Skip to content

Commit 314510f

Browse files
AnuradhaKaruppiahdonaldsharp
AnuradhaKaruppiah
authored and
donaldsharp
committed
zebra: allow unicast ARP requests and NS to be redirected by FRR
As a part of fast-failover (ES redirect handling) FRR was only redirecting ARP replies and NA packets. This changes extends that to include unicast ARP requests and unicast NS. Signed-off-by: Anuradha Karuppiah <[email protected]>
1 parent 667cab8 commit 314510f

File tree

1 file changed

+19
-21
lines changed

1 file changed

+19
-21
lines changed

zebra/zebra_evpn_arp_nd.c

Lines changed: 19 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@ extern struct zebra_privs_t zserv_privs;
4747
/*****************************************************************************
4848
* ARP-ND handling
4949
* A snooper socket is created for each bridge access port to listen
50-
* in on ARP replies and NAs. These packets are redirected to an ES-peer
50+
* in on ARP and ND. These packets are redirected to an ES-peer
5151
* via the VxLAN overlay if the destination associated with the DMAC
5252
* is oper-down
5353
****************************************************************************/
@@ -72,9 +72,9 @@ void zebra_evpn_arp_nd_print_summary(struct vty *vty, bool uj)
7272
if (uj) {
7373
json = json_object_new_object();
7474
json_object_boolean_true_add(json, "arpRedirect");
75-
json_object_int_add(json, "arpReplyPkts",
75+
json_object_int_add(json, "arpPkts",
7676
zevpn_arp_nd_info.stat.arp);
77-
json_object_int_add(json, "naPkts", zevpn_arp_nd_info.stat.na);
77+
json_object_int_add(json, "ndPkts", zevpn_arp_nd_info.stat.na);
7878
json_object_int_add(json, "redirectPkts",
7979
zevpn_arp_nd_info.stat.redirect);
8080
json_object_int_add(json, "notReadyPkts",
@@ -93,9 +93,8 @@ void zebra_evpn_arp_nd_print_summary(struct vty *vty, bool uj)
9393
? "enabled"
9494
: "disabled");
9595
vty_out(vty, "Stats:\n");
96-
vty_out(vty, " IPv4 ARP replies: %u\n",
97-
zevpn_arp_nd_info.stat.arp);
98-
vty_out(vty, " IPv6 neighbor advertisements: %u\n",
96+
vty_out(vty, " IPv4 ARP: %u\n", zevpn_arp_nd_info.stat.arp);
97+
vty_out(vty, " IPv6 neighbor discovery: %u\n",
9998
zevpn_arp_nd_info.stat.na);
10099
vty_out(vty, " Redirected packets: %u\n",
101100
zevpn_arp_nd_info.stat.redirect);
@@ -123,8 +122,7 @@ void zebra_evpn_arp_nd_print_summary(struct vty *vty, bool uj)
123122
void zebra_evpn_arp_nd_if_print(struct vty *vty, struct zebra_if *zif)
124123
{
125124
if (zif->arp_nd_info.pkt_fd > 0)
126-
vty_out(vty,
127-
" ARP-ND redirect enabled: ARP-replies %u NA %u\n",
125+
vty_out(vty, " ARP-ND redirect enabled: ARP %u ND %u\n",
128126
zif->arp_nd_info.arp_pkts, zif->arp_nd_info.na_pkts);
129127
}
130128

@@ -403,16 +401,17 @@ static void zebra_evpn_arp_nd_read(struct thread *t)
403401
zebra_evpn_arp_nd_pkt_read_enable(zif);
404402
}
405403

406-
/* BPF filter for snooping on ARP replies and IPv6 Neighbor advertisements -
407-
* tcpdump -dd '((arp and arp[6:2] == 2)
408-
* or (icmp6 and ip6[40] == 136)) and inbound'
404+
/* BPF filter for snooping on unicast ARP req/replies and unicast IPv6 NS/NA -
405+
* tcpdump -dd '((ether[0] &1 == 0) and (arp or
406+
* (icmp6 and (ip6[4] == 135 or ip6[40] == 136)))) and inbound'
409407
*/
410-
static struct sock_filter arp_nd_reply_filter[] = {
411-
{0x28, 0, 0, 0x0000000c}, {0x15, 0, 2, 0x00000806},
412-
{0x28, 0, 0, 0x00000014}, {0x15, 8, 11, 0x00000002},
413-
{0x15, 0, 10, 0x000086dd}, {0x30, 0, 0, 0x00000014},
414-
{0x15, 3, 0, 0x0000003a}, {0x15, 0, 7, 0x0000002c},
415-
{0x30, 0, 0, 0x00000036}, {0x15, 0, 5, 0x0000003a},
408+
static struct sock_filter arp_nd_filter[] = {
409+
{0x30, 0, 0, 0x00000000}, {0x45, 15, 0, 0x00000001},
410+
{0x28, 0, 0, 0x0000000c}, {0x15, 10, 0, 0x00000806},
411+
{0x15, 0, 12, 0x000086dd}, {0x30, 0, 0, 0x00000014},
412+
{0x15, 3, 0, 0x0000003a}, {0x15, 0, 9, 0x0000002c},
413+
{0x30, 0, 0, 0x00000036}, {0x15, 0, 7, 0x0000003a},
414+
{0x30, 0, 0, 0x00000012}, {0x15, 2, 0, 0x00000087},
416415
{0x30, 0, 0, 0x00000036}, {0x15, 0, 3, 0x00000088},
417416
{0x28, 0, 0, 0xfffff004}, {0x15, 1, 0, 0x00000004},
418417
{0x6, 0, 0, 0x00040000}, {0x6, 0, 0, 0x00000000},
@@ -426,9 +425,8 @@ static int zebra_evpn_arp_nd_sock_create(struct zebra_if *zif)
426425
int rcvbuf = ZEBRA_EVPN_ARP_ND_SOC_RCVBUF;
427426
long flags;
428427
struct sock_fprog prog = {
429-
.len = sizeof(arp_nd_reply_filter)
430-
/ sizeof(arp_nd_reply_filter[0]),
431-
.filter = arp_nd_reply_filter,
428+
.len = sizeof(arp_nd_filter) / sizeof(arp_nd_filter[0]),
429+
.filter = arp_nd_filter,
432430
};
433431

434432
frr_with_privs (&zserv_privs) {
@@ -516,7 +514,7 @@ static int zebra_evpn_arp_nd_sock_create(struct zebra_if *zif)
516514
return fd;
517515
}
518516

519-
/* ARP-replies and NA packets are snooped on non-vxlan bridge members.
517+
/* ARP and ND packets are snooped on non-vxlan bridge members.
520518
* Create a raw socket and read thread to do that per-member.
521519
*/
522520
void zebra_evpn_arp_nd_if_update(struct zebra_if *zif, bool enable)

0 commit comments

Comments
 (0)