/* All TCP nodes have the same outgoing arcs */
#define foreach_tcp_state_next \
- _ (DROP, "error-drop") \
+ _ (DROP4, "ip4-drop") \
+ _ (DROP6, "ip6-drop") \
_ (TCP4_OUTPUT, "tcp4-output") \
_ (TCP6_OUTPUT, "tcp6-output")
#define tcp_next_output(is_ip4) (is_ip4 ? TCP_NEXT_TCP4_OUTPUT \
: TCP_NEXT_TCP6_OUTPUT)
+#define tcp_next_drop(is_ip4) (is_ip4 ? TCP_NEXT_DROP4 \
+ : TCP_NEXT_DROP6)
+
vlib_node_registration_t tcp4_established_node;
vlib_node_registration_t tcp6_established_node;
return TCP_ERROR_PURE_ACK;
}
- written = stream_session_enqueue_data (&tc->connection, b, 0,
- 1 /* queue event */ , 1);
+ written = session_enqueue_stream_connection (&tc->connection, b, 0,
+ 1 /* queue event */ , 1);
TCP_EVT_DBG (TCP_EVT_INPUT, tc, 0, data_len, written);
}
/* Enqueue out-of-order data with relative offset */
- rv = stream_session_enqueue_data (&tc->connection, b,
- vnet_buffer (b)->tcp.seq_number -
- tc->rcv_nxt, 0 /* queue event */ , 0);
+ rv = session_enqueue_stream_connection (&tc->connection, b,
+ vnet_buffer (b)->tcp.seq_number -
+ tc->rcv_nxt, 0 /* queue event */ ,
+ 0);
/* Nothing written */
if (rv)
if (seq_lt (vnet_buffer (b)->tcp.seq_number, tc->rcv_nxt))
{
error = TCP_ERROR_SEGMENT_OLD;
- *next0 = TCP_NEXT_DROP;
+ *next0 = tcp_next_drop (tc->c_is_ip4);
/* Completely in the past (possible retransmit) */
if (seq_leq (vnet_buffer (b)->tcp.seq_end, tc->rcv_nxt))
}
always_inline void
-tcp_established_inc_counter (vlib_main_t * vm, u8 is_ip4, u8 evt, u8 val)
+tcp_node_inc_counter (vlib_main_t * vm, u32 tcp4_node, u32 tcp6_node,
+ u8 is_ip4, u8 evt, u8 val)
{
if (PREDICT_TRUE (!val))
return;
if (is_ip4)
- vlib_node_increment_counter (vm, tcp4_established_node.index, evt, val);
+ vlib_node_increment_counter (vm, tcp4_node, evt, val);
else
- vlib_node_increment_counter (vm, tcp6_established_node.index, evt, val);
+ vlib_node_increment_counter (vm, tcp6_node, evt, val);
}
always_inline uword
vlib_buffer_t *b0;
tcp_header_t *th0 = 0;
tcp_connection_t *tc0;
- u32 next0 = TCP_ESTABLISHED_NEXT_DROP, error0 = TCP_ERROR_ENQUEUED;
+ u32 next0 = tcp_next_drop (is_ip4), error0 = TCP_ERROR_ENQUEUED;
bi0 = from[0];
to_next[0] = bi0;
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- errors = session_manager_flush_enqueue_events (my_thread_index);
- tcp_established_inc_counter (vm, is_ip4, TCP_ERROR_EVENT_FIFO_FULL, errors);
+ errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_TCP,
+ my_thread_index);
+ tcp_node_inc_counter (vm, is_ip4, tcp4_established_node.index,
+ tcp6_established_node.index,
+ TCP_ERROR_EVENT_FIFO_FULL, errors);
tcp_flush_frame_to_output (vm, my_thread_index, is_ip4);
return from_frame->n_vectors;
if (!tc)
return 1;
+ /* Proxy case */
+ if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN)
+ return 1;
+
u8 is_valid = (tc->c_lcl_port == hdr->dst_port
&& (tc->state == TCP_STATE_LISTEN
|| tc->c_rmt_port == hdr->src_port));
{
handle = session_lookup_half_open_handle (&tc->connection);
tmp = session_lookup_half_open_connection (handle & 0xFFFFFFFF,
- tc->c_transport_proto,
- tc->c_is_ip4);
+ tc->c_proto, tc->c_is_ip4);
if (tmp)
{
tcp_header_t *tcp;
transport_connection_t *tconn;
tcp_connection_t *tc;
+ u8 is_filtered = 0;
if (is_ip4)
{
ip4_header_t *ip4;
tcp->dst_port,
tcp->src_port,
TRANSPORT_PROTO_TCP,
- thread_index);
+ thread_index, &is_filtered);
tc = tcp_get_connection_from_transport (tconn);
ASSERT (tcp_lookup_is_valid (tc, tcp));
}
tcp->dst_port,
tcp->src_port,
TRANSPORT_PROTO_TCP,
- thread_index);
+ thread_index, &is_filtered);
tc = tcp_get_connection_from_transport (tconn);
ASSERT (tcp_lookup_is_valid (tc, tcp));
}
tcp_header_t *tcp0 = 0;
tcp_connection_t *tc0;
tcp_connection_t *new_tc0;
- u32 next0 = TCP_SYN_SENT_NEXT_DROP, error0 = TCP_ERROR_ENQUEUED;
+ u32 next0 = tcp_next_drop (is_ip4), error0 = TCP_ERROR_ENQUEUED;
bi0 = from[0];
to_next[0] = bi0;
/* Notify app that we have connection. If session layer can't
* allocate session send reset */
- if (stream_session_connect_notify (&new_tc0->connection, 0))
+ if (session_stream_connect_notify (&new_tc0->connection, 0))
{
clib_warning ("connect notify fail");
tcp_send_reset_w_pkt (new_tc0, b0, is_ip4);
new_tc0->state = TCP_STATE_SYN_RCVD;
/* Notify app that we have connection */
- if (stream_session_connect_notify (&new_tc0->connection, 0))
+ if (session_stream_connect_notify (&new_tc0->connection, 0))
{
tcp_connection_cleanup (new_tc0);
tcp_send_reset_w_pkt (tc0, b0, is_ip4);
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- errors = session_manager_flush_enqueue_events (my_thread_index);
- if (errors)
- {
- if (is_ip4)
- vlib_node_increment_counter (vm, tcp4_established_node.index,
- TCP_ERROR_EVENT_FIFO_FULL, errors);
- else
- vlib_node_increment_counter (vm, tcp6_established_node.index,
- TCP_ERROR_EVENT_FIFO_FULL, errors);
- }
-
+ errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_TCP,
+ my_thread_index);
+ tcp_node_inc_counter (vm, is_ip4, tcp4_syn_sent_node.index,
+ tcp6_syn_sent_node.index,
+ TCP_ERROR_EVENT_FIFO_FULL, errors);
return from_frame->n_vectors;
}
VLIB_NODE_FUNCTION_MULTIARCH (tcp6_syn_sent_node, tcp6_syn_sent_rcv);
+vlib_node_registration_t tcp4_rcv_process_node;
+vlib_node_registration_t tcp6_rcv_process_node;
+
/**
* Handles reception for all states except LISTEN, SYN-SENT and ESTABLISHED
* as per RFC793 p. 64
vlib_buffer_t *b0;
tcp_header_t *tcp0 = 0;
tcp_connection_t *tc0;
- u32 next0 = TCP_RCV_PROCESS_NEXT_DROP, error0 = TCP_ERROR_ENQUEUED;
+ u32 next0 = tcp_next_drop (is_ip4), error0 = TCP_ERROR_ENQUEUED;
u8 is_fin0;
bi0 = from[0];
/* Switch state to ESTABLISHED */
tc0->state = TCP_STATE_ESTABLISHED;
+ TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
/* Initialize session variables */
tc0->snd_una = vnet_buffer (b0)->tcp.ack_number;
<< tc0->rcv_opts.wscale;
tc0->snd_wl1 = vnet_buffer (b0)->tcp.seq_number;
tc0->snd_wl2 = vnet_buffer (b0)->tcp.ack_number;
- stream_session_accept_notify (&tc0->connection);
/* Reset SYN-ACK retransmit and SYN_RCV establish timers */
tcp_retransmit_timer_reset (tc0);
tcp_timer_reset (tc0, TCP_TIMER_ESTABLISH);
- TCP_EVT_DBG (TCP_EVT_STATE_CHANGE, tc0);
+
+ stream_session_accept_notify (&tc0->connection);
break;
case TCP_STATE_ESTABLISHED:
/* We can get packets in established state here because they
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- errors = session_manager_flush_enqueue_events (my_thread_index);
- if (errors)
- {
- if (is_ip4)
- vlib_node_increment_counter (vm, tcp4_established_node.index,
- TCP_ERROR_EVENT_FIFO_FULL, errors);
- else
- vlib_node_increment_counter (vm, tcp6_established_node.index,
- TCP_ERROR_EVENT_FIFO_FULL, errors);
- }
+ errors = session_manager_flush_enqueue_events (TRANSPORT_PROTO_TCP,
+ my_thread_index);
+ tcp_node_inc_counter (vm, is_ip4, tcp4_rcv_process_node.index,
+ tcp6_rcv_process_node.index,
+ TCP_ERROR_EVENT_FIFO_FULL, errors);
return from_frame->n_vectors;
}
ip4_header_t *ip40;
ip6_header_t *ip60;
tcp_connection_t *child0;
- u32 error0 = TCP_ERROR_SYNS_RCVD, next0 = TCP_LISTEN_NEXT_DROP;
+ u32 error0 = TCP_ERROR_SYNS_RCVD, next0 = tcp_next_drop (is_ip4);
bi0 = from[0];
to_next[0] = bi0;
/* Create child session and send SYN-ACK */
child0 = tcp_connection_new (my_thread_index);
- child0->c_lcl_port = lc0->c_lcl_port;
+ child0->c_lcl_port = th0->dst_port;
child0->c_rmt_port = th0->src_port;
child0->c_is_ip4 = is_ip4;
child0->state = TCP_STATE_SYN_RCVD;
sizeof (ip6_address_t));
}
- if (stream_session_accept (&child0->connection, lc0->c_s_index,
- 0 /* notify */ ))
- {
- clib_warning ("session accept fail");
- tcp_connection_cleanup (child0);
- error0 = TCP_ERROR_CREATE_SESSION_FAIL;
- goto drop;
- }
-
if (tcp_options_parse (th0, &child0->rcv_opts))
{
clib_warning ("options parse fail");
tcp_connection_init_vars (child0);
TCP_EVT_DBG (TCP_EVT_SYN_RCVD, child0, 1);
+ if (stream_session_accept (&child0->connection, lc0->c_s_index,
+ 0 /* notify */ ))
+ {
+ clib_warning ("session accept fail");
+ tcp_connection_cleanup (child0);
+ error0 = TCP_ERROR_CREATE_SESSION_FAIL;
+ goto drop;
+ }
+
/* Reuse buffer to make syn-ack and send */
tcp_make_synack (child0, b0);
next0 = tcp_next_output (is_ip4);
} tcp_input_next_t;
#define foreach_tcp4_input_next \
- _ (DROP, "error-drop") \
+ _ (DROP, "ip4-drop") \
_ (LISTEN, "tcp4-listen") \
_ (RCV_PROCESS, "tcp4-rcv-process") \
_ (SYN_SENT, "tcp4-syn-sent") \
_ (ESTABLISHED, "tcp4-established") \
_ (RESET, "tcp4-reset") \
- _ (PUNT, "error-punt")
+ _ (PUNT, "ip4-punt")
#define foreach_tcp6_input_next \
- _ (DROP, "error-drop") \
+ _ (DROP, "ip6-drop") \
_ (LISTEN, "tcp6-listen") \
_ (RCV_PROCESS, "tcp6-rcv-process") \
_ (SYN_SENT, "tcp6-syn-sent") \
_ (ESTABLISHED, "tcp6-established") \
_ (RESET, "tcp6-reset") \
- _ (PUNT, "error-punt")
+ _ (PUNT, "ip6-punt")
#define filter_flags (TCP_FLAG_SYN|TCP_FLAG_ACK|TCP_FLAG_RST|TCP_FLAG_FIN)
ip4_header_t *ip40;
ip6_header_t *ip60;
u32 error0 = TCP_ERROR_NO_LISTENER, next0 = TCP_INPUT_NEXT_DROP;
- u8 flags0;
+ u8 flags0, is_filtered = 0;
bi0 = from[0];
to_next[0] = bi0;
+ tcp_header_bytes (tcp0));
n_data_bytes0 = clib_net_to_host_u16 (ip40->length)
- n_advance_bytes0;
- tconn =
- session_lookup_connection_wt4 (fib_index0, &ip40->dst_address,
- &ip40->src_address,
- tcp0->dst_port, tcp0->src_port,
- TRANSPORT_PROTO_TCP,
- my_thread_index);
- tc0 = tcp_get_connection_from_transport (tconn);
- ASSERT (tcp_lookup_is_valid (tc0, tcp0));
+ tconn = session_lookup_connection_wt4 (fib_index0,
+ &ip40->dst_address,
+ &ip40->src_address,
+ tcp0->dst_port,
+ tcp0->src_port,
+ TRANSPORT_PROTO_TCP,
+ my_thread_index,
+ &is_filtered);
}
else
{
n_data_bytes0 = clib_net_to_host_u16 (ip60->payload_length)
- n_advance_bytes0;
n_advance_bytes0 += sizeof (ip60[0]);
- tconn =
- session_lookup_connection_wt6 (fib_index0, &ip60->dst_address,
- &ip60->src_address,
- tcp0->dst_port, tcp0->src_port,
- TRANSPORT_PROTO_TCP,
- my_thread_index);
- tc0 = tcp_get_connection_from_transport (tconn);
- ASSERT (tcp_lookup_is_valid (tc0, tcp0));
+ tconn = session_lookup_connection_wt6 (fib_index0,
+ &ip60->dst_address,
+ &ip60->src_address,
+ tcp0->dst_port,
+ tcp0->src_port,
+ TRANSPORT_PROTO_TCP,
+ my_thread_index,
+ &is_filtered);
}
/* Length check */
goto done;
}
+ vnet_buffer (b0)->tcp.hdr_offset = (u8 *) tcp0
+ - (u8 *) vlib_buffer_get_current (b0);
+
/* Session exists */
- if (PREDICT_TRUE (0 != tc0))
+ if (PREDICT_TRUE (0 != tconn))
{
+ tc0 = tcp_get_connection_from_transport (tconn);
+ ASSERT (tcp_lookup_is_valid (tc0, tcp0));
+
/* Save connection index */
vnet_buffer (b0)->tcp.connection_index = tc0->c_c_index;
vnet_buffer (b0)->tcp.seq_number =
vnet_buffer (b0)->tcp.ack_number =
clib_net_to_host_u32 (tcp0->ack_number);
- vnet_buffer (b0)->tcp.hdr_offset = (u8 *) tcp0
- - (u8 *) vlib_buffer_get_current (b0);
vnet_buffer (b0)->tcp.data_offset = n_advance_bytes0;
vnet_buffer (b0)->tcp.data_len = n_data_bytes0;
}
else
{
- if ((is_ip4 && tm->punt_unknown4) ||
- (!is_ip4 && tm->punt_unknown6))
+ if (is_filtered)
+ {
+ next0 = TCP_INPUT_NEXT_DROP;
+ error0 = TCP_ERROR_FILTERED;
+ }
+ else if ((is_ip4 && tm->punt_unknown4) ||
+ (!is_ip4 && tm->punt_unknown6))
{
next0 = TCP_INPUT_NEXT_PUNT;
error0 = TCP_ERROR_PUNT;
next0 = TCP_INPUT_NEXT_RESET;
error0 = TCP_ERROR_NO_LISTENER;
}
+ tc0 = 0;
}
done:
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
{
- tcp_rx_trace_t *t0 =
- vlib_add_trace (vm, node, b0, sizeof (*t0));
+ tcp_rx_trace_t *t0;
+ t0 = vlib_add_trace (vm, node, b0, sizeof (*t0));
tcp_set_rx_trace_data (t0, tc0, tcp0, b0, is_ip4);
}
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,