From a2f91353b8488de562f91cd6e1f565d5a5c41c79 Mon Sep 17 00:00:00 2001 From: Divakar Date: Sat, 27 Feb 2016 09:37:41 +0530 Subject: [PATCH] Use innerpacket's destip as source ip while doing Tx Port mirroring When Transmit port mirroring is enabled, packet received on Fabric interface is right now mirrored using the source IP of the inner packet. This results in RPF failure on Analyzer VM's compute node because the compute node which is doing the port mirroring is using other compute node's VM IP. As a fix, if mirroring is Tax mirroring, rather using inner packets source ip, dest ip is used, so that Analyzer VM's RPF will not have any issues closes-bug: #1550312 Conflicts: dp-core/vr_mirror.c dp-core/vr_nexthop.c Change-Id: I43a3304f8186f3489c97be3093a5dbea4a247762 --- dp-core/vr_mirror.c | 40 +++++++++++++++++++++------------------- dp-core/vr_nexthop.c | 8 ++++++++ 2 files changed, 29 insertions(+), 19 deletions(-) diff --git a/dp-core/vr_mirror.c b/dp-core/vr_mirror.c index 1f9e92fe2..b9f2be9d7 100644 --- a/dp-core/vr_mirror.c +++ b/dp-core/vr_mirror.c @@ -368,17 +368,17 @@ int vr_mirror(struct vrouter *router, uint8_t mirror_id, struct vr_packet *pkt, struct vr_forwarding_md *fmd) { + bool reset = true; + unsigned int captured_len, clone_len = VR_MIRROR_PKT_HEAD_SPACE, + mirror_md_len = 0; + unsigned char default_mme[2] = {0xff, 0x0}; unsigned char *buf; struct vr_nexthop *nh; struct vr_pcap *pcap; struct vr_mirror_entry *mirror; struct vr_mirror_meta_entry *mme; - unsigned int captured_len, clone_len = VR_MIRROR_PKT_HEAD_SPACE; - unsigned int mirror_md_len = 0; - unsigned char default_mme[2] = {0xff, 0x0}; void *mirror_md; struct vr_nexthop *pkt_nh; - bool reset; mirror = router->vr_mirrors[mirror_id]; if (!mirror) @@ -407,35 +407,37 @@ vr_mirror(struct vrouter *router, uint8_t mirror_id, * header. If not get the processed headers by resetting the packet * and mirror it */ - reset = true; - if (pkt->vp_if && pkt->vp_if->vif_type == VIF_TYPE_PHYSICAL) { + if (pkt->vp_if && (pkt->vp_if->vif_type == VIF_TYPE_PHYSICAL)) { pkt_nh = pkt->vp_nh; if (pkt_nh && (pkt_nh->nh_flags & NH_FLAG_VALID) && (pkt_nh->nh_type == NH_ENCAP)) { reset = false; - if (pkt_nh->nh_family == AF_INET) - clone_len += pkt_nh->nh_encap_len; - - if (vr_pcow(pkt, clone_len)) - goto fail; - - - if (pkt_nh->nh_family == AF_INET) { - if (!pkt_nh->nh_dev->vif_set_rewrite(pkt_nh->nh_dev, pkt, fmd, - pkt_nh->nh_data, pkt_nh->nh_encap_len)) - goto fail; + if (fmd->fmd_flow_index >= 0) { + if (pkt_nh->nh_family == AF_INET) + clone_len += pkt_nh->nh_encap_len; + + if (vr_pcow(pkt, clone_len)) + goto fail; + clone_len = 0; + + if (pkt_nh->nh_family == AF_INET) { + if (!pkt_nh->nh_dev->vif_set_rewrite(pkt_nh->nh_dev, pkt, fmd, + pkt_nh->nh_data, pkt_nh->nh_encap_len)) + goto fail; + } } } } - if (reset) { + if (reset) vr_preset(pkt); + + if (clone_len) { if (vr_pcow(pkt, clone_len)) goto fail; } - pkt->vp_flags |= VP_FLAG_FROM_DP; /* Set the GSO and partial checksum flag */ pkt->vp_flags |= (VP_FLAG_FLOW_SET | VP_FLAG_GSO | VP_FLAG_CSUM_PARTIAL); diff --git a/dp-core/vr_nexthop.c b/dp-core/vr_nexthop.c index 7996588b2..d56aad4a6 100644 --- a/dp-core/vr_nexthop.c +++ b/dp-core/vr_nexthop.c @@ -1236,6 +1236,14 @@ nh_generate_sip(struct vr_nexthop *nh, struct vr_packet *pkt) iph = (struct vr_ip *)pkt_network_header(pkt); if (pkt->vp_type == VP_TYPE_IP) { + + /* + * If the packet is from fabric, it must be destined to a VM on + * this compute, so lets use dest ip + */ + if (pkt->vp_if->vif_type == VIF_TYPE_PHYSICAL) + return iph->ip_daddr; + return iph->ip_saddr; }