2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
15 #include <vppinfra/error.h>
16 #include <vppinfra/hash.h>
17 #include <vnet/vnet.h>
18 #include <vnet/ip/ip.h>
19 #include <vnet/ethernet/ethernet.h>
20 #include <vnet/vxlan/vxlan.h>
22 /* Statistics (not all errors) */
23 #define foreach_vxlan_encap_error \
24 _(ENCAPSULATED, "good packets encapsulated") \
25 _(DEL_TUNNEL, "deleted tunnel packets")
27 static char * vxlan_encap_error_strings[] = {
28 #define _(sym,string) string,
29 foreach_vxlan_encap_error
34 #define _(sym,str) VXLAN_ENCAP_ERROR_##sym,
35 foreach_vxlan_encap_error
38 } vxlan_encap_error_t;
41 VXLAN_ENCAP_NEXT_IP4_LOOKUP,
42 VXLAN_ENCAP_NEXT_IP6_LOOKUP,
43 VXLAN_ENCAP_NEXT_DROP,
50 } vxlan_encap_trace_t;
52 u8 * format_vxlan_encap_trace (u8 * s, va_list * args)
54 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
55 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
56 vxlan_encap_trace_t * t
57 = va_arg (*args, vxlan_encap_trace_t *);
59 s = format (s, "VXLAN-ENCAP: tunnel %d vni %d", t->tunnel_index, t->vni);
64 #define foreach_fixed_header4_offset \
67 #define foreach_fixed_header6_offset \
68 _(0) _(1) _(2) _(3) _(4) _(5) _(6)
71 vxlan_encap (vlib_main_t * vm,
72 vlib_node_runtime_t * node,
73 vlib_frame_t * from_frame)
75 u32 n_left_from, next_index, * from, * to_next;
76 vxlan_main_t * vxm = &vxlan_main;
77 vnet_main_t * vnm = vxm->vnet_main;
78 vnet_interface_main_t * im = &vnm->interface_main;
79 u32 pkts_encapsulated = 0;
80 u16 old_l0 = 0, old_l1 = 0;
81 u32 cpu_index = os_get_cpu_number();
82 u32 stats_sw_if_index, stats_n_packets, stats_n_bytes;
84 from = vlib_frame_vector_args (from_frame);
85 n_left_from = from_frame->n_vectors;
87 next_index = node->cached_next_index;
88 stats_sw_if_index = node->runtime_data[0];
89 stats_n_packets = stats_n_bytes = 0;
91 while (n_left_from > 0)
95 vlib_get_next_frame (vm, node, next_index,
96 to_next, n_left_to_next);
98 while (n_left_from >= 4 && n_left_to_next >= 2)
101 vlib_buffer_t * b0, * b1;
102 u32 flow_hash0, flow_hash1;
103 u32 next0 = VXLAN_ENCAP_NEXT_IP4_LOOKUP;
104 u32 next1 = VXLAN_ENCAP_NEXT_IP4_LOOKUP;
105 u32 sw_if_index0, sw_if_index1, len0, len1;
106 vnet_hw_interface_t * hi0, * hi1;
107 ip4_header_t * ip4_0, * ip4_1;
108 ip6_header_t * ip6_0, * ip6_1;
109 udp_header_t * udp0, * udp1;
110 u64 * copy_src0, * copy_dst0;
111 u64 * copy_src1, * copy_dst1;
112 u32 * copy_src_last0, * copy_dst_last0;
113 u32 * copy_src_last1, * copy_dst_last1;
114 vxlan_tunnel_t * t0, * t1;
116 ip_csum_t sum0, sum1;
117 u8 is_ip4_0, is_ip4_1;
119 /* Prefetch next iteration. */
121 vlib_buffer_t * p2, * p3;
123 p2 = vlib_get_buffer (vm, from[2]);
124 p3 = vlib_get_buffer (vm, from[3]);
126 vlib_prefetch_buffer_header (p2, LOAD);
127 vlib_prefetch_buffer_header (p3, LOAD);
129 CLIB_PREFETCH (p2->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
130 CLIB_PREFETCH (p3->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
142 b0 = vlib_get_buffer (vm, bi0);
143 b1 = vlib_get_buffer (vm, bi1);
145 flow_hash0 = vnet_l2_compute_flow_hash (b0);
146 flow_hash1 = vnet_l2_compute_flow_hash (b1);
149 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_TX];
150 sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_TX];
151 hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
152 hi1 = vnet_get_sup_hw_interface (vnm, sw_if_index1);
154 t0 = &vxm->tunnels[hi0->dev_instance];
155 t1 = &vxm->tunnels[hi1->dev_instance];
157 is_ip4_0 = (t0->flags & VXLAN_TUNNEL_IS_IPV4);
158 is_ip4_1 = (t1->flags & VXLAN_TUNNEL_IS_IPV4);
160 if (PREDICT_FALSE(!is_ip4_0)) next0 = VXLAN_ENCAP_NEXT_IP6_LOOKUP;
161 if (PREDICT_FALSE(!is_ip4_1)) next1 = VXLAN_ENCAP_NEXT_IP6_LOOKUP;
163 /* Check rewrite string and drop packet if tunnel is deleted */
164 if (PREDICT_FALSE(t0->rewrite == vxlan4_dummy_rewrite ||
165 t0->rewrite == vxlan6_dummy_rewrite))
167 next0 = VXLAN_ENCAP_NEXT_DROP;
168 b0->error = node->errors[VXLAN_ENCAP_ERROR_DEL_TUNNEL];
169 pkts_encapsulated --;
170 } /* Still go through normal encap with dummy rewrite */
171 if (PREDICT_FALSE(t1->rewrite == vxlan4_dummy_rewrite ||
172 t1->rewrite == vxlan6_dummy_rewrite))
174 next1 = VXLAN_ENCAP_NEXT_DROP;
175 b1->error = node->errors[VXLAN_ENCAP_ERROR_DEL_TUNNEL];
176 pkts_encapsulated --;
177 } /* Still go through normal encap with dummy rewrite */
179 /* IP4 VXLAN header sizeof(ip4_vxlan_header_t) should be 36 octects */
180 /* IP6 VXLAN header sizeof(ip6_vxlan_header_t) should be 56 octects */
181 if (PREDICT_TRUE(is_ip4_0))
182 ASSERT(vec_len(t0->rewrite) == 36);
184 ASSERT(vec_len(t0->rewrite) == 56);
185 if (PREDICT_TRUE(is_ip4_1))
186 ASSERT(vec_len(t1->rewrite) == 36);
188 ASSERT(vec_len(t1->rewrite) == 56);
190 /* Apply the rewrite string. $$$$ vnet_rewrite? */
191 vlib_buffer_advance (b0, -(word)_vec_len(t0->rewrite));
192 vlib_buffer_advance (b1, -(word)_vec_len(t1->rewrite));
194 /* assign both v4 and v6; avoid a branch, optimizer will help us */
195 ip4_0 = vlib_buffer_get_current(b0);
196 ip6_0 = (void *)ip4_0;
197 ip4_1 = vlib_buffer_get_current(b1);
198 ip6_1 = (void *)ip4_1;
200 /* Copy the fixed header (v4 and v6 variables point to the same
201 * place at this point)
203 copy_dst0 = (u64 *) ip4_0;
204 copy_src0 = (u64 *) t0->rewrite;
206 copy_dst1 = (u64 *) ip4_1;
207 copy_src1 = (u64 *) t1->rewrite;
209 /* Copy first 32 (ip4)/56 (ip6) octets 8-bytes at a time */
210 #define _(offs) copy_dst0[offs] = copy_src0[offs];
211 if (PREDICT_TRUE(is_ip4_0)) {
212 foreach_fixed_header4_offset;
214 foreach_fixed_header6_offset;
217 #define _(offs) copy_dst1[offs] = copy_src1[offs];
218 if (PREDICT_TRUE(is_ip4_1)) {
219 foreach_fixed_header4_offset;
221 foreach_fixed_header6_offset;
224 /* Last 4 octets. Hopefully gcc will be our friend */
225 if (PREDICT_TRUE(is_ip4_0)) {
226 copy_dst_last0 = (u32 *)(©_dst0[4]);
227 copy_src_last0 = (u32 *)(©_src0[4]);
228 copy_dst_last0[0] = copy_src_last0[0];
230 if (PREDICT_TRUE(is_ip4_1)) {
231 copy_dst_last1 = (u32 *)(©_dst1[4]);
232 copy_src_last1 = (u32 *)(©_src1[4]);
233 copy_dst_last1[0] = copy_src_last1[0];
236 if (PREDICT_TRUE(is_ip4_0)) {
237 /* fix the <bleep>ing outer-IP checksum */
238 sum0 = ip4_0->checksum;
240 /* old_l0 always 0, see the rewrite setup */
242 clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0));
243 sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t,
244 length /* changed member */);
245 ip4_0->checksum = ip_csum_fold (sum0);
246 ip4_0->length = new_l0;
249 clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)
251 ip6_0->payload_length = new_l0;
254 if (PREDICT_TRUE(is_ip4_1)) {
255 /* fix the <bleep>ing outer-IP checksum */
256 sum1 = ip4_1->checksum;
258 /* old_l1 always 0, see the rewrite setup */
260 clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1));
261 sum1 = ip_csum_update (sum1, old_l1, new_l1, ip4_header_t,
262 length /* changed member */);
263 ip4_1->checksum = ip_csum_fold (sum1);
264 ip4_1->length = new_l1;
267 clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1)
269 ip6_1->payload_length = new_l1;
273 if (PREDICT_TRUE(is_ip4_0)) {
274 udp0 = (udp_header_t *)(ip4_0+1);
275 new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)
278 udp0 = (udp_header_t *)(ip6_0+1);
279 new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)
282 if (PREDICT_TRUE(is_ip4_1)) {
283 udp1 = (udp_header_t *)(ip4_1+1);
284 new_l1 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1)
287 udp1 = (udp_header_t *)(ip6_1+1);
288 new_l1 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b1)
292 udp0->length = new_l0;
293 udp0->src_port = flow_hash0;
295 udp1->length = new_l1;
296 udp1->src_port = flow_hash1;
298 if (PREDICT_FALSE(!is_ip4_0)) {
300 /* IPv6 UDP checksum is mandatory */
301 udp0->checksum = ip6_tcp_udp_icmp_compute_checksum(vm, b0,
304 if (udp0->checksum == 0)
305 udp0->checksum = 0xffff;
308 if (PREDICT_FALSE(!is_ip4_1)) {
310 /* IPv6 UDP checksum is mandatory */
311 udp1->checksum = ip6_tcp_udp_icmp_compute_checksum(vm, b1,
314 if (udp1->checksum == 0)
315 udp1->checksum = 0xffff;
318 /* Reset to look up tunnel partner in the configured FIB */
319 vnet_buffer(b0)->sw_if_index[VLIB_TX] = t0->encap_fib_index;
320 vnet_buffer(b1)->sw_if_index[VLIB_TX] = t1->encap_fib_index;
321 vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0;
322 vnet_buffer(b1)->sw_if_index[VLIB_RX] = sw_if_index1;
323 pkts_encapsulated += 2;
325 len0 = vlib_buffer_length_in_chain (vm, b0);
326 len1 = vlib_buffer_length_in_chain (vm, b0);
327 stats_n_packets += 2;
328 stats_n_bytes += len0 + len1;
330 /* Batch stats increment on the same vxlan tunnel so counter is not
331 incremented per packet. Note stats are still incremented for deleted
332 and admin-down tunnel where packets are dropped. It is not worthwhile
333 to check for this rare case and affect normal path performance. */
334 if (PREDICT_FALSE ((sw_if_index0 != stats_sw_if_index) ||
335 (sw_if_index1 != stats_sw_if_index)))
337 stats_n_packets -= 2;
338 stats_n_bytes -= len0 + len1;
339 if (sw_if_index0 == sw_if_index1)
342 vlib_increment_combined_counter
343 (im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_TX,
344 cpu_index, stats_sw_if_index,
345 stats_n_packets, stats_n_bytes);
346 stats_sw_if_index = sw_if_index0;
348 stats_n_bytes = len0 + len1;
352 vlib_increment_combined_counter
353 (im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_TX,
354 cpu_index, sw_if_index0, 1, len0);
355 vlib_increment_combined_counter
356 (im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_TX,
357 cpu_index, sw_if_index1, 1, len1);
361 if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED))
363 vxlan_encap_trace_t *tr =
364 vlib_add_trace (vm, node, b0, sizeof (*tr));
365 tr->tunnel_index = t0 - vxm->tunnels;
369 if (PREDICT_FALSE(b1->flags & VLIB_BUFFER_IS_TRACED))
371 vxlan_encap_trace_t *tr =
372 vlib_add_trace (vm, node, b1, sizeof (*tr));
373 tr->tunnel_index = t1 - vxm->tunnels;
377 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
378 to_next, n_left_to_next,
379 bi0, bi1, next0, next1);
382 while (n_left_from > 0 && n_left_to_next > 0)
387 u32 next0 = VXLAN_ENCAP_NEXT_IP4_LOOKUP;
388 u32 sw_if_index0, len0;
389 vnet_hw_interface_t * hi0;
390 ip4_header_t * ip4_0;
391 ip6_header_t * ip6_0;
393 u64 * copy_src0, * copy_dst0;
394 u32 * copy_src_last0, * copy_dst_last0;
407 b0 = vlib_get_buffer (vm, bi0);
409 flow_hash0 = vnet_l2_compute_flow_hash(b0);
412 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_TX];
413 hi0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
415 t0 = &vxm->tunnels[hi0->dev_instance];
417 is_ip4_0 = (t0->flags & VXLAN_TUNNEL_IS_IPV4);
419 if (PREDICT_FALSE(!is_ip4_0)) next0 = VXLAN_ENCAP_NEXT_IP6_LOOKUP;
421 /* Check rewrite string and drop packet if tunnel is deleted */
422 if (PREDICT_FALSE(t0->rewrite == vxlan4_dummy_rewrite ||
423 t0->rewrite == vxlan6_dummy_rewrite))
425 next0 = VXLAN_ENCAP_NEXT_DROP;
426 b0->error = node->errors[VXLAN_ENCAP_ERROR_DEL_TUNNEL];
427 pkts_encapsulated --;
428 } /* Still go through normal encap with dummy rewrite */
431 /* IP4 VXLAN header sizeof(ip4_vxlan_header_t) should be 36 octets */
432 /* IP6 VXLAN header sizeof(ip4_vxlan_header_t) should be 56 octets */
433 if (PREDICT_TRUE(is_ip4_0))
434 ASSERT(vec_len(t0->rewrite) == 36);
436 ASSERT(vec_len(t0->rewrite) == 56);
438 /* Apply the rewrite string. $$$$ vnet_rewrite? */
439 vlib_buffer_advance (b0, -(word)_vec_len(t0->rewrite));
441 /* assign both v4 and v6; avoid a branch, optimizer will help us */
442 ip4_0 = vlib_buffer_get_current(b0);
443 ip6_0 = (void *)ip4_0;
445 /* Copy the fixed header (v4 and v6 variables point to the same
446 * place at this point)
448 copy_dst0 = (u64 *) ip4_0;
449 copy_src0 = (u64 *) t0->rewrite;
451 /* Copy first 32 octets 8-bytes at a time */
452 #define _(offs) copy_dst0[offs] = copy_src0[offs];
453 if (PREDICT_TRUE(is_ip4_0)) {
454 foreach_fixed_header4_offset;
456 foreach_fixed_header6_offset;
459 if (PREDICT_TRUE(is_ip4_0)) {
460 /* Last 4 octets. Hopefully gcc will be our friend */
461 copy_dst_last0 = (u32 *)(©_dst0[4]);
462 copy_src_last0 = (u32 *)(©_src0[4]);
464 copy_dst_last0[0] = copy_src_last0[0];
467 if (PREDICT_TRUE(is_ip4_0)) {
468 /* fix the <bleep>ing outer-IP checksum */
469 sum0 = ip4_0->checksum;
471 /* old_l0 always 0, see the rewrite setup */
473 clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0));
474 sum0 = ip_csum_update (sum0, old_l0, new_l0, ip4_header_t,
475 length /* changed member */);
476 ip4_0->checksum = ip_csum_fold (sum0);
477 ip4_0->length = new_l0;
480 clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)
482 ip6_0->payload_length = new_l0;
486 if (PREDICT_TRUE(is_ip4_0)) {
487 udp0 = (udp_header_t *)(ip4_0+1);
488 new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)
491 udp0 = (udp_header_t *)(ip6_0+1);
492 new_l0 = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)
496 udp0->length = new_l0;
497 udp0->src_port = flow_hash0;
499 if (PREDICT_FALSE(!is_ip4_0)) {
501 /* IPv6 UDP checksum is mandatory */
502 udp0->checksum = ip6_tcp_udp_icmp_compute_checksum(vm, b0,
505 if (udp0->checksum == 0)
506 udp0->checksum = 0xffff;
510 /* vnet_update_l2_len (b0); do we need this? cluke */
512 /* Reset to look up tunnel partner in the configured FIB */
513 vnet_buffer(b0)->sw_if_index[VLIB_TX] = t0->encap_fib_index;
514 vnet_buffer(b0)->sw_if_index[VLIB_RX] = sw_if_index0;
515 pkts_encapsulated ++;
517 len0 = vlib_buffer_length_in_chain (vm, b0);
518 stats_n_packets += 1;
519 stats_n_bytes += len0;
521 /* Batch stats increment on the same vxlan tunnel so counter is not
522 incremented per packet. Note stats are still incremented for deleted
523 and admin-down tunnel where packets are dropped. It is not worthwhile
524 to check for this rare case and affect normal path performance. */
525 if (PREDICT_FALSE (sw_if_index0 != stats_sw_if_index))
527 stats_n_packets -= 1;
528 stats_n_bytes -= len0;
530 vlib_increment_combined_counter
531 (im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_TX,
532 cpu_index, stats_sw_if_index,
533 stats_n_packets, stats_n_bytes);
535 stats_n_bytes = len0;
536 stats_sw_if_index = sw_if_index0;
539 if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED))
541 vxlan_encap_trace_t *tr =
542 vlib_add_trace (vm, node, b0, sizeof (*tr));
543 tr->tunnel_index = t0 - vxm->tunnels;
546 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
547 to_next, n_left_to_next,
551 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
554 /* Do we still need this now that tunnel tx stats is kept? */
555 vlib_node_increment_counter (vm, node->node_index,
556 VXLAN_ENCAP_ERROR_ENCAPSULATED,
559 /* Increment any remaining batch stats */
562 vlib_increment_combined_counter
563 (im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_TX,
564 cpu_index, stats_sw_if_index, stats_n_packets, stats_n_bytes);
565 node->runtime_data[0] = stats_sw_if_index;
568 return from_frame->n_vectors;
571 VLIB_REGISTER_NODE (vxlan_encap_node) = {
572 .function = vxlan_encap,
573 .name = "vxlan-encap",
574 .vector_size = sizeof (u32),
575 .format_trace = format_vxlan_encap_trace,
576 .type = VLIB_NODE_TYPE_INTERNAL,
578 .n_errors = ARRAY_LEN(vxlan_encap_error_strings),
579 .error_strings = vxlan_encap_error_strings,
581 .n_next_nodes = VXLAN_ENCAP_N_NEXT,
584 [VXLAN_ENCAP_NEXT_IP4_LOOKUP] = "ip4-lookup",
585 [VXLAN_ENCAP_NEXT_IP6_LOOKUP] = "ip6-lookup",
586 [VXLAN_ENCAP_NEXT_DROP] = "error-drop",
590 VLIB_NODE_FUNCTION_MULTIARCH (vxlan_encap_node, vxlan_encap)