src/vnet/ip/ip_neighbor.c

/*
 * src/vnet/ip/ip_neighboor.c: ip neighbor generic handling
 *
 * Copyright (c) 2018 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip6_neighbor.h>
#include <vnet/ip/ip_neighbor.h>
#include <vnet/ethernet/arp.h>

/*
 * IP neighbor scan parameter defaults are as follows:
 *   - Scan interval                       : 60 sec
 *   - Max processing allowed per run      : 20 usec
 *   - Max probe/delete operations per run : 10
 *   - Scan interrupt delay to resume scan : 1 msec
 *   - Neighbor stale threashold           : 4 x scan-interval
 */
#define IP_NEIGHBOR_DEF_SCAN_INTERVAL (60.0)
#define IP_NEIGHBOR_DEF_MAX_PROC_TIME (20e-6)
#define IP_NEIGHBOR_DEF_SCAN_INT_DELAY (1e-3)
#define IP_NEIGHBOR_DEF_STALE (4*IP_NEIGHBOR_DEF_SCAN_INTERVAL)
#define IP_NEIGHBOR_DEF_MAX_UPDATE 10

typedef struct
{
  f64 scan_interval;		/* Periodic scan interval */
  f64 max_proc_time;		/* Max processing time allowed per run */
  f64 scan_int_delay;		/* Scan interrupt delay to resume scan */
  f64 stale_threshold;		/* IP neighbor stale threshod */
  u8 max_update;		/* Max probe/delete actions allowed per run */
  u8 mode;			/* IP neighbor scan mode */
} ip_neighbor_scan_config_t;

static ip_neighbor_scan_config_t ip_neighbor_scan_conf;

u8 *
format_ip_neighbor_flags (u8 * s, va_list * args)
{
  const ip_neighbor_flags_t flags = va_arg (*args, int);

  if (flags & IP_NEIGHBOR_FLAG_STATIC)
    s = format (s, "S");

  if (flags & IP_NEIGHBOR_FLAG_DYNAMIC)
    s = format (s, "D");

  if (flags & IP_NEIGHBOR_FLAG_NO_FIB_ENTRY)
    s = format (s, "N");

  return s;
}

int
ip_neighbor_add (const ip46_address_t * ip,
		 ip46_type_t type,
		 const mac_address_t * mac,
		 u32 sw_if_index,
		 ip_neighbor_flags_t flags, u32 * stats_index)
{
  fib_protocol_t fproto;
  vnet_link_t linkt;
  int rv;

  /*
   * there's no validation here of the ND/ARP entry being added.
   * The expectation is that the FIB will ensure that nothing bad
   * will come of adding bogus entries.
   */
  if (IP46_TYPE_IP6 == type)
    {
      rv = vnet_set_ip6_ethernet_neighbor (vlib_get_main (),
					   sw_if_index, &ip->ip6, mac, flags);
      fproto = FIB_PROTOCOL_IP6;
      linkt = VNET_LINK_IP6;
    }
  else
    {
      ethernet_arp_ip4_over_ethernet_address_t a = {
	.ip4 = ip->ip4,
	.mac = *mac,
      };

      rv =
	vnet_arp_set_ip4_over_ethernet (vnet_get_main (), sw_if_index, &a,
					flags);
      fproto = FIB_PROTOCOL_IP4;
      linkt = VNET_LINK_IP4;
    }

  if (0 == rv && stats_index)
    *stats_index = adj_nbr_find (fproto, linkt, ip, sw_if_index);

  return (rv);
}

int
ip_neighbor_del (const ip46_address_t * ip, ip46_type_t type, u32 sw_if_index)
{
  int rv;

  if (IP46_TYPE_IP6 == type)
    {
      rv = vnet_unset_ip6_ethernet_neighbor (vlib_get_main (),
					     sw_if_index, &ip->ip6);
    }
  else
    {
      ethernet_arp_ip4_over_ethernet_address_t a = {
	.ip4 = ip->ip4,
      };

      rv =
	vnet_arp_unset_ip4_over_ethernet (vnet_get_main (), sw_if_index, &a);
    }

  return (rv);
}

void
ip_neighbor_scan_enable_disable (ip_neighbor_scan_arg_t * arg)
{
  ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;

  cfg->mode = arg->mode;

  if (arg->mode)
    {
      cfg->scan_interval = arg->scan_interval ?
	arg->scan_interval * 60.0 : IP_NEIGHBOR_DEF_SCAN_INTERVAL;
      cfg->max_proc_time = arg->max_proc_time ?
	arg->max_proc_time * 1e-6 : IP_NEIGHBOR_DEF_MAX_PROC_TIME;
      cfg->scan_int_delay = arg->scan_int_delay ?
	arg->scan_int_delay * 1e-3 : IP_NEIGHBOR_DEF_SCAN_INT_DELAY;
      cfg->stale_threshold = arg->stale_threshold ?
	arg->stale_threshold * 60.0 : cfg->scan_interval * 4;
      cfg->max_update = arg->max_update ?
	cfg->max_update : IP_NEIGHBOR_DEF_MAX_UPDATE;
    }
  else
    cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
}

static_always_inline u32
ip_neighbor_scan (vlib_main_t * vm, f64 start_time, u32 start_idx,
		  u8 is_ip6, u8 delete_stale, u8 * update_count)
{
  vnet_main_t *vnm = vnet_get_main ();
  ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
  ethernet_arp_ip4_entry_t *np4 = ip4_neighbors_pool ();
  ip6_neighbor_t *np6 = ip6_neighbors_pool ();
  ethernet_arp_ip4_entry_t *n4;
  ip6_neighbor_t *n6;
  u32 curr_idx = start_idx;
  u32 loop_count = 0;
  f64 delta, update_time;

  if (!is_ip6)
    {
      if (pool_is_free_index (np4, start_idx))
	curr_idx = pool_next_index (np4, start_idx);
    }
  else
    {
      if (pool_is_free_index (np6, start_idx))
	curr_idx = pool_next_index (np6, start_idx);
    }

  while (curr_idx != ~0)
    {
      /* allow no more than 10 neighbor updates or 20 usec of scan */
      if ((update_count[0] >= cfg->max_update) ||
	  (((loop_count % 100) == 0) &&
	   ((vlib_time_now (vm) - start_time) > cfg->max_proc_time)))
	break;

      if (!is_ip6)
	{
	  n4 = pool_elt_at_index (np4, curr_idx);
	  if (n4->flags & IP_NEIGHBOR_FLAG_STATIC)
	    goto next_neighbor;
	  update_time = n4->time_last_updated;
	}
      else
	{
	  n6 = pool_elt_at_index (np6, curr_idx);
	  if (n6->flags & IP_NEIGHBOR_FLAG_STATIC)
	    goto next_neighbor;
	  update_time = n6->time_last_updated;
	}

      delta = start_time - update_time;
      if (delete_stale && (delta >= cfg->stale_threshold))
	{
	  update_count[0]++;
	  /* delete stale neighbor */
	  if (!is_ip6)
	    {
	      ethernet_arp_ip4_over_ethernet_address_t delme = {
		.ip4.as_u32 = n4->ip4_address.as_u32,
		.mac = n4->mac,
	      };

	      vnet_arp_unset_ip4_over_ethernet (vnm, n4->sw_if_index, &delme);
	    }
	  else
	    {
	      vnet_unset_ip6_ethernet_neighbor
		(vm, n6->key.sw_if_index, &n6->key.ip6_address);
	    }
	}
      else if (delta >= cfg->scan_interval)
	{
	  update_count[0]++;
	  /* probe neighbor */
	  if (!is_ip6)
	    ip4_probe_neighbor (vm, &n4->ip4_address, n4->sw_if_index, 1);
	  else
	    ip6_probe_neighbor (vm, &n6->key.ip6_address,
				n6->key.sw_if_index, 1);
	}

    next_neighbor:
      loop_count++;

      if (!is_ip6)
	curr_idx = pool_next_index (np4, curr_idx);
      else
	curr_idx = pool_next_index (np6, curr_idx);
    }

  return curr_idx;
}

static uword
neighbor_scan_process (vlib_main_t * vm,
		       vlib_node_runtime_t * rt, vlib_frame_t * f)
{
  ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;
  f64 timeout = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
  f64 start, next_scan = CLIB_TIME_MAX;
  u32 ip4_nidx = 0;		/* ip4 neighbor pool index */
  u32 ip6_nidx = 0;		/* ip6 neighbor pool index */
  uword *event_data = 0;
  u8 purge4 = 0, purge6 = 0;	/* flags to purge stale entry during scan */
  u8 update;

  cfg->mode = IP_SCAN_DISABLED;
  cfg->scan_interval = IP_NEIGHBOR_DEF_SCAN_INTERVAL;
  cfg->scan_int_delay = IP_NEIGHBOR_DEF_SCAN_INTERVAL;

  while (1)
    {
      vlib_process_wait_for_event_or_clock (vm, timeout);
      vlib_process_get_events (vm, &event_data);
      vec_reset_length (event_data);

      start = vlib_time_now (vm);
      update = 0;

      if ((ip4_nidx == 0) && (ip6_nidx == 0))	/* starting a fresh scan */
	next_scan = start + cfg->scan_interval;

      if ((cfg->mode & IP_SCAN_V4_NEIGHBORS) == 0)
	ip4_nidx = ~0;		/* disable ip4 neighbor scan */

      if ((cfg->mode & IP_SCAN_V6_NEIGHBORS) == 0)
	ip6_nidx = ~0;		/* disable ip6 neighbor scan */

      if (ip4_nidx != ~0)	/* scan ip4 neighbors */
	ip4_nidx = ip_neighbor_scan (vm, start, ip4_nidx, /* ip4 */ 0,
				     purge4, &update);

      if (ip6_nidx != ~0)	/* scan ip6 neighbors */
	ip6_nidx = ip_neighbor_scan (vm, start, ip6_nidx, /* ip6 */ 1,
				     purge6, &update);

      if ((ip4_nidx == ~0) && (ip6_nidx == ~0))
	{			/* scan complete */
	  timeout = next_scan - vlib_time_now (vm);
	  ip4_nidx = ip6_nidx = 0;
	  purge4 = cfg->mode & IP_SCAN_V4_NEIGHBORS;
	  purge6 = cfg->mode & IP_SCAN_V6_NEIGHBORS;
	}
      else			/* scan incomplete */
	timeout = cfg->scan_int_delay;

      if (timeout > cfg->scan_interval)
	timeout = cfg->scan_interval;
      else if (timeout < cfg->scan_int_delay)
	timeout = cfg->scan_int_delay;

    }
  return 0;
}

/* *INDENT-OFF* */
VLIB_REGISTER_NODE (neighbor_scan_process_node,static) = {
  .function = neighbor_scan_process,
  .type = VLIB_NODE_TYPE_PROCESS,
  .name = "ip-neighbor-scan-process",
};
/* *INDENT-ON* */

static clib_error_t *
ip_neighbor_scan_cli (vlib_main_t * vm, unformat_input_t * input,
		      vlib_cli_command_t * cmd)
{
  unformat_input_t _line_input, *line_input = &_line_input;
  clib_error_t *error = 0;
  u32 interval = 0, time = 0, update = 0, delay = 0, stale = 0;
  ip_neighbor_scan_arg_t arg;

  clib_memset (&arg, 0, sizeof (arg));
  arg.mode = IP_SCAN_V46_NEIGHBORS;

  /* Get a line of input. */
  if (!unformat_user (input, unformat_line_input, line_input))
    {
      ip_neighbor_scan_enable_disable (&arg);
      return error;
    }

  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
    {
      if (unformat (line_input, "ip4"))
	arg.mode = IP_SCAN_V4_NEIGHBORS;

      else if (unformat (line_input, "ip6"))
	arg.mode = IP_SCAN_V6_NEIGHBORS;

      else if (unformat (line_input, "both"))
	arg.mode = IP_SCAN_V46_NEIGHBORS;

      else if (unformat (line_input, "disable"))
	arg.mode = IP_SCAN_DISABLED;

      else if (unformat (line_input, "interval %d", &interval))
	arg.scan_interval = interval;

      else if (unformat (line_input, "max-time %d", &time))
	arg.max_proc_time = time;

      else if (unformat (line_input, "max-update %d", &update))
	arg.max_update = update;

      else if (unformat (line_input, "delay %d", &delay))
	arg.scan_int_delay = delay;

      else if (unformat (line_input, "stale %d", &stale))
	arg.stale_threshold = stale;

      else
	{
	  error = clib_error_return (0, "unknown input '%U'",
				     format_unformat_error, line_input);
	  goto done;
	}
    }

  if (interval > 255)
    {
      error = clib_error_return (0, "interval cannot exceed 255 minutes.");
      goto done;
    }
  if (time > 255)
    {
      error = clib_error_return (0, "max-time cannot exceed 255 usec.");
      goto done;
    }
  if (update > 255)
    {
      error = clib_error_return (0, "max-update cannot exceed 255.");
      goto done;
    }
  if (delay > 255)
    {
      error = clib_error_return (0, "delay cannot exceed 255 msec.");
      goto done;
    }
  if (stale > 255)
    {
      error = clib_error_return (0, "stale cannot exceed 255 minutes.");
      goto done;
    }

  ip_neighbor_scan_enable_disable (&arg);

done:
  unformat_free (line_input);

  return error;
}

/*?
 * The '<em>ip scan-neighbor</em>' command can be used to enable and disable
 * periodic IP neighbor scan and change various scan parameneters.
 *
 * @note The default parameters used for IP neighbor scan should work fine
 * under normal conditions. They should not be changed from the default unless
 * properly tested to work as desied.
 *
 * @cliexpar
 * Example of enabling IP neighbor scan:
 * @cliexcmd{ip neighbor-scan enable}
?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (ip_scan_neighbor_command, static) = {
  .path = "ip scan-neighbor",
  .function = ip_neighbor_scan_cli,
  .short_help = "ip scan-neighbor [ip4|ip6|both|disable] [interval <n-min>] [max-time <n-usec>] [max-update <n>] [delay <n-msec>] [stale <n-min>]",
  .is_mp_safe = 1,
};
/* *INDENT-ON* */

static u8 *
format_ip_scan_mode (u8 * s, va_list * args)
{
  u8 mode = va_arg (*args, u32);
  switch (mode)
    {
    case IP_SCAN_V4_NEIGHBORS:
      return format (s, "IPv4");
    case IP_SCAN_V6_NEIGHBORS:
      return format (s, "IPv6");
    case IP_SCAN_V46_NEIGHBORS:
      return format (s, "IPv4 and IPv6");
    }
  return format (s, "unknown");
}

static clib_error_t *
show_ip_neighbor_scan (vlib_main_t * vm, unformat_input_t * input,
		       vlib_cli_command_t * cmd)
{
  ip_neighbor_scan_config_t *cfg = &ip_neighbor_scan_conf;

  if (cfg->mode == 0)
    vlib_cli_output (vm,
		     "IP neighbor scan disabled - current time is %.4f sec",
		     vlib_time_now (vm));
  else
    vlib_cli_output (vm, "IP neighbor scan enabled for %U neighbors - "
		     "current time is %.4f sec\n   "
		     "Full_scan_interval: %f min  "
		     "Stale_purge_threshod: %f min\n   "
		     "Max_process_time: %f usec  Max_updates %d  "
		     "Delay_to_resume_after_max_limit: %f msec",
		     format_ip_scan_mode, cfg->mode,
		     vlib_time_now (vm), cfg->scan_interval / 60.0,
		     cfg->stale_threshold / 60.0, cfg->max_proc_time / 1e-6,
		     cfg->max_update, cfg->scan_int_delay / 1e-3);
  return 0;
}

/*?
 * The '<em>show ip scan-neighbor</em>' command can be used to show the current
 * periodic IP neighbor scan parameters
 *
 * @cliexpar
 * Example of showing IP neighbor scan current parameters:
 * @cliexcmd{show ip neighbor-scan}
?*/
/* *INDENT-OFF* */
VLIB_CLI_COMMAND (show_ip_scan_neighbor_command, static) = {
  .path = "show ip scan-neighbor",
  .function = show_ip_neighbor_scan,
  .short_help = "show ip scan-neighbor",
  .is_mp_safe = 1,
};
/* *INDENT-ON* */

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */