From 4fb306df98419d45889dff6a5b4fb0c21f237609 Mon Sep 17 00:00:00 2001 From: Numan Siddique Date: Fri, 29 May 2020 23:29:37 +0530 Subject: [PATCH] pinctrl: Support DHCPRELEASE and DHCPINFORM in native OVN dhcp responder. Right now we ignore these dhcp packets. This patch adds the support as per RFC 2131. Change-Id: I57091f18212b93e3a366a97120f2a54009fde1d4 Acked-by: Lorenzo Bianconi Acked-by: Mark Michelson Signed-off-by: Numan Siddique (cherry-picked from upstream ovn master commit e008a4d46020a778b8f1f85b9dfd7c9e9b6fde21) --- ovn/controller/pinctrl.c | 125 +++++++++++++++++++++++++++++++-------- ovn/lib/ovn-l7.h | 12 ++++ tests/ovn.at | 117 +++++++++++++++++++++++++++++++++++- 3 files changed, 227 insertions(+), 27 deletions(-) diff --git a/ovn/controller/pinctrl.c b/ovn/controller/pinctrl.c index 51a0f0224..b9e115a39 100644 --- a/ovn/controller/pinctrl.c +++ b/ovn/controller/pinctrl.c @@ -979,11 +979,13 @@ static void pinctrl_handle_put_dhcp_opts( struct rconn *swconn, struct dp_packet *pkt_in, struct ofputil_packet_in *pin, - struct ofpbuf *userdata, struct ofpbuf *continuation) + struct flow *in_flow, struct ofpbuf *userdata, + struct ofpbuf *continuation) { enum ofp_version version = rconn_get_version(swconn); enum ofputil_protocol proto = ofputil_protocol_from_ofp_version(version); struct dp_packet *pkt_out_ptr = NULL; + struct ofpbuf *dhcp_inform_reply_buf = NULL; uint32_t success = 0; /* Parse result field. */ @@ -1107,22 +1109,15 @@ pinctrl_handle_put_dhcp_opts( VLOG_WARN_RL(&rl, "Missing DHCP message type"); goto exit; } - if (*in_dhcp_msg_type != DHCP_MSG_DISCOVER && - *in_dhcp_msg_type != DHCP_MSG_REQUEST) { - static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); - VLOG_WARN_RL(&rl, "Invalid DHCP message type: %d", *in_dhcp_msg_type); - goto exit; - } - uint8_t msg_type; - if (*in_dhcp_msg_type == DHCP_MSG_DISCOVER) { + struct ofpbuf *reply_dhcp_opts_ptr = userdata; + uint8_t msg_type = 0; + + switch (*in_dhcp_msg_type) { + case DHCP_MSG_DISCOVER: msg_type = DHCP_MSG_OFFER; - } else { - /* This is a DHCPREQUEST. If the client has requested an IP that - * does not match the offered IP address, reply with a NAK. The - * requested IP address may be supplied either via Requested IP Address - * (opt 50) or via ciaddr, depending on the client's state. - */ + break; + case DHCP_MSG_REQUEST: { msg_type = DHCP_MSG_ACK; if (request_ip != *offer_ip) { static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); @@ -1131,12 +1126,81 @@ pinctrl_handle_put_dhcp_opts( IP_ARGS(*offer_ip)); msg_type = DHCP_MSG_NAK; } + break; + } + case OVN_DHCP_MSG_RELEASE: { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(20, 40); + const struct eth_header *l2 = dp_packet_eth(pkt_in); + VLOG_INFO_RL(&rl, "DHCPRELEASE "ETH_ADDR_FMT " "IP_FMT"", + ETH_ADDR_ARGS(l2->eth_src), + IP_ARGS(in_dhcp_data->ciaddr)); + break; + } + case OVN_DHCP_MSG_INFORM: { + /* RFC 2131 section 3.4. + * Remove all the offer ip related dhcp options and + * all the time related dhcp options. + * Loop through the dhcp option defined in the userdata buffer + * and copy all the options into dhcp_inform_reply_buf skipping + * the not required ones. + * */ + msg_type = DHCP_MSG_ACK; + in_dhcp_ptr = userdata->data; + end = (const char *)userdata->data + userdata->size; + + /* The buf size cannot be greater > userdata->size. */ + dhcp_inform_reply_buf = ofpbuf_new(userdata->size); + + reply_dhcp_opts_ptr = dhcp_inform_reply_buf; + while (in_dhcp_ptr < end) { + const struct dhcp_opt_header *in_dhcp_opt = + (const struct dhcp_opt_header *)in_dhcp_ptr; + + switch (in_dhcp_opt->code) { + case OVN_DHCP_OPT_CODE_NETMASK: + case OVN_DHCP_OPT_CODE_LEASE_TIME: + case OVN_DHCP_OPT_CODE_T1: + case OVN_DHCP_OPT_CODE_T2: + break; + default: + /* Copy the dhcp option to reply_dhcp_opts_ptr. */ + ofpbuf_put(reply_dhcp_opts_ptr, in_dhcp_opt, + in_dhcp_opt->len + sizeof *in_dhcp_opt); + break; + } + + in_dhcp_ptr += sizeof *in_dhcp_opt; + if (in_dhcp_ptr > end) { + break; + } + in_dhcp_ptr += in_dhcp_opt->len; + if (in_dhcp_ptr > end) { + break; + } + } + + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(20, 40); + VLOG_INFO_RL(&rl, "DHCPINFORM from "ETH_ADDR_FMT " "IP_FMT"", + ETH_ADDR_ARGS(in_flow->dl_src), + IP_ARGS(in_flow->nw_src)); + + break; + } + default: { + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5); + VLOG_WARN_RL(&rl, "Invalid DHCP message type: %d", *in_dhcp_msg_type); + goto exit; + } + } + + if (!msg_type) { + goto exit; } /* Frame the DHCP reply packet - * Total DHCP options length will be options stored in the userdata + - * 16 bytes. Note that the DHCP options stored in userdata are not included - * in DHCPNAK messages. + * Total DHCP options length will be options stored in the + * reply_dhcp_opts_ptr + 16 bytes. Note that the DHCP options stored in + * reply_dhcp_opts_ptr are not included in DHCPNAK messages. * * -------------------------------------------------------------- *| 4 Bytes (dhcp cookie) | 3 Bytes (option type) | DHCP options | @@ -1146,7 +1210,7 @@ pinctrl_handle_put_dhcp_opts( */ uint16_t new_l4_size = UDP_HEADER_LEN + DHCP_HEADER_LEN + 16; if (msg_type != DHCP_MSG_NAK) { - new_l4_size += userdata->size; + new_l4_size += reply_dhcp_opts_ptr->size; } size_t new_packet_size = pkt_in->l4_ofs + new_l4_size; @@ -1171,12 +1235,18 @@ pinctrl_handle_put_dhcp_opts( struct dhcp_header *dhcp_data = dp_packet_put( &pkt_out, dp_packet_pull(pkt_in, DHCP_HEADER_LEN), DHCP_HEADER_LEN); dhcp_data->op = DHCP_OP_REPLY; - dhcp_data->yiaddr = (msg_type == DHCP_MSG_NAK) ? 0 : *offer_ip; + + if (*in_dhcp_msg_type != OVN_DHCP_MSG_INFORM) { + dhcp_data->yiaddr = (msg_type == DHCP_MSG_NAK) ? 0 : *offer_ip; + } else { + dhcp_data->yiaddr = 0; + } + dp_packet_put(&pkt_out, &magic_cookie, sizeof(ovs_be32)); uint16_t out_dhcp_opts_size = 12; if (msg_type != DHCP_MSG_NAK) { - out_dhcp_opts_size += userdata->size; + out_dhcp_opts_size += reply_dhcp_opts_ptr->size; } uint8_t *out_dhcp_opts = dp_packet_put_zeros(&pkt_out, out_dhcp_opts_size); @@ -1187,8 +1257,9 @@ pinctrl_handle_put_dhcp_opts( out_dhcp_opts += 3; if (msg_type != DHCP_MSG_NAK) { - memcpy(out_dhcp_opts, userdata->data, userdata->size); - out_dhcp_opts += userdata->size; + memcpy(out_dhcp_opts, reply_dhcp_opts_ptr->data, + reply_dhcp_opts_ptr->size); + out_dhcp_opts += reply_dhcp_opts_ptr->size; } /* Padding */ @@ -1236,6 +1307,10 @@ exit: if (pkt_out_ptr) { dp_packet_uninit(pkt_out_ptr); } + + if (dhcp_inform_reply_buf) { + ofpbuf_delete(dhcp_inform_reply_buf); + } } static bool @@ -1936,8 +2011,8 @@ process_packet_in(struct rconn *swconn, const struct ofp_header *msg) break; case ACTION_OPCODE_PUT_DHCP_OPTS: - pinctrl_handle_put_dhcp_opts(swconn, &packet, &pin, &userdata, - &continuation); + pinctrl_handle_put_dhcp_opts(swconn, &packet, &pin, &headers, + &userdata, &continuation); break; case ACTION_OPCODE_ND_NA: diff --git a/ovn/lib/ovn-l7.h b/ovn/lib/ovn-l7.h index c43218224..f81acb0f4 100644 --- a/ovn/lib/ovn-l7.h +++ b/ovn/lib/ovn-l7.h @@ -34,6 +34,14 @@ struct gen_opts_map { #define DHCP_BROADCAST_FLAG 0x8000 +/* These are not defined in ovs/lib/dhcp.h and hence defined here with + * OVN_DHCP_OPT_CODE_. + */ +#define OVN_DHCP_OPT_CODE_NETMASK 1 +#define OVN_DHCP_OPT_CODE_LEASE_TIME 51 +#define OVN_DHCP_OPT_CODE_T1 58 +#define OVN_DHCP_OPT_CODE_T2 59 + #define DHCP_OPTION(NAME, CODE, TYPE) \ {.name = NAME, .code = CODE, .type = TYPE} @@ -161,6 +169,10 @@ struct dhcp_opt6_header { ovs_be16 size; }; +/* These are not defined in ovs/lib/dhcp.h, hence defining here. */ +#define OVN_DHCP_MSG_RELEASE 7 +#define OVN_DHCP_MSG_INFORM 8 + /* Supported DHCPv6 Message Types */ #define DHCPV6_MSG_TYPE_SOLICIT 1 #define DHCPV6_MSG_TYPE_ADVT 2 diff --git a/tests/ovn.at b/tests/ovn.at index 0c545b0b2..203c1d80f 100644 --- a/tests/ovn.at +++ b/tests/ovn.at @@ -4639,6 +4639,12 @@ test_dhcp() { done if test $offer_ip != 0; then local srv_mac=$1 srv_ip=$2 dhcp_reply_type=$3 expected_dhcp_opts=$4 + local offered_ip=$offer_ip + if [[ "$dhcp_type" == "08" ]]; then + # DHCP ACK for DHCP INFORM should not have any offer ip. + offered_ip=00000000 + fi + # total IP length will be the IP length of the request packet # (which is 272 in our case) + 8 (padding bytes) + (expected_dhcp_opts / 2) ip_len=`expr 280 + ${#expected_dhcp_opts} / 2` @@ -4654,7 +4660,7 @@ test_dhcp() { if test $dhcp_reply_type = 06; then reply=${reply}00000000 else - reply=${reply}${offer_ip} + reply=${reply}${offered_ip} fi # next server ip address, relay agent ip address, client mac address reply=${reply}0000000000000000${src_mac} @@ -4794,7 +4800,7 @@ rm -f 2.expected ciaddr=`ip_to_hex 0 0 0 0` offer_ip=0 request_ip=0 -test_dhcp 2 f00000000002 08 0 $ciaddr $offer_ip $request_ip 0 1 1 +test_dhcp 2 f00000000002 09 0 $ciaddr $offer_ip $request_ip 0 1 1 # NXT_RESUMEs should be 4. OVS_WAIT_UNTIL([test 4 = `cat ofctl_monitor*.log | grep -c NXT_RESUME`]) @@ -4964,6 +4970,113 @@ AT_CHECK([cat 1.packets | cut -c -48], [0], [expout]) cat 1.expected | cut -c 53- > expout AT_CHECK([cat 1.packets | cut -c 53-], [0], [expout]) +reset_pcap_file hv1-vif1 hv1/vif1 +reset_pcap_file hv1-vif2 hv1/vif2 +rm -f 1.expected +rm -f 2.expected + +# Send DHCPRELEASE. +offer_ip=0 +server_ip=`ip_to_hex 10 0 0 1` +ciaddr=`ip_to_hex 10 0 0 6` +request_ip=0 +expected_dhcp_opts=0 +test_dhcp 2 f00000000002 07 0 $ciaddr $offer_ip $request_ip 0 ff1000000001 + +# NXT_RESUMEs should be 10. +OVS_WAIT_UNTIL([test 10 = $(cat ofctl_monitor*.log | grep -c NXT_RESUME)]) + +# There is no reply for this. Check for the INFO log in ovn-controller.log +AT_CHECK([test 1 = $(cat hv1/ovn-controller.log | \ +grep "DHCPRELEASE f0:00:00:00:00:02 10.0.0.6" -c)]) + +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets +AT_CHECK([cat 2.packets], [0], []) + +reset_pcap_file hv1-vif1 hv1/vif1 +reset_pcap_file hv1-vif2 hv1/vif2 +rm -f 1.expected +rm -f 2.expected + +# Send DHCPINFORM +offer_ip=`ip_to_hex 10 0 0 6` +server_ip=`ip_to_hex 10 0 0 1` +ciaddr=$offer_ip +request_ip=0 +src_ip=$offer_ip +dst_ip=$server_ip +# In the expected_dhcp_opts we should not see 330400000e10 which is +# dhcp lease time option and 0104ffffff00 which is subnet mask option. +expected_dhcp_opts=03040a00000136040a000001 +test_dhcp 2 f00000000002 08 0 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 05 $expected_dhcp_opts + +# NXT_RESUMEs should be 11. +OVS_WAIT_UNTIL([test 11 = $(cat ofctl_monitor*.log | grep -c NXT_RESUME)]) + +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets +cat 2.expected | cut -c -48 > expout +AT_CHECK([cat 2.packets | cut -c -48], [0], [expout]) +# Skipping the IPv4 checksum. +cat 2.expected | cut -c 53- > expout +AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout]) + +# Now add the dhcp option T1 to the dhcp options. +ovn-nbctl set dhcp_options ${d1} options:T1=4000 + +reset_pcap_file hv1-vif1 hv1/vif1 +reset_pcap_file hv1-vif2 hv1/vif2 +rm -f 1.expected +rm -f 2.expected + +# Send DHCPREQUEST to make sure that T1 is in the reply dhcp options. +offer_ip=`ip_to_hex 10 0 0 6` +server_ip=`ip_to_hex 10 0 0 1` +ciaddr=$offer_ip +request_ip=0 +src_ip=$offer_ip +dst_ip=$server_ip +# In the expected_dhcp_opts we should not see 330400000e10 which is +# dhcp lease time option. +expected_dhcp_opts=3a0400000fa0330400000e100104ffffff0003040a00000136040a000001 +test_dhcp 2 f00000000002 03 0 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 05 $expected_dhcp_opts + +# NXT_RESUMEs should be 12. +OVS_WAIT_UNTIL([test 12 = $(cat ofctl_monitor*.log | grep -c NXT_RESUME)]) + +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets +cat 2.expected | cut -c -48 > expout +AT_CHECK([cat 2.packets | cut -c -48], [0], [expout]) +# Skipping the IPv4 checksum. +cat 2.expected | cut -c 53- > expout +AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout]) + +reset_pcap_file hv1-vif1 hv1/vif1 +reset_pcap_file hv1-vif2 hv1/vif2 +rm -f 1.expected +rm -f 2.expected + +# Now send DHCPINFORM again. +offer_ip=`ip_to_hex 10 0 0 6` +server_ip=`ip_to_hex 10 0 0 1` +ciaddr=00000000 +request_ip=0 +src_ip=$offer_ip +dst_ip=$server_ip +# In the expected_dhcp_opts we should not see 330400000e10 which is +# dhcp lease time option and 0104ffffff00 which is subnet mask option. +expected_dhcp_opts=03040a00000136040a000001 +test_dhcp 2 f00000000002 08 0 $ciaddr $offer_ip $request_ip 1 $src_ip $dst_ip ff1000000001 $server_ip 05 $expected_dhcp_opts + +# NXT_RESUMEs should be 13. +OVS_WAIT_UNTIL([test 13 = $(cat ofctl_monitor*.log | grep -c NXT_RESUME)]) + +$PYTHON "$top_srcdir/utilities/ovs-pcap.in" hv1/vif2-tx.pcap > 2.packets +cat 2.expected | cut -c -48 > expout +AT_CHECK([cat 2.packets | cut -c -48], [0], [expout]) +# Skipping the IPv4 checksum. +cat 2.expected | cut -c 53- > expout +AT_CHECK([cat 2.packets | cut -c 53-], [0], [expout]) + OVN_CLEANUP([hv1]) AT_CLEANUP -- 2.26.2