#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
-#include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
-#include <vnet/ethernet/arp_packet.h> /* for ethernet_arp_header_t */
+/** for ethernet_header_t */
+#include <vnet/ethernet/ethernet.h>
+/** for ethernet_arp_header_t */
+#include <vnet/ethernet/arp_packet.h>
#include <vnet/ppp/ppp.h>
-#include <vnet/srp/srp.h> /* for srp_hw_interface_class */
-#include <vnet/api_errno.h> /* for API error numbers */
+/** for srp_hw_interface_class */
+#include <vnet/srp/srp.h>
+/** for API error numbers */
+#include <vnet/api_errno.h>
-/** \file
- vnet ip4 forwarding
+/** @file
+ vnet ip4 forwarding
*/
/* This is really, really simple but stupid fib. */
goto done;
}
}
-
+
/* Nothing matches in table. */
ai = lm->miss_adj_index;
return ai;
}
+/** @brief Create FIB from table ID and init all hashing.
+ @param im - @ref ip4_main_t
+ @param table_id - table ID
+ @return fib - @ref ip4_fib_t
+*/
static ip4_fib_t *
create_fib_with_table_id (ip4_main_t * im, u32 table_id)
{
vec_add2 (im->fibs, fib, 1);
fib->table_id = table_id;
fib->index = fib - im->fibs;
+ /* IP_FLOW_HASH_DEFAULT is net value of 5 tuple flags without "reverse" bit */
fib->flow_hash_config = IP_FLOW_HASH_DEFAULT;
fib->fwd_classify_table_index = ~0;
fib->rev_classify_table_index = ~0;
return fib;
}
+/** @brief Find existing or Create new FIB based on index
+ @param im @ref ip4_main_t
+ @param table_index_or_id - overloaded parameter referring
+ to the table or a table's index in the FIB vector
+ @param flags - used to check if table_index_or_id was a table or
+ an index (detected by @ref IP4_ROUTE_FLAG_FIB_INDEX)
+ @return either the existing or a new ip4_fib_t entry
+*/
ip4_fib_t *
-find_ip4_fib_by_table_index_or_id (ip4_main_t * im,
+find_ip4_fib_by_table_index_or_id (ip4_main_t * im,
u32 table_index_or_id, u32 flags)
{
uword * p, fib_index;
fib_index = table_index_or_id;
+ /* If this isn't a FIB_INDEX ... */
if (! (flags & IP4_ROUTE_FLAG_FIB_INDEX))
{
+ /* If passed ~0 then request the next table available */
if (table_index_or_id == ~0) {
table_index_or_id = 0;
while ((p = hash_get (im->fib_index_by_table_id, table_index_or_id))) {
table_index_or_id++;
}
- return create_fib_with_table_id (im, table_index_or_id);
+ /* Create the next table and return the ip4_fib_t associated with it */
+ return create_fib_with_table_id (im, table_index_or_id);
}
-
+ /* A specific table_id was requested.. */
p = hash_get (im->fib_index_by_table_id, table_index_or_id);
+ /* ... and if it doesn't exist create it else grab its index */
if (! p)
return create_fib_with_table_id (im, table_index_or_id);
fib_index = p[0];
}
+ /* Return the ip4_fib_t associated with this index */
return vec_elt_at_index (im->fibs, fib_index);
}
fib->new_hash_values);
p = hash_get (hash, dst_address_u32);
- clib_memcpy (p, fib->new_hash_values, vec_bytes (fib->new_hash_values));
+ /* hash_get should never return NULL here */
+ if (p)
+ clib_memcpy (p, fib->new_hash_values,
+ vec_bytes (fib->new_hash_values));
+ else
+ ASSERT(0);
}
}
ip_del_adjacency (lm, old_adj_index);
}
+
+u32
+ip4_route_get_next_hop_adj (ip4_main_t * im,
+ u32 fib_index,
+ ip4_address_t *next_hop,
+ u32 next_hop_sw_if_index,
+ u32 explicit_fib_index)
+{
+ ip_lookup_main_t * lm = &im->lookup_main;
+ vnet_main_t * vnm = vnet_get_main();
+ uword * nh_hash, * nh_result;
+ int is_interface_next_hop;
+ u32 nh_adj_index;
+ ip4_fib_t * fib;
+
+ fib = vec_elt_at_index (im->fibs, fib_index);
+
+ is_interface_next_hop = next_hop->data_u32 == 0;
+ if (is_interface_next_hop)
+ {
+ nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index);
+ if (nh_result)
+ nh_adj_index = *nh_result;
+ else
+ {
+ ip_adjacency_t * adj;
+ adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
+ &nh_adj_index);
+ ip4_adjacency_set_interface_route (vnm, adj, next_hop_sw_if_index, /* if_address_index */ ~0);
+ ip_call_add_del_adjacency_callbacks (lm, nh_adj_index, /* is_del */ 0);
+ hash_set (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index, nh_adj_index);
+ }
+ }
+ else if (next_hop_sw_if_index == ~0)
+ {
+ /* next-hop is recursive. we always need a indirect adj
+ * for recursive paths. Any LPM we perform now will give
+ * us a valid adj, but without tracking the next-hop we
+ * have no way to keep it valid.
+ */
+ ip_adjacency_t add_adj;
+ memset (&add_adj, 0, sizeof(add_adj));
+ add_adj.n_adj = 1;
+ add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
+ add_adj.indirect.next_hop.ip4.as_u32 = next_hop->as_u32;
+ add_adj.explicit_fib_index = explicit_fib_index;
+ ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
+ }
+ else
+ {
+ nh_hash = fib->adj_index_by_dst_address[32];
+ nh_result = hash_get (nh_hash, next_hop->data_u32);
+
+ /* Next hop must be known. */
+ if (! nh_result)
+ {
+ ip_adjacency_t * adj;
+
+ /* no /32 exists, get the longest prefix match */
+ nh_adj_index = ip4_fib_lookup_with_table (im, fib_index,
+ next_hop, 0);
+ adj = ip_get_adjacency (lm, nh_adj_index);
+ /* if ARP interface adjacency is present, we need to
+ install ARP adjaceny for specific next hop */
+ if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
+ adj->arp.next_hop.ip4.as_u32 == 0)
+ {
+ nh_adj_index = vnet_arp_glean_add(fib_index, next_hop);
+ }
+ }
+ else
+ {
+ nh_adj_index = *nh_result;
+ }
+ }
+
+ return (nh_adj_index);
+}
+
void
ip4_add_del_route_next_hop (ip4_main_t * im,
u32 flags,
u32 dst_address_u32, old_mp_adj_index, new_mp_adj_index;
u32 dst_adj_index, nh_adj_index;
uword * dst_hash, * dst_result;
- uword * nh_hash, * nh_result;
ip_adjacency_t * dst_adj;
ip_multipath_adjacency_t * old_mp, * new_mp;
int is_del = (flags & IP4_ROUTE_FLAG_DEL) != 0;
- int is_interface_next_hop;
clib_error_t * error = 0;
if (explicit_fib_index == (u32)~0)
fib_index = explicit_fib_index;
fib = vec_elt_at_index (im->fibs, fib_index);
-
+
/* Lookup next hop to be added or deleted. */
- is_interface_next_hop = next_hop->data_u32 == 0;
if (adj_index == (u32)~0)
{
- if (is_interface_next_hop)
- {
- nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index);
- if (nh_result)
- nh_adj_index = *nh_result;
- else
- {
- ip_adjacency_t * adj;
- adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
- &nh_adj_index);
- ip4_adjacency_set_interface_route (vnm, adj, next_hop_sw_if_index, /* if_address_index */ ~0);
- ip_call_add_del_adjacency_callbacks (lm, nh_adj_index, /* is_del */ 0);
- hash_set (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index, nh_adj_index);
- }
- }
- else
- {
- nh_hash = fib->adj_index_by_dst_address[32];
- nh_result = hash_get (nh_hash, next_hop->data_u32);
-
- /* Next hop must be known. */
- if (! nh_result)
- {
- ip_adjacency_t * adj;
-
- nh_adj_index = ip4_fib_lookup_with_table (im, fib_index,
- next_hop, 0);
- adj = ip_get_adjacency (lm, nh_adj_index);
- /* if ARP interface adjacencty is present, we need to
- install ARP adjaceny for specific next hop */
- if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
- adj->arp.next_hop.ip4.as_u32 == 0)
- {
- nh_adj_index = vnet_arp_glean_add(fib_index, next_hop);
- }
- else
- {
- /* Next hop is not known, so create indirect adj */
- ip_adjacency_t add_adj;
- memset (&add_adj, 0, sizeof(add_adj));
- add_adj.n_adj = 1;
- add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
- add_adj.indirect.next_hop.ip4.as_u32 = next_hop->as_u32;
- add_adj.explicit_fib_index = explicit_fib_index;
- ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
- }
- }
- else
- nh_adj_index = *nh_result;
- }
+ nh_adj_index = ip4_route_get_next_hop_adj(im, fib_index,
+ next_hop,
+ next_hop_sw_if_index,
+ explicit_fib_index);
}
else
{
{
/* create / delete additional mapping of existing adjacency */
ip4_add_del_route_args_t a;
- ip_adjacency_t * nh_adj = ip_get_adjacency (lm, nh_adj_index);
a.table_index_or_table_id = fib_index;
a.flags = ((is_del ? IP4_ROUTE_FLAG_DEL : IP4_ROUTE_FLAG_ADD)
a.n_add_adj = 0;
ip4_add_del_route (im, &a);
-
- /* adjust share count. This cannot be the only use of the adjacency */
- nh_adj->share_count += is_del ? -1 : 1;
-
goto done;
}
return frame->n_vectors;
}
-/** \brief IPv4 lookup node.
+/** @brief IPv4 lookup node.
@node ip4-lookup
This is the main IPv4 lookup dispatch node.
VNET_IP4_UNICAST_FEATURE_INIT (ip4_source_check_2, static) = {
.node_name = "ip4-source-check-via-any",
- .runs_before = {"ipsec-input-ip4", 0},
+ .runs_before = {"ip4-policer-classify", 0},
.feature_index =
&ip4_main.ip4_unicast_rx_feature_source_reachable_via_any,
};
+VNET_IP4_UNICAST_FEATURE_INIT (ip4_source_and_port_range_check, static) = {
+ .node_name = "ip4-source-and-port-range-check",
+ .runs_before = {"ip4-policer-classify", 0},
+ .feature_index =
+ &ip4_main.ip4_unicast_rx_feature_source_and_port_range_check,
+};
+
+VNET_IP4_UNICAST_FEATURE_INIT (ip4_policer_classify, static) = {
+ .node_name = "ip4-policer-classify",
+ .runs_before = {"ipsec-input-ip4", 0},
+ .feature_index =
+ &ip4_main.ip4_unicast_rx_feature_policer_classify,
+};
+
VNET_IP4_UNICAST_FEATURE_INIT (ip4_ipsec, static) = {
.node_name = "ipsec-input-ip4",
.runs_before = {"vpath-input-ip4", 0},
}
-/** \brief IPv4 transit rewrite node.
+/** @brief IPv4 transit rewrite node.
@node ip4-rewrite-transit
This is the IPv4 transit-rewrite node: decrement TTL, fix the ipv4
/* rewrite_for_locally_received_packets */ 0);
}
-/** \brief IPv4 local rewrite node.
+/** @brief IPv4 local rewrite node.
@node ip4-rewrite-local
This is the IPv4 local rewrite node. Fetch the ip adjacency, check