From 87742b4f541d389e745f0297d134e34f17b5b485 Mon Sep 17 00:00:00 2001 From: Pim van Pelt Date: Tue, 24 Aug 2021 00:26:06 +0200 Subject: [PATCH] Add netlink address add/del Straight forward addition/removal of IPv4 and IPv6 addresses on interfaces. One thing I noticed, which isn't a concern but an unfortunate issue, looking at the following sequence: ip addr add 10.0.1.1/30 dev e0 debug linux-cp/nl addr_add: netlink route/addr: add idx 1488 family inet local 10.0.1.1/30 flags 0x0080 (permanent) warn linux-cp/nl dispatch: ignored route/route: add family inet type 2 proto 2 table 255 dst 10.0.1.1 nexthops { idx 1488 } warn linux-cp/nl dispatch: ignored route/route: add family inet type 1 proto 2 table 254 dst 10.0.1.0/30 nexthops { idx 1488 } warn linux-cp/nl dispatch: ignored route/route: add family inet type 3 proto 2 table 255 dst 10.0.1.0 nexthops { idx 1488 } warn linux-cp/nl dispatch: ignored route/route: add family inet type 3 proto 2 table 255 dst 10.0.1.3 nexthops { idx 1488 } ping 10.0.1.2 debug linux-cp/nl neigh_add: netlink route/neigh: add idx 1488 family inet lladdr 68:05:ca:32:45:94 dst 10.0.1.2 state 0x0002 (reachable) flags 0x0000 notice linux-cp/nl neigh_add: Added 10.0.1.2 lladdr 68:05:ca:32:45:94 iface TenGigabitEthernet3/0/0 ip addr del 10.0.1.1/30 dev e0 debug linux-cp/nl addr_del: netlink route/addr: del idx 1488 family inet local 10.0.1.1/30 flags 0x0080 (permanent) notice linux-cp/nl addr_del: Deleted 10.0.1.1/30 iface TenGigabitEthernet3/0/0 warn linux-cp/nl dispatch: ignored route/route: del family inet type 1 proto 2 table 254 dst 10.0.1.0/30 nexthops { idx 1488 } warn linux-cp/nl dispatch: ignored route/route: del family inet type 3 proto 2 table 255 dst 10.0.1.3 nexthops { idx 1488 } warn linux-cp/nl dispatch: ignored route/route: del family inet type 3 proto 2 table 255 dst 10.0.1.0 nexthops { idx 1488 } warn linux-cp/nl dispatch: ignored route/route: del family inet type 2 proto 2 table 255 dst 10.0.1.1 nexthops { idx 1488 } debug linux-cp/nl neigh_del: netlink route/neigh: del idx 1488 family inet lladdr 68:05:ca:32:45:94 dst 10.0.1.2 state 0x0002 (reachable) flags 0x0000 error linux-cp/nl neigh_del: Failed 10.0.1.2 iface TenGigabitEthernet3/0/0 It is this very last message that's a bit of a concern -- the ping brought the lladdr into the neighbor cache; and the subsequent address deletion first removed the address, then all the typical local routes (the connected, the broadcast, the network, and the self/local); but then as well explicitly deleted the neighbor, which is correct behavior for Linux, except that VPP already invalidates the neighbor cache and adds/removes the connected routes for example in ip/ip4_forward.c L826-L830 and L583. I predict more of these false positive 'errors' like the one on neigh_del() beacuse interface/route addition/deletion is slightly different in VPP than in Linux. I may have to reclassify the errors as warnings otherwise. --- lcpng_netlink.c | 4 ++ lcpng_netlink.h | 2 + lcpng_nl_sync.c | 149 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 155 insertions(+) diff --git a/lcpng_netlink.c b/lcpng_netlink.c index 7e6dbf4..49b6fef 100644 --- a/lcpng_netlink.c +++ b/lcpng_netlink.c @@ -207,6 +207,10 @@ lcp_nl_dispatch (struct nl_object *obj, void *arg) return lcp_nl_neigh_add ((struct rtnl_neigh *) obj); case RTM_DELNEIGH: return lcp_nl_neigh_del ((struct rtnl_neigh *) obj); + case RTM_NEWADDR: + return lcp_nl_addr_add ((struct rtnl_addr *) obj); + case RTM_DELADDR: + return lcp_nl_addr_del ((struct rtnl_addr *) obj); default: NL_WARN ("dispatch: ignored %U", format_nl_object, obj); break; diff --git a/lcpng_netlink.h b/lcpng_netlink.h index 9ba384a..1aefaf4 100644 --- a/lcpng_netlink.h +++ b/lcpng_netlink.h @@ -83,6 +83,8 @@ u8 *format_nl_object (u8 *s, va_list *args); */ void lcp_nl_neigh_add (struct rtnl_neigh *rn); void lcp_nl_neigh_del (struct rtnl_neigh *rn); +void lcp_nl_addr_add (struct rtnl_addr *ra); +void lcp_nl_addr_del (struct rtnl_addr *ra); /* * fd.io coding-style-patch-verification: ON diff --git a/lcpng_nl_sync.c b/lcpng_nl_sync.c index 7dcbad2..5df2241 100644 --- a/lcpng_nl_sync.c +++ b/lcpng_nl_sync.c @@ -52,6 +52,155 @@ lcp_nl_mk_mac_addr (const struct nl_addr *rna, mac_address_t *mac) mac_address_from_bytes (mac, nl_addr_get_binary_addr (rna)); } +static const mfib_prefix_t ip4_specials[] = { + /* ALL prefixes are in network order */ + { + /* (*,224.0.0.0)/24 - all local subnet */ + .fp_grp_addr = { + .ip4.data_u32 = 0x000000e0, + }, + .fp_len = 24, + .fp_proto = FIB_PROTOCOL_IP4, + }, +}; + +static void +lcp_nl_ip4_mroutes_add_del (u32 sw_if_index, u8 is_add) +{ + const fib_route_path_t path = { + .frp_proto = DPO_PROTO_IP4, + .frp_addr = zero_addr, + .frp_sw_if_index = sw_if_index, + .frp_fib_index = ~0, + .frp_weight = 1, + .frp_mitf_flags = MFIB_ITF_FLAG_ACCEPT, + }; + u32 mfib_index; + int ii; + + mfib_index = + mfib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index); + + for (ii = 0; ii < ARRAY_LEN (ip4_specials); ii++) + { + if (is_add) + { + mfib_table_entry_path_update (mfib_index, &ip4_specials[ii], + MFIB_SOURCE_PLUGIN_LOW, &path); + } + else + { + mfib_table_entry_path_remove (mfib_index, &ip4_specials[ii], + MFIB_SOURCE_PLUGIN_LOW, &path); + } + } +} + +static const mfib_prefix_t ip6_specials[] = { + /* ALL prefixes are in network order */ + { + /* (*,ff00::)/8 - all local subnet */ + .fp_grp_addr = { + .ip6.as_u64[0] = 0x00000000000000ff, + }, + .fp_len = 8, + .fp_proto = FIB_PROTOCOL_IP6, + }, +}; + +static void +lcp_nl_ip6_mroutes_add_del (u32 sw_if_index, u8 is_add) +{ + const fib_route_path_t path = { + .frp_proto = DPO_PROTO_IP6, + .frp_addr = zero_addr, + .frp_sw_if_index = sw_if_index, + .frp_fib_index = ~0, + .frp_weight = 1, + .frp_mitf_flags = MFIB_ITF_FLAG_ACCEPT, + }; + u32 mfib_index; + int ii; + + mfib_index = + mfib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index); + + for (ii = 0; ii < ARRAY_LEN (ip6_specials); ii++) + { + if (is_add) + { + mfib_table_entry_path_update (mfib_index, &ip6_specials[ii], + MFIB_SOURCE_PLUGIN_LOW, &path); + } + else + { + mfib_table_entry_path_remove (mfib_index, &ip6_specials[ii], + MFIB_SOURCE_PLUGIN_LOW, &path); + } + } +} + +static void +lcp_nl_addr_add_del (struct rtnl_addr *ra, int is_del) +{ + lcp_itf_pair_t *lip; + ip_address_t nh; + + NL_DBG ("addr_%s: netlink %U", is_del ? "del" : "add", format_nl_object, ra); + + if (!(lip = lcp_itf_pair_get ( + lcp_itf_pair_find_by_vif (rtnl_addr_get_ifindex (ra))))) + { + NL_WARN ("addr_%s: no LCP for %U ", is_del ? "del" : "add", + format_nl_object, ra); + return; + } + + lcp_nl_mk_ip_addr (rtnl_addr_get_local (ra), &nh); + + if (AF_IP4 == ip_addr_version (&nh)) + { + ip4_add_del_interface_address ( + vlib_get_main (), lip->lip_phy_sw_if_index, &ip_addr_v4 (&nh), + rtnl_addr_get_prefixlen (ra), is_del); + lcp_nl_ip4_mroutes_add_del (lip->lip_phy_sw_if_index, !is_del); + } + else if (AF_IP6 == ip_addr_version (&nh)) + { + if (ip6_address_is_link_local_unicast (&ip_addr_v6 (&nh))) + if (is_del) + ip6_link_disable (lip->lip_phy_sw_if_index); + else + { + ip6_link_enable (lip->lip_phy_sw_if_index, NULL); + ip6_link_set_local_address (lip->lip_phy_sw_if_index, + &ip_addr_v6 (&nh)); + } + else + ip6_add_del_interface_address ( + vlib_get_main (), lip->lip_phy_sw_if_index, &ip_addr_v6 (&nh), + rtnl_addr_get_prefixlen (ra), is_del); + lcp_nl_ip6_mroutes_add_del (lip->lip_phy_sw_if_index, !is_del); + } + + NL_NOTICE ("addr_%s %U/%d iface %U", is_del ? "del: Deleted" : "add: Added", + format_ip_address, &nh, rtnl_addr_get_prefixlen (ra), + format_vnet_sw_if_index_name, vnet_get_main (), + lip->lip_phy_sw_if_index); +} + +void +lcp_nl_addr_add (struct rtnl_addr *ra) +{ + lcp_nl_addr_add_del (ra, 0); +} + +void +lcp_nl_addr_del (struct rtnl_addr *ra) +{ + lcp_nl_addr_add_del (ra, 1); +} + void lcp_nl_neigh_add (struct rtnl_neigh *rn) {