2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 * @brief IPv4 Full Reassembly.
20 * This file contains the source code for IPv4 full reassembly.
23 #include <vppinfra/vec.h>
24 #include <vnet/vnet.h>
25 #include <vnet/ip/ip.h>
26 #include <vnet/ip/ip.api_enum.h>
27 #include <vppinfra/fifo.h>
28 #include <vppinfra/bihash_16_8.h>
29 #include <vnet/ip/reass/ip4_full_reass.h>
32 #define MSEC_PER_SEC 1000
33 #define IP4_REASS_TIMEOUT_DEFAULT_MS 200
35 /* As there are only 1024 reass context per thread, either the DDOS attacks
36 * or fractions of real timeouts, would consume these contexts quickly and
37 * running out context space and unable to perform reassembly */
38 #define IP4_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS 50 // 50 ms default
39 #define IP4_REASS_MAX_REASSEMBLIES_DEFAULT 1024
40 #define IP4_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT 3
41 #define IP4_REASS_HT_LOAD_FACTOR (0.75)
43 #define IP4_REASS_DEBUG_BUFFERS 0
44 #if IP4_REASS_DEBUG_BUFFERS
45 #define IP4_REASS_DEBUG_BUFFER(bi, what) \
49 printf (#what "buffer %u", _bi); \
50 vlib_buffer_t *_b = vlib_get_buffer (vm, _bi); \
51 while (_b->flags & VLIB_BUFFER_NEXT_PRESENT) \
53 _bi = _b->next_buffer; \
54 printf ("[%u]", _bi); \
55 _b = vlib_get_buffer (vm, _bi); \
62 #define IP4_REASS_DEBUG_BUFFER(...)
68 IP4_REASS_RC_TOO_MANY_FRAGMENTS,
69 IP4_REASS_RC_INTERNAL_ERROR,
72 } ip4_full_reass_rc_t;
85 } ip4_full_reass_key_t;
87 STATIC_ASSERT_SIZEOF (ip4_full_reass_key_t, 16);
94 u32 memory_owner_thread_index;
97 } ip4_full_reass_val_t;
103 ip4_full_reass_key_t k;
104 ip4_full_reass_val_t v;
106 clib_bihash_kv_16_8_t kv;
107 } ip4_full_reass_kv_t;
110 ip4_full_reass_buffer_get_data_offset (vlib_buffer_t * b)
112 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
113 return vnb->ip.reass.range_first - vnb->ip.reass.fragment_first;
117 ip4_full_reass_buffer_get_data_len (vlib_buffer_t * b)
119 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
120 return clib_min (vnb->ip.reass.range_last, vnb->ip.reass.fragment_last) -
121 (vnb->ip.reass.fragment_first +
122 ip4_full_reass_buffer_get_data_offset (b)) + 1;
128 ip4_full_reass_key_t key;
129 // time when last packet was received
131 // internal id of this reassembly
133 // buffer index of first buffer in this reassembly context
135 // last octet of packet, ~0 until fragment without more_fragments arrives
136 u32 last_packet_octet;
137 // length of data collected so far
139 // trace operation counter
140 u32 trace_op_counter;
141 // next index - used by non-feature node
143 // error next index - used by custom apps (~0 if not used)
144 u32 error_next_index;
145 // minimum fragment length for this reassembly - used to estimate MTU
146 u16 min_fragment_length;
147 // number of fragments in this reassembly
149 // thread owning memory for this context (whose pool contains this ctx)
150 u32 memory_owner_thread_index;
151 // thread which received fragment with offset 0 and which sends out the
152 // completed reassembly
153 u32 sendout_thread_index;
158 ip4_full_reass_t *pool;
161 // for pacing the main thread timeouts
163 clib_spinlock_t lock;
164 } ip4_full_reass_per_thread_t;
171 u32 expire_walk_interval_ms;
172 // maximum number of fragments in one reassembly
174 // maximum number of reassemblies
178 clib_bihash_16_8_t hash;
180 ip4_full_reass_per_thread_t *per_thread_data;
183 vlib_main_t *vlib_main;
185 u32 ip4_full_reass_expire_node_idx;
187 /** Worker handoff */
190 u32 fq_feature_index;
193 // reference count for enabling/disabling feature - per interface
194 u32 *feature_use_refcount_per_intf;
196 // whether local fragmented packets are reassembled or not
197 int is_local_reass_enabled;
198 } ip4_full_reass_main_t;
200 extern ip4_full_reass_main_t ip4_full_reass_main;
202 #ifndef CLIB_MARCH_VARIANT
203 ip4_full_reass_main_t ip4_full_reass_main;
204 #endif /* CLIB_MARCH_VARIANT */
208 IP4_FULL_REASS_NEXT_INPUT,
209 IP4_FULL_REASS_NEXT_DROP,
210 IP4_FULL_REASS_NEXT_HANDOFF,
211 IP4_FULL_REASS_N_NEXT,
212 } ip4_full_reass_next_t;
219 } ip4_full_reass_node_type_t;
230 } ip4_full_reass_trace_operation_e;
240 } ip4_full_reass_range_trace_t;
244 ip4_full_reass_trace_operation_e action;
246 ip4_full_reass_range_trace_t trace_range;
254 bool is_after_handoff;
255 ip4_header_t ip4_header;
256 } ip4_full_reass_trace_t;
258 extern vlib_node_registration_t ip4_full_reass_node;
259 extern vlib_node_registration_t ip4_full_reass_node_feature;
260 extern vlib_node_registration_t ip4_full_reass_node_custom;
263 ip4_full_reass_trace_details (vlib_main_t * vm, u32 bi,
264 ip4_full_reass_range_trace_t * trace)
266 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
267 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
268 trace->range_first = vnb->ip.reass.range_first;
269 trace->range_last = vnb->ip.reass.range_last;
270 trace->data_offset = ip4_full_reass_buffer_get_data_offset (b);
271 trace->data_len = ip4_full_reass_buffer_get_data_len (b);
272 trace->range_bi = bi;
276 format_ip4_full_reass_range_trace (u8 * s, va_list * args)
278 ip4_full_reass_range_trace_t *trace =
279 va_arg (*args, ip4_full_reass_range_trace_t *);
281 format (s, "range: [%u, %u], off %d, len %u, bi %u", trace->range_first,
282 trace->range_last, trace->data_offset, trace->data_len,
288 format_ip4_full_reass_trace (u8 * s, va_list * args)
290 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
291 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
292 ip4_full_reass_trace_t *t = va_arg (*args, ip4_full_reass_trace_t *);
294 if (~0 != t->reass_id)
296 if (t->is_after_handoff)
299 format (s, "%U\n", format_ip4_header, &t->ip4_header,
300 sizeof (t->ip4_header));
304 format (s, "%Ureass id: %u, op id: %u, ", format_white_space, indent,
305 t->reass_id, t->op_id);
306 indent = format_get_indent (s);
309 "first bi: %u, data len: %u, ip/fragment[%u, %u]",
310 t->trace_range.first_bi, t->total_data_len, t->fragment_first,
316 s = format (s, "\n%Ushrink %U by %u", format_white_space, indent,
317 format_ip4_full_reass_range_trace, &t->trace_range,
321 s = format (s, "\n%Udiscard %U", format_white_space, indent,
322 format_ip4_full_reass_range_trace, &t->trace_range);
325 s = format (s, "\n%Unew %U", format_white_space, indent,
326 format_ip4_full_reass_range_trace, &t->trace_range);
329 s = format (s, "\n%Uoverlapping/ignored %U", format_white_space, indent,
330 format_ip4_full_reass_range_trace, &t->trace_range);
333 s = format (s, "\n%Ufinalize reassembly", format_white_space, indent);
337 format (s, "handoff from thread #%u to thread #%u", t->thread_id,
341 s = format (s, "passthrough - not a fragment");
348 ip4_full_reass_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
349 ip4_full_reass_t * reass, u32 bi,
350 ip4_full_reass_trace_operation_e action,
351 u32 size_diff, u32 thread_id_to)
353 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
354 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
355 if (pool_is_free_index
356 (vm->trace_main.trace_buffer_pool, vlib_buffer_get_trace_index (b)))
358 // this buffer's trace is gone
359 b->flags &= ~VLIB_BUFFER_IS_TRACED;
362 bool is_after_handoff = false;
363 if (vlib_buffer_get_trace_thread (b) != vm->thread_index)
365 is_after_handoff = true;
367 ip4_full_reass_trace_t *t = vlib_add_trace (vm, node, b, sizeof (t[0]));
368 t->is_after_handoff = is_after_handoff;
369 if (t->is_after_handoff)
371 clib_memcpy (&t->ip4_header, vlib_buffer_get_current (b),
372 clib_min (sizeof (t->ip4_header), b->current_length));
376 t->reass_id = reass->id;
377 t->op_id = reass->trace_op_counter;
378 t->trace_range.first_bi = reass->first_bi;
379 t->total_data_len = reass->data_len;
380 ++reass->trace_op_counter;
386 t->trace_range.first_bi = 0;
387 t->total_data_len = 0;
390 ip4_full_reass_trace_details (vm, bi, &t->trace_range);
391 t->size_diff = size_diff;
392 t->thread_id = vm->thread_index;
393 t->thread_id_to = thread_id_to;
394 t->fragment_first = vnb->ip.reass.fragment_first;
395 t->fragment_last = vnb->ip.reass.fragment_last;
398 s = format (s, "%U", format_ip4_full_reass_trace, NULL, NULL, t);
399 printf ("%.*s\n", vec_len (s), s);
401 vec_reset_length (s);
406 ip4_full_reass_free_ctx (ip4_full_reass_per_thread_t * rt,
407 ip4_full_reass_t * reass)
409 pool_put (rt->pool, reass);
414 ip4_full_reass_free (ip4_full_reass_main_t * rm,
415 ip4_full_reass_per_thread_t * rt,
416 ip4_full_reass_t * reass)
418 clib_bihash_kv_16_8_t kv = {};
419 clib_memcpy_fast (&kv, &reass->key, sizeof (kv.key));
420 clib_bihash_add_del_16_8 (&rm->hash, &kv, 0);
421 return ip4_full_reass_free_ctx (rt, reass);
424 /* n_left_to_next, and to_next are taken as input params, as this function
425 * could be called from a graphnode, where its managing local copy of these
426 * variables, and ignoring those and still trying to enqueue the buffers
427 * with local variables would cause either buffer leak or corruption */
429 ip4_full_reass_drop_all (vlib_main_t *vm, vlib_node_runtime_t *node,
430 ip4_full_reass_t *reass)
432 u32 range_bi = reass->first_bi;
433 vlib_buffer_t *range_b;
434 vnet_buffer_opaque_t *range_vnb;
437 while (~0 != range_bi)
439 range_b = vlib_get_buffer (vm, range_bi);
440 range_vnb = vnet_buffer (range_b);
444 vec_add1 (to_free, range_bi);
447 range_bi = range_vnb->ip.reass.next_range_bi;
450 /* send to next_error_index */
451 if (~0 != reass->error_next_index &&
452 reass->error_next_index < node->n_next_nodes)
454 u32 n_free = vec_len (to_free);
456 /* record number of packets sent to custom app */
457 vlib_node_increment_counter (vm, node->node_index,
458 IP4_ERROR_REASS_TO_CUSTOM_APP, n_free);
460 if (node->flags & VLIB_NODE_FLAG_TRACE)
461 for (u32 i = 0; i < n_free; i++)
463 vlib_buffer_t *b = vlib_get_buffer (vm, to_free[i]);
464 if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
465 ip4_full_reass_add_trace (vm, node, reass, to_free[i],
466 RANGE_DISCARD, 0, ~0);
469 vlib_buffer_enqueue_to_single_next (vm, node, to_free,
470 reass->error_next_index, n_free);
474 vlib_buffer_free (vm, to_free, vec_len (to_free));
480 sanitize_reass_buffers_add_missing (vlib_main_t *vm, ip4_full_reass_t *reass,
483 u32 range_bi = reass->first_bi;
484 vlib_buffer_t *range_b;
485 vnet_buffer_opaque_t *range_vnb;
487 while (~0 != range_bi)
489 range_b = vlib_get_buffer (vm, range_bi);
490 range_vnb = vnet_buffer (range_b);
496 if (range_b->flags & VLIB_BUFFER_NEXT_PRESENT)
499 vlib_buffer_t *_b = vlib_get_buffer (vm, _bi);
500 while (_b->flags & VLIB_BUFFER_NEXT_PRESENT)
502 if (_b->next_buffer != range_vnb->ip.reass.next_range_bi)
504 _bi = _b->next_buffer;
505 _b = vlib_get_buffer (vm, _bi);
509 _b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
514 range_bi = range_vnb->ip.reass.next_range_bi;
519 vlib_buffer_t *fb = vlib_get_buffer (vm, *bi0);
520 vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
521 if (~0 != reass->first_bi)
523 fvnb->ip.reass.next_range_bi = reass->first_bi;
524 reass->first_bi = *bi0;
528 reass->first_bi = *bi0;
529 fvnb->ip.reass.next_range_bi = ~0;
536 ip4_full_reass_init (ip4_full_reass_t * reass)
538 reass->first_bi = ~0;
539 reass->last_packet_octet = ~0;
541 reass->next_index = ~0;
542 reass->error_next_index = ~0;
545 always_inline ip4_full_reass_t *
546 ip4_full_reass_find_or_create (vlib_main_t *vm, vlib_node_runtime_t *node,
547 ip4_full_reass_main_t *rm,
548 ip4_full_reass_per_thread_t *rt,
549 ip4_full_reass_kv_t *kv, u8 *do_handoff)
551 ip4_full_reass_t *reass;
557 now = vlib_time_now (vm);
558 if (!clib_bihash_search_16_8 (&rm->hash, &kv->kv, &kv->kv))
560 if (vm->thread_index != kv->v.memory_owner_thread_index)
566 pool_elt_at_index (rm->per_thread_data
567 [kv->v.memory_owner_thread_index].pool,
570 if (now > reass->last_heard + rm->timeout)
572 vlib_node_increment_counter (vm, node->node_index,
573 IP4_ERROR_REASS_TIMEOUT, 1);
574 ip4_full_reass_drop_all (vm, node, reass);
575 ip4_full_reass_free (rm, rt, reass);
582 reass->last_heard = now;
586 if (rt->reass_n >= rm->max_reass_n)
593 pool_get (rt->pool, reass);
594 clib_memset (reass, 0, sizeof (*reass));
595 reass->id = ((u64) vm->thread_index * 1000000000) + rt->id_counter;
596 reass->memory_owner_thread_index = vm->thread_index;
598 ip4_full_reass_init (reass);
602 clib_memcpy_fast (&reass->key, &kv->kv.key, sizeof (reass->key));
603 kv->v.reass_index = (reass - rt->pool);
604 kv->v.memory_owner_thread_index = vm->thread_index;
605 reass->last_heard = now;
607 int rv = clib_bihash_add_del_16_8 (&rm->hash, &kv->kv, 2);
610 ip4_full_reass_free_ctx (rt, reass);
612 // if other worker created a context already work with the other copy
620 always_inline ip4_full_reass_rc_t
621 ip4_full_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * node,
622 ip4_full_reass_main_t * rm,
623 ip4_full_reass_per_thread_t * rt,
624 ip4_full_reass_t * reass, u32 * bi0,
625 u32 * next0, u32 * error0, bool is_custom)
627 vlib_buffer_t *first_b = vlib_get_buffer (vm, reass->first_bi);
628 vlib_buffer_t *last_b = NULL;
629 u32 sub_chain_bi = reass->first_bi;
630 u32 total_length = 0;
633 u32 tmp_bi = sub_chain_bi;
634 vlib_buffer_t *tmp = vlib_get_buffer (vm, tmp_bi);
635 ip4_header_t *ip = vlib_buffer_get_current (tmp);
636 vnet_buffer_opaque_t *vnb = vnet_buffer (tmp);
637 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
638 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
640 return IP4_REASS_RC_INTERNAL_ERROR;
643 u32 data_len = ip4_full_reass_buffer_get_data_len (tmp);
645 ip4_header_bytes (ip) + ip4_full_reass_buffer_get_data_offset (tmp);
647 vlib_buffer_length_in_chain (vm, tmp) - trim_front - data_len;
648 if (tmp_bi == reass->first_bi)
650 /* first buffer - keep ip4 header */
651 if (0 != ip4_full_reass_buffer_get_data_offset (tmp))
653 return IP4_REASS_RC_INTERNAL_ERROR;
656 trim_end = vlib_buffer_length_in_chain (vm, tmp) - data_len -
657 ip4_header_bytes (ip);
658 if (!(vlib_buffer_length_in_chain (vm, tmp) - trim_end > 0))
660 return IP4_REASS_RC_INTERNAL_ERROR;
664 vlib_buffer_length_in_chain (vm, tmp) - trim_front - trim_end;
669 if (trim_front > tmp->current_length)
671 /* drop whole buffer */
672 u32 to_be_freed_bi = tmp_bi;
673 trim_front -= tmp->current_length;
674 if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
676 return IP4_REASS_RC_INTERNAL_ERROR;
678 tmp->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
679 tmp_bi = tmp->next_buffer;
680 tmp->next_buffer = 0;
681 tmp = vlib_get_buffer (vm, tmp_bi);
682 vlib_buffer_free_one (vm, to_be_freed_bi);
687 vlib_buffer_advance (tmp, trim_front);
695 last_b->flags |= VLIB_BUFFER_NEXT_PRESENT;
696 last_b->next_buffer = tmp_bi;
699 if (keep_data <= tmp->current_length)
701 tmp->current_length = keep_data;
706 keep_data -= tmp->current_length;
707 if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
709 return IP4_REASS_RC_INTERNAL_ERROR;
712 total_length += tmp->current_length;
713 if (tmp->flags & VLIB_BUFFER_NEXT_PRESENT)
715 tmp_bi = tmp->next_buffer;
716 tmp = vlib_get_buffer (vm, tmp->next_buffer);
725 u32 to_be_freed_bi = tmp_bi;
726 if (reass->first_bi == tmp_bi)
728 return IP4_REASS_RC_INTERNAL_ERROR;
730 if (tmp->flags & VLIB_BUFFER_NEXT_PRESENT)
732 tmp->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
733 tmp_bi = tmp->next_buffer;
734 tmp->next_buffer = 0;
735 tmp = vlib_get_buffer (vm, tmp_bi);
736 vlib_buffer_free_one (vm, to_be_freed_bi);
740 tmp->next_buffer = 0;
741 vlib_buffer_free_one (vm, to_be_freed_bi);
747 vnet_buffer (vlib_get_buffer (vm, sub_chain_bi))->ip.
750 while (~0 != sub_chain_bi);
754 return IP4_REASS_RC_INTERNAL_ERROR;
756 last_b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
758 if (total_length < first_b->current_length)
760 return IP4_REASS_RC_INTERNAL_ERROR;
762 total_length -= first_b->current_length;
763 first_b->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
764 first_b->total_length_not_including_first_buffer = total_length;
765 ip4_header_t *ip = vlib_buffer_get_current (first_b);
766 ip->flags_and_fragment_offset = 0;
767 ip->length = clib_host_to_net_u16 (first_b->current_length + total_length);
768 ip->checksum = ip4_header_checksum (ip);
769 if (!vlib_buffer_chain_linearize (vm, first_b))
771 return IP4_REASS_RC_NO_BUF;
773 // reset to reconstruct the mbuf linking
774 first_b->flags &= ~VLIB_BUFFER_EXT_HDR_VALID;
775 if (PREDICT_FALSE (first_b->flags & VLIB_BUFFER_IS_TRACED))
777 ip4_full_reass_add_trace (vm, node, reass, reass->first_bi, FINALIZE, 0,
780 // following code does a hexdump of packet fragments to stdout ...
783 u32 bi = reass->first_bi;
787 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
788 s = format (s, "%u: %U\n", bi, format_hexdump,
789 vlib_buffer_get_current (b), b->current_length);
790 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
799 printf ("%.*s\n", vec_len (s), s);
806 *bi0 = reass->first_bi;
809 *next0 = IP4_FULL_REASS_NEXT_INPUT;
813 *next0 = reass->next_index;
815 vnet_buffer (first_b)->ip.reass.estimated_mtu = reass->min_fragment_length;
817 /* Keep track of number of successfully reassembled packets and number of
818 * fragments reassembled */
819 vlib_node_increment_counter (vm, node->node_index, IP4_ERROR_REASS_SUCCESS,
822 vlib_node_increment_counter (vm, node->node_index,
823 IP4_ERROR_REASS_FRAGMENTS_REASSEMBLED,
826 *error0 = IP4_ERROR_NONE;
827 ip4_full_reass_free (rm, rt, reass);
829 return IP4_REASS_RC_OK;
832 always_inline ip4_full_reass_rc_t
833 ip4_full_reass_insert_range_in_chain (vlib_main_t * vm,
834 ip4_full_reass_t * reass,
835 u32 prev_range_bi, u32 new_next_bi)
837 vlib_buffer_t *new_next_b = vlib_get_buffer (vm, new_next_bi);
838 vnet_buffer_opaque_t *new_next_vnb = vnet_buffer (new_next_b);
839 if (~0 != prev_range_bi)
841 vlib_buffer_t *prev_b = vlib_get_buffer (vm, prev_range_bi);
842 vnet_buffer_opaque_t *prev_vnb = vnet_buffer (prev_b);
843 new_next_vnb->ip.reass.next_range_bi = prev_vnb->ip.reass.next_range_bi;
844 prev_vnb->ip.reass.next_range_bi = new_next_bi;
848 if (~0 != reass->first_bi)
850 new_next_vnb->ip.reass.next_range_bi = reass->first_bi;
852 reass->first_bi = new_next_bi;
854 vnet_buffer_opaque_t *vnb = vnet_buffer (new_next_b);
855 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
856 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
858 return IP4_REASS_RC_INTERNAL_ERROR;
860 reass->data_len += ip4_full_reass_buffer_get_data_len (new_next_b);
861 return IP4_REASS_RC_OK;
864 always_inline ip4_full_reass_rc_t
865 ip4_full_reass_remove_range_from_chain (vlib_main_t * vm,
866 vlib_node_runtime_t * node,
867 ip4_full_reass_t * reass,
868 u32 prev_range_bi, u32 discard_bi)
870 vlib_buffer_t *discard_b = vlib_get_buffer (vm, discard_bi);
871 vnet_buffer_opaque_t *discard_vnb = vnet_buffer (discard_b);
872 if (~0 != prev_range_bi)
874 vlib_buffer_t *prev_b = vlib_get_buffer (vm, prev_range_bi);
875 vnet_buffer_opaque_t *prev_vnb = vnet_buffer (prev_b);
876 if (!(prev_vnb->ip.reass.next_range_bi == discard_bi))
878 return IP4_REASS_RC_INTERNAL_ERROR;
880 prev_vnb->ip.reass.next_range_bi = discard_vnb->ip.reass.next_range_bi;
884 reass->first_bi = discard_vnb->ip.reass.next_range_bi;
886 vnet_buffer_opaque_t *vnb = vnet_buffer (discard_b);
887 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
888 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
890 return IP4_REASS_RC_INTERNAL_ERROR;
892 reass->data_len -= ip4_full_reass_buffer_get_data_len (discard_b);
895 u32 to_be_freed_bi = discard_bi;
896 if (PREDICT_FALSE (discard_b->flags & VLIB_BUFFER_IS_TRACED))
898 ip4_full_reass_add_trace (vm, node, reass, discard_bi, RANGE_DISCARD,
901 if (discard_b->flags & VLIB_BUFFER_NEXT_PRESENT)
903 discard_b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
904 discard_bi = discard_b->next_buffer;
905 discard_b->next_buffer = 0;
906 discard_b = vlib_get_buffer (vm, discard_bi);
907 vlib_buffer_free_one (vm, to_be_freed_bi);
911 discard_b->next_buffer = 0;
912 vlib_buffer_free_one (vm, to_be_freed_bi);
916 return IP4_REASS_RC_OK;
919 always_inline ip4_full_reass_rc_t
920 ip4_full_reass_update (vlib_main_t * vm, vlib_node_runtime_t * node,
921 ip4_full_reass_main_t * rm,
922 ip4_full_reass_per_thread_t * rt,
923 ip4_full_reass_t * reass, u32 * bi0, u32 * next0,
924 u32 * error0, bool is_custom, u32 * handoff_thread_idx)
926 vlib_buffer_t *fb = vlib_get_buffer (vm, *bi0);
927 vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
930 // store (error_)next_index before it's overwritten
931 reass->next_index = fvnb->ip.reass.next_index;
932 reass->error_next_index = fvnb->ip.reass.error_next_index;
934 ip4_full_reass_rc_t rc = IP4_REASS_RC_OK;
936 ip4_header_t *fip = vlib_buffer_get_current (fb);
937 const u32 fragment_first = ip4_get_fragment_offset_bytes (fip);
938 const u32 fragment_length =
939 clib_net_to_host_u16 (fip->length) - ip4_header_bytes (fip);
940 const u32 fragment_last = fragment_first + fragment_length - 1;
941 fvnb->ip.reass.fragment_first = fragment_first;
942 fvnb->ip.reass.fragment_last = fragment_last;
943 int more_fragments = ip4_get_fragment_more (fip);
944 u32 candidate_range_bi = reass->first_bi;
945 u32 prev_range_bi = ~0;
946 fvnb->ip.reass.range_first = fragment_first;
947 fvnb->ip.reass.range_last = fragment_last;
948 fvnb->ip.reass.next_range_bi = ~0;
951 reass->last_packet_octet = fragment_last;
953 if (~0 == reass->first_bi)
955 // starting a new reassembly
957 ip4_full_reass_insert_range_in_chain (vm, reass, prev_range_bi, *bi0);
958 if (IP4_REASS_RC_OK != rc)
962 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
964 ip4_full_reass_add_trace (vm, node, reass, *bi0, RANGE_NEW, 0, ~0);
967 reass->min_fragment_length = clib_net_to_host_u16 (fip->length);
968 reass->fragments_n = 1;
969 return IP4_REASS_RC_OK;
971 reass->min_fragment_length =
972 clib_min (clib_net_to_host_u16 (fip->length),
973 fvnb->ip.reass.estimated_mtu);
974 while (~0 != candidate_range_bi)
976 vlib_buffer_t *candidate_b = vlib_get_buffer (vm, candidate_range_bi);
977 vnet_buffer_opaque_t *candidate_vnb = vnet_buffer (candidate_b);
978 if (fragment_first > candidate_vnb->ip.reass.range_last)
980 // this fragments starts after candidate range
981 prev_range_bi = candidate_range_bi;
982 candidate_range_bi = candidate_vnb->ip.reass.next_range_bi;
983 if (candidate_vnb->ip.reass.range_last < fragment_last &&
984 ~0 == candidate_range_bi)
986 // special case - this fragment falls beyond all known ranges
987 rc = ip4_full_reass_insert_range_in_chain (vm, reass,
988 prev_range_bi, *bi0);
989 if (IP4_REASS_RC_OK != rc)
998 if (fragment_last < candidate_vnb->ip.reass.range_first)
1000 // this fragment ends before candidate range without any overlap
1001 rc = ip4_full_reass_insert_range_in_chain (vm, reass, prev_range_bi,
1003 if (IP4_REASS_RC_OK != rc)
1011 if (fragment_first >= candidate_vnb->ip.reass.range_first &&
1012 fragment_last <= candidate_vnb->ip.reass.range_last)
1014 // this fragment is a (sub)part of existing range, ignore it
1015 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
1017 ip4_full_reass_add_trace (vm, node, reass, *bi0,
1018 RANGE_OVERLAP, 0, ~0);
1022 int discard_candidate = 0;
1023 if (fragment_first < candidate_vnb->ip.reass.range_first)
1026 fragment_last - candidate_vnb->ip.reass.range_first + 1;
1027 if (overlap < ip4_full_reass_buffer_get_data_len (candidate_b))
1029 candidate_vnb->ip.reass.range_first += overlap;
1030 if (reass->data_len < overlap)
1032 return IP4_REASS_RC_INTERNAL_ERROR;
1034 reass->data_len -= overlap;
1035 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
1037 ip4_full_reass_add_trace (vm, node, reass,
1039 RANGE_SHRINK, 0, ~0);
1041 rc = ip4_full_reass_insert_range_in_chain (
1042 vm, reass, prev_range_bi, *bi0);
1043 if (IP4_REASS_RC_OK != rc)
1051 discard_candidate = 1;
1054 else if (fragment_last > candidate_vnb->ip.reass.range_last)
1057 candidate_vnb->ip.reass.range_last - fragment_first + 1;
1058 if (overlap < ip4_full_reass_buffer_get_data_len (candidate_b))
1060 fvnb->ip.reass.range_first += overlap;
1061 if (~0 != candidate_vnb->ip.reass.next_range_bi)
1063 prev_range_bi = candidate_range_bi;
1064 candidate_range_bi =
1065 candidate_vnb->ip.reass.next_range_bi;
1070 // special case - last range discarded
1071 rc = ip4_full_reass_insert_range_in_chain (
1072 vm, reass, candidate_range_bi, *bi0);
1073 if (IP4_REASS_RC_OK != rc)
1082 discard_candidate = 1;
1087 discard_candidate = 1;
1089 if (discard_candidate)
1091 u32 next_range_bi = candidate_vnb->ip.reass.next_range_bi;
1092 // discard candidate range, probe next range
1093 rc = ip4_full_reass_remove_range_from_chain (
1094 vm, node, reass, prev_range_bi, candidate_range_bi);
1095 if (IP4_REASS_RC_OK != rc)
1099 if (~0 != next_range_bi)
1101 candidate_range_bi = next_range_bi;
1106 // special case - last range discarded
1107 rc = ip4_full_reass_insert_range_in_chain (
1108 vm, reass, prev_range_bi, *bi0);
1109 if (IP4_REASS_RC_OK != rc)
1119 ++reass->fragments_n;
1122 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
1124 ip4_full_reass_add_trace (vm, node, reass, *bi0, RANGE_NEW, 0, ~0);
1127 if (~0 != reass->last_packet_octet &&
1128 reass->data_len == reass->last_packet_octet + 1)
1130 *handoff_thread_idx = reass->sendout_thread_index;
1132 reass->memory_owner_thread_index != reass->sendout_thread_index;
1134 ip4_full_reass_finalize (vm, node, rm, rt, reass, bi0, next0, error0,
1136 if (IP4_REASS_RC_OK == rc && handoff)
1138 rc = IP4_REASS_RC_HANDOFF;
1146 if (reass->fragments_n > rm->max_reass_len)
1148 rc = IP4_REASS_RC_TOO_MANY_FRAGMENTS;
1153 *next0 = IP4_FULL_REASS_NEXT_DROP;
1154 *error0 = IP4_ERROR_REASS_DUPLICATE_FRAGMENT;
1161 ip4_full_reass_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
1162 vlib_frame_t *frame, ip4_full_reass_node_type_t type,
1165 u32 *from = vlib_frame_vector_args (frame);
1166 u32 n_left_from, n_left_to_next, *to_next, next_index;
1167 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
1168 ip4_full_reass_per_thread_t *rt = &rm->per_thread_data[vm->thread_index];
1169 clib_spinlock_lock (&rt->lock);
1171 n_left_from = frame->n_vectors;
1172 next_index = node->cached_next_index;
1173 while (n_left_from > 0)
1175 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1177 while (n_left_from > 0 && n_left_to_next > 0)
1182 u32 error0 = IP4_ERROR_NONE;
1185 b0 = vlib_get_buffer (vm, bi0);
1187 ip4_header_t *ip0 = vlib_buffer_get_current (b0);
1188 if (!ip4_get_fragment_more (ip0) && !ip4_get_fragment_offset (ip0))
1190 // this is a whole packet - no fragmentation
1193 next0 = IP4_FULL_REASS_NEXT_INPUT;
1197 next0 = vnet_buffer (b0)->ip.reass.next_index;
1199 ip4_full_reass_add_trace (vm, node, NULL, bi0, PASSTHROUGH, 0,
1201 goto packet_enqueue;
1204 if (is_local && !rm->is_local_reass_enabled)
1206 next0 = IP4_FULL_REASS_NEXT_DROP;
1207 goto packet_enqueue;
1210 const u32 fragment_first = ip4_get_fragment_offset_bytes (ip0);
1211 const u32 fragment_length =
1212 clib_net_to_host_u16 (ip0->length) - ip4_header_bytes (ip0);
1213 const u32 fragment_last = fragment_first + fragment_length - 1;
1215 /* Keep track of received fragments */
1216 vlib_node_increment_counter (vm, node->node_index,
1217 IP4_ERROR_REASS_FRAGMENTS_RCVD, 1);
1219 if (fragment_first > fragment_last ||
1220 fragment_first + fragment_length > UINT16_MAX - 20 ||
1221 (fragment_length < 8 && // 8 is minimum frag length per RFC 791
1222 ip4_get_fragment_more (ip0)))
1224 next0 = IP4_FULL_REASS_NEXT_DROP;
1225 error0 = IP4_ERROR_REASS_MALFORMED_PACKET;
1226 goto packet_enqueue;
1229 u32 fib_index = vec_elt (ip4_main.fib_index_by_sw_if_index,
1230 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1232 ip4_full_reass_kv_t kv = { .k.fib_index = fib_index,
1233 .k.src.as_u32 = ip0->src_address.as_u32,
1234 .k.dst.as_u32 = ip0->dst_address.as_u32,
1235 .k.frag_id = ip0->fragment_id,
1236 .k.proto = ip0->protocol
1241 ip4_full_reass_t *reass =
1242 ip4_full_reass_find_or_create (vm, node, rm, rt, &kv, &do_handoff);
1246 const u32 fragment_first = ip4_get_fragment_offset_bytes (ip0);
1247 if (0 == fragment_first)
1249 reass->sendout_thread_index = vm->thread_index;
1253 if (PREDICT_FALSE (do_handoff))
1255 next0 = IP4_FULL_REASS_NEXT_HANDOFF;
1256 vnet_buffer (b0)->ip.reass.owner_thread_index =
1257 kv.v.memory_owner_thread_index;
1261 u32 handoff_thread_idx;
1263 switch (ip4_full_reass_update
1264 (vm, node, rm, rt, reass, &bi0, &next0,
1265 &error0, CUSTOM == type, &handoff_thread_idx))
1267 case IP4_REASS_RC_OK:
1268 /* nothing to do here */
1270 case IP4_REASS_RC_HANDOFF:
1271 next0 = IP4_FULL_REASS_NEXT_HANDOFF;
1272 b0 = vlib_get_buffer (vm, bi0);
1273 vnet_buffer (b0)->ip.reass.owner_thread_index =
1276 case IP4_REASS_RC_TOO_MANY_FRAGMENTS:
1277 counter = IP4_ERROR_REASS_FRAGMENT_CHAIN_TOO_LONG;
1279 case IP4_REASS_RC_NO_BUF:
1280 counter = IP4_ERROR_REASS_NO_BUF;
1282 case IP4_REASS_RC_INTERNAL_ERROR:
1283 counter = IP4_ERROR_REASS_INTERNAL_ERROR;
1284 /* Sanitization is needed in internal error cases only, as
1285 * the incoming packet is already dropped in other cases,
1286 * also adding bi0 back to the reassembly list, fixes the
1287 * leaking of buffers during internal errors.
1289 * Also it doesnt make sense to send these buffers custom
1290 * app, these fragments are with internal errors */
1291 sanitize_reass_buffers_add_missing (vm, reass, &bi0);
1292 reass->error_next_index = ~0;
1298 vlib_node_increment_counter (vm, node->node_index, counter,
1300 ip4_full_reass_drop_all (vm, node, reass);
1301 ip4_full_reass_free (rm, rt, reass);
1307 next0 = IP4_FULL_REASS_NEXT_DROP;
1308 error0 = IP4_ERROR_REASS_LIMIT_REACHED;
1318 n_left_to_next -= 1;
1320 /* bi0 might have been updated by reass_finalize, reload */
1321 b0 = vlib_get_buffer (vm, bi0);
1322 if (IP4_ERROR_NONE != error0)
1324 b0->error = node->errors[error0];
1327 if (next0 == IP4_FULL_REASS_NEXT_HANDOFF)
1329 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
1331 ip4_full_reass_add_trace (
1332 vm, node, NULL, bi0, HANDOFF, 0,
1333 vnet_buffer (b0)->ip.reass.owner_thread_index);
1336 else if (FEATURE == type && IP4_ERROR_NONE == error0)
1338 vnet_feature_next (&next0, b0);
1341 /* Increment the counter to-custom-app also as this fragment is
1342 * also going to application */
1345 vlib_node_increment_counter (
1346 vm, node->node_index, IP4_ERROR_REASS_TO_CUSTOM_APP, 1);
1349 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1350 to_next, n_left_to_next,
1352 IP4_REASS_DEBUG_BUFFER (bi0, enqueue_next);
1360 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1363 clib_spinlock_unlock (&rt->lock);
1364 return frame->n_vectors;
1367 VLIB_NODE_FN (ip4_full_reass_node) (vlib_main_t * vm,
1368 vlib_node_runtime_t * node,
1369 vlib_frame_t * frame)
1371 return ip4_full_reass_inline (vm, node, frame, NORMAL, false /* is_local */);
1374 VLIB_REGISTER_NODE (ip4_full_reass_node) = {
1375 .name = "ip4-full-reassembly",
1376 .vector_size = sizeof (u32),
1377 .format_trace = format_ip4_full_reass_trace,
1378 .n_errors = IP4_N_ERROR,
1379 .error_counters = ip4_error_counters,
1380 .n_next_nodes = IP4_FULL_REASS_N_NEXT,
1383 [IP4_FULL_REASS_NEXT_INPUT] = "ip4-input",
1384 [IP4_FULL_REASS_NEXT_DROP] = "ip4-drop",
1385 [IP4_FULL_REASS_NEXT_HANDOFF] = "ip4-full-reassembly-handoff",
1390 VLIB_NODE_FN (ip4_local_full_reass_node)
1391 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1393 return ip4_full_reass_inline (vm, node, frame, NORMAL, true /* is_local */);
1396 VLIB_REGISTER_NODE (ip4_local_full_reass_node) = {
1397 .name = "ip4-local-full-reassembly",
1398 .vector_size = sizeof (u32),
1399 .format_trace = format_ip4_full_reass_trace,
1400 .n_errors = IP4_N_ERROR,
1401 .error_counters = ip4_error_counters,
1402 .n_next_nodes = IP4_FULL_REASS_N_NEXT,
1405 [IP4_FULL_REASS_NEXT_INPUT] = "ip4-input",
1406 [IP4_FULL_REASS_NEXT_DROP] = "ip4-drop",
1407 [IP4_FULL_REASS_NEXT_HANDOFF] = "ip4-local-full-reassembly-handoff",
1412 VLIB_NODE_FN (ip4_full_reass_node_feature) (vlib_main_t * vm,
1413 vlib_node_runtime_t * node,
1414 vlib_frame_t * frame)
1416 return ip4_full_reass_inline (vm, node, frame, FEATURE,
1417 false /* is_local */);
1420 VLIB_REGISTER_NODE (ip4_full_reass_node_feature) = {
1421 .name = "ip4-full-reassembly-feature",
1422 .vector_size = sizeof (u32),
1423 .format_trace = format_ip4_full_reass_trace,
1424 .n_errors = IP4_N_ERROR,
1425 .error_counters = ip4_error_counters,
1426 .n_next_nodes = IP4_FULL_REASS_N_NEXT,
1429 [IP4_FULL_REASS_NEXT_INPUT] = "ip4-input",
1430 [IP4_FULL_REASS_NEXT_DROP] = "ip4-drop",
1431 [IP4_FULL_REASS_NEXT_HANDOFF] = "ip4-full-reass-feature-hoff",
1435 VNET_FEATURE_INIT (ip4_full_reass_feature, static) = {
1436 .arc_name = "ip4-unicast",
1437 .node_name = "ip4-full-reassembly-feature",
1438 .runs_before = VNET_FEATURES ("ip4-lookup",
1439 "ipsec4-input-feature"),
1443 VLIB_NODE_FN (ip4_full_reass_node_custom) (vlib_main_t * vm,
1444 vlib_node_runtime_t * node,
1445 vlib_frame_t * frame)
1447 return ip4_full_reass_inline (vm, node, frame, CUSTOM, false /* is_local */);
1450 VLIB_REGISTER_NODE (ip4_full_reass_node_custom) = {
1451 .name = "ip4-full-reassembly-custom",
1452 .vector_size = sizeof (u32),
1453 .format_trace = format_ip4_full_reass_trace,
1454 .n_errors = IP4_N_ERROR,
1455 .error_counters = ip4_error_counters,
1456 .n_next_nodes = IP4_FULL_REASS_N_NEXT,
1459 [IP4_FULL_REASS_NEXT_INPUT] = "ip4-input",
1460 [IP4_FULL_REASS_NEXT_DROP] = "ip4-drop",
1461 [IP4_FULL_REASS_NEXT_HANDOFF] = "ip4-full-reass-custom-hoff",
1465 VNET_FEATURE_INIT (ip4_full_reass_custom, static) = {
1466 .arc_name = "ip4-unicast",
1467 .node_name = "ip4-full-reassembly-feature",
1468 .runs_before = VNET_FEATURES ("ip4-lookup",
1469 "ipsec4-input-feature"),
1474 #ifndef CLIB_MARCH_VARIANT
1476 ip4_full_reass_custom_register_next_node (uword node_index)
1478 return vlib_node_add_next (vlib_get_main (),
1479 ip4_full_reass_node_custom.index, node_index);
1483 ip4_full_reass_get_nbuckets ()
1485 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
1489 /* need more mem with more workers */
1490 nbuckets = (u32) (rm->max_reass_n * (vlib_num_workers () + 1) /
1491 IP4_REASS_HT_LOAD_FACTOR);
1493 for (i = 0; i < 31; i++)
1494 if ((1 << i) >= nbuckets)
1500 #endif /* CLIB_MARCH_VARIANT */
1504 IP4_EVENT_CONFIG_CHANGED = 1,
1505 } ip4_full_reass_event_t;
1510 clib_bihash_16_8_t *new_hash;
1511 } ip4_rehash_cb_ctx;
1513 #ifndef CLIB_MARCH_VARIANT
1515 ip4_rehash_cb (clib_bihash_kv_16_8_t * kv, void *_ctx)
1517 ip4_rehash_cb_ctx *ctx = _ctx;
1518 if (clib_bihash_add_del_16_8 (ctx->new_hash, kv, 1))
1522 return (BIHASH_WALK_CONTINUE);
1526 ip4_full_reass_set_params (u32 timeout_ms, u32 max_reassemblies,
1527 u32 max_reassembly_length,
1528 u32 expire_walk_interval_ms)
1530 ip4_full_reass_main.timeout_ms = timeout_ms;
1531 ip4_full_reass_main.timeout = (f64) timeout_ms / (f64) MSEC_PER_SEC;
1532 ip4_full_reass_main.max_reass_n = max_reassemblies;
1533 ip4_full_reass_main.max_reass_len = max_reassembly_length;
1534 ip4_full_reass_main.expire_walk_interval_ms = expire_walk_interval_ms;
1538 ip4_full_reass_set (u32 timeout_ms, u32 max_reassemblies,
1539 u32 max_reassembly_length, u32 expire_walk_interval_ms)
1541 u32 old_nbuckets = ip4_full_reass_get_nbuckets ();
1542 ip4_full_reass_set_params (timeout_ms, max_reassemblies,
1543 max_reassembly_length, expire_walk_interval_ms);
1544 vlib_process_signal_event (ip4_full_reass_main.vlib_main,
1545 ip4_full_reass_main.ip4_full_reass_expire_node_idx,
1546 IP4_EVENT_CONFIG_CHANGED, 0);
1547 u32 new_nbuckets = ip4_full_reass_get_nbuckets ();
1548 if (ip4_full_reass_main.max_reass_n > 0 && new_nbuckets > old_nbuckets)
1550 clib_bihash_16_8_t new_hash;
1551 clib_memset (&new_hash, 0, sizeof (new_hash));
1552 ip4_rehash_cb_ctx ctx;
1554 ctx.new_hash = &new_hash;
1555 clib_bihash_init_16_8 (&new_hash, "ip4-dr", new_nbuckets,
1556 new_nbuckets * 1024);
1557 clib_bihash_foreach_key_value_pair_16_8 (&ip4_full_reass_main.hash,
1558 ip4_rehash_cb, &ctx);
1561 clib_bihash_free_16_8 (&new_hash);
1566 clib_bihash_free_16_8 (&ip4_full_reass_main.hash);
1567 clib_memcpy_fast (&ip4_full_reass_main.hash, &new_hash,
1568 sizeof (ip4_full_reass_main.hash));
1569 clib_bihash_copied (&ip4_full_reass_main.hash, &new_hash);
1576 ip4_full_reass_get (u32 * timeout_ms, u32 * max_reassemblies,
1577 u32 * max_reassembly_length,
1578 u32 * expire_walk_interval_ms)
1580 *timeout_ms = ip4_full_reass_main.timeout_ms;
1581 *max_reassemblies = ip4_full_reass_main.max_reass_n;
1582 *max_reassembly_length = ip4_full_reass_main.max_reass_len;
1583 *expire_walk_interval_ms = ip4_full_reass_main.expire_walk_interval_ms;
1587 static clib_error_t *
1588 ip4_full_reass_init_function (vlib_main_t * vm)
1590 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
1591 clib_error_t *error = 0;
1597 vec_validate (rm->per_thread_data, vlib_num_workers ());
1598 ip4_full_reass_per_thread_t *rt;
1599 vec_foreach (rt, rm->per_thread_data)
1601 clib_spinlock_init (&rt->lock);
1602 pool_alloc (rt->pool, rm->max_reass_n);
1605 node = vlib_get_node_by_name (vm, (u8 *) "ip4-full-reassembly-expire-walk");
1607 rm->ip4_full_reass_expire_node_idx = node->index;
1609 ip4_full_reass_set_params (IP4_REASS_TIMEOUT_DEFAULT_MS,
1610 IP4_REASS_MAX_REASSEMBLIES_DEFAULT,
1611 IP4_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT,
1612 IP4_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS);
1614 nbuckets = ip4_full_reass_get_nbuckets ();
1615 clib_bihash_init_16_8 (&rm->hash, "ip4-dr", nbuckets, nbuckets * 1024);
1617 rm->fq_index = vlib_frame_queue_main_init (ip4_full_reass_node.index, 0);
1618 rm->fq_local_index =
1619 vlib_frame_queue_main_init (ip4_local_full_reass_node.index, 0);
1620 rm->fq_feature_index =
1621 vlib_frame_queue_main_init (ip4_full_reass_node_feature.index, 0);
1622 rm->fq_custom_index =
1623 vlib_frame_queue_main_init (ip4_full_reass_node_custom.index, 0);
1625 rm->feature_use_refcount_per_intf = NULL;
1626 rm->is_local_reass_enabled = 1;
1631 VLIB_INIT_FUNCTION (ip4_full_reass_init_function);
1632 #endif /* CLIB_MARCH_VARIANT */
1635 ip4_full_reass_walk_expired (vlib_main_t *vm, vlib_node_runtime_t *node,
1636 CLIB_UNUSED (vlib_frame_t *f))
1638 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
1639 uword event_type, *event_data = 0;
1643 vlib_process_wait_for_event_or_clock (vm,
1645 rm->expire_walk_interval_ms /
1646 (f64) MSEC_PER_SEC);
1647 event_type = vlib_process_get_events (vm, &event_data);
1652 /* no events => timeout */
1654 case IP4_EVENT_CONFIG_CHANGED:
1655 /* nothing to do here */
1658 clib_warning ("BUG: event type 0x%wx", event_type);
1661 f64 now = vlib_time_now (vm);
1663 ip4_full_reass_t *reass;
1664 int *pool_indexes_to_free = NULL;
1666 uword thread_index = 0;
1668 const uword nthreads = vlib_num_workers () + 1;
1670 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1672 ip4_full_reass_per_thread_t *rt =
1673 &rm->per_thread_data[thread_index];
1674 clib_spinlock_lock (&rt->lock);
1676 vec_reset_length (pool_indexes_to_free);
1678 /* Pace the number of timeouts handled per thread,to avoid barrier
1679 * sync issues in real world scenarios */
1681 u32 beg = rt->last_id;
1682 /* to ensure we walk at least once per sec per context */
1684 beg + (IP4_REASS_MAX_REASSEMBLIES_DEFAULT *
1685 IP4_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS / MSEC_PER_SEC +
1687 if (end > vec_len (rt->pool))
1689 end = vec_len (rt->pool);
1697 pool_foreach_stepping_index (index, beg, end, rt->pool)
1699 reass = pool_elt_at_index (rt->pool, index);
1700 if (now > reass->last_heard + rm->timeout)
1702 vec_add1 (pool_indexes_to_free, index);
1706 if (vec_len (pool_indexes_to_free))
1707 vlib_node_increment_counter (vm, node->node_index,
1708 IP4_ERROR_REASS_TIMEOUT,
1709 vec_len (pool_indexes_to_free));
1711 vec_foreach (i, pool_indexes_to_free)
1713 ip4_full_reass_t *reass = pool_elt_at_index (rt->pool, i[0]);
1714 ip4_full_reass_drop_all (vm, node, reass);
1715 ip4_full_reass_free (rm, rt, reass);
1718 clib_spinlock_unlock (&rt->lock);
1721 vec_free (pool_indexes_to_free);
1724 vec_set_len (event_data, 0);
1731 VLIB_REGISTER_NODE (ip4_full_reass_expire_node) = {
1732 .function = ip4_full_reass_walk_expired,
1733 .type = VLIB_NODE_TYPE_PROCESS,
1734 .name = "ip4-full-reassembly-expire-walk",
1735 .format_trace = format_ip4_full_reass_trace,
1736 .n_errors = IP4_N_ERROR,
1737 .error_counters = ip4_error_counters,
1741 format_ip4_full_reass_key (u8 * s, va_list * args)
1743 ip4_full_reass_key_t *key = va_arg (*args, ip4_full_reass_key_t *);
1745 format (s, "fib_index: %u, src: %U, dst: %U, frag_id: %u, proto: %u",
1746 key->fib_index, format_ip4_address, &key->src, format_ip4_address,
1747 &key->dst, clib_net_to_host_u16 (key->frag_id), key->proto);
1752 format_ip4_reass (u8 * s, va_list * args)
1754 vlib_main_t *vm = va_arg (*args, vlib_main_t *);
1755 ip4_full_reass_t *reass = va_arg (*args, ip4_full_reass_t *);
1757 s = format (s, "ID: %lu, key: %U\n first_bi: %u, data_len: %u, "
1758 "last_packet_octet: %u, trace_op_counter: %u\n",
1759 reass->id, format_ip4_full_reass_key, &reass->key,
1760 reass->first_bi, reass->data_len,
1761 reass->last_packet_octet, reass->trace_op_counter);
1763 u32 bi = reass->first_bi;
1767 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
1768 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
1771 " #%03u: range: [%u, %u], bi: %u, off: %d, len: %u, "
1772 "fragment[%u, %u]\n", counter, vnb->ip.reass.range_first,
1773 vnb->ip.reass.range_last, bi,
1774 ip4_full_reass_buffer_get_data_offset (b),
1775 ip4_full_reass_buffer_get_data_len (b),
1776 vnb->ip.reass.fragment_first, vnb->ip.reass.fragment_last);
1777 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
1779 bi = b->next_buffer;
1789 static clib_error_t *
1790 show_ip4_reass (vlib_main_t * vm,
1791 unformat_input_t * input,
1792 CLIB_UNUSED (vlib_cli_command_t * lmd))
1794 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
1796 vlib_cli_output (vm, "---------------------");
1797 vlib_cli_output (vm, "IP4 reassembly status");
1798 vlib_cli_output (vm, "---------------------");
1799 bool details = false;
1800 if (unformat (input, "details"))
1805 u32 sum_reass_n = 0;
1806 ip4_full_reass_t *reass;
1808 const uword nthreads = vlib_num_workers () + 1;
1809 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1811 ip4_full_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1812 clib_spinlock_lock (&rt->lock);
1815 pool_foreach (reass, rt->pool) {
1816 vlib_cli_output (vm, "%U", format_ip4_reass, vm, reass);
1819 sum_reass_n += rt->reass_n;
1820 clib_spinlock_unlock (&rt->lock);
1822 vlib_cli_output (vm, "---------------------");
1823 vlib_cli_output (vm, "Current full IP4 reassemblies count: %lu\n",
1824 (long unsigned) sum_reass_n);
1825 vlib_cli_output (vm,
1826 "Maximum configured concurrent full IP4 reassemblies per worker-thread: %lu\n",
1827 (long unsigned) rm->max_reass_n);
1828 vlib_cli_output (vm,
1829 "Maximum configured amount of fragments "
1830 "per full IP4 reassembly: %lu\n",
1831 (long unsigned) rm->max_reass_len);
1832 vlib_cli_output (vm,
1833 "Maximum configured full IP4 reassembly timeout: %lums\n",
1834 (long unsigned) rm->timeout_ms);
1835 vlib_cli_output (vm,
1836 "Maximum configured full IP4 reassembly expire walk interval: %lums\n",
1837 (long unsigned) rm->expire_walk_interval_ms);
1841 VLIB_CLI_COMMAND (show_ip4_full_reass_cmd, static) = {
1842 .path = "show ip4-full-reassembly",
1843 .short_help = "show ip4-full-reassembly [details]",
1844 .function = show_ip4_reass,
1847 #ifndef CLIB_MARCH_VARIANT
1849 ip4_full_reass_enable_disable (u32 sw_if_index, u8 enable_disable)
1851 return vnet_feature_enable_disable ("ip4-unicast",
1852 "ip4-full-reassembly-feature",
1853 sw_if_index, enable_disable, 0, 0);
1855 #endif /* CLIB_MARCH_VARIANT */
1858 #define foreach_ip4_full_reass_handoff_error \
1859 _(CONGESTION_DROP, "congestion drop")
1864 #define _(sym,str) IP4_FULL_REASS_HANDOFF_ERROR_##sym,
1865 foreach_ip4_full_reass_handoff_error
1867 IP4_FULL_REASS_HANDOFF_N_ERROR,
1868 } ip4_full_reass_handoff_error_t;
1870 static char *ip4_full_reass_handoff_error_strings[] = {
1871 #define _(sym,string) string,
1872 foreach_ip4_full_reass_handoff_error
1878 u32 next_worker_index;
1879 } ip4_full_reass_handoff_trace_t;
1882 format_ip4_full_reass_handoff_trace (u8 * s, va_list * args)
1884 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1885 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1886 ip4_full_reass_handoff_trace_t *t =
1887 va_arg (*args, ip4_full_reass_handoff_trace_t *);
1890 format (s, "ip4-full-reassembly-handoff: next-worker %d",
1891 t->next_worker_index);
1897 ip4_full_reass_handoff_node_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
1898 vlib_frame_t *frame,
1899 ip4_full_reass_node_type_t type,
1902 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
1904 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1905 u32 n_enq, n_left_from, *from;
1906 u16 thread_indices[VLIB_FRAME_SIZE], *ti;
1909 from = vlib_frame_vector_args (frame);
1910 n_left_from = frame->n_vectors;
1911 vlib_get_buffers (vm, from, bufs, n_left_from);
1914 ti = thread_indices;
1921 fq_index = rm->fq_local_index;
1925 fq_index = rm->fq_index;
1929 fq_index = rm->fq_feature_index;
1932 fq_index = rm->fq_custom_index;
1935 clib_warning ("Unexpected `type' (%d)!", type);
1938 while (n_left_from > 0)
1940 ti[0] = vnet_buffer (b[0])->ip.reass.owner_thread_index;
1943 ((node->flags & VLIB_NODE_FLAG_TRACE)
1944 && (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
1946 ip4_full_reass_handoff_trace_t *t =
1947 vlib_add_trace (vm, node, b[0], sizeof (*t));
1948 t->next_worker_index = ti[0];
1955 n_enq = vlib_buffer_enqueue_to_thread (vm, node, fq_index, from,
1956 thread_indices, frame->n_vectors, 1);
1958 if (n_enq < frame->n_vectors)
1959 vlib_node_increment_counter (vm, node->node_index,
1960 IP4_FULL_REASS_HANDOFF_ERROR_CONGESTION_DROP,
1961 frame->n_vectors - n_enq);
1962 return frame->n_vectors;
1965 VLIB_NODE_FN (ip4_full_reass_handoff_node) (vlib_main_t * vm,
1966 vlib_node_runtime_t * node,
1967 vlib_frame_t * frame)
1969 return ip4_full_reass_handoff_node_inline (vm, node, frame, NORMAL,
1970 false /* is_local */);
1974 VLIB_REGISTER_NODE (ip4_full_reass_handoff_node) = {
1975 .name = "ip4-full-reassembly-handoff",
1976 .vector_size = sizeof (u32),
1977 .n_errors = ARRAY_LEN(ip4_full_reass_handoff_error_strings),
1978 .error_strings = ip4_full_reass_handoff_error_strings,
1979 .format_trace = format_ip4_full_reass_handoff_trace,
1988 VLIB_NODE_FN (ip4_local_full_reass_handoff_node)
1989 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1991 return ip4_full_reass_handoff_node_inline (vm, node, frame, NORMAL,
1992 true /* is_local */);
1995 VLIB_REGISTER_NODE (ip4_local_full_reass_handoff_node) = {
1996 .name = "ip4-local-full-reassembly-handoff",
1997 .vector_size = sizeof (u32),
1998 .n_errors = ARRAY_LEN(ip4_full_reass_handoff_error_strings),
1999 .error_strings = ip4_full_reass_handoff_error_strings,
2000 .format_trace = format_ip4_full_reass_handoff_trace,
2009 VLIB_NODE_FN (ip4_full_reass_feature_handoff_node) (vlib_main_t * vm,
2010 vlib_node_runtime_t *
2012 vlib_frame_t * frame)
2014 return ip4_full_reass_handoff_node_inline (vm, node, frame, FEATURE,
2015 false /* is_local */);
2018 VLIB_REGISTER_NODE (ip4_full_reass_feature_handoff_node) = {
2019 .name = "ip4-full-reass-feature-hoff",
2020 .vector_size = sizeof (u32),
2021 .n_errors = ARRAY_LEN(ip4_full_reass_handoff_error_strings),
2022 .error_strings = ip4_full_reass_handoff_error_strings,
2023 .format_trace = format_ip4_full_reass_handoff_trace,
2032 VLIB_NODE_FN (ip4_full_reass_custom_handoff_node) (vlib_main_t * vm,
2033 vlib_node_runtime_t *
2035 vlib_frame_t * frame)
2037 return ip4_full_reass_handoff_node_inline (vm, node, frame, CUSTOM,
2038 false /* is_local */);
2041 VLIB_REGISTER_NODE (ip4_full_reass_custom_handoff_node) = {
2042 .name = "ip4-full-reass-custom-hoff",
2043 .vector_size = sizeof (u32),
2044 .n_errors = ARRAY_LEN(ip4_full_reass_handoff_error_strings),
2045 .error_strings = ip4_full_reass_handoff_error_strings,
2046 .format_trace = format_ip4_full_reass_handoff_trace,
2055 #ifndef CLIB_MARCH_VARIANT
2057 ip4_full_reass_enable_disable_with_refcnt (u32 sw_if_index, int is_enable)
2059 ip4_full_reass_main_t *rm = &ip4_full_reass_main;
2060 vec_validate (rm->feature_use_refcount_per_intf, sw_if_index);
2063 if (!rm->feature_use_refcount_per_intf[sw_if_index])
2065 ++rm->feature_use_refcount_per_intf[sw_if_index];
2066 return vnet_feature_enable_disable ("ip4-unicast",
2067 "ip4-full-reassembly-feature",
2068 sw_if_index, 1, 0, 0);
2070 ++rm->feature_use_refcount_per_intf[sw_if_index];
2074 --rm->feature_use_refcount_per_intf[sw_if_index];
2075 if (!rm->feature_use_refcount_per_intf[sw_if_index])
2076 return vnet_feature_enable_disable ("ip4-unicast",
2077 "ip4-full-reassembly-feature",
2078 sw_if_index, 0, 0, 0);
2084 ip4_local_full_reass_enable_disable (int enable)
2088 ip4_full_reass_main.is_local_reass_enabled = 1;
2092 ip4_full_reass_main.is_local_reass_enabled = 0;
2097 ip4_local_full_reass_enabled ()
2099 return ip4_full_reass_main.is_local_reass_enabled;
2105 * fd.io coding-style-patch-verification: ON
2108 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob