Trapping DHCP packets in the ingress processing of Tap interface

Right the DHCP packets are processed in L2 multicast nexthop as DHCP request packet is a multicast packet. In a scaled setup, this leads to issues, as Agent receives the config late and VRF correspodning to VMI, L2 broadcast route and multicast nexthop also does not get added. This leads to DHCP request packet getting dropped. As "D" flag is set on VMI by Agent when nova-compute plugs the interface, the DHCP packet can be trapped to Agent without even the configuration. Agent in this case can provide the short lease to VM. So as a fix, the DHCP processing both in V4 and V6 are moved from L2 multicast nexthop to Vm ingress processing. Change-Id: I2a01aa282b6662ea1ef5832770cc92da931ee833 closes-bug: #1525028
Juniper · Dec 16, 2015 · fdeb3c5 · fdeb3c5
1 parent 5c6390a
commit fdeb3c5
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 20 deletions.
diff --git a/dp-core/vr_bridge.c b/dp-core/vr_bridge.c
@@ -50,6 +50,8 @@ void bridge_table_deinit(struct vr_rtable *, struct rtable_fspec *, bool);
 struct vr_bridge_entry *vr_find_bridge_entry(struct vr_bridge_entry_key *);
 struct vr_bridge_entry *vr_find_free_bridge_entry(unsigned int, char *);
 extern struct vr_vrf_stats *(*vr_inet_vrf_stats)(unsigned short, unsigned int);
+extern l4_pkt_type_t vr_ip_well_known_packet(struct vr_packet *);
+extern l4_pkt_type_t vr_ip6_well_known_packet(struct vr_packet *);
 
 
 static bool
@@ -439,13 +441,45 @@ vr_bridge_input(struct vrouter *router, struct vr_packet *pkt,
     unsigned short pull_len, overlay_len = VROUTER_OVERLAY_LEN;
     int reason, handled;
     struct vr_vrf_stats *stats;
+    l4_pkt_type_t l4_type = L4_TYPE_UNKNOWN;
+    int8_t *dmac;
+
+    dmac = (int8_t *) pkt_data(pkt);
+
+    pull_len = 0;
+    if ((pkt->vp_type == VP_TYPE_IP) || (pkt->vp_type == VP_TYPE_IP6)) {
+        pull_len = pkt_get_network_header_off(pkt) - pkt_head_space(pkt);
+        if (pull_len && !pkt_pull(pkt, pull_len)) {
+            vr_pfree(pkt, VP_DROP_PULL);
+            return 0;
+        }
+    }
 
     /* Do the bridge lookup for the packets not meant for "me" */
     if (!fmd->fmd_to_me) {
+
+        /*
+         * If DHCP packet coming from VM, Trap it to Agent before doing the bridge
+         * lookup itself
+         */
+        if (vif_is_virtual(pkt->vp_if)) {
+            if (pkt->vp_type == VP_TYPE_IP)
+                l4_type = vr_ip_well_known_packet(pkt);
+            else if (pkt->vp_type == VP_TYPE_IP6)
+                l4_type = vr_ip6_well_known_packet(pkt);
+
+            if (l4_type == L4_TYPE_DHCP_REQUEST) {
+                if (pkt->vp_if->vif_flags & VIF_FLAG_DHCP_ENABLED) {
+                    vr_trap(pkt, fmd->fmd_dvrf,  AGENT_TRAP_L3_PROTOCOLS, NULL);
+                    return 0;
+                }
+            }
+        }
+
         rt.rtr_req.rtr_label_flags = 0;
         rt.rtr_req.rtr_index = VR_BE_INVALID_INDEX;
         rt.rtr_req.rtr_mac_size = VR_ETHER_ALEN;
-        rt.rtr_req.rtr_mac =(int8_t *) pkt_data(pkt);
+        rt.rtr_req.rtr_mac = dmac;
         /* If multicast L2 packet, use broadcast composite nexthop */
         if (IS_MAC_BMCAST(rt.rtr_req.rtr_mac))
             rt.rtr_req.rtr_mac = (int8_t *)vr_bcast_mac;
@@ -483,11 +517,6 @@ vr_bridge_input(struct vrouter *router, struct vr_packet *pkt,
 
     /* Adjust MSS for V4 and V6 packets */
     if ((pkt->vp_type == VP_TYPE_IP) || (pkt->vp_type == VP_TYPE_IP6)) {
-        pull_len = pkt_get_network_header_off(pkt) - pkt_head_space(pkt);
-        if (!pkt_pull(pkt, pull_len)) {
-            vr_pfree(pkt, VP_DROP_PULL);
-            return 0;
-        }
 
         if (vif_is_virtual(pkt->vp_if) &&
                 vr_from_vm_mss_adj && vr_pkt_from_vm_tcp_mss_adj) {
@@ -505,11 +534,6 @@ vr_bridge_input(struct vrouter *router, struct vr_packet *pkt,
             }
             return 0;
         }
-
-        if (!pkt_push(pkt, pull_len)) {
-            vr_pfree(pkt, VP_DROP_PUSH);
-            return 0;
-        }
     }
 
 
@@ -525,6 +549,11 @@ vr_bridge_input(struct vrouter *router, struct vr_packet *pkt,
         fmd->fmd_label = rt.rtr_req.rtr_label;
     }
 
+    if (pull_len && !pkt_push(pkt, pull_len)) {
+        vr_pfree(pkt, VP_DROP_PUSH);
+        return 0;
+    }
+
     nh_output(pkt, nh, fmd);
     return 0;
 }

diff --git a/dp-core/vr_nexthop.c b/dp-core/vr_nexthop.c
@@ -666,13 +666,14 @@ nh_handle_mcast_control_pkt(struct vr_packet *pkt, struct vr_forwarding_md *fmd,
      */
     if (pkt->vp_type == VP_TYPE_IP6)
         l4_type = vr_ip6_well_known_packet(pkt);
+    else if (pkt_src == PKT_SRC_TOR_REPL_TREE)
+        l4_type = vr_ip_well_known_packet(pkt);
+
 
     /*
-     * Special control packets need to be handled only if from VM or BMS
+     * Special control packets need to be handled only if BMS
      */
     if ((pkt_src == PKT_SRC_TOR_REPL_TREE) || !pkt_src) {
-        if (pkt->vp_type == VP_TYPE_IP)
-            l4_type = vr_ip_well_known_packet(pkt);
 
         /*
          * If packet is identified as known packet, we always trap
@@ -684,12 +685,9 @@ nh_handle_mcast_control_pkt(struct vr_packet *pkt, struct vr_forwarding_md *fmd,
             trap = true;
 
             if (l4_type == L4_TYPE_DHCP_REQUEST) {
-                if (!(pkt->vp_if->vif_flags & VIF_FLAG_DHCP_ENABLED)) {
-                    rt_flags = vr_bridge_route_flags(fmd->fmd_dvrf,
-                                eth->eth_smac);
-                    if (rt_flags & VR_BE_FLOOD_DHCP_FLAG)
-                        trap = false;
-                }
+                rt_flags = vr_bridge_route_flags(fmd->fmd_dvrf, eth->eth_smac);
+                if (rt_flags & VR_BE_FLOOD_DHCP_FLAG)
+                    trap = false;
             } else if (l4_type == L4_TYPE_NEIGHBOUR_SOLICITATION) {
                 trap = false;
             }