blob: f5a816d5a1827a3b293c7a4ce17729382f2a935d [file] [log] [blame]
John Lo7f358b32018-04-28 01:19:24 -04001/*
2 * src/vnet/ip/ip_neighboor.c: ip neighbor generic handling
3 *
4 * Copyright (c) 2018 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18#include <vnet/vnet.h>
19#include <vnet/ip/ip.h>
20#include <vnet/ip/ip6_neighbor.h>
21#include <vnet/ip/ip_neighbor.h>
Neale Ranns0053de62018-05-22 08:40:52 -070022#include <vnet/ethernet/arp.h>
John Lo7f358b32018-04-28 01:19:24 -040023
24/*
25 * IP neighbor scan parameter defaults are as follows:
26 * - Scan interval : 60 sec
27 * - Max processing allowed per run : 20 usec
28 * - Max probe/delete operations per run : 10
29 * - Scan interrupt delay to resume scan : 1 msec
30 * - Neighbor stale threashold : 4 x scan-interval
31 */
32#define IP_NEIGHBOR_DEF_SCAN_INTERVAL (60.0)
33#define IP_NEIGHBOR_DEF_MAX_PROC_TIME (20e-6)
34#define IP_NEIGHBOR_DEF_SCAN_INT_DELAY (1e-3)
35#define IP_NEIGHBOR_DEF_STALE (4*IP_NEIGHBOR_DEF_SCAN_INTERVAL)
36#define IP_NEIGHBOR_DEF_MAX_UPDATE 10
37
38typedef struct
39{
40 f64 scan_interval; /* Periodic scan interval */
41 f64 max_proc_time; /* Max processing time allowed per run */
42 f64 scan_int_delay; /* Scan interrupt delay to resume scan */
43 f64 stale_threshold; /* IP neighbor stale threshod */
44 u8 max_update; /* Max probe/delete actions allowed per run */
45 u8 mode; /* IP neighbor scan mode */
46} ip_neighbor_scan_config_t;
47
48static ip_neighbor_scan_config_t ip_neighbor_scan_conf;
49
Neale Ranns0bdd3192018-09-07 11:04:52 -070050int
51ip_neighbor_add (const ip46_address_t * ip,
52 u8 is_ip6,
Neale Ranns14260392018-09-28 05:00:57 -070053 const u8 * mac,
54 u32 sw_if_index,
55 ip_neighbor_flags_t flags, u32 * stats_index)
Neale Ranns0bdd3192018-09-07 11:04:52 -070056{
Neale Ranns14260392018-09-28 05:00:57 -070057 fib_protocol_t fproto;
58 vnet_link_t linkt;
Neale Ranns0bdd3192018-09-07 11:04:52 -070059 int rv;
60
61 /*
62 * there's no validation here of the ND/ARP entry being added.
63 * The expectation is that the FIB will ensure that nothing bad
64 * will come of adding bogus entries.
65 */
66 if (is_ip6)
67 {
68 rv = vnet_set_ip6_ethernet_neighbor (vlib_get_main (),
69 sw_if_index, &ip->ip6, mac, 6,
70 (flags & IP_NEIGHBOR_FLAG_STATIC),
71 (flags &
72 IP_NEIGHBOR_FLAG_NO_ADJ_FIB));
Neale Ranns14260392018-09-28 05:00:57 -070073 fproto = FIB_PROTOCOL_IP6;
74 linkt = VNET_LINK_IP6;
Neale Ranns0bdd3192018-09-07 11:04:52 -070075 }
76 else
77 {
78 ethernet_arp_ip4_over_ethernet_address_t a = {
79 .ip4 = ip->ip4,
80 };
81
82 clib_memcpy (&a.ethernet, mac, 6);
83
84 rv = vnet_arp_set_ip4_over_ethernet (vnet_get_main (),
85 sw_if_index,
86 &a,
87 (flags & IP_NEIGHBOR_FLAG_STATIC),
88 (flags &
89 IP_NEIGHBOR_FLAG_NO_ADJ_FIB));
Neale Ranns14260392018-09-28 05:00:57 -070090 fproto = FIB_PROTOCOL_IP4;
91 linkt = VNET_LINK_IP4;
Neale Ranns0bdd3192018-09-07 11:04:52 -070092 }
93
Neale Ranns14260392018-09-28 05:00:57 -070094 if (0 == rv && stats_index)
95 *stats_index = adj_nbr_find (fproto, linkt, ip, sw_if_index);
96
Neale Ranns0bdd3192018-09-07 11:04:52 -070097 return (rv);
98}
99
100int
101ip_neighbor_del (const ip46_address_t * ip, u8 is_ip6, u32 sw_if_index)
102{
103 int rv;
104
105 if (is_ip6)
106 {
107 rv = vnet_unset_ip6_ethernet_neighbor (vlib_get_main (),
108 sw_if_index, &ip->ip6);
109 }
110 else
111 {
112 ethernet_arp_ip4_over_ethernet_address_t a = {
113 .ip4 = ip->ip4,
114 };
115
116 rv =
117 vnet_arp_unset_ip4_over_ethernet (vnet_get_main (), sw_if_index, &a);
118 }
119
120 return (rv);
121}
122
John Lo7f358b32018-04-28 01:19:24 -0400123void
124ip_neighbor_scan_enable_disable (ip_neighbor_scan_arg_t * arg)
125{
126 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
127
128 cfg->mode = arg->mode;
129
130 if (arg->mode)
131 {
132 cfg->scan_interval = arg->scan_interval ?
John Lo3c22aff2018-06-07 12:00:43 -0400133 arg->scan_interval * 60.0 : IP_NEIGHBOR_DEF_SCAN_INTERVAL;
John Lo7f358b32018-04-28 01:19:24 -0400134 cfg->max_proc_time = arg->max_proc_time ?
135 arg->max_proc_time * 1e-6 : IP_NEIGHBOR_DEF_MAX_PROC_TIME;
136 cfg->scan_int_delay = arg->scan_int_delay ?
137 arg->scan_int_delay * 1e-3 : IP_NEIGHBOR_DEF_SCAN_INT_DELAY;
138 cfg->stale_threshold = arg->stale_threshold ?
John Lo3c22aff2018-06-07 12:00:43 -0400139 arg->stale_threshold * 60.0 : cfg->scan_interval * 4;
John Lo7f358b32018-04-28 01:19:24 -0400140 cfg->max_update = arg->max_update ?
141 cfg->max_update : IP_NEIGHBOR_DEF_MAX_UPDATE;
142 }
143 else
144 cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
145}
146
147static_always_inline u32
148ip_neighbor_scan (vlib_main_t * vm, f64 start_time, u32 start_idx,
149 u8 is_ip6, u8 delete_stale, u8 * update_count)
150{
151 vnet_main_t *vnm = vnet_get_main ();
152 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
153 ethernet_arp_ip4_entry_t *np4 = ip4_neighbors_pool ();
154 ip6_neighbor_t *np6 = ip6_neighbors_pool ();
155 ethernet_arp_ip4_entry_t *n4;
156 ip6_neighbor_t *n6;
157 u32 curr_idx = start_idx;
158 u32 loop_count = 0;
159 f64 delta, update_time;
160
161 if (!is_ip6)
162 {
163 if (pool_is_free_index (np4, start_idx))
164 curr_idx = pool_next_index (np4, start_idx);
165 }
166 else
167 {
168 if (pool_is_free_index (np6, start_idx))
169 curr_idx = pool_next_index (np6, start_idx);
170 }
171
172 while (curr_idx != ~0)
173 {
174 /* allow no more than 10 neighbor updates or 20 usec of scan */
175 if ((update_count[0] >= cfg->max_update) ||
176 (((loop_count % 100) == 0) &&
177 ((vlib_time_now (vm) - start_time) > cfg->max_proc_time)))
178 break;
179
180 if (!is_ip6)
181 {
182 n4 = pool_elt_at_index (np4, curr_idx);
183 if (n4->flags & ETHERNET_ARP_IP4_ENTRY_FLAG_STATIC)
184 goto next_neighbor;
185 update_time = n4->time_last_updated;
186 }
187 else
188 {
189 n6 = pool_elt_at_index (np6, curr_idx);
190 if (n6->flags & IP6_NEIGHBOR_FLAG_STATIC)
191 goto next_neighbor;
192 update_time = n6->time_last_updated;
193 }
194
195 delta = start_time - update_time;
196 if (delete_stale && (delta >= cfg->stale_threshold))
197 {
198 update_count[0]++;
199 /* delete stale neighbor */
200 if (!is_ip6)
201 {
202 ethernet_arp_ip4_over_ethernet_address_t delme;
203 clib_memcpy (&delme.ethernet, n4->ethernet_address, 6);
204 delme.ip4.as_u32 = n4->ip4_address.as_u32;
205 vnet_arp_unset_ip4_over_ethernet (vnm, n4->sw_if_index, &delme);
206 }
207 else
208 {
209 vnet_unset_ip6_ethernet_neighbor
Neale Ranns0bdd3192018-09-07 11:04:52 -0700210 (vm, n6->key.sw_if_index, &n6->key.ip6_address);
John Lo7f358b32018-04-28 01:19:24 -0400211 }
212 }
213 else if (delta >= cfg->scan_interval)
214 {
215 update_count[0]++;
216 /* probe neighbor */
217 if (!is_ip6)
John Lo86376342018-06-11 20:14:49 -0400218 ip4_probe_neighbor (vm, &n4->ip4_address, n4->sw_if_index, 1);
John Lo7f358b32018-04-28 01:19:24 -0400219 else
220 ip6_probe_neighbor (vm, &n6->key.ip6_address,
John Lo86376342018-06-11 20:14:49 -0400221 n6->key.sw_if_index, 1);
John Lo7f358b32018-04-28 01:19:24 -0400222 }
223
224 next_neighbor:
225 loop_count++;
226
227 if (!is_ip6)
228 curr_idx = pool_next_index (np4, curr_idx);
229 else
230 curr_idx = pool_next_index (np6, curr_idx);
231 }
232
233 return curr_idx;
234}
235
236static uword
237neighbor_scan_process (vlib_main_t * vm,
238 vlib_node_runtime_t * rt, vlib_frame_t * f)
239{
240 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
241 f64 timeout = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
242 f64 start, next_scan = CLIB_TIME_MAX;
243 u32 ip4_nidx = 0; /* ip4 neighbor pool index */
244 u32 ip6_nidx = 0; /* ip6 neighbor pool index */
245 uword *event_data = 0;
246 u8 purge4 = 0, purge6 = 0; /* flags to purge stale entry during scan */
247 u8 update;
248
249 cfg->mode = IP_SCAN_DISABLED;
250 cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
251 cfg->scan_int_delay = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
252
253 while (1)
254 {
255 vlib_process_wait_for_event_or_clock (vm, timeout);
256 vlib_process_get_events (vm, &event_data);
257 vec_reset_length (event_data);
258
259 start = vlib_time_now (vm);
260 update = 0;
261
262 if ((ip4_nidx == 0) && (ip6_nidx == 0)) /* starting a fresh scan */
263 next_scan = start + cfg->scan_interval;
264
265 if ((cfg->mode & IP_SCAN_V4_NEIGHBORS) == 0)
266 ip4_nidx = ~0; /* disable ip4 neighbor scan */
267
268 if ((cfg->mode & IP_SCAN_V6_NEIGHBORS) == 0)
269 ip6_nidx = ~0; /* disable ip6 neighbor scan */
270
271 if (ip4_nidx != ~0) /* scan ip4 neighbors */
272 ip4_nidx = ip_neighbor_scan (vm, start, ip4_nidx, /* ip4 */ 0,
273 purge4, &update);
274
275 if (ip6_nidx != ~0) /* scan ip6 neighbors */
276 ip6_nidx = ip_neighbor_scan (vm, start, ip6_nidx, /* ip6 */ 1,
277 purge6, &update);
278
279 if ((ip4_nidx == ~0) && (ip6_nidx == ~0))
280 { /* scan complete */
281 timeout = next_scan - vlib_time_now (vm);
282 ip4_nidx = ip6_nidx = 0;
283 purge4 = cfg->mode & IP_SCAN_V4_NEIGHBORS;
284 purge6 = cfg->mode & IP_SCAN_V6_NEIGHBORS;
285 }
286 else /* scan incomplete */
287 timeout = cfg->scan_int_delay;
288
289 if (timeout > cfg->scan_interval)
290 timeout = cfg->scan_interval;
291 else if (timeout < cfg->scan_int_delay)
292 timeout = cfg->scan_int_delay;
293
294 }
295 return 0;
296}
297
298/* *INDENT-OFF* */
299VLIB_REGISTER_NODE (neighbor_scan_process_node,static) = {
300 .function = neighbor_scan_process,
301 .type = VLIB_NODE_TYPE_PROCESS,
302 .name = "ip-neighbor-scan-process",
303};
304/* *INDENT-ON* */
305
306static clib_error_t *
307ip_neighbor_scan_cli (vlib_main_t * vm, unformat_input_t * input,
308 vlib_cli_command_t * cmd)
309{
310 unformat_input_t _line_input, *line_input = &_line_input;
311 clib_error_t *error = 0;
312 u32 interval = 0, time = 0, update = 0, delay = 0, stale = 0;
313 ip_neighbor_scan_arg_t arg;
314
315 memset (&arg, 0, sizeof (arg));
316 arg.mode = IP_SCAN_V46_NEIGHBORS;
317
318 /* Get a line of input. */
319 if (!unformat_user (input, unformat_line_input, line_input))
320 {
321 ip_neighbor_scan_enable_disable (&arg);
322 return error;
323 }
324
325 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
326 {
327 if (unformat (line_input, "ip4"))
328 arg.mode = IP_SCAN_V4_NEIGHBORS;
329
330 else if (unformat (line_input, "ip6"))
331 arg.mode = IP_SCAN_V6_NEIGHBORS;
332
333 else if (unformat (line_input, "both"))
334 arg.mode = IP_SCAN_V46_NEIGHBORS;
335
336 else if (unformat (line_input, "disable"))
337 arg.mode = IP_SCAN_DISABLED;
338
339 else if (unformat (line_input, "interval %d", &interval))
340 arg.scan_interval = interval;
341
342 else if (unformat (line_input, "max-time %d", &time))
343 arg.max_proc_time = time;
344
345 else if (unformat (line_input, "max-update %d", &update))
346 arg.max_update = update;
347
348 else if (unformat (line_input, "delay %d", &delay))
349 arg.scan_int_delay = delay;
350
351 else if (unformat (line_input, "stale %d", &stale))
352 arg.stale_threshold = stale;
353
354 else
355 {
356 error = clib_error_return (0, "unknown input '%U'",
357 format_unformat_error, line_input);
358 goto done;
359 }
360 }
361
362 if (interval > 255)
363 {
364 error = clib_error_return (0, "interval cannot exceed 255 minutes.");
365 goto done;
366 }
367 if (time > 255)
368 {
369 error = clib_error_return (0, "max-time cannot exceed 255 usec.");
370 goto done;
371 }
372 if (update > 255)
373 {
374 error = clib_error_return (0, "max-update cannot exceed 255.");
375 goto done;
376 }
377 if (delay > 255)
378 {
379 error = clib_error_return (0, "delay cannot exceed 255 msec.");
380 goto done;
381 }
382 if (stale > 255)
383 {
384 error = clib_error_return (0, "stale cannot exceed 255 minutes.");
385 goto done;
386 }
387
388 ip_neighbor_scan_enable_disable (&arg);
389
390done:
391 unformat_free (line_input);
392
393 return error;
394}
395
396/*?
397 * The '<em>ip scan-neighbor</em>' command can be used to enable and disable
398 * periodic IP neighbor scan and change various scan parameneters.
399 *
400 * @note The default parameters used for IP neighbor scan should work fine
401 * under normal conditions. They should not be changed from the default unless
402 * properly tested to work as desied.
403 *
404 * @cliexpar
405 * Example of enabling IP neighbor scan:
406 * @cliexcmd{ip neighbor-scan enable}
407?*/
408/* *INDENT-OFF* */
409VLIB_CLI_COMMAND (ip_scan_neighbor_command, static) = {
410 .path = "ip scan-neighbor",
411 .function = ip_neighbor_scan_cli,
412 .short_help = "ip scan-neighbor [ip4|ip6|both|disable] [interval <n-min>] [max-time <n-usec>] [max-update <n>] [delay <n-msec>] [stale <n-min>]",
413 .is_mp_safe = 1,
414};
415/* *INDENT-ON* */
416
417static u8 *
418format_ip_scan_mode (u8 * s, va_list * args)
419{
420 u8 mode = va_arg (*args, u32);
421 switch (mode)
422 {
423 case IP_SCAN_V4_NEIGHBORS:
424 return format (s, "IPv4");
425 case IP_SCAN_V6_NEIGHBORS:
426 return format (s, "IPv6");
427 case IP_SCAN_V46_NEIGHBORS:
428 return format (s, "IPv4 and IPv6");
429 }
430 return format (s, "unknown");
431}
432
433static clib_error_t *
434show_ip_neighbor_scan (vlib_main_t * vm, unformat_input_t * input,
435 vlib_cli_command_t * cmd)
436{
437 ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
438
439 if (cfg->mode == 0)
440 vlib_cli_output (vm,
441 "IP neighbor scan disabled - current time is %.4f sec",
442 vlib_time_now (vm));
443 else
444 vlib_cli_output (vm, "IP neighbor scan enabled for %U neighbors - "
445 "current time is %.4f sec\n "
446 "Full_scan_interval: %f min "
447 "Stale_purge_threshod: %f min\n "
448 "Max_process_time: %f usec Max_updates %d "
449 "Delay_to_resume_after_max_limit: %f msec",
450 format_ip_scan_mode, cfg->mode,
451 vlib_time_now (vm), cfg->scan_interval / 60.0,
452 cfg->stale_threshold / 60.0, cfg->max_proc_time / 1e-6,
453 cfg->max_update, cfg->scan_int_delay / 1e-3);
454 return 0;
455}
456
457/*?
458 * The '<em>show ip scan-neighbor</em>' command can be used to show the current
459 * periodic IP neighbor scan parameters
460 *
461 * @cliexpar
462 * Example of showing IP neighbor scan current parameters:
463 * @cliexcmd{show ip neighbor-scan}
464?*/
465/* *INDENT-OFF* */
466VLIB_CLI_COMMAND (show_ip_scan_neighbor_command, static) = {
467 .path = "show ip scan-neighbor",
468 .function = show_ip_neighbor_scan,
469 .short_help = "show ip scan-neighbor",
470 .is_mp_safe = 1,
471};
472/* *INDENT-ON* */
473
474/*
475 * fd.io coding-style-patch-verification: ON
476 *
477 * Local Variables:
478 * eval: (c-set-style "gnu")
479 * End:
480 */