}
}
+u32
+ip6_route_get_next_hop_adj (ip6_main_t * im,
+ u32 fib_index,
+ ip6_address_t *next_hop,
+ u32 next_hop_sw_if_index,
+ u32 explicit_fib_index)
+{
+ ip_lookup_main_t * lm = &im->lookup_main;
+ vnet_main_t * vnm = vnet_get_main();
+ int is_interface_next_hop;
+ uword * nh_result;
+ u32 nh_adj_index;
+ ip6_fib_t * fib;
+
+ fib = vec_elt_at_index (im->fibs, fib_index);
+
+ is_interface_next_hop = ip6_address_is_zero (next_hop);
+
+ if (is_interface_next_hop)
+ {
+ nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index,
+ next_hop_sw_if_index);
+ if (nh_result)
+ nh_adj_index = *nh_result;
+ else
+ {
+ ip_adjacency_t * adj;
+ adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
+ &nh_adj_index);
+ ip6_adjacency_set_interface_route (vnm, adj,
+ next_hop_sw_if_index, ~0);
+ ip_call_add_del_adjacency_callbacks
+ (lm, next_hop_sw_if_index, /* is_del */ 0);
+ hash_set (im->interface_route_adj_index_by_sw_if_index,
+ next_hop_sw_if_index, nh_adj_index);
+ }
+ }
+ else if (next_hop_sw_if_index == ~0)
+ {
+ /* next-hop is recursive. we always need a indirect adj
+ * for recursive paths. Any LPM we perform now will give
+ * us a valid adj, but without tracking the next-hop we
+ * have no way to keep it valid.
+ */
+ ip_adjacency_t add_adj;
+ memset (&add_adj, 0, sizeof(add_adj));
+ add_adj.n_adj = 1;
+ add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
+ add_adj.indirect.next_hop.ip6.as_u64[0] = next_hop->as_u64[0];
+ add_adj.indirect.next_hop.ip6.as_u64[1] = next_hop->as_u64[1];
+ add_adj.explicit_fib_index = explicit_fib_index;
+ ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
+ }
+ else
+ {
+ BVT(clib_bihash_kv) kv, value;
+
+ /* Look for the interface /128 route */
+ kv.key[0] = next_hop->as_u64[0];
+ kv.key[1] = next_hop->as_u64[1];
+ kv.key[2] = ((u64)((fib - im->fibs))<<32) | 128;
+after_nd:
+ if (BV(clib_bihash_search)(&im->ip6_lookup_table, &kv, &value) < 0)
+ {
+ ip_adjacency_t * adj;
+ nh_adj_index = ip6_fib_lookup_with_table (im, fib_index, next_hop);
+ adj = ip_get_adjacency (lm, nh_adj_index);
+ /* if ND interface adjacencty is present, we need to
+ install ND adjaceny for specific next hop */
+ if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
+ adj->arp.next_hop.ip6.as_u64[0] == 0 &&
+ adj->arp.next_hop.ip6.as_u64[1] == 0)
+ {
+ nh_adj_index = vnet_ip6_neighbor_glean_add(fib_index, next_hop);
+ }
+ else if (next_hop->as_u8[0] == 0xfe)
+ {
+ //Next hop is link-local. No indirect in this case.
+ //Let's add it as a possible neighbor on this interface
+ ip6_address_t null_addr= {};
+ ip6_add_del_route_next_hop (im, IP6_ROUTE_FLAG_ADD,
+ next_hop, 128,
+ &null_addr, next_hop_sw_if_index,
+ 1, ~0, fib_index);
+ goto after_nd;
+ }
+ }
+ else
+ {
+ nh_adj_index = value.value;
+ }
+ }
+
+ return (nh_adj_index);
+}
+
void
ip6_add_del_route_next_hop (ip6_main_t * im,
u32 flags,
ip_adjacency_t * dst_adj;
ip_multipath_adjacency_t * old_mp, * new_mp;
int is_del = (flags & IP6_ROUTE_FLAG_DEL) != 0;
- int is_interface_next_hop;
clib_error_t * error = 0;
- uword * nh_result;
BVT(clib_bihash_kv) kv, value;
vlib_smp_unsafe_warning();
fib = vec_elt_at_index (im->fibs, fib_index);
/* Lookup next hop to be added or deleted. */
- is_interface_next_hop = ip6_address_is_zero (next_hop);
if (adj_index == (u32)~0)
{
- if (is_interface_next_hop)
- {
- nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index,
- next_hop_sw_if_index);
- if (nh_result)
- nh_adj_index = *nh_result;
- else
- {
- ip_adjacency_t * adj;
- adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1,
- &nh_adj_index);
- ip6_adjacency_set_interface_route (vnm, adj,
- next_hop_sw_if_index, ~0);
- ip_call_add_del_adjacency_callbacks
- (lm, nh_adj_index, /* is_del */ 0);
- hash_set (im->interface_route_adj_index_by_sw_if_index,
- next_hop_sw_if_index, nh_adj_index);
- }
- }
- else
- {
- /* Look for the interface /128 route */
- kv.key[0] = next_hop->as_u64[0];
- kv.key[1] = next_hop->as_u64[1];
- kv.key[2] = ((u64)((fib - im->fibs))<<32) | 128;
-
- if (BV(clib_bihash_search)(&im->ip6_lookup_table, &kv, &value) < 0)
- {
- ip_adjacency_t * adj;
- nh_adj_index = ip6_fib_lookup_with_table (im, fib_index, next_hop);
- adj = ip_get_adjacency (lm, nh_adj_index);
- /* if ND interface adjacencty is present, we need to
- install ND adjaceny for specific next hop */
- if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP &&
- adj->arp.next_hop.ip6.as_u64[0] == 0 &&
- adj->arp.next_hop.ip6.as_u64[1] == 0)
- {
- nh_adj_index = vnet_ip6_neighbor_glean_add(fib_index, next_hop);
- }
- else
- {
- ip_adjacency_t add_adj;
- memset (&add_adj, 0, sizeof(add_adj));
- add_adj.n_adj = 1;
- add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT;
- add_adj.indirect.next_hop.ip6.as_u64[0] = next_hop->as_u64[0];
- add_adj.indirect.next_hop.ip6.as_u64[1] = next_hop->as_u64[1];
- add_adj.explicit_fib_index = explicit_fib_index;
- ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index);
- }
- }
- else
- nh_adj_index = value.value;
-
- }
+ nh_adj_index = ip6_route_get_next_hop_adj(im, fib_index,
+ next_hop,
+ next_hop_sw_if_index,
+ explicit_fib_index);
}
else
{
to existing non-multipath adjacency */
if (dst_adj_index == ~0 && next_hop_weight == 1 && next_hop_sw_if_index == ~0)
{
- /* create new adjacency */
+ /* create / delete additional mapping of existing adjacency */
ip6_add_del_route_args_t a;
+ ip_adjacency_t * nh_adj = ip_get_adjacency (lm, nh_adj_index);
+
a.table_index_or_table_id = fib_index;
a.flags = ((is_del ? IP6_ROUTE_FLAG_DEL : IP6_ROUTE_FLAG_ADD)
| IP6_ROUTE_FLAG_FIB_INDEX
a.n_add_adj = 0;
ip6_add_del_route (im, &a);
+ /* adjust share count. This cannot be the only use of the adjacency */
+ nh_adj->share_count += is_del ? -1 : 1;
+
goto done;
}
if (old_mp != new_mp)
{
ip6_add_del_route_args_t a;
+ ip_adjacency_t * adj;
+
a.table_index_or_table_id = fib_index;
a.flags = ((is_del ? IP6_ROUTE_FLAG_DEL : IP6_ROUTE_FLAG_ADD)
| IP6_ROUTE_FLAG_FIB_INDEX
a.n_add_adj = 0;
ip6_add_del_route (im, &a);
+
+ adj = ip_get_adjacency (lm, new_mp ? new_mp->adj_index : dst_adj_index);
+ if (adj->n_adj == 1)
+ adj->share_count += is_del ? -1 : 1;
}
done:
/* Only process the HBH Option Header if explicitly configured to do so */
next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled &&
- adj_index0 ? IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
+ adj_index0 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
next1 = (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled &&
- adj_index1 ? IP6_LOOKUP_NEXT_HOP_BY_HOP : adj1->lookup_next_index;
+ adj_index1 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj1->lookup_next_index;
vnet_buffer (p0)->ip.flow_hash =
vnet_buffer(p1)->ip.flow_hash = 0;
/* Only process the HBH Option Header if explicitly configured to do so */
next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled &&
- adj_index0 ? IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
+ adj_index0 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index;
vnet_buffer (p0)->ip.flow_hash = 0;
typedef enum {
IP6_REWRITE_NEXT_DROP,
+ IP6_REWRITE_NEXT_ICMP_ERROR,
} ip6_rewrite_next_t;
always_inline uword
ip1 = vlib_buffer_get_current (p1);
error0 = error1 = IP6_ERROR_NONE;
+ next0 = next1 = IP6_REWRITE_NEXT_DROP;
if (! rewrite_for_locally_received_packets)
{
ip0->hop_limit = hop_limit0;
ip1->hop_limit = hop_limit1;
- error0 = hop_limit0 <= 0 ? IP6_ERROR_TIME_EXPIRED : error0;
- error1 = hop_limit1 <= 0 ? IP6_ERROR_TIME_EXPIRED : error1;
+ /*
+ * If the hop count drops below 1 when forwarding, generate
+ * an ICMP response.
+ */
+ if (PREDICT_FALSE(hop_limit0 <= 0))
+ {
+ error0 = IP6_ERROR_TIME_EXPIRED;
+ next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp6_error_set_vnet_buffer(p0, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
+ if (PREDICT_FALSE(hop_limit1 <= 0))
+ {
+ error1 = IP6_ERROR_TIME_EXPIRED;
+ next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp6_error_set_vnet_buffer(p1, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
}
adj0 = ip_get_adjacency (lm, adj_index0);
? IP6_ERROR_MTU_EXCEEDED
: error1);
- p0->current_data -= rw_len0;
- p1->current_data -= rw_len1;
+ /* Don't adjust the buffer for hop count issue; icmp-error node
+ * wants to see the IP headerr */
+ if (PREDICT_TRUE(error0 == IP6_ERROR_NONE))
+ {
+ p0->current_data -= rw_len0;
+ p0->current_length += rw_len0;
- p0->current_length += rw_len0;
- p1->current_length += rw_len1;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] =
+ adj0[0].rewrite_header.sw_if_index;
+ next0 = adj0[0].rewrite_header.next_index;
+ }
+ if (PREDICT_TRUE(error1 == IP6_ERROR_NONE))
+ {
+ p1->current_data -= rw_len1;
+ p1->current_length += rw_len1;
- vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index;
- vnet_buffer (p1)->sw_if_index[VLIB_TX] = adj1[0].rewrite_header.sw_if_index;
-
- next0 = (error0 == IP6_ERROR_NONE) ?
- adj0[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP;
- next1 = (error1 == IP6_ERROR_NONE) ?
- adj1[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP;
+ vnet_buffer (p1)->sw_if_index[VLIB_TX] =
+ adj1[0].rewrite_header.sw_if_index;
+ next1 = adj1[0].rewrite_header.next_index;
+ }
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip0 = vlib_buffer_get_current (p0);
error0 = IP6_ERROR_NONE;
+ next0 = IP6_REWRITE_NEXT_DROP;
/* Check hop limit */
if (! rewrite_for_locally_received_packets)
ip0->hop_limit = hop_limit0;
- error0 = hop_limit0 <= 0 ? IP6_ERROR_TIME_EXPIRED : error0;
+ if (PREDICT_FALSE(hop_limit0 <= 0))
+ {
+ /*
+ * If the hop count drops below 1 when forwarding, generate
+ * an ICMP response.
+ */
+ error0 = IP6_ERROR_TIME_EXPIRED;
+ next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0;
+ icmp6_error_set_vnet_buffer(p0, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit, 0);
+ }
}
if (rewrite_for_locally_received_packets)
? IP6_ERROR_MTU_EXCEEDED
: error0);
- p0->current_data -= rw_len0;
- p0->current_length += rw_len0;
- vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index;
-
- next0 = (error0 == IP6_ERROR_NONE) ?
- adj0[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP;
+ /* Don't adjust the buffer for hop count issue; icmp-error node
+ * wants to see the IP headerr */
+ if (PREDICT_TRUE(error0 == IP6_ERROR_NONE))
+ {
+ p0->current_data -= rw_len0;
+ p0->current_length += rw_len0;
+
+ vnet_buffer (p0)->sw_if_index[VLIB_TX] =
+ adj0[0].rewrite_header.sw_if_index;
+ next0 = adj0[0].rewrite_header.next_index;
+ }
p0->error = error_node->errors[error0];
.format_trace = format_ip6_rewrite_trace,
- .n_next_nodes = 1,
+ .n_next_nodes = 2,
.next_nodes = {
[IP6_REWRITE_NEXT_DROP] = "error-drop",
+ [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
},
};