Code Review / vpp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
ip: add shallow virtual reassembly functionality
[vpp.git] / src / vnet / ip / reass / ip6_full_reass.c
1 /*
2  * Copyright (c) 2017 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15
16 /**
17  * @file
18  * @brief IPv6 Full Reassembly.
19  *
20  * This file contains the source code for IPv6 full reassembly.
21  */
22
23 #include <vppinfra/vec.h>
24 #include <vnet/vnet.h>
25 #include <vnet/ip/ip.h>
26 #include <vppinfra/bihash_48_8.h>
27 #include <vnet/ip/reass/ip6_full_reass.h>
28
29 #define MSEC_PER_SEC 1000
30 #define IP6_FULL_REASS_TIMEOUT_DEFAULT_MS 100
31 #define IP6_FULL_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS 10000    // 10 seconds default
32 #define IP6_FULL_REASS_MAX_REASSEMBLIES_DEFAULT 1024
33 #define IP6_FULL_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT 3
34 #define IP6_FULL_REASS_HT_LOAD_FACTOR (0.75)
35
36 typedef enum
37 {
38   IP6_FULL_REASS_RC_OK,
39   IP6_FULL_REASS_RC_INTERNAL_ERROR,
40   IP6_FULL_REASS_RC_TOO_MANY_FRAGMENTS,
41   IP6_FULL_REASS_RC_NO_BUF,
42   IP6_FULL_REASS_RC_HANDOFF,
43 } ip6_full_reass_rc_t;
44
45 typedef struct
46 {
47   union
48   {
49     struct
50     {
51       ip6_address_t src;
52       ip6_address_t dst;
53       u32 xx_id;
54       u32 frag_id;
55       u8 unused[7];
56       u8 proto;
57     };
58     u64 as_u64[6];
59   };
60 } ip6_full_reass_key_t;
61
62 typedef union
63 {
64   struct
65   {
66     u32 reass_index;
67     u32 memory_owner_thread_index;
68   };
69   u64 as_u64;
70 } ip6_full_reass_val_t;
71
72 typedef union
73 {
74   struct
75   {
76     ip6_full_reass_key_t k;
77     ip6_full_reass_val_t v;
78   };
79   clib_bihash_kv_48_8_t kv;
80 } ip6_full_reass_kv_t;
81
82
83 always_inline u32
84 ip6_full_reass_buffer_get_data_offset (vlib_buffer_t * b)
85 {
86   vnet_buffer_opaque_t *vnb = vnet_buffer (b);
87   return vnb->ip.reass.range_first - vnb->ip.reass.fragment_first;
88 }
89
90 always_inline u16
91 ip6_full_reass_buffer_get_data_len (vlib_buffer_t * b)
92 {
93   vnet_buffer_opaque_t *vnb = vnet_buffer (b);
94   return clib_min (vnb->ip.reass.range_last, vnb->ip.reass.fragment_last) -
95     (vnb->ip.reass.fragment_first +
96      ip6_full_reass_buffer_get_data_offset (b)) + 1;
97 }
98
99 typedef struct
100 {
101   // hash table key
102   ip6_full_reass_key_t key;
103   // time when last packet was received
104   f64 last_heard;
105   // internal id of this reassembly
106   u64 id;
107   // buffer index of first buffer in this reassembly context
108   u32 first_bi;
109   // last octet of packet, ~0 until fragment without more_fragments arrives
110   u32 last_packet_octet;
111   // length of data collected so far
112   u32 data_len;
113   // trace operation counter
114   u32 trace_op_counter;
115   // next index - used by custom apps (~0 if not set)
116   u32 next_index;
117   // error next index - used by custom apps (~0 if not set)
118   u32 error_next_index;
119   // minimum fragment length for this reassembly - used to estimate MTU
120   u16 min_fragment_length;
121   // number of fragments for this reassembly
122   u32 fragments_n;
123   // thread owning memory for this context (whose pool contains this ctx)
124   u32 memory_owner_thread_index;
125   // thread which received fragment with offset 0 and which sends out the
126   // completed reassembly
127   u32 sendout_thread_index;
128 } ip6_full_reass_t;
129
130 typedef struct
131 {
132   ip6_full_reass_t *pool;
133   u32 reass_n;
134   u32 id_counter;
135   clib_spinlock_t lock;
136 } ip6_full_reass_per_thread_t;
137
138 typedef struct
139 {
140   // IPv6 config
141   u32 timeout_ms;
142   f64 timeout;
143   u32 expire_walk_interval_ms;
144   // maximum number of fragments in one reassembly
145   u32 max_reass_len;
146   // maximum number of reassemblies
147   u32 max_reass_n;
148
149   // IPv6 runtime
150   clib_bihash_48_8_t hash;
151
152   // per-thread data
153   ip6_full_reass_per_thread_t *per_thread_data;
154
155   // convenience
156   vlib_main_t *vlib_main;
157
158   // node index of ip6-drop node
159   u32 ip6_drop_idx;
160   u32 ip6_icmp_error_idx;
161   u32 ip6_full_reass_expire_node_idx;
162
163   /** Worker handoff */
164   u32 fq_index;
165   u32 fq_feature_index;
166
167 } ip6_full_reass_main_t;
168
169 extern ip6_full_reass_main_t ip6_full_reass_main;
170
171 #ifndef CLIB_MARCH_VARIANT
172 ip6_full_reass_main_t ip6_full_reass_main;
173 #endif /* CLIB_MARCH_VARIANT */
174
175 typedef enum
176 {
177   IP6_FULL_REASSEMBLY_NEXT_INPUT,
178   IP6_FULL_REASSEMBLY_NEXT_DROP,
179   IP6_FULL_REASSEMBLY_NEXT_ICMP_ERROR,
180   IP6_FULL_REASSEMBLY_NEXT_HANDOFF,
181   IP6_FULL_REASSEMBLY_N_NEXT,
182 } ip6_full_reass_next_t;
183
184 typedef enum
185 {
186   RANGE_NEW,
187   RANGE_OVERLAP,
188   ICMP_ERROR_RT_EXCEEDED,
189   ICMP_ERROR_FL_TOO_BIG,
190   ICMP_ERROR_FL_NOT_MULT_8,
191   FINALIZE,
192   HANDOFF,
193 } ip6_full_reass_trace_operation_e;
194
195 typedef struct
196 {
197   u16 range_first;
198   u16 range_last;
199   u32 range_bi;
200   i32 data_offset;
201   u32 data_len;
202   u32 first_bi;
203 } ip6_full_reass_range_trace_t;
204
205 typedef struct
206 {
207   ip6_full_reass_trace_operation_e action;
208   u32 reass_id;
209   ip6_full_reass_range_trace_t trace_range;
210   u32 op_id;
211   u32 fragment_first;
212   u32 fragment_last;
213   u32 total_data_len;
214   u32 thread_id;
215   u32 thread_id_to;
216 } ip6_full_reass_trace_t;
217
218 static void
219 ip6_full_reass_trace_details (vlib_main_t * vm, u32 bi,
220                               ip6_full_reass_range_trace_t * trace)
221 {
222   vlib_buffer_t *b = vlib_get_buffer (vm, bi);
223   vnet_buffer_opaque_t *vnb = vnet_buffer (b);
224   trace->range_first = vnb->ip.reass.range_first;
225   trace->range_last = vnb->ip.reass.range_last;
226   trace->data_offset = ip6_full_reass_buffer_get_data_offset (b);
227   trace->data_len = ip6_full_reass_buffer_get_data_len (b);
228   trace->range_bi = bi;
229 }
230
231 static u8 *
232 format_ip6_full_reass_range_trace (u8 * s, va_list * args)
233 {
234   ip6_full_reass_range_trace_t *trace =
235     va_arg (*args, ip6_full_reass_range_trace_t *);
236   s =
237     format (s, "range: [%u, %u], off %d, len %u, bi %u", trace->range_first,
238             trace->range_last, trace->data_offset, trace->data_len,
239             trace->range_bi);
240   return s;
241 }
242
243 static u8 *
244 format_ip6_full_reass_trace (u8 * s, va_list * args)
245 {
246   CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
247   CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
248   ip6_full_reass_trace_t *t = va_arg (*args, ip6_full_reass_trace_t *);
249   u32 indent = 0;
250   if (~0 != t->reass_id)
251     {
252       s = format (s, "reass id: %u, op id: %u ", t->reass_id, t->op_id);
253       indent = format_get_indent (s);
254       s = format (s, "first bi: %u, data len: %u, ip/fragment[%u, %u]",
255                   t->trace_range.first_bi, t->total_data_len,
256                   t->fragment_first, t->fragment_last);
257     }
258   switch (t->action)
259     {
260     case RANGE_NEW:
261       s = format (s, "\n%Unew %U", format_white_space, indent,
262                   format_ip6_full_reass_range_trace, &t->trace_range);
263       break;
264     case RANGE_OVERLAP:
265       s = format (s, "\n%Uoverlap %U", format_white_space, indent,
266                   format_ip6_full_reass_range_trace, &t->trace_range);
267       break;
268     case ICMP_ERROR_FL_TOO_BIG:
269       s = format (s, "\n%Uicmp-error - frag_len > 65535 %U",
270                   format_white_space, indent,
271                   format_ip6_full_reass_range_trace, &t->trace_range);
272       break;
273     case ICMP_ERROR_FL_NOT_MULT_8:
274       s = format (s, "\n%Uicmp-error - frag_len mod 8 != 0 %U",
275                   format_white_space, indent,
276                   format_ip6_full_reass_range_trace, &t->trace_range);
277       break;
278     case ICMP_ERROR_RT_EXCEEDED:
279       s = format (s, "\n%Uicmp-error - reassembly time exceeded",
280                   format_white_space, indent);
281       break;
282     case FINALIZE:
283       s = format (s, "\n%Ufinalize reassembly", format_white_space, indent);
284       break;
285     case HANDOFF:
286       s =
287         format (s, "handoff from thread #%u to thread #%u", t->thread_id,
288                 t->thread_id_to);
289       break;
290     }
291   return s;
292 }
293
294 static void
295 ip6_full_reass_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
296                           ip6_full_reass_main_t * rm,
297                           ip6_full_reass_t * reass, u32 bi,
298                           ip6_full_reass_trace_operation_e action,
299                           u32 thread_id_to)
300 {
301   vlib_buffer_t *b = vlib_get_buffer (vm, bi);
302   vnet_buffer_opaque_t *vnb = vnet_buffer (b);
303   ip6_full_reass_trace_t *t = vlib_add_trace (vm, node, b, sizeof (t[0]));
304   if (reass)
305     {
306       t->reass_id = reass->id;
307       t->op_id = reass->trace_op_counter;
308       t->trace_range.first_bi = reass->first_bi;
309       t->total_data_len = reass->data_len;
310       ++reass->trace_op_counter;
311     }
312   else
313     {
314       t->reass_id = ~0;
315     }
316   t->action = action;
317   t->thread_id = vm->thread_index;
318   t->thread_id_to = thread_id_to;
319   ip6_full_reass_trace_details (vm, bi, &t->trace_range);
320   t->fragment_first = vnb->ip.reass.fragment_first;
321   t->fragment_last = vnb->ip.reass.fragment_last;
322 #if 0
323   static u8 *s = NULL;
324   s = format (s, "%U", format_ip6_full_reass_trace, NULL, NULL, t);
325   printf ("%.*s\n", vec_len (s), s);
326   fflush (stdout);
327   vec_reset_length (s);
328 #endif
329 }
330
331 always_inline void
332 ip6_full_reass_free_ctx (ip6_full_reass_per_thread_t * rt,
333                          ip6_full_reass_t * reass)
334 {
335   pool_put (rt->pool, reass);
336   --rt->reass_n;
337 }
338
339 always_inline void
340 ip6_full_reass_free (ip6_full_reass_main_t * rm,
341                      ip6_full_reass_per_thread_t * rt,
342                      ip6_full_reass_t * reass)
343 {
344   clib_bihash_kv_48_8_t kv;
345   kv.key[0] = reass->key.as_u64[0];
346   kv.key[1] = reass->key.as_u64[1];
347   kv.key[2] = reass->key.as_u64[2];
348   kv.key[3] = reass->key.as_u64[3];
349   kv.key[4] = reass->key.as_u64[4];
350   kv.key[5] = reass->key.as_u64[5];
351   clib_bihash_add_del_48_8 (&rm->hash, &kv, 0);
352   ip6_full_reass_free_ctx (rt, reass);
353 }
354
355 always_inline void
356 ip6_full_reass_drop_all (vlib_main_t * vm, vlib_node_runtime_t * node,
357                          ip6_full_reass_main_t * rm, ip6_full_reass_t * reass)
358 {
359   u32 range_bi = reass->first_bi;
360   vlib_buffer_t *range_b;
361   vnet_buffer_opaque_t *range_vnb;
362   u32 *to_free = NULL;
363   while (~0 != range_bi)
364     {
365       range_b = vlib_get_buffer (vm, range_bi);
366       range_vnb = vnet_buffer (range_b);
367       u32 bi = range_bi;
368       while (~0 != bi)
369         {
370           vec_add1 (to_free, bi);
371           vlib_buffer_t *b = vlib_get_buffer (vm, bi);
372           if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
373             {
374               bi = b->next_buffer;
375               b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
376             }
377           else
378             {
379               bi = ~0;
380             }
381         }
382       range_bi = range_vnb->ip.reass.next_range_bi;
383     }
384   /* send to next_error_index */
385   if (~0 != reass->error_next_index)
386     {
387       u32 n_left_to_next, *to_next, next_index;
388
389       next_index = reass->error_next_index;
390       u32 bi = ~0;
391
392       while (vec_len (to_free) > 0)
393         {
394           vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
395
396           while (vec_len (to_free) > 0 && n_left_to_next > 0)
397             {
398               bi = vec_pop (to_free);
399
400               if (~0 != bi)
401                 {
402                   to_next[0] = bi;
403                   to_next += 1;
404                   n_left_to_next -= 1;
405                 }
406             }
407           vlib_put_next_frame (vm, node, next_index, n_left_to_next);
408         }
409     }
410   else
411     {
412       vlib_buffer_free (vm, to_free, vec_len (to_free));
413     }
414   vec_free (to_free);
415 }
416
417 always_inline void
418 ip6_full_reass_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * node,
419                            ip6_full_reass_main_t * rm,
420                            ip6_full_reass_t * reass, u32 * icmp_bi)
421 {
422   if (~0 == reass->first_bi)
423     {
424       return;
425     }
426   if (~0 == reass->next_index)  // custom apps don't want icmp
427     {
428       vlib_buffer_t *b = vlib_get_buffer (vm, reass->first_bi);
429       if (0 == vnet_buffer (b)->ip.reass.fragment_first)
430         {
431           *icmp_bi = reass->first_bi;
432           if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
433             {
434               ip6_full_reass_add_trace (vm, node, rm, reass, reass->first_bi,
435                                         ICMP_ERROR_RT_EXCEEDED, ~0);
436             }
437           // fragment with offset zero received - send icmp message back
438           if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
439             {
440               // separate first buffer from chain and steer it towards icmp node
441               b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
442               reass->first_bi = b->next_buffer;
443             }
444           else
445             {
446               reass->first_bi = vnet_buffer (b)->ip.reass.next_range_bi;
447             }
448           icmp6_error_set_vnet_buffer (b, ICMP6_time_exceeded,
449                                        ICMP6_time_exceeded_fragment_reassembly_time_exceeded,
450                                        0);
451         }
452     }
453   ip6_full_reass_drop_all (vm, node, rm, reass);
454 }
455
456 always_inline ip6_full_reass_t *
457 ip6_full_reass_find_or_create (vlib_main_t * vm, vlib_node_runtime_t * node,
458                                ip6_full_reass_main_t * rm,
459                                ip6_full_reass_per_thread_t * rt,
460                                ip6_full_reass_kv_t * kv, u32 * icmp_bi,
461                                u8 * do_handoff)
462 {
463   ip6_full_reass_t *reass;
464   f64 now;
465
466 again:
467
468   reass = NULL;
469   now = vlib_time_now (vm);
470
471   if (!clib_bihash_search_48_8
472       (&rm->hash, (clib_bihash_kv_48_8_t *) kv, (clib_bihash_kv_48_8_t *) kv))
473     {
474       reass =
475         pool_elt_at_index (rm->per_thread_data
476                            [kv->v.memory_owner_thread_index].pool,
477                            kv->v.reass_index);
478       if (vm->thread_index != kv->v.memory_owner_thread_index)
479         {
480           *do_handoff = 1;
481           return reass;
482         }
483
484       if (now > reass->last_heard + rm->timeout)
485         {
486           ip6_full_reass_on_timeout (vm, node, rm, reass, icmp_bi);
487           ip6_full_reass_free (rm, rt, reass);
488           reass = NULL;
489         }
490     }
491
492   if (reass)
493     {
494       reass->last_heard = now;
495       return reass;
496     }
497
498   if (rt->reass_n >= rm->max_reass_n)
499     {
500       reass = NULL;
501       return reass;
502     }
503   else
504     {
505       pool_get (rt->pool, reass);
506       clib_memset (reass, 0, sizeof (*reass));
507       reass->id = ((u64) vm->thread_index * 1000000000) + rt->id_counter;
508       ++rt->id_counter;
509       reass->first_bi = ~0;
510       reass->last_packet_octet = ~0;
511       reass->data_len = 0;
512       reass->next_index = ~0;
513       reass->error_next_index = ~0;
514       ++rt->reass_n;
515     }
516
517   reass->key.as_u64[0] = ((clib_bihash_kv_48_8_t *) kv)->key[0];
518   reass->key.as_u64[1] = ((clib_bihash_kv_48_8_t *) kv)->key[1];
519   reass->key.as_u64[2] = ((clib_bihash_kv_48_8_t *) kv)->key[2];
520   reass->key.as_u64[3] = ((clib_bihash_kv_48_8_t *) kv)->key[3];
521   reass->key.as_u64[4] = ((clib_bihash_kv_48_8_t *) kv)->key[4];
522   reass->key.as_u64[5] = ((clib_bihash_kv_48_8_t *) kv)->key[5];
523   kv->v.reass_index = (reass - rt->pool);
524   kv->v.memory_owner_thread_index = vm->thread_index;
525   reass->last_heard = now;
526
527   int rv =
528     clib_bihash_add_del_48_8 (&rm->hash, (clib_bihash_kv_48_8_t *) kv, 2);
529   if (rv)
530     {
531       ip6_full_reass_free (rm, rt, reass);
532       reass = NULL;
533       // if other worker created a context already work with the other copy
534       if (-2 == rv)
535         goto again;
536     }
537
538   return reass;
539 }
540
541 always_inline ip6_full_reass_rc_t
542 ip6_full_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * node,
543                          ip6_full_reass_main_t * rm,
544                          ip6_full_reass_per_thread_t * rt,
545                          ip6_full_reass_t * reass, u32 * bi0, u32 * next0,
546                          u32 * error0, bool is_custom_app)
547 {
548   *bi0 = reass->first_bi;
549   *error0 = IP6_ERROR_NONE;
550   ip6_frag_hdr_t *frag_hdr;
551   vlib_buffer_t *last_b = NULL;
552   u32 sub_chain_bi = reass->first_bi;
553   u32 total_length = 0;
554   u32 buf_cnt = 0;
555   u32 dropped_cnt = 0;
556   u32 *vec_drop_compress = NULL;
557   ip6_full_reass_rc_t rv = IP6_FULL_REASS_RC_OK;
558   do
559     {
560       u32 tmp_bi = sub_chain_bi;
561       vlib_buffer_t *tmp = vlib_get_buffer (vm, tmp_bi);
562       vnet_buffer_opaque_t *vnb = vnet_buffer (tmp);
563       if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
564           !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
565         {
566           rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
567           goto free_buffers_and_return;
568         }
569
570       u32 data_len = ip6_full_reass_buffer_get_data_len (tmp);
571       u32 trim_front = vnet_buffer (tmp)->ip.reass.ip6_frag_hdr_offset +
572         sizeof (*frag_hdr) + ip6_full_reass_buffer_get_data_offset (tmp);
573       u32 trim_end =
574         vlib_buffer_length_in_chain (vm, tmp) - trim_front - data_len;
575       if (tmp_bi == reass->first_bi)
576         {
577           /* first buffer - keep ip6 header */
578           if (0 != ip6_full_reass_buffer_get_data_offset (tmp))
579             {
580               rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
581               goto free_buffers_and_return;
582             }
583           trim_front = 0;
584           trim_end = vlib_buffer_length_in_chain (vm, tmp) - data_len -
585             (vnet_buffer (tmp)->ip.reass.ip6_frag_hdr_offset +
586              sizeof (*frag_hdr));
587           if (!(vlib_buffer_length_in_chain (vm, tmp) - trim_end > 0))
588             {
589               rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
590               goto free_buffers_and_return;
591             }
592         }
593       u32 keep_data =
594         vlib_buffer_length_in_chain (vm, tmp) - trim_front - trim_end;
595       while (1)
596         {
597           ++buf_cnt;
598           if (trim_front)
599             {
600               if (trim_front > tmp->current_length)
601                 {
602                   /* drop whole buffer */
603                   vec_add1 (vec_drop_compress, tmp_bi);
604                   trim_front -= tmp->current_length;
605                   if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
606                     {
607                       rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
608                       goto free_buffers_and_return;
609                     }
610                   tmp->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
611                   tmp_bi = tmp->next_buffer;
612                   tmp = vlib_get_buffer (vm, tmp_bi);
613                   continue;
614                 }
615               else
616                 {
617                   vlib_buffer_advance (tmp, trim_front);
618                   trim_front = 0;
619                 }
620             }
621           if (keep_data)
622             {
623               if (last_b)
624                 {
625                   last_b->flags |= VLIB_BUFFER_NEXT_PRESENT;
626                   last_b->next_buffer = tmp_bi;
627                 }
628               last_b = tmp;
629               if (keep_data <= tmp->current_length)
630                 {
631                   tmp->current_length = keep_data;
632                   keep_data = 0;
633                 }
634               else
635                 {
636                   keep_data -= tmp->current_length;
637                   if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
638                     {
639                       rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
640                       goto free_buffers_and_return;
641                     }
642                 }
643               total_length += tmp->current_length;
644             }
645           else
646             {
647               vec_add1 (vec_drop_compress, tmp_bi);
648               if (reass->first_bi == tmp_bi)
649                 {
650                   rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
651                   goto free_buffers_and_return;
652                 }
653               ++dropped_cnt;
654             }
655           if (tmp->flags & VLIB_BUFFER_NEXT_PRESENT)
656             {
657               tmp_bi = tmp->next_buffer;
658               tmp = vlib_get_buffer (vm, tmp->next_buffer);
659             }
660           else
661             {
662               break;
663             }
664         }
665       sub_chain_bi =
666         vnet_buffer (vlib_get_buffer (vm, sub_chain_bi))->ip.
667         reass.next_range_bi;
668     }
669   while (~0 != sub_chain_bi);
670
671   if (!last_b)
672     {
673       rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
674       goto free_buffers_and_return;
675     }
676   last_b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
677   vlib_buffer_t *first_b = vlib_get_buffer (vm, reass->first_bi);
678   if (total_length < first_b->current_length)
679     {
680       rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
681       goto free_buffers_and_return;
682     }
683   total_length -= first_b->current_length;
684   first_b->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
685   first_b->total_length_not_including_first_buffer = total_length;
686   // drop fragment header
687   vnet_buffer_opaque_t *first_b_vnb = vnet_buffer (first_b);
688   ip6_header_t *ip = vlib_buffer_get_current (first_b);
689   u16 ip6_frag_hdr_offset = first_b_vnb->ip.reass.ip6_frag_hdr_offset;
690   ip6_ext_header_t *prev_hdr;
691   frag_hdr =
692     ip6_ext_header_find (vm, first_b, ip, IP_PROTOCOL_IPV6_FRAGMENTATION,
693                          &prev_hdr);
694   if (prev_hdr)
695     {
696       prev_hdr->next_hdr = frag_hdr->next_hdr;
697     }
698   else
699     {
700       ip->protocol = frag_hdr->next_hdr;
701     }
702   if (!((u8 *) frag_hdr - (u8 *) ip == ip6_frag_hdr_offset))
703     {
704       rv = IP6_FULL_REASS_RC_INTERNAL_ERROR;
705       goto free_buffers_and_return;
706     }
707   memmove (frag_hdr, (u8 *) frag_hdr + sizeof (*frag_hdr),
708            first_b->current_length - ip6_frag_hdr_offset -
709            sizeof (ip6_frag_hdr_t));
710   first_b->current_length -= sizeof (*frag_hdr);
711   ip->payload_length =
712     clib_host_to_net_u16 (total_length + first_b->current_length -
713                           sizeof (*ip));
714   if (!vlib_buffer_chain_linearize (vm, first_b))
715     {
716       rv = IP6_FULL_REASS_RC_NO_BUF;
717       goto free_buffers_and_return;
718     }
719   first_b->flags &= ~VLIB_BUFFER_EXT_HDR_VALID;
720   if (PREDICT_FALSE (first_b->flags & VLIB_BUFFER_IS_TRACED))
721     {
722       ip6_full_reass_add_trace (vm, node, rm, reass, reass->first_bi,
723                                 FINALIZE, ~0);
724 #if 0
725       // following code does a hexdump of packet fragments to stdout ...
726       do
727         {
728           u32 bi = reass->first_bi;
729           u8 *s = NULL;
730           while (~0 != bi)
731             {
732               vlib_buffer_t *b = vlib_get_buffer (vm, bi);
733               s = format (s, "%u: %U\n", bi, format_hexdump,
734                           vlib_buffer_get_current (b), b->current_length);
735               if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
736                 {
737                   bi = b->next_buffer;
738                 }
739               else
740                 {
741                   break;
742                 }
743             }
744           printf ("%.*s\n", vec_len (s), s);
745           fflush (stdout);
746           vec_free (s);
747         }
748       while (0);
749 #endif
750     }
751   if (!is_custom_app)
752     {
753       *next0 = IP6_FULL_REASSEMBLY_NEXT_INPUT;
754     }
755   else
756     {
757       *next0 = reass->next_index;
758     }
759   vnet_buffer (first_b)->ip.reass.estimated_mtu = reass->min_fragment_length;
760   ip6_full_reass_free (rm, rt, reass);
761   reass = NULL;
762 free_buffers_and_return:
763   vlib_buffer_free (vm, vec_drop_compress, vec_len (vec_drop_compress));
764   vec_free (vec_drop_compress);
765   return rv;
766 }
767
768 always_inline void
769 ip6_full_reass_insert_range_in_chain (vlib_main_t * vm,
770                                       ip6_full_reass_main_t * rm,
771                                       ip6_full_reass_per_thread_t * rt,
772                                       ip6_full_reass_t * reass,
773                                       u32 prev_range_bi, u32 new_next_bi)
774 {
775
776   vlib_buffer_t *new_next_b = vlib_get_buffer (vm, new_next_bi);
777   vnet_buffer_opaque_t *new_next_vnb = vnet_buffer (new_next_b);
778   if (~0 != prev_range_bi)
779     {
780       vlib_buffer_t *prev_b = vlib_get_buffer (vm, prev_range_bi);
781       vnet_buffer_opaque_t *prev_vnb = vnet_buffer (prev_b);
782       new_next_vnb->ip.reass.next_range_bi = prev_vnb->ip.reass.next_range_bi;
783       prev_vnb->ip.reass.next_range_bi = new_next_bi;
784     }
785   else
786     {
787       if (~0 != reass->first_bi)
788         {
789           new_next_vnb->ip.reass.next_range_bi = reass->first_bi;
790         }
791       reass->first_bi = new_next_bi;
792     }
793   reass->data_len += ip6_full_reass_buffer_get_data_len (new_next_b);
794 }
795
796 always_inline ip6_full_reass_rc_t
797 ip6_full_reass_update (vlib_main_t * vm, vlib_node_runtime_t * node,
798                        ip6_full_reass_main_t * rm,
799                        ip6_full_reass_per_thread_t * rt,
800                        ip6_full_reass_t * reass, u32 * bi0, u32 * next0,
801                        u32 * error0, ip6_frag_hdr_t * frag_hdr,
802                        bool is_custom_app, u32 * handoff_thread_idx)
803 {
804   int consumed = 0;
805   vlib_buffer_t *fb = vlib_get_buffer (vm, *bi0);
806   vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
807   if (is_custom_app)
808     {
809       reass->next_index = fvnb->ip.reass.next_index;    // store next_index before it's overwritten
810       reass->error_next_index = fvnb->ip.reass.error_next_index;        // store error_next_index before it is overwritten
811     }
812
813   fvnb->ip.reass.ip6_frag_hdr_offset =
814     (u8 *) frag_hdr - (u8 *) vlib_buffer_get_current (fb);
815   ip6_header_t *fip = vlib_buffer_get_current (fb);
816   if (fb->current_length < sizeof (*fip) ||
817       fvnb->ip.reass.ip6_frag_hdr_offset == 0 ||
818       fvnb->ip.reass.ip6_frag_hdr_offset >= fb->current_length)
819     {
820       return IP6_FULL_REASS_RC_INTERNAL_ERROR;
821     }
822
823   u32 fragment_first = fvnb->ip.reass.fragment_first =
824     ip6_frag_hdr_offset_bytes (frag_hdr);
825   u32 fragment_length =
826     vlib_buffer_length_in_chain (vm, fb) -
827     (fvnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
828   u32 fragment_last = fvnb->ip.reass.fragment_last =
829     fragment_first + fragment_length - 1;
830   int more_fragments = ip6_frag_hdr_more (frag_hdr);
831   u32 candidate_range_bi = reass->first_bi;
832   u32 prev_range_bi = ~0;
833   fvnb->ip.reass.range_first = fragment_first;
834   fvnb->ip.reass.range_last = fragment_last;
835   fvnb->ip.reass.next_range_bi = ~0;
836   if (!more_fragments)
837     {
838       reass->last_packet_octet = fragment_last;
839     }
840   if (~0 == reass->first_bi)
841     {
842       // starting a new reassembly
843       ip6_full_reass_insert_range_in_chain (vm, rm, rt, reass, prev_range_bi,
844                                             *bi0);
845       reass->min_fragment_length = clib_net_to_host_u16 (fip->payload_length);
846       consumed = 1;
847       reass->fragments_n = 1;
848       goto check_if_done_maybe;
849     }
850   reass->min_fragment_length =
851     clib_min (clib_net_to_host_u16 (fip->payload_length),
852               fvnb->ip.reass.estimated_mtu);
853   while (~0 != candidate_range_bi)
854     {
855       vlib_buffer_t *candidate_b = vlib_get_buffer (vm, candidate_range_bi);
856       vnet_buffer_opaque_t *candidate_vnb = vnet_buffer (candidate_b);
857       if (fragment_first > candidate_vnb->ip.reass.range_last)
858         {
859           // this fragments starts after candidate range
860           prev_range_bi = candidate_range_bi;
861           candidate_range_bi = candidate_vnb->ip.reass.next_range_bi;
862           if (candidate_vnb->ip.reass.range_last < fragment_last &&
863               ~0 == candidate_range_bi)
864             {
865               // special case - this fragment falls beyond all known ranges
866               ip6_full_reass_insert_range_in_chain (vm, rm, rt, reass,
867                                                     prev_range_bi, *bi0);
868               consumed = 1;
869               break;
870             }
871           continue;
872         }
873       if (fragment_last < candidate_vnb->ip.reass.range_first)
874         {
875           // this fragment ends before candidate range without any overlap
876           ip6_full_reass_insert_range_in_chain (vm, rm, rt, reass,
877                                                 prev_range_bi, *bi0);
878           consumed = 1;
879         }
880       else if (fragment_first == candidate_vnb->ip.reass.range_first &&
881                fragment_last == candidate_vnb->ip.reass.range_last)
882         {
883           // duplicate fragment - ignore
884         }
885       else
886         {
887           // overlapping fragment - not allowed by RFC 8200
888           ip6_full_reass_drop_all (vm, node, rm, reass);
889           ip6_full_reass_free (rm, rt, reass);
890           if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
891             {
892               ip6_full_reass_add_trace (vm, node, rm, reass, *bi0,
893                                         RANGE_OVERLAP, ~0);
894             }
895           *next0 = IP6_FULL_REASSEMBLY_NEXT_DROP;
896           *error0 = IP6_ERROR_REASS_OVERLAPPING_FRAGMENT;
897           return IP6_FULL_REASS_RC_OK;
898         }
899       break;
900     }
901   ++reass->fragments_n;
902 check_if_done_maybe:
903   if (consumed)
904     {
905       if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
906         {
907           ip6_full_reass_add_trace (vm, node, rm, reass, *bi0, RANGE_NEW, ~0);
908         }
909     }
910   if (~0 != reass->last_packet_octet &&
911       reass->data_len == reass->last_packet_octet + 1)
912     {
913       *handoff_thread_idx = reass->sendout_thread_index;
914       ip6_full_reass_rc_t rc =
915         ip6_full_reass_finalize (vm, node, rm, rt, reass, bi0, next0, error0,
916                                  is_custom_app);
917       if (IP6_FULL_REASS_RC_OK == rc
918           && reass->memory_owner_thread_index != reass->sendout_thread_index)
919         {
920           return IP6_FULL_REASS_RC_HANDOFF;
921         }
922       return rc;
923     }
924   else
925     {
926       if (consumed)
927         {
928           *bi0 = ~0;
929           if (reass->fragments_n > rm->max_reass_len)
930             {
931               return IP6_FULL_REASS_RC_TOO_MANY_FRAGMENTS;
932             }
933         }
934       else
935         {
936           *next0 = IP6_FULL_REASSEMBLY_NEXT_DROP;
937           *error0 = IP6_ERROR_REASS_DUPLICATE_FRAGMENT;
938         }
939     }
940   return IP6_FULL_REASS_RC_OK;
941 }
942
943 always_inline bool
944 ip6_full_reass_verify_upper_layer_present (vlib_node_runtime_t * node,
945                                            vlib_buffer_t * b,
946                                            ip6_frag_hdr_t * frag_hdr)
947 {
948   ip6_ext_header_t *tmp = (ip6_ext_header_t *) frag_hdr;
949   while (ip6_ext_hdr (tmp->next_hdr))
950     {
951       tmp = ip6_ext_next_header (tmp);
952     }
953   if (IP_PROTOCOL_IP6_NONXT == tmp->next_hdr)
954     {
955       icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
956                                    ICMP6_parameter_problem_first_fragment_has_incomplete_header_chain,
957                                    0);
958       b->error = node->errors[IP6_ERROR_REASS_MISSING_UPPER];
959
960       return false;
961     }
962   return true;
963 }
964
965 always_inline bool
966 ip6_full_reass_verify_fragment_multiple_8 (vlib_main_t * vm,
967                                            vlib_node_runtime_t * node,
968                                            vlib_buffer_t * b,
969                                            ip6_frag_hdr_t * frag_hdr)
970 {
971   vnet_buffer_opaque_t *vnb = vnet_buffer (b);
972   ip6_header_t *ip = vlib_buffer_get_current (b);
973   int more_fragments = ip6_frag_hdr_more (frag_hdr);
974   u32 fragment_length =
975     vlib_buffer_length_in_chain (vm, b) -
976     (vnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
977   if (more_fragments && 0 != fragment_length % 8)
978     {
979       icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
980                                    ICMP6_parameter_problem_erroneous_header_field,
981                                    (u8 *) & ip->payload_length - (u8 *) ip);
982       return false;
983     }
984   return true;
985 }
986
987 always_inline bool
988 ip6_full_reass_verify_packet_size_lt_64k (vlib_main_t * vm,
989                                           vlib_node_runtime_t * node,
990                                           vlib_buffer_t * b,
991                                           ip6_frag_hdr_t * frag_hdr)
992 {
993   vnet_buffer_opaque_t *vnb = vnet_buffer (b);
994   u32 fragment_first = ip6_frag_hdr_offset_bytes (frag_hdr);
995   u32 fragment_length =
996     vlib_buffer_length_in_chain (vm, b) -
997     (vnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
998   if (fragment_first + fragment_length > 65535)
999     {
1000       ip6_header_t *ip0 = vlib_buffer_get_current (b);
1001       icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
1002                                    ICMP6_parameter_problem_erroneous_header_field,
1003                                    (u8 *) & frag_hdr->fragment_offset_and_more
1004                                    - (u8 *) ip0);
1005       return false;
1006     }
1007   return true;
1008 }
1009
1010 always_inline uword
1011 ip6_full_reassembly_inline (vlib_main_t * vm,
1012                             vlib_node_runtime_t * node,
1013                             vlib_frame_t * frame, bool is_feature,
1014                             bool is_custom_app)
1015 {
1016   u32 *from = vlib_frame_vector_args (frame);
1017   u32 n_left_from, n_left_to_next, *to_next, next_index;
1018   ip6_full_reass_main_t *rm = &ip6_full_reass_main;
1019   ip6_full_reass_per_thread_t *rt = &rm->per_thread_data[vm->thread_index];
1020   clib_spinlock_lock (&rt->lock);
1021
1022   n_left_from = frame->n_vectors;
1023   next_index = node->cached_next_index;
1024   while (n_left_from > 0)
1025     {
1026       vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1027
1028       while (n_left_from > 0 && n_left_to_next > 0)
1029         {
1030           u32 bi0;
1031           vlib_buffer_t *b0;
1032           u32 next0 = IP6_FULL_REASSEMBLY_NEXT_DROP;
1033           u32 error0 = IP6_ERROR_NONE;
1034           u32 icmp_bi = ~0;
1035
1036           bi0 = from[0];
1037           b0 = vlib_get_buffer (vm, bi0);
1038
1039           ip6_header_t *ip0 = vlib_buffer_get_current (b0);
1040           ip6_frag_hdr_t *frag_hdr = NULL;
1041           ip6_ext_header_t *prev_hdr;
1042           if (ip6_ext_hdr (ip0->protocol))
1043             {
1044               frag_hdr =
1045                 ip6_ext_header_find (vm, b0, ip0,
1046                                      IP_PROTOCOL_IPV6_FRAGMENTATION,
1047                                      &prev_hdr);
1048             }
1049           if (!frag_hdr)
1050             {
1051               // this is a regular packet - no fragmentation
1052               next0 = IP6_FULL_REASSEMBLY_NEXT_INPUT;
1053               goto skip_reass;
1054             }
1055           if (0 == ip6_frag_hdr_offset (frag_hdr))
1056             {
1057               // first fragment - verify upper-layer is present
1058               if (!ip6_full_reass_verify_upper_layer_present
1059                   (node, b0, frag_hdr))
1060                 {
1061                   next0 = IP6_FULL_REASSEMBLY_NEXT_ICMP_ERROR;
1062                   goto skip_reass;
1063                 }
1064             }
1065           if (!ip6_full_reass_verify_fragment_multiple_8
1066               (vm, node, b0, frag_hdr)
1067               || !ip6_full_reass_verify_packet_size_lt_64k (vm, node, b0,
1068                                                             frag_hdr))
1069             {
1070               next0 = IP6_FULL_REASSEMBLY_NEXT_ICMP_ERROR;
1071               goto skip_reass;
1072             }
1073           vnet_buffer (b0)->ip.reass.ip6_frag_hdr_offset =
1074             (u8 *) frag_hdr - (u8 *) ip0;
1075
1076           ip6_full_reass_kv_t kv;
1077           u8 do_handoff = 0;
1078
1079           kv.k.as_u64[0] = ip0->src_address.as_u64[0];
1080           kv.k.as_u64[1] = ip0->src_address.as_u64[1];
1081           kv.k.as_u64[2] = ip0->dst_address.as_u64[0];
1082           kv.k.as_u64[3] = ip0->dst_address.as_u64[1];
1083           kv.k.as_u64[4] =
1084             ((u64) vec_elt (ip6_main.fib_index_by_sw_if_index,
1085                             vnet_buffer (b0)->sw_if_index[VLIB_RX])) << 32 |
1086             (u64) frag_hdr->identification;
1087           kv.k.as_u64[5] = ip0->protocol;
1088
1089           ip6_full_reass_t *reass =
1090             ip6_full_reass_find_or_create (vm, node, rm, rt, &kv, &icmp_bi,
1091                                            &do_handoff);
1092
1093           if (reass)
1094             {
1095               const u32 fragment_first = ip6_frag_hdr_offset (frag_hdr);
1096               if (0 == fragment_first)
1097                 {
1098                   reass->sendout_thread_index = vm->thread_index;
1099                 }
1100             }
1101           if (PREDICT_FALSE (do_handoff))
1102             {
1103               next0 = IP6_FULL_REASSEMBLY_NEXT_HANDOFF;
1104               vnet_buffer (b0)->ip.reass.owner_thread_index =
1105                 kv.v.memory_owner_thread_index;
1106             }
1107           else if (reass)
1108             {
1109               u32 handoff_thread_idx;
1110               switch (ip6_full_reass_update
1111                       (vm, node, rm, rt, reass, &bi0, &next0, &error0,
1112                        frag_hdr, is_custom_app, &handoff_thread_idx))
1113                 {
1114                 case IP6_FULL_REASS_RC_OK:
1115                   /* nothing to do here */
1116                   break;
1117                 case IP6_FULL_REASS_RC_HANDOFF:
1118                   next0 = IP6_FULL_REASSEMBLY_NEXT_HANDOFF;
1119                   b0 = vlib_get_buffer (vm, bi0);
1120                   vnet_buffer (b0)->ip.reass.owner_thread_index =
1121                     handoff_thread_idx;
1122                   break;
1123                 case IP6_FULL_REASS_RC_TOO_MANY_FRAGMENTS:
1124                   vlib_node_increment_counter (vm, node->node_index,
1125                                                IP6_ERROR_REASS_FRAGMENT_CHAIN_TOO_LONG,
1126                                                1);
1127                   ip6_full_reass_drop_all (vm, node, rm, reass);
1128                   ip6_full_reass_free (rm, rt, reass);
1129                   goto next_packet;
1130                   break;
1131                 case IP6_FULL_REASS_RC_NO_BUF:
1132                   vlib_node_increment_counter (vm, node->node_index,
1133                                                IP6_ERROR_REASS_NO_BUF, 1);
1134                   ip6_full_reass_drop_all (vm, node, rm, reass);
1135                   ip6_full_reass_free (rm, rt, reass);
1136                   goto next_packet;
1137                   break;
1138                 case IP6_FULL_REASS_RC_INTERNAL_ERROR:
1139                   vlib_node_increment_counter (vm, node->node_index,
1140                                                IP6_ERROR_REASS_INTERNAL_ERROR,
1141                                                1);
1142                   ip6_full_reass_drop_all (vm, node, rm, reass);
1143                   ip6_full_reass_free (rm, rt, reass);
1144                   goto next_packet;
1145                   break;
1146                 }
1147             }
1148           else
1149             {
1150               if (is_feature)
1151                 {
1152                   next0 = IP6_FULL_REASSEMBLY_NEXT_DROP;
1153                 }
1154               else
1155                 {
1156                   vnet_buffer_opaque_t *fvnb = vnet_buffer (b0);
1157                   next0 = fvnb->ip.reass.error_next_index;
1158                 }
1159               error0 = IP6_ERROR_REASS_LIMIT_REACHED;
1160             }
1161
1162           b0->error = node->errors[error0];
1163
1164           if (~0 != bi0)
1165             {
1166             skip_reass:
1167               to_next[0] = bi0;
1168               to_next += 1;
1169               n_left_to_next -= 1;
1170               if (next0 == IP6_FULL_REASSEMBLY_NEXT_HANDOFF)
1171                 {
1172                   if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
1173                     {
1174                       ip6_full_reass_add_trace (vm, node, rm, NULL, bi0,
1175                                                 HANDOFF,
1176                                                 vnet_buffer (b0)->ip.
1177                                                 reass.owner_thread_index);
1178                     }
1179                 }
1180               else if (is_feature && IP6_ERROR_NONE == error0)
1181                 {
1182                   b0 = vlib_get_buffer (vm, bi0);
1183                   vnet_feature_next (&next0, b0);
1184                 }
1185               vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1186                                                n_left_to_next, bi0, next0);
1187             }
1188
1189           if (~0 != icmp_bi)
1190             {
1191               next0 = IP6_FULL_REASSEMBLY_NEXT_ICMP_ERROR;
1192               to_next[0] = icmp_bi;
1193               to_next += 1;
1194               n_left_to_next -= 1;
1195               vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1196                                                n_left_to_next, icmp_bi,
1197                                                next0);
1198             }
1199         next_packet:
1200           from += 1;
1201           n_left_from -= 1;
1202         }
1203
1204       vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1205     }
1206
1207   clib_spinlock_unlock (&rt->lock);
1208   return frame->n_vectors;
1209 }
1210
1211 static char *ip6_full_reassembly_error_strings[] = {
1212 #define _(sym, string) string,
1213   foreach_ip6_error
1214 #undef _
1215 };
1216
1217 VLIB_NODE_FN (ip6_full_reass_node) (vlib_main_t * vm,
1218                                     vlib_node_runtime_t * node,
1219                                     vlib_frame_t * frame)
1220 {
1221   return ip6_full_reassembly_inline (vm, node, frame, false /* is_feature */ ,
1222                                      false /* is_custom_app */ );
1223 }
1224
1225 /* *INDENT-OFF* */
1226 VLIB_REGISTER_NODE (ip6_full_reass_node) = {
1227     .name = "ip6-full-reassembly",
1228     .vector_size = sizeof (u32),
1229     .format_trace = format_ip6_full_reass_trace,
1230     .n_errors = ARRAY_LEN (ip6_full_reassembly_error_strings),
1231     .error_strings = ip6_full_reassembly_error_strings,
1232     .n_next_nodes = IP6_FULL_REASSEMBLY_N_NEXT,
1233     .next_nodes =
1234         {
1235                 [IP6_FULL_REASSEMBLY_NEXT_INPUT] = "ip6-input",
1236                 [IP6_FULL_REASSEMBLY_NEXT_DROP] = "ip6-drop",
1237                 [IP6_FULL_REASSEMBLY_NEXT_ICMP_ERROR] = "ip6-icmp-error",
1238                 [IP6_FULL_REASSEMBLY_NEXT_HANDOFF] = "ip6-full-reassembly-handoff",
1239         },
1240 };
1241 /* *INDENT-ON* */
1242
1243 VLIB_NODE_FN (ip6_full_reass_node_feature) (vlib_main_t * vm,
1244                                             vlib_node_runtime_t * node,
1245                                             vlib_frame_t * frame)
1246 {
1247   return ip6_full_reassembly_inline (vm, node, frame, true /* is_feature */ ,
1248                                      false /* is_custom_app */ );
1249 }
1250
1251 /* *INDENT-OFF* */
1252 VLIB_REGISTER_NODE (ip6_full_reass_node_feature) = {
1253     .name = "ip6-full-reassembly-feature",
1254     .vector_size = sizeof (u32),
1255     .format_trace = format_ip6_full_reass_trace,
1256     .n_errors = ARRAY_LEN (ip6_full_reassembly_error_strings),
1257     .error_strings = ip6_full_reassembly_error_strings,
1258     .n_next_nodes = IP6_FULL_REASSEMBLY_N_NEXT,
1259     .next_nodes =
1260         {
1261                 [IP6_FULL_REASSEMBLY_NEXT_INPUT] = "ip6-input",
1262                 [IP6_FULL_REASSEMBLY_NEXT_DROP] = "ip6-drop",
1263                 [IP6_FULL_REASSEMBLY_NEXT_ICMP_ERROR] = "ip6-icmp-error",
1264                 [IP6_FULL_REASSEMBLY_NEXT_HANDOFF] = "ip6-full-reass-feature-hoff",
1265         },
1266 };
1267 /* *INDENT-ON* */
1268
1269 /* *INDENT-OFF* */
1270 VNET_FEATURE_INIT (ip6_full_reassembly_feature, static) = {
1271     .arc_name = "ip6-unicast",
1272     .node_name = "ip6-full-reassembly-feature",
1273     .runs_before = VNET_FEATURES ("ip6-lookup",
1274                                   "ipsec6-input-feature"),
1275     .runs_after = 0,
1276 };
1277 /* *INDENT-ON* */
1278
1279 #ifndef CLIB_MARCH_VARIANT
1280 static u32
1281 ip6_full_reass_get_nbuckets ()
1282 {
1283   ip6_full_reass_main_t *rm = &ip6_full_reass_main;
1284   u32 nbuckets;
1285   u8 i;
1286
1287   nbuckets = (u32) (rm->max_reass_n / IP6_FULL_REASS_HT_LOAD_FACTOR);
1288
1289   for (i = 0; i < 31; i++)
1290     if ((1 << i) >= nbuckets)
1291       break;
1292   nbuckets = 1 << i;
1293
1294   return nbuckets;
1295 }
1296 #endif /* CLIB_MARCH_VARIANT */
1297
1298 typedef enum
1299 {
1300   IP6_EVENT_CONFIG_CHANGED = 1,
1301 } ip6_full_reass_event_t;
1302
1303 #ifndef CLIB_MARCH_VARIANT
1304 typedef struct
1305 {
1306   int failure;
1307   clib_bihash_48_8_t *new_hash;
1308 } ip6_rehash_cb_ctx;
1309
1310 static void
1311 ip6_rehash_cb (clib_bihash_kv_48_8_t * kv, void *_ctx)
1312 {
1313   ip6_rehash_cb_ctx *ctx = _ctx;
1314   if (clib_bihash_add_del_48_8 (ctx->new_hash, kv, 1))
1315     {
1316       ctx->failure = 1;
1317     }
1318 }
1319
1320 static void
1321 ip6_full_reass_set_params (u32 timeout_ms, u32 max_reassemblies,
1322                            u32 max_reassembly_length,
1323                            u32 expire_walk_interval_ms)
1324 {
1325   ip6_full_reass_main.timeout_ms = timeout_ms;
1326   ip6_full_reass_main.timeout = (f64) timeout_ms / (f64) MSEC_PER_SEC;
1327   ip6_full_reass_main.max_reass_n = max_reassemblies;
1328   ip6_full_reass_main.max_reass_len = max_reassembly_length;
1329   ip6_full_reass_main.expire_walk_interval_ms = expire_walk_interval_ms;
1330 }
1331
1332 vnet_api_error_t
1333 ip6_full_reass_set (u32 timeout_ms, u32 max_reassemblies,
1334                     u32 max_reassembly_length, u32 expire_walk_interval_ms)
1335 {
1336   u32 old_nbuckets = ip6_full_reass_get_nbuckets ();
1337   ip6_full_reass_set_params (timeout_ms, max_reassemblies,
1338                              max_reassembly_length, expire_walk_interval_ms);
1339   vlib_process_signal_event (ip6_full_reass_main.vlib_main,
1340                              ip6_full_reass_main.ip6_full_reass_expire_node_idx,
1341                              IP6_EVENT_CONFIG_CHANGED, 0);
1342   u32 new_nbuckets = ip6_full_reass_get_nbuckets ();
1343   if (ip6_full_reass_main.max_reass_n > 0 && new_nbuckets > old_nbuckets)
1344     {
1345       clib_bihash_48_8_t new_hash;
1346       clib_memset (&new_hash, 0, sizeof (new_hash));
1347       ip6_rehash_cb_ctx ctx;
1348       ctx.failure = 0;
1349       ctx.new_hash = &new_hash;
1350       clib_bihash_init_48_8 (&new_hash, "ip6-full-reass", new_nbuckets,
1351                              new_nbuckets * 1024);
1352       clib_bihash_foreach_key_value_pair_48_8 (&ip6_full_reass_main.hash,
1353                                                ip6_rehash_cb, &ctx);
1354       if (ctx.failure)
1355         {
1356           clib_bihash_free_48_8 (&new_hash);
1357           return -1;
1358         }
1359       else
1360         {
1361           clib_bihash_free_48_8 (&ip6_full_reass_main.hash);
1362           clib_memcpy_fast (&ip6_full_reass_main.hash, &new_hash,
1363                             sizeof (ip6_full_reass_main.hash));
1364           clib_bihash_copied (&ip6_full_reass_main.hash, &new_hash);
1365         }
1366     }
1367   return 0;
1368 }
1369
1370 vnet_api_error_t
1371 ip6_full_reass_get (u32 * timeout_ms, u32 * max_reassemblies,
1372                     u32 * max_reassembly_length,
1373                     u32 * expire_walk_interval_ms)
1374 {
1375   *timeout_ms = ip6_full_reass_main.timeout_ms;
1376   *max_reassemblies = ip6_full_reass_main.max_reass_n;
1377   *max_reassembly_length = ip6_full_reass_main.max_reass_len;
1378   *expire_walk_interval_ms = ip6_full_reass_main.expire_walk_interval_ms;
1379   return 0;
1380 }
1381
1382 static clib_error_t *
1383 ip6_full_reass_init_function (vlib_main_t * vm)
1384 {
1385   ip6_full_reass_main_t *rm = &ip6_full_reass_main;
1386   clib_error_t *error = 0;
1387   u32 nbuckets;
1388   vlib_node_t *node;
1389
1390   rm->vlib_main = vm;
1391
1392   vec_validate (rm->per_thread_data, vlib_num_workers ());
1393   ip6_full_reass_per_thread_t *rt;
1394   vec_foreach (rt, rm->per_thread_data)
1395   {
1396     clib_spinlock_init (&rt->lock);
1397     pool_alloc (rt->pool, rm->max_reass_n);
1398   }
1399
1400   node = vlib_get_node_by_name (vm, (u8 *) "ip6-full-reassembly-expire-walk");
1401   ASSERT (node);
1402   rm->ip6_full_reass_expire_node_idx = node->index;
1403
1404   ip6_full_reass_set_params (IP6_FULL_REASS_TIMEOUT_DEFAULT_MS,
1405                              IP6_FULL_REASS_MAX_REASSEMBLIES_DEFAULT,
1406                              IP6_FULL_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT,
1407                              IP6_FULL_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS);
1408
1409   nbuckets = ip6_full_reass_get_nbuckets ();
1410   clib_bihash_init_48_8 (&rm->hash, "ip6-full-reass", nbuckets,
1411                          nbuckets * 1024);
1412
1413   node = vlib_get_node_by_name (vm, (u8 *) "ip6-drop");
1414   ASSERT (node);
1415   rm->ip6_drop_idx = node->index;
1416   node = vlib_get_node_by_name (vm, (u8 *) "ip6-icmp-error");
1417   ASSERT (node);
1418   rm->ip6_icmp_error_idx = node->index;
1419
1420   if ((error = vlib_call_init_function (vm, ip_main_init)))
1421     return error;
1422   ip6_register_protocol (IP_PROTOCOL_IPV6_FRAGMENTATION,
1423                          ip6_full_reass_node.index);
1424
1425   rm->fq_index = vlib_frame_queue_main_init (ip6_full_reass_node.index, 0);
1426   rm->fq_feature_index =
1427     vlib_frame_queue_main_init (ip6_full_reass_node_feature.index, 0);
1428
1429   return error;
1430 }
1431
1432 VLIB_INIT_FUNCTION (ip6_full_reass_init_function);
1433 #endif /* CLIB_MARCH_VARIANT */
1434
1435 static uword
1436 ip6_full_reass_walk_expired (vlib_main_t * vm,
1437                              vlib_node_runtime_t * node, vlib_frame_t * f)
1438 {
1439   ip6_full_reass_main_t *rm = &ip6_full_reass_main;
1440   uword event_type, *event_data = 0;
1441
1442   while (true)
1443     {
1444       vlib_process_wait_for_event_or_clock (vm,
1445                                             (f64) rm->expire_walk_interval_ms
1446                                             / (f64) MSEC_PER_SEC);
1447       event_type = vlib_process_get_events (vm, &event_data);
1448
1449       switch (event_type)
1450         {
1451         case ~0:                /* no events => timeout */
1452           /* nothing to do here */
1453           break;
1454         case IP6_EVENT_CONFIG_CHANGED:
1455           break;
1456         default:
1457           clib_warning ("BUG: event type 0x%wx", event_type);
1458           break;
1459         }
1460       f64 now = vlib_time_now (vm);
1461
1462       ip6_full_reass_t *reass;
1463       int *pool_indexes_to_free = NULL;
1464
1465       uword thread_index = 0;
1466       int index;
1467       const uword nthreads = vlib_num_workers () + 1;
1468       u32 *vec_icmp_bi = NULL;
1469       for (thread_index = 0; thread_index < nthreads; ++thread_index)
1470         {
1471           ip6_full_reass_per_thread_t *rt =
1472             &rm->per_thread_data[thread_index];
1473           clib_spinlock_lock (&rt->lock);
1474
1475           vec_reset_length (pool_indexes_to_free);
1476           /* *INDENT-OFF* */
1477           pool_foreach_index (index, rt->pool, ({
1478                                 reass = pool_elt_at_index (rt->pool, index);
1479                                 if (now > reass->last_heard + rm->timeout)
1480                                   {
1481                                     vec_add1 (pool_indexes_to_free, index);
1482                                   }
1483                               }));
1484           /* *INDENT-ON* */
1485           int *i;
1486           /* *INDENT-OFF* */
1487           vec_foreach (i, pool_indexes_to_free)
1488           {
1489             ip6_full_reass_t *reass = pool_elt_at_index (rt->pool, i[0]);
1490             u32 icmp_bi = ~0;
1491             ip6_full_reass_on_timeout (vm, node, rm, reass, &icmp_bi);
1492             if (~0 != icmp_bi)
1493               vec_add1 (vec_icmp_bi, icmp_bi);
1494
1495             ip6_full_reass_free (rm, rt, reass);
1496           }
1497           /* *INDENT-ON* */
1498
1499           clib_spinlock_unlock (&rt->lock);
1500         }
1501
1502       while (vec_len (vec_icmp_bi) > 0)
1503         {
1504           vlib_frame_t *f =
1505             vlib_get_frame_to_node (vm, rm->ip6_icmp_error_idx);
1506           u32 *to_next = vlib_frame_vector_args (f);
1507           u32 n_left_to_next = VLIB_FRAME_SIZE - f->n_vectors;
1508           int trace_frame = 0;
1509           while (vec_len (vec_icmp_bi) > 0 && n_left_to_next > 0)
1510             {
1511               u32 bi = vec_pop (vec_icmp_bi);
1512               vlib_buffer_t *b = vlib_get_buffer (vm, bi);
1513               if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
1514                 trace_frame = 1;
1515               b->error = node->errors[IP6_ERROR_REASS_TIMEOUT];
1516               to_next[0] = bi;
1517               ++f->n_vectors;
1518               to_next += 1;
1519               n_left_to_next -= 1;
1520             }
1521           f->frame_flags |= (trace_frame * VLIB_FRAME_TRACE);
1522           vlib_put_frame_to_node (vm, rm->ip6_icmp_error_idx, f);
1523         }
1524
1525       vec_free (pool_indexes_to_free);
1526       vec_free (vec_icmp_bi);
1527       if (event_data)
1528         {
1529           _vec_len (event_data) = 0;
1530         }
1531     }
1532
1533   return 0;
1534 }
1535
1536 /* *INDENT-OFF* */
1537 VLIB_REGISTER_NODE (ip6_full_reass_expire_node) = {
1538     .function = ip6_full_reass_walk_expired,
1539     .format_trace = format_ip6_full_reass_trace,
1540     .type = VLIB_NODE_TYPE_PROCESS,
1541     .name = "ip6-full-reassembly-expire-walk",
1542
1543     .n_errors = ARRAY_LEN (ip6_full_reassembly_error_strings),
1544     .error_strings = ip6_full_reassembly_error_strings,
1545
1546 };
1547 /* *INDENT-ON* */
1548
1549 static u8 *
1550 format_ip6_full_reass_key (u8 * s, va_list * args)
1551 {
1552   ip6_full_reass_key_t *key = va_arg (*args, ip6_full_reass_key_t *);
1553   s = format (s, "xx_id: %u, src: %U, dst: %U, frag_id: %u, proto: %u",
1554               key->xx_id, format_ip6_address, &key->src, format_ip6_address,
1555               &key->dst, clib_net_to_host_u16 (key->frag_id), key->proto);
1556   return s;
1557 }
1558
1559 static u8 *
1560 format_ip6_full_reass (u8 * s, va_list * args)
1561 {
1562   vlib_main_t *vm = va_arg (*args, vlib_main_t *);
1563   ip6_full_reass_t *reass = va_arg (*args, ip6_full_reass_t *);
1564
1565   s = format (s, "ID: %lu, key: %U\n  first_bi: %u, data_len: %u, "
1566               "last_packet_octet: %u, trace_op_counter: %u\n",
1567               reass->id, format_ip6_full_reass_key, &reass->key,
1568               reass->first_bi, reass->data_len, reass->last_packet_octet,
1569               reass->trace_op_counter);
1570   u32 bi = reass->first_bi;
1571   u32 counter = 0;
1572   while (~0 != bi)
1573     {
1574       vlib_buffer_t *b = vlib_get_buffer (vm, bi);
1575       vnet_buffer_opaque_t *vnb = vnet_buffer (b);
1576       s = format (s, "  #%03u: range: [%u, %u], bi: %u, off: %d, len: %u, "
1577                   "fragment[%u, %u]\n",
1578                   counter, vnb->ip.reass.range_first,
1579                   vnb->ip.reass.range_last, bi,
1580                   ip6_full_reass_buffer_get_data_offset (b),
1581                   ip6_full_reass_buffer_get_data_len (b),
1582                   vnb->ip.reass.fragment_first, vnb->ip.reass.fragment_last);
1583       if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
1584         {
1585           bi = b->next_buffer;
1586         }
1587       else
1588         {
1589           bi = ~0;
1590         }
1591     }
1592   return s;
1593 }
1594
1595 static clib_error_t *
1596 show_ip6_full_reass (vlib_main_t * vm, unformat_input_t * input,
1597                      CLIB_UNUSED (vlib_cli_command_t * lmd))
1598 {
1599   ip6_full_reass_main_t *rm = &ip6_full_reass_main;
1600
1601   vlib_cli_output (vm, "---------------------");
1602   vlib_cli_output (vm, "IP6 reassembly status");
1603   vlib_cli_output (vm, "---------------------");
1604   bool details = false;
1605   if (unformat (input, "details"))
1606     {
1607       details = true;
1608     }
1609
1610   u32 sum_reass_n = 0;
1611   u64 sum_buffers_n = 0;
1612   ip6_full_reass_t *reass;
1613   uword thread_index;
1614   const uword nthreads = vlib_num_workers () + 1;
1615   for (thread_index = 0; thread_index < nthreads; ++thread_index)
1616     {
1617       ip6_full_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1618       clib_spinlock_lock (&rt->lock);
1619       if (details)
1620         {
1621           /* *INDENT-OFF* */
1622           pool_foreach (reass, rt->pool, {
1623             vlib_cli_output (vm, "%U", format_ip6_full_reass, vm, reass);
1624           });
1625           /* *INDENT-ON* */
1626         }
1627       sum_reass_n += rt->reass_n;
1628       clib_spinlock_unlock (&rt->lock);
1629     }
1630   vlib_cli_output (vm, "---------------------");
1631   vlib_cli_output (vm, "Current IP6 reassemblies count: %lu\n",
1632                    (long unsigned) sum_reass_n);
1633   vlib_cli_output (vm, "Maximum configured concurrent IP6 reassemblies per "
1634                    "worker-thread: %lu\n", (long unsigned) rm->max_reass_n);
1635   vlib_cli_output (vm, "Buffers in use: %lu\n",
1636                    (long unsigned) sum_buffers_n);
1637   return 0;
1638 }
1639
1640 /* *INDENT-OFF* */
1641 VLIB_CLI_COMMAND (show_ip6_full_reassembly_cmd, static) = {
1642     .path = "show ip6-full-reassembly",
1643     .short_help = "show ip6-full-reassembly [details]",
1644     .function = show_ip6_full_reass,
1645 };
1646 /* *INDENT-ON* */
1647
1648 #ifndef CLIB_MARCH_VARIANT
1649 vnet_api_error_t
1650 ip6_full_reass_enable_disable (u32 sw_if_index, u8 enable_disable)
1651 {
1652   return vnet_feature_enable_disable ("ip6-unicast",
1653                                       "ip6-full-reassembly-feature",
1654                                       sw_if_index, enable_disable, 0, 0);
1655 }
1656 #endif /* CLIB_MARCH_VARIANT */
1657
1658 #define foreach_ip6_full_reassembly_handoff_error                       \
1659 _(CONGESTION_DROP, "congestion drop")
1660
1661
1662 typedef enum
1663 {
1664 #define _(sym,str) IP6_FULL_REASSEMBLY_HANDOFF_ERROR_##sym,
1665   foreach_ip6_full_reassembly_handoff_error
1666 #undef _
1667     IP6_FULL_REASSEMBLY_HANDOFF_N_ERROR,
1668 } ip6_full_reassembly_handoff_error_t;
1669
1670 static char *ip6_full_reassembly_handoff_error_strings[] = {
1671 #define _(sym,string) string,
1672   foreach_ip6_full_reassembly_handoff_error
1673 #undef _
1674 };
1675
1676 typedef struct
1677 {
1678   u32 next_worker_index;
1679 } ip6_full_reassembly_handoff_trace_t;
1680
1681 static u8 *
1682 format_ip6_full_reassembly_handoff_trace (u8 * s, va_list * args)
1683 {
1684   CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1685   CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1686   ip6_full_reassembly_handoff_trace_t *t =
1687     va_arg (*args, ip6_full_reassembly_handoff_trace_t *);
1688
1689   s =
1690     format (s, "ip6-full-reassembly-handoff: next-worker %d",
1691             t->next_worker_index);
1692
1693   return s;
1694 }
1695
1696 always_inline uword
1697 ip6_full_reassembly_handoff_inline (vlib_main_t * vm,
1698                                     vlib_node_runtime_t * node,
1699                                     vlib_frame_t * frame, bool is_feature)
1700 {
1701   ip6_full_reass_main_t *rm = &ip6_full_reass_main;
1702
1703   vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1704   u32 n_enq, n_left_from, *from;
1705   u16 thread_indices[VLIB_FRAME_SIZE], *ti;
1706   u32 fq_index;
1707
1708   from = vlib_frame_vector_args (frame);
1709   n_left_from = frame->n_vectors;
1710   vlib_get_buffers (vm, from, bufs, n_left_from);
1711
1712   b = bufs;
1713   ti = thread_indices;
1714
1715   fq_index = (is_feature) ? rm->fq_feature_index : rm->fq_index;
1716
1717   while (n_left_from > 0)
1718     {
1719       ti[0] = vnet_buffer (b[0])->ip.reass.owner_thread_index;
1720
1721       if (PREDICT_FALSE
1722           ((node->flags & VLIB_NODE_FLAG_TRACE)
1723            && (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
1724         {
1725           ip6_full_reassembly_handoff_trace_t *t =
1726             vlib_add_trace (vm, node, b[0], sizeof (*t));
1727           t->next_worker_index = ti[0];
1728         }
1729
1730       n_left_from -= 1;
1731       ti += 1;
1732       b += 1;
1733     }
1734   n_enq =
1735     vlib_buffer_enqueue_to_thread (vm, fq_index, from, thread_indices,
1736                                    frame->n_vectors, 1);
1737
1738   if (n_enq < frame->n_vectors)
1739     vlib_node_increment_counter (vm, node->node_index,
1740                                  IP6_FULL_REASSEMBLY_HANDOFF_ERROR_CONGESTION_DROP,
1741                                  frame->n_vectors - n_enq);
1742   return frame->n_vectors;
1743 }
1744
1745 VLIB_NODE_FN (ip6_full_reassembly_handoff_node) (vlib_main_t * vm,
1746                                                  vlib_node_runtime_t * node,
1747                                                  vlib_frame_t * frame)
1748 {
1749   return ip6_full_reassembly_handoff_inline (vm, node, frame,
1750                                              false /* is_feature */ );
1751 }
1752
1753 /* *INDENT-OFF* */
1754 VLIB_REGISTER_NODE (ip6_full_reassembly_handoff_node) = {
1755   .name = "ip6-full-reassembly-handoff",
1756   .vector_size = sizeof (u32),
1757   .n_errors = ARRAY_LEN(ip6_full_reassembly_handoff_error_strings),
1758   .error_strings = ip6_full_reassembly_handoff_error_strings,
1759   .format_trace = format_ip6_full_reassembly_handoff_trace,
1760
1761   .n_next_nodes = 1,
1762
1763   .next_nodes = {
1764     [0] = "error-drop",
1765   },
1766 };
1767
1768
1769 VLIB_NODE_FN (ip6_full_reassembly_feature_handoff_node) (vlib_main_t * vm,
1770                                vlib_node_runtime_t * node, vlib_frame_t * frame)
1771 {
1772   return ip6_full_reassembly_handoff_inline (vm, node, frame, true /* is_feature */ );
1773 }
1774
1775
1776 /* *INDENT-OFF* */
1777 VLIB_REGISTER_NODE (ip6_full_reassembly_feature_handoff_node) = {
1778   .name = "ip6-full-reass-feature-hoff",
1779   .vector_size = sizeof (u32),
1780   .n_errors = ARRAY_LEN(ip6_full_reassembly_handoff_error_strings),
1781   .error_strings = ip6_full_reassembly_handoff_error_strings,
1782   .format_trace = format_ip6_full_reassembly_handoff_trace,
1783
1784   .n_next_nodes = 1,
1785
1786   .next_nodes = {
1787     [0] = "error-drop",
1788   },
1789 };
1790 /* *INDENT-ON* */
1791
1792 /*
1793  * fd.io coding-style-patch-verification: ON
1794  *
1795  * Local Variables:
1796  * eval: (c-set-style "gnu")
1797  * End:
1798  */
Vector Packet Processing