X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=vnet%2Fvnet%2Fip%2Fip6_forward.c;h=c977960285dfe6257e2b3d6c9aa574d325126aae;hb=60537f3d83e83d0ce10a620ca99aad4eddf85f5e;hp=e57269a0844cf433c396c1de53a851ba3ce39e77;hpb=aca64c9de14225b0077b3fbc76b4dd7447aa6a7a;p=vpp.git diff --git a/vnet/vnet/ip/ip6_forward.c b/vnet/vnet/ip/ip6_forward.c index e57269a0844..c977960285d 100644 --- a/vnet/vnet/ip/ip6_forward.c +++ b/vnet/vnet/ip/ip6_forward.c @@ -189,6 +189,14 @@ find_ip6_fib_by_table_index_or_id (ip6_main_t * im, u32 table_index_or_id, u32 f fib_index = table_index_or_id; if (! (flags & IP6_ROUTE_FLAG_FIB_INDEX)) { + if (table_index_or_id == ~0) { + table_index_or_id = 0; + while (hash_get (im->fib_index_by_table_id, table_index_or_id)) { + table_index_or_id++; + } + return create_fib_with_table_id (im, table_index_or_id); + } + p = hash_get (im->fib_index_by_table_id, table_index_or_id); if (! p) return create_fib_with_table_id (im, table_index_or_id); @@ -271,7 +279,9 @@ void ip6_add_del_route (ip6_main_t * im, ip6_add_del_route_args_t * a) } /* Avoid spurious reference count increments */ - if (old_adj_index == adj_index && !(a->flags & IP6_ROUTE_FLAG_KEEP_OLD_ADJACENCY)) + if (old_adj_index == adj_index + && adj_index != ~0 + && !(a->flags & IP6_ROUTE_FLAG_KEEP_OLD_ADJACENCY)) { ip_adjacency_t * adj = ip_get_adjacency (lm, adj_index); if (adj->share_count > 0) @@ -287,6 +297,102 @@ void ip6_add_del_route (ip6_main_t * im, ip6_add_del_route_args_t * a) } } +u32 +ip6_route_get_next_hop_adj (ip6_main_t * im, + u32 fib_index, + ip6_address_t *next_hop, + u32 next_hop_sw_if_index, + u32 explicit_fib_index) +{ + ip_lookup_main_t * lm = &im->lookup_main; + vnet_main_t * vnm = vnet_get_main(); + int is_interface_next_hop; + uword * nh_result; + u32 nh_adj_index; + ip6_fib_t * fib; + + fib = vec_elt_at_index (im->fibs, fib_index); + + is_interface_next_hop = ip6_address_is_zero (next_hop); + + if (is_interface_next_hop) + { + nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index, + next_hop_sw_if_index); + if (nh_result) + nh_adj_index = *nh_result; + else + { + ip_adjacency_t * adj; + adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1, + &nh_adj_index); + ip6_adjacency_set_interface_route (vnm, adj, + next_hop_sw_if_index, ~0); + ip_call_add_del_adjacency_callbacks + (lm, next_hop_sw_if_index, /* is_del */ 0); + hash_set (im->interface_route_adj_index_by_sw_if_index, + next_hop_sw_if_index, nh_adj_index); + } + } + else if (next_hop_sw_if_index == ~0) + { + /* next-hop is recursive. we always need a indirect adj + * for recursive paths. Any LPM we perform now will give + * us a valid adj, but without tracking the next-hop we + * have no way to keep it valid. + */ + ip_adjacency_t add_adj; + memset (&add_adj, 0, sizeof(add_adj)); + add_adj.n_adj = 1; + add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT; + add_adj.indirect.next_hop.ip6.as_u64[0] = next_hop->as_u64[0]; + add_adj.indirect.next_hop.ip6.as_u64[1] = next_hop->as_u64[1]; + add_adj.explicit_fib_index = explicit_fib_index; + ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index); + } + else + { + BVT(clib_bihash_kv) kv, value; + + /* Look for the interface /128 route */ + kv.key[0] = next_hop->as_u64[0]; + kv.key[1] = next_hop->as_u64[1]; + kv.key[2] = ((u64)((fib - im->fibs))<<32) | 128; +after_nd: + if (BV(clib_bihash_search)(&im->ip6_lookup_table, &kv, &value) < 0) + { + ip_adjacency_t * adj; + nh_adj_index = ip6_fib_lookup_with_table (im, fib_index, next_hop); + adj = ip_get_adjacency (lm, nh_adj_index); + /* if ND interface adjacencty is present, we need to + install ND adjaceny for specific next hop */ + if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP && + adj->arp.next_hop.ip6.as_u64[0] == 0 && + adj->arp.next_hop.ip6.as_u64[1] == 0) + { + nh_adj_index = vnet_ip6_neighbor_glean_add(fib_index, next_hop); + } + else if (next_hop->as_u8[0] == 0xfe) + { + //Next hop is link-local. No indirect in this case. + //Let's add it as a possible neighbor on this interface + ip6_address_t null_addr= {}; + ip6_add_del_route_next_hop (im, IP6_ROUTE_FLAG_ADD, + next_hop, 128, + &null_addr, next_hop_sw_if_index, + 1, ~0, fib_index); + goto after_nd; + } + } + else + { + nh_adj_index = value.value; + } + } + + return (nh_adj_index); +} + void ip6_add_del_route_next_hop (ip6_main_t * im, u32 flags, @@ -308,9 +414,7 @@ ip6_add_del_route_next_hop (ip6_main_t * im, ip_adjacency_t * dst_adj; ip_multipath_adjacency_t * old_mp, * new_mp; int is_del = (flags & IP6_ROUTE_FLAG_DEL) != 0; - int is_interface_next_hop; clib_error_t * error = 0; - uword * nh_result; BVT(clib_bihash_kv) kv, value; vlib_smp_unsafe_warning(); @@ -323,62 +427,12 @@ ip6_add_del_route_next_hop (ip6_main_t * im, fib = vec_elt_at_index (im->fibs, fib_index); /* Lookup next hop to be added or deleted. */ - is_interface_next_hop = ip6_address_is_zero (next_hop); if (adj_index == (u32)~0) { - if (is_interface_next_hop) - { - nh_result = hash_get (im->interface_route_adj_index_by_sw_if_index, - next_hop_sw_if_index); - if (nh_result) - nh_adj_index = *nh_result; - else - { - ip_adjacency_t * adj; - adj = ip_add_adjacency (lm, /* template */ 0, /* block size */ 1, - &nh_adj_index); - ip6_adjacency_set_interface_route (vnm, adj, - next_hop_sw_if_index, ~0); - ip_call_add_del_adjacency_callbacks - (lm, next_hop_sw_if_index, /* is_del */ 0); - hash_set (im->interface_route_adj_index_by_sw_if_index, - next_hop_sw_if_index, nh_adj_index); - } - } - else - { - /* Look for the interface /128 route */ - kv.key[0] = next_hop->as_u64[0]; - kv.key[1] = next_hop->as_u64[1]; - kv.key[2] = ((u64)((fib - im->fibs))<<32) | 128; - - if (BV(clib_bihash_search)(&im->ip6_lookup_table, &kv, &value) < 0) - { - ip_adjacency_t * adj; - nh_adj_index = ip6_fib_lookup_with_table (im, fib_index, next_hop); - adj = ip_get_adjacency (lm, nh_adj_index); - /* if ND interface adjacencty is present, we need to - install ND adjaceny for specific next hop */ - if (adj->lookup_next_index == IP_LOOKUP_NEXT_ARP && - adj->arp.next_hop.ip6.as_u64[0] == 0 && - adj->arp.next_hop.ip6.as_u64[1] == 0) - { - nh_adj_index = vnet_ip6_neighbor_glean_add(fib_index, next_hop); - } - else - { - ip_adjacency_t add_adj; - add_adj.lookup_next_index = IP_LOOKUP_NEXT_INDIRECT; - add_adj.indirect.next_hop.ip6.as_u64[0] = next_hop->as_u64[0]; - add_adj.indirect.next_hop.ip6.as_u64[1] = next_hop->as_u64[1]; - add_adj.explicit_fib_index = explicit_fib_index; - ip_add_adjacency (lm, &add_adj, 1, &nh_adj_index); - } - } - else - nh_adj_index = value.value; - - } + nh_adj_index = ip6_route_get_next_hop_adj(im, fib_index, + next_hop, + next_hop_sw_if_index, + explicit_fib_index); } else { @@ -445,8 +499,9 @@ ip6_add_del_route_next_hop (ip6_main_t * im, to existing non-multipath adjacency */ if (dst_adj_index == ~0 && next_hop_weight == 1 && next_hop_sw_if_index == ~0) { - /* create new adjacency */ + /* create / delete additional mapping of existing adjacency */ ip6_add_del_route_args_t a; + a.table_index_or_table_id = fib_index; a.flags = ((is_del ? IP6_ROUTE_FLAG_DEL : IP6_ROUTE_FLAG_ADD) | IP6_ROUTE_FLAG_FIB_INDEX @@ -488,6 +543,8 @@ ip6_add_del_route_next_hop (ip6_main_t * im, if (old_mp != new_mp) { ip6_add_del_route_args_t a; + ip_adjacency_t * adj; + a.table_index_or_table_id = fib_index; a.flags = ((is_del ? IP6_ROUTE_FLAG_DEL : IP6_ROUTE_FLAG_ADD) | IP6_ROUTE_FLAG_FIB_INDEX @@ -500,6 +557,10 @@ ip6_add_del_route_next_hop (ip6_main_t * im, a.n_add_adj = 0; ip6_add_del_route (im, &a); + + adj = ip_get_adjacency (lm, new_mp ? new_mp->adj_index : dst_adj_index); + if (adj->n_adj == 1) + adj->share_count += is_del ? -1 : 1; } done: @@ -643,6 +704,12 @@ void ip6_delete_matching_routes (ip6_main_t * im, ip6_maybe_remap_adjacencies (im, table_index_or_table_id, flags); } +void +ip6_forward_next_trace (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame, + vlib_rx_or_tx_t which_adj_index); + always_inline uword ip6_lookup_inline (vlib_main_t * vm, vlib_node_runtime_t * node, @@ -698,7 +765,7 @@ ip6_lookup_inline (vlib_main_t * vm, ip0 = vlib_buffer_get_current (p0); ip1 = vlib_buffer_get_current (p1); - if (is_indirect) + if (PREDICT_FALSE(is_indirect)) { ip_adjacency_t * iadj0, * iadj1; iadj0 = ip_get_adjacency (lm, vnet_buffer(p0)->ip.adj_index[VLIB_TX]); @@ -742,11 +809,11 @@ ip6_lookup_inline (vlib_main_t * vm, next0 = adj0->lookup_next_index; next1 = adj1->lookup_next_index; - /* Process hop-by-hop options if present */ - next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) ? - IP_LOOKUP_NEXT_HOP_BY_HOP : next0; - next1 = (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) ? - IP_LOOKUP_NEXT_HOP_BY_HOP : next1; + /* Only process the HBH Option Header if explicitly configured to do so */ + next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled && + adj_index0 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index; + next1 = (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled && + adj_index1 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj1->lookup_next_index; vnet_buffer (p0)->ip.flow_hash = vnet_buffer(p1)->ip.flow_hash = 0; @@ -844,7 +911,7 @@ ip6_lookup_inline (vlib_main_t * vm, ip0 = vlib_buffer_get_current (p0); - if (is_indirect) + if (PREDICT_FALSE(is_indirect)) { ip_adjacency_t * iadj0; iadj0 = ip_get_adjacency (lm, vnet_buffer(p0)->ip.adj_index[VLIB_TX]); @@ -873,9 +940,9 @@ ip6_lookup_inline (vlib_main_t * vm, adj0 = ip_get_adjacency (lm, adj_index0); } - next0 = adj0->lookup_next_index; - next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) ? - IP_LOOKUP_NEXT_HOP_BY_HOP : next0; + /* Only process the HBH Option Header if explicitly configured to do so */ + next0 = (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS) && im->hbh_enabled && + adj_index0 ? (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : adj0->lookup_next_index; vnet_buffer (p0)->ip.flow_hash = 0; @@ -918,6 +985,9 @@ ip6_lookup_inline (vlib_main_t * vm, vlib_put_next_frame (vm, node, next, n_left_to_next); } + if (node->flags & VLIB_NODE_FLAG_TRACE) + ip6_forward_next_trace(vm, node, frame, VLIB_TX); + return frame->n_vectors; } @@ -1179,6 +1249,106 @@ ip6_sw_interface_admin_up_down (vnet_main_t * vnm, VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down); +/* Built-in ip6 unicast rx feature path definition */ +VNET_IP6_UNICAST_FEATURE_INIT (ip6_inacl, static) = { + .node_name = "ip6-inacl", + .runs_before = ORDER_CONSTRAINTS {"ip6-policer-classify", 0}, + .feature_index = &ip6_main.ip6_unicast_rx_feature_check_access, +}; + +VNET_IP6_UNICAST_FEATURE_INIT (ip6_policer_classify, static) = { + .node_name = "ip6-policer-classify", + .runs_before = ORDER_CONSTRAINTS {"ipsec-input-ip6", 0}, + .feature_index = &ip6_main.ip6_unicast_rx_feature_policer_classify, +}; + +VNET_IP6_UNICAST_FEATURE_INIT (ip6_ipsec, static) = { + .node_name = "ipsec-input-ip6", + .runs_before = ORDER_CONSTRAINTS {"l2tp-decap", 0}, + .feature_index = &ip6_main.ip6_unicast_rx_feature_ipsec, +}; + +VNET_IP6_UNICAST_FEATURE_INIT (ip6_l2tp, static) = { + .node_name = "l2tp-decap", + .runs_before = ORDER_CONSTRAINTS {"vpath-input-ip6", 0}, + .feature_index = &ip6_main.ip6_unicast_rx_feature_l2tp_decap, +}; + +VNET_IP6_UNICAST_FEATURE_INIT (ip6_vpath, static) = { + .node_name = "vpath-input-ip6", + .runs_before = ORDER_CONSTRAINTS {"ip6-lookup", 0}, + .feature_index = &ip6_main.ip6_unicast_rx_feature_vpath, +}; + +VNET_IP6_UNICAST_FEATURE_INIT (ip6_lookup, static) = { + .node_name = "ip6-lookup", + .runs_before = 0, /* not before any other features */ + .feature_index = &ip6_main.ip6_unicast_rx_feature_lookup, +}; + +/* Built-in ip6 multicast rx feature path definition (none now) */ +VNET_IP6_MULTICAST_FEATURE_INIT (ip6_vpath_mc, static) = { + .node_name = "vpath-input-ip6", + .runs_before = ORDER_CONSTRAINTS {"ip6-lookup", 0}, + .feature_index = &ip6_main.ip6_multicast_rx_feature_vpath, +}; + +VNET_IP6_MULTICAST_FEATURE_INIT (ip6_lookup, static) = { + .node_name = "ip6-lookup", + .runs_before = 0, /* not before any other features */ + .feature_index = &ip6_main.ip6_multicast_rx_feature_lookup, +}; + +static char * rx_feature_start_nodes[] = + {"ip6-input"}; + +static char * tx_feature_start_nodes[] = + {"ip6-rewrite"}; + +/* Built-in ip4 tx feature path definition */ +VNET_IP6_TX_FEATURE_INIT (interface_output, static) = { + .node_name = "interface-output", + .runs_before = 0, /* not before any other features */ + .feature_index = &ip6_main.ip6_tx_feature_interface_output, +}; + +static clib_error_t * +ip6_feature_init (vlib_main_t * vm, ip6_main_t * im) +{ + ip_lookup_main_t * lm = &im->lookup_main; + clib_error_t * error; + vnet_cast_t cast; + ip_config_main_t * cm; + vnet_config_main_t * vcm; + char **feature_start_nodes; + int feature_start_len; + + for (cast = 0; cast < VNET_N_IP_FEAT; cast++) + { + cm = &lm->feature_config_mains[cast]; + vcm = &cm->config_main; + + if (cast < VNET_IP_TX_FEAT) + { + feature_start_nodes = rx_feature_start_nodes; + feature_start_len = ARRAY_LEN(rx_feature_start_nodes); + } + else + { + feature_start_nodes = tx_feature_start_nodes; + feature_start_len = ARRAY_LEN(tx_feature_start_nodes); + } + + if ((error = ip_feature_init_cast (vm, cm, vcm, + feature_start_nodes, + feature_start_len, + cast, + 0 /* is_ip4 */))) + return error; + } + return 0; +} + clib_error_t * ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, @@ -1188,45 +1358,40 @@ ip6_sw_interface_add_del (vnet_main_t * vnm, ip6_main_t * im = &ip6_main; ip_lookup_main_t * lm = &im->lookup_main; u32 ci, cast; + u32 feature_index; - for (cast = 0; cast < VNET_N_CAST; cast++) + for (cast = 0; cast < VNET_N_IP_FEAT; cast++) { - ip_config_main_t * cm = &lm->rx_config_mains[cast]; + ip_config_main_t * cm = &lm->feature_config_mains[cast]; vnet_config_main_t * vcm = &cm->config_main; - /* FIXME multicast. */ - if (! vcm->node_index_by_feature_index) - { - char * start_nodes[] = { "ip6-input", }; - char * feature_nodes[] = { - [IP6_RX_FEATURE_CHECK_ACCESS] = "ip6-inacl", - [IP6_RX_FEATURE_IPSEC] = "ipsec-input-ip6", - [IP6_RX_FEATURE_L2TPV3] = "l2tp-decap", - [IP6_RX_FEATURE_VPATH] = "vpath-input-ip6", - [IP6_RX_FEATURE_LOOKUP] = "ip6-lookup", - }; - vnet_config_init (vm, vcm, - start_nodes, ARRAY_LEN (start_nodes), - feature_nodes, ARRAY_LEN (feature_nodes)); - } - vec_validate_init_empty (cm->config_index_by_sw_if_index, sw_if_index, ~0); ci = cm->config_index_by_sw_if_index[sw_if_index]; + if (cast == VNET_IP_RX_UNICAST_FEAT) + feature_index = im->ip6_unicast_rx_feature_lookup; + else if (cast == VNET_IP_RX_MULTICAST_FEAT) + feature_index = im->ip6_multicast_rx_feature_lookup; + else + feature_index = im->ip6_tx_feature_interface_output; + if (is_add) ci = vnet_config_add_feature (vm, vcm, ci, - IP6_RX_FEATURE_LOOKUP, + feature_index, /* config data */ 0, /* # bytes of config data */ 0); else ci = vnet_config_del_feature (vm, vcm, ci, - IP6_RX_FEATURE_LOOKUP, + feature_index, /* config data */ 0, /* # bytes of config data */ 0); cm->config_index_by_sw_if_index[sw_if_index] = ci; + /* + * note: do not update the tx feature count here. + */ } return /* no error */ 0; } @@ -1241,15 +1406,21 @@ ip6_lookup (vlib_main_t * vm, return ip6_lookup_inline (vm, node, frame, /* is_indirect */ 0); } +static u8 * format_ip6_lookup_trace (u8 * s, va_list * args); + VLIB_REGISTER_NODE (ip6_lookup_node) = { .function = ip6_lookup, .name = "ip6-lookup", .vector_size = sizeof (u32), - .n_next_nodes = IP_LOOKUP_N_NEXT, + .format_trace = format_ip6_lookup_trace, + + .n_next_nodes = IP6_LOOKUP_N_NEXT, .next_nodes = IP6_LOOKUP_NEXT_NODES, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup); + static uword ip6_indirect (vlib_main_t * vm, vlib_node_runtime_t * node, @@ -1263,11 +1434,13 @@ VLIB_REGISTER_NODE (ip6_indirect_node) = { .function = ip6_indirect, .name = "ip6-indirect", .vector_size = sizeof (u32), - - .n_next_nodes = IP_LOOKUP_N_NEXT, - .next_nodes = IP6_LOOKUP_NEXT_NODES, + .sibling_of = "ip6-lookup", + .format_trace = format_ip6_lookup_trace, + .n_next_nodes = 0, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_indirect_node, ip6_indirect); + typedef struct { /* Adjacency taken. */ u32 adj_index; @@ -1279,33 +1452,54 @@ typedef struct { } ip6_forward_next_trace_t; static u8 * format_ip6_forward_next_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + ip6_forward_next_trace_t * t = va_arg (*args, ip6_forward_next_trace_t *); + uword indent = format_get_indent (s); + + s = format(s, "%U%U", + format_white_space, indent, + format_ip6_header, t->packet_data); + return s; +} + +static u8 * format_ip6_lookup_trace (u8 * s, va_list * args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); ip6_forward_next_trace_t * t = va_arg (*args, ip6_forward_next_trace_t *); vnet_main_t * vnm = vnet_get_main(); ip6_main_t * im = &ip6_main; - ip_adjacency_t * adj; uword indent = format_get_indent (s); - adj = ip_get_adjacency (&im->lookup_main, t->adj_index); s = format (s, "fib %d adj-idx %d : %U flow hash: 0x%08x", - t->fib_index, t->adj_index, format_ip_adjacency, - vnm, &im->lookup_main, t->adj_index, t->flow_hash); - switch (adj->lookup_next_index) - { - case IP_LOOKUP_NEXT_REWRITE: - s = format (s, "\n%U%U", - format_white_space, indent, - format_ip_adjacency_packet_data, - vnm, &im->lookup_main, t->adj_index, - t->packet_data, sizeof (t->packet_data)); - break; + t->fib_index, t->adj_index, format_ip_adjacency, + vnm, &im->lookup_main, t->adj_index, t->flow_hash); + s = format(s, "\n%U%U", + format_white_space, indent, + format_ip6_header, t->packet_data); + return s; +} - default: - break; - } +static u8 * format_ip6_rewrite_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + ip6_forward_next_trace_t * t = va_arg (*args, ip6_forward_next_trace_t *); + vnet_main_t * vnm = vnet_get_main(); + ip6_main_t * im = &ip6_main; + uword indent = format_get_indent (s); + + s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x", + t->fib_index, t->adj_index, format_ip_adjacency, + vnm, &im->lookup_main, t->adj_index, t->flow_hash); + s = format (s, "\n%U%U", + format_white_space, indent, + format_ip_adjacency_packet_data, + vnm, &im->lookup_main, t->adj_index, + t->packet_data, sizeof (t->packet_data)); return s; } @@ -1321,7 +1515,7 @@ ip6_forward_next_trace (vlib_main_t * vm, n_left = frame->n_vectors; from = vlib_frame_vector_args (frame); - + while (n_left >= 4) { u32 bi0, bi1; @@ -1343,8 +1537,11 @@ ip6_forward_next_trace (vlib_main_t * vm, t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0])); t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index]; t0->flow_hash = vnet_buffer (b0)->ip.flow_hash; - t0->fib_index = vec_elt (im->fib_index_by_sw_if_index, - vnet_buffer(b0)->sw_if_index[VLIB_RX]); + t0->fib_index = (vnet_buffer(b0)->sw_if_index[VLIB_TX] != (u32)~0) ? + vnet_buffer(b0)->sw_if_index[VLIB_TX] : + vec_elt (im->fib_index_by_sw_if_index, + vnet_buffer(b0)->sw_if_index[VLIB_RX]); + clib_memcpy (t0->packet_data, vlib_buffer_get_current (b0), sizeof (t0->packet_data)); @@ -1354,8 +1551,11 @@ ip6_forward_next_trace (vlib_main_t * vm, t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0])); t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index]; t1->flow_hash = vnet_buffer (b1)->ip.flow_hash; - t1->fib_index = vec_elt (im->fib_index_by_sw_if_index, - vnet_buffer(b1)->sw_if_index[VLIB_RX]); + t1->fib_index = (vnet_buffer(b1)->sw_if_index[VLIB_TX] != (u32)~0) ? + vnet_buffer(b1)->sw_if_index[VLIB_TX] : + vec_elt (im->fib_index_by_sw_if_index, + vnet_buffer(b1)->sw_if_index[VLIB_RX]); + clib_memcpy (t1->packet_data, vlib_buffer_get_current (b1), sizeof (t1->packet_data)); @@ -1379,8 +1579,11 @@ ip6_forward_next_trace (vlib_main_t * vm, t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0])); t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index]; t0->flow_hash = vnet_buffer (b0)->ip.flow_hash; - t0->fib_index = vec_elt (im->fib_index_by_sw_if_index, - vnet_buffer(b0)->sw_if_index[VLIB_RX]); + t0->fib_index = (vnet_buffer(b0)->sw_if_index[VLIB_TX] != (u32)~0) ? + vnet_buffer(b0)->sw_if_index[VLIB_TX] : + vec_elt (im->fib_index_by_sw_if_index, + vnet_buffer(b0)->sw_if_index[VLIB_RX]); + clib_memcpy (t0->packet_data, vlib_buffer_get_current (b0), sizeof (t0->packet_data)); @@ -1444,6 +1647,8 @@ VLIB_REGISTER_NODE (ip6_drop_node,static) = { }, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop); + VLIB_REGISTER_NODE (ip6_punt_node,static) = { .function = ip6_punt, .name = "ip6-punt", @@ -1457,6 +1662,8 @@ VLIB_REGISTER_NODE (ip6_punt_node,static) = { }, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt); + VLIB_REGISTER_NODE (ip6_miss_node,static) = { .function = ip6_miss, .name = "ip6-miss", @@ -1470,6 +1677,8 @@ VLIB_REGISTER_NODE (ip6_miss_node,static) = { }, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_miss_node, ip6_miss); + VLIB_REGISTER_NODE (ip6_multicast_node,static) = { .function = ip6_drop, .name = "ip6-multicast", @@ -1848,6 +2057,8 @@ VLIB_REGISTER_NODE (ip6_local_node,static) = { }, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local); + void ip6_register_protocol (u32 protocol, u32 node_index) { vlib_main_t * vm = vlib_get_main(); @@ -1867,6 +2078,7 @@ typedef enum { typedef enum { IP6_DISCOVER_NEIGHBOR_ERROR_DROP, IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT, + IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS, } ip6_discover_neighbor_error_t; static uword @@ -1997,8 +2209,13 @@ ip6_discover_neighbor (vlib_main_t * vm, * Choose source address based on destination lookup * adjacency. */ - ip6_src_address_for_packet (im, p0, &h0->ip.src_address, - sw_if_index0); + if (ip6_src_address_for_packet (im, p0, &h0->ip.src_address, + sw_if_index0)) { + //There is no address on the interface + p0->error = node->errors[IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]; + vlib_buffer_free(vm, &bi0, 1); + continue; + } /* * Destination address is a solicited node multicast address. @@ -2049,6 +2266,8 @@ static char * ip6_discover_neighbor_error_strings[] = { [IP6_DISCOVER_NEIGHBOR_ERROR_DROP] = "address overflow drops", [IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT] = "neighbor solicitations sent", + [IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS] + = "no source address for ND solicitation", }; VLIB_REGISTER_NODE (ip6_discover_neighbor_node) = { @@ -2143,6 +2362,7 @@ ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index) typedef enum { IP6_REWRITE_NEXT_DROP, + IP6_REWRITE_NEXT_ICMP_ERROR, } ip6_rewrite_next_t; always_inline uword @@ -2156,6 +2376,7 @@ ip6_rewrite_inline (vlib_main_t * vm, u32 n_left_from, n_left_to_next, * to_next, next_index; vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip6_input_node.index); vlib_rx_or_tx_t adj_rx_tx = rewrite_for_locally_received_packets ? VLIB_RX : VLIB_TX; + ip_config_main_t * cm = &lm->feature_config_mains[VNET_IP_TX_FEAT]; n_left_from = frame->n_vectors; next_index = node->cached_next_index; @@ -2172,6 +2393,7 @@ ip6_rewrite_inline (vlib_main_t * vm, ip6_header_t * ip0, * ip1; u32 pi0, rw_len0, next0, error0, adj_index0; u32 pi1, rw_len1, next1, error1, adj_index1; + u32 tx_sw_if_index0, tx_sw_if_index1; /* Prefetch next iteration. */ { @@ -2211,6 +2433,7 @@ ip6_rewrite_inline (vlib_main_t * vm, ip1 = vlib_buffer_get_current (p1); error0 = error1 = IP6_ERROR_NONE; + next0 = next1 = IP6_REWRITE_NEXT_DROP; if (! rewrite_for_locally_received_packets) { @@ -2226,8 +2449,26 @@ ip6_rewrite_inline (vlib_main_t * vm, ip0->hop_limit = hop_limit0; ip1->hop_limit = hop_limit1; - error0 = hop_limit0 <= 0 ? IP6_ERROR_TIME_EXPIRED : error0; - error1 = hop_limit1 <= 0 ? IP6_ERROR_TIME_EXPIRED : error1; + /* + * If the hop count drops below 1 when forwarding, generate + * an ICMP response. + */ + if (PREDICT_FALSE(hop_limit0 <= 0)) + { + error0 = IP6_ERROR_TIME_EXPIRED; + next0 = IP6_REWRITE_NEXT_ICMP_ERROR; + vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0; + icmp6_error_set_vnet_buffer(p0, ICMP6_time_exceeded, + ICMP6_time_exceeded_ttl_exceeded_in_transit, 0); + } + if (PREDICT_FALSE(hop_limit1 <= 0)) + { + error1 = IP6_ERROR_TIME_EXPIRED; + next1 = IP6_REWRITE_NEXT_ICMP_ERROR; + vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32)~0; + icmp6_error_set_vnet_buffer(p1, ICMP6_time_exceeded, + ICMP6_time_exceeded_ttl_exceeded_in_transit, 0); + } } adj0 = ip_get_adjacency (lm, adj_index0); @@ -2249,6 +2490,8 @@ ip6_rewrite_inline (vlib_main_t * vm, rw_len0 = adj0[0].rewrite_header.data_bytes; rw_len1 = adj1[0].rewrite_header.data_bytes; + vnet_buffer(p0)->ip.save_rewrite_length = rw_len0; + vnet_buffer(p1)->ip.save_rewrite_length = rw_len1; vlib_increment_combined_counter (&lm->adjacency_counters, cpu_index, @@ -2269,19 +2512,54 @@ ip6_rewrite_inline (vlib_main_t * vm, ? IP6_ERROR_MTU_EXCEEDED : error1); - p0->current_data -= rw_len0; - p1->current_data -= rw_len1; + /* Don't adjust the buffer for hop count issue; icmp-error node + * wants to see the IP headerr */ + if (PREDICT_TRUE(error0 == IP6_ERROR_NONE)) + { + p0->current_data -= rw_len0; + p0->current_length += rw_len0; - p0->current_length += rw_len0; - p1->current_length += rw_len1; + tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index; + vnet_buffer (p0)->sw_if_index[VLIB_TX] = + tx_sw_if_index0; + next0 = adj0[0].rewrite_header.next_index; - vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index; - vnet_buffer (p1)->sw_if_index[VLIB_TX] = adj1[0].rewrite_header.sw_if_index; - - next0 = (error0 == IP6_ERROR_NONE) ? - adj0[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP; - next1 = (error1 == IP6_ERROR_NONE) ? - adj1[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP; + if (PREDICT_FALSE + (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features, + tx_sw_if_index0))) + { + p0->current_config_index = + vec_elt (cm->config_index_by_sw_if_index, + tx_sw_if_index0); + vnet_get_config_data (&cm->config_main, + &p0->current_config_index, + &next0, + /* # bytes of config data */ 0); + } + } + if (PREDICT_TRUE(error1 == IP6_ERROR_NONE)) + { + p1->current_data -= rw_len1; + p1->current_length += rw_len1; + + tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index; + vnet_buffer (p1)->sw_if_index[VLIB_TX] = + tx_sw_if_index1; + next1 = adj1[0].rewrite_header.next_index; + + if (PREDICT_FALSE + (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features, + tx_sw_if_index1))) + { + p1->current_config_index = + vec_elt (cm->config_index_by_sw_if_index, + tx_sw_if_index1); + vnet_get_config_data (&cm->config_main, + &p1->current_config_index, + &next1, + /* # bytes of config data */ 0); + } + } /* Guess we are only writing on simple Ethernet header. */ vnet_rewrite_two_headers (adj0[0], adj1[0], @@ -2300,6 +2578,7 @@ ip6_rewrite_inline (vlib_main_t * vm, ip6_header_t * ip0; u32 pi0, rw_len0; u32 adj_index0, next0, error0; + u32 tx_sw_if_index0; pi0 = to_next[0] = from[0]; @@ -2315,6 +2594,7 @@ ip6_rewrite_inline (vlib_main_t * vm, ip0 = vlib_buffer_get_current (p0); error0 = IP6_ERROR_NONE; + next0 = IP6_REWRITE_NEXT_DROP; /* Check hop limit */ if (! rewrite_for_locally_received_packets) @@ -2327,7 +2607,18 @@ ip6_rewrite_inline (vlib_main_t * vm, ip0->hop_limit = hop_limit0; - error0 = hop_limit0 <= 0 ? IP6_ERROR_TIME_EXPIRED : error0; + if (PREDICT_FALSE(hop_limit0 <= 0)) + { + /* + * If the hop count drops below 1 when forwarding, generate + * an ICMP response. + */ + error0 = IP6_ERROR_TIME_EXPIRED; + next0 = IP6_REWRITE_NEXT_ICMP_ERROR; + vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32)~0; + icmp6_error_set_vnet_buffer(p0, ICMP6_time_exceeded, + ICMP6_time_exceeded_ttl_exceeded_in_transit, 0); + } } if (rewrite_for_locally_received_packets) @@ -2342,6 +2633,7 @@ ip6_rewrite_inline (vlib_main_t * vm, /* Update packet buffer attributes/set output interface. */ rw_len0 = adj0[0].rewrite_header.data_bytes; + vnet_buffer(p0)->ip.save_rewrite_length = rw_len0; vlib_increment_combined_counter (&lm->adjacency_counters, cpu_index, @@ -2354,12 +2646,31 @@ ip6_rewrite_inline (vlib_main_t * vm, ? IP6_ERROR_MTU_EXCEEDED : error0); - p0->current_data -= rw_len0; - p0->current_length += rw_len0; - vnet_buffer (p0)->sw_if_index[VLIB_TX] = adj0[0].rewrite_header.sw_if_index; - - next0 = (error0 == IP6_ERROR_NONE) ? - adj0[0].rewrite_header.next_index : IP6_REWRITE_NEXT_DROP; + /* Don't adjust the buffer for hop count issue; icmp-error node + * wants to see the IP headerr */ + if (PREDICT_TRUE(error0 == IP6_ERROR_NONE)) + { + p0->current_data -= rw_len0; + p0->current_length += rw_len0; + + tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index; + + vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0; + next0 = adj0[0].rewrite_header.next_index; + + if (PREDICT_FALSE + (clib_bitmap_get (lm->tx_sw_if_has_ip_output_features, + tx_sw_if_index0))) + { + p0->current_config_index = + vec_elt (cm->config_index_by_sw_if_index, + tx_sw_if_index0); + vnet_get_config_data (&cm->config_main, + &p0->current_config_index, + &next0, + /* # bytes of config data */ 0); + } + } p0->error = error_node->errors[error0]; @@ -2406,29 +2717,462 @@ VLIB_REGISTER_NODE (ip6_rewrite_node) = { .name = "ip6-rewrite", .vector_size = sizeof (u32), - .format_trace = format_ip6_forward_next_trace, + .format_trace = format_ip6_rewrite_trace, - .n_next_nodes = 1, + .n_next_nodes = 2, .next_nodes = { [IP6_REWRITE_NEXT_DROP] = "error-drop", + [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error", }, }; -VLIB_REGISTER_NODE (ip6_rewrite_local_node,static) = { +VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite_transit); + +VLIB_REGISTER_NODE (ip6_rewrite_local_node) = { .function = ip6_rewrite_local, .name = "ip6-rewrite-local", .vector_size = sizeof (u32), .sibling_of = "ip6-rewrite", - .format_trace = format_ip6_forward_next_trace, + .format_trace = format_ip6_rewrite_trace, - .n_next_nodes = 1, - .next_nodes = { - [IP6_REWRITE_NEXT_DROP] = "error-drop", - }, + .n_next_nodes = 0, +}; + +VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_local_node, ip6_rewrite_local); + +/* + * Hop-by-Hop handling + */ + +ip6_hop_by_hop_main_t ip6_hop_by_hop_main; + +#define foreach_ip6_hop_by_hop_error \ +_(PROCESSED, "pkts with ip6 hop-by-hop options") \ +_(FORMAT, "incorrectly formatted hop-by-hop options") \ +_(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options") + +typedef enum { +#define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym, + foreach_ip6_hop_by_hop_error +#undef _ + IP6_HOP_BY_HOP_N_ERROR, +} ip6_hop_by_hop_error_t; + +/* + * Primary h-b-h handler trace support + * We work pretty hard on the problem for obvious reasons + */ +typedef struct { + u32 next_index; + u32 trace_len; + u8 option_data[256]; +} ip6_hop_by_hop_trace_t; + +vlib_node_registration_t ip6_hop_by_hop_node; + +static char * ip6_hop_by_hop_error_strings[] = { +#define _(sym,string) string, + foreach_ip6_hop_by_hop_error +#undef _ +}; + +static u8 * +format_ip6_hop_by_hop_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + ip6_hop_by_hop_trace_t * t = va_arg (*args, ip6_hop_by_hop_trace_t *); + ip6_hop_by_hop_header_t *hbh0; + ip6_hop_by_hop_option_t *opt0, *limit0; + ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main; + + u8 type0; + + hbh0 = (ip6_hop_by_hop_header_t *)t->option_data; + + s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d", + t->next_index, (hbh0->length+1)<<3, t->trace_len); + + opt0 = (ip6_hop_by_hop_option_t *) (hbh0+1); + limit0 = (ip6_hop_by_hop_option_t *) ((u8 *)hbh0) + t->trace_len; + + while (opt0 < limit0) { + type0 = opt0->type; + switch (type0) { + case 0: /* Pad, just stop */ + opt0 = (ip6_hop_by_hop_option_t *) ((u8 *)opt0) + 1; + break; + + default: + if (hm->trace[type0]) { + s = (*hm->trace[type0])(s, opt0); + } else { + s = format (s, "\n unrecognized option %d length %d", type0, opt0->length); + } + opt0 = (ip6_hop_by_hop_option_t *) (((u8 *)opt0) + opt0->length + sizeof (ip6_hop_by_hop_option_t)); + break; + } + } + return s; +} + +always_inline u8 ip6_scan_hbh_options ( + vlib_buffer_t * b0, + ip6_header_t *ip0, + ip6_hop_by_hop_header_t *hbh0, + ip6_hop_by_hop_option_t *opt0, + ip6_hop_by_hop_option_t *limit0, + u32 *next0) +{ + ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main; + u8 type0; + u8 error0 = 0; + + while (opt0 < limit0) + { + type0 = opt0->type; + switch (type0) + { + case 0: /* Pad1 */ + opt0 = (ip6_hop_by_hop_option_t *) ((u8 *)opt0) + 1; + continue; + case 1: /* PadN */ + break; + default: + if (hm->options[type0]) + { + if ((*hm->options[type0])(b0, ip0, opt0) < 0) + { + error0 = IP6_HOP_BY_HOP_ERROR_FORMAT; + return(error0); + } + } + else + { + /* Unrecognized mandatory option, check the two high order bits */ + switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS) + { + case HBH_OPTION_TYPE_SKIP_UNKNOWN: + break; + case HBH_OPTION_TYPE_DISCARD_UNKNOWN: + error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION; + *next0 = IP_LOOKUP_NEXT_DROP; + break; + case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP: + error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION; + *next0 = IP_LOOKUP_NEXT_ICMP_ERROR; + icmp6_error_set_vnet_buffer(b0, ICMP6_parameter_problem, + ICMP6_parameter_problem_unrecognized_option, (u8 *)opt0 - (u8 *)ip0); + break; + case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST: + error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION; + if (!ip6_address_is_multicast(&ip0->dst_address)) + { + *next0 = IP_LOOKUP_NEXT_ICMP_ERROR; + icmp6_error_set_vnet_buffer(b0, ICMP6_parameter_problem, + ICMP6_parameter_problem_unrecognized_option, (u8 *)opt0 - (u8 *)ip0); + } + else + { + *next0 = IP_LOOKUP_NEXT_DROP; + } + break; + } + return(error0); + } + } + opt0 = (ip6_hop_by_hop_option_t *) (((u8 *)opt0) + opt0->length + sizeof (ip6_hop_by_hop_option_t)); + } + return(error0); +} + +/* + * Process the Hop-by-Hop Options header + */ +static uword +ip6_hop_by_hop (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) +{ + vlib_node_runtime_t *error_node = vlib_node_get_runtime(vm, ip6_hop_by_hop_node.index); + ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main; + u32 n_left_from, *from, *to_next; + ip_lookup_next_t next_index; + ip6_main_t * im = &ip6_main; + ip_lookup_main_t *lm = &im->lookup_main; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = node->cached_next_index; + + while (n_left_from > 0) { + u32 n_left_to_next; + + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + while (n_left_from >= 4 && n_left_to_next >= 2) { + u32 bi0, bi1; + vlib_buffer_t * b0, *b1; + u32 next0, next1; + ip6_header_t * ip0, *ip1; + ip6_hop_by_hop_header_t *hbh0, *hbh1; + ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1; + u8 error0 = 0, error1 = 0; + + /* Prefetch next iteration. */ + { + vlib_buffer_t * p2, * p3; + + p2 = vlib_get_buffer (vm, from[2]); + p3 = vlib_get_buffer (vm, from[3]); + + vlib_prefetch_buffer_header (p2, LOAD); + vlib_prefetch_buffer_header (p3, LOAD); + + CLIB_PREFETCH (p2->data, 2*CLIB_CACHE_LINE_BYTES, LOAD); + CLIB_PREFETCH (p3->data, 2*CLIB_CACHE_LINE_BYTES, LOAD); + } + + /* Speculatively enqueue b0, b1 to the current next frame */ + to_next[0] = bi0 = from[0]; + to_next[1] = bi1 = from[1]; + from += 2; + to_next += 2; + n_left_from -= 2; + n_left_to_next -= 2; + + b0 = vlib_get_buffer (vm, bi0); + b1 = vlib_get_buffer (vm, bi1); + u32 adj_index0 = vnet_buffer(b0)->ip.adj_index[VLIB_TX]; + ip_adjacency_t *adj0 = ip_get_adjacency(lm, adj_index0); + u32 adj_index1 = vnet_buffer(b1)->ip.adj_index[VLIB_TX]; + ip_adjacency_t *adj1 = ip_get_adjacency(lm, adj_index1); + + /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */ + next0 = adj0->lookup_next_index; + next1 = adj1->lookup_next_index; + + ip0 = vlib_buffer_get_current (b0); + ip1 = vlib_buffer_get_current (b1); + hbh0 = (ip6_hop_by_hop_header_t *)(ip0+1); + hbh1 = (ip6_hop_by_hop_header_t *)(ip1+1); + opt0 = (ip6_hop_by_hop_option_t *)(hbh0+1); + opt1 = (ip6_hop_by_hop_option_t *)(hbh1+1); + limit0 = (ip6_hop_by_hop_option_t *)((u8 *)hbh0 + ((hbh0->length + 1) << 3)); + limit1 = (ip6_hop_by_hop_option_t *)((u8 *)hbh1 + ((hbh1->length + 1) << 3)); + + /* + * Basic validity checks + */ + if ((hbh0->length + 1) << 3 > clib_net_to_host_u16(ip0->payload_length)) { + error0 = IP6_HOP_BY_HOP_ERROR_FORMAT; + next0 = IP_LOOKUP_NEXT_DROP; + goto outdual; + } + /* Scan the set of h-b-h options, process ones that we understand */ + error0 = ip6_scan_hbh_options(b0, ip0, hbh0, opt0, limit0, &next0); + + if ((hbh1->length + 1) << 3 > clib_net_to_host_u16(ip1->payload_length)) { + error1 = IP6_HOP_BY_HOP_ERROR_FORMAT; + next1 = IP_LOOKUP_NEXT_DROP; + goto outdual; + } + /* Scan the set of h-b-h options, process ones that we understand */ + error1 = ip6_scan_hbh_options(b1,ip1,hbh1,opt1,limit1, &next1); + + outdual: + /* Has the classifier flagged this buffer for special treatment? */ + if ((error0 == 0) && (vnet_buffer(b0)->l2_classify.opaque_index == OI_DECAP)) + next0 = hm->next_override; + + /* Has the classifier flagged this buffer for special treatment? */ + if ((error1 == 0) && (vnet_buffer(b1)->l2_classify.opaque_index == OI_DECAP)) + next1 = hm->next_override; + + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE))) + { + if (b0->flags & VLIB_BUFFER_IS_TRACED) { + ip6_hop_by_hop_trace_t *t = vlib_add_trace(vm, node, b0, sizeof (*t)); + u32 trace_len = (hbh0->length + 1) << 3; + t->next_index = next0; + /* Capture the h-b-h option verbatim */ + trace_len = trace_len < ARRAY_LEN(t->option_data) ? trace_len : ARRAY_LEN(t->option_data); + t->trace_len = trace_len; + clib_memcpy(t->option_data, hbh0, trace_len); + } + if (b1->flags & VLIB_BUFFER_IS_TRACED) { + ip6_hop_by_hop_trace_t *t = vlib_add_trace(vm, node, b1, sizeof (*t)); + u32 trace_len = (hbh1->length + 1) << 3; + t->next_index = next1; + /* Capture the h-b-h option verbatim */ + trace_len = trace_len < ARRAY_LEN(t->option_data) ? trace_len : ARRAY_LEN(t->option_data); + t->trace_len = trace_len; + clib_memcpy(t->option_data, hbh1, trace_len); + } + + } + + b0->error = error_node->errors[error0]; + b1->error = error_node->errors[error1]; + + /* verify speculative enqueue, maybe switch current next frame */ + vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next, n_left_to_next, bi0, + bi1,next0, next1); + } + + while (n_left_from > 0 && n_left_to_next > 0) { + u32 bi0; + vlib_buffer_t * b0; + u32 next0; + ip6_header_t * ip0; + ip6_hop_by_hop_header_t *hbh0; + ip6_hop_by_hop_option_t *opt0, *limit0; + u8 error0 = 0; + + /* Speculatively enqueue b0 to the current next frame */ + bi0 = from[0]; + to_next[0] = bi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + b0 = vlib_get_buffer (vm, bi0); + u32 adj_index0 = vnet_buffer(b0)->ip.adj_index[VLIB_TX]; + ip_adjacency_t *adj0 = ip_get_adjacency(lm, adj_index0); + /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */ + next0 = adj0->lookup_next_index; + + ip0 = vlib_buffer_get_current (b0); + hbh0 = (ip6_hop_by_hop_header_t *)(ip0+1); + opt0 = (ip6_hop_by_hop_option_t *)(hbh0+1); + limit0 = (ip6_hop_by_hop_option_t *)((u8 *)hbh0 + ((hbh0->length + 1) << 3)); + + /* + * Basic validity checks + */ + if ((hbh0->length + 1) << 3 > clib_net_to_host_u16(ip0->payload_length)) { + error0 = IP6_HOP_BY_HOP_ERROR_FORMAT; + next0 = IP_LOOKUP_NEXT_DROP; + goto out0; + } + + /* Scan the set of h-b-h options, process ones that we understand */ + error0 = ip6_scan_hbh_options(b0, ip0, hbh0, opt0, limit0, &next0); + + out0: + /* Has the classifier flagged this buffer for special treatment? */ + if ((error0 == 0) && (vnet_buffer(b0)->l2_classify.opaque_index == OI_DECAP)) + next0 = hm->next_override; + + if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED)) { + ip6_hop_by_hop_trace_t *t = vlib_add_trace(vm, node, b0, sizeof (*t)); + u32 trace_len = (hbh0->length + 1) << 3; + t->next_index = next0; + /* Capture the h-b-h option verbatim */ + trace_len = trace_len < ARRAY_LEN(t->option_data) ? trace_len : ARRAY_LEN(t->option_data); + t->trace_len = trace_len; + clib_memcpy(t->option_data, hbh0, trace_len); + } + + b0->error = error_node->errors[error0]; + + /* verify speculative enqueue, maybe switch current next frame */ + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, bi0, next0); + } + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + return frame->n_vectors; +} + +VLIB_REGISTER_NODE (ip6_hop_by_hop_node) = { + .function = ip6_hop_by_hop, + .name = "ip6-hop-by-hop", + .sibling_of = "ip6-lookup", + .vector_size = sizeof (u32), + .format_trace = format_ip6_hop_by_hop_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = ARRAY_LEN(ip6_hop_by_hop_error_strings), + .error_strings = ip6_hop_by_hop_error_strings, + .n_next_nodes = 0, }; +VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop); + +static clib_error_t * +ip6_hop_by_hop_init (vlib_main_t * vm) +{ + ip6_hop_by_hop_main_t * hm = &ip6_hop_by_hop_main; + memset(hm->options, 0, sizeof(hm->options)); + memset(hm->trace, 0, sizeof(hm->trace)); + hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP; + return (0); +} + +VLIB_INIT_FUNCTION (ip6_hop_by_hop_init); + +void ip6_hbh_set_next_override (uword next) +{ + ip6_hop_by_hop_main_t * hm = &ip6_hop_by_hop_main; + + hm->next_override = next; +} + +int +ip6_hbh_register_option (u8 option, + int options(vlib_buffer_t *b, ip6_header_t *ip, ip6_hop_by_hop_option_t *opt), + u8 *trace(u8 *s, ip6_hop_by_hop_option_t *opt)) +{ + ip6_main_t * im = &ip6_main; + ip6_hop_by_hop_main_t * hm = &ip6_hop_by_hop_main; + + ASSERT (option < ARRAY_LEN (hm->options)); + + /* Already registered */ + if (hm->options[option]) + return (-1); + + hm->options[option] = options; + hm->trace[option] = trace; + + /* Set global variable */ + im->hbh_enabled = 1; + + return (0); +} + +int +ip6_hbh_unregister_option (u8 option) +{ + ip6_main_t * im = &ip6_main; + ip6_hop_by_hop_main_t * hm = &ip6_hop_by_hop_main; + + ASSERT (option < ARRAY_LEN (hm->options)); + + /* Not registered */ + if (!hm->options[option]) + return (-1); + + hm->options[option] = NULL; + hm->trace[option] = NULL; + + /* Disable global knob if this was the last option configured */ + int i; + bool found = false; + for (i = 0; i < 256; i++) { + if (hm->options[option]) { + found = true; + break; + } + } + if (!found) + im->hbh_enabled = 0; + + return (0); +} + /* Global IP6 main. */ ip6_main_t ip6_main; @@ -2436,6 +3180,7 @@ static clib_error_t * ip6_lookup_init (vlib_main_t * vm) { ip6_main_t * im = &ip6_main; + clib_error_t * error; uword i; for (i = 0; i < ARRAY_LEN (im->fib_masks); i++) @@ -2475,6 +3220,9 @@ ip6_lookup_init (vlib_main_t * vm) pn->unformat_edit = unformat_pg_ip6_header; } + /* Unless explicitly configured, don't process HBH options */ + im->hbh_enabled = 0; + { icmp6_neighbor_solicitation_header_t p; @@ -2499,7 +3247,9 @@ ip6_lookup_init (vlib_main_t * vm) "ip6 neighbor discovery"); } - return 0; + error = ip6_feature_init (vm, im); + + return error; } VLIB_INIT_FUNCTION (ip6_lookup_init); @@ -2547,7 +3297,7 @@ add_del_ip6_interface_table (vlib_main_t * vm, return error; } -VLIB_CLI_COMMAND (set_interface_ip_table_command, static) = { +VLIB_CLI_COMMAND (set_interface_ip6_table_command, static) = { .path = "set interface ip6 table", .function = add_del_ip6_interface_table, .short_help = "set interface ip6 table " @@ -2692,7 +3442,7 @@ show_ip6_local_command_fn (vlib_main_t * vm, -VLIB_CLI_COMMAND (show_ip_local, static) = { +VLIB_CLI_COMMAND (show_ip6_local, static) = { .path = "show ip6 local", .function = show_ip6_local_command_fn, .short_help = "Show ip6 local protocol table", @@ -2800,3 +3550,43 @@ ip6_config (vlib_main_t * vm, unformat_input_t * input) VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6"); +#define TEST_CODE 1 +#if TEST_CODE > 0 + +static clib_error_t * +set_interface_ip6_output_feature_command_fn (vlib_main_t * vm, + unformat_input_t * input, + vlib_cli_command_t * cmd) +{ + vnet_main_t * vnm = vnet_get_main(); + u32 sw_if_index = ~0; + int is_add = 1; + ip6_main_t * im = &ip6_main; + ip_lookup_main_t * lm = &im->lookup_main; + + while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index)) + ; + else if (unformat (input, "del")) + is_add = 0; + else + break; + } + + if (sw_if_index == ~0) + return clib_error_return (0, "unknown interface `%U'", + format_unformat_error, input); + + lm->tx_sw_if_has_ip_output_features = + clib_bitmap_set (lm->tx_sw_if_has_ip_output_features, sw_if_index, is_add); + + return 0; +} + +VLIB_CLI_COMMAND (set_interface_ip6_output_feature, static) = { + .path = "set interface ip6 output feature", + .function = set_interface_ip6_output_feature_command_fn, + .short_help = "set interface output feature ", +}; +#endif /* TEST_CODE */