2 * decap.c: vxlan gbp tunnel decap packet processing
4 * Copyright (c) 2018 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vlib/vlib.h>
20 #include <vnet/vxlan-gbp/vxlan_gbp.h>
30 } vxlan_gbp_rx_trace_t;
33 format_vxlan_gbp_rx_trace (u8 * s, va_list * args)
35 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
36 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
37 vxlan_gbp_rx_trace_t *t = va_arg (*args, vxlan_gbp_rx_trace_t *);
39 if (t->tunnel_index == ~0)
41 "VXLAN_GBP decap error - tunnel for vni %d does not exist",
44 "VXLAN_GBP decap from vxlan_gbp_tunnel%d vni %d sclass %d"
45 " flags %U next %d error %d",
46 t->tunnel_index, t->vni, t->sclass,
47 format_vxlan_gbp_header_gpflags, t->flags,
48 t->next_index, t->error);
52 buf_fib_index (vlib_buffer_t * b, u32 is_ip4)
54 u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
55 if (sw_if_index != (u32) ~ 0)
58 u32 *fib_index_by_sw_if_index = is_ip4 ?
59 ip4_main.fib_index_by_sw_if_index : ip6_main.fib_index_by_sw_if_index;
60 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
62 return vec_elt (fib_index_by_sw_if_index, sw_if_index);
65 typedef vxlan4_gbp_tunnel_key_t last_tunnel_cache4;
67 always_inline vxlan_gbp_tunnel_t *
68 vxlan4_gbp_find_tunnel (vxlan_gbp_main_t * vxm, last_tunnel_cache4 * cache,
69 u32 fib_index, ip4_header_t * ip4_0,
70 vxlan_gbp_header_t * vxlan_gbp0)
73 * Check unicast first since that's where most of the traffic comes from
74 * Make sure VXLAN_GBP tunnel exist according to packet SIP, DIP and VNI
76 vxlan4_gbp_tunnel_key_t key4;
79 key4.key[1] = ((u64) fib_index << 32) | vxlan_gbp0->vni_reserved;
80 key4.key[0] = (((u64) ip4_0->dst_address.as_u32 << 32) |
81 ip4_0->src_address.as_u32);
83 if (PREDICT_FALSE (key4.key[0] != cache->key[0] ||
84 key4.key[1] != cache->key[1]))
86 rv = clib_bihash_search_inline_16_8 (&vxm->vxlan4_gbp_tunnel_by_key,
88 if (PREDICT_FALSE (rv == 0))
91 return (pool_elt_at_index (vxm->tunnels, cache->value));
96 return (pool_elt_at_index (vxm->tunnels, cache->value));
99 /* No unicast match - try multicast */
100 if (PREDICT_TRUE (!ip4_address_is_multicast (&ip4_0->dst_address)))
103 key4.key[0] = ip4_0->dst_address.as_u32;
104 /* Make sure mcast VXLAN_GBP tunnel exist by packet DIP and VNI */
105 rv = clib_bihash_search_inline_16_8 (&vxm->vxlan4_gbp_tunnel_by_key, &key4);
107 if (PREDICT_FALSE (rv != 0))
110 return (pool_elt_at_index (vxm->tunnels, key4.value));
113 typedef vxlan6_gbp_tunnel_key_t last_tunnel_cache6;
115 always_inline vxlan_gbp_tunnel_t *
116 vxlan6_gbp_find_tunnel (vxlan_gbp_main_t * vxm, last_tunnel_cache6 * cache,
117 u32 fib_index, ip6_header_t * ip6_0,
118 vxlan_gbp_header_t * vxlan_gbp0)
120 /* Make sure VXLAN_GBP tunnel exist according to packet SIP and VNI */
121 vxlan6_gbp_tunnel_key_t key6 = {
123 [0] = ip6_0->src_address.as_u64[0],
124 [1] = ip6_0->src_address.as_u64[1],
125 [2] = (((u64) fib_index) << 32) | vxlan_gbp0->vni_reserved,
131 (clib_bihash_key_compare_24_8 (key6.key, cache->key) == 0))
133 rv = clib_bihash_search_inline_24_8 (&vxm->vxlan6_gbp_tunnel_by_key,
135 if (PREDICT_FALSE (rv != 0))
140 vxlan_gbp_tunnel_t *t0 = pool_elt_at_index (vxm->tunnels, cache->value);
142 /* Validate VXLAN_GBP tunnel SIP against packet DIP */
144 (!ip6_address_is_equal (&ip6_0->dst_address, &t0->src.ip6)))
147 if (PREDICT_TRUE (!ip6_address_is_multicast (&ip6_0->dst_address)))
150 /* Make sure mcast VXLAN_GBP tunnel exist by packet DIP and VNI */
151 key6.key[0] = ip6_0->dst_address.as_u64[0];
152 key6.key[1] = ip6_0->dst_address.as_u64[1];
153 rv = clib_bihash_search_inline_24_8 (&vxm->vxlan6_gbp_tunnel_by_key,
155 if (PREDICT_FALSE (rv != 0))
163 always_inline vxlan_gbp_input_next_t
164 vxlan_gbp_tunnel_get_next (const vxlan_gbp_tunnel_t * t, vlib_buffer_t * b0)
166 if (VXLAN_GBP_TUNNEL_MODE_L2 == t->mode)
167 return (VXLAN_GBP_INPUT_NEXT_L2_INPUT);
170 ethernet_header_t *e0;
173 e0 = vlib_buffer_get_current (b0);
174 vlib_buffer_advance (b0, sizeof (*e0));
175 type0 = clib_net_to_host_u16 (e0->type);
178 case ETHERNET_TYPE_IP4:
179 return (VXLAN_GBP_INPUT_NEXT_IP4_INPUT);
180 case ETHERNET_TYPE_IP6:
181 return (VXLAN_GBP_INPUT_NEXT_IP6_INPUT);
184 return (VXLAN_GBP_INPUT_NEXT_DROP);
188 vxlan_gbp_input (vlib_main_t * vm,
189 vlib_node_runtime_t * node,
190 vlib_frame_t * from_frame, u8 is_ip4)
192 vxlan_gbp_main_t *vxm = &vxlan_gbp_main;
193 vnet_main_t *vnm = vxm->vnet_main;
194 vnet_interface_main_t *im = &vnm->interface_main;
195 vlib_combined_counter_main_t *rx_counter =
196 im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_RX;
197 vlib_combined_counter_main_t *drop_counter =
198 im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_DROP;
199 last_tunnel_cache4 last4;
200 last_tunnel_cache6 last6;
201 u32 pkts_decapsulated = 0;
202 u32 thread_index = vlib_get_thread_index ();
205 clib_memset (&last4, 0xff, sizeof last4);
207 clib_memset (&last6, 0xff, sizeof last6);
209 u32 next_index = node->cached_next_index;
211 u32 *from = vlib_frame_vector_args (from_frame);
212 u32 n_left_from = from_frame->n_vectors;
214 while (n_left_from > 0)
216 u32 *to_next, n_left_to_next;
217 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
219 while (n_left_from >= 4 && n_left_to_next >= 2)
221 /* Prefetch next iteration. */
223 vlib_buffer_t *p2, *p3;
225 p2 = vlib_get_buffer (vm, from[2]);
226 p3 = vlib_get_buffer (vm, from[3]);
228 vlib_prefetch_buffer_header (p2, LOAD);
229 vlib_prefetch_buffer_header (p3, LOAD);
231 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
232 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
235 u32 bi0 = to_next[0] = from[0];
236 u32 bi1 = to_next[1] = from[1];
242 vlib_buffer_t *b0, *b1;
243 b0 = vlib_get_buffer (vm, bi0);
244 b1 = vlib_get_buffer (vm, bi1);
246 /* udp leaves current_data pointing at the vxlan_gbp header */
247 void *cur0 = vlib_buffer_get_current (b0);
248 void *cur1 = vlib_buffer_get_current (b1);
249 vxlan_gbp_header_t *vxlan_gbp0 = cur0;
250 vxlan_gbp_header_t *vxlan_gbp1 = cur1;
252 ip4_header_t *ip4_0, *ip4_1;
253 ip6_header_t *ip6_0, *ip6_1;
256 ip4_0 = cur0 - sizeof (udp_header_t) - sizeof (ip4_header_t);
257 ip4_1 = cur1 - sizeof (udp_header_t) - sizeof (ip4_header_t);
261 ip6_0 = cur0 - sizeof (udp_header_t) - sizeof (ip6_header_t);
262 ip6_1 = cur1 - sizeof (udp_header_t) - sizeof (ip6_header_t);
265 u32 fi0 = buf_fib_index (b0, is_ip4);
266 u32 fi1 = buf_fib_index (b1, is_ip4);
268 vxlan_gbp_tunnel_t *t0, *t1;
272 vxlan4_gbp_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan_gbp0);
274 vxlan4_gbp_find_tunnel (vxm, &last4, fi1, ip4_1, vxlan_gbp1);
279 vxlan6_gbp_find_tunnel (vxm, &last6, fi0, ip6_0, vxlan_gbp0);
281 vxlan6_gbp_find_tunnel (vxm, &last6, fi1, ip6_1, vxlan_gbp1);
284 u32 len0 = vlib_buffer_length_in_chain (vm, b0);
285 u32 len1 = vlib_buffer_length_in_chain (vm, b1);
287 vxlan_gbp_input_next_t next0, next1;
288 u8 error0 = 0, error1 = 0;
289 u8 flags0 = vxlan_gbp_get_flags (vxlan_gbp0);
290 u8 flags1 = vxlan_gbp_get_flags (vxlan_gbp1);
291 /* Required to make the l2 tag push / pop code work on l2 subifs */
293 vlib_buffer_advance (b0, sizeof *vxlan_gbp0);
294 vlib_buffer_advance (b1, sizeof *vxlan_gbp1);
296 /* Validate VXLAN_GBP tunnel encap-fib index against packet */
299 || flags0 != (VXLAN_GBP_FLAGS_I | VXLAN_GBP_FLAGS_G)))
302 && flags0 != (VXLAN_GBP_FLAGS_I | VXLAN_GBP_FLAGS_G))
304 error0 = VXLAN_GBP_ERROR_BAD_FLAGS;
305 vlib_increment_combined_counter
306 (drop_counter, thread_index, t0->sw_if_index, 1, len0);
307 next0 = VXLAN_GBP_INPUT_NEXT_DROP;
311 error0 = VXLAN_GBP_ERROR_NO_SUCH_TUNNEL;
312 next0 = VXLAN_GBP_INPUT_NEXT_PUNT;
315 vxm->punt_no_such_tunnel[FIB_PROTOCOL_IP4];
318 vxm->punt_no_such_tunnel[FIB_PROTOCOL_IP6];
320 b0->error = node->errors[error0];
324 next0 = vxlan_gbp_tunnel_get_next (t0, b0);
326 /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
327 vnet_buffer (b0)->sw_if_index[VLIB_RX] = t0->sw_if_index;
328 vlib_increment_combined_counter
329 (rx_counter, thread_index, t0->sw_if_index, 1, len0);
333 vnet_buffer2 (b0)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp0) |
334 VXLAN_GBP_GPFLAGS_R);
335 vnet_buffer2 (b0)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp0);
339 (t1 == 0 || flags1 != (VXLAN_GBP_FLAGS_I | VXLAN_GBP_FLAGS_G)))
342 && flags1 != (VXLAN_GBP_FLAGS_I | VXLAN_GBP_FLAGS_G))
344 error1 = VXLAN_GBP_ERROR_BAD_FLAGS;
345 vlib_increment_combined_counter
346 (drop_counter, thread_index, t1->sw_if_index, 1, len1);
347 next1 = VXLAN_GBP_INPUT_NEXT_DROP;
351 error1 = VXLAN_GBP_ERROR_NO_SUCH_TUNNEL;
352 next1 = VXLAN_GBP_INPUT_NEXT_PUNT;
355 vxm->punt_no_such_tunnel[FIB_PROTOCOL_IP4];
358 vxm->punt_no_such_tunnel[FIB_PROTOCOL_IP6];
360 b1->error = node->errors[error1];
364 next1 = vxlan_gbp_tunnel_get_next (t1, b1);
366 /* Set packet input sw_if_index to unicast VXLAN_GBP tunnel for learning */
367 vnet_buffer (b1)->sw_if_index[VLIB_RX] = t1->sw_if_index;
370 vlib_increment_combined_counter
371 (rx_counter, thread_index, t1->sw_if_index, 1, len1);
374 vnet_buffer2 (b1)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp1) |
375 VXLAN_GBP_GPFLAGS_R);
377 vnet_buffer2 (b1)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp1);
379 vnet_update_l2_len (b0);
380 vnet_update_l2_len (b1);
382 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
384 vxlan_gbp_rx_trace_t *tr =
385 vlib_add_trace (vm, node, b0, sizeof (*tr));
386 tr->next_index = next0;
388 tr->tunnel_index = t0 == 0 ? ~0 : t0 - vxm->tunnels;
389 tr->vni = vxlan_gbp_get_vni (vxlan_gbp0);
390 tr->sclass = vxlan_gbp_get_sclass (vxlan_gbp0);
391 tr->flags = vxlan_gbp_get_gpflags (vxlan_gbp0);
393 if (PREDICT_FALSE (b1->flags & VLIB_BUFFER_IS_TRACED))
395 vxlan_gbp_rx_trace_t *tr =
396 vlib_add_trace (vm, node, b1, sizeof (*tr));
397 tr->next_index = next1;
399 tr->tunnel_index = t1 == 0 ? ~0 : t1 - vxm->tunnels;
400 tr->vni = vxlan_gbp_get_vni (vxlan_gbp1);
401 tr->sclass = vxlan_gbp_get_sclass (vxlan_gbp1);
402 tr->flags = vxlan_gbp_get_gpflags (vxlan_gbp1);
405 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
406 to_next, n_left_to_next,
407 bi0, bi1, next0, next1);
410 while (n_left_from > 0 && n_left_to_next > 0)
412 u32 bi0 = to_next[0] = from[0];
418 vlib_buffer_t *b0 = vlib_get_buffer (vm, bi0);
420 /* udp leaves current_data pointing at the vxlan_gbp header */
421 void *cur0 = vlib_buffer_get_current (b0);
422 vxlan_gbp_header_t *vxlan_gbp0 = cur0;
426 ip4_0 = cur0 - sizeof (udp_header_t) - sizeof (ip4_header_t);
428 ip6_0 = cur0 - sizeof (udp_header_t) - sizeof (ip6_header_t);
430 u32 fi0 = buf_fib_index (b0, is_ip4);
432 vxlan_gbp_tunnel_t *t0;
434 t0 = vxlan4_gbp_find_tunnel (vxm, &last4, fi0, ip4_0, vxlan_gbp0);
436 t0 = vxlan6_gbp_find_tunnel (vxm, &last6, fi0, ip6_0, vxlan_gbp0);
438 uword len0 = vlib_buffer_length_in_chain (vm, b0);
440 vxlan_gbp_input_next_t next0;
442 u8 flags0 = vxlan_gbp_get_flags (vxlan_gbp0);
444 /* pop (ip, udp, vxlan_gbp) */
445 vlib_buffer_advance (b0, sizeof (*vxlan_gbp0));
446 /* Validate VXLAN_GBP tunnel encap-fib index against packet */
449 || flags0 != (VXLAN_GBP_FLAGS_I | VXLAN_GBP_FLAGS_G)))
452 && flags0 != (VXLAN_GBP_FLAGS_I | VXLAN_GBP_FLAGS_G))
454 error0 = VXLAN_GBP_ERROR_BAD_FLAGS;
455 vlib_increment_combined_counter
456 (drop_counter, thread_index, t0->sw_if_index, 1, len0);
457 next0 = VXLAN_GBP_INPUT_NEXT_DROP;
461 error0 = VXLAN_GBP_ERROR_NO_SUCH_TUNNEL;
462 next0 = VXLAN_GBP_INPUT_NEXT_PUNT;
465 vxm->punt_no_such_tunnel[FIB_PROTOCOL_IP4];
468 vxm->punt_no_such_tunnel[FIB_PROTOCOL_IP6];
470 b0->error = node->errors[error0];
474 next0 = vxlan_gbp_tunnel_get_next (t0, b0);
475 /* Set packet input sw_if_index to unicast VXLAN_GBP tunnel for learning */
476 vnet_buffer (b0)->sw_if_index[VLIB_RX] = t0->sw_if_index;
479 vlib_increment_combined_counter
480 (rx_counter, thread_index, t0->sw_if_index, 1, len0);
482 vnet_buffer2 (b0)->gbp.flags = (vxlan_gbp_get_gpflags (vxlan_gbp0) |
483 VXLAN_GBP_GPFLAGS_R);
485 vnet_buffer2 (b0)->gbp.sclass = vxlan_gbp_get_sclass (vxlan_gbp0);
487 /* Required to make the l2 tag push / pop code work on l2 subifs */
488 vnet_update_l2_len (b0);
490 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
492 vxlan_gbp_rx_trace_t *tr
493 = vlib_add_trace (vm, node, b0, sizeof (*tr));
494 tr->next_index = next0;
496 tr->tunnel_index = t0 == 0 ? ~0 : t0 - vxm->tunnels;
497 tr->vni = vxlan_gbp_get_vni (vxlan_gbp0);
498 tr->sclass = vxlan_gbp_get_sclass (vxlan_gbp0);
499 tr->flags = vxlan_gbp_get_gpflags (vxlan_gbp0);
501 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
502 to_next, n_left_to_next,
506 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
508 /* Do we still need this now that tunnel tx stats is kept? */
510 is_ip4 ? vxlan4_gbp_input_node.index : vxlan6_gbp_input_node.index;
511 vlib_node_increment_counter (vm, node_idx, VXLAN_GBP_ERROR_DECAPSULATED,
514 return from_frame->n_vectors;
517 VLIB_NODE_FN (vxlan4_gbp_input_node) (vlib_main_t * vm,
518 vlib_node_runtime_t * node,
519 vlib_frame_t * from_frame)
521 return vxlan_gbp_input (vm, node, from_frame, /* is_ip4 */ 1);
524 VLIB_NODE_FN (vxlan6_gbp_input_node) (vlib_main_t * vm,
525 vlib_node_runtime_t * node,
526 vlib_frame_t * from_frame)
528 return vxlan_gbp_input (vm, node, from_frame, /* is_ip4 */ 0);
531 static char *vxlan_gbp_error_strings[] = {
532 #define vxlan_gbp_error(n,s) s,
533 #include <vnet/vxlan-gbp/vxlan_gbp_error.def>
534 #undef vxlan_gbp_error
539 VLIB_REGISTER_NODE (vxlan4_gbp_input_node) =
541 .name = "vxlan4-gbp-input",
542 .vector_size = sizeof (u32),
543 .n_errors = VXLAN_GBP_N_ERROR,
544 .error_strings = vxlan_gbp_error_strings,
545 .n_next_nodes = VXLAN_GBP_INPUT_N_NEXT,
546 .format_trace = format_vxlan_gbp_rx_trace,
548 #define _(s,n) [VXLAN_GBP_INPUT_NEXT_##s] = n,
549 foreach_vxlan_gbp_input_next
554 VLIB_REGISTER_NODE (vxlan6_gbp_input_node) =
556 .name = "vxlan6-gbp-input",
557 .vector_size = sizeof (u32),
558 .n_errors = VXLAN_GBP_N_ERROR,
559 .error_strings = vxlan_gbp_error_strings,
560 .n_next_nodes = VXLAN_GBP_INPUT_N_NEXT,
562 #define _(s,n) [VXLAN_GBP_INPUT_NEXT_##s] = n,
563 foreach_vxlan_gbp_input_next
566 .format_trace = format_vxlan_gbp_rx_trace,
572 IP_VXLAN_GBP_BYPASS_NEXT_DROP,
573 IP_VXLAN_GBP_BYPASS_NEXT_VXLAN_GBP,
574 IP_VXLAN_GBP_BYPASS_N_NEXT,
575 } ip_vxlan_gbp_bypass_next_t;
578 ip_vxlan_gbp_bypass_inline (vlib_main_t * vm,
579 vlib_node_runtime_t * node,
580 vlib_frame_t * frame, u32 is_ip4)
582 vxlan_gbp_main_t *vxm = &vxlan_gbp_main;
583 u32 *from, *to_next, n_left_from, n_left_to_next, next_index;
584 vlib_node_runtime_t *error_node =
585 vlib_node_get_runtime (vm, ip4_input_node.index);
586 ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
587 ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
589 from = vlib_frame_vector_args (frame);
590 n_left_from = frame->n_vectors;
591 next_index = node->cached_next_index;
593 if (node->flags & VLIB_NODE_FLAG_TRACE)
594 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
599 ip6_address_set_zero (&addr6);
601 while (n_left_from > 0)
603 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
605 while (n_left_from >= 4 && n_left_to_next >= 2)
607 vlib_buffer_t *b0, *b1;
608 ip4_header_t *ip40, *ip41;
609 ip6_header_t *ip60, *ip61;
610 udp_header_t *udp0, *udp1;
611 u32 bi0, ip_len0, udp_len0, flags0, next0;
612 u32 bi1, ip_len1, udp_len1, flags1, next1;
613 i32 len_diff0, len_diff1;
614 u8 error0, good_udp0, proto0;
615 u8 error1, good_udp1, proto1;
617 /* Prefetch next iteration. */
619 vlib_buffer_t *p2, *p3;
621 p2 = vlib_get_buffer (vm, from[2]);
622 p3 = vlib_get_buffer (vm, from[3]);
624 vlib_prefetch_buffer_header (p2, LOAD);
625 vlib_prefetch_buffer_header (p3, LOAD);
627 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
628 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
631 bi0 = to_next[0] = from[0];
632 bi1 = to_next[1] = from[1];
638 b0 = vlib_get_buffer (vm, bi0);
639 b1 = vlib_get_buffer (vm, bi1);
642 ip40 = vlib_buffer_get_current (b0);
643 ip41 = vlib_buffer_get_current (b1);
647 ip60 = vlib_buffer_get_current (b0);
648 ip61 = vlib_buffer_get_current (b1);
651 /* Setup packet for next IP feature */
652 vnet_feature_next (&next0, b0);
653 vnet_feature_next (&next1, b1);
657 /* Treat IP frag packets as "experimental" protocol for now
658 until support of IP frag reassembly is implemented */
659 proto0 = ip4_is_fragment (ip40) ? 0xfe : ip40->protocol;
660 proto1 = ip4_is_fragment (ip41) ? 0xfe : ip41->protocol;
664 proto0 = ip60->protocol;
665 proto1 = ip61->protocol;
668 /* Process packet 0 */
669 if (proto0 != IP_PROTOCOL_UDP)
670 goto exit0; /* not UDP packet */
673 udp0 = ip4_next_header (ip40);
675 udp0 = ip6_next_header (ip60);
677 if (udp0->dst_port != clib_host_to_net_u16 (UDP_DST_PORT_vxlan_gbp))
678 goto exit0; /* not VXLAN_GBP packet */
680 /* Validate DIP against VTEPs */
683 if (addr4.as_u32 != ip40->dst_address.as_u32)
685 if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
686 goto exit0; /* no local VTEP for VXLAN_GBP packet */
687 addr4 = ip40->dst_address;
692 if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
694 if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
695 goto exit0; /* no local VTEP for VXLAN_GBP packet */
696 addr6 = ip60->dst_address;
701 good_udp0 = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
703 /* Don't verify UDP checksum for packets with explicit zero checksum. */
704 good_udp0 |= udp0->checksum == 0;
706 /* Verify UDP length */
708 ip_len0 = clib_net_to_host_u16 (ip40->length);
710 ip_len0 = clib_net_to_host_u16 (ip60->payload_length);
711 udp_len0 = clib_net_to_host_u16 (udp0->length);
712 len_diff0 = ip_len0 - udp_len0;
714 /* Verify UDP checksum */
715 if (PREDICT_FALSE (!good_udp0))
717 if ((flags0 & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED) == 0)
720 flags0 = ip4_tcp_udp_validate_checksum (vm, b0);
722 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, b0);
724 (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
730 error0 = good_udp0 ? 0 : IP4_ERROR_UDP_CHECKSUM;
731 error0 = (len_diff0 >= 0) ? error0 : IP4_ERROR_UDP_LENGTH;
735 error0 = good_udp0 ? 0 : IP6_ERROR_UDP_CHECKSUM;
736 error0 = (len_diff0 >= 0) ? error0 : IP6_ERROR_UDP_LENGTH;
740 IP_VXLAN_GBP_BYPASS_NEXT_DROP :
741 IP_VXLAN_GBP_BYPASS_NEXT_VXLAN_GBP;
742 b0->error = error0 ? error_node->errors[error0] : 0;
744 /* vxlan-gbp-input node expect current at VXLAN_GBP header */
746 vlib_buffer_advance (b0,
747 sizeof (ip4_header_t) +
748 sizeof (udp_header_t));
750 vlib_buffer_advance (b0,
751 sizeof (ip6_header_t) +
752 sizeof (udp_header_t));
755 /* Process packet 1 */
756 if (proto1 != IP_PROTOCOL_UDP)
757 goto exit1; /* not UDP packet */
760 udp1 = ip4_next_header (ip41);
762 udp1 = ip6_next_header (ip61);
764 if (udp1->dst_port != clib_host_to_net_u16 (UDP_DST_PORT_vxlan_gbp))
765 goto exit1; /* not VXLAN_GBP packet */
767 /* Validate DIP against VTEPs */
770 if (addr4.as_u32 != ip41->dst_address.as_u32)
772 if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32))
773 goto exit1; /* no local VTEP for VXLAN_GBP packet */
774 addr4 = ip41->dst_address;
779 if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
781 if (!hash_get_mem (vxm->vtep6, &ip61->dst_address))
782 goto exit1; /* no local VTEP for VXLAN_GBP packet */
783 addr6 = ip61->dst_address;
788 good_udp1 = (flags1 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
790 /* Don't verify UDP checksum for packets with explicit zero checksum. */
791 good_udp1 |= udp1->checksum == 0;
793 /* Verify UDP length */
795 ip_len1 = clib_net_to_host_u16 (ip41->length);
797 ip_len1 = clib_net_to_host_u16 (ip61->payload_length);
798 udp_len1 = clib_net_to_host_u16 (udp1->length);
799 len_diff1 = ip_len1 - udp_len1;
801 /* Verify UDP checksum */
802 if (PREDICT_FALSE (!good_udp1))
804 if ((flags1 & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED) == 0)
807 flags1 = ip4_tcp_udp_validate_checksum (vm, b1);
809 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, b1);
811 (flags1 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
817 error1 = good_udp1 ? 0 : IP4_ERROR_UDP_CHECKSUM;
818 error1 = (len_diff1 >= 0) ? error1 : IP4_ERROR_UDP_LENGTH;
822 error1 = good_udp1 ? 0 : IP6_ERROR_UDP_CHECKSUM;
823 error1 = (len_diff1 >= 0) ? error1 : IP6_ERROR_UDP_LENGTH;
827 IP_VXLAN_GBP_BYPASS_NEXT_DROP :
828 IP_VXLAN_GBP_BYPASS_NEXT_VXLAN_GBP;
829 b1->error = error1 ? error_node->errors[error1] : 0;
831 /* vxlan_gbp-input node expect current at VXLAN_GBP header */
833 vlib_buffer_advance (b1,
834 sizeof (ip4_header_t) +
835 sizeof (udp_header_t));
837 vlib_buffer_advance (b1,
838 sizeof (ip6_header_t) +
839 sizeof (udp_header_t));
842 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
843 to_next, n_left_to_next,
844 bi0, bi1, next0, next1);
847 while (n_left_from > 0 && n_left_to_next > 0)
853 u32 bi0, ip_len0, udp_len0, flags0, next0;
855 u8 error0, good_udp0, proto0;
857 bi0 = to_next[0] = from[0];
863 b0 = vlib_get_buffer (vm, bi0);
865 ip40 = vlib_buffer_get_current (b0);
867 ip60 = vlib_buffer_get_current (b0);
869 /* Setup packet for next IP feature */
870 vnet_feature_next (&next0, b0);
873 /* Treat IP4 frag packets as "experimental" protocol for now
874 until support of IP frag reassembly is implemented */
875 proto0 = ip4_is_fragment (ip40) ? 0xfe : ip40->protocol;
877 proto0 = ip60->protocol;
879 if (proto0 != IP_PROTOCOL_UDP)
880 goto exit; /* not UDP packet */
883 udp0 = ip4_next_header (ip40);
885 udp0 = ip6_next_header (ip60);
887 if (udp0->dst_port != clib_host_to_net_u16 (UDP_DST_PORT_vxlan_gbp))
888 goto exit; /* not VXLAN_GBP packet */
890 /* Validate DIP against VTEPs */
893 if (addr4.as_u32 != ip40->dst_address.as_u32)
895 if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
896 goto exit; /* no local VTEP for VXLAN_GBP packet */
897 addr4 = ip40->dst_address;
902 if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
904 if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
905 goto exit; /* no local VTEP for VXLAN_GBP packet */
906 addr6 = ip60->dst_address;
911 good_udp0 = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
913 /* Don't verify UDP checksum for packets with explicit zero checksum. */
914 good_udp0 |= udp0->checksum == 0;
916 /* Verify UDP length */
918 ip_len0 = clib_net_to_host_u16 (ip40->length);
920 ip_len0 = clib_net_to_host_u16 (ip60->payload_length);
921 udp_len0 = clib_net_to_host_u16 (udp0->length);
922 len_diff0 = ip_len0 - udp_len0;
924 /* Verify UDP checksum */
925 if (PREDICT_FALSE (!good_udp0))
927 if ((flags0 & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED) == 0)
930 flags0 = ip4_tcp_udp_validate_checksum (vm, b0);
932 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, b0);
934 (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
940 error0 = good_udp0 ? 0 : IP4_ERROR_UDP_CHECKSUM;
941 error0 = (len_diff0 >= 0) ? error0 : IP4_ERROR_UDP_LENGTH;
945 error0 = good_udp0 ? 0 : IP6_ERROR_UDP_CHECKSUM;
946 error0 = (len_diff0 >= 0) ? error0 : IP6_ERROR_UDP_LENGTH;
950 IP_VXLAN_GBP_BYPASS_NEXT_DROP :
951 IP_VXLAN_GBP_BYPASS_NEXT_VXLAN_GBP;
952 b0->error = error0 ? error_node->errors[error0] : 0;
954 /* vxlan_gbp-input node expect current at VXLAN_GBP header */
956 vlib_buffer_advance (b0,
957 sizeof (ip4_header_t) +
958 sizeof (udp_header_t));
960 vlib_buffer_advance (b0,
961 sizeof (ip6_header_t) +
962 sizeof (udp_header_t));
965 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
966 to_next, n_left_to_next,
970 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
973 return frame->n_vectors;
976 VLIB_NODE_FN (ip4_vxlan_gbp_bypass_node) (vlib_main_t * vm,
977 vlib_node_runtime_t * node,
978 vlib_frame_t * frame)
980 return ip_vxlan_gbp_bypass_inline (vm, node, frame, /* is_ip4 */ 1);
984 VLIB_REGISTER_NODE (ip4_vxlan_gbp_bypass_node) =
986 .name = "ip4-vxlan-gbp-bypass",
987 .vector_size = sizeof (u32),
988 .n_next_nodes = IP_VXLAN_GBP_BYPASS_N_NEXT,
990 [IP_VXLAN_GBP_BYPASS_NEXT_DROP] = "error-drop",
991 [IP_VXLAN_GBP_BYPASS_NEXT_VXLAN_GBP] = "vxlan4-gbp-input",
993 .format_buffer = format_ip4_header,
994 .format_trace = format_ip4_forward_next_trace,
998 #ifndef CLIB_MARCH_VARIANT
999 /* Dummy init function to get us linked in. */
1001 ip4_vxlan_gbp_bypass_init (vlib_main_t * vm)
1006 VLIB_INIT_FUNCTION (ip4_vxlan_gbp_bypass_init);
1007 #endif /* CLIB_MARCH_VARIANT */
1009 VLIB_NODE_FN (ip6_vxlan_gbp_bypass_node) (vlib_main_t * vm,
1010 vlib_node_runtime_t * node,
1011 vlib_frame_t * frame)
1013 return ip_vxlan_gbp_bypass_inline (vm, node, frame, /* is_ip4 */ 0);
1017 VLIB_REGISTER_NODE (ip6_vxlan_gbp_bypass_node) =
1019 .name = "ip6-vxlan-gbp-bypass",
1020 .vector_size = sizeof (u32),
1021 .n_next_nodes = IP_VXLAN_GBP_BYPASS_N_NEXT,
1023 [IP_VXLAN_GBP_BYPASS_NEXT_DROP] = "error-drop",
1024 [IP_VXLAN_GBP_BYPASS_NEXT_VXLAN_GBP] = "vxlan6-gbp-input",
1026 .format_buffer = format_ip6_header,
1027 .format_trace = format_ip6_forward_next_trace,
1031 #ifndef CLIB_MARCH_VARIANT
1032 /* Dummy init function to get us linked in. */
1034 ip6_vxlan_gbp_bypass_init (vlib_main_t * vm)
1039 VLIB_INIT_FUNCTION (ip6_vxlan_gbp_bypass_init);
1040 #endif /* CLIB_MARCH_VARIANT */
1043 * fd.io coding-style-patch-verification: ON
1046 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob