X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fip%2Ficmp6.c;h=b0fdadb2667c852e65e90099f06315dad3c9da49;hb=63c31e0a609bb3fe5cd61b05dac7b790a9282b8d;hp=37deb762d515d78c04284c2f5db523cc311c1c66;hpb=b7b929931a07fbb27b43d5cd105f366c3e29807e;p=vpp.git

diff --git a/src/vnet/ip/icmp6.c b/src/vnet/ip/icmp6.c
index 37deb762d51..b0fdadb2667 100644
--- a/src/vnet/ip/icmp6.c
+++ b/src/vnet/ip/icmp6.c
@@ -40,6 +40,7 @@
 #include <vlib/vlib.h>
 #include <vnet/ip/ip.h>
 #include <vnet/pg/pg.h>
+#include <vnet/ip/ip_sas.h>
 
 static u8 *
 format_ip6_icmp_type_and_code (u8 * s, va_list * args)
@@ -130,7 +131,7 @@ static char *icmp_error_strings[] = {
 
 typedef enum
 {
-  ICMP_INPUT_NEXT_DROP,
+  ICMP_INPUT_NEXT_PUNT,
   ICMP_INPUT_N_NEXT,
 } icmp_input_next_t;
 
@@ -199,7 +200,7 @@ ip6_icmp_input (vlib_main_t * vm,
 
 	  next0 = im->input_next_index_by_type[type0];
 	  error0 =
-	    next0 == ICMP_INPUT_NEXT_DROP ? ICMP6_ERROR_UNKNOWN_TYPE : error0;
+	    next0 == ICMP_INPUT_NEXT_PUNT ? ICMP6_ERROR_UNKNOWN_TYPE : error0;
 
 	  /* Check code is valid for type. */
 	  error0 =
@@ -223,7 +224,7 @@ ip6_icmp_input (vlib_main_t * vm,
 
 	  b0->error = node->errors[error0];
 
-	  next0 = error0 != ICMP6_ERROR_NONE ? ICMP_INPUT_NEXT_DROP : next0;
+	  next0 = error0 != ICMP6_ERROR_NONE ? ICMP_INPUT_NEXT_PUNT : next0;
 
 	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
 					   to_next, n_left_to_next,
@@ -250,7 +251,7 @@ VLIB_REGISTER_NODE (ip6_icmp_input_node) = {
 
   .n_next_nodes = 1,
   .next_nodes = {
-    [ICMP_INPUT_NEXT_DROP] = "ip6-drop",
+    [ICMP_INPUT_NEXT_PUNT] = "ip6-punt",
   },
 };
 /* *INDENT-ON* */
@@ -350,6 +351,9 @@ ip6_icmp_echo_request (vlib_main_t * vm,
 				vnet_buffer (p1)->sw_if_index[VLIB_RX]);
 	  vnet_buffer (p1)->sw_if_index[VLIB_TX] = fib_index1;
 
+	  p0->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
+	  p1->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
+
 	  /* verify speculative enqueues, maybe switch current next frame */
 	  /* if next0==next1==next_index then nothing special needs to be done */
 	  vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
@@ -403,6 +407,7 @@ ip6_icmp_echo_request (vlib_main_t * vm,
 				vnet_buffer (p0)->sw_if_index[VLIB_RX]);
 	  vnet_buffer (p0)->sw_if_index[VLIB_TX] = fib_index0;
 
+	  p0->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
 	  /* Verify speculative enqueue, maybe switch current next frame */
 	  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
 					   to_next, n_left_to_next,
@@ -475,8 +480,6 @@ ip6_icmp_error (vlib_main_t * vm,
   u32 *from, *to_next;
   uword n_left_from, n_left_to_next;
   ip6_icmp_error_next_t next_index;
-  ip6_main_t *im = &ip6_main;
-  ip_lookup_main_t *lm = &im->lookup_main;
 
   from = vlib_frame_vector_args (frame);
   n_left_from = frame->n_vectors;
@@ -493,15 +496,28 @@ ip6_icmp_error (vlib_main_t * vm,
 
       while (n_left_from > 0 && n_left_to_next > 0)
 	{
-	  u32 pi0 = from[0];
+	  /*
+	   * Duplicate first buffer and free the original chain.  Keep
+	   * as much of the original packet as possible, within the
+	   * minimum MTU. We chat "a little" here by keeping whatever
+	   * is available in the first buffer.
+	   */
+
+	  u32 pi0 = ~0;
+	  u32 org_pi0 = from[0];
 	  u32 next0 = IP6_ICMP_ERROR_NEXT_LOOKUP;
 	  u8 error0 = ICMP6_ERROR_NONE;
-	  vlib_buffer_t *p0;
+	  vlib_buffer_t *p0, *org_p0;
 	  ip6_header_t *ip0, *out_ip0;
 	  icmp46_header_t *icmp0;
-	  u32 sw_if_index0, if_add_index0;
+	  u32 sw_if_index0;
 	  int bogus_length;
 
+	  org_p0 = vlib_get_buffer (vm, org_pi0);
+	  p0 = vlib_buffer_copy_no_chain (vm, org_p0, &pi0);
+	  if (!p0 || pi0 == ~0)	/* Out of buffers */
+	    continue;
+
 	  /* Speculatively enqueue p0 to the current next frame */
 	  to_next[0] = pi0;
 	  from += 1;
@@ -509,37 +525,14 @@ ip6_icmp_error (vlib_main_t * vm,
 	  n_left_from -= 1;
 	  n_left_to_next -= 1;
 
-	  p0 = vlib_get_buffer (vm, pi0);
 	  ip0 = vlib_buffer_get_current (p0);
 	  sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
 
-	  /* RFC4443 says to keep as much of the original packet as possible
-	   * within the minimum MTU. We cheat "a little" here by keeping whatever fits
-	   * in the first buffer, to be more efficient */
-	  if (PREDICT_FALSE (p0->total_length_not_including_first_buffer))
-	    {			/* clear current_length of all other buffers in chain */
-	      vlib_buffer_t *b = p0;
-	      p0->total_length_not_including_first_buffer = 0;
-	      while (b->flags & VLIB_BUFFER_NEXT_PRESENT)
-		{
-		  b = vlib_get_buffer (vm, b->next_buffer);
-		  b->current_length = 0;
-		  // XXX: Buffer leak???
-		}
-	    }
-
 	  /* Add IP header and ICMPv6 header including a 4 byte data field */
-	  int headroom = sizeof (ip6_header_t) + sizeof (icmp46_header_t) + 4;
+	  vlib_buffer_advance (p0,
+			       -(sizeof (ip6_header_t) +
+				 sizeof (icmp46_header_t) + 4));
 
-	  /* Verify that we're not falling off the edge */
-	  if (p0->current_data - headroom < -VLIB_BUFFER_PRE_DATA_SIZE)
-	    {
-	      next0 = IP6_ICMP_ERROR_NEXT_DROP;
-	      error0 = ICMP6_ERROR_DROP;
-	      goto error;
-	    }
-
-	  vlib_buffer_advance (p0, -headroom);
 	  vnet_buffer (p0)->sw_if_index[VLIB_TX] = ~0;
 	  p0->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
 	  p0->current_length =
@@ -557,21 +550,12 @@ ip6_icmp_error (vlib_main_t * vm,
 	  out_ip0->protocol = IP_PROTOCOL_ICMP6;
 	  out_ip0->hop_limit = 0xff;
 	  out_ip0->dst_address = ip0->src_address;
-	  if_add_index0 =
-	    lm->if_address_pool_index_by_sw_if_index[sw_if_index0];
-	  if (PREDICT_TRUE (if_add_index0 != ~0))
-	    {
-	      ip_interface_address_t *if_add =
-		pool_elt_at_index (lm->if_address_pool, if_add_index0);
-	      ip6_address_t *if_ip =
-		ip_interface_address_get_address (lm, if_add);
-	      out_ip0->src_address = *if_ip;
-	    }
-	  else			/* interface has no IP6 address - should not happen */
-	    {
+	  /* Prefer a source address from "offending interface" */
+	  if (!ip6_sas_by_sw_if_index (sw_if_index0, &out_ip0->dst_address,
+				       &out_ip0->src_address))
+	    { /* interface has no IP6 address - should not happen */
 	      next0 = IP6_ICMP_ERROR_NEXT_DROP;
 	      error0 = ICMP6_ERROR_DROP;
-	      goto error;
 	    }
 
 	  /* Fill icmp header fields */
@@ -588,7 +572,6 @@ ip6_icmp_error (vlib_main_t * vm,
 	  if (error0 == ICMP6_ERROR_NONE)
 	    error0 = icmp6_icmp_type_to_error (icmp0->type);
 
-	error:
 	  vlib_error_count (vm, node->node_index, error0, 1);
 
 	  /* Verify speculative enqueue, maybe switch current next frame */
@@ -599,6 +582,15 @@ ip6_icmp_error (vlib_main_t * vm,
       vlib_put_next_frame (vm, node, next_index, n_left_to_next);
     }
 
+  /*
+   * push the original buffers to error-drop, so that
+   * they can get the error counters handled, then freed
+   */
+  vlib_buffer_enqueue_to_single_next (vm, node,
+				      vlib_frame_vector_args (frame),
+				      IP6_ICMP_ERROR_NEXT_DROP,
+				      frame->n_vectors);
+
   return frame->n_vectors;
 }
 
@@ -787,7 +779,7 @@ icmp6_init (vlib_main_t * vm)
 #undef _
 
   clib_memset (cm->input_next_index_by_type,
-	       ICMP_INPUT_NEXT_DROP, sizeof (cm->input_next_index_by_type));
+	       ICMP_INPUT_NEXT_PUNT, sizeof (cm->input_next_index_by_type));
   clib_memset (cm->max_valid_code_by_type, 0,
 	       sizeof (cm->max_valid_code_by_type));
 
@@ -819,7 +811,7 @@ icmp6_init (vlib_main_t * vm)
   icmp6_register_type (vm, ICMP6_echo_request,
 		       ip6_icmp_echo_request_node.index);
 
-  return vlib_call_init_function (vm, ip6_neighbor_init);
+  return (NULL);
 }
 
 VLIB_INIT_FUNCTION (icmp6_init);