#include <vnet/srp/srp.h> /* for srp_hw_interface_class */
#include <vnet/api_errno.h> /* for API error numbers */
+/** \file
+ vnet ip4 forwarding
+*/
+
/* This is really, really simple but stupid fib. */
u32
ip4_fib_lookup_with_table (ip4_main_t * im, u32 fib_index,
ip_del_adjacency (lm, old_adj_index);
}
+
+u32
+ip4_route_get_next_hop_adj (ip4_main_t * im,
+ u32 fib_index,
+ ip4_address_t *next_hop,
+ u32 next_hop_sw_if_index,
+ u32 explicit_fib_index)
+{
+ ip_lookup_main_t * lm = &im->lookup_main;
+ vnet_main_t * vnm = vnet_get_main();
+ uword * nh_hash, * nh_result;
+ int is_interface_next_hop;
+ u32 nh_adj_index;
+ ip4_fib_t * fib;
+
+ fib = vec_elt_at_index (im->fibs, fib_index);
+
+ is_interface_next_hop = next_hop->data_u32 == 0;
+ if (is_interface_next_hop)
+ {
+ nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index);
+ if (nh_result)
+ nh_adj_index = *nh_result;
+ else
+ {
+ ip_adjacency_t * adj;
+ adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
+ &nh_adj_index);
+ ip4_adjacency_set_interface_route (vnm, adj, next_hop_sw_if_index, /* if_address_index */ ~0);
+ ip_call_add_del_adjacency_callbacks (lm, nh_adj_index, /* is_del */ 0);
+ hash_set (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index, nh_adj_index);
+ }
+ }
+ else if (next_hop_sw_if_index == ~0)
+ {
+ /* next-hop is recursive. we always need a indirect adj
+ * for recursive paths. Any LPM we perform now will give
+ * us a valid adj, but without tracking the next-hop we
+ * have no way to keep it valid.
+ */
+ ip_adjacency_t add_adj;
+ memset (&add_adj, 0, sizeof(add_adj));
+ add_adj.n_adj = 1;
+ add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
+ add_adj.indirect.next_hop.ip4.as_u32 = next_hop->as_u32;
+ add_adj.explicit_fib_index = explicit_fib_index;
+ ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
+ }
+ else
+ {
+ nh_hash = fib->adj_index_by_dst_address[32];
+ nh_result = hash_get (nh_hash, next_hop->data_u32);
+
+ /* Next hop must be known. */
+ if (! nh_result)
+ {
+ ip_adjacency_t * adj;
+
+ /* no /32 exists, get the longest prefix match */
+ nh_adj_index = ip4_fib_lookup_with_table (im, fib_index,
+ next_hop, 0);
+ adj = ip_get_adjacency (lm, nh_adj_index);
+ /* if ARP interface adjacency is present, we need to
+ install ARP adjaceny for specific next hop */
+ if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
+ adj->arp.next_hop.ip4.as_u32 == 0)
+ {
+ nh_adj_index = vnet_arp_glean_add(fib_index, next_hop);
+ }
+ }
+ else
+ {
+ nh_adj_index = *nh_result;
+ }
+ }
+
+ return (nh_adj_index);
+}
+
void
ip4_add_del_route_next_hop (ip4_main_t * im,
u32 flags,
u32 dst_address_u32, old_mp_adj_index, new_mp_adj_index;
u32 dst_adj_index, nh_adj_index;
uword * dst_hash, * dst_result;
- uword * nh_hash, * nh_result;
ip_adjacency_t * dst_adj;
ip_multipath_adjacency_t * old_mp, * new_mp;
int is_del = (flags & IP4_ROUTE_FLAG_DEL) != 0;
- int is_interface_next_hop;
clib_error_t * error = 0;
if (explicit_fib_index == (u32)~0)
fib_index = explicit_fib_index;
fib = vec_elt_at_index (im->fibs, fib_index);
-
+
/* Lookup next hop to be added or deleted. */
- is_interface_next_hop = next_hop->data_u32 == 0;
if (adj_index == (u32)~0)
{
- if (is_interface_next_hop)
- {
- nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index);
- if (nh_result)
- nh_adj_index = *nh_result;
- else
- {
- ip_adjacency_t * adj;
- adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
- &nh_adj_index);
- ip4_adjacency_set_interface_route (vnm, adj, next_hop_sw_if_index, /* if_address_index */ ~0);
- ip_call_add_del_adjacency_callbacks (lm, nh_adj_index, /* is_del */ 0);
- hash_set (im->interface_route_adj_index_by_sw_if_index, next_hop_sw_if_index, nh_adj_index);
- }
- }
- else
- {
- nh_hash = fib->adj_index_by_dst_address[32];
- nh_result = hash_get (nh_hash, next_hop->data_u32);
-
- /* Next hop must be known. */
- if (! nh_result)
- {
- ip_adjacency_t * adj;
-
- nh_adj_index = ip4_fib_lookup_with_table (im, fib_index,
- next_hop, 0);
- adj = ip_get_adjacency (lm, nh_adj_index);
- /* if ARP interface adjacencty is present, we need to
- install ARP adjaceny for specific next hop */
- if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
- adj->arp.next_hop.ip4.as_u32 == 0)
- {
- nh_adj_index = vnet_arp_glean_add(fib_index, next_hop);
- }
- else
- {
- /* Next hop is not known, so create indirect adj */
- ip_adjacency_t add_adj;
- memset (&add_adj, 0, sizeof(add_adj));
- add_adj.n_adj = 1;
- add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
- add_adj.indirect.next_hop.ip4.as_u32 = next_hop->as_u32;
- add_adj.explicit_fib_index = explicit_fib_index;
- ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
- }
- }
- else
- nh_adj_index = *nh_result;
- }
+ nh_adj_index = ip4_route_get_next_hop_adj(im, fib_index,
+ next_hop,
+ next_hop_sw_if_index,
+ explicit_fib_index);
}
else
{
to existing non-multipath adjacency */
if (dst_adj_index == ~0 && next_hop_weight == 1 && next_hop_sw_if_index == ~0)
{
- /* create new adjacency */
+ /* create / delete additional mapping of existing adjacency */
ip4_add_del_route_args_t a;
+ ip_adjacency_t * nh_adj = ip_get_adjacency (lm, nh_adj_index);
+
a.table_index_or_table_id = fib_index;
a.flags = ((is_del ? IP4_ROUTE_FLAG_DEL : IP4_ROUTE_FLAG_ADD)
| IP4_ROUTE_FLAG_FIB_INDEX
ip4_add_del_route (im, &a);
+ /* adjust share count. This cannot be the only use of the adjacency */
+ nh_adj->share_count += is_del ? -1 : 1;
+
goto done;
}
if (old_mp != new_mp)
{
ip4_add_del_route_args_t a;
+ ip_adjacency_t * adj;
+
a.table_index_or_table_id = fib_index;
a.flags = ((is_del && ! new_mp ? IP4_ROUTE_FLAG_DEL : IP4_ROUTE_FLAG_ADD)
| IP4_ROUTE_FLAG_FIB_INDEX
a.n_add_adj = 0;
ip4_add_del_route (im, &a);
+
+ adj = ip_get_adjacency (lm, new_mp ? new_mp->adj_index : dst_adj_index);
+ if (adj->n_adj == 1)
+ adj->share_count += is_del ? -1 : 1;
}
done:
return frame->n_vectors;
}
+/** \brief IPv4 lookup node.
+ @node ip4-lookup
+
+ This is the main IPv4 lookup dispatch node.
+
+ @param vm vlib_main_t corresponding to the current thread
+ @param node vlib_node_runtime_t
+ @param frame vlib_frame_t whose contents should be dispatched
+
+ @par Graph mechanics: buffer metadata, next index usage
+
+ @em Uses:
+ - <code>vnet_buffer(b)->sw_if_index[VLIB_RX]</code>
+ - Indicates the @c sw_if_index value of the interface that the
+ packet was received on.
+ - <code>vnet_buffer(b)->sw_if_index[VLIB_TX]</code>
+ - When the value is @c ~0 then the node performs a longest prefix
+ match (LPM) for the packet destination address in the FIB attached
+ to the receive interface.
+ - Otherwise perform LPM for the packet destination address in the
+ indicated FIB. In this case <code>[VLIB_TX]</code> is a FIB index
+ value (0, 1, ...) and not a VRF id.
+
+ @em Sets:
+ - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
+ - The lookup result adjacency index.
+
+ <em>Next Index:</em>
+ - Dispatches the packet to the node index found in
+ ip_adjacency_t @c adj->lookup_next_index
+ (where @c adj is the lookup result adjacency).
+*/
static uword
ip4_lookup (vlib_main_t * vm,
vlib_node_runtime_t * node,
ip4_lookup_init (vlib_main_t * vm)
{
ip4_main_t * im = &ip4_main;
+ clib_error_t * error;
uword i;
for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
"ip4 arp");
}
- ip4_feature_init (vm, im);
+ error = ip4_feature_init (vm, im);
- return 0;
+ return error;
}
VLIB_INIT_FUNCTION (ip4_lookup_init);
clib_memcpy (h0->ip4_over_ethernet[0].ethernet, hw_if0->hw_address,
sizeof (h0->ip4_over_ethernet[0].ethernet));
- ip4_src_address_for_packet (im, p0, &h0->ip4_over_ethernet[0].ip4, sw_if_index0);
+ if (ip4_src_address_for_packet (im, p0, &h0->ip4_over_ethernet[0].ip4, sw_if_index0)) {
+ //No source address available
+ p0->error = node->errors[IP4_ARP_ERROR_NO_SOURCE_ADDRESS];
+ vlib_buffer_free(vm, &bi0, 1);
+ continue;
+ }
/* Copy in destination address we are requesting. */
h0->ip4_over_ethernet[1].ip4.data_u32 = ip0->dst_address.data_u32;
[IP4_ARP_ERROR_NON_ARP_ADJ] = "ARPs to non-ARP adjacencies",
[IP4_ARP_ERROR_REPLICATE_DROP] = "ARP replication completed",
[IP4_ARP_ERROR_REPLICATE_FAIL] = "ARP replication failed",
+ [IP4_ARP_ERROR_NO_SOURCE_ADDRESS] = "no source address for ARP request",
};
VLIB_REGISTER_NODE (ip4_arp_node) = {
typedef enum {
IP4_REWRITE_NEXT_DROP,
IP4_REWRITE_NEXT_ARP,
+ IP4_REWRITE_NEXT_ICMP_ERROR,
} ip4_rewrite_next_t;
always_inline uword
ip1 = vlib_buffer_get_current (p1);
error0 = error1 = IP4_ERROR_NONE;
+ next0 = next1 = IP4_REWRITE_NEXT_DROP;
/* Decrement TTL & update checksum.
Works either endian, so no need for byte swap. */
ip0->ttl = ttl0;
ip1->ttl = ttl1;
- error0 = ttl0 <= 0 ? IP4_ERROR_TIME_EXPIRED : error0;
- error1 = ttl1 <= 0 ? IP4_ERROR_TIME_EXPIRED : error1;
+ /*
+ * If the ttl drops below 1 when forwarding, generate
+ * an ICMP response.
+ */
+ if (PREDICT_FALSE(ttl0 <= 0))
+ {
+ error0 = IP4_ERROR_TIME_EXPIRED;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp4_error_set_vnet_buffer(p0, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit, 0);
+ next0 = IP4_REWRITE_NEXT_ICMP_ERROR;
+ }
+ if (PREDICT_FALSE(ttl1 <= 0))
+ {
+ error1 = IP4_ERROR_TIME_EXPIRED;
+ vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp4_error_set_vnet_buffer(p1, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit, 0);
+ next1 = IP4_REWRITE_NEXT_ICMP_ERROR;
+ }
/* Verify checksum. */
ASSERT (ip0->checksum == ip4_header_checksum (ip0));
/* Worth pipelining. No guarantee that adj0,1 are hot... */
rw_len0 = adj0[0].rewrite_header.data_bytes;
rw_len1 = adj1[0].rewrite_header.data_bytes;
- next0 = (error0 == IP4_ERROR_NONE)
- ? adj0[0].rewrite_header.next_index : 0;
+
+ /* Check MTU of outgoing interface. */
+ error0 = (vlib_buffer_length_in_chain (vm, p0) > adj0[0].rewrite_header.max_l3_packet_bytes
+ ? IP4_ERROR_MTU_EXCEEDED
+ : error0);
+ error1 = (vlib_buffer_length_in_chain (vm, p1) > adj1[0].rewrite_header.max_l3_packet_bytes
+ ? IP4_ERROR_MTU_EXCEEDED
+ : error1);
+
+ next0 = (error0 == IP4_ERROR_NONE)
+ ? adj0[0].rewrite_header.next_index : next0;
if (rewrite_for_locally_received_packets)
next0 = next0 && next0_override ? next0_override : next0;
- next1 = (error1 == IP4_ERROR_NONE)
- ? adj1[0].rewrite_header.next_index : 0;
+ next1 = (error1 == IP4_ERROR_NONE)
+ ? adj1[0].rewrite_header.next_index : next1;
if (rewrite_for_locally_received_packets)
next1 = next1 && next1_override ? next1_override : next1;
/* packet increment */ 0,
/* byte increment */ rw_len1-sizeof(ethernet_header_t));
- /* Check MTU of outgoing interface. */
- error0 = (vlib_buffer_length_in_chain (vm, p0) > adj0[0].rewrite_header.max_l3_packet_bytes
- ? IP4_ERROR_MTU_EXCEEDED
- : error0);
- error1 = (vlib_buffer_length_in_chain (vm, p1) > adj1[0].rewrite_header.max_l3_packet_bytes
- ? IP4_ERROR_MTU_EXCEEDED
- : error1);
-
- p0->current_data -= rw_len0;
- p1->current_data -= rw_len1;
-
- p0->current_length += rw_len0;
- p1->current_length += rw_len1;
-
- vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index;
- vnet_buffer (p1)->sw_if_index[VLIB_TX] = adj1[0].rewrite_header.sw_if_index;
-
- p0->error = error_node->errors[error0];
- p1->error = error_node->errors[error1];
+ /* Don't adjust the buffer for ttl issue; icmp-error node wants
+ * to see the IP headerr */
+ if (PREDICT_TRUE(error0 == IP4_ERROR_NONE))
+ {
+ p0->current_data -= rw_len0;
+ p0->current_length += rw_len0;
+ p0->error = error_node->errors[error0];
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] =
+ adj0[0].rewrite_header.sw_if_index;
+ }
+ if (PREDICT_TRUE(error1 == IP4_ERROR_NONE))
+ {
+ p1->current_data -= rw_len1;
+ p1->current_length += rw_len1;
+ p1->error = error_node->errors[error1];
+ vnet_buffer (p1)->sw_if_index[VLIB_TX] =
+ adj1[0].rewrite_header.sw_if_index;
+ }
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip0 = vlib_buffer_get_current (p0);
error0 = IP4_ERROR_NONE;
- next0 = 0; /* drop on error */
+ next0 = IP4_REWRITE_NEXT_DROP; /* drop on error */
/* Decrement TTL & update checksum. */
if (! rewrite_for_locally_received_packets)
ASSERT (ip0->checksum == ip4_header_checksum (ip0));
- error0 = ttl0 <= 0 ? IP4_ERROR_TIME_EXPIRED : error0;
+ if (PREDICT_FALSE(ttl0 <= 0))
+ {
+ /*
+ * If the ttl drops below 1 when forwarding, generate
+ * an ICMP response.
+ */
+ error0 = IP4_ERROR_TIME_EXPIRED;
+ next0 = IP4_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp4_error_set_vnet_buffer(p0, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
}
if (rewrite_for_locally_received_packets)
> adj0[0].rewrite_header.max_l3_packet_bytes
? IP4_ERROR_MTU_EXCEEDED
: error0);
-
+
p0->error = error_node->errors[error0];
- p0->current_data -= rw_len0;
- p0->current_length += rw_len0;
- vnet_buffer (p0)->sw_if_index[VLIB_TX] =
- adj0[0].rewrite_header.sw_if_index;
-
- next0 = (error0 == IP4_ERROR_NONE)
- ? adj0[0].rewrite_header.next_index : 0;
+
+ /* Don't adjust the buffer for ttl issue; icmp-error node wants
+ * to see the IP headerr */
+ if (PREDICT_TRUE(error0 == IP4_ERROR_NONE))
+ {
+ p0->current_data -= rw_len0;
+ p0->current_length += rw_len0;
+
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] =
+ adj0[0].rewrite_header.sw_if_index;
+ next0 = adj0[0].rewrite_header.next_index;
+ }
if (rewrite_for_locally_received_packets)
next0 = next0 && next0_override ? next0_override : next0;
return frame->n_vectors;
}
+
+/** \brief IPv4 transit rewrite node.
+ @node ip4-rewrite-transit
+
+ This is the IPv4 transit-rewrite node: decrement TTL, fix the ipv4
+ header checksum, fetch the ip adjacency, check the outbound mtu,
+ apply the adjacency rewrite, and send pkts to the adjacency
+ rewrite header's rewrite_next_index.
+
+ @param vm vlib_main_t corresponding to the current thread
+ @param node vlib_node_runtime_t
+ @param frame vlib_frame_t whose contents should be dispatched
+
+ @par Graph mechanics: buffer metadata, next index usage
+
+ @em Uses:
+ - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
+ - the rewrite adjacency index
+ - <code>adj->lookup_next_index</code>
+ - Must be IP_LOOKUP_NEXT_REWRITE or IP_LOOKUP_NEXT_ARP, otherwise
+ the packet will be dropped.
+ - <code>adj->rewrite_header</code>
+ - Rewrite string length, rewrite string, next_index
+
+ @em Sets:
+ - <code>b->current_data, b->current_length</code>
+ - Updated net of applying the rewrite string
+
+ <em>Next Indices:</em>
+ - <code> adj->rewrite_header.next_index </code>
+ or @c error-drop
+*/
static uword
ip4_rewrite_transit (vlib_main_t * vm,
vlib_node_runtime_t * node,
/* rewrite_for_locally_received_packets */ 0);
}
+/** \brief IPv4 local rewrite node.
+ @node ip4-rewrite-local
+
+ This is the IPv4 local rewrite node. Fetch the ip adjacency, check
+ the outbound interface mtu, apply the adjacency rewrite, and send
+ pkts to the adjacency rewrite header's rewrite_next_index. Deal
+ with hemorrhoids of the form "some clown sends an icmp4 w/ src =
+ dst = interface addr."
+
+ @param vm vlib_main_t corresponding to the current thread
+ @param node vlib_node_runtime_t
+ @param frame vlib_frame_t whose contents should be dispatched
+
+ @par Graph mechanics: buffer metadata, next index usage
+
+ @em Uses:
+ - <code>vnet_buffer(b)->ip.adj_index[VLIB_RX]</code>
+ - the rewrite adjacency index
+ - <code>adj->lookup_next_index</code>
+ - Must be IP_LOOKUP_NEXT_REWRITE or IP_LOOKUP_NEXT_ARP, otherwise
+ the packet will be dropped.
+ - <code>adj->rewrite_header</code>
+ - Rewrite string length, rewrite string, next_index
+
+ @em Sets:
+ - <code>b->current_data, b->current_length</code>
+ - Updated net of applying the rewrite string
+
+ <em>Next Indices:</em>
+ - <code> adj->rewrite_header.next_index </code>
+ or @c error-drop
+*/
+
static uword
ip4_rewrite_local (vlib_main_t * vm,
vlib_node_runtime_t * node,
.format_trace = format_ip4_rewrite_trace,
- .n_next_nodes = 2,
+ .n_next_nodes = 3,
.next_nodes = {
[IP4_REWRITE_NEXT_DROP] = "error-drop",
[IP4_REWRITE_NEXT_ARP] = "ip4-arp",
+ [IP4_REWRITE_NEXT_ICMP_ERROR] = "ip4-icmp-error",
},
};
Code Review / vpp.git / blobdiff