fib: Register multicast MAC with interface for accepting interfaces

Type: fix

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ic6c76b65e2dcc08916373153944507a297c962c0
diff --git a/src/vnet/ethernet/packet.h b/src/vnet/ethernet/packet.h
index 13d7daf..e1e42ba 100644
--- a/src/vnet/ethernet/packet.h
+++ b/src/vnet/ethernet/packet.h
@@ -64,20 +64,20 @@
 
 /* I/G bit: individual (unicast)/group (broadcast/multicast). */
 always_inline uword
-ethernet_address_cast (u8 * a)
+ethernet_address_cast (const u8 * a)
 {
   return (a[0] >> 0) & 1;
 }
 
 always_inline int
-ethernet_address_is_broadcast (u8 * a)
+ethernet_address_is_broadcast (const u8 * a)
 {
   return clib_mem_unaligned (a, u32) == 0xffffffff &&
     clib_mem_unaligned (a + 4, u16) == 0xffff;
 }
 
 always_inline uword
-ethernet_address_is_locally_administered (u8 * a)
+ethernet_address_is_locally_administered (const u8 * a)
 {
   return (a[0] >> 1) & 1;
 }
@@ -89,7 +89,7 @@
 }
 
 always_inline int
-eh_dst_addr_to_rx_ctype (ethernet_header_t * eh)
+eh_dst_addr_to_rx_ctype (const ethernet_header_t * eh)
 {
   if (PREDICT_TRUE (ethernet_address_cast (eh->dst_address) ==
 		    ETHERNET_ADDRESS_UNICAST))
@@ -107,7 +107,7 @@
 }
 
 always_inline int
-eh_dst_addr_to_tx_ctype (ethernet_header_t * eh)
+eh_dst_addr_to_tx_ctype (const ethernet_header_t * eh)
 {
   if (PREDICT_TRUE (ethernet_address_cast (eh->dst_address) ==
 		    ETHERNET_ADDRESS_UNICAST))
diff --git a/src/vnet/mfib/mfib_entry.c b/src/vnet/mfib/mfib_entry.c
index c08565d..471a689 100644
--- a/src/vnet/mfib/mfib_entry.c
+++ b/src/vnet/mfib/mfib_entry.c
@@ -992,12 +992,14 @@
     const fib_route_path_t *rpath;
     mfib_source_t current_best;
     mfib_path_ext_t *path_ext;
+    const mfib_prefix_t *pfx;
     mfib_entry_t *mfib_entry;
     mfib_entry_src_t *msrc;
     mfib_itf_flags_t old;
     u32 ii;
 
     mfib_entry = mfib_entry_get(mfib_entry_index);
+    pfx = mfib_entry_get_prefix(mfib_entry_index);
     ASSERT(NULL != mfib_entry);
     current_best = mfib_entry_get_best_source(mfib_entry);
     msrc = mfib_entry_src_find_or_create(mfib_entry, source);
@@ -1051,13 +1053,23 @@
 
                 if (NULL == mfib_itf)
                 {
+                    index_t mfib_itf_i = mfib_itf_create(path_index,
+                                                         rpath->frp_mitf_flags);
                     mfib_entry_itf_add(msrc,
                                        rpath->frp_sw_if_index,
-                                       mfib_itf_create(path_index,
-                                                       rpath->frp_mitf_flags));
+                                       mfib_itf_i);
+
+                    if (MFIB_ITF_FLAG_ACCEPT & rpath->frp_mitf_flags)
+                    {
+                        /* new accepting interface - add the mac to the driver */
+                        mfib_itf_mac_add(mfib_itf_get(mfib_itf_i), pfx);
+                    }
                 }
                 else
                 {
+                    u8 was_accept = !!(old & MFIB_ITF_FLAG_ACCEPT);
+                    u8 is_accept = !!(rpath->frp_mitf_flags & MFIB_ITF_FLAG_ACCEPT);
+
                     if (mfib_itf_update(mfib_itf,
                                         path_index,
                                         rpath->frp_mitf_flags))
@@ -1066,8 +1078,32 @@
                          * no more interface flags on this path, remove
                          * from the data-plane set
                          */
+                        if (was_accept)
+                        {
+                            mfib_itf_mac_del(mfib_itf, pfx);
+
+                        }
                         mfib_entry_itf_remove(msrc, rpath->frp_sw_if_index);
                     }
+                    else
+                    {
+                        /*
+                         * is there a change to the ACCEPT flag that
+                         * requires us to update hte driver with the
+                         * MAC
+                         */
+                        if (is_accept != was_accept)
+                        {
+                            if (is_accept)
+                            {
+                                mfib_itf_mac_add(mfib_itf, pfx);
+                            }
+                            else if (was_accept)
+                            {
+                                mfib_itf_mac_del(mfib_itf, pfx);
+                            }
+                        }
+                    }
                 }
             }
         }
@@ -1091,11 +1127,13 @@
     fib_node_index_t path_index, *path_indices;
     const fib_route_path_t *rpath;
     mfib_source_t current_best;
+    const mfib_prefix_t *pfx;
     mfib_entry_t *mfib_entry;
     mfib_entry_src_t *msrc;
     u32 ii;
 
     mfib_entry = mfib_entry_get(mfib_entry_index);
+    pfx = mfib_entry_get_prefix(mfib_entry_index);
     ASSERT(NULL != mfib_entry);
     current_best = mfib_entry_get_best_source(mfib_entry);
     msrc = mfib_entry_src_find(mfib_entry, source, NULL);
@@ -1128,21 +1166,37 @@
         mfib_path_ext_remove(msrc, path_index);
         if (mfib_entry_path_itf_based(rpath))
         {
+            u8 was_accept, is_accept;
             mfib_itf_t *mfib_itf;
 
             mfib_itf = mfib_entry_itf_find(msrc->mfes_itfs,
                                            rpath->frp_sw_if_index);
+            was_accept = !!(MFIB_ITF_FLAG_ACCEPT & mfib_itf->mfi_flags);
 
             if (mfib_itf_update(mfib_itf,
                                 path_index,
                                 MFIB_ITF_FLAG_NONE))
             {
+                if (was_accept)
+                {
+                    mfib_itf_mac_del(mfib_itf, pfx);                    
+                }
+
                 /*
                  * no more interface flags on this path, remove
                  * from the data-plane set
                  */
                 mfib_entry_itf_remove(msrc, rpath->frp_sw_if_index);
             }
+            else
+            {
+                is_accept = !!(MFIB_ITF_FLAG_ACCEPT & mfib_itf->mfi_flags);
+
+                if (was_accept && !is_accept)
+                {
+                    mfib_itf_mac_del(mfib_itf, pfx);                    
+                }
+            }
         }
     }
     vec_free(path_indices);
diff --git a/src/vnet/mfib/mfib_itf.c b/src/vnet/mfib/mfib_itf.c
index 33ef987..decf765 100644
--- a/src/vnet/mfib/mfib_itf.c
+++ b/src/vnet/mfib/mfib_itf.c
@@ -109,6 +109,79 @@
     };
 }
 
+static void
+mfib_itf_prefix4_to_mac (const mfib_prefix_t *pfx,
+                         mac_address_t *mac)
+{
+    mac->bytes[0] = 0x01;
+    mac->bytes[1] = 0x0;
+    mac->bytes[2] = 0x5e;
+    mac->bytes[3] = pfx->fp_grp_addr.ip4.as_u8[1] & 0x7f;
+    mac->bytes[4] = pfx->fp_grp_addr.ip4.as_u8[2];
+    mac->bytes[5] = pfx->fp_grp_addr.ip4.as_u8[3];
+}
+
+static void
+mfib_itf_prefix6_to_mac (const mfib_prefix_t *pfx,
+                         mac_address_t *mac)
+{
+    mac->bytes[0] = 0x33;
+    mac->bytes[1] = 0x33;
+    mac->bytes[2] = pfx->fp_grp_addr.ip6.as_u8[12];
+    mac->bytes[3] = pfx->fp_grp_addr.ip6.as_u8[13];
+    mac->bytes[4] = pfx->fp_grp_addr.ip6.as_u8[14];
+    mac->bytes[5] = pfx->fp_grp_addr.ip6.as_u8[15];
+}
+
+static void
+mfib_itf_prefix_to_mac (const mfib_prefix_t *pfx,
+                        mac_address_t *mac)
+{
+    switch (pfx->fp_proto)
+    {
+    case FIB_PROTOCOL_IP4:
+        mfib_itf_prefix4_to_mac(pfx, mac);
+        break;
+    case FIB_PROTOCOL_IP6:
+        mfib_itf_prefix6_to_mac(pfx, mac);
+        break;
+    case FIB_PROTOCOL_MPLS:
+        break;
+    }
+}
+
+static void
+mfib_itf_mac_add_del (mfib_itf_t *itf,
+                      const mfib_prefix_t *pfx,
+                      int add)
+{
+    vnet_sw_interface_t *si;
+    vnet_main_t *vnm;
+    mac_address_t mac;
+
+    vnm = vnet_get_main();
+    mfib_itf_prefix_to_mac(pfx, &mac);
+
+    si = vnet_get_sw_interface(vnm, itf->mfi_sw_if_index);
+    vnet_hw_interface_add_del_mac_address (vnet_get_main(),
+                                           si->hw_if_index,
+                                           mac.bytes, add);
+}
+
+void
+mfib_itf_mac_add (mfib_itf_t *itf,
+                  const mfib_prefix_t *pfx)
+{
+    mfib_itf_mac_add_del(itf, pfx, 1);
+}
+
+void
+mfib_itf_mac_del (mfib_itf_t *itf,
+                  const mfib_prefix_t *pfx)
+{
+    mfib_itf_mac_add_del(itf, pfx, 0);
+}
+
 void
 mfib_itf_delete (mfib_itf_t *mfi)
 {
diff --git a/src/vnet/mfib/mfib_itf.h b/src/vnet/mfib/mfib_itf.h
index 295be1b..656f12d 100644
--- a/src/vnet/mfib/mfib_itf.h
+++ b/src/vnet/mfib/mfib_itf.h
@@ -69,6 +69,11 @@
 
 extern u8 *format_mfib_itf(u8 * s, va_list * args);
 
+extern void mfib_itf_mac_add(mfib_itf_t *itf,
+                             const mfib_prefix_t *pfx);
+extern void mfib_itf_mac_del(mfib_itf_t *itf,
+                             const mfib_prefix_t *pfx);
+
 extern mfib_itf_t *mfib_itf_pool;
 
 /**
diff --git a/src/vnet/pg/input.c b/src/vnet/pg/input.c
index 785592f..60fc96e 100644
--- a/src/vnet/pg/input.c
+++ b/src/vnet/pg/input.c
@@ -1823,6 +1823,124 @@
 };
 /* *INDENT-ON* */
 
+VLIB_NODE_FN (pg_input_mac_filter) (vlib_main_t * vm,
+				    vlib_node_runtime_t * node,
+				    vlib_frame_t * frame)
+{
+  vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
+  u16 nexts[VLIB_FRAME_SIZE], *next;
+  pg_main_t *pg = &pg_main;
+  u32 n_left, *from;
+
+  from = vlib_frame_vector_args (frame);
+  n_left = frame->n_vectors;
+  next = nexts;
+
+  clib_memset_u16 (next, 0, VLIB_FRAME_SIZE);
+
+  vlib_get_buffers (vm, from, bufs, n_left);
+
+  while (n_left)
+    {
+      const ethernet_header_t *eth;
+      pg_interface_t *pi;
+      mac_address_t in;
+
+      pi = pool_elt_at_index
+	(pg->interfaces,
+	 pg->if_id_by_sw_if_index[vnet_buffer (b[0])->sw_if_index[VLIB_RX]]);
+      eth = vlib_buffer_get_current (b[0]);
+
+      mac_address_from_bytes (&in, eth->dst_address);
+
+      if (PREDICT_FALSE (ethernet_address_cast (in.bytes)))
+	{
+	  mac_address_t *allowed;
+
+	  if (0 != vec_len (pi->allowed_mcast_macs))
+	    {
+	      vec_foreach (allowed, pi->allowed_mcast_macs)
+	      {
+		if (0 != mac_address_cmp (allowed, &in))
+		  break;
+	      }
+
+	      if (vec_is_member (allowed, pi->allowed_mcast_macs))
+		vnet_feature_next_u16 (&next[0], b[0]);
+	    }
+	}
+
+      b += 1;
+      next += 1;
+      n_left -= 1;
+    }
+
+  vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
+
+  return (frame->n_vectors);
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (pg_input_mac_filter) = {
+  .name = "pg-input-mac-filter",
+  .vector_size = sizeof (u32),
+  .format_trace = format_pg_input_trace,
+  .n_next_nodes = 1,
+  .next_nodes = {
+    [0] = "error-drop",
+  },
+};
+VNET_FEATURE_INIT (pg_input_mac_filter_feat, static) = {
+  .arc_name = "device-input",
+  .node_name = "pg-input-mac-filter",
+};
+/* *INDENT-ON* */
+
+static clib_error_t *
+pg_input_mac_filter_cfg (vlib_main_t * vm,
+			 unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+  unformat_input_t _line_input, *line_input = &_line_input;
+  u32 sw_if_index = ~0;
+  int is_enable;
+
+  if (!unformat_user (input, unformat_line_input, line_input))
+    return 0;
+
+  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (line_input, "%U",
+		    unformat_vnet_sw_interface,
+		    vnet_get_main (), &sw_if_index))
+	;
+      else if (unformat (line_input, "%U",
+			 unformat_vlib_enable_disable, &is_enable))
+	;
+      else
+	return clib_error_create ("unknown input `%U'",
+				  format_unformat_error, line_input);
+    }
+  unformat_free (line_input);
+
+  if (~0 == sw_if_index)
+    return clib_error_create ("specify interface");
+
+  vnet_feature_enable_disable ("device-input",
+			       "pg-input-mac-filter",
+			       sw_if_index, is_enable, 0, 0);
+
+  return NULL;
+}
+
+/* *INDENT-OFF* */
+VLIB_CLI_COMMAND (enable_streams_cli, static) = {
+  .path = "packet-generator mac-filter",
+  .short_help = "packet-generator mac-filter <INTERFACE> <on|off>",
+  .function = pg_input_mac_filter_cfg,
+};
+/* *INDENT-ON* */
+
+
 /*
  * fd.io coding-style-patch-verification: ON
  *
diff --git a/src/vnet/pg/pg.h b/src/vnet/pg/pg.h
index 06e6126..f5b5e5a 100644
--- a/src/vnet/pg/pg.h
+++ b/src/vnet/pg/pg.h
@@ -45,6 +45,7 @@
 #include <vppinfra/fifo.h>	/* for buffer_fifo */
 #include <vppinfra/pcap.h>
 #include <vnet/interface.h>
+#include <vnet/ethernet/mac_address.h>
 #include <vnet/gso/gro.h>
 
 extern vnet_device_class_t pg_dev_class;
@@ -312,6 +313,8 @@
   u32 gso_size;
   pcap_main_t pcap_main;
   char *pcap_file_name;
+
+  mac_address_t *allowed_mcast_macs;
 } pg_interface_t;
 
 /* Per VLIB node data. */
@@ -335,6 +338,7 @@
   /* Pool of interfaces. */
   pg_interface_t *interfaces;
   uword *if_index_by_if_id;
+  uword *if_id_by_sw_if_index;
 
   /* Vector of buffer indices for use in pg_stream_fill_replay, per thread */
   u32 **replay_buffers_by_thread;
diff --git a/src/vnet/pg/stream.c b/src/vnet/pg/stream.c
index 88c8937..6ea8090 100644
--- a/src/vnet/pg/stream.c
+++ b/src/vnet/pg/stream.c
@@ -139,6 +139,39 @@
   return 0;
 }
 
+static int
+pg_mac_address_cmp (const mac_address_t * m1, const mac_address_t * m2)
+{
+  return (!mac_address_cmp (m1, m2));
+}
+
+static clib_error_t *
+pg_add_del_mac_address (vnet_hw_interface_t * hi,
+			const u8 * address, u8 is_add)
+{
+  pg_main_t *pg = &pg_main;
+
+  if (ethernet_address_cast (address))
+    {
+      mac_address_t mac;
+      pg_interface_t *pi;
+
+      pi = pool_elt_at_index (pg->interfaces, hi->dev_instance);
+
+      mac_address_from_bytes (&mac, address);
+      if (is_add)
+	vec_add1 (pi->allowed_mcast_macs, mac);
+      else
+	{
+	  u32 pos = vec_search_with_function (pi->allowed_mcast_macs, &mac,
+					      pg_mac_address_cmp);
+	  if (~0 != pos)
+	    vec_del1 (pi->allowed_mcast_macs, pos);
+	}
+    }
+  return (NULL);
+}
+
 /* *INDENT-OFF* */
 VNET_DEVICE_CLASS (pg_dev_class) = {
   .name = "pg",
@@ -146,6 +179,7 @@
   .format_device_name = format_pg_interface_name,
   .format_tx_trace = format_pg_output_trace,
   .admin_up_down_function = pg_interface_admin_up_down,
+  .mac_addr_add_del_function = pg_add_del_mac_address,
 };
 /* *INDENT-ON* */
 
@@ -245,6 +279,9 @@
 
       hash_set (pg->if_index_by_if_id, if_id, i);
 
+      vec_validate (pg->if_id_by_sw_if_index, hi->sw_if_index);
+      pg->if_id_by_sw_if_index[hi->sw_if_index] = i;
+
       if (vlib_num_workers ())
 	{
 	  pi->lockp = clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES,
diff --git a/test/test_ip_mcast.py b/test/test_ip_mcast.py
index d7a8238..64d3706 100644
--- a/test/test_ip_mcast.py
+++ b/test/test_ip_mcast.py
@@ -95,7 +95,7 @@
     def create_stream_ip4(self, src_if, src_ip, dst_ip, payload_size=0):
         pkts = []
         # default to small packet sizes
-        p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
+        p = (Ether(dst=getmacbyip(dst_ip), src=src_if.remote_mac) /
              IP(src=src_ip, dst=dst_ip) /
              UDP(sport=1234, dport=1234))
         if not payload_size:
@@ -111,7 +111,7 @@
         for i in range(0, N_PKTS_IN_STREAM):
             info = self.create_packet_info(src_if, src_if)
             payload = self.info_to_payload(info)
-            p = (Ether(dst=src_if.local_mac, src=src_if.remote_mac) /
+            p = (Ether(dst=getmacbyip6(dst_ip), src=src_if.remote_mac) /
                  IPv6(src=src_ip, dst=dst_ip) /
                  UDP(sport=1234, dport=1234) /
                  Raw(payload))
@@ -189,6 +189,14 @@
         # a stream that matches the default route. gets dropped.
         #
         self.vapi.cli("clear trace")
+        self.vapi.cli("packet mac-filter pg0 on")
+        self.vapi.cli("packet mac-filter pg1 on")
+        self.vapi.cli("packet mac-filter pg2 on")
+        self.vapi.cli("packet mac-filter pg4 on")
+        self.vapi.cli("packet mac-filter pg5 on")
+        self.vapi.cli("packet mac-filter pg6 on")
+        self.vapi.cli("packet mac-filter pg7 on")
+
         tx = self.create_stream_ip4(self.pg0, "1.1.1.1", "232.1.1.1")
         self.pg0.add_stream(tx)
 
@@ -395,9 +403,24 @@
         self.pg0.assert_nothing_captured(
             remark="IP multicast packets forwarded on PG0")
 
+        self.vapi.cli("packet mac-filter pg0 off")
+        self.vapi.cli("packet mac-filter pg1 off")
+        self.vapi.cli("packet mac-filter pg2 off")
+        self.vapi.cli("packet mac-filter pg4 off")
+        self.vapi.cli("packet mac-filter pg5 off")
+        self.vapi.cli("packet mac-filter pg6 off")
+        self.vapi.cli("packet mac-filter pg7 off")
+
     def test_ip6_mcast(self):
         """ IPv6 Multicast Replication """
 
+        self.vapi.cli("packet mac-filter pg0 on")
+        self.vapi.cli("packet mac-filter pg1 on")
+        self.vapi.cli("packet mac-filter pg2 on")
+        self.vapi.cli("packet mac-filter pg4 on")
+        self.vapi.cli("packet mac-filter pg5 on")
+        self.vapi.cli("packet mac-filter pg6 on")
+        self.vapi.cli("packet mac-filter pg7 on")
         #
         # a stream that matches the default route. gets dropped.
         #
@@ -556,6 +579,14 @@
         self.pg3.assert_nothing_captured(
             remark="IP multicast packets forwarded on PG3")
 
+        self.vapi.cli("packet mac-filter pg0 off")
+        self.vapi.cli("packet mac-filter pg1 off")
+        self.vapi.cli("packet mac-filter pg2 off")
+        self.vapi.cli("packet mac-filter pg4 off")
+        self.vapi.cli("packet mac-filter pg5 off")
+        self.vapi.cli("packet mac-filter pg6 off")
+        self.vapi.cli("packet mac-filter pg7 off")
+
     def _mcast_connected_send_stream(self, dst_ip):
         self.vapi.cli("clear trace")
         tx = self.create_stream_ip4(self.pg0,