#include <vppinfra/vec.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
-#include <vppinfra/bihash_24_8.h>
+#include <vppinfra/bihash_16_8.h>
#include <vnet/ip/ip4_reassembly.h>
#define MSEC_PER_SEC 1000
{
struct
{
- // align by making this 4 octets even though its a 2 octets field
u32 xx_id;
ip4_address_t src;
ip4_address_t dst;
- // align by making this 4 octets even though its a 2 octets field
- u32 frag_id;
- // align by making this 4 octets even though its a 1 octet field
- u32 proto;
- u32 unused;
+ u16 frag_id;
+ u8 proto;
+ u8 unused;
};
- u64 as_u64[3];
+ u64 as_u64[2];
};
} ip4_reass_key_t;
u32 max_reass_n;
// IPv4 runtime
- clib_bihash_24_8_t hash;
+ clib_bihash_16_8_t hash;
// per-thread data
ip4_reass_per_thread_t *per_thread_data;
ip4_reass_free (ip4_reass_main_t * rm, ip4_reass_per_thread_t * rt,
ip4_reass_t * reass)
{
- clib_bihash_kv_24_8_t kv;
+ clib_bihash_kv_16_8_t kv;
kv.key[0] = reass->key.as_u64[0];
kv.key[1] = reass->key.as_u64[1];
- kv.key[2] = reass->key.as_u64[2];
- clib_bihash_add_del_24_8 (&rm->hash, &kv, 0);
+ clib_bihash_add_del_16_8 (&rm->hash, &kv, 0);
pool_put (rt->pool, reass);
--rt->reass_n;
}
{
ip4_reass_t *reass = NULL;
f64 now = vlib_time_now (rm->vlib_main);
- clib_bihash_kv_24_8_t kv, value;
+ clib_bihash_kv_16_8_t kv, value;
kv.key[0] = k->as_u64[0];
kv.key[1] = k->as_u64[1];
- kv.key[2] = k->as_u64[2];
- if (!clib_bihash_search_24_8 (&rm->hash, &kv, &value))
+ if (!clib_bihash_search_16_8 (&rm->hash, &kv, &value))
{
reass = pool_elt_at_index (rt->pool, value.value);
if (now > reass->last_heard + rm->timeout)
else
{
pool_get (rt->pool, reass);
- memset (reass, 0, sizeof (*reass));
+ clib_memset (reass, 0, sizeof (*reass));
reass->id =
((u64) os_get_thread_index () * 1000000000) + rt->id_counter;
++rt->id_counter;
reass->key.as_u64[0] = kv.key[0] = k->as_u64[0];
reass->key.as_u64[1] = kv.key[1] = k->as_u64[1];
- reass->key.as_u64[2] = kv.key[2] = k->as_u64[2];
kv.value = reass - rt->pool;
reass->last_heard = now;
- if (clib_bihash_add_del_24_8 (&rm->hash, &kv, 1))
+ if (clib_bihash_add_del_16_8 (&rm->hash, &kv, 1))
{
ip4_reass_free (rm, rt, reass);
reass = NULL;
ip->flags_and_fragment_offset = 0;
ip->length = clib_host_to_net_u16 (first_b->current_length + total_length);
ip->checksum = ip4_header_checksum (ip);
+ u32 before = vec_len (*vec_drop_compress);
vlib_buffer_chain_compress (vm, first_b, vec_drop_compress);
+ rt->buffers_n += vec_len (*vec_drop_compress) - before;
+
if (PREDICT_FALSE (first_b->flags & VLIB_BUFFER_IS_TRACED))
{
ip4_reass_add_trace (vm, node, rm, reass, reass->first_bi, FINALIZE, 0);
ip4_header_t *fip = vlib_buffer_get_current (fb);
ASSERT (fb->current_length >= sizeof (*fip));
vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
- u32 fragment_first = fvnb->ip.reass.fragment_first =
- ip4_get_fragment_offset_bytes (fip);
- u32 fragment_length =
+ reass->next_index = fvnb->ip.reass.next_index; // store next_index before it's overwritten
+ const u32 fragment_first = ip4_get_fragment_offset_bytes (fip);
+ const u32 fragment_length =
clib_net_to_host_u16 (fip->length) - ip4_header_bytes (fip);
- u32 fragment_last = fvnb->ip.reass.fragment_last =
- fragment_first + fragment_length - 1;
+ const u32 fragment_last = fragment_first + fragment_length - 1;
+ fvnb->ip.reass.fragment_first = fragment_first;
+ fvnb->ip.reass.fragment_last = fragment_last;
int more_fragments = ip4_get_fragment_more (fip);
u32 candidate_range_bi = reass->first_bi;
u32 prev_range_bi = ~0;
- reass->next_index = fvnb->ip.reass.next_index; // store next_index before it's overwritten
fvnb->ip.reass.range_first = fragment_first;
fvnb->ip.reass.range_last = fragment_last;
fvnb->ip.reass.next_range_bi = ~0;
}
else
{
- ip4_reass_key_t k;
- k.src.as_u32 = ip0->src_address.as_u32;
- k.dst.as_u32 = ip0->dst_address.as_u32;
- k.xx_id = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- k.frag_id = ip0->fragment_id;
- k.proto = ip0->protocol;
- k.unused = 0;
- ip4_reass_t *reass =
- ip4_reass_find_or_create (vm, rm, rt, &k, &vec_drop_timeout);
-
- if (reass)
+ const u32 fragment_first = ip4_get_fragment_offset_bytes (ip0);
+ const u32 fragment_length =
+ clib_net_to_host_u16 (ip0->length) - ip4_header_bytes (ip0);
+ const u32 fragment_last = fragment_first + fragment_length - 1;
+ if (fragment_first > fragment_last || fragment_first + fragment_length > UINT16_MAX - 20 || (fragment_length < 8 && ip4_get_fragment_more (ip0))) // 8 is minimum frag length per RFC 791
{
- ip4_reass_update (vm, node, rm, rt, reass, &bi0, &next0,
- &error0, &vec_drop_overlap,
- &vec_drop_compress, is_feature);
+ next0 = IP4_REASSEMBLY_NEXT_DROP;
+ error0 = IP4_ERROR_REASS_MALFORMED_PACKET;
}
else
{
- next0 = IP4_REASSEMBLY_NEXT_DROP;
- error0 = IP4_ERROR_REASS_LIMIT_REACHED;
+ ip4_reass_key_t k;
+ k.as_u64[0] =
+ (u64) vnet_buffer (b0)->sw_if_index[VLIB_RX] << 32 | (u64)
+ ip0->src_address.as_u32;
+ k.as_u64[1] =
+ (u64) ip0->dst_address.
+ as_u32 << 32 | (u64) ip0->fragment_id << 16 | (u64) ip0->
+ protocol << 8;
+
+ ip4_reass_t *reass =
+ ip4_reass_find_or_create (vm, rm, rt, &k,
+ &vec_drop_timeout);
+
+ if (reass)
+ {
+ ip4_reass_update (vm, node, rm, rt, reass, &bi0, &next0,
+ &error0, &vec_drop_overlap,
+ &vec_drop_compress, is_feature);
+ }
+ else
+ {
+ next0 = IP4_REASSEMBLY_NEXT_DROP;
+ error0 = IP4_ERROR_REASS_LIMIT_REACHED;
+ }
}
b0->error = node->errors[error0];
n_left_to_next -= 1;
if (is_feature && IP4_ERROR_NONE == error0)
{
- vnet_feature_next (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ b0 = vlib_get_buffer (vm, bi0);
+ vnet_feature_next (&next0, b0);
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
n_left_to_next, bi0, next0);
#undef _
};
-always_inline uword
+static uword
ip4_reassembly (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
VLIB_NODE_FUNCTION_MULTIARCH (ip4_reass_node, ip4_reassembly);
-always_inline uword
+static uword
ip4_reassembly_feature (vlib_main_t * vm,
vlib_node_runtime_t * node, vlib_frame_t * frame)
{
typedef struct
{
int failure;
- clib_bihash_24_8_t *new_hash;
+ clib_bihash_16_8_t *new_hash;
} ip4_rehash_cb_ctx;
static void
-ip4_rehash_cb (clib_bihash_kv_24_8_t * kv, void *_ctx)
+ip4_rehash_cb (clib_bihash_kv_16_8_t * kv, void *_ctx)
{
ip4_rehash_cb_ctx *ctx = _ctx;
- if (clib_bihash_add_del_24_8 (ctx->new_hash, kv, 1))
+ if (clib_bihash_add_del_16_8 (ctx->new_hash, kv, 1))
{
ctx->failure = 1;
}
u32 new_nbuckets = ip4_reass_get_nbuckets ();
if (ip4_reass_main.max_reass_n > 0 && new_nbuckets > old_nbuckets)
{
- clib_bihash_24_8_t new_hash;
- memset (&new_hash, 0, sizeof (new_hash));
+ clib_bihash_16_8_t new_hash;
+ clib_memset (&new_hash, 0, sizeof (new_hash));
ip4_rehash_cb_ctx ctx;
ctx.failure = 0;
ctx.new_hash = &new_hash;
- clib_bihash_init_24_8 (&new_hash, "ip4-reass", new_nbuckets,
+ clib_bihash_init_16_8 (&new_hash, "ip4-reass", new_nbuckets,
new_nbuckets * 1024);
- clib_bihash_foreach_key_value_pair_24_8 (&ip4_reass_main.hash,
+ clib_bihash_foreach_key_value_pair_16_8 (&ip4_reass_main.hash,
ip4_rehash_cb, &ctx);
if (ctx.failure)
{
- clib_bihash_free_24_8 (&new_hash);
+ clib_bihash_free_16_8 (&new_hash);
return -1;
}
else
{
- clib_bihash_free_24_8 (&ip4_reass_main.hash);
- clib_memcpy (&ip4_reass_main.hash, &new_hash,
- sizeof (ip4_reass_main.hash));
+ clib_bihash_free_16_8 (&ip4_reass_main.hash);
+ clib_memcpy_fast (&ip4_reass_main.hash, &new_hash,
+ sizeof (ip4_reass_main.hash));
}
}
return 0;
rm->vlib_main = vm;
rm->vnet_main = vnet_get_main ();
- vec_validate (rm->per_thread_data, vlib_num_workers () + 1);
+ vec_validate (rm->per_thread_data, vlib_num_workers ());
ip4_reass_per_thread_t *rt;
vec_foreach (rt, rm->per_thread_data)
{
IP4_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS);
nbuckets = ip4_reass_get_nbuckets ();
- clib_bihash_init_24_8 (&rm->hash, "ip4-reass", nbuckets, nbuckets * 1024);
+ clib_bihash_init_16_8 (&rm->hash, "ip4-reass", nbuckets, nbuckets * 1024);
node = vlib_get_node_by_name (vm, (u8 *) "ip4-drop");
ASSERT (node);
uword thread_index = 0;
int index;
- const uword nthreads = os_get_nthreads ();
+ const uword nthreads = vlib_num_workers () + 1;
for (thread_index = 0; thread_index < nthreads; ++thread_index)
{
ip4_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
n_left_to_next -= 1;
IP4_REASS_DEBUG_BUFFER (bi, enqueue_drop_timeout_walk);
}
- f->flags |= (trace_frame * VLIB_FRAME_TRACE);
+ f->frame_flags |= (trace_frame * VLIB_FRAME_TRACE);
vlib_put_frame_to_node (vm, rm->ip4_drop_idx, f);
}
u64 sum_buffers_n = 0;
ip4_reass_t *reass;
uword thread_index;
- const uword nthreads = os_get_nthreads ();
+ const uword nthreads = vlib_num_workers () + 1;
for (thread_index = 0; thread_index < nthreads; ++thread_index)
{
ip4_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];