}
}
+u32
+ip6_route_get_next_hop_adj (ip6_main_t * im,
+ u32 fib_index,
+ ip6_address_t *next_hop,
+ u32 next_hop_sw_if_index,
+ u32 explicit_fib_index)
+{
+ ip_lookup_main_t * lm = &im->lookup_main;
+ vnet_main_t * vnm = vnet_get_main();
+ int is_interface_next_hop;
+ uword * nh_result;
+ u32 nh_adj_index;
+ ip6_fib_t * fib;
+
+ fib = vec_elt_at_index (im->fibs, fib_index);
+
+ is_interface_next_hop = ip6_address_is_zero (next_hop);
+
+ if (is_interface_next_hop)
+ {
+ nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index,
+ next_hop_sw_if_index);
+ if (nh_result)
+ nh_adj_index = *nh_result;
+ else
+ {
+ ip_adjacency_t * adj;
+ adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
+ &nh_adj_index);
+ ip6_adjacency_set_interface_route (vnm, adj,
+ next_hop_sw_if_index, ~0);
+ ip_call_add_del_adjacency_callbacks
+ (lm, next_hop_sw_if_index, /* is_del */ 0);
+ hash_set (im->interface_route_adj_index_by_sw_if_index,
+ next_hop_sw_if_index, nh_adj_index);
+ }
+ }
+ else if (next_hop_sw_if_index == ~0)
+ {
+ /* next-hop is recursive. we always need a indirect adj
+ * for recursive paths. Any LPM we perform now will give
+ * us a valid adj, but without tracking the next-hop we
+ * have no way to keep it valid.
+ */
+ ip_adjacency_t add_adj;
+ memset (&add_adj, 0, sizeof(add_adj));
+ add_adj.n_adj = 1;
+ add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
+ add_adj.indirect.next_hop.ip6.as_u64[0] = next_hop->as_u64[0];
+ add_adj.indirect.next_hop.ip6.as_u64[1] = next_hop->as_u64[1];
+ add_adj.explicit_fib_index = explicit_fib_index;
+ ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
+ }
+ else
+ {
+ BVT(clib_bihash_kv) kv, value;
+
+ /* Look for the interface /128 route */
+ kv.key[0] = next_hop->as_u64[0];
+ kv.key[1] = next_hop->as_u64[1];
+ kv.key[2] = ((u64)((fib - im->fibs))<<32) | 128;
+after_nd:
+ if (BV(clib_bihash_search)(&im->ip6_lookup_table, &kv, &value) < 0)
+ {
+ ip_adjacency_t * adj;
+ nh_adj_index = ip6_fib_lookup_with_table (im, fib_index, next_hop);
+ adj = ip_get_adjacency (lm, nh_adj_index);
+ /* if ND interface adjacencty is present, we need to
+ install ND adjaceny for specific next hop */
+ if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
+ adj->arp.next_hop.ip6.as_u64[0] == 0 &&
+ adj->arp.next_hop.ip6.as_u64[1] == 0)
+ {
+ nh_adj_index = vnet_ip6_neighbor_glean_add(fib_index, next_hop);
+ }
+ else if (next_hop->as_u8[0] == 0xfe)
+ {
+ //Next hop is link-local. No indirect in this case.
+ //Let's add it as a possible neighbor on this interface
+ ip6_address_t null_addr= {};
+ ip6_add_del_route_next_hop (im, IP6_ROUTE_FLAG_ADD,
+ next_hop, 128,
+ &null_addr, next_hop_sw_if_index,
+ 1, ~0, fib_index);
+ goto after_nd;
+ }
+ }
+ else
+ {
+ nh_adj_index = value.value;
+ }
+ }
+
+ return (nh_adj_index);
+}
+
void
ip6_add_del_route_next_hop (ip6_main_t * im,
u32 flags,
ip_adjacency_t * dst_adj;
ip_multipath_adjacency_t * old_mp, * new_mp;
int is_del = (flags & IP6_ROUTE_FLAG_DEL) != 0;
- int is_interface_next_hop;
clib_error_t * error = 0;
- uword * nh_result;
BVT(clib_bihash_kv) kv, value;
vlib_smp_unsafe_warning();
fib = vec_elt_at_index (im->fibs, fib_index);
/* Lookup next hop to be added or deleted. */
- is_interface_next_hop = ip6_address_is_zero (next_hop);
if (adj_index == (u32)~0)
{
- if (is_interface_next_hop)
- {
- nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index,
- next_hop_sw_if_index);
- if (nh_result)
- nh_adj_index = *nh_result;
- else
- {
- ip_adjacency_t * adj;
- adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
- &nh_adj_index);
- ip6_adjacency_set_interface_route (vnm, adj,
- next_hop_sw_if_index, ~0);
- ip_call_add_del_adjacency_callbacks
- (lm, nh_adj_index, /* is_del */ 0);
- hash_set (im->interface_route_adj_index_by_sw_if_index,
- next_hop_sw_if_index, nh_adj_index);
- }
- }
- else
- {
- /* Look for the interface /128 route */
- kv.key[0] = next_hop->as_u64[0];
- kv.key[1] = next_hop->as_u64[1];
- kv.key[2] = ((u64)((fib - im->fibs))<<32) | 128;
-
- if (BV(clib_bihash_search)(&im->ip6_lookup_table, &kv, &value) < 0)
- {
- ip_adjacency_t * adj;
- nh_adj_index = ip6_fib_lookup_with_table (im, fib_index, next_hop);
- adj = ip_get_adjacency (lm, nh_adj_index);
- /* if ND interface adjacencty is present, we need to
- install ND adjaceny for specific next hop */
- if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
- adj->arp.next_hop.ip6.as_u64[0] == 0 &&
- adj->arp.next_hop.ip6.as_u64[1] == 0)
- {
- nh_adj_index = vnet_ip6_neighbor_glean_add(fib_index, next_hop);
- }
- else
- {
- ip_adjacency_t add_adj;
- memset (&add_adj, 0, sizeof(add_adj));
- add_adj.n_adj = 1;
- add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
- add_adj.indirect.next_hop.ip6.as_u64[0] = next_hop->as_u64[0];
- add_adj.indirect.next_hop.ip6.as_u64[1] = next_hop->as_u64[1];
- add_adj.explicit_fib_index = explicit_fib_index;
- ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
- }
- }
- else
- nh_adj_index = value.value;
-
- }
+ nh_adj_index = ip6_route_get_next_hop_adj(im, fib_index,
+ next_hop,
+ next_hop_sw_if_index,
+ explicit_fib_index);
}
else
{
to existing non-multipath adjacency */
if (dst_adj_index == ~0 && next_hop_weight == 1 && next_hop_sw_if_index == ~0)
{
- /* create new adjacency */
+ /* create / delete additional mapping of existing adjacency */
ip6_add_del_route_args_t a;
+
a.table_index_or_table_id = fib_index;
a.flags = ((is_del ? IP6_ROUTE_FLAG_DEL : IP6_ROUTE_FLAG_ADD)
| IP6_ROUTE_FLAG_FIB_INDEX
if (old_mp != new_mp)
{
ip6_add_del_route_args_t a;
+ ip_adjacency_t * adj;
+
a.table_index_or_table_id = fib_index;
a.flags = ((is_del ? IP6_ROUTE_FLAG_DEL : IP6_ROUTE_FLAG_ADD)
| IP6_ROUTE_FLAG_FIB_INDEX
a.n_add_adj = 0;
ip6_add_del_route (im, &a);
+
+ adj = ip_get_adjacency (lm, new_mp ? new_mp->adj_index : dst_adj_index);
+ if (adj->n_adj == 1)
+ adj->share_count += is_del ? -1 : 1;
}
done:
ip0 = vlib_buffer_get_current (p0);
ip1 = vlib_buffer_get_current (p1);
- if (is_indirect)
+ if (PREDICT_FALSE(is_indirect))
{
ip_adjacency_t * iadj0, * iadj1;
iadj0 = ip_get_adjacency (lm, vnet_buffer(p0)->ip.adj_index[VLIB_TX]);
/* Only process the HBH Option Header if explicitly configured to do so */
next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled &&
- adj_index0 ? IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
+ adj_index0 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
next1 = (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled &&
- adj_index1 ? IP6_LOOKUP_NEXT_HOP_BY_HOP : adj1->lookup_next_index;
+ adj_index1 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj1->lookup_next_index;
vnet_buffer (p0)->ip.flow_hash =
vnet_buffer(p1)->ip.flow_hash = 0;
ip0 = vlib_buffer_get_current (p0);
- if (is_indirect)
+ if (PREDICT_FALSE(is_indirect))
{
ip_adjacency_t * iadj0;
iadj0 = ip_get_adjacency (lm, vnet_buffer(p0)->ip.adj_index[VLIB_TX]);
/* Only process the HBH Option Header if explicitly configured to do so */
next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled &&
- adj_index0 ? IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
+ adj_index0 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
vnet_buffer (p0)->ip.flow_hash = 0;
/* Built-in ip6 unicast rx feature path definition */
VNET_IP6_UNICAST_FEATURE_INIT (ip6_inacl, static) = {
.node_name = "ip6-inacl",
- .runs_before = {"ipsec-input-ip6", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip6-policer-classify", 0},
.feature_index = &ip6_main.ip6_unicast_rx_feature_check_access,
};
+VNET_IP6_UNICAST_FEATURE_INIT (ip6_policer_classify, static) = {
+ .node_name = "ip6-policer-classify",
+ .runs_before = ORDER_CONSTRAINTS {"ipsec-input-ip6", 0},
+ .feature_index = &ip6_main.ip6_unicast_rx_feature_policer_classify,
+};
+
VNET_IP6_UNICAST_FEATURE_INIT (ip6_ipsec, static) = {
.node_name = "ipsec-input-ip6",
- .runs_before = {"l2tp-decap", 0},
+ .runs_before = ORDER_CONSTRAINTS {"l2tp-decap", 0},
.feature_index = &ip6_main.ip6_unicast_rx_feature_ipsec,
};
VNET_IP6_UNICAST_FEATURE_INIT (ip6_l2tp, static) = {
.node_name = "l2tp-decap",
- .runs_before = {"vpath-input-ip6", 0},
+ .runs_before = ORDER_CONSTRAINTS {"vpath-input-ip6", 0},
.feature_index = &ip6_main.ip6_unicast_rx_feature_l2tp_decap,
};
VNET_IP6_UNICAST_FEATURE_INIT (ip6_vpath, static) = {
.node_name = "vpath-input-ip6",
- .runs_before = {"ip6-lookup", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip6-lookup", 0},
.feature_index = &ip6_main.ip6_unicast_rx_feature_vpath,
};
VNET_IP6_UNICAST_FEATURE_INIT (ip6_lookup, static) = {
.node_name = "ip6-lookup",
- .runs_before = {0}, /* not before any other features */
+ .runs_before = 0, /* not before any other features */
.feature_index = &ip6_main.ip6_unicast_rx_feature_lookup,
};
/* Built-in ip6 multicast rx feature path definition (none now) */
-VNET_IP6_MULTICAST_FEATURE_INIT (ip4_vpath_mc, static) = {
+VNET_IP6_MULTICAST_FEATURE_INIT (ip6_vpath_mc, static) = {
.node_name = "vpath-input-ip6",
- .runs_before = {"ip6-lookup", 0},
+ .runs_before = ORDER_CONSTRAINTS {"ip6-lookup", 0},
.feature_index = &ip6_main.ip6_multicast_rx_feature_vpath,
};
VNET_IP6_MULTICAST_FEATURE_INIT (ip6_lookup, static) = {
.node_name = "ip6-lookup",
- .runs_before = {0}, /* not before any other features */
+ .runs_before = 0, /* not before any other features */
.feature_index = &ip6_main.ip6_multicast_rx_feature_lookup,
};
-static char * feature_start_nodes[] =
+static char * rx_feature_start_nodes[] =
{"ip6-input"};
+static char * tx_feature_start_nodes[] =
+ {"ip6-rewrite"};
+
+/* Built-in ip4 tx feature path definition */
+VNET_IP6_TX_FEATURE_INIT (interface_output, static) = {
+ .node_name = "interface-output",
+ .runs_before = 0, /* not before any other features */
+ .feature_index = &ip6_main.ip6_tx_feature_interface_output,
+};
+
static clib_error_t *
ip6_feature_init (vlib_main_t * vm, ip6_main_t * im)
{
ip_lookup_main_t * lm = &im->lookup_main;
clib_error_t * error;
vnet_cast_t cast;
+ ip_config_main_t * cm;
+ vnet_config_main_t * vcm;
+ char **feature_start_nodes;
+ int feature_start_len;
- for (cast = 0; cast < VNET_N_CAST; cast++)
+ for (cast = 0; cast < VNET_N_IP_FEAT; cast++)
{
- ip_config_main_t * cm = &lm->rx_config_mains[cast];
- vnet_config_main_t * vcm = &cm->config_main;
+ cm = &lm->feature_config_mains[cast];
+ vcm = &cm->config_main;
+ if (cast < VNET_IP_TX_FEAT)
+ {
+ feature_start_nodes = rx_feature_start_nodes;
+ feature_start_len = ARRAY_LEN(rx_feature_start_nodes);
+ }
+ else
+ {
+ feature_start_nodes = tx_feature_start_nodes;
+ feature_start_len = ARRAY_LEN(tx_feature_start_nodes);
+ }
+
if ((error = ip_feature_init_cast (vm, cm, vcm,
feature_start_nodes,
- ARRAY_LEN(feature_start_nodes),
+ feature_start_len,
cast,
0 /* is_ip4 */)))
return error;
u32 ci, cast;
u32 feature_index;
- for (cast = 0; cast < VNET_N_CAST; cast++)
+ for (cast = 0; cast < VNET_N_IP_FEAT; cast++)
{
- ip_config_main_t * cm = &lm->rx_config_mains[cast];
+ ip_config_main_t * cm = &lm->feature_config_mains[cast];
vnet_config_main_t * vcm = &cm->config_main;
vec_validate_init_empty (cm->config_index_by_sw_if_index, sw_if_index, ~0);
ci = cm->config_index_by_sw_if_index[sw_if_index];
- if (cast == VNET_UNICAST)
+ if (cast == VNET_IP_RX_UNICAST_FEAT)
feature_index = im->ip6_unicast_rx_feature_lookup;
- else
+ else if (cast == VNET_IP_RX_MULTICAST_FEAT)
feature_index = im->ip6_multicast_rx_feature_lookup;
+ else
+ feature_index = im->ip6_tx_feature_interface_output;
if (is_add)
ci = vnet_config_add_feature (vm, vcm,
/* # bytes of config data */ 0);
cm->config_index_by_sw_if_index[sw_if_index] = ci;
+ /*
+ * note: do not update the tx feature count here.
+ */
}
return /* no error */ 0;
}
.next_nodes = IP6_LOOKUP_NEXT_NODES,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup);
static uword
ip6_indirect (vlib_main_t * vm,
.n_next_nodes = 0,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_indirect_node, ip6_indirect)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_indirect_node, ip6_indirect);
typedef struct {
/* Adjacency taken. */
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop);
VLIB_REGISTER_NODE (ip6_punt_node,static) = {
.function = ip6_punt,
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt);
VLIB_REGISTER_NODE (ip6_miss_node,static) = {
.function = ip6_miss,
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_miss_node, ip6_miss)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_miss_node, ip6_miss);
VLIB_REGISTER_NODE (ip6_multicast_node,static) = {
.function = ip6_drop,
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local);
void ip6_register_protocol (u32 protocol, u32 node_index)
{
typedef enum {
IP6_REWRITE_NEXT_DROP,
+ IP6_REWRITE_NEXT_ICMP_ERROR,
} ip6_rewrite_next_t;
always_inline uword
u32 n_left_from, n_left_to_next, * to_next, next_index;
vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip6_input_node.index);
vlib_rx_or_tx_t adj_rx_tx = rewrite_for_locally_received_packets ? VLIB_RX : VLIB_TX;
+ ip_config_main_t * cm = &lm->feature_config_mains[VNET_IP_TX_FEAT];
n_left_from = frame->n_vectors;
next_index = node->cached_next_index;
ip6_header_t * ip0, * ip1;
u32 pi0, rw_len0, next0, error0, adj_index0;
u32 pi1, rw_len1, next1, error1, adj_index1;
+ u32 tx_sw_if_index0, tx_sw_if_index1;
/* Prefetch next iteration. */
{
ip1 = vlib_buffer_get_current (p1);
error0 = error1 = IP6_ERROR_NONE;
+ next0 = next1 = IP6_REWRITE_NEXT_DROP;
if (! rewrite_for_locally_received_packets)
{
ip0->hop_limit = hop_limit0;
ip1->hop_limit = hop_limit1;
- error0 = hop_limit0 <= 0 ? IP6_ERROR_TIME_EXPIRED : error0;
- error1 = hop_limit1 <= 0 ? IP6_ERROR_TIME_EXPIRED : error1;
+ /*
+ * If the hop count drops below 1 when forwarding, generate
+ * an ICMP response.
+ */
+ if (PREDICT_FALSE(hop_limit0 <= 0))
+ {
+ error0 = IP6_ERROR_TIME_EXPIRED;
+ next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp6_error_set_vnet_buffer(p0, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
+ if (PREDICT_FALSE(hop_limit1 <= 0))
+ {
+ error1 = IP6_ERROR_TIME_EXPIRED;
+ next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp6_error_set_vnet_buffer(p1, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
}
adj0 = ip_get_adjacency (lm, adj_index0);
? IP6_ERROR_MTU_EXCEEDED
: error1);
- p0->current_data -= rw_len0;
- p1->current_data -= rw_len1;
+ /* Don't adjust the buffer for hop count issue; icmp-error node
+ * wants to see the IP headerr */
+ if (PREDICT_TRUE(error0 == IP6_ERROR_NONE))
+ {
+ p0->current_data -= rw_len0;
+ p0->current_length += rw_len0;
- p0->current_length += rw_len0;
- p1->current_length += rw_len1;
+ tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] =
+ tx_sw_if_index0;
- vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index;
- vnet_buffer (p1)->sw_if_index[VLIB_TX] = adj1[0].rewrite_header.sw_if_index;
-
- next0 = (error0 == IP6_ERROR_NONE) ?
- adj0[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP;
- next1 = (error1 == IP6_ERROR_NONE) ?
- adj1[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP;
+ if (PREDICT_FALSE
+ (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features,
+ tx_sw_if_index0)))
+ {
+ p0->current_config_index =
+ vec_elt (cm->config_index_by_sw_if_index,
+ tx_sw_if_index0);
+ vnet_get_config_data (&cm->config_main,
+ &p0->current_config_index,
+ &next0,
+ /* # bytes of config data */ 0);
+ }
+ }
+ if (PREDICT_TRUE(error1 == IP6_ERROR_NONE))
+ {
+ p1->current_data -= rw_len1;
+ p1->current_length += rw_len1;
+
+ tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
+ vnet_buffer (p1)->sw_if_index[VLIB_TX] =
+ tx_sw_if_index1;
+
+ if (PREDICT_FALSE
+ (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features,
+ tx_sw_if_index1)))
+ {
+ p1->current_config_index =
+ vec_elt (cm->config_index_by_sw_if_index,
+ tx_sw_if_index1);
+ vnet_get_config_data (&cm->config_main,
+ &p1->current_config_index,
+ &next1,
+ /* # bytes of config data */ 0);
+ }
+ }
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip6_header_t * ip0;
u32 pi0, rw_len0;
u32 adj_index0, next0, error0;
+ u32 tx_sw_if_index0;
pi0 = to_next[0] = from[0];
ip0 = vlib_buffer_get_current (p0);
error0 = IP6_ERROR_NONE;
+ next0 = IP6_REWRITE_NEXT_DROP;
/* Check hop limit */
if (! rewrite_for_locally_received_packets)
ip0->hop_limit = hop_limit0;
- error0 = hop_limit0 <= 0 ? IP6_ERROR_TIME_EXPIRED : error0;
+ if (PREDICT_FALSE(hop_limit0 <= 0))
+ {
+ /*
+ * If the hop count drops below 1 when forwarding, generate
+ * an ICMP response.
+ */
+ error0 = IP6_ERROR_TIME_EXPIRED;
+ next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp6_error_set_vnet_buffer(p0, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
}
if (rewrite_for_locally_received_packets)
? IP6_ERROR_MTU_EXCEEDED
: error0);
- p0->current_data -= rw_len0;
- p0->current_length += rw_len0;
- vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index;
-
- next0 = (error0 == IP6_ERROR_NONE) ?
- adj0[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP;
+ /* Don't adjust the buffer for hop count issue; icmp-error node
+ * wants to see the IP headerr */
+ if (PREDICT_TRUE(error0 == IP6_ERROR_NONE))
+ {
+ p0->current_data -= rw_len0;
+ p0->current_length += rw_len0;
+
+ tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
+
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
+ next0 = adj0[0].rewrite_header.next_index;
+
+ if (PREDICT_FALSE
+ (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features,
+ tx_sw_if_index0)))
+ {
+ p0->current_config_index =
+ vec_elt (cm->config_index_by_sw_if_index,
+ tx_sw_if_index0);
+ vnet_get_config_data (&cm->config_main,
+ &p0->current_config_index,
+ &next0,
+ /* # bytes of config data */ 0);
+ }
+ }
p0->error = error_node->errors[error0];
.format_trace = format_ip6_rewrite_trace,
- .n_next_nodes = 1,
+ .n_next_nodes = 2,
.next_nodes = {
[IP6_REWRITE_NEXT_DROP] = "error-drop",
+ [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
},
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite_transit)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite_transit);
VLIB_REGISTER_NODE (ip6_rewrite_local_node) = {
.function = ip6_rewrite_local,
.n_next_nodes = 0,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_local_node, ip6_rewrite_local)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_local_node, ip6_rewrite_local);
/*
* Hop-by-Hop handling
return s;
}
+always_inline u8 ip6_scan_hbh_options (
+ vlib_buffer_t * b0,
+ ip6_header_t *ip0,
+ ip6_hop_by_hop_header_t *hbh0,
+ ip6_hop_by_hop_option_t *opt0,
+ ip6_hop_by_hop_option_t *limit0,
+ u32 *next0)
+{
+ ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
+ u8 type0;
+ u8 error0 = 0;
+
+ while (opt0 < limit0)
+ {
+ type0 = opt0->type;
+ switch (type0)
+ {
+ case 0: /* Pad1 */
+ opt0 = (ip6_hop_by_hop_option_t *) ((u8 *)opt0) + 1;
+ continue;
+ case 1: /* PadN */
+ break;
+ default:
+ if (hm->options[type0])
+ {
+ if ((*hm->options[type0])(b0, ip0, opt0) < 0)
+ {
+ error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
+ return(error0);
+ }
+ }
+ else
+ {
+ /* Unrecognized mandatory option, check the two high order bits */
+ switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
+ {
+ case HBH_OPTION_TYPE_SKIP_UNKNOWN:
+ break;
+ case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
+ error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
+ *next0 = IP_LOOKUP_NEXT_DROP;
+ break;
+ case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
+ error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
+ *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
+ icmp6_error_set_vnet_buffer(b0, ICMP6_parameter_problem,
+ ICMP6_parameter_problem_unrecognized_option, (u8 *)opt0 - (u8 *)ip0);
+ break;
+ case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
+ error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
+ if (!ip6_address_is_multicast(&ip0->dst_address))
+ {
+ *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
+ icmp6_error_set_vnet_buffer(b0, ICMP6_parameter_problem,
+ ICMP6_parameter_problem_unrecognized_option, (u8 *)opt0 - (u8 *)ip0);
+ }
+ else
+ {
+ *next0 = IP_LOOKUP_NEXT_DROP;
+ }
+ break;
+ }
+ return(error0);
+ }
+ }
+ opt0 = (ip6_hop_by_hop_option_t *) (((u8 *)opt0) + opt0->length + sizeof (ip6_hop_by_hop_option_t));
+ }
+ return(error0);
+}
+
/*
* Process the Hop-by-Hop Options header
*/
vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
+ while (n_left_from >= 4 && n_left_to_next >= 2) {
+ u32 bi0, bi1;
+ vlib_buffer_t * b0, *b1;
+ u32 next0, next1;
+ ip6_header_t * ip0, *ip1;
+ ip6_hop_by_hop_header_t *hbh0, *hbh1;
+ ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
+ u8 error0 = 0, error1 = 0;
+
+ /* Prefetch next iteration. */
+ {
+ vlib_buffer_t * p2, * p3;
+
+ p2 = vlib_get_buffer (vm, from[2]);
+ p3 = vlib_get_buffer (vm, from[3]);
+
+ vlib_prefetch_buffer_header (p2, LOAD);
+ vlib_prefetch_buffer_header (p3, LOAD);
+
+ CLIB_PREFETCH (p2->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
+ CLIB_PREFETCH (p3->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
+ }
+
+ /* Speculatively enqueue b0, b1 to the current next frame */
+ to_next[0] = bi0 = from[0];
+ to_next[1] = bi1 = from[1];
+ from += 2;
+ to_next += 2;
+ n_left_from -= 2;
+ n_left_to_next -= 2;
+
+ b0 = vlib_get_buffer (vm, bi0);
+ b1 = vlib_get_buffer (vm, bi1);
+ u32 adj_index0 = vnet_buffer(b0)->ip.adj_index[VLIB_TX];
+ ip_adjacency_t *adj0 = ip_get_adjacency(lm, adj_index0);
+ u32 adj_index1 = vnet_buffer(b1)->ip.adj_index[VLIB_TX];
+ ip_adjacency_t *adj1 = ip_get_adjacency(lm, adj_index1);
+
+ /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
+ next0 = adj0->lookup_next_index;
+ next1 = adj1->lookup_next_index;
+
+ ip0 = vlib_buffer_get_current (b0);
+ ip1 = vlib_buffer_get_current (b1);
+ hbh0 = (ip6_hop_by_hop_header_t *)(ip0+1);
+ hbh1 = (ip6_hop_by_hop_header_t *)(ip1+1);
+ opt0 = (ip6_hop_by_hop_option_t *)(hbh0+1);
+ opt1 = (ip6_hop_by_hop_option_t *)(hbh1+1);
+ limit0 = (ip6_hop_by_hop_option_t *)((u8 *)hbh0 + ((hbh0->length + 1) << 3));
+ limit1 = (ip6_hop_by_hop_option_t *)((u8 *)hbh1 + ((hbh1->length + 1) << 3));
+
+ /*
+ * Basic validity checks
+ */
+ if ((hbh0->length + 1) << 3 > clib_net_to_host_u16(ip0->payload_length)) {
+ error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
+ next0 = IP_LOOKUP_NEXT_DROP;
+ goto outdual;
+ }
+ /* Scan the set of h-b-h options, process ones that we understand */
+ error0 = ip6_scan_hbh_options(b0, ip0, hbh0, opt0, limit0, &next0);
+
+ if ((hbh1->length + 1) << 3 > clib_net_to_host_u16(ip1->payload_length)) {
+ error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
+ next1 = IP_LOOKUP_NEXT_DROP;
+ goto outdual;
+ }
+ /* Scan the set of h-b-h options, process ones that we understand */
+ error1 = ip6_scan_hbh_options(b1,ip1,hbh1,opt1,limit1, &next1);
+
+ outdual:
+ /* Has the classifier flagged this buffer for special treatment? */
+ if ((error0 == 0) && (vnet_buffer(b0)->l2_classify.opaque_index == OI_DECAP))
+ next0 = hm->next_override;
+
+ /* Has the classifier flagged this buffer for special treatment? */
+ if ((error1 == 0) && (vnet_buffer(b1)->l2_classify.opaque_index == OI_DECAP))
+ next1 = hm->next_override;
+
+ if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)))
+ {
+ if (b0->flags & VLIB_BUFFER_IS_TRACED) {
+ ip6_hop_by_hop_trace_t *t = vlib_add_trace(vm, node, b0, sizeof (*t));
+ u32 trace_len = (hbh0->length + 1) << 3;
+ t->next_index = next0;
+ /* Capture the h-b-h option verbatim */
+ trace_len = trace_len < ARRAY_LEN(t->option_data) ? trace_len : ARRAY_LEN(t->option_data);
+ t->trace_len = trace_len;
+ clib_memcpy(t->option_data, hbh0, trace_len);
+ }
+ if (b1->flags & VLIB_BUFFER_IS_TRACED) {
+ ip6_hop_by_hop_trace_t *t = vlib_add_trace(vm, node, b1, sizeof (*t));
+ u32 trace_len = (hbh1->length + 1) << 3;
+ t->next_index = next1;
+ /* Capture the h-b-h option verbatim */
+ trace_len = trace_len < ARRAY_LEN(t->option_data) ? trace_len : ARRAY_LEN(t->option_data);
+ t->trace_len = trace_len;
+ clib_memcpy(t->option_data, hbh1, trace_len);
+ }
+
+ }
+
+ b0->error = error_node->errors[error0];
+ b1->error = error_node->errors[error1];
+
+ /* verify speculative enqueue, maybe switch current next frame */
+ vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next, n_left_to_next, bi0,
+ bi1,next0, next1);
+ }
+
while (n_left_from > 0 && n_left_to_next > 0) {
u32 bi0;
vlib_buffer_t * b0;
ip6_header_t * ip0;
ip6_hop_by_hop_header_t *hbh0;
ip6_hop_by_hop_option_t *opt0, *limit0;
- u8 type0;
u8 error0 = 0;
/* Speculatively enqueue b0 to the current next frame */
}
/* Scan the set of h-b-h options, process ones that we understand */
- while (opt0 < limit0) {
- type0 = opt0->type;
- switch (type0) {
- case 0: /* Pad1 */
- opt0 = (ip6_hop_by_hop_option_t *) ((u8 *)opt0) + 1;
- continue;
- case 1: /* PadN */
- break;
- default:
- if (hm->options[type0]) {
- if ((*hm->options[type0])(b0, ip0, opt0) < 0) {
- error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
- goto out0;
- }
- } else {
- /* Unrecognized mandatory option, check the two high order bits */
- switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS) {
- case HBH_OPTION_TYPE_SKIP_UNKNOWN:
- break;
- case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
- next0 = IP_LOOKUP_NEXT_DROP;
- break;
- case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
- next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
- icmp6_error_set_vnet_buffer(b0, ICMP6_parameter_problem,
- ICMP6_parameter_problem_unrecognized_option, (u8 *)opt0 - (u8 *)ip0);
- break;
- case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
- if (!ip6_address_is_multicast(&ip0->dst_address)) {
- next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
- icmp6_error_set_vnet_buffer(b0, ICMP6_parameter_problem,
- ICMP6_parameter_problem_unrecognized_option, (u8 *)opt0 - (u8 *)ip0);
- } else {
- next0 = IP_LOOKUP_NEXT_DROP;
- }
- break;
- }
- error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
- goto out0;
- }
- }
- opt0 = (ip6_hop_by_hop_option_t *) (((u8 *)opt0) + opt0->length + sizeof (ip6_hop_by_hop_option_t));
- }
+ error0 = ip6_scan_hbh_options(b0, ip0, hbh0, opt0, limit0, &next0);
out0:
/* Has the classifier flagged this buffer for special treatment? */
if ((error0 == 0) && (vnet_buffer(b0)->l2_classify.opaque_index == OI_DECAP))
- next0 = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
+ next0 = hm->next_override;
if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED)) {
ip6_hop_by_hop_trace_t *t = vlib_add_trace(vm, node, b0, sizeof (*t));
.n_next_nodes = 0,
};
-VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop)
+VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop);
static clib_error_t *
ip6_hop_by_hop_init (vlib_main_t * vm)
ip6_hop_by_hop_main_t * hm = &ip6_hop_by_hop_main;
memset(hm->options, 0, sizeof(hm->options));
memset(hm->trace, 0, sizeof(hm->trace));
-
+ hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
return (0);
}
VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
+void ip6_hbh_set_next_override (uword next)
+{
+ ip6_hop_by_hop_main_t * hm = &ip6_hop_by_hop_main;
+
+ hm->next_override = next;
+}
+
int
ip6_hbh_register_option (u8 option,
int options(vlib_buffer_t *b, ip6_header_t *ip, ip6_hop_by_hop_option_t *opt),
VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
+#define TEST_CODE 1
+#if TEST_CODE > 0
+
+static clib_error_t *
+set_interface_ip6_output_feature_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ vnet_main_t * vnm = vnet_get_main();
+ u32 sw_if_index = ~0;
+ int is_add = 1;
+ ip6_main_t * im = &ip6_main;
+ ip_lookup_main_t * lm = &im->lookup_main;
+
+ while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
+ ;
+ else if (unformat (input, "del"))
+ is_add = 0;
+ else
+ break;
+ }
+
+ if (sw_if_index == ~0)
+ return clib_error_return (0, "unknown interface `%U'",
+ format_unformat_error, input);
+
+ lm->tx_sw_if_has_ip_output_features =
+ clib_bitmap_set (lm->tx_sw_if_has_ip_output_features, sw_if_index, is_add);
+
+ return 0;
+}
+
+VLIB_CLI_COMMAND (set_interface_ip6_output_feature, static) = {
+ .path = "set interface ip6 output feature",
+ .function = set_interface_ip6_output_feature_command_fn,
+ .short_help = "set interface output feature <intfc>",
+};
+#endif /* TEST_CODE */