Use innerpacket's destip as source ip while doing Tx Port mirroring

When Transmit port mirroring is enabled, packet received on Fabric interface is right now mirrored using the source IP of the inner packet. This results in RPF failure on Analyzer VM's compute node because the compute node which is doing the port mirroring is using other compute node's VM IP. As a fix, if mirroring is Tax mirroring, rather using inner packets source ip, dest ip is used, so that Analyzer VM's RPF will not have any issues closes-bug: #1550312 Conflicts: dp-core/vr_mirror.c dp-core/vr_nexthop.c Change-Id: I43a3304f8186f3489c97be3093a5dbea4a247762
Juniper · Mar 16, 2016 · a2f9135 · a2f9135
1 parent 1ebac01
commit a2f9135
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 19 deletions.
diff --git a/dp-core/vr_mirror.c b/dp-core/vr_mirror.c
@@ -368,17 +368,17 @@ int
 vr_mirror(struct vrouter *router, uint8_t mirror_id,
           struct vr_packet *pkt, struct vr_forwarding_md *fmd)
 {
+    bool reset = true;
+    unsigned int captured_len, clone_len = VR_MIRROR_PKT_HEAD_SPACE,
+                 mirror_md_len = 0;
+    unsigned char default_mme[2] = {0xff, 0x0};
     unsigned char *buf;
     struct vr_nexthop *nh;
     struct vr_pcap *pcap;
     struct vr_mirror_entry *mirror;
     struct vr_mirror_meta_entry *mme;
-    unsigned int captured_len, clone_len = VR_MIRROR_PKT_HEAD_SPACE;
-    unsigned int mirror_md_len = 0;
-    unsigned char default_mme[2] = {0xff, 0x0};
     void *mirror_md;
     struct vr_nexthop *pkt_nh;
-    bool reset;
 
     mirror = router->vr_mirrors[mirror_id];
     if (!mirror)
@@ -407,35 +407,37 @@ vr_mirror(struct vrouter *router, uint8_t mirror_id,
      * header. If not get the processed headers by resetting the packet
      * and mirror it
      */
-    reset = true;
-    if (pkt->vp_if && pkt->vp_if->vif_type == VIF_TYPE_PHYSICAL) {
+    if (pkt->vp_if && (pkt->vp_if->vif_type == VIF_TYPE_PHYSICAL)) {
         pkt_nh = pkt->vp_nh;
         if (pkt_nh && (pkt_nh->nh_flags & NH_FLAG_VALID) &&
                     (pkt_nh->nh_type == NH_ENCAP)) {
 
             reset = false;
-            if (pkt_nh->nh_family == AF_INET)
-                clone_len += pkt_nh->nh_encap_len;
-
-            if (vr_pcow(pkt, clone_len))
-                goto fail;
-
-
-            if (pkt_nh->nh_family == AF_INET) {
-                if (!pkt_nh->nh_dev->vif_set_rewrite(pkt_nh->nh_dev, pkt, fmd,
-                    pkt_nh->nh_data, pkt_nh->nh_encap_len))
-                goto fail;
+            if (fmd->fmd_flow_index >= 0) {
+                if (pkt_nh->nh_family == AF_INET)
+                    clone_len += pkt_nh->nh_encap_len;
+
+                if (vr_pcow(pkt, clone_len))
+                    goto fail;
+                clone_len = 0;
+
+                if (pkt_nh->nh_family == AF_INET) {
+                    if (!pkt_nh->nh_dev->vif_set_rewrite(pkt_nh->nh_dev, pkt, fmd,
+                                    pkt_nh->nh_data, pkt_nh->nh_encap_len))
+                        goto fail;
+                }
             }
         }
     }
 
-    if (reset) {
+    if (reset)
         vr_preset(pkt);
+
+    if (clone_len) {
         if (vr_pcow(pkt, clone_len))
             goto fail;
     }
 
-
     pkt->vp_flags |= VP_FLAG_FROM_DP;
     /* Set the GSO and partial checksum flag */
     pkt->vp_flags |= (VP_FLAG_FLOW_SET | VP_FLAG_GSO | VP_FLAG_CSUM_PARTIAL);

diff --git a/dp-core/vr_nexthop.c b/dp-core/vr_nexthop.c
@@ -1236,6 +1236,14 @@ nh_generate_sip(struct vr_nexthop *nh, struct vr_packet *pkt)
 
     iph = (struct vr_ip *)pkt_network_header(pkt);
     if (pkt->vp_type == VP_TYPE_IP) {
+
+        /*
+         * If the packet is from fabric, it must be destined to a VM on
+         * this compute, so lets use dest ip
+         */
+        if (pkt->vp_if->vif_type == VIF_TYPE_PHYSICAL)
+            return iph->ip_daddr;
+
         return iph->ip_saddr;
     }