2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip4_forward.c: IP v4 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ip/ip_frag.h>
43 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
44 #include <vnet/ethernet/arp_packet.h> /* for ethernet_arp_header_t */
45 #include <vnet/ppp/ppp.h>
46 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
47 #include <vnet/api_errno.h> /* for API error numbers */
48 #include <vnet/fib/fib_table.h> /* for FIB table and entry creation */
49 #include <vnet/fib/fib_entry.h> /* for FIB table and entry creation */
50 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
51 #include <vnet/fib/ip4_fib.h>
52 #include <vnet/dpo/load_balance.h>
53 #include <vnet/dpo/load_balance_map.h>
54 #include <vnet/dpo/classify_dpo.h>
55 #include <vnet/mfib/mfib_table.h> /* for mFIB table and entry creation */
57 #include <vnet/ip/ip4_forward.h>
59 /** @brief IPv4 lookup node.
62 This is the main IPv4 lookup dispatch node.
64 @param vm vlib_main_t corresponding to the current thread
65 @param node vlib_node_runtime_t
66 @param frame vlib_frame_t whose contents should be dispatched
68 @par Graph mechanics: buffer metadata, next index usage
71 - <code>vnet_buffer(b)->sw_if_index[VLIB_RX]</code>
72 - Indicates the @c sw_if_index value of the interface that the
73 packet was received on.
74 - <code>vnet_buffer(b)->sw_if_index[VLIB_TX]</code>
75 - When the value is @c ~0 then the node performs a longest prefix
76 match (LPM) for the packet destination address in the FIB attached
77 to the receive interface.
78 - Otherwise perform LPM for the packet destination address in the
79 indicated FIB. In this case <code>[VLIB_TX]</code> is a FIB index
80 value (0, 1, ...) and not a VRF id.
83 - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
84 - The lookup result adjacency index.
87 - Dispatches the packet to the node index found in
88 ip_adjacency_t @c adj->lookup_next_index
89 (where @c adj is the lookup result adjacency).
91 VLIB_NODE_FN (ip4_lookup_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
94 return ip4_lookup_inline (vm, node, frame,
95 /* lookup_for_responses_to_locally_received_packets */
100 static u8 *format_ip4_lookup_trace (u8 * s, va_list * args);
103 VLIB_REGISTER_NODE (ip4_lookup_node) =
105 .name = "ip4-lookup",
106 .vector_size = sizeof (u32),
107 .format_trace = format_ip4_lookup_trace,
108 .n_next_nodes = IP_LOOKUP_N_NEXT,
109 .next_nodes = IP4_LOOKUP_NEXT_NODES,
113 VLIB_NODE_FN (ip4_load_balance_node) (vlib_main_t * vm,
114 vlib_node_runtime_t * node,
115 vlib_frame_t * frame)
117 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
118 u32 n_left_from, n_left_to_next, *from, *to_next;
119 ip_lookup_next_t next;
120 u32 thread_index = vm->thread_index;
122 from = vlib_frame_vector_args (frame);
123 n_left_from = frame->n_vectors;
124 next = node->cached_next_index;
126 while (n_left_from > 0)
128 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
131 while (n_left_from >= 4 && n_left_to_next >= 2)
133 ip_lookup_next_t next0, next1;
134 const load_balance_t *lb0, *lb1;
135 vlib_buffer_t *p0, *p1;
136 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
137 const ip4_header_t *ip0, *ip1;
138 const dpo_id_t *dpo0, *dpo1;
140 /* Prefetch next iteration. */
142 vlib_buffer_t *p2, *p3;
144 p2 = vlib_get_buffer (vm, from[2]);
145 p3 = vlib_get_buffer (vm, from[3]);
147 vlib_prefetch_buffer_header (p2, STORE);
148 vlib_prefetch_buffer_header (p3, STORE);
150 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
151 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
154 pi0 = to_next[0] = from[0];
155 pi1 = to_next[1] = from[1];
162 p0 = vlib_get_buffer (vm, pi0);
163 p1 = vlib_get_buffer (vm, pi1);
165 ip0 = vlib_buffer_get_current (p0);
166 ip1 = vlib_buffer_get_current (p1);
167 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
168 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
170 lb0 = load_balance_get (lbi0);
171 lb1 = load_balance_get (lbi1);
174 * this node is for via FIBs we can re-use the hash value from the
175 * to node if present.
176 * We don't want to use the same hash value at each level in the recursion
177 * graph as that would lead to polarisation
181 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
183 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
185 hc0 = vnet_buffer (p0)->ip.flow_hash =
186 vnet_buffer (p0)->ip.flow_hash >> 1;
190 hc0 = vnet_buffer (p0)->ip.flow_hash =
191 ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
193 dpo0 = load_balance_get_fwd_bucket
194 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
198 dpo0 = load_balance_get_bucket_i (lb0, 0);
200 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
202 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
204 hc1 = vnet_buffer (p1)->ip.flow_hash =
205 vnet_buffer (p1)->ip.flow_hash >> 1;
209 hc1 = vnet_buffer (p1)->ip.flow_hash =
210 ip4_compute_flow_hash (ip1, lb1->lb_hash_config);
212 dpo1 = load_balance_get_fwd_bucket
213 (lb1, (hc1 & (lb1->lb_n_buckets_minus_1)));
217 dpo1 = load_balance_get_bucket_i (lb1, 0);
220 next0 = dpo0->dpoi_next_node;
221 next1 = dpo1->dpoi_next_node;
223 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
224 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
226 vlib_increment_combined_counter
227 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
228 vlib_increment_combined_counter
229 (cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
231 vlib_validate_buffer_enqueue_x2 (vm, node, next,
232 to_next, n_left_to_next,
233 pi0, pi1, next0, next1);
236 while (n_left_from > 0 && n_left_to_next > 0)
238 ip_lookup_next_t next0;
239 const load_balance_t *lb0;
242 const ip4_header_t *ip0;
243 const dpo_id_t *dpo0;
252 p0 = vlib_get_buffer (vm, pi0);
254 ip0 = vlib_buffer_get_current (p0);
255 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
257 lb0 = load_balance_get (lbi0);
260 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
262 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
264 hc0 = vnet_buffer (p0)->ip.flow_hash =
265 vnet_buffer (p0)->ip.flow_hash >> 1;
269 hc0 = vnet_buffer (p0)->ip.flow_hash =
270 ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
272 dpo0 = load_balance_get_fwd_bucket
273 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
277 dpo0 = load_balance_get_bucket_i (lb0, 0);
280 next0 = dpo0->dpoi_next_node;
281 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
283 vlib_increment_combined_counter
284 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
286 vlib_validate_buffer_enqueue_x1 (vm, node, next,
287 to_next, n_left_to_next,
291 vlib_put_next_frame (vm, node, next, n_left_to_next);
294 if (node->flags & VLIB_NODE_FLAG_TRACE)
295 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
297 return frame->n_vectors;
301 VLIB_REGISTER_NODE (ip4_load_balance_node) =
303 .name = "ip4-load-balance",
304 .vector_size = sizeof (u32),
305 .sibling_of = "ip4-lookup",
306 .format_trace = format_ip4_lookup_trace,
310 #ifndef CLIB_MARCH_VARIANT
311 /* get first interface address */
313 ip4_interface_first_address (ip4_main_t * im, u32 sw_if_index,
314 ip_interface_address_t ** result_ia)
316 ip_lookup_main_t *lm = &im->lookup_main;
317 ip_interface_address_t *ia = 0;
318 ip4_address_t *result = 0;
321 foreach_ip_interface_address
322 (lm, ia, sw_if_index,
323 1 /* honor unnumbered */ ,
326 ip_interface_address_get_address (lm, ia);
332 *result_ia = result ? ia : 0;
337 ip4_add_subnet_bcast_route (u32 fib_index,
341 vnet_sw_interface_flags_t iflags;
343 iflags = vnet_sw_interface_get_flags(vnet_get_main(), sw_if_index);
345 fib_table_entry_special_remove(fib_index,
347 FIB_SOURCE_INTERFACE);
349 if (iflags & VNET_SW_INTERFACE_FLAG_DIRECTED_BCAST)
351 fib_table_entry_update_one_path (fib_index, pfx,
352 FIB_SOURCE_INTERFACE,
355 /* No next-hop address */
361 // no out-label stack
363 FIB_ROUTE_PATH_FLAG_NONE);
367 fib_table_entry_special_add(fib_index,
369 FIB_SOURCE_INTERFACE,
370 (FIB_ENTRY_FLAG_DROP |
371 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
376 ip4_add_interface_routes (u32 sw_if_index,
377 ip4_main_t * im, u32 fib_index,
378 ip_interface_address_t * a)
380 ip_lookup_main_t *lm = &im->lookup_main;
381 ip4_address_t *address = ip_interface_address_get_address (lm, a);
383 .fp_len = a->address_length,
384 .fp_proto = FIB_PROTOCOL_IP4,
385 .fp_addr.ip4 = *address,
388 if (pfx.fp_len <= 30)
390 /* a /30 or shorter - add a glean for the network address */
391 fib_table_entry_update_one_path (fib_index, &pfx,
392 FIB_SOURCE_INTERFACE,
393 (FIB_ENTRY_FLAG_CONNECTED |
394 FIB_ENTRY_FLAG_ATTACHED),
396 /* No next-hop address */
402 // no out-label stack
404 FIB_ROUTE_PATH_FLAG_NONE);
406 /* Add the two broadcast addresses as drop */
407 fib_prefix_t net_pfx = {
409 .fp_proto = FIB_PROTOCOL_IP4,
410 .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[pfx.fp_len],
412 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
413 fib_table_entry_special_add(fib_index,
415 FIB_SOURCE_INTERFACE,
416 (FIB_ENTRY_FLAG_DROP |
417 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
418 net_pfx.fp_addr.ip4.as_u32 |= ~im->fib_masks[pfx.fp_len];
419 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
420 ip4_add_subnet_bcast_route(fib_index, &net_pfx, sw_if_index);
422 else if (pfx.fp_len == 31)
424 u32 mask = clib_host_to_net_u32(1);
425 fib_prefix_t net_pfx = pfx;
428 net_pfx.fp_addr.ip4.as_u32 ^= mask;
430 /* a /31 - add the other end as an attached host */
431 fib_table_entry_update_one_path (fib_index, &net_pfx,
432 FIB_SOURCE_INTERFACE,
433 (FIB_ENTRY_FLAG_ATTACHED),
441 FIB_ROUTE_PATH_FLAG_NONE);
445 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
447 u32 classify_table_index =
448 lm->classify_table_index_by_sw_if_index[sw_if_index];
449 if (classify_table_index != (u32) ~ 0)
451 dpo_id_t dpo = DPO_INVALID;
456 classify_dpo_create (DPO_PROTO_IP4, classify_table_index));
458 fib_table_entry_special_dpo_add (fib_index,
461 FIB_ENTRY_FLAG_NONE, &dpo);
466 fib_table_entry_update_one_path (fib_index, &pfx,
467 FIB_SOURCE_INTERFACE,
468 (FIB_ENTRY_FLAG_CONNECTED |
469 FIB_ENTRY_FLAG_LOCAL),
476 FIB_ROUTE_PATH_FLAG_NONE);
480 ip4_del_interface_routes (ip4_main_t * im,
482 ip4_address_t * address, u32 address_length)
485 .fp_len = address_length,
486 .fp_proto = FIB_PROTOCOL_IP4,
487 .fp_addr.ip4 = *address,
490 if (pfx.fp_len <= 30)
492 fib_prefix_t net_pfx = {
494 .fp_proto = FIB_PROTOCOL_IP4,
495 .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[pfx.fp_len],
497 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
498 fib_table_entry_special_remove(fib_index,
500 FIB_SOURCE_INTERFACE);
501 net_pfx.fp_addr.ip4.as_u32 |= ~im->fib_masks[pfx.fp_len];
502 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
503 fib_table_entry_special_remove(fib_index,
505 FIB_SOURCE_INTERFACE);
506 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
508 else if (pfx.fp_len == 31)
510 u32 mask = clib_host_to_net_u32(1);
511 fib_prefix_t net_pfx = pfx;
514 net_pfx.fp_addr.ip4.as_u32 ^= mask;
516 fib_table_entry_delete (fib_index, &net_pfx, FIB_SOURCE_INTERFACE);
520 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
524 ip4_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
526 ip4_main_t *im = &ip4_main;
528 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
531 * enable/disable only on the 1<->0 transition
535 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
540 ASSERT (im->ip_enabled_by_sw_if_index[sw_if_index] > 0);
541 if (0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
544 vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
548 vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
549 sw_if_index, !is_enable, 0, 0);
552 static clib_error_t *
553 ip4_add_del_interface_address_internal (vlib_main_t * vm,
555 ip4_address_t * address,
556 u32 address_length, u32 is_del)
558 vnet_main_t *vnm = vnet_get_main ();
559 ip4_main_t *im = &ip4_main;
560 ip_lookup_main_t *lm = &im->lookup_main;
561 clib_error_t *error = 0;
562 u32 if_address_index, elts_before;
563 ip4_address_fib_t ip4_af, *addr_fib = 0;
565 /* local0 interface doesn't support IP addressing */
566 if (sw_if_index == 0)
569 clib_error_create ("local0 interface doesn't support IP addressing");
572 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
573 ip4_addr_fib_init (&ip4_af, address,
574 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
575 vec_add1 (addr_fib, ip4_af);
578 * there is no support for adj-fib handling in the presence of overlapping
579 * subnets on interfaces. Easy fix - disallow overlapping subnets, like
585 /* When adding an address check that it does not conflict
586 with an existing address on any interface in this table. */
587 ip_interface_address_t *ia;
588 vnet_sw_interface_t *sif;
590 pool_foreach(sif, vnm->interface_main.sw_interfaces,
592 if (im->fib_index_by_sw_if_index[sw_if_index] ==
593 im->fib_index_by_sw_if_index[sif->sw_if_index])
595 foreach_ip_interface_address
596 (&im->lookup_main, ia, sif->sw_if_index,
597 0 /* honor unnumbered */ ,
600 ip_interface_address_get_address
601 (&im->lookup_main, ia);
602 if (ip4_destination_matches_route
603 (im, address, x, ia->address_length) ||
604 ip4_destination_matches_route (im,
609 vnm->api_errno = VNET_API_ERROR_DUPLICATE_IF_ADDRESS;
613 ("failed to add %U which conflicts with %U for interface %U",
614 format_ip4_address_and_length, address,
616 format_ip4_address_and_length, x,
618 format_vnet_sw_if_index_name, vnm,
627 elts_before = pool_elts (lm->if_address_pool);
629 error = ip_interface_address_add_del
630 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
634 ip4_sw_interface_enable_disable (sw_if_index, !is_del);
637 ip4_del_interface_routes (im, ip4_af.fib_index, address, address_length);
639 ip4_add_interface_routes (sw_if_index,
640 im, ip4_af.fib_index,
642 (lm->if_address_pool, if_address_index));
644 /* If pool did not grow/shrink: add duplicate address. */
645 if (elts_before != pool_elts (lm->if_address_pool))
647 ip4_add_del_interface_address_callback_t *cb;
648 vec_foreach (cb, im->add_del_interface_address_callbacks)
649 cb->function (im, cb->function_opaque, sw_if_index,
650 address, address_length, if_address_index, is_del);
659 ip4_add_del_interface_address (vlib_main_t * vm,
661 ip4_address_t * address,
662 u32 address_length, u32 is_del)
664 return ip4_add_del_interface_address_internal
665 (vm, sw_if_index, address, address_length, is_del);
669 ip4_directed_broadcast (u32 sw_if_index, u8 enable)
671 ip_interface_address_t *ia;
677 * when directed broadcast is enabled, the subnet braodcast route will forward
678 * packets using an adjacency with a broadcast MAC. otherwise it drops
681 foreach_ip_interface_address(&im->lookup_main, ia,
684 if (ia->address_length <= 30)
688 ipa = ip_interface_address_get_address (&im->lookup_main, ia);
692 .fp_proto = FIB_PROTOCOL_IP4,
694 .ip4.as_u32 = (ipa->as_u32 | ~im->fib_masks[ia->address_length]),
698 ip4_add_subnet_bcast_route
699 (fib_table_get_index_for_sw_if_index(FIB_PROTOCOL_IP4,
708 /* Built-in ip4 unicast rx feature path definition */
710 VNET_FEATURE_ARC_INIT (ip4_unicast, static) =
712 .arc_name = "ip4-unicast",
713 .start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
714 .arc_index_ptr = &ip4_main.lookup_main.ucast_feature_arc_index,
717 VNET_FEATURE_INIT (ip4_flow_classify, static) =
719 .arc_name = "ip4-unicast",
720 .node_name = "ip4-flow-classify",
721 .runs_before = VNET_FEATURES ("ip4-inacl"),
724 VNET_FEATURE_INIT (ip4_inacl, static) =
726 .arc_name = "ip4-unicast",
727 .node_name = "ip4-inacl",
728 .runs_before = VNET_FEATURES ("ip4-source-check-via-rx"),
731 VNET_FEATURE_INIT (ip4_source_check_1, static) =
733 .arc_name = "ip4-unicast",
734 .node_name = "ip4-source-check-via-rx",
735 .runs_before = VNET_FEATURES ("ip4-source-check-via-any"),
738 VNET_FEATURE_INIT (ip4_source_check_2, static) =
740 .arc_name = "ip4-unicast",
741 .node_name = "ip4-source-check-via-any",
742 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
745 VNET_FEATURE_INIT (ip4_source_and_port_range_check_rx, static) =
747 .arc_name = "ip4-unicast",
748 .node_name = "ip4-source-and-port-range-check-rx",
749 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
752 VNET_FEATURE_INIT (ip4_policer_classify, static) =
754 .arc_name = "ip4-unicast",
755 .node_name = "ip4-policer-classify",
756 .runs_before = VNET_FEATURES ("ipsec4-input"),
759 VNET_FEATURE_INIT (ip4_ipsec, static) =
761 .arc_name = "ip4-unicast",
762 .node_name = "ipsec4-input",
763 .runs_before = VNET_FEATURES ("vpath-input-ip4"),
766 VNET_FEATURE_INIT (ip4_vpath, static) =
768 .arc_name = "ip4-unicast",
769 .node_name = "vpath-input-ip4",
770 .runs_before = VNET_FEATURES ("ip4-vxlan-bypass"),
773 VNET_FEATURE_INIT (ip4_vxlan_bypass, static) =
775 .arc_name = "ip4-unicast",
776 .node_name = "ip4-vxlan-bypass",
777 .runs_before = VNET_FEATURES ("ip4-lookup"),
780 VNET_FEATURE_INIT (ip4_not_enabled, static) =
782 .arc_name = "ip4-unicast",
783 .node_name = "ip4-not-enabled",
784 .runs_before = VNET_FEATURES ("ip4-lookup"),
787 VNET_FEATURE_INIT (ip4_lookup, static) =
789 .arc_name = "ip4-unicast",
790 .node_name = "ip4-lookup",
791 .runs_before = 0, /* not before any other features */
794 /* Built-in ip4 multicast rx feature path definition */
795 VNET_FEATURE_ARC_INIT (ip4_multicast, static) =
797 .arc_name = "ip4-multicast",
798 .start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
799 .arc_index_ptr = &ip4_main.lookup_main.mcast_feature_arc_index,
802 VNET_FEATURE_INIT (ip4_vpath_mc, static) =
804 .arc_name = "ip4-multicast",
805 .node_name = "vpath-input-ip4",
806 .runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
809 VNET_FEATURE_INIT (ip4_mc_not_enabled, static) =
811 .arc_name = "ip4-multicast",
812 .node_name = "ip4-not-enabled",
813 .runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
816 VNET_FEATURE_INIT (ip4_lookup_mc, static) =
818 .arc_name = "ip4-multicast",
819 .node_name = "ip4-mfib-forward-lookup",
820 .runs_before = 0, /* last feature */
823 /* Source and port-range check ip4 tx feature path definition */
824 VNET_FEATURE_ARC_INIT (ip4_output, static) =
826 .arc_name = "ip4-output",
827 .start_nodes = VNET_FEATURES ("ip4-rewrite", "ip4-midchain", "ip4-dvr-dpo"),
828 .arc_index_ptr = &ip4_main.lookup_main.output_feature_arc_index,
831 VNET_FEATURE_INIT (ip4_source_and_port_range_check_tx, static) =
833 .arc_name = "ip4-output",
834 .node_name = "ip4-source-and-port-range-check-tx",
835 .runs_before = VNET_FEATURES ("ip4-outacl"),
838 VNET_FEATURE_INIT (ip4_outacl, static) =
840 .arc_name = "ip4-output",
841 .node_name = "ip4-outacl",
842 .runs_before = VNET_FEATURES ("ipsec4-output"),
845 VNET_FEATURE_INIT (ip4_ipsec_output, static) =
847 .arc_name = "ip4-output",
848 .node_name = "ipsec4-output",
849 .runs_before = VNET_FEATURES ("interface-output"),
852 /* Built-in ip4 tx feature path definition */
853 VNET_FEATURE_INIT (ip4_interface_output, static) =
855 .arc_name = "ip4-output",
856 .node_name = "interface-output",
857 .runs_before = 0, /* not before any other features */
861 static clib_error_t *
862 ip4_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
864 ip4_main_t *im = &ip4_main;
866 /* Fill in lookup tables with default table (0). */
867 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
868 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
872 ip4_main_t *im4 = &ip4_main;
873 ip_lookup_main_t *lm4 = &im4->lookup_main;
874 ip_interface_address_t *ia = 0;
875 ip4_address_t *address;
876 vlib_main_t *vm = vlib_get_main ();
878 vnet_sw_interface_update_unnumbered (sw_if_index, ~0, 0);
880 foreach_ip_interface_address (lm4, ia, sw_if_index, 0,
882 address = ip_interface_address_get_address (lm4, ia);
883 ip4_add_del_interface_address(vm, sw_if_index, address, ia->address_length, 1);
888 vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
891 vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
892 sw_if_index, is_add, 0, 0);
894 return /* no error */ 0;
897 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip4_sw_interface_add_del);
899 /* Global IP4 main. */
902 static clib_error_t *
903 ip4_lookup_init (vlib_main_t * vm)
905 ip4_main_t *im = &ip4_main;
909 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
911 if ((error = vlib_call_init_function (vm, ip4_mtrie_module_init)))
913 if ((error = vlib_call_init_function (vm, fib_module_init)))
915 if ((error = vlib_call_init_function (vm, mfib_module_init)))
918 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
923 m = pow2_mask (i) << (32 - i);
926 im->fib_masks[i] = clib_host_to_net_u32 (m);
929 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 0);
931 /* Create FIB with index 0 and table id of 0. */
932 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
933 FIB_SOURCE_DEFAULT_ROUTE);
934 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
935 MFIB_SOURCE_DEFAULT_ROUTE);
939 pn = pg_get_node (ip4_lookup_node.index);
940 pn->unformat_edit = unformat_pg_ip4_header;
944 ethernet_arp_header_t h;
946 clib_memset (&h, 0, sizeof (h));
948 /* Set target ethernet address to all zeros. */
949 clib_memset (h.ip4_over_ethernet[1].ethernet, 0,
950 sizeof (h.ip4_over_ethernet[1].ethernet));
952 #define _16(f,v) h.f = clib_host_to_net_u16 (v);
953 #define _8(f,v) h.f = v;
954 _16 (l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
955 _16 (l3_type, ETHERNET_TYPE_IP4);
956 _8 (n_l2_address_bytes, 6);
957 _8 (n_l3_address_bytes, 4);
958 _16 (opcode, ETHERNET_ARP_OPCODE_request);
962 vlib_packet_template_init (vm, &im->ip4_arp_request_packet_template,
965 /* alloc chunk size */ 8,
972 VLIB_INIT_FUNCTION (ip4_lookup_init);
976 /* Adjacency taken. */
981 /* Packet data, possibly *after* rewrite. */
982 u8 packet_data[64 - 1 * sizeof (u32)];
984 ip4_forward_next_trace_t;
986 #ifndef CLIB_MARCH_VARIANT
988 format_ip4_forward_next_trace (u8 * s, va_list * args)
990 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
991 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
992 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
993 u32 indent = format_get_indent (s);
994 s = format (s, "%U%U",
995 format_white_space, indent,
996 format_ip4_header, t->packet_data, sizeof (t->packet_data));
1002 format_ip4_lookup_trace (u8 * s, va_list * args)
1004 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1005 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1006 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1007 u32 indent = format_get_indent (s);
1009 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
1010 t->fib_index, t->dpo_index, t->flow_hash);
1011 s = format (s, "\n%U%U",
1012 format_white_space, indent,
1013 format_ip4_header, t->packet_data, sizeof (t->packet_data));
1018 format_ip4_rewrite_trace (u8 * s, va_list * args)
1020 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1021 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1022 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1023 u32 indent = format_get_indent (s);
1025 s = format (s, "tx_sw_if_index %d dpo-idx %d : %U flow hash: 0x%08x",
1026 t->fib_index, t->dpo_index, format_ip_adjacency,
1027 t->dpo_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
1028 s = format (s, "\n%U%U",
1029 format_white_space, indent,
1030 format_ip_adjacency_packet_data,
1031 t->dpo_index, t->packet_data, sizeof (t->packet_data));
1035 #ifndef CLIB_MARCH_VARIANT
1036 /* Common trace function for all ip4-forward next nodes. */
1038 ip4_forward_next_trace (vlib_main_t * vm,
1039 vlib_node_runtime_t * node,
1040 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
1043 ip4_main_t *im = &ip4_main;
1045 n_left = frame->n_vectors;
1046 from = vlib_frame_vector_args (frame);
1051 vlib_buffer_t *b0, *b1;
1052 ip4_forward_next_trace_t *t0, *t1;
1054 /* Prefetch next iteration. */
1055 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1056 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1061 b0 = vlib_get_buffer (vm, bi0);
1062 b1 = vlib_get_buffer (vm, bi1);
1064 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1066 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1067 t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1068 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1070 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1071 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1072 vec_elt (im->fib_index_by_sw_if_index,
1073 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1075 clib_memcpy (t0->packet_data,
1076 vlib_buffer_get_current (b0),
1077 sizeof (t0->packet_data));
1079 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1081 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1082 t1->dpo_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1083 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1085 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1086 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1087 vec_elt (im->fib_index_by_sw_if_index,
1088 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1089 clib_memcpy (t1->packet_data, vlib_buffer_get_current (b1),
1090 sizeof (t1->packet_data));
1100 ip4_forward_next_trace_t *t0;
1104 b0 = vlib_get_buffer (vm, bi0);
1106 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1108 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1109 t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1110 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1112 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1113 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1114 vec_elt (im->fib_index_by_sw_if_index,
1115 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1116 clib_memcpy (t0->packet_data, vlib_buffer_get_current (b0),
1117 sizeof (t0->packet_data));
1124 /* Compute TCP/UDP/ICMP4 checksum in software. */
1126 ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1130 u32 ip_header_length, payload_length_host_byte_order;
1131 u32 n_this_buffer, n_bytes_left, n_ip_bytes_this_buffer;
1133 void *data_this_buffer;
1135 /* Initialize checksum with ip header. */
1136 ip_header_length = ip4_header_bytes (ip0);
1137 payload_length_host_byte_order =
1138 clib_net_to_host_u16 (ip0->length) - ip_header_length;
1140 clib_host_to_net_u32 (payload_length_host_byte_order +
1141 (ip0->protocol << 16));
1143 if (BITS (uword) == 32)
1146 ip_csum_with_carry (sum0,
1147 clib_mem_unaligned (&ip0->src_address, u32));
1149 ip_csum_with_carry (sum0,
1150 clib_mem_unaligned (&ip0->dst_address, u32));
1154 ip_csum_with_carry (sum0, clib_mem_unaligned (&ip0->src_address, u64));
1156 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1157 data_this_buffer = (void *) ip0 + ip_header_length;
1158 n_ip_bytes_this_buffer =
1159 p0->current_length - (((u8 *) ip0 - p0->data) - p0->current_data);
1160 if (n_this_buffer + ip_header_length > n_ip_bytes_this_buffer)
1162 n_this_buffer = n_ip_bytes_this_buffer > ip_header_length ?
1163 n_ip_bytes_this_buffer - ip_header_length : 0;
1167 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1168 n_bytes_left -= n_this_buffer;
1169 if (n_bytes_left == 0)
1172 ASSERT (p0->flags & VLIB_BUFFER_NEXT_PRESENT);
1173 p0 = vlib_get_buffer (vm, p0->next_buffer);
1174 data_this_buffer = vlib_buffer_get_current (p0);
1175 n_this_buffer = p0->current_length;
1178 sum16 = ~ip_csum_fold (sum0);
1184 ip4_tcp_udp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1186 ip4_header_t *ip0 = vlib_buffer_get_current (p0);
1190 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1191 || ip0->protocol == IP_PROTOCOL_UDP);
1193 udp0 = (void *) (ip0 + 1);
1194 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1196 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1197 | VNET_BUFFER_F_L4_CHECKSUM_CORRECT);
1201 sum16 = ip4_tcp_udp_compute_checksum (vm, p0, ip0);
1203 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1204 | ((sum16 == 0) << VNET_BUFFER_F_LOG2_L4_CHECKSUM_CORRECT));
1211 VNET_FEATURE_ARC_INIT (ip4_local) =
1213 .arc_name = "ip4-local",
1214 .start_nodes = VNET_FEATURES ("ip4-local"),
1219 ip4_local_l4_csum_validate (vlib_main_t * vm, vlib_buffer_t * p,
1220 ip4_header_t * ip, u8 is_udp, u8 * error,
1224 flags0 = ip4_tcp_udp_validate_checksum (vm, p);
1225 *good_tcp_udp = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
1229 u32 ip_len, udp_len;
1231 udp = ip4_next_header (ip);
1232 /* Verify UDP length. */
1233 ip_len = clib_net_to_host_u16 (ip->length);
1234 udp_len = clib_net_to_host_u16 (udp->length);
1236 len_diff = ip_len - udp_len;
1237 *good_tcp_udp &= len_diff >= 0;
1238 *error = len_diff < 0 ? IP4_ERROR_UDP_LENGTH : *error;
1242 #define ip4_local_csum_is_offloaded(_b) \
1243 _b->flags & VNET_BUFFER_F_OFFLOAD_TCP_CKSUM \
1244 || _b->flags & VNET_BUFFER_F_OFFLOAD_UDP_CKSUM
1246 #define ip4_local_need_csum_check(is_tcp_udp, _b) \
1247 (is_tcp_udp && !(_b->flags & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED \
1248 || ip4_local_csum_is_offloaded (_b)))
1250 #define ip4_local_csum_is_valid(_b) \
1251 (_b->flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT \
1252 || (ip4_local_csum_is_offloaded (_b))) != 0
1255 ip4_local_check_l4_csum (vlib_main_t * vm, vlib_buffer_t * b,
1256 ip4_header_t * ih, u8 * error)
1258 u8 is_udp, is_tcp_udp, good_tcp_udp;
1260 is_udp = ih->protocol == IP_PROTOCOL_UDP;
1261 is_tcp_udp = is_udp || ih->protocol == IP_PROTOCOL_TCP;
1263 if (PREDICT_FALSE (ip4_local_need_csum_check (is_tcp_udp, b)))
1264 ip4_local_l4_csum_validate (vm, b, ih, is_udp, error, &good_tcp_udp);
1266 good_tcp_udp = ip4_local_csum_is_valid (b);
1268 ASSERT (IP4_ERROR_TCP_CHECKSUM + 1 == IP4_ERROR_UDP_CHECKSUM);
1269 *error = (is_tcp_udp && !good_tcp_udp
1270 ? IP4_ERROR_TCP_CHECKSUM + is_udp : *error);
1274 ip4_local_check_l4_csum_x2 (vlib_main_t * vm, vlib_buffer_t ** b,
1275 ip4_header_t ** ih, u8 * error)
1277 u8 is_udp[2], is_tcp_udp[2], good_tcp_udp[2];
1279 is_udp[0] = ih[0]->protocol == IP_PROTOCOL_UDP;
1280 is_udp[1] = ih[1]->protocol == IP_PROTOCOL_UDP;
1282 is_tcp_udp[0] = is_udp[0] || ih[0]->protocol == IP_PROTOCOL_TCP;
1283 is_tcp_udp[1] = is_udp[1] || ih[1]->protocol == IP_PROTOCOL_TCP;
1285 good_tcp_udp[0] = ip4_local_csum_is_valid (b[0]);
1286 good_tcp_udp[1] = ip4_local_csum_is_valid (b[1]);
1288 if (PREDICT_FALSE (ip4_local_need_csum_check (is_tcp_udp[0], b[0])
1289 || ip4_local_need_csum_check (is_tcp_udp[1], b[1])))
1292 ip4_local_l4_csum_validate (vm, b[0], ih[0], is_udp[0], &error[0],
1295 ip4_local_l4_csum_validate (vm, b[1], ih[1], is_udp[1], &error[1],
1299 error[0] = (is_tcp_udp[0] && !good_tcp_udp[0] ?
1300 IP4_ERROR_TCP_CHECKSUM + is_udp[0] : error[0]);
1301 error[1] = (is_tcp_udp[1] && !good_tcp_udp[1] ?
1302 IP4_ERROR_TCP_CHECKSUM + is_udp[1] : error[1]);
1306 ip4_local_set_next_and_error (vlib_node_runtime_t * error_node,
1307 vlib_buffer_t * b, u16 * next, u8 error,
1308 u8 head_of_feature_arc)
1310 u8 arc_index = vnet_feat_arc_ip4_local.feature_arc_index;
1313 *next = error != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : *next;
1314 b->error = error ? error_node->errors[error] : 0;
1315 if (head_of_feature_arc)
1318 if (PREDICT_TRUE (error == (u8) IP4_ERROR_UNKNOWN_PROTOCOL))
1320 vnet_feature_arc_start (arc_index,
1321 vnet_buffer (b)->sw_if_index[VLIB_RX],
1333 } ip4_local_last_check_t;
1336 ip4_local_check_src (vlib_buffer_t * b, ip4_header_t * ip0,
1337 ip4_local_last_check_t * last_check, u8 * error0)
1339 ip4_fib_mtrie_leaf_t leaf0;
1340 ip4_fib_mtrie_t *mtrie0;
1341 const dpo_id_t *dpo0;
1342 load_balance_t *lb0;
1345 vnet_buffer (b)->ip.fib_index =
1346 vnet_buffer (b)->sw_if_index[VLIB_TX] != ~0 ?
1347 vnet_buffer (b)->sw_if_index[VLIB_TX] : vnet_buffer (b)->ip.fib_index;
1349 if (PREDICT_FALSE (last_check->src.as_u32 != ip0->src_address.as_u32))
1351 mtrie0 = &ip4_fib_get (vnet_buffer (b)->ip.fib_index)->mtrie;
1352 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, &ip0->src_address);
1353 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address, 2);
1354 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address, 3);
1355 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
1357 vnet_buffer (b)->ip.adj_index[VLIB_TX] = lbi0;
1358 vnet_buffer (b)->ip.adj_index[VLIB_RX] = lbi0;
1360 lb0 = load_balance_get (lbi0);
1361 dpo0 = load_balance_get_bucket_i (lb0, 0);
1364 * Must have a route to source otherwise we drop the packet.
1365 * ip4 broadcasts are accepted, e.g. to make dhcp client work
1368 * - the source is a recieve => it's from us => bogus, do this
1369 * first since it sets a different error code.
1370 * - uRPF check for any route to source - accept if passes.
1371 * - allow packets destined to the broadcast address from unknown sources
1374 *error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
1375 && dpo0->dpoi_type == DPO_RECEIVE) ?
1376 IP4_ERROR_SPOOFED_LOCAL_PACKETS : *error0);
1377 *error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
1378 && !fib_urpf_check_size (lb0->lb_urpf)
1379 && ip0->dst_address.as_u32 != 0xFFFFFFFF) ?
1380 IP4_ERROR_SRC_LOOKUP_MISS : *error0);
1382 last_check->src.as_u32 = ip0->src_address.as_u32;
1383 last_check->lbi = lbi0;
1384 last_check->error = *error0;
1388 vnet_buffer (b)->ip.adj_index[VLIB_TX] = last_check->lbi;
1389 vnet_buffer (b)->ip.adj_index[VLIB_RX] = last_check->lbi;
1390 *error0 = last_check->error;
1395 ip4_local_check_src_x2 (vlib_buffer_t ** b, ip4_header_t ** ip,
1396 ip4_local_last_check_t * last_check, u8 * error)
1398 ip4_fib_mtrie_leaf_t leaf[2];
1399 ip4_fib_mtrie_t *mtrie[2];
1400 const dpo_id_t *dpo[2];
1401 load_balance_t *lb[2];
1402 u32 not_last_hit = 0;
1405 not_last_hit |= ip[0]->src_address.as_u32 ^ last_check->src.as_u32;
1406 not_last_hit |= ip[1]->src_address.as_u32 ^ last_check->src.as_u32;
1408 vnet_buffer (b[0])->ip.fib_index =
1409 vnet_buffer (b[0])->sw_if_index[VLIB_TX] != ~0 ?
1410 vnet_buffer (b[0])->sw_if_index[VLIB_TX] :
1411 vnet_buffer (b[0])->ip.fib_index;
1413 vnet_buffer (b[1])->ip.fib_index =
1414 vnet_buffer (b[1])->sw_if_index[VLIB_TX] != ~0 ?
1415 vnet_buffer (b[1])->sw_if_index[VLIB_TX] :
1416 vnet_buffer (b[1])->ip.fib_index;
1418 if (PREDICT_FALSE (not_last_hit))
1420 mtrie[0] = &ip4_fib_get (vnet_buffer (b[0])->ip.fib_index)->mtrie;
1421 mtrie[1] = &ip4_fib_get (vnet_buffer (b[1])->ip.fib_index)->mtrie;
1423 leaf[0] = ip4_fib_mtrie_lookup_step_one (mtrie[0], &ip[0]->src_address);
1424 leaf[1] = ip4_fib_mtrie_lookup_step_one (mtrie[1], &ip[1]->src_address);
1426 leaf[0] = ip4_fib_mtrie_lookup_step (mtrie[0], leaf[0],
1427 &ip[0]->src_address, 2);
1428 leaf[1] = ip4_fib_mtrie_lookup_step (mtrie[1], leaf[1],
1429 &ip[1]->src_address, 2);
1431 leaf[0] = ip4_fib_mtrie_lookup_step (mtrie[0], leaf[0],
1432 &ip[0]->src_address, 3);
1433 leaf[1] = ip4_fib_mtrie_lookup_step (mtrie[1], leaf[1],
1434 &ip[1]->src_address, 3);
1436 lbi[0] = ip4_fib_mtrie_leaf_get_adj_index (leaf[0]);
1437 lbi[1] = ip4_fib_mtrie_leaf_get_adj_index (leaf[1]);
1439 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = lbi[0];
1440 vnet_buffer (b[0])->ip.adj_index[VLIB_RX] = lbi[0];
1442 vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = lbi[1];
1443 vnet_buffer (b[1])->ip.adj_index[VLIB_RX] = lbi[1];
1445 lb[0] = load_balance_get (lbi[0]);
1446 lb[1] = load_balance_get (lbi[1]);
1448 dpo[0] = load_balance_get_bucket_i (lb[0], 0);
1449 dpo[1] = load_balance_get_bucket_i (lb[1], 0);
1451 error[0] = ((error[0] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1452 dpo[0]->dpoi_type == DPO_RECEIVE) ?
1453 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error[0]);
1454 error[0] = ((error[0] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1455 !fib_urpf_check_size (lb[0]->lb_urpf) &&
1456 ip[0]->dst_address.as_u32 != 0xFFFFFFFF)
1457 ? IP4_ERROR_SRC_LOOKUP_MISS : error[0]);
1459 error[1] = ((error[1] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1460 dpo[1]->dpoi_type == DPO_RECEIVE) ?
1461 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error[1]);
1462 error[1] = ((error[1] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1463 !fib_urpf_check_size (lb[1]->lb_urpf) &&
1464 ip[1]->dst_address.as_u32 != 0xFFFFFFFF)
1465 ? IP4_ERROR_SRC_LOOKUP_MISS : error[1]);
1467 last_check->src.as_u32 = ip[1]->src_address.as_u32;
1468 last_check->lbi = lbi[1];
1469 last_check->error = error[1];
1473 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = last_check->lbi;
1474 vnet_buffer (b[0])->ip.adj_index[VLIB_RX] = last_check->lbi;
1476 vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = last_check->lbi;
1477 vnet_buffer (b[1])->ip.adj_index[VLIB_RX] = last_check->lbi;
1479 error[0] = last_check->error;
1480 error[1] = last_check->error;
1484 enum ip_local_packet_type_e
1486 IP_LOCAL_PACKET_TYPE_L4,
1487 IP_LOCAL_PACKET_TYPE_NAT,
1488 IP_LOCAL_PACKET_TYPE_FRAG,
1492 * Determine packet type and next node.
1494 * The expectation is that all packets that are not L4 will skip
1495 * checksums and source checks.
1498 ip4_local_classify (vlib_buffer_t * b, ip4_header_t * ip, u16 * next)
1500 ip_lookup_main_t *lm = &ip4_main.lookup_main;
1502 if (PREDICT_FALSE (ip4_is_fragment (ip)))
1504 *next = IP_LOCAL_NEXT_REASSEMBLY;
1505 return IP_LOCAL_PACKET_TYPE_FRAG;
1507 if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_IS_NATED))
1509 *next = lm->local_next_by_ip_protocol[ip->protocol];
1510 return IP_LOCAL_PACKET_TYPE_NAT;
1513 *next = lm->local_next_by_ip_protocol[ip->protocol];
1514 return IP_LOCAL_PACKET_TYPE_L4;
1518 ip4_local_inline (vlib_main_t * vm,
1519 vlib_node_runtime_t * node,
1520 vlib_frame_t * frame, int head_of_feature_arc)
1522 u32 *from, n_left_from;
1523 vlib_node_runtime_t *error_node =
1524 vlib_node_get_runtime (vm, ip4_input_node.index);
1525 u16 nexts[VLIB_FRAME_SIZE], *next;
1526 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1527 ip4_header_t *ip[2];
1530 ip4_local_last_check_t last_check = {
1531 .src = {.as_u32 = 0},
1533 .error = IP4_ERROR_UNKNOWN_PROTOCOL
1536 from = vlib_frame_vector_args (frame);
1537 n_left_from = frame->n_vectors;
1539 if (node->flags & VLIB_NODE_FLAG_TRACE)
1540 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
1542 vlib_get_buffers (vm, from, bufs, n_left_from);
1546 while (n_left_from >= 6)
1550 /* Prefetch next iteration. */
1552 vlib_prefetch_buffer_header (b[4], LOAD);
1553 vlib_prefetch_buffer_header (b[5], LOAD);
1555 CLIB_PREFETCH (b[4]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1556 CLIB_PREFETCH (b[5]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1559 error[0] = error[1] = IP4_ERROR_UNKNOWN_PROTOCOL;
1561 ip[0] = vlib_buffer_get_current (b[0]);
1562 ip[1] = vlib_buffer_get_current (b[1]);
1564 vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
1565 vnet_buffer (b[1])->l3_hdr_offset = b[1]->current_data;
1567 pt[0] = ip4_local_classify (b[0], ip[0], &next[0]);
1568 pt[1] = ip4_local_classify (b[1], ip[1], &next[1]);
1570 not_batch = pt[0] ^ pt[1];
1572 if (head_of_feature_arc == 0 || (pt[0] && not_batch == 0))
1575 if (PREDICT_TRUE (not_batch == 0))
1577 ip4_local_check_l4_csum_x2 (vm, b, ip, error);
1578 ip4_local_check_src_x2 (b, ip, &last_check, error);
1584 ip4_local_check_l4_csum (vm, b[0], ip[0], &error[0]);
1585 ip4_local_check_src (b[0], ip[0], &last_check, &error[0]);
1589 ip4_local_check_l4_csum (vm, b[1], ip[1], &error[1]);
1590 ip4_local_check_src (b[1], ip[1], &last_check, &error[1]);
1596 ip4_local_set_next_and_error (error_node, b[0], &next[0], error[0],
1597 head_of_feature_arc);
1598 ip4_local_set_next_and_error (error_node, b[1], &next[1], error[1],
1599 head_of_feature_arc);
1606 while (n_left_from > 0)
1608 error[0] = IP4_ERROR_UNKNOWN_PROTOCOL;
1610 ip[0] = vlib_buffer_get_current (b[0]);
1611 vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
1612 pt[0] = ip4_local_classify (b[0], ip[0], &next[0]);
1614 if (head_of_feature_arc == 0 || pt[0])
1617 ip4_local_check_l4_csum (vm, b[0], ip[0], &error[0]);
1618 ip4_local_check_src (b[0], ip[0], &last_check, &error[0]);
1622 ip4_local_set_next_and_error (error_node, b[0], &next[0], error[0],
1623 head_of_feature_arc);
1630 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
1631 return frame->n_vectors;
1634 VLIB_NODE_FN (ip4_local_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
1635 vlib_frame_t * frame)
1637 return ip4_local_inline (vm, node, frame, 1 /* head of feature arc */ );
1641 VLIB_REGISTER_NODE (ip4_local_node) =
1643 .name = "ip4-local",
1644 .vector_size = sizeof (u32),
1645 .format_trace = format_ip4_forward_next_trace,
1646 .n_next_nodes = IP_LOCAL_N_NEXT,
1649 [IP_LOCAL_NEXT_DROP] = "ip4-drop",
1650 [IP_LOCAL_NEXT_PUNT] = "ip4-punt",
1651 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip4-udp-lookup",
1652 [IP_LOCAL_NEXT_ICMP] = "ip4-icmp-input",
1653 [IP_LOCAL_NEXT_REASSEMBLY] = "ip4-reassembly",
1659 VLIB_NODE_FN (ip4_local_end_of_arc_node) (vlib_main_t * vm,
1660 vlib_node_runtime_t * node,
1661 vlib_frame_t * frame)
1663 return ip4_local_inline (vm, node, frame, 0 /* head of feature arc */ );
1667 VLIB_REGISTER_NODE (ip4_local_end_of_arc_node) = {
1668 .name = "ip4-local-end-of-arc",
1669 .vector_size = sizeof (u32),
1671 .format_trace = format_ip4_forward_next_trace,
1672 .sibling_of = "ip4-local",
1675 VNET_FEATURE_INIT (ip4_local_end_of_arc, static) = {
1676 .arc_name = "ip4-local",
1677 .node_name = "ip4-local-end-of-arc",
1678 .runs_before = 0, /* not before any other features */
1682 #ifndef CLIB_MARCH_VARIANT
1684 ip4_register_protocol (u32 protocol, u32 node_index)
1686 vlib_main_t *vm = vlib_get_main ();
1687 ip4_main_t *im = &ip4_main;
1688 ip_lookup_main_t *lm = &im->lookup_main;
1690 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1691 lm->local_next_by_ip_protocol[protocol] =
1692 vlib_node_add_next (vm, ip4_local_node.index, node_index);
1696 static clib_error_t *
1697 show_ip_local_command_fn (vlib_main_t * vm,
1698 unformat_input_t * input, vlib_cli_command_t * cmd)
1700 ip4_main_t *im = &ip4_main;
1701 ip_lookup_main_t *lm = &im->lookup_main;
1704 vlib_cli_output (vm, "Protocols handled by ip4_local");
1705 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
1707 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
1709 u32 node_index = vlib_get_node (vm,
1710 ip4_local_node.index)->
1711 next_nodes[lm->local_next_by_ip_protocol[i]];
1712 vlib_cli_output (vm, "%d: %U", i, format_vlib_node_name, vm,
1722 * Display the set of protocols handled by the local IPv4 stack.
1725 * Example of how to display local protocol table:
1726 * @cliexstart{show ip local}
1727 * Protocols handled by ip4_local
1734 VLIB_CLI_COMMAND (show_ip_local, static) =
1736 .path = "show ip local",
1737 .function = show_ip_local_command_fn,
1738 .short_help = "show ip local",
1743 ip4_arp_inline (vlib_main_t * vm,
1744 vlib_node_runtime_t * node,
1745 vlib_frame_t * frame, int is_glean)
1747 vnet_main_t *vnm = vnet_get_main ();
1748 ip4_main_t *im = &ip4_main;
1749 ip_lookup_main_t *lm = &im->lookup_main;
1750 u32 *from, *to_next_drop;
1751 uword n_left_from, n_left_to_next_drop, next_index;
1752 u32 thread_index = vm->thread_index;
1755 if (node->flags & VLIB_NODE_FLAG_TRACE)
1756 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
1758 seed = throttle_seed (&im->arp_throttle, thread_index, vlib_time_now (vm));
1760 from = vlib_frame_vector_args (frame);
1761 n_left_from = frame->n_vectors;
1762 next_index = node->cached_next_index;
1763 if (next_index == IP4_ARP_NEXT_DROP)
1764 next_index = IP4_ARP_N_NEXT; /* point to first interface */
1766 while (n_left_from > 0)
1768 vlib_get_next_frame (vm, node, IP4_ARP_NEXT_DROP,
1769 to_next_drop, n_left_to_next_drop);
1771 while (n_left_from > 0 && n_left_to_next_drop > 0)
1773 u32 pi0, bi0, adj_index0, sw_if_index0;
1774 ip_adjacency_t *adj0;
1775 vlib_buffer_t *p0, *b0;
1776 ip4_address_t resolve0;
1777 ethernet_arp_header_t *h0;
1778 vnet_hw_interface_t *hw_if0;
1782 p0 = vlib_get_buffer (vm, pi0);
1786 to_next_drop[0] = pi0;
1788 n_left_to_next_drop -= 1;
1790 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1791 adj0 = adj_get (adj_index0);
1795 /* resolve the packet's destination */
1796 ip4_header_t *ip0 = vlib_buffer_get_current (p0);
1797 resolve0 = ip0->dst_address;
1801 /* resolve the incomplete adj */
1802 resolve0 = adj0->sub_type.nbr.next_hop.ip4;
1805 /* combine the address and interface for the hash key */
1806 sw_if_index0 = adj0->rewrite_header.sw_if_index;
1807 r0 = (u64) resolve0.data_u32 << 32;
1810 if (throttle_check (&im->arp_throttle, thread_index, r0, seed))
1812 p0->error = node->errors[IP4_ARP_ERROR_THROTTLED];
1817 * the adj has been updated to a rewrite but the node the DPO that got
1818 * us here hasn't - yet. no big deal. we'll drop while we wait.
1820 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
1822 p0->error = node->errors[IP4_ARP_ERROR_RESOLVED];
1827 * Can happen if the control-plane is programming tables
1828 * with traffic flowing; at least that's today's lame excuse.
1830 if ((is_glean && adj0->lookup_next_index != IP_LOOKUP_NEXT_GLEAN)
1831 || (!is_glean && adj0->lookup_next_index != IP_LOOKUP_NEXT_ARP))
1833 p0->error = node->errors[IP4_ARP_ERROR_NON_ARP_ADJ];
1836 /* Send ARP request. */
1838 vlib_packet_template_get_packet (vm,
1839 &im->ip4_arp_request_packet_template,
1842 /* Seems we're out of buffers */
1843 if (PREDICT_FALSE (!h0))
1845 p0->error = node->errors[IP4_ARP_ERROR_NO_BUFFERS];
1849 /* Add rewrite/encap string for ARP packet. */
1850 vnet_rewrite_one_header (adj0[0], h0, sizeof (ethernet_header_t));
1852 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1854 /* Src ethernet address in ARP header. */
1855 clib_memcpy (h0->ip4_over_ethernet[0].ethernet,
1857 sizeof (h0->ip4_over_ethernet[0].ethernet));
1860 /* The interface's source address is stashed in the Glean Adj */
1861 h0->ip4_over_ethernet[0].ip4 =
1862 adj0->sub_type.glean.receive_addr.ip4;
1866 /* Src IP address in ARP header. */
1867 if (ip4_src_address_for_packet (lm, sw_if_index0,
1868 &h0->ip4_over_ethernet[0].ip4))
1870 /* No source address available */
1871 p0->error = node->errors[IP4_ARP_ERROR_NO_SOURCE_ADDRESS];
1872 vlib_buffer_free (vm, &bi0, 1);
1876 h0->ip4_over_ethernet[1].ip4 = resolve0;
1878 p0->error = node->errors[IP4_ARP_ERROR_REQUEST_SENT];
1880 vlib_buffer_copy_trace_flag (vm, p0, bi0);
1881 b0 = vlib_get_buffer (vm, bi0);
1882 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
1883 vnet_buffer (b0)->sw_if_index[VLIB_TX] = sw_if_index0;
1885 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
1887 vlib_set_next_frame_buffer (vm, node,
1888 adj0->rewrite_header.next_index, bi0);
1891 vlib_put_next_frame (vm, node, IP4_ARP_NEXT_DROP, n_left_to_next_drop);
1894 return frame->n_vectors;
1897 VLIB_NODE_FN (ip4_arp_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
1898 vlib_frame_t * frame)
1900 return (ip4_arp_inline (vm, node, frame, 0));
1903 VLIB_NODE_FN (ip4_glean_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
1904 vlib_frame_t * frame)
1906 return (ip4_arp_inline (vm, node, frame, 1));
1909 static char *ip4_arp_error_strings[] = {
1910 [IP4_ARP_ERROR_THROTTLED] = "ARP requests throttled",
1911 [IP4_ARP_ERROR_RESOLVED] = "ARP requests resolved",
1912 [IP4_ARP_ERROR_NO_BUFFERS] = "ARP requests out of buffer",
1913 [IP4_ARP_ERROR_REQUEST_SENT] = "ARP requests sent",
1914 [IP4_ARP_ERROR_NON_ARP_ADJ] = "ARPs to non-ARP adjacencies",
1915 [IP4_ARP_ERROR_NO_SOURCE_ADDRESS] = "no source address for ARP request",
1919 VLIB_REGISTER_NODE (ip4_arp_node) =
1922 .vector_size = sizeof (u32),
1923 .format_trace = format_ip4_forward_next_trace,
1924 .n_errors = ARRAY_LEN (ip4_arp_error_strings),
1925 .error_strings = ip4_arp_error_strings,
1926 .n_next_nodes = IP4_ARP_N_NEXT,
1929 [IP4_ARP_NEXT_DROP] = "error-drop",
1933 VLIB_REGISTER_NODE (ip4_glean_node) =
1935 .name = "ip4-glean",
1936 .vector_size = sizeof (u32),
1937 .format_trace = format_ip4_forward_next_trace,
1938 .n_errors = ARRAY_LEN (ip4_arp_error_strings),
1939 .error_strings = ip4_arp_error_strings,
1940 .n_next_nodes = IP4_ARP_N_NEXT,
1942 [IP4_ARP_NEXT_DROP] = "error-drop",
1947 #define foreach_notrace_ip4_arp_error \
1953 _(NO_SOURCE_ADDRESS)
1955 static clib_error_t *
1956 arp_notrace_init (vlib_main_t * vm)
1958 vlib_node_runtime_t *rt = vlib_node_get_runtime (vm, ip4_arp_node.index);
1960 /* don't trace ARP request packets */
1962 vnet_pcap_drop_trace_filter_add_del \
1963 (rt->errors[IP4_ARP_ERROR_##a], \
1965 foreach_notrace_ip4_arp_error;
1970 VLIB_INIT_FUNCTION (arp_notrace_init);
1973 #ifndef CLIB_MARCH_VARIANT
1974 /* Send an ARP request to see if given destination is reachable on given interface. */
1976 ip4_probe_neighbor (vlib_main_t * vm, ip4_address_t * dst, u32 sw_if_index,
1979 vnet_main_t *vnm = vnet_get_main ();
1980 ip4_main_t *im = &ip4_main;
1981 ethernet_arp_header_t *h;
1983 ip_interface_address_t *ia;
1984 ip_adjacency_t *adj;
1985 vnet_hw_interface_t *hi;
1986 vnet_sw_interface_t *si;
1990 u8 unicast_rewrite = 0;
1992 si = vnet_get_sw_interface (vnm, sw_if_index);
1994 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1996 return clib_error_return (0, "%U: interface %U down",
1997 format_ip4_address, dst,
1998 format_vnet_sw_if_index_name, vnm,
2003 ip4_interface_address_matching_destination (im, dst, sw_if_index, &ia);
2006 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
2007 return clib_error_return
2009 "no matching interface address for destination %U (interface %U)",
2010 format_ip4_address, dst, format_vnet_sw_if_index_name, vnm,
2014 h = vlib_packet_template_get_packet (vm,
2015 &im->ip4_arp_request_packet_template,
2019 return clib_error_return (0, "ARP request packet allocation failed");
2021 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
2022 if (PREDICT_FALSE (!hi->hw_address))
2024 return clib_error_return (0, "%U: interface %U do not support ip probe",
2025 format_ip4_address, dst,
2026 format_vnet_sw_if_index_name, vnm,
2030 clib_memcpy (h->ip4_over_ethernet[0].ethernet, hi->hw_address,
2031 sizeof (h->ip4_over_ethernet[0].ethernet));
2033 h->ip4_over_ethernet[0].ip4 = src[0];
2034 h->ip4_over_ethernet[1].ip4 = dst[0];
2036 b = vlib_get_buffer (vm, bi);
2037 vnet_buffer (b)->sw_if_index[VLIB_RX] =
2038 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
2040 ip46_address_t nh = {
2044 ai = adj_nbr_add_or_lock (FIB_PROTOCOL_IP4,
2045 VNET_LINK_IP4, &nh, sw_if_index);
2048 /* Peer has been previously resolved, retrieve glean adj instead */
2049 if (adj->lookup_next_index == IP_LOOKUP_NEXT_REWRITE)
2052 unicast_rewrite = 1;
2056 ai = adj_glean_add_or_lock (FIB_PROTOCOL_IP4,
2057 VNET_LINK_IP4, sw_if_index, &nh);
2062 /* Add encapsulation string for software interface (e.g. ethernet header). */
2063 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
2064 if (unicast_rewrite)
2066 u16 *etype = vlib_buffer_get_current (b) - 2;
2067 etype[0] = clib_host_to_net_u16 (ETHERNET_TYPE_ARP);
2069 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
2072 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
2073 u32 *to_next = vlib_frame_vector_args (f);
2076 vlib_put_frame_to_node (vm, hi->output_node_index, f);
2080 return /* no error */ 0;
2086 IP4_REWRITE_NEXT_DROP,
2087 IP4_REWRITE_NEXT_ICMP_ERROR,
2088 IP4_REWRITE_NEXT_FRAGMENT,
2089 IP4_REWRITE_N_NEXT /* Last */
2090 } ip4_rewrite_next_t;
2093 * This bits of an IPv4 address to mask to construct a multicast
2096 #if CLIB_ARCH_IS_BIG_ENDIAN
2097 #define IP4_MCAST_ADDR_MASK 0x007fffff
2099 #define IP4_MCAST_ADDR_MASK 0xffff7f00
2103 ip4_mtu_check (vlib_buffer_t * b, u16 packet_len,
2104 u16 adj_packet_bytes, bool df, u16 * next, u32 * error)
2106 if (packet_len > adj_packet_bytes)
2108 *error = IP4_ERROR_MTU_EXCEEDED;
2111 icmp4_error_set_vnet_buffer
2112 (b, ICMP4_destination_unreachable,
2113 ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set,
2115 *next = IP4_REWRITE_NEXT_ICMP_ERROR;
2119 /* IP fragmentation */
2120 ip_frag_set_vnet_buffer (b, adj_packet_bytes,
2121 IP4_FRAG_NEXT_IP4_REWRITE, 0);
2122 *next = IP4_REWRITE_NEXT_FRAGMENT;
2127 /* Decrement TTL & update checksum.
2128 Works either endian, so no need for byte swap. */
2129 static_always_inline void
2130 ip4_ttl_and_checksum_check (vlib_buffer_t * b, ip4_header_t * ip, u16 * next,
2135 if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED))
2137 b->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
2143 /* Input node should have reject packets with ttl 0. */
2144 ASSERT (ip->ttl > 0);
2146 checksum = ip->checksum + clib_host_to_net_u16 (0x0100);
2147 checksum += checksum >= 0xffff;
2149 ip->checksum = checksum;
2154 * If the ttl drops below 1 when forwarding, generate
2157 if (PREDICT_FALSE (ttl <= 0))
2159 *error = IP4_ERROR_TIME_EXPIRED;
2160 vnet_buffer (b)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2161 icmp4_error_set_vnet_buffer (b, ICMP4_time_exceeded,
2162 ICMP4_time_exceeded_ttl_exceeded_in_transit,
2164 *next = IP4_REWRITE_NEXT_ICMP_ERROR;
2167 /* Verify checksum. */
2168 ASSERT ((ip->checksum == ip4_header_checksum (ip)) ||
2169 (b->flags & VNET_BUFFER_F_OFFLOAD_IP_CKSUM));
2174 ip4_rewrite_inline (vlib_main_t * vm,
2175 vlib_node_runtime_t * node,
2176 vlib_frame_t * frame,
2177 int do_counters, int is_midchain, int is_mcast)
2179 ip_lookup_main_t *lm = &ip4_main.lookup_main;
2180 u32 *from = vlib_frame_vector_args (frame);
2181 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
2182 u16 nexts[VLIB_FRAME_SIZE], *next;
2184 vlib_node_runtime_t *error_node =
2185 vlib_node_get_runtime (vm, ip4_input_node.index);
2187 n_left_from = frame->n_vectors;
2188 u32 thread_index = vm->thread_index;
2190 vlib_get_buffers (vm, from, bufs, n_left_from);
2191 clib_memset_u16 (nexts, IP4_REWRITE_NEXT_DROP, n_left_from);
2193 if (n_left_from >= 6)
2196 for (i = 0; i < 6; i++)
2197 vlib_prefetch_buffer_header (bufs[i], LOAD);
2202 while (n_left_from >= 8)
2204 ip_adjacency_t *adj0, *adj1;
2205 ip4_header_t *ip0, *ip1;
2206 u32 rw_len0, error0, adj_index0;
2207 u32 rw_len1, error1, adj_index1;
2208 u32 tx_sw_if_index0, tx_sw_if_index1;
2211 vlib_prefetch_buffer_header (b[6], LOAD);
2212 vlib_prefetch_buffer_header (b[7], LOAD);
2214 adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
2215 adj_index1 = vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
2218 * pre-fetch the per-adjacency counters
2222 vlib_prefetch_combined_counter (&adjacency_counters,
2223 thread_index, adj_index0);
2224 vlib_prefetch_combined_counter (&adjacency_counters,
2225 thread_index, adj_index1);
2228 ip0 = vlib_buffer_get_current (b[0]);
2229 ip1 = vlib_buffer_get_current (b[1]);
2231 error0 = error1 = IP4_ERROR_NONE;
2233 ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
2234 ip4_ttl_and_checksum_check (b[1], ip1, next + 1, &error1);
2236 /* Rewrite packet header and updates lengths. */
2237 adj0 = adj_get (adj_index0);
2238 adj1 = adj_get (adj_index1);
2240 /* Worth pipelining. No guarantee that adj0,1 are hot... */
2241 rw_len0 = adj0[0].rewrite_header.data_bytes;
2242 rw_len1 = adj1[0].rewrite_header.data_bytes;
2243 vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
2244 vnet_buffer (b[1])->ip.save_rewrite_length = rw_len1;
2246 p = vlib_buffer_get_current (b[2]);
2247 CLIB_PREFETCH (p - CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES, STORE);
2248 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
2250 p = vlib_buffer_get_current (b[3]);
2251 CLIB_PREFETCH (p - CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES, STORE);
2252 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
2254 /* Check MTU of outgoing interface. */
2255 ip4_mtu_check (b[0], clib_net_to_host_u16 (ip0->length),
2256 adj0[0].rewrite_header.max_l3_packet_bytes,
2257 ip0->flags_and_fragment_offset &
2258 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2260 ip4_mtu_check (b[1], clib_net_to_host_u16 (ip1->length),
2261 adj1[0].rewrite_header.max_l3_packet_bytes,
2262 ip1->flags_and_fragment_offset &
2263 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2268 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2269 vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
2270 IP4_ERROR_SAME_INTERFACE : error0);
2271 error1 = ((adj1[0].rewrite_header.sw_if_index ==
2272 vnet_buffer (b[1])->sw_if_index[VLIB_RX]) ?
2273 IP4_ERROR_SAME_INTERFACE : error1);
2276 b[0]->error = error_node->errors[error0];
2277 b[1]->error = error_node->errors[error1];
2278 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2279 * to see the IP headerr */
2280 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2282 u32 next_index = adj0[0].rewrite_header.next_index;
2283 b[0]->current_data -= rw_len0;
2284 b[0]->current_length += rw_len0;
2285 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2286 vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2289 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2290 vnet_feature_arc_start (lm->output_feature_arc_index,
2291 tx_sw_if_index0, &next_index, b[0]);
2292 next[0] = next_index;
2294 if (PREDICT_TRUE (error1 == IP4_ERROR_NONE))
2296 u32 next_index = adj1[0].rewrite_header.next_index;
2297 b[1]->current_data -= rw_len1;
2298 b[1]->current_length += rw_len1;
2300 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2301 vnet_buffer (b[1])->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2304 (adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2305 vnet_feature_arc_start (lm->output_feature_arc_index,
2306 tx_sw_if_index1, &next_index, b[1]);
2307 next[1] = next_index;
2310 /* Guess we are only writing on simple Ethernet header. */
2311 vnet_rewrite_two_headers (adj0[0], adj1[0],
2312 ip0, ip1, sizeof (ethernet_header_t));
2315 * Bump the per-adjacency counters
2319 vlib_increment_combined_counter
2320 (&adjacency_counters,
2322 adj_index0, 1, vlib_buffer_length_in_chain (vm, b[0]) + rw_len0);
2324 vlib_increment_combined_counter
2325 (&adjacency_counters,
2327 adj_index1, 1, vlib_buffer_length_in_chain (vm, b[1]) + rw_len1);
2332 adj0->sub_type.midchain.fixup_func
2333 (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
2334 adj1->sub_type.midchain.fixup_func
2335 (vm, adj1, b[1], adj0->sub_type.midchain.fixup_data);
2341 * copy bytes from the IP address into the MAC rewrite
2343 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2344 adj0->rewrite_header.dst_mcast_offset,
2345 &ip0->dst_address.as_u32, (u8 *) ip0);
2346 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2347 adj0->rewrite_header.dst_mcast_offset,
2348 &ip1->dst_address.as_u32, (u8 *) ip1);
2356 while (n_left_from > 0)
2358 ip_adjacency_t *adj0;
2360 u32 rw_len0, adj_index0, error0;
2361 u32 tx_sw_if_index0;
2363 adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
2365 adj0 = adj_get (adj_index0);
2368 vlib_prefetch_combined_counter (&adjacency_counters,
2369 thread_index, adj_index0);
2371 ip0 = vlib_buffer_get_current (b[0]);
2373 error0 = IP4_ERROR_NONE;
2375 ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
2378 /* Update packet buffer attributes/set output interface. */
2379 rw_len0 = adj0[0].rewrite_header.data_bytes;
2380 vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
2382 /* Check MTU of outgoing interface. */
2383 ip4_mtu_check (b[0], clib_net_to_host_u16 (ip0->length),
2384 adj0[0].rewrite_header.max_l3_packet_bytes,
2385 ip0->flags_and_fragment_offset &
2386 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2391 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2392 vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
2393 IP4_ERROR_SAME_INTERFACE : error0);
2395 b[0]->error = error_node->errors[error0];
2397 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2398 * to see the IP headerr */
2399 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2401 u32 next_index = adj0[0].rewrite_header.next_index;
2402 b[0]->current_data -= rw_len0;
2403 b[0]->current_length += rw_len0;
2404 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2405 vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2408 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2409 vnet_feature_arc_start (lm->output_feature_arc_index,
2410 tx_sw_if_index0, &next_index, b[0]);
2411 next[0] = next_index;
2414 /* Guess we are only writing on simple Ethernet header. */
2415 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2418 vlib_increment_combined_counter
2419 (&adjacency_counters,
2420 thread_index, adj_index0, 1,
2421 vlib_buffer_length_in_chain (vm, b[0]) + rw_len0);
2425 adj0->sub_type.midchain.fixup_func
2426 (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
2432 * copy bytes from the IP address into the MAC rewrite
2434 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2435 adj0->rewrite_header.dst_mcast_offset,
2436 &ip0->dst_address.as_u32, (u8 *) ip0);
2445 /* Need to do trace after rewrites to pick up new packet data. */
2446 if (node->flags & VLIB_NODE_FLAG_TRACE)
2447 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
2449 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
2450 return frame->n_vectors;
2454 /** @brief IPv4 rewrite node.
2457 This is the IPv4 transit-rewrite node: decrement TTL, fix the ipv4
2458 header checksum, fetch the ip adjacency, check the outbound mtu,
2459 apply the adjacency rewrite, and send pkts to the adjacency
2460 rewrite header's rewrite_next_index.
2462 @param vm vlib_main_t corresponding to the current thread
2463 @param node vlib_node_runtime_t
2464 @param frame vlib_frame_t whose contents should be dispatched
2466 @par Graph mechanics: buffer metadata, next index usage
2469 - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
2470 - the rewrite adjacency index
2471 - <code>adj->lookup_next_index</code>
2472 - Must be IP_LOOKUP_NEXT_REWRITE or IP_LOOKUP_NEXT_ARP, otherwise
2473 the packet will be dropped.
2474 - <code>adj->rewrite_header</code>
2475 - Rewrite string length, rewrite string, next_index
2478 - <code>b->current_data, b->current_length</code>
2479 - Updated net of applying the rewrite string
2481 <em>Next Indices:</em>
2482 - <code> adj->rewrite_header.next_index </code>
2486 VLIB_NODE_FN (ip4_rewrite_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
2487 vlib_frame_t * frame)
2489 if (adj_are_counters_enabled ())
2490 return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
2492 return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
2495 VLIB_NODE_FN (ip4_rewrite_bcast_node) (vlib_main_t * vm,
2496 vlib_node_runtime_t * node,
2497 vlib_frame_t * frame)
2499 if (adj_are_counters_enabled ())
2500 return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
2502 return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
2505 VLIB_NODE_FN (ip4_midchain_node) (vlib_main_t * vm,
2506 vlib_node_runtime_t * node,
2507 vlib_frame_t * frame)
2509 if (adj_are_counters_enabled ())
2510 return ip4_rewrite_inline (vm, node, frame, 1, 1, 0);
2512 return ip4_rewrite_inline (vm, node, frame, 0, 1, 0);
2515 VLIB_NODE_FN (ip4_rewrite_mcast_node) (vlib_main_t * vm,
2516 vlib_node_runtime_t * node,
2517 vlib_frame_t * frame)
2519 if (adj_are_counters_enabled ())
2520 return ip4_rewrite_inline (vm, node, frame, 1, 0, 1);
2522 return ip4_rewrite_inline (vm, node, frame, 0, 0, 1);
2525 VLIB_NODE_FN (ip4_mcast_midchain_node) (vlib_main_t * vm,
2526 vlib_node_runtime_t * node,
2527 vlib_frame_t * frame)
2529 if (adj_are_counters_enabled ())
2530 return ip4_rewrite_inline (vm, node, frame, 1, 1, 1);
2532 return ip4_rewrite_inline (vm, node, frame, 0, 1, 1);
2536 VLIB_REGISTER_NODE (ip4_rewrite_node) = {
2537 .name = "ip4-rewrite",
2538 .vector_size = sizeof (u32),
2540 .format_trace = format_ip4_rewrite_trace,
2542 .n_next_nodes = IP4_REWRITE_N_NEXT,
2544 [IP4_REWRITE_NEXT_DROP] = "ip4-drop",
2545 [IP4_REWRITE_NEXT_ICMP_ERROR] = "ip4-icmp-error",
2546 [IP4_REWRITE_NEXT_FRAGMENT] = "ip4-frag",
2550 VLIB_REGISTER_NODE (ip4_rewrite_bcast_node) = {
2551 .name = "ip4-rewrite-bcast",
2552 .vector_size = sizeof (u32),
2554 .format_trace = format_ip4_rewrite_trace,
2555 .sibling_of = "ip4-rewrite",
2558 VLIB_REGISTER_NODE (ip4_rewrite_mcast_node) = {
2559 .name = "ip4-rewrite-mcast",
2560 .vector_size = sizeof (u32),
2562 .format_trace = format_ip4_rewrite_trace,
2563 .sibling_of = "ip4-rewrite",
2566 VLIB_REGISTER_NODE (ip4_mcast_midchain_node) = {
2567 .name = "ip4-mcast-midchain",
2568 .vector_size = sizeof (u32),
2570 .format_trace = format_ip4_rewrite_trace,
2571 .sibling_of = "ip4-rewrite",
2574 VLIB_REGISTER_NODE (ip4_midchain_node) = {
2575 .name = "ip4-midchain",
2576 .vector_size = sizeof (u32),
2577 .format_trace = format_ip4_forward_next_trace,
2578 .sibling_of = "ip4-rewrite",
2583 ip4_lookup_validate (ip4_address_t * a, u32 fib_index0)
2585 ip4_fib_mtrie_t *mtrie0;
2586 ip4_fib_mtrie_leaf_t leaf0;
2589 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
2591 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, a);
2592 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, a, 2);
2593 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, a, 3);
2595 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
2597 return lbi0 == ip4_fib_table_lookup_lb (ip4_fib_get (fib_index0), a);
2600 static clib_error_t *
2601 test_lookup_command_fn (vlib_main_t * vm,
2602 unformat_input_t * input, vlib_cli_command_t * cmd)
2609 ip4_address_t ip4_base_address;
2612 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2614 if (unformat (input, "table %d", &table_id))
2616 /* Make sure the entry exists. */
2617 fib = ip4_fib_get (table_id);
2618 if ((fib) && (fib->index != table_id))
2619 return clib_error_return (0, "<fib-index> %d does not exist",
2622 else if (unformat (input, "count %f", &count))
2625 else if (unformat (input, "%U",
2626 unformat_ip4_address, &ip4_base_address))
2629 return clib_error_return (0, "unknown input `%U'",
2630 format_unformat_error, input);
2635 for (i = 0; i < n; i++)
2637 if (!ip4_lookup_validate (&ip4_base_address, table_id))
2640 ip4_base_address.as_u32 =
2641 clib_host_to_net_u32 (1 +
2642 clib_net_to_host_u32 (ip4_base_address.as_u32));
2646 vlib_cli_output (vm, "%llu errors out of %d lookups\n", errors, n);
2648 vlib_cli_output (vm, "No errors in %d lookups\n", n);
2654 * Perform a lookup of an IPv4 Address (or range of addresses) in the
2655 * given FIB table to determine if there is a conflict with the
2656 * adjacency table. The fib-id can be determined by using the
2657 * '<em>show ip fib</em>' command. If fib-id is not entered, default value
2660 * @todo This command uses fib-id, other commands use table-id (not
2661 * just a name, they are different indexes). Would like to change this
2662 * to table-id for consistency.
2665 * Example of how to run the test lookup command:
2666 * @cliexstart{test lookup 172.16.1.1 table 1 count 2}
2667 * No errors in 2 lookups
2671 VLIB_CLI_COMMAND (lookup_test_command, static) =
2673 .path = "test lookup",
2674 .short_help = "test lookup <ipv4-addr> [table <fib-id>] [count <nn>]",
2675 .function = test_lookup_command_fn,
2679 #ifndef CLIB_MARCH_VARIANT
2681 vnet_set_ip4_flow_hash (u32 table_id, u32 flow_hash_config)
2685 fib_index = fib_table_find (FIB_PROTOCOL_IP4, table_id);
2687 if (~0 == fib_index)
2688 return VNET_API_ERROR_NO_SUCH_FIB;
2690 fib_table_set_flow_hash_config (fib_index, FIB_PROTOCOL_IP4,
2697 static clib_error_t *
2698 set_ip_flow_hash_command_fn (vlib_main_t * vm,
2699 unformat_input_t * input,
2700 vlib_cli_command_t * cmd)
2704 u32 flow_hash_config = 0;
2707 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2709 if (unformat (input, "table %d", &table_id))
2712 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
2713 foreach_flow_hash_bit
2720 return clib_error_return (0, "unknown input `%U'",
2721 format_unformat_error, input);
2723 rv = vnet_set_ip4_flow_hash (table_id, flow_hash_config);
2729 case VNET_API_ERROR_NO_SUCH_FIB:
2730 return clib_error_return (0, "no such FIB table %d", table_id);
2733 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
2741 * Configure the set of IPv4 fields used by the flow hash.
2744 * Example of how to set the flow hash on a given table:
2745 * @cliexcmd{set ip flow-hash table 7 dst sport dport proto}
2746 * Example of display the configured flow hash:
2747 * @cliexstart{show ip fib}
2748 * ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
2751 * [@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
2752 * [0] [@0]: dpo-drop ip6
2755 * [@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
2756 * [0] [@0]: dpo-drop ip6
2759 * [@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
2760 * [0] [@0]: dpo-drop ip6
2763 * [@0]: dpo-load-balance: [index:30 buckets:1 uRPF:29 to:[0:0]]
2764 * [0] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
2767 * [@0]: dpo-load-balance: [index:31 buckets:4 uRPF:30 to:[0:0]]
2768 * [0] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
2769 * [1] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
2770 * [2] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
2771 * [3] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
2774 * [@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
2775 * [0] [@0]: dpo-drop ip6
2776 * 255.255.255.255/32
2778 * [@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
2779 * [0] [@0]: dpo-drop ip6
2780 * ipv4-VRF:7, fib_index 1, flow hash: dst sport dport proto
2783 * [@0]: dpo-load-balance: [index:12 buckets:1 uRPF:11 to:[0:0]]
2784 * [0] [@0]: dpo-drop ip6
2787 * [@0]: dpo-load-balance: [index:13 buckets:1 uRPF:12 to:[0:0]]
2788 * [0] [@0]: dpo-drop ip6
2791 * [@0]: dpo-load-balance: [index:17 buckets:1 uRPF:16 to:[0:0]]
2792 * [0] [@4]: ipv4-glean: af_packet0
2795 * [@0]: dpo-load-balance: [index:18 buckets:1 uRPF:17 to:[1:84]]
2796 * [0] [@2]: dpo-receive: 172.16.1.1 on af_packet0
2799 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
2800 * [0] [@5]: ipv4 via 172.16.1.2 af_packet0: IP4: 02:fe:9e:70:7a:2b -> 26:a5:f6:9c:3a:36
2803 * [@0]: dpo-load-balance: [index:19 buckets:1 uRPF:18 to:[0:0]]
2804 * [0] [@4]: ipv4-glean: af_packet1
2807 * [@0]: dpo-load-balance: [index:20 buckets:1 uRPF:19 to:[0:0]]
2808 * [0] [@2]: dpo-receive: 172.16.2.1 on af_packet1
2811 * [@0]: dpo-load-balance: [index:15 buckets:1 uRPF:14 to:[0:0]]
2812 * [0] [@0]: dpo-drop ip6
2815 * [@0]: dpo-load-balance: [index:14 buckets:1 uRPF:13 to:[0:0]]
2816 * [0] [@0]: dpo-drop ip6
2817 * 255.255.255.255/32
2819 * [@0]: dpo-load-balance: [index:16 buckets:1 uRPF:15 to:[0:0]]
2820 * [0] [@0]: dpo-drop ip6
2824 VLIB_CLI_COMMAND (set_ip_flow_hash_command, static) =
2826 .path = "set ip flow-hash",
2828 "set ip flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
2829 .function = set_ip_flow_hash_command_fn,
2833 #ifndef CLIB_MARCH_VARIANT
2835 vnet_set_ip4_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
2838 vnet_main_t *vnm = vnet_get_main ();
2839 vnet_interface_main_t *im = &vnm->interface_main;
2840 ip4_main_t *ipm = &ip4_main;
2841 ip_lookup_main_t *lm = &ipm->lookup_main;
2842 vnet_classify_main_t *cm = &vnet_classify_main;
2843 ip4_address_t *if_addr;
2845 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
2846 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
2848 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
2849 return VNET_API_ERROR_NO_SUCH_ENTRY;
2851 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
2852 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
2854 if_addr = ip4_interface_first_address (ipm, sw_if_index, NULL);
2856 if (NULL != if_addr)
2858 fib_prefix_t pfx = {
2860 .fp_proto = FIB_PROTOCOL_IP4,
2861 .fp_addr.ip4 = *if_addr,
2865 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
2869 if (table_index != (u32) ~ 0)
2871 dpo_id_t dpo = DPO_INVALID;
2876 classify_dpo_create (DPO_PROTO_IP4, table_index));
2878 fib_table_entry_special_dpo_add (fib_index,
2880 FIB_SOURCE_CLASSIFY,
2881 FIB_ENTRY_FLAG_NONE, &dpo);
2886 fib_table_entry_special_remove (fib_index,
2887 &pfx, FIB_SOURCE_CLASSIFY);
2895 static clib_error_t *
2896 set_ip_classify_command_fn (vlib_main_t * vm,
2897 unformat_input_t * input,
2898 vlib_cli_command_t * cmd)
2900 u32 table_index = ~0;
2901 int table_index_set = 0;
2902 u32 sw_if_index = ~0;
2905 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2907 if (unformat (input, "table-index %d", &table_index))
2908 table_index_set = 1;
2909 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
2910 vnet_get_main (), &sw_if_index))
2916 if (table_index_set == 0)
2917 return clib_error_return (0, "classify table-index must be specified");
2919 if (sw_if_index == ~0)
2920 return clib_error_return (0, "interface / subif must be specified");
2922 rv = vnet_set_ip4_classify_intfc (vm, sw_if_index, table_index);
2929 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
2930 return clib_error_return (0, "No such interface");
2932 case VNET_API_ERROR_NO_SUCH_ENTRY:
2933 return clib_error_return (0, "No such classifier table");
2939 * Assign a classification table to an interface. The classification
2940 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
2941 * commands. Once the table is create, use this command to filter packets
2945 * Example of how to assign a classification table to an interface:
2946 * @cliexcmd{set ip classify intfc GigabitEthernet2/0/0 table-index 1}
2949 VLIB_CLI_COMMAND (set_ip_classify_command, static) =
2951 .path = "set ip classify",
2953 "set ip classify intfc <interface> table-index <classify-idx>",
2954 .function = set_ip_classify_command_fn,
2958 static clib_error_t *
2959 ip4_config (vlib_main_t * vm, unformat_input_t * input)
2961 ip4_main_t *im = &ip4_main;
2964 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2966 if (unformat (input, "heap-size %U", unformat_memory_size, &heapsize))
2969 return clib_error_return (0,
2970 "invalid heap-size parameter `%U'",
2971 format_unformat_error, input);
2974 im->mtrie_heap_size = heapsize;
2979 VLIB_EARLY_CONFIG_FUNCTION (ip4_config, "ip");
2982 * fd.io coding-style-patch-verification: ON
2985 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob