zebra: allow unicast ARP requests and NS to be redirected by FRR

As a part of fast-failover (ES redirect handling) FRR was only redirecting ARP replies and NA packets. This changes extends that to include unicast ARP requests and unicast NS. Signed-off-by: Anuradha Karuppiah <anuradhak@nvidia.com>
donaldsharp · Feb 8, 2023 · 35ace69 · 35ace69
1 parent 18cf287
commit 35ace69
Showing 1 changed file with 19 additions and 21 deletions.
diff --git a/zebra/zebra_evpn_arp_nd.c b/zebra/zebra_evpn_arp_nd.c
@@ -47,7 +47,7 @@ extern struct zebra_privs_t zserv_privs;
 /*****************************************************************************
  * ARP-ND handling
  * A snooper socket is created for each bridge access port to listen
- * in on ARP replies and NAs. These packets are redirected to an ES-peer
+ * in on ARP and ND. These packets are redirected to an ES-peer
  * via the VxLAN overlay if the destination associated with the DMAC
  * is oper-down
  ****************************************************************************/
@@ -72,9 +72,9 @@ void zebra_evpn_arp_nd_print_summary(struct vty *vty, bool uj)
 	if (uj) {
 		json = json_object_new_object();
 		json_object_boolean_true_add(json, "arpRedirect");
-		json_object_int_add(json, "arpReplyPkts",
+		json_object_int_add(json, "arpPkts",
 				    zevpn_arp_nd_info.stat.arp);
-		json_object_int_add(json, "naPkts", zevpn_arp_nd_info.stat.na);
+		json_object_int_add(json, "ndPkts", zevpn_arp_nd_info.stat.na);
 		json_object_int_add(json, "redirectPkts",
 				    zevpn_arp_nd_info.stat.redirect);
 		json_object_int_add(json, "notReadyPkts",
@@ -93,9 +93,8 @@ void zebra_evpn_arp_nd_print_summary(struct vty *vty, bool uj)
 				? "enabled"
 				: "disabled");
 		vty_out(vty, "Stats:\n");
-		vty_out(vty, "  IPv4 ARP replies: %u\n",
-			zevpn_arp_nd_info.stat.arp);
-		vty_out(vty, "  IPv6 neighbor advertisements: %u\n",
+		vty_out(vty, "  IPv4 ARP: %u\n", zevpn_arp_nd_info.stat.arp);
+		vty_out(vty, "  IPv6 neighbor discovery: %u\n",
 			zevpn_arp_nd_info.stat.na);
 		vty_out(vty, "  Redirected packets: %u\n",
 			zevpn_arp_nd_info.stat.redirect);
@@ -123,8 +122,7 @@ void zebra_evpn_arp_nd_print_summary(struct vty *vty, bool uj)
 void zebra_evpn_arp_nd_if_print(struct vty *vty, struct zebra_if *zif)
 {
 	if (zif->arp_nd_info.pkt_fd > 0)
-		vty_out(vty,
-			"  ARP-ND redirect enabled: ARP-replies %u NA %u\n",
+		vty_out(vty, "  ARP-ND redirect enabled: ARP %u ND %u\n",
 			zif->arp_nd_info.arp_pkts, zif->arp_nd_info.na_pkts);
 }
 
@@ -403,16 +401,17 @@ static void zebra_evpn_arp_nd_read(struct thread *t)
 	zebra_evpn_arp_nd_pkt_read_enable(zif);
 }
 
-/* BPF filter for snooping on ARP replies and IPv6 Neighbor advertisements -
- * tcpdump -dd '((arp and arp[6:2] == 2)
- *			or (icmp6 and ip6[40] == 136)) and inbound'
+/* BPF filter for snooping on unicast ARP req/replies and unicast IPv6 NS/NA -
+ * tcpdump -dd '((ether[0] &1 == 0) and (arp or
+ *               (icmp6 and (ip6[4] == 135 or ip6[40] == 136)))) and inbound'
  */
-static struct sock_filter arp_nd_reply_filter[] = {
-	{0x28, 0, 0, 0x0000000c},  {0x15, 0, 2, 0x00000806},
-	{0x28, 0, 0, 0x00000014},  {0x15, 8, 11, 0x00000002},
-	{0x15, 0, 10, 0x000086dd}, {0x30, 0, 0, 0x00000014},
-	{0x15, 3, 0, 0x0000003a},  {0x15, 0, 7, 0x0000002c},
-	{0x30, 0, 0, 0x00000036},  {0x15, 0, 5, 0x0000003a},
+static struct sock_filter arp_nd_filter[] = {
+	{0x30, 0, 0, 0x00000000},  {0x45, 15, 0, 0x00000001},
+	{0x28, 0, 0, 0x0000000c},  {0x15, 10, 0, 0x00000806},
+	{0x15, 0, 12, 0x000086dd}, {0x30, 0, 0, 0x00000014},
+	{0x15, 3, 0, 0x0000003a},  {0x15, 0, 9, 0x0000002c},
+	{0x30, 0, 0, 0x00000036},  {0x15, 0, 7, 0x0000003a},
+	{0x30, 0, 0, 0x00000012},  {0x15, 2, 0, 0x00000087},
 	{0x30, 0, 0, 0x00000036},  {0x15, 0, 3, 0x00000088},
 	{0x28, 0, 0, 0xfffff004},  {0x15, 1, 0, 0x00000004},
 	{0x6, 0, 0, 0x00040000},   {0x6, 0, 0, 0x00000000},
@@ -426,9 +425,8 @@ static int zebra_evpn_arp_nd_sock_create(struct zebra_if *zif)
 	int rcvbuf = ZEBRA_EVPN_ARP_ND_SOC_RCVBUF;
 	long flags;
 	struct sock_fprog prog = {
-		.len = sizeof(arp_nd_reply_filter)
-		       / sizeof(arp_nd_reply_filter[0]),
-		.filter = arp_nd_reply_filter,
+		.len = sizeof(arp_nd_filter) / sizeof(arp_nd_filter[0]),
+		.filter = arp_nd_filter,
 	};
 
 	frr_with_privs (&zserv_privs) {
@@ -516,7 +514,7 @@ static int zebra_evpn_arp_nd_sock_create(struct zebra_if *zif)
 	return fd;
 }
 
-/* ARP-replies and NA packets are snooped on non-vxlan bridge members.
+/* ARP and ND packets are snooped on non-vxlan bridge members.
  * Create a raw socket and read thread to do that per-member.
  */
 void zebra_evpn_arp_nd_if_update(struct zebra_if *zif, bool enable)