Use underlay prefix and two harcoded bytes for traffic isolation

Do not isolate only the ip in ipv6 encapsulated packets but also
the specific subnet used by dpservice on a given node.

Signed-off-by: Guvenc Gulce <[email protected]>

Author: guvenc

include/dp_ipaddr.h

@@ -21,6 +21,7 @@ static_assert(sizeof(rte_be64_t) * 2 == DP_IPV6_ADDR_SIZE, "DP_IPV6_ADDR_SIZE is
 
 #define DP_UNDERLAY_FLAG_EXTERNALLY_GENERATED 0x80
 #define DP_UNDERLAY_FLAG_SECONDARY_POOL 0x40
+#define DP_UNDERLAY_KERNEL_BYTES 0xabcd
 
 // structure for holding IPv6 addresses
 // this way sizeof(dp_ipv6 *) is a meaningful value and passing the pointer only is safe

include/rte_flow/dp_rte_flow_helpers.h

@@ -62,6 +62,10 @@ static const struct rte_flow_item_ipv6 dp_flow_item_ipv6_dst_mask = {
 	.hdr.dst_addr.a = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
 	.hdr.proto = 0xff,
 };
+static const struct rte_flow_item_ipv6 dp_flow_item_ipv6_dst_pfx80_mask = {
+	.hdr.dst_addr.a = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00",
+	.hdr.proto = 0xff,
+};
 #ifdef ENABLE_VIRTSVC
 static const struct rte_flow_item_ipv6 dp_flow_item_ipv6_dst_only_mask = {
 	.hdr.dst_addr.a = "\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff",
@@ -201,6 +205,20 @@ void dp_set_ipv6_dst_flow_item(struct rte_flow_item *item,
 	item->last = NULL;
 }
 
+static __rte_always_inline
+void dp_set_ipv6_dst_pfx80_flow_item(struct rte_flow_item *item,
+                                     struct rte_flow_item_ipv6 *ipv6_spec,
+                                     const union dp_ipv6 *dst,
+                                     uint8_t proto)
+{
+	dp_set_dst_ipv6(&ipv6_spec->hdr, dst);
+	ipv6_spec->hdr.proto = proto;
+	item->type = RTE_FLOW_ITEM_TYPE_IPV6;
+	item->spec = ipv6_spec;
+	item->mask = &dp_flow_item_ipv6_dst_pfx80_mask;
+	item->last = NULL;
+}
+
 static __rte_always_inline
 void dp_set_ipv4_dst_flow_item(struct rte_flow_item *item,
 							   struct rte_flow_item_ipv4 *ipv4_spec,

src/dp_ipaddr.c

@@ -75,7 +75,8 @@ void dp_generate_ul_ipv6(union dp_ipv6 *dest)
 	static uint32_t ul_counter = 0;
 
 	dest->_ul.prefix = dp_conf_get_underlay_ip()->_prefix;  // Use the same prefix as the host
-	dest->_ul.kernel = dest->_ul.flags = 0;
+	dest->_ul.flags = 0;
+	dest->_ul.kernel = htons(DP_UNDERLAY_KERNEL_BYTES);  // Use hardcoded 2-byte kernel value
 #ifdef ENABLE_STATIC_UNDERLAY_IP
 	dest->_ul.random = 1;
 #else

src/rte_flow/dp_rte_flow_init.c

@@ -27,10 +27,14 @@ int dp_install_isolated_mode_ipip(uint16_t port_id, uint8_t proto_id)
 	struct rte_flow_action_queue queue_action; // #1
 	struct rte_flow_action action[2];          // + end
 	int action_cnt = 0;
+	union dp_ipv6 ul_addr6;
+
+	ul_addr6._ul.prefix = dp_conf_get_underlay_ip()->_prefix;
+	ul_addr6._ul.kernel = htons(DP_UNDERLAY_KERNEL_BYTES);
 
 	// create match pattern: IP in IPv6 tunnel packets
 	dp_set_eth_flow_item(&pattern[pattern_cnt++], &eth_spec, htons(RTE_ETHER_TYPE_IPV6));
-	dp_set_ipv6_flow_item(&pattern[pattern_cnt++], &ipv6_spec, proto_id);
+	dp_set_ipv6_dst_pfx80_flow_item(&pattern[pattern_cnt++], &ipv6_spec, &ul_addr6, proto_id);
 	dp_set_end_flow_item(&pattern[pattern_cnt++]);
 
 	// create flow action: allow packets to enter dp-service packet queue