2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/icmp6.c: ip6 icmp
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vlib/vlib.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/pg/pg.h>
43 #include <vnet/ip/ip_sas.h>
44 #include <vnet/util/throttle.h>
46 /** ICMP throttling */
47 static throttle_t icmp_throttle;
50 format_ip6_icmp_type_and_code (u8 * s, va_list * args)
52 icmp6_type_t type = va_arg (*args, int);
53 u8 code = va_arg (*args, int);
56 #define _(n,f) case n: t = #f; break;
69 return format (s, "unknown 0x%x", type);
71 s = format (s, "%s", t);
74 switch ((type << 8) | code)
76 #define _(a,n,f) case (ICMP6_##a << 8) | (n): t = #f; break;
84 s = format (s, " %s", t);
90 format_icmp6_header (u8 * s, va_list * args)
92 icmp46_header_t *icmp = va_arg (*args, icmp46_header_t *);
93 u32 max_header_bytes = va_arg (*args, u32);
96 if (max_header_bytes < sizeof (icmp[0]))
97 return format (s, "ICMP header truncated");
99 s = format (s, "ICMP %U checksum 0x%x",
100 format_ip6_icmp_type_and_code, icmp->type, icmp->code,
101 clib_net_to_host_u16 (icmp->checksum));
103 if (max_header_bytes >=
104 sizeof (icmp6_neighbor_solicitation_or_advertisement_header_t) &&
105 (icmp->type == ICMP6_neighbor_solicitation ||
106 icmp->type == ICMP6_neighbor_advertisement))
108 icmp6_neighbor_solicitation_or_advertisement_header_t *icmp6_nd =
109 (icmp6_neighbor_solicitation_or_advertisement_header_t *) icmp;
110 s = format (s, "\n target address %U",
111 format_ip6_address, &icmp6_nd->target_address);
118 format_icmp6_input_trace (u8 * s, va_list * va)
120 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *);
121 CLIB_UNUSED (vlib_node_t * node) = va_arg (*va, vlib_node_t *);
122 icmp6_input_trace_t *t = va_arg (*va, icmp6_input_trace_t *);
125 format_ip6_header, t->packet_data, sizeof (t->packet_data));
132 ICMP_INPUT_NEXT_PUNT,
138 uword *type_and_code_by_name;
142 /* Vector dispatch table indexed by [icmp type]. */
143 u8 input_next_index_by_type[256];
145 /* Max valid code indexed by icmp type. */
146 u8 max_valid_code_by_type[256];
148 /* hop_limit must be >= this value for this icmp type. */
149 u8 min_valid_hop_limit_by_type[256];
151 u8 min_valid_length_by_type[256];
154 icmp6_main_t icmp6_main;
157 ip6_icmp_input (vlib_main_t * vm,
158 vlib_node_runtime_t * node, vlib_frame_t * frame)
160 icmp6_main_t *im = &icmp6_main;
162 u32 n_left_from, n_left_to_next, next_index;
164 from = vlib_frame_vector_args (frame);
165 n_left_from = frame->n_vectors;
166 next_index = node->cached_next_index;
168 if (node->flags & VLIB_NODE_FLAG_TRACE)
169 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
171 sizeof (icmp6_input_trace_t));
173 while (n_left_from > 0)
175 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
177 while (n_left_from > 0 && n_left_to_next > 0)
181 icmp46_header_t *icmp0;
183 u32 bi0, next0, error0, len0;
185 bi0 = to_next[0] = from[0];
192 b0 = vlib_get_buffer (vm, bi0);
193 ip0 = vlib_buffer_get_current (b0);
194 icmp0 = ip6_next_header (ip0);
197 error0 = ICMP6_ERROR_NONE;
199 next0 = im->input_next_index_by_type[type0];
201 next0 == ICMP_INPUT_NEXT_PUNT ? ICMP6_ERROR_UNKNOWN_TYPE : error0;
203 /* Check code is valid for type. */
206 im->max_valid_code_by_type[type0] ?
207 ICMP6_ERROR_INVALID_CODE_FOR_TYPE : error0;
209 /* Checksum is already validated by ip6_local node so we don't need to check that. */
211 /* Check that hop limit == 255 for certain types. */
214 im->min_valid_hop_limit_by_type[type0] ?
215 ICMP6_ERROR_INVALID_HOP_LIMIT_FOR_TYPE : error0;
217 len0 = clib_net_to_host_u16 (ip0->payload_length);
220 im->min_valid_length_by_type[type0] ?
221 ICMP6_ERROR_LENGTH_TOO_SMALL_FOR_TYPE : error0;
223 b0->error = node->errors[error0];
225 next0 = error0 != ICMP6_ERROR_NONE ? ICMP_INPUT_NEXT_PUNT : next0;
227 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
228 to_next, n_left_to_next,
232 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
235 return frame->n_vectors;
238 VLIB_REGISTER_NODE (ip6_icmp_input_node) = {
239 .function = ip6_icmp_input,
240 .name = "ip6-icmp-input",
242 .vector_size = sizeof (u32),
244 .format_trace = format_icmp6_input_trace,
246 .n_errors = ICMP6_N_ERROR,
247 .error_counters = icmp6_error_counters,
251 [ICMP_INPUT_NEXT_PUNT] = "ip6-punt",
257 IP6_ICMP_ERROR_NEXT_DROP,
258 IP6_ICMP_ERROR_NEXT_LOOKUP,
259 IP6_ICMP_ERROR_N_NEXT,
260 } ip6_icmp_error_next_t;
263 icmp6_error_set_vnet_buffer (vlib_buffer_t * b, u8 type, u8 code, u32 data)
265 vnet_buffer (b)->ip.icmp.type = type;
266 vnet_buffer (b)->ip.icmp.code = code;
267 vnet_buffer (b)->ip.icmp.data = data;
271 icmp6_icmp_type_to_error (u8 type)
275 case ICMP6_destination_unreachable:
276 return ICMP6_ERROR_DEST_UNREACH_SENT;
277 case ICMP6_packet_too_big:
278 return ICMP6_ERROR_PACKET_TOO_BIG_SENT;
279 case ICMP6_time_exceeded:
280 return ICMP6_ERROR_TTL_EXPIRE_SENT;
281 case ICMP6_parameter_problem:
282 return ICMP6_ERROR_PARAM_PROBLEM_SENT;
284 return ICMP6_ERROR_DROP;
289 ip6_icmp_error (vlib_main_t * vm,
290 vlib_node_runtime_t * node, vlib_frame_t * frame)
293 uword n_left_from, n_left_to_next;
294 ip6_icmp_error_next_t next_index;
295 u32 thread_index = vm->thread_index;
297 from = vlib_frame_vector_args (frame);
298 n_left_from = frame->n_vectors;
299 next_index = node->cached_next_index;
301 u64 seed = throttle_seed (&icmp_throttle, thread_index, vlib_time_now (vm));
303 if (node->flags & VLIB_NODE_FLAG_TRACE)
304 vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors,
306 sizeof (icmp6_input_trace_t));
308 while (n_left_from > 0)
310 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
312 while (n_left_from > 0 && n_left_to_next > 0)
315 * Duplicate first buffer and free the original chain. Keep
316 * as much of the original packet as possible, within the
317 * minimum MTU. We chat "a little" here by keeping whatever
318 * is available in the first buffer.
322 u32 org_pi0 = from[0];
323 u32 next0 = IP6_ICMP_ERROR_NEXT_LOOKUP;
324 u8 error0 = ICMP6_ERROR_NONE;
325 vlib_buffer_t *p0, *org_p0;
326 ip6_header_t *ip0, *out_ip0;
327 icmp46_header_t *icmp0;
331 org_p0 = vlib_get_buffer (vm, org_pi0);
332 ip0 = vlib_buffer_get_current (org_p0);
334 /* Rate limit based on the src,dst addresses in the original packet
336 u64 r0 = (ip6_address_hash_to_u64 (&ip0->dst_address) ^
337 ip6_address_hash_to_u64 (&ip0->src_address));
339 if (throttle_check (&icmp_throttle, thread_index, r0, seed))
341 vlib_error_count (vm, node->node_index, ICMP4_ERROR_DROP, 1);
347 p0 = vlib_buffer_copy_no_chain (vm, org_p0, &pi0);
348 if (!p0 || pi0 == ~0) /* Out of buffers */
351 /* Speculatively enqueue p0 to the current next frame */
358 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
360 vlib_buffer_copy_trace_flag (vm, p0, pi0);
362 /* Add IP header and ICMPv6 header including a 4 byte data field */
363 vlib_buffer_advance (p0,
364 -(sizeof (ip6_header_t) +
365 sizeof (icmp46_header_t) + 4));
367 p0->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED;
369 p0->current_length > 1280 ? 1280 : p0->current_length;
371 out_ip0 = vlib_buffer_get_current (p0);
372 icmp0 = (icmp46_header_t *) & out_ip0[1];
374 /* Fill ip header fields */
375 out_ip0->ip_version_traffic_class_and_flow_label =
376 clib_host_to_net_u32 (0x6 << 28);
378 out_ip0->payload_length =
379 clib_host_to_net_u16 (p0->current_length - sizeof (ip6_header_t));
380 out_ip0->protocol = IP_PROTOCOL_ICMP6;
381 out_ip0->hop_limit = 0xff;
382 out_ip0->dst_address = ip0->src_address;
383 /* Prefer a source address from "offending interface" */
384 if (!ip6_sas_by_sw_if_index (sw_if_index0, &out_ip0->dst_address,
385 &out_ip0->src_address))
386 { /* interface has no IP6 address - should not happen */
387 next0 = IP6_ICMP_ERROR_NEXT_DROP;
388 error0 = ICMP6_ERROR_DROP;
391 /* Fill icmp header fields */
392 icmp0->type = vnet_buffer (p0)->ip.icmp.type;
393 icmp0->code = vnet_buffer (p0)->ip.icmp.code;
394 *((u32 *) (icmp0 + 1)) =
395 clib_host_to_net_u32 (vnet_buffer (p0)->ip.icmp.data);
398 ip6_tcp_udp_icmp_compute_checksum (vm, p0, out_ip0,
401 /* Update error status */
402 if (error0 == ICMP6_ERROR_NONE)
403 error0 = icmp6_icmp_type_to_error (icmp0->type);
405 vlib_error_count (vm, node->node_index, error0, 1);
407 /* Verify speculative enqueue, maybe switch current next frame */
408 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
409 to_next, n_left_to_next,
412 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
416 * push the original buffers to error-drop, so that
417 * they can get the error counters handled, then freed
419 vlib_buffer_enqueue_to_single_next (vm, node,
420 vlib_frame_vector_args (frame),
421 IP6_ICMP_ERROR_NEXT_DROP,
424 return frame->n_vectors;
427 VLIB_REGISTER_NODE (ip6_icmp_error_node) = {
428 .function = ip6_icmp_error,
429 .name = "ip6-icmp-error",
430 .vector_size = sizeof (u32),
432 .n_errors = ICMP6_N_ERROR,
433 .error_counters = icmp6_error_counters,
435 .n_next_nodes = IP6_ICMP_ERROR_N_NEXT,
437 [IP6_ICMP_ERROR_NEXT_DROP] = "error-drop",
438 [IP6_ICMP_ERROR_NEXT_LOOKUP] = "ip6-lookup",
441 .format_trace = format_icmp6_input_trace,
446 unformat_icmp_type_and_code (unformat_input_t * input, va_list * args)
448 icmp46_header_t *h = va_arg (*args, icmp46_header_t *);
449 icmp6_main_t *cm = &icmp6_main;
452 if (unformat_user (input, unformat_vlib_number_by_name,
453 cm->type_and_code_by_name, &i))
455 h->type = (i >> 8) & 0xff;
456 h->code = (i >> 0) & 0xff;
458 else if (unformat_user (input, unformat_vlib_number_by_name,
459 cm->type_by_name, &i))
471 icmp6_pg_edit_function (pg_main_t * pg,
473 pg_edit_group_t * g, u32 * packets, u32 n_packets)
475 vlib_main_t *vm = vlib_get_main ();
476 u32 ip_offset, icmp_offset;
479 icmp_offset = g->start_byte_offset;
480 ip_offset = (g - 1)->start_byte_offset;
482 while (n_packets >= 1)
486 icmp46_header_t *icmp0;
488 p0 = vlib_get_buffer (vm, packets[0]);
492 ASSERT (p0->current_data == 0);
493 ip0 = (void *) (p0->data + ip_offset);
494 icmp0 = (void *) (p0->data + icmp_offset);
496 icmp0->checksum = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0,
498 ASSERT (bogus_length == 0);
504 pg_edit_t type, code;
506 } pg_icmp46_header_t;
509 pg_icmp_header_init (pg_icmp46_header_t * p)
511 /* Initialize fields that are not bit fields in the IP header. */
512 #define _(f) pg_edit_init (&p->f, icmp46_header_t, f);
520 unformat_pg_icmp_header (unformat_input_t * input, va_list * args)
522 pg_stream_t *s = va_arg (*args, pg_stream_t *);
523 pg_icmp46_header_t *p;
526 p = pg_create_edit_group (s, sizeof (p[0]), sizeof (icmp46_header_t),
528 pg_icmp_header_init (p);
530 p->checksum.type = PG_EDIT_UNSPECIFIED;
535 if (!unformat (input, "ICMP %U", unformat_icmp_type_and_code, &tmp))
538 pg_edit_set_fixed (&p->type, tmp.type);
539 pg_edit_set_fixed (&p->code, tmp.code);
545 if (unformat (input, "checksum %U",
546 unformat_pg_edit, unformat_pg_number, &p->checksum))
549 /* Can't parse input: try next protocol level. */
554 if (!unformat_user (input, unformat_pg_payload, s))
557 if (p->checksum.type == PG_EDIT_UNSPECIFIED)
559 pg_edit_group_t *g = pg_stream_get_group (s, group_index);
560 g->edit_function = icmp6_pg_edit_function;
561 g->edit_function_opaque = 0;
567 /* Free up any edits we may have added. */
568 pg_free_edit_group (s);
573 icmp6_register_type (vlib_main_t * vm, icmp6_type_t type, u32 node_index)
575 icmp6_main_t *im = &icmp6_main;
577 ASSERT ((int) type < ARRAY_LEN (im->input_next_index_by_type));
578 im->input_next_index_by_type[type]
579 = vlib_node_add_next (vm, ip6_icmp_input_node.index, node_index);
582 static clib_error_t *
583 icmp6_init (vlib_main_t * vm)
585 ip_main_t *im = &ip_main;
586 ip_protocol_info_t *pi;
587 icmp6_main_t *cm = &icmp6_main;
590 error = vlib_call_init_function (vm, ip_main_init);
595 pi = ip_get_protocol_info (im, IP_PROTOCOL_ICMP6);
596 pi->format_header = format_icmp6_header;
597 pi->unformat_pg_edit = unformat_pg_icmp_header;
599 cm->type_by_name = hash_create_string (0, sizeof (uword));
600 #define _(n,t) hash_set_mem (cm->type_by_name, #t, (n));
604 cm->type_and_code_by_name = hash_create_string (0, sizeof (uword));
605 #define _(a,n,t) hash_set_mem (cm->type_by_name, #t, (n) | (ICMP6_##a << 8));
609 clib_memset (cm->input_next_index_by_type,
610 ICMP_INPUT_NEXT_PUNT, sizeof (cm->input_next_index_by_type));
611 clib_memset (cm->max_valid_code_by_type, 0,
612 sizeof (cm->max_valid_code_by_type));
614 #define _(a,n,t) cm->max_valid_code_by_type[ICMP6_##a] = clib_max (cm->max_valid_code_by_type[ICMP6_##a], n);
618 clib_memset (cm->min_valid_hop_limit_by_type, 0,
619 sizeof (cm->min_valid_hop_limit_by_type));
620 cm->min_valid_hop_limit_by_type[ICMP6_router_solicitation] = 255;
621 cm->min_valid_hop_limit_by_type[ICMP6_router_advertisement] = 255;
622 cm->min_valid_hop_limit_by_type[ICMP6_neighbor_solicitation] = 255;
623 cm->min_valid_hop_limit_by_type[ICMP6_neighbor_advertisement] = 255;
624 cm->min_valid_hop_limit_by_type[ICMP6_redirect] = 255;
626 clib_memset (cm->min_valid_length_by_type, sizeof (icmp46_header_t),
627 sizeof (cm->min_valid_length_by_type));
628 cm->min_valid_length_by_type[ICMP6_router_solicitation] =
629 sizeof (icmp6_neighbor_discovery_header_t);
630 cm->min_valid_length_by_type[ICMP6_router_advertisement] =
631 sizeof (icmp6_router_advertisement_header_t);
632 cm->min_valid_length_by_type[ICMP6_neighbor_solicitation] =
633 sizeof (icmp6_neighbor_solicitation_or_advertisement_header_t);
634 cm->min_valid_length_by_type[ICMP6_neighbor_advertisement] =
635 sizeof (icmp6_neighbor_solicitation_or_advertisement_header_t);
636 cm->min_valid_length_by_type[ICMP6_redirect] =
637 sizeof (icmp6_redirect_header_t);
639 vlib_thread_main_t *tm = &vlib_thread_main;
640 u32 n_vlib_mains = tm->n_vlib_mains;
642 throttle_init (&icmp_throttle, n_vlib_mains, THROTTLE_BITS, 1e-3);
647 VLIB_INIT_FUNCTION (icmp6_init);
650 * fd.io coding-style-patch-verification: ON
653 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob