2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 * @brief IPv6 Reassembly.
20 * This file contains the source code for IPv6 reassembly.
23 #include <vppinfra/vec.h>
24 #include <vnet/vnet.h>
25 #include <vnet/ip/ip.h>
26 #include <vppinfra/bihash_48_8.h>
27 #include <vnet/ip/ip6_reassembly.h>
29 #define MSEC_PER_SEC 1000
30 #define IP6_REASS_TIMEOUT_DEFAULT_MS 100
31 #define IP6_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS 10000 // 10 seconds default
32 #define IP6_REASS_MAX_REASSEMBLIES_DEFAULT 1024
33 #define IP6_REASS_HT_LOAD_FACTOR (0.75)
38 IP6_REASS_RC_INTERNAL_ERROR,
60 ip6_reass_buffer_get_data_offset (vlib_buffer_t * b)
62 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
63 return vnb->ip.reass.range_first - vnb->ip.reass.fragment_first;
67 ip6_reass_buffer_get_data_len (vlib_buffer_t * b)
69 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
70 return clib_min (vnb->ip.reass.range_last, vnb->ip.reass.fragment_last) -
71 (vnb->ip.reass.fragment_first + ip6_reass_buffer_get_data_offset (b)) + 1;
78 // time when last packet was received
80 // internal id of this reassembly
82 // buffer index of first buffer in this reassembly context
84 // last octet of packet, ~0 until fragment without more_fragments arrives
85 u32 last_packet_octet;
86 // length of data collected so far
88 // trace operation counter
90 // next index - used by non-feature node
92 // minimum fragment length for this reassembly - used to estimate MTU
93 u16 min_fragment_length;
101 clib_spinlock_t lock;
102 } ip6_reass_per_thread_t;
109 u32 expire_walk_interval_ms;
113 clib_bihash_48_8_t hash;
116 ip6_reass_per_thread_t *per_thread_data;
119 vlib_main_t *vlib_main;
120 vnet_main_t *vnet_main;
122 // node index of ip6-drop node
124 u32 ip6_icmp_error_idx;
125 u32 ip6_reass_expire_node_idx;
129 ip6_reass_main_t ip6_reass_main;
133 IP6_REASSEMBLY_NEXT_INPUT,
134 IP6_REASSEMBLY_NEXT_DROP,
135 IP6_REASSEMBLY_NEXT_ICMP_ERROR,
136 IP6_REASSEMBLY_N_NEXT,
143 ICMP_ERROR_RT_EXCEEDED,
144 ICMP_ERROR_FL_TOO_BIG,
145 ICMP_ERROR_FL_NOT_MULT_8,
147 } ip6_reass_trace_operation_e;
157 } ip6_reass_range_trace_t;
161 ip6_reass_trace_operation_e action;
163 ip6_reass_range_trace_t trace_range;
172 ip6_reass_trace_details (vlib_main_t * vm, u32 bi,
173 ip6_reass_range_trace_t * trace)
175 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
176 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
177 trace->range_first = vnb->ip.reass.range_first;
178 trace->range_last = vnb->ip.reass.range_last;
179 trace->data_offset = ip6_reass_buffer_get_data_offset (b);
180 trace->data_len = ip6_reass_buffer_get_data_len (b);
181 trace->range_bi = bi;
185 format_ip6_reass_range_trace (u8 * s, va_list * args)
187 ip6_reass_range_trace_t *trace = va_arg (*args, ip6_reass_range_trace_t *);
188 s = format (s, "range: [%u, %u], off %d, len %u, bi %u", trace->range_first,
189 trace->range_last, trace->data_offset, trace->data_len,
195 format_ip6_reass_trace (u8 * s, va_list * args)
197 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
198 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
199 ip6_reass_trace_t *t = va_arg (*args, ip6_reass_trace_t *);
200 s = format (s, "reass id: %u, op id: %u ", t->reass_id, t->op_id);
201 u32 indent = format_get_indent (s);
202 s = format (s, "first bi: %u, data len: %u, ip/fragment[%u, %u]",
203 t->trace_range.first_bi, t->total_data_len, t->fragment_first,
208 s = format (s, "\n%Unew %U", format_white_space, indent,
209 format_ip6_reass_range_trace, &t->trace_range);
212 s = format (s, "\n%Uoverlap %U", format_white_space, indent,
213 format_ip6_reass_range_trace, &t->trace_range);
215 case ICMP_ERROR_FL_TOO_BIG:
216 s = format (s, "\n%Uicmp-error - frag_len > 65535 %U",
217 format_white_space, indent, format_ip6_reass_range_trace,
220 case ICMP_ERROR_FL_NOT_MULT_8:
221 s = format (s, "\n%Uicmp-error - frag_len mod 8 != 0 %U",
222 format_white_space, indent, format_ip6_reass_range_trace,
225 case ICMP_ERROR_RT_EXCEEDED:
226 s = format (s, "\n%Uicmp-error - reassembly time exceeded",
227 format_white_space, indent);
230 s = format (s, "\n%Ufinalize reassembly", format_white_space, indent);
237 ip6_reass_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
238 ip6_reass_main_t * rm, ip6_reass_t * reass,
239 u32 bi, ip6_reass_trace_operation_e action,
242 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
243 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
244 if (pool_is_free_index (vm->trace_main.trace_buffer_pool, b->trace_index))
246 // this buffer's trace is gone
247 b->flags &= ~VLIB_BUFFER_IS_TRACED;
250 ip6_reass_trace_t *t = vlib_add_trace (vm, node, b, sizeof (t[0]));
251 t->reass_id = reass->id;
253 ip6_reass_trace_details (vm, bi, &t->trace_range);
254 t->size_diff = size_diff;
255 t->op_id = reass->trace_op_counter;
256 ++reass->trace_op_counter;
257 t->fragment_first = vnb->ip.reass.fragment_first;
258 t->fragment_last = vnb->ip.reass.fragment_last;
259 t->trace_range.first_bi = reass->first_bi;
260 t->total_data_len = reass->data_len;
263 s = format (s, "%U", format_ip6_reass_trace, NULL, NULL, t);
264 printf ("%.*s\n", vec_len (s), s);
266 vec_reset_length (s);
271 ip6_reass_free (ip6_reass_main_t * rm, ip6_reass_per_thread_t * rt,
274 clib_bihash_kv_48_8_t kv;
275 kv.key[0] = reass->key.as_u64[0];
276 kv.key[1] = reass->key.as_u64[1];
277 kv.key[2] = reass->key.as_u64[2];
278 kv.key[3] = reass->key.as_u64[3];
279 kv.key[4] = reass->key.as_u64[4];
280 kv.key[5] = reass->key.as_u64[5];
281 clib_bihash_add_del_48_8 (&rm->hash, &kv, 0);
282 pool_put (rt->pool, reass);
287 ip6_reass_drop_all (vlib_main_t * vm, ip6_reass_main_t * rm,
290 u32 range_bi = reass->first_bi;
291 vlib_buffer_t *range_b;
292 vnet_buffer_opaque_t *range_vnb;
294 while (~0 != range_bi)
296 range_b = vlib_get_buffer (vm, range_bi);
297 range_vnb = vnet_buffer (range_b);
301 vec_add1 (to_free, bi);
302 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
303 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
306 b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
313 range_bi = range_vnb->ip.reass.next_range_bi;
315 vlib_buffer_free (vm, to_free, vec_len (to_free));
320 ip6_reass_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * node,
321 ip6_reass_main_t * rm, ip6_reass_t * reass,
324 if (~0 == reass->first_bi)
328 vlib_buffer_t *b = vlib_get_buffer (vm, reass->first_bi);
329 if (0 == vnet_buffer (b)->ip.reass.fragment_first)
331 *icmp_bi = reass->first_bi;
332 if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
334 ip6_reass_add_trace (vm, node, rm, reass, reass->first_bi,
335 ICMP_ERROR_RT_EXCEEDED, 0);
337 // fragment with offset zero received - send icmp message back
338 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
340 // separate first buffer from chain and steer it towards icmp node
341 b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
342 reass->first_bi = b->next_buffer;
346 reass->first_bi = vnet_buffer (b)->ip.reass.next_range_bi;
348 icmp6_error_set_vnet_buffer (b, ICMP6_time_exceeded,
349 ICMP6_time_exceeded_fragment_reassembly_time_exceeded,
352 ip6_reass_drop_all (vm, rm, reass);
355 always_inline ip6_reass_t *
356 ip6_reass_find_or_create (vlib_main_t * vm, vlib_node_runtime_t * node,
357 ip6_reass_main_t * rm, ip6_reass_per_thread_t * rt,
358 ip6_reass_key_t * k, u32 * icmp_bi)
360 ip6_reass_t *reass = NULL;
361 f64 now = vlib_time_now (rm->vlib_main);
362 clib_bihash_kv_48_8_t kv, value;
363 kv.key[0] = k->as_u64[0];
364 kv.key[1] = k->as_u64[1];
365 kv.key[2] = k->as_u64[2];
366 kv.key[3] = k->as_u64[3];
367 kv.key[4] = k->as_u64[4];
368 kv.key[5] = k->as_u64[5];
370 if (!clib_bihash_search_48_8 (&rm->hash, &kv, &value))
372 reass = pool_elt_at_index (rt->pool, value.value);
373 if (now > reass->last_heard + rm->timeout)
375 ip6_reass_on_timeout (vm, node, rm, reass, icmp_bi);
376 ip6_reass_free (rm, rt, reass);
383 reass->last_heard = now;
387 if (rt->reass_n >= rm->max_reass_n)
394 pool_get (rt->pool, reass);
395 clib_memset (reass, 0, sizeof (*reass));
397 ((u64) os_get_thread_index () * 1000000000) + rt->id_counter;
399 reass->first_bi = ~0;
400 reass->last_packet_octet = ~0;
405 reass->key.as_u64[0] = kv.key[0] = k->as_u64[0];
406 reass->key.as_u64[1] = kv.key[1] = k->as_u64[1];
407 reass->key.as_u64[2] = kv.key[2] = k->as_u64[2];
408 reass->key.as_u64[3] = kv.key[3] = k->as_u64[3];
409 reass->key.as_u64[4] = kv.key[4] = k->as_u64[4];
410 reass->key.as_u64[5] = kv.key[5] = k->as_u64[5];
411 kv.value = reass - rt->pool;
412 reass->last_heard = now;
414 if (clib_bihash_add_del_48_8 (&rm->hash, &kv, 1))
416 ip6_reass_free (rm, rt, reass);
423 always_inline ip6_reass_rc_t
424 ip6_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * node,
425 ip6_reass_main_t * rm, ip6_reass_per_thread_t * rt,
426 ip6_reass_t * reass, u32 * bi0, u32 * next0, u32 * error0,
429 *bi0 = reass->first_bi;
430 *error0 = IP6_ERROR_NONE;
431 ip6_frag_hdr_t *frag_hdr;
432 vlib_buffer_t *last_b = NULL;
433 u32 sub_chain_bi = reass->first_bi;
434 u32 total_length = 0;
437 u32 *vec_drop_compress = NULL;
438 ip6_reass_rc_t rv = IP6_REASS_RC_OK;
441 u32 tmp_bi = sub_chain_bi;
442 vlib_buffer_t *tmp = vlib_get_buffer (vm, tmp_bi);
443 vnet_buffer_opaque_t *vnb = vnet_buffer (tmp);
444 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
445 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
447 rv = IP6_REASS_RC_INTERNAL_ERROR;
448 goto free_buffers_and_return;
451 u32 data_len = ip6_reass_buffer_get_data_len (tmp);
452 u32 trim_front = vnet_buffer (tmp)->ip.reass.ip6_frag_hdr_offset +
453 sizeof (*frag_hdr) + ip6_reass_buffer_get_data_offset (tmp);
455 vlib_buffer_length_in_chain (vm, tmp) - trim_front - data_len;
456 if (tmp_bi == reass->first_bi)
458 /* first buffer - keep ip6 header */
459 if (0 != ip6_reass_buffer_get_data_offset (tmp))
461 rv = IP6_REASS_RC_INTERNAL_ERROR;
462 goto free_buffers_and_return;
465 trim_end = vlib_buffer_length_in_chain (vm, tmp) - data_len -
466 (vnet_buffer (tmp)->ip.reass.ip6_frag_hdr_offset +
468 if (!(vlib_buffer_length_in_chain (vm, tmp) - trim_end > 0))
470 rv = IP6_REASS_RC_INTERNAL_ERROR;
471 goto free_buffers_and_return;
475 vlib_buffer_length_in_chain (vm, tmp) - trim_front - trim_end;
481 if (trim_front > tmp->current_length)
483 /* drop whole buffer */
484 vec_add1 (vec_drop_compress, tmp_bi);
485 trim_front -= tmp->current_length;
486 if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
488 rv = IP6_REASS_RC_INTERNAL_ERROR;
489 goto free_buffers_and_return;
491 tmp->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
492 tmp_bi = tmp->next_buffer;
493 tmp = vlib_get_buffer (vm, tmp_bi);
498 vlib_buffer_advance (tmp, trim_front);
506 last_b->flags |= VLIB_BUFFER_NEXT_PRESENT;
507 last_b->next_buffer = tmp_bi;
510 if (keep_data <= tmp->current_length)
512 tmp->current_length = keep_data;
517 keep_data -= tmp->current_length;
518 if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
520 rv = IP6_REASS_RC_INTERNAL_ERROR;
521 goto free_buffers_and_return;
524 total_length += tmp->current_length;
528 vec_add1 (vec_drop_compress, tmp_bi);
529 if (reass->first_bi == tmp_bi)
531 rv = IP6_REASS_RC_INTERNAL_ERROR;
532 goto free_buffers_and_return;
536 if (tmp->flags & VLIB_BUFFER_NEXT_PRESENT)
538 tmp_bi = tmp->next_buffer;
539 tmp = vlib_get_buffer (vm, tmp->next_buffer);
547 vnet_buffer (vlib_get_buffer (vm, sub_chain_bi))->ip.
550 while (~0 != sub_chain_bi);
554 rv = IP6_REASS_RC_INTERNAL_ERROR;
555 goto free_buffers_and_return;
557 last_b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
558 vlib_buffer_t *first_b = vlib_get_buffer (vm, reass->first_bi);
559 if (total_length < first_b->current_length)
561 rv = IP6_REASS_RC_INTERNAL_ERROR;
562 goto free_buffers_and_return;
564 total_length -= first_b->current_length;
565 first_b->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
566 first_b->total_length_not_including_first_buffer = total_length;
567 // drop fragment header
568 vnet_buffer_opaque_t *first_b_vnb = vnet_buffer (first_b);
569 ip6_header_t *ip = vlib_buffer_get_current (first_b);
570 u16 ip6_frag_hdr_offset = first_b_vnb->ip.reass.ip6_frag_hdr_offset;
571 ip6_ext_header_t *prev_hdr;
572 ip6_ext_header_find_t (ip, prev_hdr, frag_hdr,
573 IP_PROTOCOL_IPV6_FRAGMENTATION);
576 prev_hdr->next_hdr = frag_hdr->next_hdr;
580 ip->protocol = frag_hdr->next_hdr;
582 if (!((u8 *) frag_hdr - (u8 *) ip == ip6_frag_hdr_offset))
584 rv = IP6_REASS_RC_INTERNAL_ERROR;
585 goto free_buffers_and_return;
587 memmove (frag_hdr, (u8 *) frag_hdr + sizeof (*frag_hdr),
588 first_b->current_length - ip6_frag_hdr_offset -
589 sizeof (ip6_frag_hdr_t));
590 first_b->current_length -= sizeof (*frag_hdr);
592 clib_host_to_net_u16 (total_length + first_b->current_length -
594 if (!vlib_buffer_chain_linearize (vm, first_b))
596 rv = IP6_REASS_RC_NO_BUF;
597 goto free_buffers_and_return;
599 if (PREDICT_FALSE (first_b->flags & VLIB_BUFFER_IS_TRACED))
601 ip6_reass_add_trace (vm, node, rm, reass, reass->first_bi, FINALIZE, 0);
603 // following code does a hexdump of packet fragments to stdout ...
606 u32 bi = reass->first_bi;
610 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
611 s = format (s, "%u: %U\n", bi, format_hexdump,
612 vlib_buffer_get_current (b), b->current_length);
613 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
622 printf ("%.*s\n", vec_len (s), s);
631 *next0 = IP6_REASSEMBLY_NEXT_INPUT;
635 *next0 = reass->next_index;
637 vnet_buffer (first_b)->ip.reass.estimated_mtu = reass->min_fragment_length;
638 ip6_reass_free (rm, rt, reass);
640 free_buffers_and_return:
641 vlib_buffer_free (vm, vec_drop_compress, vec_len (vec_drop_compress));
642 vec_free (vec_drop_compress);
647 ip6_reass_insert_range_in_chain (vlib_main_t * vm, ip6_reass_main_t * rm,
648 ip6_reass_per_thread_t * rt,
649 ip6_reass_t * reass, u32 prev_range_bi,
653 vlib_buffer_t *new_next_b = vlib_get_buffer (vm, new_next_bi);
654 vnet_buffer_opaque_t *new_next_vnb = vnet_buffer (new_next_b);
655 if (~0 != prev_range_bi)
657 vlib_buffer_t *prev_b = vlib_get_buffer (vm, prev_range_bi);
658 vnet_buffer_opaque_t *prev_vnb = vnet_buffer (prev_b);
659 new_next_vnb->ip.reass.next_range_bi = prev_vnb->ip.reass.next_range_bi;
660 prev_vnb->ip.reass.next_range_bi = new_next_bi;
664 if (~0 != reass->first_bi)
666 new_next_vnb->ip.reass.next_range_bi = reass->first_bi;
668 reass->first_bi = new_next_bi;
670 reass->data_len += ip6_reass_buffer_get_data_len (new_next_b);
673 always_inline ip6_reass_rc_t
674 ip6_reass_update (vlib_main_t * vm, vlib_node_runtime_t * node,
675 ip6_reass_main_t * rm, ip6_reass_per_thread_t * rt,
676 ip6_reass_t * reass, u32 * bi0, u32 * next0, u32 * error0,
677 ip6_frag_hdr_t * frag_hdr, bool is_feature)
680 vlib_buffer_t *fb = vlib_get_buffer (vm, *bi0);
681 vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
682 reass->next_index = fvnb->ip.reass.next_index; // store next_index before it's overwritten
683 fvnb->ip.reass.ip6_frag_hdr_offset =
684 (u8 *) frag_hdr - (u8 *) vlib_buffer_get_current (fb);
685 ip6_header_t *fip = vlib_buffer_get_current (fb);
686 if (fb->current_length < sizeof (*fip) ||
687 fvnb->ip.reass.ip6_frag_hdr_offset == 0 ||
688 fvnb->ip.reass.ip6_frag_hdr_offset >= fb->current_length)
690 return IP6_REASS_RC_INTERNAL_ERROR;
693 u32 fragment_first = fvnb->ip.reass.fragment_first =
694 ip6_frag_hdr_offset_bytes (frag_hdr);
695 u32 fragment_length =
696 vlib_buffer_length_in_chain (vm, fb) -
697 (fvnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
698 u32 fragment_last = fvnb->ip.reass.fragment_last =
699 fragment_first + fragment_length - 1;
700 int more_fragments = ip6_frag_hdr_more (frag_hdr);
701 u32 candidate_range_bi = reass->first_bi;
702 u32 prev_range_bi = ~0;
703 fvnb->ip.reass.range_first = fragment_first;
704 fvnb->ip.reass.range_last = fragment_last;
705 fvnb->ip.reass.next_range_bi = ~0;
708 reass->last_packet_octet = fragment_last;
710 if (~0 == reass->first_bi)
712 // starting a new reassembly
713 ip6_reass_insert_range_in_chain (vm, rm, rt, reass, prev_range_bi,
715 reass->min_fragment_length = clib_net_to_host_u16 (fip->payload_length);
717 goto check_if_done_maybe;
719 reass->min_fragment_length =
720 clib_min (clib_net_to_host_u16 (fip->payload_length),
721 fvnb->ip.reass.estimated_mtu);
722 while (~0 != candidate_range_bi)
724 vlib_buffer_t *candidate_b = vlib_get_buffer (vm, candidate_range_bi);
725 vnet_buffer_opaque_t *candidate_vnb = vnet_buffer (candidate_b);
726 if (fragment_first > candidate_vnb->ip.reass.range_last)
728 // this fragments starts after candidate range
729 prev_range_bi = candidate_range_bi;
730 candidate_range_bi = candidate_vnb->ip.reass.next_range_bi;
731 if (candidate_vnb->ip.reass.range_last < fragment_last &&
732 ~0 == candidate_range_bi)
734 // special case - this fragment falls beyond all known ranges
735 ip6_reass_insert_range_in_chain (vm, rm, rt, reass,
736 prev_range_bi, *bi0);
742 if (fragment_last < candidate_vnb->ip.reass.range_first)
744 // this fragment ends before candidate range without any overlap
745 ip6_reass_insert_range_in_chain (vm, rm, rt, reass, prev_range_bi,
749 else if (fragment_first == candidate_vnb->ip.reass.range_first &&
750 fragment_last == candidate_vnb->ip.reass.range_last)
752 // duplicate fragment - ignore
756 // overlapping fragment - not allowed by RFC 8200
757 ip6_reass_drop_all (vm, rm, reass);
758 ip6_reass_free (rm, rt, reass);
759 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
761 ip6_reass_add_trace (vm, node, rm, reass, *bi0, RANGE_OVERLAP,
764 *next0 = IP6_REASSEMBLY_NEXT_DROP;
765 *error0 = IP6_ERROR_REASS_OVERLAPPING_FRAGMENT;
766 return IP6_REASS_RC_OK;
773 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
775 ip6_reass_add_trace (vm, node, rm, reass, *bi0, RANGE_NEW, 0);
778 if (~0 != reass->last_packet_octet &&
779 reass->data_len == reass->last_packet_octet + 1)
781 return ip6_reass_finalize (vm, node, rm, rt, reass, bi0, next0, error0,
792 *next0 = IP6_REASSEMBLY_NEXT_DROP;
793 *error0 = IP6_ERROR_REASS_DUPLICATE_FRAGMENT;
796 return IP6_REASS_RC_OK;
800 ip6_reass_verify_upper_layer_present (vlib_node_runtime_t * node,
802 ip6_frag_hdr_t * frag_hdr)
804 ip6_ext_header_t *tmp = (ip6_ext_header_t *) frag_hdr;
805 while (ip6_ext_hdr (tmp->next_hdr))
807 tmp = ip6_ext_next_header (tmp);
809 if (IP_PROTOCOL_IP6_NONXT == tmp->next_hdr)
811 icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
812 ICMP6_parameter_problem_first_fragment_has_incomplete_header_chain,
814 b->error = node->errors[IP6_ERROR_REASS_MISSING_UPPER];
822 ip6_reass_verify_fragment_multiple_8 (vlib_main_t * vm,
823 vlib_node_runtime_t * node,
825 ip6_frag_hdr_t * frag_hdr)
827 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
828 ip6_header_t *ip = vlib_buffer_get_current (b);
829 int more_fragments = ip6_frag_hdr_more (frag_hdr);
830 u32 fragment_length =
831 vlib_buffer_length_in_chain (vm, b) -
832 (vnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
833 if (more_fragments && 0 != fragment_length % 8)
835 icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
836 ICMP6_parameter_problem_erroneous_header_field,
837 (u8 *) & ip->payload_length - (u8 *) ip);
844 ip6_reass_verify_packet_size_lt_64k (vlib_main_t * vm,
845 vlib_node_runtime_t * node,
847 ip6_frag_hdr_t * frag_hdr)
849 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
850 u32 fragment_first = ip6_frag_hdr_offset_bytes (frag_hdr);
851 u32 fragment_length =
852 vlib_buffer_length_in_chain (vm, b) -
853 (vnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
854 if (fragment_first + fragment_length > 65535)
856 ip6_header_t *ip0 = vlib_buffer_get_current (b);
857 icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
858 ICMP6_parameter_problem_erroneous_header_field,
859 (u8 *) & frag_hdr->fragment_offset_and_more
867 ip6_reassembly_inline (vlib_main_t * vm,
868 vlib_node_runtime_t * node,
869 vlib_frame_t * frame, bool is_feature)
871 u32 *from = vlib_frame_vector_args (frame);
872 u32 n_left_from, n_left_to_next, *to_next, next_index;
873 ip6_reass_main_t *rm = &ip6_reass_main;
874 ip6_reass_per_thread_t *rt = &rm->per_thread_data[os_get_thread_index ()];
875 clib_spinlock_lock (&rt->lock);
877 n_left_from = frame->n_vectors;
878 next_index = node->cached_next_index;
879 while (n_left_from > 0)
881 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
883 while (n_left_from > 0 && n_left_to_next > 0)
887 u32 next0 = IP6_REASSEMBLY_NEXT_DROP;
888 u32 error0 = IP6_ERROR_NONE;
892 b0 = vlib_get_buffer (vm, bi0);
894 ip6_header_t *ip0 = vlib_buffer_get_current (b0);
895 ip6_frag_hdr_t *frag_hdr = NULL;
896 ip6_ext_header_t *prev_hdr;
897 if (ip6_ext_hdr (ip0->protocol))
899 ip6_ext_header_find_t (ip0, prev_hdr, frag_hdr,
900 IP_PROTOCOL_IPV6_FRAGMENTATION);
904 // this is a regular packet - no fragmentation
905 next0 = IP6_REASSEMBLY_NEXT_INPUT;
908 if (0 == ip6_frag_hdr_offset (frag_hdr))
910 // first fragment - verify upper-layer is present
911 if (!ip6_reass_verify_upper_layer_present (node, b0, frag_hdr))
913 next0 = IP6_REASSEMBLY_NEXT_ICMP_ERROR;
917 if (!ip6_reass_verify_fragment_multiple_8 (vm, node, b0, frag_hdr)
918 || !ip6_reass_verify_packet_size_lt_64k (vm, node, b0,
921 next0 = IP6_REASSEMBLY_NEXT_ICMP_ERROR;
924 vnet_buffer (b0)->ip.reass.ip6_frag_hdr_offset =
925 (u8 *) frag_hdr - (u8 *) ip0;
928 k.as_u64[0] = ip0->src_address.as_u64[0];
929 k.as_u64[1] = ip0->src_address.as_u64[1];
930 k.as_u64[2] = ip0->dst_address.as_u64[0];
931 k.as_u64[3] = ip0->dst_address.as_u64[1];
933 (u64) vnet_buffer (b0)->
934 sw_if_index[VLIB_RX] << 32 | frag_hdr->identification;
935 k.as_u64[5] = ip0->protocol;
937 ip6_reass_find_or_create (vm, node, rm, rt, &k, &icmp_bi);
941 switch (ip6_reass_update (vm, node, rm, rt, reass, &bi0, &next0,
942 &error0, frag_hdr, is_feature))
944 case IP6_REASS_RC_OK:
945 /* nothing to do here */
947 case IP6_REASS_RC_NO_BUF:
949 case IP6_REASS_RC_INTERNAL_ERROR:
950 /* drop everything and start with a clean slate */
951 ip6_reass_drop_all (vm, rm, reass);
952 ip6_reass_free (rm, rt, reass);
959 next0 = IP6_REASSEMBLY_NEXT_DROP;
960 error0 = IP6_ERROR_REASS_LIMIT_REACHED;
963 b0->error = node->errors[error0];
971 if (is_feature && IP6_ERROR_NONE == error0)
973 b0 = vlib_get_buffer (vm, bi0);
974 vnet_feature_next (&next0, b0);
976 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
977 n_left_to_next, bi0, next0);
982 next0 = IP6_REASSEMBLY_NEXT_ICMP_ERROR;
983 to_next[0] = icmp_bi;
986 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
987 n_left_to_next, icmp_bi,
995 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
998 clib_spinlock_unlock (&rt->lock);
999 return frame->n_vectors;
1002 static char *ip6_reassembly_error_strings[] = {
1003 #define _(sym, string) string,
1009 ip6_reassembly (vlib_main_t * vm, vlib_node_runtime_t * node,
1010 vlib_frame_t * frame)
1012 return ip6_reassembly_inline (vm, node, frame, false /* is_feature */ );
1016 VLIB_REGISTER_NODE (ip6_reass_node, static) = {
1017 .function = ip6_reassembly,
1018 .name = "ip6-reassembly",
1019 .vector_size = sizeof (u32),
1020 .format_trace = format_ip6_reass_trace,
1021 .n_errors = ARRAY_LEN (ip6_reassembly_error_strings),
1022 .error_strings = ip6_reassembly_error_strings,
1023 .n_next_nodes = IP6_REASSEMBLY_N_NEXT,
1026 [IP6_REASSEMBLY_NEXT_INPUT] = "ip6-input",
1027 [IP6_REASSEMBLY_NEXT_DROP] = "ip6-drop",
1028 [IP6_REASSEMBLY_NEXT_ICMP_ERROR] = "ip6-icmp-error",
1033 VLIB_NODE_FUNCTION_MULTIARCH (ip6_reass_node, ip6_reassembly);
1036 ip6_reassembly_feature (vlib_main_t * vm,
1037 vlib_node_runtime_t * node, vlib_frame_t * frame)
1039 return ip6_reassembly_inline (vm, node, frame, true /* is_feature */ );
1043 VLIB_REGISTER_NODE (ip6_reass_node_feature, static) = {
1044 .function = ip6_reassembly_feature,
1045 .name = "ip6-reassembly-feature",
1046 .vector_size = sizeof (u32),
1047 .format_trace = format_ip6_reass_trace,
1048 .n_errors = ARRAY_LEN (ip6_reassembly_error_strings),
1049 .error_strings = ip6_reassembly_error_strings,
1050 .n_next_nodes = IP6_REASSEMBLY_N_NEXT,
1053 [IP6_REASSEMBLY_NEXT_INPUT] = "ip6-input",
1054 [IP6_REASSEMBLY_NEXT_DROP] = "ip6-drop",
1055 [IP6_REASSEMBLY_NEXT_ICMP_ERROR] = "ip6-icmp-error",
1060 VLIB_NODE_FUNCTION_MULTIARCH (ip6_reass_node_feature, ip6_reassembly_feature);
1063 VNET_FEATURE_INIT (ip6_reassembly_feature, static) = {
1064 .arc_name = "ip6-unicast",
1065 .node_name = "ip6-reassembly-feature",
1066 .runs_before = VNET_FEATURES ("ip6-lookup"),
1072 ip6_reass_get_nbuckets ()
1074 ip6_reass_main_t *rm = &ip6_reass_main;
1078 nbuckets = (u32) (rm->max_reass_n / IP6_REASS_HT_LOAD_FACTOR);
1080 for (i = 0; i < 31; i++)
1081 if ((1 << i) >= nbuckets)
1090 IP6_EVENT_CONFIG_CHANGED = 1,
1091 } ip6_reass_event_t;
1096 clib_bihash_48_8_t *new_hash;
1097 } ip6_rehash_cb_ctx;
1100 ip6_rehash_cb (clib_bihash_kv_48_8_t * kv, void *_ctx)
1102 ip6_rehash_cb_ctx *ctx = _ctx;
1103 if (clib_bihash_add_del_48_8 (ctx->new_hash, kv, 1))
1110 ip6_reass_set_params (u32 timeout_ms, u32 max_reassemblies,
1111 u32 expire_walk_interval_ms)
1113 ip6_reass_main.timeout_ms = timeout_ms;
1114 ip6_reass_main.timeout = (f64) timeout_ms / (f64) MSEC_PER_SEC;
1115 ip6_reass_main.max_reass_n = max_reassemblies;
1116 ip6_reass_main.expire_walk_interval_ms = expire_walk_interval_ms;
1120 ip6_reass_set (u32 timeout_ms, u32 max_reassemblies,
1121 u32 expire_walk_interval_ms)
1123 u32 old_nbuckets = ip6_reass_get_nbuckets ();
1124 ip6_reass_set_params (timeout_ms, max_reassemblies,
1125 expire_walk_interval_ms);
1126 vlib_process_signal_event (ip6_reass_main.vlib_main,
1127 ip6_reass_main.ip6_reass_expire_node_idx,
1128 IP6_EVENT_CONFIG_CHANGED, 0);
1129 u32 new_nbuckets = ip6_reass_get_nbuckets ();
1130 if (ip6_reass_main.max_reass_n > 0 && new_nbuckets > old_nbuckets)
1132 clib_bihash_48_8_t new_hash;
1133 clib_memset (&new_hash, 0, sizeof (new_hash));
1134 ip6_rehash_cb_ctx ctx;
1136 ctx.new_hash = &new_hash;
1137 clib_bihash_init_48_8 (&new_hash, "ip6-reass", new_nbuckets,
1138 new_nbuckets * 1024);
1139 clib_bihash_foreach_key_value_pair_48_8 (&ip6_reass_main.hash,
1140 ip6_rehash_cb, &ctx);
1143 clib_bihash_free_48_8 (&new_hash);
1148 clib_bihash_free_48_8 (&ip6_reass_main.hash);
1149 clib_memcpy_fast (&ip6_reass_main.hash, &new_hash,
1150 sizeof (ip6_reass_main.hash));
1157 ip6_reass_get (u32 * timeout_ms, u32 * max_reassemblies,
1158 u32 * expire_walk_interval_ms)
1160 *timeout_ms = ip6_reass_main.timeout_ms;
1161 *max_reassemblies = ip6_reass_main.max_reass_n;
1162 *expire_walk_interval_ms = ip6_reass_main.expire_walk_interval_ms;
1166 static clib_error_t *
1167 ip6_reass_init_function (vlib_main_t * vm)
1169 ip6_reass_main_t *rm = &ip6_reass_main;
1170 clib_error_t *error = 0;
1175 rm->vnet_main = vnet_get_main ();
1177 vec_validate (rm->per_thread_data, vlib_num_workers ());
1178 ip6_reass_per_thread_t *rt;
1179 vec_foreach (rt, rm->per_thread_data)
1181 clib_spinlock_init (&rt->lock);
1182 pool_alloc (rt->pool, rm->max_reass_n);
1185 node = vlib_get_node_by_name (vm, (u8 *) "ip6-reassembly-expire-walk");
1187 rm->ip6_reass_expire_node_idx = node->index;
1189 ip6_reass_set_params (IP6_REASS_TIMEOUT_DEFAULT_MS,
1190 IP6_REASS_MAX_REASSEMBLIES_DEFAULT,
1191 IP6_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS);
1193 nbuckets = ip6_reass_get_nbuckets ();
1194 clib_bihash_init_48_8 (&rm->hash, "ip6-reass", nbuckets, nbuckets * 1024);
1196 node = vlib_get_node_by_name (vm, (u8 *) "ip6-drop");
1198 rm->ip6_drop_idx = node->index;
1199 node = vlib_get_node_by_name (vm, (u8 *) "ip6-icmp-error");
1201 rm->ip6_icmp_error_idx = node->index;
1203 if ((error = vlib_call_init_function (vm, ip_main_init)))
1205 ip6_register_protocol (IP_PROTOCOL_IPV6_FRAGMENTATION,
1206 ip6_reass_node.index);
1211 VLIB_INIT_FUNCTION (ip6_reass_init_function);
1214 ip6_reass_walk_expired (vlib_main_t * vm,
1215 vlib_node_runtime_t * node, vlib_frame_t * f)
1217 ip6_reass_main_t *rm = &ip6_reass_main;
1218 uword event_type, *event_data = 0;
1222 vlib_process_wait_for_event_or_clock (vm,
1223 (f64) rm->expire_walk_interval_ms
1224 / (f64) MSEC_PER_SEC);
1225 event_type = vlib_process_get_events (vm, &event_data);
1229 case ~0: /* no events => timeout */
1230 /* nothing to do here */
1232 case IP6_EVENT_CONFIG_CHANGED:
1235 clib_warning ("BUG: event type 0x%wx", event_type);
1238 f64 now = vlib_time_now (vm);
1241 int *pool_indexes_to_free = NULL;
1243 uword thread_index = 0;
1245 const uword nthreads = vlib_num_workers () + 1;
1246 u32 *vec_icmp_bi = NULL;
1247 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1249 ip6_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1250 clib_spinlock_lock (&rt->lock);
1252 vec_reset_length (pool_indexes_to_free);
1254 pool_foreach_index (index, rt->pool, ({
1255 reass = pool_elt_at_index (rt->pool, index);
1256 if (now > reass->last_heard + rm->timeout)
1258 vec_add1 (pool_indexes_to_free, index);
1264 vec_foreach (i, pool_indexes_to_free)
1266 ip6_reass_t *reass = pool_elt_at_index (rt->pool, i[0]);
1268 vlib_buffer_t *b = vlib_get_buffer (vm, reass->first_bi);
1269 if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
1271 if (pool_is_free_index (vm->trace_main.trace_buffer_pool,
1274 /* the trace is gone, don't trace this buffer anymore */
1275 b->flags &= ~VLIB_BUFFER_IS_TRACED;
1278 ip6_reass_on_timeout (vm, node, rm, reass, &icmp_bi);
1281 vec_add1 (vec_icmp_bi, icmp_bi);
1283 ip6_reass_free (rm, rt, reass);
1287 clib_spinlock_unlock (&rt->lock);
1290 while (vec_len (vec_icmp_bi) > 0)
1293 vlib_get_frame_to_node (vm, rm->ip6_icmp_error_idx);
1294 u32 *to_next = vlib_frame_vector_args (f);
1295 u32 n_left_to_next = VLIB_FRAME_SIZE - f->n_vectors;
1296 int trace_frame = 0;
1297 while (vec_len (vec_icmp_bi) > 0 && n_left_to_next > 0)
1299 u32 bi = vec_pop (vec_icmp_bi);
1300 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
1301 if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
1303 if (pool_is_free_index (vm->trace_main.trace_buffer_pool,
1306 /* the trace is gone, don't trace this buffer anymore */
1307 b->flags &= ~VLIB_BUFFER_IS_TRACED;
1314 b->error = node->errors[IP6_ERROR_REASS_TIMEOUT];
1318 n_left_to_next -= 1;
1320 f->frame_flags |= (trace_frame * VLIB_FRAME_TRACE);
1321 vlib_put_frame_to_node (vm, rm->ip6_icmp_error_idx, f);
1324 vec_free (pool_indexes_to_free);
1325 vec_free (vec_icmp_bi);
1328 _vec_len (event_data) = 0;
1335 static vlib_node_registration_t ip6_reass_expire_node;
1338 VLIB_REGISTER_NODE (ip6_reass_expire_node, static) = {
1339 .function = ip6_reass_walk_expired,
1340 .format_trace = format_ip6_reass_trace,
1341 .type = VLIB_NODE_TYPE_PROCESS,
1342 .name = "ip6-reassembly-expire-walk",
1344 .n_errors = ARRAY_LEN (ip6_reassembly_error_strings),
1345 .error_strings = ip6_reassembly_error_strings,
1351 format_ip6_reass_key (u8 * s, va_list * args)
1353 ip6_reass_key_t *key = va_arg (*args, ip6_reass_key_t *);
1354 s = format (s, "xx_id: %u, src: %U, dst: %U, frag_id: %u, proto: %u",
1355 key->xx_id, format_ip6_address, &key->src, format_ip6_address,
1356 &key->dst, clib_net_to_host_u16 (key->frag_id), key->proto);
1361 format_ip6_reass (u8 * s, va_list * args)
1363 vlib_main_t *vm = va_arg (*args, vlib_main_t *);
1364 ip6_reass_t *reass = va_arg (*args, ip6_reass_t *);
1366 s = format (s, "ID: %lu, key: %U\n first_bi: %u, data_len: %u, "
1367 "last_packet_octet: %u, trace_op_counter: %u\n",
1368 reass->id, format_ip6_reass_key, &reass->key, reass->first_bi,
1369 reass->data_len, reass->last_packet_octet,
1370 reass->trace_op_counter);
1371 u32 bi = reass->first_bi;
1375 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
1376 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
1377 s = format (s, " #%03u: range: [%u, %u], bi: %u, off: %d, len: %u, "
1378 "fragment[%u, %u]\n",
1379 counter, vnb->ip.reass.range_first,
1380 vnb->ip.reass.range_last, bi,
1381 ip6_reass_buffer_get_data_offset (b),
1382 ip6_reass_buffer_get_data_len (b),
1383 vnb->ip.reass.fragment_first, vnb->ip.reass.fragment_last);
1384 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
1386 bi = b->next_buffer;
1396 static clib_error_t *
1397 show_ip6_reass (vlib_main_t * vm, unformat_input_t * input,
1398 CLIB_UNUSED (vlib_cli_command_t * lmd))
1400 ip6_reass_main_t *rm = &ip6_reass_main;
1402 vlib_cli_output (vm, "---------------------");
1403 vlib_cli_output (vm, "IP6 reassembly status");
1404 vlib_cli_output (vm, "---------------------");
1405 bool details = false;
1406 if (unformat (input, "details"))
1411 u32 sum_reass_n = 0;
1412 u64 sum_buffers_n = 0;
1415 const uword nthreads = vlib_num_workers () + 1;
1416 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1418 ip6_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1419 clib_spinlock_lock (&rt->lock);
1423 pool_foreach (reass, rt->pool, {
1424 vlib_cli_output (vm, "%U", format_ip6_reass, vm, reass);
1428 sum_reass_n += rt->reass_n;
1429 clib_spinlock_unlock (&rt->lock);
1431 vlib_cli_output (vm, "---------------------");
1432 vlib_cli_output (vm, "Current IP6 reassemblies count: %lu\n",
1433 (long unsigned) sum_reass_n);
1434 vlib_cli_output (vm, "Maximum configured concurrent IP6 reassemblies per "
1435 "worker-thread: %lu\n", (long unsigned) rm->max_reass_n);
1436 vlib_cli_output (vm, "Buffers in use: %lu\n",
1437 (long unsigned) sum_buffers_n);
1442 VLIB_CLI_COMMAND (show_ip6_reassembly_cmd, static) = {
1443 .path = "show ip6-reassembly",
1444 .short_help = "show ip6-reassembly [details]",
1445 .function = show_ip6_reass,
1450 ip6_reass_enable_disable (u32 sw_if_index, u8 enable_disable)
1452 return vnet_feature_enable_disable ("ip6-unicast", "ip6-reassembly-feature",
1453 sw_if_index, enable_disable, 0, 0);
1457 * fd.io coding-style-patch-verification: ON
1460 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob