packet mask for Synproxy + * Packets mask to be processed + * @param arp_hijack_mask + * Packets to be hijacked for arp buffering * @param vfw_pipe * A pointer to VFW pipeline. */ -static uint64_t -rte_vfw_arp_ipv4_packets(struct rte_mbuf **pkts, - uint64_t pkts_mask, - uint64_t synproxy_reply_mask, - struct pipeline_vfw *vfw_pipe) +static void vfw_fwd_pkts_ipv4(struct rte_mbuf **pkts, uint64_t *pkts_mask, + uint64_t *arp_hijack_mask, struct pipeline_vfw *vfw_pipe) { - uint64_t pkts_to_arp = pkts_mask; + uint64_t pkts_to_arp = *pkts_mask; - uint32_t ret; - uint32_t dest_if = INVALID_DESTIF; - for (; pkts_to_arp;) { - struct ether_addr hw_addr; - struct mbuf_tcp_meta_data *meta_data_addr; - struct ether_hdr *ehdr; - struct rte_mbuf *pkt; - uint16_t phy_port; - - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_arp); - /* bitmask representing only this packet */ - uint64_t pkt_mask = 1LLU << pos; - /* remove this packet from remaining list */ - pkts_to_arp &= ~pkt_mask; - pkt = pkts[pos]; - int must_reverse = ((synproxy_reply_mask & pkt_mask) != 0); + for (; pkts_to_arp;) { - phy_port = pkt->port; - meta_data_addr = (struct mbuf_tcp_meta_data *) - RTE_MBUF_METADATA_UINT32_PTR(pkt, META_DATA_OFFSET); - ehdr = rte_vfw_get_ether_addr(pkt); + struct mbuf_tcp_meta_data *meta_data_addr; + struct ether_hdr *ehdr; + struct rte_mbuf *pkt; + uint32_t src_phy_port; + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_arp); + /* bitmask representing only this packet */ + uint64_t pkt_mask = 1LLU << pos; + /* remove this packet from remaining list */ + pkts_to_arp &= ~pkt_mask; + pkt = pkts[pos]; - struct ipv4_hdr *ihdr = (struct ipv4_hdr *) - RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); - uint32_t nhip = 0; + if(VFW_DEBUG) { + printf("----------------\n"); + print_pkt(pkt); + } - uint32_t dest_address = rte_bswap32(ihdr->dst_addr); - if (must_reverse) - rte_sp_exchange_mac_addresses(ehdr); - struct arp_entry_data *ret_arp_data = NULL; - ret_arp_data = get_dest_mac_addr_port(dest_address, - &dest_if, &ehdr->d_addr); - meta_data_addr->output_port = vfw_pipe->outport_id[dest_if]; - if (arp_cache_dest_mac_present(dest_if)) { + meta_data_addr = (struct mbuf_tcp_meta_data *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, META_DATA_OFFSET); - ether_addr_copy(get_link_hw_addr(dest_if), &ehdr->s_addr); - update_nhip_access(dest_if); - if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) { + ehdr = (struct ether_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, ETHERNET_START); - arp_send_buffered_pkts(ret_arp_data, - &ehdr->d_addr, vfw_pipe->outport_id[dest_if]); + src_phy_port = pkt->port; + uint32_t dst_phy_port = INVALID_DESTIF; - } + if(is_gateway()){ + struct ipv4_hdr *ipv4hdr = (struct ipv4_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); - } else { - if (unlikely(ret_arp_data == NULL)) { + /* Gateway Proc Starts */ - if (VFW_DEBUG) - printf("%s: NHIP Not Found, nhip:%x , " - "outport_id: %d\n", __func__, nhip, - vfw_pipe->outport_id[dest_if]); + struct arp_entry_data *ret_arp_data = NULL; + struct ether_addr dst_mac; + uint32_t nhip = 0; + uint32_t dst_ip_addr = rte_bswap32(ipv4hdr->dst_addr); - /* Drop the pkt */ - vfw_pipe->counters-> - pkts_drop_without_arp_entry++; - continue; - } - if (ret_arp_data->status == INCOMPLETE || - ret_arp_data->status == PROBE) { - if (ret_arp_data->num_pkts >= NUM_DESC) { - /* ICMP req sent, drop packet by - * changing the mask */ - vfw_pipe->counters->pkts_drop_without_arp_entry++; - continue; - } else { - arp_pkts_mask |= pkt_mask; - arp_queue_unresolved_packet(ret_arp_data, pkt); - continue; - } -} - } + gw_get_nh_port_ipv4(dst_ip_addr, &dst_phy_port, &nhip); - } + ret_arp_data = get_dest_mac_addr_ipv4(nhip, dst_phy_port, &dst_mac); + + /* Gateway Proc Ends */ + + if (arp_cache_dest_mac_present(dst_phy_port)) { + + ether_addr_copy(&dst_mac, &ehdr->d_addr); + ether_addr_copy(get_link_hw_addr(dst_phy_port), &ehdr->s_addr); + + meta_data_addr->output_port = vfw_pipe->outport_id[dst_phy_port]; + + update_nhip_access(dst_phy_port); + + if (unlikely(ret_arp_data && ret_arp_data->num_pkts)) { + + arp_send_buffered_pkts(ret_arp_data, &ehdr->d_addr, + vfw_pipe->outport_id[dst_phy_port]); + } + + } else { + if (unlikely(ret_arp_data == NULL)) { + + printf("NHIP Not Found\n"); + + /* Drop the pkt */ + vfw_pipe->counters-> + pkts_drop_without_arp_entry++; + continue; + } + if (ret_arp_data->status == INCOMPLETE || + ret_arp_data->status == PROBE) { + if (ret_arp_data->num_pkts >= NUM_DESC) { + /* ICMP req sent, drop packet by + * changing the mask */ + vfw_pipe->counters->pkts_drop_without_arp_entry++; + continue; + } else { + *arp_hijack_mask |= pkt_mask; + arp_queue_unresolved_packet(ret_arp_data, pkt); + continue; + } + } + } + } else { + /* IP Pkt forwarding based on pub/prv mapping */ + if(is_phy_port_privte(src_phy_port)) + dst_phy_port = prv_to_pub_map[src_phy_port]; + else + dst_phy_port = pub_to_prv_map[src_phy_port]; + + meta_data_addr->output_port = vfw_pipe->outport_id[dst_phy_port]; + + if(VFW_DEBUG) { + printf("IP_PKT_FWD: src_phy_port=%d, dst_phy_port=%d\n", + src_phy_port, dst_phy_port); + } + } + + if(VFW_DEBUG) + print_pkt(pkt); + } - return pkts_mask; } + /** - * walk every valid mbuf (denoted by pkts_mask) and apply arp to the packet. + * walk every valid mbuf (denoted by pkts_mask) and forward the packet. * To support synproxy, some (altered) packets may need to be sent back where * they came from. The ip header has already been adjusted, but the ethernet * header has not, so this must be performed here. - * Return an updated pkts_mask, since arp may drop some packets + * Return an updated pkts_mask and arp_hijack_mask since arp may drop some packets * * @param pkts - * A pointer to the packet. + * A pointer to the packet array. * @param pkts_mask - * Packet mask - * @param synproxy_reply_mask - * Reply Packet mask for Synproxy + * Packets mask to be processed + * @param arp_hijack_mask + * Packets to be hijacked for arp buffering * @param vfw_pipe * A pointer to VFW pipeline. */ - - static uint64_t -rte_vfw_arp_ipv6_packets(struct rte_mbuf **pkts, - uint64_t pkts_mask, - uint64_t synproxy_reply_mask, - struct pipeline_vfw *vfw_pipe) +static void vfw_fwd_pkts_ipv6(struct rte_mbuf **pkts, uint64_t *pkts_mask, + uint64_t *arp_hijack_mask, struct pipeline_vfw *vfw_pipe) { - uint64_t pkts_to_arp = pkts_mask; - uint8_t nh_ipv6[IPV6_ADD_SIZE]; - uint32_t ret; - uint32_t dest_if = INVALID_DESTIF; + uint64_t pkts_to_arp = *pkts_mask; - for (; pkts_to_arp;) { - struct ether_addr hw_addr; - struct mbuf_tcp_meta_data *meta_data_addr; - struct ether_hdr *ehdr; - struct rte_mbuf *pkt; - uint16_t phy_port; + for (; pkts_to_arp;) { - uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_arp); - /* bitmask representing only this packet */ - uint64_t pkt_mask = 1LLU << pos; - /* remove this packet from remaining list */ - pkts_to_arp &= ~pkt_mask; - pkt = pkts[pos]; - int must_reverse = ((synproxy_reply_mask & pkt_mask) != 0); + struct mbuf_tcp_meta_data *meta_data_addr; + struct ether_hdr *ehdr; + struct rte_mbuf *pkt; + uint32_t src_phy_port; - phy_port = pkt->port; - meta_data_addr = (struct mbuf_tcp_meta_data *) - RTE_MBUF_METADATA_UINT32_PTR(pkt, META_DATA_OFFSET); - ehdr = rte_vfw_get_ether_addr(pkt); + struct nd_entry_data *ret_nd_data = NULL; - struct ipv6_hdr *ihdr = (struct ipv6_hdr *) - RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); + uint8_t pos = (uint8_t) __builtin_ctzll(pkts_to_arp); + /* bitmask representing only this packet */ + uint64_t pkt_mask = 1LLU << pos; + /* remove this packet from remaining list */ + pkts_to_arp &= ~pkt_mask; + pkt = pkts[pos]; - uint8_t nhip[IPV6_ADD_SIZE]; - uint8_t dest_address[IPV6_ADD_SIZE]; + if(VFW_DEBUG) { + printf("----------------\n"); + print_pkt(pkt); + } - memset(nhip, 0, IPV6_ADD_SIZE); - if (must_reverse) - rte_sp_exchange_mac_addresses(ehdr); + meta_data_addr = (struct mbuf_tcp_meta_data *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, META_DATA_OFFSET); - rte_mov16(dest_address, ihdr->dst_addr); - memset(nh_ipv6, 0, IPV6_ADD_SIZE); - struct nd_entry_data *ret_nd_data = NULL; - ret_nd_data = get_dest_mac_address_ipv6_port( - &dest_address[0], - &dest_if, - &hw_addr, - &nh_ipv6[0]); + ehdr = (struct ether_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, ETHERNET_START); - meta_data_addr->output_port = vfw_pipe-> - outport_id[dest_if]; - if (nd_cache_dest_mac_present(dest_if)) { - ether_addr_copy(get_link_hw_addr(dest_if), - &ehdr->s_addr); - update_nhip_access(dest_if); + src_phy_port = pkt->port; + uint32_t dst_phy_port = INVALID_DESTIF; - if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) { - nd_send_buffered_pkts(ret_nd_data, - &ehdr->d_addr, meta_data_addr->output_port); - } + if(is_gateway()){ + struct ipv6_hdr *ipv6hdr = (struct ipv6_hdr *) + RTE_MBUF_METADATA_UINT32_PTR(pkt, IP_START); - } else { - if (unlikely(ret_nd_data == NULL)) { - pkts_mask &= ~pkt_mask; - vfw_pipe->counters-> - pkts_drop_without_arp_entry++; - continue; - } - if (ret_nd_data->status == INCOMPLETE || - ret_nd_data->status == PROBE) { - if (ret_nd_data->num_pkts >= NUM_DESC) { - /* Drop the pkt */ - pkts_mask &= ~pkt_mask; - vfw_pipe->counters-> - pkts_drop_without_arp_entry++; - continue; - } else { - arp_pkts_mask |= pkt_mask; - nd_queue_unresolved_packet(ret_nd_data, pkt); - continue; - } - } - } + /* Gateway Proc Starts */ - } + struct ether_addr dst_mac; + uint32_t dst_phy_port = INVALID_DESTIF; + uint8_t nhipv6[IPV6_ADD_SIZE]; + uint8_t dest_ipv6_address[IPV6_ADD_SIZE]; + memset(nhipv6, 0, IPV6_ADD_SIZE); + src_phy_port = pkt->port; + rte_mov16(dest_ipv6_address, (uint8_t *)ipv6hdr->dst_addr); + + gw_get_nh_port_ipv6(dest_ipv6_address, &dst_phy_port, nhipv6); + + ret_nd_data = get_dest_mac_addr_ipv6(nhipv6, dst_phy_port, &dst_mac); + + /* Gateway Proc Ends */ + + if (nd_cache_dest_mac_present(dst_phy_port)) { + + ether_addr_copy(&dst_mac, &ehdr->d_addr); + ether_addr_copy(get_link_hw_addr(dst_phy_port), &ehdr->s_addr); + + meta_data_addr->output_port = vfw_pipe->outport_id[dst_phy_port]; - return pkts_mask; + update_nhip_access(dst_phy_port); + + if (unlikely(ret_nd_data && ret_nd_data->num_pkts)) { + nd_send_buffered_pkts(ret_nd_data, &ehdr->d_addr, + vfw_pipe->outport_id[dst_phy_port]); + } + + } else { + if (unlikely(ret_nd_data == NULL)) { + + printf("NHIP Not Found\n"); + + /* Drop the pkt */ + vfw_pipe->counters->pkts_drop_without_arp_entry++; + continue; + } + if (ret_nd_data->status == INCOMPLETE || + ret_nd_data->status == PROBE) { + if (ret_nd_data->num_pkts >= NUM_DESC) { + /* ICMP req sent, drop packet by + * changing the mask */ + vfw_pipe->counters->pkts_drop_without_arp_entry++; + continue; + } else { + *arp_hijack_mask |= pkt_mask; + nd_queue_unresolved_packet(ret_nd_data, pkt); + continue; + } + } + } + + } else { + /* IP Pkt forwarding based on pub/prv mapping */ + if(is_phy_port_privte(src_phy_port)) + dst_phy_port = prv_to_pub_map[src_phy_port]; + else + dst_phy_port = pub_to_prv_map[src_phy_port]; + + meta_data_addr->output_port = vfw_pipe->outport_id[dst_phy_port]; + + if(VFW_DEBUG) { + printf("IP_PKT_FWD: src_phy_port=%d, dst_phy_port=%d\n", + src_phy_port, dst_phy_port); + } + } + if(VFW_DEBUG) + print_pkt(pkt); + } } #endif @@ -1516,9 +1561,9 @@ vfw_port_in_action_ipv4(struct rte_pipeline *p, uint64_t packet_mask_in = RTE_LEN2MASK(n_pkts, uint64_t); uint64_t pkts_drop_mask; - uint64_t hijack_mask = 0; - arp_pkts_mask = 0; - uint64_t synproxy_reply_mask = 0; /* for synproxy */ + uint64_t synp_hijack_mask = 0; + uint64_t arp_hijack_mask = 0; +// uint64_t synproxy_reply_mask; /* for synproxy */ uint64_t keep_mask = packet_mask_in; uint64_t conntrack_mask = 0, connexist_mask = 0; @@ -1598,8 +1643,8 @@ vfw_port_in_action_ipv4(struct rte_pipeline *p, if (likely(cnxn_tracking_is_active)) { rte_ct_cnxn_tracker_batch_lookup_type(ct, pkts, &keep_mask, &ct_helper, IPv4_HEADER_SIZE); - synproxy_reply_mask = ct_helper.reply_pkt_mask; - hijack_mask = ct_helper.hijack_mask; +// synproxy_reply_mask = ct_helper.reply_pkt_mask; + synp_hijack_mask = ct_helper.hijack_mask; } @@ -1637,9 +1682,9 @@ vfw_port_in_action_ipv4(struct rte_pipeline *p, #else rte_prefetch0((void*)in_port_dir_a); rte_prefetch0((void*)prv_to_pub_map); - rte_prefetch0((void*) & vfw_pipe->local_lib_arp_route_table); - keep_mask = rte_vfw_arp_ipv4_packets(pkts, keep_mask, - synproxy_reply_mask, vfw_pipe); + + vfw_fwd_pkts_ipv4(pkts, &keep_mask, &arp_hijack_mask, vfw_pipe); + #endif if (vfw_debug > 1) { @@ -1651,9 +1696,14 @@ vfw_port_in_action_ipv4(struct rte_pipeline *p, (void *)keep_mask); } - /* Update mask before returning, so that bad packets are dropped */ - if (arp_pkts_mask) { - rte_pipeline_ah_packet_hijack(p, arp_pkts_mask); + /* Hijack the Synproxy and ARP buffered packets */ + + if (unlikely(arp_hijack_mask || synp_hijack_mask)) { + +// printf("Pkts hijacked arp = %lX, synp = %lX\n", +// arp_hijack_mask, synp_hijack_mask); + + rte_pipeline_ah_packet_hijack(p,(arp_hijack_mask | synp_hijack_mask)); } pkts_drop_mask = packet_mask_in & ~keep_mask; @@ -1663,9 +1713,6 @@ vfw_port_in_action_ipv4(struct rte_pipeline *p, rte_pipeline_ah_packet_drop(p, pkts_drop_mask); } - if (unlikely(hijack_mask != 0)) - rte_pipeline_ah_packet_hijack(p, hijack_mask); - vfw_pipe->counters->num_batch_pkts_sum += n_pkts; vfw_pipe->counters->num_pkts_measurements++; @@ -1705,8 +1752,10 @@ vfw_port_in_action_ipv6(struct rte_pipeline *p, uint64_t packet_mask_in = RTE_LEN2MASK(n_pkts, uint64_t); uint64_t pkts_drop_mask; - uint64_t hijack_mask = 0; - uint64_t synproxy_reply_mask = 0; /* for synproxy */ + uint64_t synp_hijack_mask = 0; + uint64_t arp_hijack_mask = 0; +// uint64_t hijack_mask = 0; +// uint64_t synproxy_reply_mask = 0; /* for synproxy */ uint64_t keep_mask = packet_mask_in; uint64_t conntrack_mask = 0, connexist_mask = 0; @@ -1782,8 +1831,8 @@ vfw_port_in_action_ipv6(struct rte_pipeline *p, if (likely(cnxn_tracking_is_active)) { rte_ct_cnxn_tracker_batch_lookup_type(ct, pkts, &keep_mask, &ct_helper, IPv6_HEADER_SIZE); - synproxy_reply_mask = ct_helper.reply_pkt_mask; - hijack_mask = ct_helper.hijack_mask; +// synproxy_reply_mask = ct_helper.reply_pkt_mask; + synp_hijack_mask = ct_helper.hijack_mask; } @@ -1795,7 +1844,7 @@ vfw_port_in_action_ipv6(struct rte_pipeline *p, ETHERNET_START)); } rte_prefetch0((void*)in_port_dir_a); - rte_prefetch0(vfw_pipe->local_lib_nd_route_table); + // rte_prefetch0(vfw_pipe->local_lib_nd_route_table); uint32_t i; for (i = 0; i < (n_pkts & (~0x3LLU)); i += 4) { @@ -1820,9 +1869,9 @@ vfw_port_in_action_ipv6(struct rte_pipeline *p, } #else rte_prefetch0((void*)in_port_dir_a); - rte_prefetch0((void*) & vfw_pipe->local_lib_arp_route_table); - keep_mask = rte_vfw_arp_ipv6_packets(pkts, keep_mask, - synproxy_reply_mask, vfw_pipe); + + vfw_fwd_pkts_ipv6(pkts, &keep_mask, &arp_hijack_mask, vfw_pipe); + #endif if (vfw_debug > 1) { @@ -1834,6 +1883,16 @@ vfw_port_in_action_ipv6(struct rte_pipeline *p, (void *)keep_mask); } + /* Hijack the Synproxy and ARP buffered packets */ + + if (unlikely(arp_hijack_mask || synp_hijack_mask)) { + +// printf("Pkts hijacked arp = %lX, synp = %lX\n", +// arp_hijack_mask, synp_hijack_mask); + + rte_pipeline_ah_packet_hijack(p,(arp_hijack_mask | synp_hijack_mask)); + } + /* Update mask before returning, so that bad packets are dropped */ pkts_drop_mask = packet_mask_in & ~keep_mask; @@ -1843,9 +1902,6 @@ vfw_port_in_action_ipv6(struct rte_pipeline *p, rte_pipeline_ah_packet_drop(p, pkts_drop_mask); } - if (unlikely(hijack_mask != 0)) - rte_pipeline_ah_packet_hijack(p, hijack_mask); - vfw_pipe->counters->num_batch_pkts_sum += n_pkts; vfw_pipe->counters->num_pkts_measurements++; |