2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip4_forward.c: IP v4 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
43 #include <vnet/ethernet/arp_packet.h> /* for ethernet_arp_header_t */
44 #include <vnet/ppp/ppp.h>
45 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
46 #include <vnet/api_errno.h> /* for API error numbers */
47 #include <vnet/fib/fib_table.h> /* for FIB table and entry creation */
48 #include <vnet/fib/fib_entry.h> /* for FIB table and entry creation */
49 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
50 #include <vnet/fib/ip4_fib.h>
51 #include <vnet/dpo/load_balance.h>
52 #include <vnet/dpo/load_balance_map.h>
53 #include <vnet/dpo/classify_dpo.h>
54 #include <vnet/mfib/mfib_table.h> /* for mFIB table and entry creation */
58 * @brief IPv4 Forwarding.
60 * This file contains the source code for IPv4 forwarding.
64 ip4_lookup_inline (vlib_main_t * vm,
65 vlib_node_runtime_t * node,
67 int lookup_for_responses_to_locally_received_packets)
69 ip4_main_t *im = &ip4_main;
70 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_to_counters;
71 u32 n_left_from, n_left_to_next, *from, *to_next;
72 ip_lookup_next_t next;
73 u32 thread_index = vlib_get_thread_index ();
75 from = vlib_frame_vector_args (frame);
76 n_left_from = frame->n_vectors;
77 next = node->cached_next_index;
79 while (n_left_from > 0)
81 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
83 while (n_left_from >= 8 && n_left_to_next >= 4)
85 vlib_buffer_t *p0, *p1, *p2, *p3;
86 ip4_header_t *ip0, *ip1, *ip2, *ip3;
87 ip_lookup_next_t next0, next1, next2, next3;
88 const load_balance_t *lb0, *lb1, *lb2, *lb3;
89 ip4_fib_mtrie_t *mtrie0, *mtrie1, *mtrie2, *mtrie3;
90 ip4_fib_mtrie_leaf_t leaf0, leaf1, leaf2, leaf3;
91 ip4_address_t *dst_addr0, *dst_addr1, *dst_addr2, *dst_addr3;
92 u32 pi0, fib_index0, lb_index0;
93 u32 pi1, fib_index1, lb_index1;
94 u32 pi2, fib_index2, lb_index2;
95 u32 pi3, fib_index3, lb_index3;
96 flow_hash_config_t flow_hash_config0, flow_hash_config1;
97 flow_hash_config_t flow_hash_config2, flow_hash_config3;
98 u32 hash_c0, hash_c1, hash_c2, hash_c3;
99 const dpo_id_t *dpo0, *dpo1, *dpo2, *dpo3;
101 /* Prefetch next iteration. */
103 vlib_buffer_t *p4, *p5, *p6, *p7;
105 p4 = vlib_get_buffer (vm, from[4]);
106 p5 = vlib_get_buffer (vm, from[5]);
107 p6 = vlib_get_buffer (vm, from[6]);
108 p7 = vlib_get_buffer (vm, from[7]);
110 vlib_prefetch_buffer_header (p4, LOAD);
111 vlib_prefetch_buffer_header (p5, LOAD);
112 vlib_prefetch_buffer_header (p6, LOAD);
113 vlib_prefetch_buffer_header (p7, LOAD);
115 CLIB_PREFETCH (p4->data, sizeof (ip0[0]), LOAD);
116 CLIB_PREFETCH (p5->data, sizeof (ip0[0]), LOAD);
117 CLIB_PREFETCH (p6->data, sizeof (ip0[0]), LOAD);
118 CLIB_PREFETCH (p7->data, sizeof (ip0[0]), LOAD);
121 pi0 = to_next[0] = from[0];
122 pi1 = to_next[1] = from[1];
123 pi2 = to_next[2] = from[2];
124 pi3 = to_next[3] = from[3];
131 p0 = vlib_get_buffer (vm, pi0);
132 p1 = vlib_get_buffer (vm, pi1);
133 p2 = vlib_get_buffer (vm, pi2);
134 p3 = vlib_get_buffer (vm, pi3);
136 ip0 = vlib_buffer_get_current (p0);
137 ip1 = vlib_buffer_get_current (p1);
138 ip2 = vlib_buffer_get_current (p2);
139 ip3 = vlib_buffer_get_current (p3);
141 dst_addr0 = &ip0->dst_address;
142 dst_addr1 = &ip1->dst_address;
143 dst_addr2 = &ip2->dst_address;
144 dst_addr3 = &ip3->dst_address;
147 vec_elt (im->fib_index_by_sw_if_index,
148 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
150 vec_elt (im->fib_index_by_sw_if_index,
151 vnet_buffer (p1)->sw_if_index[VLIB_RX]);
153 vec_elt (im->fib_index_by_sw_if_index,
154 vnet_buffer (p2)->sw_if_index[VLIB_RX]);
156 vec_elt (im->fib_index_by_sw_if_index,
157 vnet_buffer (p3)->sw_if_index[VLIB_RX]);
159 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
160 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
162 (vnet_buffer (p1)->sw_if_index[VLIB_TX] ==
163 (u32) ~ 0) ? fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
165 (vnet_buffer (p2)->sw_if_index[VLIB_TX] ==
166 (u32) ~ 0) ? fib_index2 : vnet_buffer (p2)->sw_if_index[VLIB_TX];
168 (vnet_buffer (p3)->sw_if_index[VLIB_TX] ==
169 (u32) ~ 0) ? fib_index3 : vnet_buffer (p3)->sw_if_index[VLIB_TX];
172 if (!lookup_for_responses_to_locally_received_packets)
174 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
175 mtrie1 = &ip4_fib_get (fib_index1)->mtrie;
176 mtrie2 = &ip4_fib_get (fib_index2)->mtrie;
177 mtrie3 = &ip4_fib_get (fib_index3)->mtrie;
179 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, dst_addr0);
180 leaf1 = ip4_fib_mtrie_lookup_step_one (mtrie1, dst_addr1);
181 leaf2 = ip4_fib_mtrie_lookup_step_one (mtrie2, dst_addr2);
182 leaf3 = ip4_fib_mtrie_lookup_step_one (mtrie3, dst_addr3);
185 if (!lookup_for_responses_to_locally_received_packets)
187 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, dst_addr0, 2);
188 leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1, dst_addr1, 2);
189 leaf2 = ip4_fib_mtrie_lookup_step (mtrie2, leaf2, dst_addr2, 2);
190 leaf3 = ip4_fib_mtrie_lookup_step (mtrie3, leaf3, dst_addr3, 2);
193 if (!lookup_for_responses_to_locally_received_packets)
195 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, dst_addr0, 3);
196 leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1, dst_addr1, 3);
197 leaf2 = ip4_fib_mtrie_lookup_step (mtrie2, leaf2, dst_addr2, 3);
198 leaf3 = ip4_fib_mtrie_lookup_step (mtrie3, leaf3, dst_addr3, 3);
201 if (lookup_for_responses_to_locally_received_packets)
203 lb_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_RX];
204 lb_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_RX];
205 lb_index2 = vnet_buffer (p2)->ip.adj_index[VLIB_RX];
206 lb_index3 = vnet_buffer (p3)->ip.adj_index[VLIB_RX];
210 lb_index0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
211 lb_index1 = ip4_fib_mtrie_leaf_get_adj_index (leaf1);
212 lb_index2 = ip4_fib_mtrie_leaf_get_adj_index (leaf2);
213 lb_index3 = ip4_fib_mtrie_leaf_get_adj_index (leaf3);
216 ASSERT (lb_index0 && lb_index1 && lb_index2 && lb_index3);
217 lb0 = load_balance_get (lb_index0);
218 lb1 = load_balance_get (lb_index1);
219 lb2 = load_balance_get (lb_index2);
220 lb3 = load_balance_get (lb_index3);
222 ASSERT (lb0->lb_n_buckets > 0);
223 ASSERT (is_pow2 (lb0->lb_n_buckets));
224 ASSERT (lb1->lb_n_buckets > 0);
225 ASSERT (is_pow2 (lb1->lb_n_buckets));
226 ASSERT (lb2->lb_n_buckets > 0);
227 ASSERT (is_pow2 (lb2->lb_n_buckets));
228 ASSERT (lb3->lb_n_buckets > 0);
229 ASSERT (is_pow2 (lb3->lb_n_buckets));
231 /* Use flow hash to compute multipath adjacency. */
232 hash_c0 = vnet_buffer (p0)->ip.flow_hash = 0;
233 hash_c1 = vnet_buffer (p1)->ip.flow_hash = 0;
234 hash_c2 = vnet_buffer (p2)->ip.flow_hash = 0;
235 hash_c3 = vnet_buffer (p3)->ip.flow_hash = 0;
236 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
238 flow_hash_config0 = lb0->lb_hash_config;
239 hash_c0 = vnet_buffer (p0)->ip.flow_hash =
240 ip4_compute_flow_hash (ip0, flow_hash_config0);
242 load_balance_get_fwd_bucket (lb0,
244 (lb0->lb_n_buckets_minus_1)));
248 dpo0 = load_balance_get_bucket_i (lb0, 0);
250 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
252 flow_hash_config1 = lb1->lb_hash_config;
253 hash_c1 = vnet_buffer (p1)->ip.flow_hash =
254 ip4_compute_flow_hash (ip1, flow_hash_config1);
256 load_balance_get_fwd_bucket (lb1,
258 (lb1->lb_n_buckets_minus_1)));
262 dpo1 = load_balance_get_bucket_i (lb1, 0);
264 if (PREDICT_FALSE (lb2->lb_n_buckets > 1))
266 flow_hash_config2 = lb2->lb_hash_config;
267 hash_c2 = vnet_buffer (p2)->ip.flow_hash =
268 ip4_compute_flow_hash (ip2, flow_hash_config2);
270 load_balance_get_fwd_bucket (lb2,
272 (lb2->lb_n_buckets_minus_1)));
276 dpo2 = load_balance_get_bucket_i (lb2, 0);
278 if (PREDICT_FALSE (lb3->lb_n_buckets > 1))
280 flow_hash_config3 = lb3->lb_hash_config;
281 hash_c3 = vnet_buffer (p3)->ip.flow_hash =
282 ip4_compute_flow_hash (ip3, flow_hash_config3);
284 load_balance_get_fwd_bucket (lb3,
286 (lb3->lb_n_buckets_minus_1)));
290 dpo3 = load_balance_get_bucket_i (lb3, 0);
293 next0 = dpo0->dpoi_next_node;
294 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
295 next1 = dpo1->dpoi_next_node;
296 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
297 next2 = dpo2->dpoi_next_node;
298 vnet_buffer (p2)->ip.adj_index[VLIB_TX] = dpo2->dpoi_index;
299 next3 = dpo3->dpoi_next_node;
300 vnet_buffer (p3)->ip.adj_index[VLIB_TX] = dpo3->dpoi_index;
302 vlib_increment_combined_counter
303 (cm, thread_index, lb_index0, 1,
304 vlib_buffer_length_in_chain (vm, p0));
305 vlib_increment_combined_counter
306 (cm, thread_index, lb_index1, 1,
307 vlib_buffer_length_in_chain (vm, p1));
308 vlib_increment_combined_counter
309 (cm, thread_index, lb_index2, 1,
310 vlib_buffer_length_in_chain (vm, p2));
311 vlib_increment_combined_counter
312 (cm, thread_index, lb_index3, 1,
313 vlib_buffer_length_in_chain (vm, p3));
315 vlib_validate_buffer_enqueue_x4 (vm, node, next,
316 to_next, n_left_to_next,
318 next0, next1, next2, next3);
321 while (n_left_from > 0 && n_left_to_next > 0)
325 ip_lookup_next_t next0;
326 const load_balance_t *lb0;
327 ip4_fib_mtrie_t *mtrie0;
328 ip4_fib_mtrie_leaf_t leaf0;
329 ip4_address_t *dst_addr0;
330 u32 pi0, fib_index0, lbi0;
331 flow_hash_config_t flow_hash_config0;
332 const dpo_id_t *dpo0;
338 p0 = vlib_get_buffer (vm, pi0);
340 ip0 = vlib_buffer_get_current (p0);
342 dst_addr0 = &ip0->dst_address;
345 vec_elt (im->fib_index_by_sw_if_index,
346 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
348 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
349 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
351 if (!lookup_for_responses_to_locally_received_packets)
353 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
355 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, dst_addr0);
358 if (!lookup_for_responses_to_locally_received_packets)
359 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, dst_addr0, 2);
361 if (!lookup_for_responses_to_locally_received_packets)
362 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, dst_addr0, 3);
364 if (lookup_for_responses_to_locally_received_packets)
365 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_RX];
368 /* Handle default route. */
369 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
373 lb0 = load_balance_get (lbi0);
375 ASSERT (lb0->lb_n_buckets > 0);
376 ASSERT (is_pow2 (lb0->lb_n_buckets));
378 /* Use flow hash to compute multipath adjacency. */
379 hash_c0 = vnet_buffer (p0)->ip.flow_hash = 0;
380 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
382 flow_hash_config0 = lb0->lb_hash_config;
384 hash_c0 = vnet_buffer (p0)->ip.flow_hash =
385 ip4_compute_flow_hash (ip0, flow_hash_config0);
387 load_balance_get_fwd_bucket (lb0,
389 (lb0->lb_n_buckets_minus_1)));
393 dpo0 = load_balance_get_bucket_i (lb0, 0);
396 next0 = dpo0->dpoi_next_node;
397 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
399 vlib_increment_combined_counter (cm, thread_index, lbi0, 1,
400 vlib_buffer_length_in_chain (vm,
408 if (PREDICT_FALSE (next0 != next))
411 vlib_put_next_frame (vm, node, next, n_left_to_next);
413 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
420 vlib_put_next_frame (vm, node, next, n_left_to_next);
423 if (node->flags & VLIB_NODE_FLAG_TRACE)
424 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
426 return frame->n_vectors;
429 /** @brief IPv4 lookup node.
432 This is the main IPv4 lookup dispatch node.
434 @param vm vlib_main_t corresponding to the current thread
435 @param node vlib_node_runtime_t
436 @param frame vlib_frame_t whose contents should be dispatched
438 @par Graph mechanics: buffer metadata, next index usage
441 - <code>vnet_buffer(b)->sw_if_index[VLIB_RX]</code>
442 - Indicates the @c sw_if_index value of the interface that the
443 packet was received on.
444 - <code>vnet_buffer(b)->sw_if_index[VLIB_TX]</code>
445 - When the value is @c ~0 then the node performs a longest prefix
446 match (LPM) for the packet destination address in the FIB attached
447 to the receive interface.
448 - Otherwise perform LPM for the packet destination address in the
449 indicated FIB. In this case <code>[VLIB_TX]</code> is a FIB index
450 value (0, 1, ...) and not a VRF id.
453 - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
454 - The lookup result adjacency index.
457 - Dispatches the packet to the node index found in
458 ip_adjacency_t @c adj->lookup_next_index
459 (where @c adj is the lookup result adjacency).
462 ip4_lookup (vlib_main_t * vm,
463 vlib_node_runtime_t * node, vlib_frame_t * frame)
465 return ip4_lookup_inline (vm, node, frame,
466 /* lookup_for_responses_to_locally_received_packets */
471 static u8 *format_ip4_lookup_trace (u8 * s, va_list * args);
474 VLIB_REGISTER_NODE (ip4_lookup_node) =
476 .function = ip4_lookup,
477 .name = "ip4-lookup",
478 .vector_size = sizeof (u32),
479 .format_trace = format_ip4_lookup_trace,
480 .n_next_nodes = IP_LOOKUP_N_NEXT,
481 .next_nodes = IP4_LOOKUP_NEXT_NODES,
485 VLIB_NODE_FUNCTION_MULTIARCH (ip4_lookup_node, ip4_lookup);
488 ip4_load_balance (vlib_main_t * vm,
489 vlib_node_runtime_t * node, vlib_frame_t * frame)
491 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
492 u32 n_left_from, n_left_to_next, *from, *to_next;
493 ip_lookup_next_t next;
494 u32 thread_index = vlib_get_thread_index ();
496 from = vlib_frame_vector_args (frame);
497 n_left_from = frame->n_vectors;
498 next = node->cached_next_index;
500 if (node->flags & VLIB_NODE_FLAG_TRACE)
501 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
503 while (n_left_from > 0)
505 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
508 while (n_left_from >= 4 && n_left_to_next >= 2)
510 ip_lookup_next_t next0, next1;
511 const load_balance_t *lb0, *lb1;
512 vlib_buffer_t *p0, *p1;
513 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
514 const ip4_header_t *ip0, *ip1;
515 const dpo_id_t *dpo0, *dpo1;
517 /* Prefetch next iteration. */
519 vlib_buffer_t *p2, *p3;
521 p2 = vlib_get_buffer (vm, from[2]);
522 p3 = vlib_get_buffer (vm, from[3]);
524 vlib_prefetch_buffer_header (p2, STORE);
525 vlib_prefetch_buffer_header (p3, STORE);
527 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
528 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
531 pi0 = to_next[0] = from[0];
532 pi1 = to_next[1] = from[1];
539 p0 = vlib_get_buffer (vm, pi0);
540 p1 = vlib_get_buffer (vm, pi1);
542 ip0 = vlib_buffer_get_current (p0);
543 ip1 = vlib_buffer_get_current (p1);
544 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
545 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
547 lb0 = load_balance_get (lbi0);
548 lb1 = load_balance_get (lbi1);
551 * this node is for via FIBs we can re-use the hash value from the
552 * to node if present.
553 * We don't want to use the same hash value at each level in the recursion
554 * graph as that would lead to polarisation
558 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
560 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
562 hc0 = vnet_buffer (p0)->ip.flow_hash =
563 vnet_buffer (p0)->ip.flow_hash >> 1;
567 hc0 = vnet_buffer (p0)->ip.flow_hash =
568 ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
570 dpo0 = load_balance_get_fwd_bucket
571 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
575 dpo0 = load_balance_get_bucket_i (lb0, 0);
577 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
579 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
581 hc1 = vnet_buffer (p1)->ip.flow_hash =
582 vnet_buffer (p1)->ip.flow_hash >> 1;
586 hc1 = vnet_buffer (p1)->ip.flow_hash =
587 ip4_compute_flow_hash (ip1, lb1->lb_hash_config);
589 dpo1 = load_balance_get_fwd_bucket
590 (lb1, (hc1 & (lb1->lb_n_buckets_minus_1)));
594 dpo1 = load_balance_get_bucket_i (lb1, 0);
597 next0 = dpo0->dpoi_next_node;
598 next1 = dpo1->dpoi_next_node;
600 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
601 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
603 vlib_increment_combined_counter
604 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
605 vlib_increment_combined_counter
606 (cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
608 vlib_validate_buffer_enqueue_x2 (vm, node, next,
609 to_next, n_left_to_next,
610 pi0, pi1, next0, next1);
613 while (n_left_from > 0 && n_left_to_next > 0)
615 ip_lookup_next_t next0;
616 const load_balance_t *lb0;
619 const ip4_header_t *ip0;
620 const dpo_id_t *dpo0;
629 p0 = vlib_get_buffer (vm, pi0);
631 ip0 = vlib_buffer_get_current (p0);
632 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
634 lb0 = load_balance_get (lbi0);
637 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
639 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
641 hc0 = vnet_buffer (p0)->ip.flow_hash =
642 vnet_buffer (p0)->ip.flow_hash >> 1;
646 hc0 = vnet_buffer (p0)->ip.flow_hash =
647 ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
649 dpo0 = load_balance_get_fwd_bucket
650 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
654 dpo0 = load_balance_get_bucket_i (lb0, 0);
657 next0 = dpo0->dpoi_next_node;
658 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
660 vlib_increment_combined_counter
661 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
663 vlib_validate_buffer_enqueue_x1 (vm, node, next,
664 to_next, n_left_to_next,
668 vlib_put_next_frame (vm, node, next, n_left_to_next);
671 return frame->n_vectors;
675 VLIB_REGISTER_NODE (ip4_load_balance_node) =
677 .function = ip4_load_balance,
678 .name = "ip4-load-balance",
679 .vector_size = sizeof (u32),
680 .sibling_of = "ip4-lookup",
682 format_ip4_lookup_trace,
686 VLIB_NODE_FUNCTION_MULTIARCH (ip4_load_balance_node, ip4_load_balance);
688 /* get first interface address */
690 ip4_interface_first_address (ip4_main_t * im, u32 sw_if_index,
691 ip_interface_address_t ** result_ia)
693 ip_lookup_main_t *lm = &im->lookup_main;
694 ip_interface_address_t *ia = 0;
695 ip4_address_t *result = 0;
698 foreach_ip_interface_address
699 (lm, ia, sw_if_index,
700 1 /* honor unnumbered */ ,
703 ip_interface_address_get_address (lm, ia);
709 *result_ia = result ? ia : 0;
714 ip4_add_interface_routes (u32 sw_if_index,
715 ip4_main_t * im, u32 fib_index,
716 ip_interface_address_t * a)
718 ip_lookup_main_t *lm = &im->lookup_main;
719 ip4_address_t *address = ip_interface_address_get_address (lm, a);
721 .fp_len = a->address_length,
722 .fp_proto = FIB_PROTOCOL_IP4,
723 .fp_addr.ip4 = *address,
726 if (pfx.fp_len <= 30)
728 /* a /30 or shorter - add a glean for the network address */
729 fib_table_entry_update_one_path (fib_index, &pfx,
730 FIB_SOURCE_INTERFACE,
731 (FIB_ENTRY_FLAG_CONNECTED |
732 FIB_ENTRY_FLAG_ATTACHED),
734 /* No next-hop address */
740 // no out-label stack
742 FIB_ROUTE_PATH_FLAG_NONE);
744 /* Add the two broadcast addresses as drop */
745 fib_prefix_t net_pfx = {
747 .fp_proto = FIB_PROTOCOL_IP4,
748 .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[pfx.fp_len],
750 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
751 fib_table_entry_special_add(fib_index,
753 FIB_SOURCE_INTERFACE,
754 (FIB_ENTRY_FLAG_DROP |
755 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
756 net_pfx.fp_addr.ip4.as_u32 |= ~im->fib_masks[pfx.fp_len];
757 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
758 fib_table_entry_special_add(fib_index,
760 FIB_SOURCE_INTERFACE,
761 (FIB_ENTRY_FLAG_DROP |
762 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
764 else if (pfx.fp_len == 31)
766 u32 mask = clib_host_to_net_u32(1);
767 fib_prefix_t net_pfx = pfx;
770 net_pfx.fp_addr.ip4.as_u32 ^= mask;
772 /* a /31 - add the other end as an attached host */
773 fib_table_entry_update_one_path (fib_index, &net_pfx,
774 FIB_SOURCE_INTERFACE,
775 (FIB_ENTRY_FLAG_ATTACHED),
783 FIB_ROUTE_PATH_FLAG_NONE);
787 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
789 u32 classify_table_index =
790 lm->classify_table_index_by_sw_if_index[sw_if_index];
791 if (classify_table_index != (u32) ~ 0)
793 dpo_id_t dpo = DPO_INVALID;
798 classify_dpo_create (DPO_PROTO_IP4, classify_table_index));
800 fib_table_entry_special_dpo_add (fib_index,
803 FIB_ENTRY_FLAG_NONE, &dpo);
808 fib_table_entry_update_one_path (fib_index, &pfx,
809 FIB_SOURCE_INTERFACE,
810 (FIB_ENTRY_FLAG_CONNECTED |
811 FIB_ENTRY_FLAG_LOCAL),
818 FIB_ROUTE_PATH_FLAG_NONE);
822 ip4_del_interface_routes (ip4_main_t * im,
824 ip4_address_t * address, u32 address_length)
827 .fp_len = address_length,
828 .fp_proto = FIB_PROTOCOL_IP4,
829 .fp_addr.ip4 = *address,
832 if (pfx.fp_len <= 30)
834 fib_prefix_t net_pfx = {
836 .fp_proto = FIB_PROTOCOL_IP4,
837 .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[pfx.fp_len],
839 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
840 fib_table_entry_special_remove(fib_index,
842 FIB_SOURCE_INTERFACE);
843 net_pfx.fp_addr.ip4.as_u32 |= ~im->fib_masks[pfx.fp_len];
844 if (net_pfx.fp_addr.ip4.as_u32 != pfx.fp_addr.ip4.as_u32)
845 fib_table_entry_special_remove(fib_index,
847 FIB_SOURCE_INTERFACE);
848 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
850 else if (pfx.fp_len == 31)
852 u32 mask = clib_host_to_net_u32(1);
853 fib_prefix_t net_pfx = pfx;
856 net_pfx.fp_addr.ip4.as_u32 ^= mask;
858 fib_table_entry_delete (fib_index, &net_pfx, FIB_SOURCE_INTERFACE);
862 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
866 ip4_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
868 ip4_main_t *im = &ip4_main;
870 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
873 * enable/disable only on the 1<->0 transition
877 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
882 ASSERT (im->ip_enabled_by_sw_if_index[sw_if_index] > 0);
883 if (0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
886 vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
890 vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
891 sw_if_index, !is_enable, 0, 0);
894 static clib_error_t *
895 ip4_add_del_interface_address_internal (vlib_main_t * vm,
897 ip4_address_t * address,
898 u32 address_length, u32 is_del)
900 vnet_main_t *vnm = vnet_get_main ();
901 ip4_main_t *im = &ip4_main;
902 ip_lookup_main_t *lm = &im->lookup_main;
903 clib_error_t *error = 0;
904 u32 if_address_index, elts_before;
905 ip4_address_fib_t ip4_af, *addr_fib = 0;
907 /* local0 interface doesn't support IP addressing */
908 if (sw_if_index == 0)
911 clib_error_create ("local0 interface doesn't support IP addressing");
914 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
915 ip4_addr_fib_init (&ip4_af, address,
916 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
917 vec_add1 (addr_fib, ip4_af);
920 * there is no support for adj-fib handling in the presence of overlapping
921 * subnets on interfaces. Easy fix - disallow overlapping subnets, like
927 /* When adding an address check that it does not conflict
928 with an existing address. */
929 ip_interface_address_t *ia;
930 foreach_ip_interface_address
931 (&im->lookup_main, ia, sw_if_index,
932 0 /* honor unnumbered */ ,
935 ip_interface_address_get_address
936 (&im->lookup_main, ia);
937 if (ip4_destination_matches_route
938 (im, address, x, ia->address_length) ||
939 ip4_destination_matches_route (im,
945 ("failed to add %U which conflicts with %U for interface %U",
946 format_ip4_address_and_length, address,
948 format_ip4_address_and_length, x,
950 format_vnet_sw_if_index_name, vnm,
956 elts_before = pool_elts (lm->if_address_pool);
958 error = ip_interface_address_add_del
959 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
963 ip4_sw_interface_enable_disable (sw_if_index, !is_del);
966 ip4_del_interface_routes (im, ip4_af.fib_index, address, address_length);
968 ip4_add_interface_routes (sw_if_index,
969 im, ip4_af.fib_index,
971 (lm->if_address_pool, if_address_index));
973 /* If pool did not grow/shrink: add duplicate address. */
974 if (elts_before != pool_elts (lm->if_address_pool))
976 ip4_add_del_interface_address_callback_t *cb;
977 vec_foreach (cb, im->add_del_interface_address_callbacks)
978 cb->function (im, cb->function_opaque, sw_if_index,
979 address, address_length, if_address_index, is_del);
988 ip4_add_del_interface_address (vlib_main_t * vm,
990 ip4_address_t * address,
991 u32 address_length, u32 is_del)
993 return ip4_add_del_interface_address_internal
994 (vm, sw_if_index, address, address_length, is_del);
997 /* Built-in ip4 unicast rx feature path definition */
999 VNET_FEATURE_ARC_INIT (ip4_unicast, static) =
1001 .arc_name = "ip4-unicast",
1002 .start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
1003 .arc_index_ptr = &ip4_main.lookup_main.ucast_feature_arc_index,
1006 VNET_FEATURE_INIT (ip4_flow_classify, static) =
1008 .arc_name = "ip4-unicast",
1009 .node_name = "ip4-flow-classify",
1010 .runs_before = VNET_FEATURES ("ip4-inacl"),
1013 VNET_FEATURE_INIT (ip4_inacl, static) =
1015 .arc_name = "ip4-unicast",
1016 .node_name = "ip4-inacl",
1017 .runs_before = VNET_FEATURES ("ip4-source-check-via-rx"),
1020 VNET_FEATURE_INIT (ip4_source_check_1, static) =
1022 .arc_name = "ip4-unicast",
1023 .node_name = "ip4-source-check-via-rx",
1024 .runs_before = VNET_FEATURES ("ip4-source-check-via-any"),
1027 VNET_FEATURE_INIT (ip4_source_check_2, static) =
1029 .arc_name = "ip4-unicast",
1030 .node_name = "ip4-source-check-via-any",
1031 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
1034 VNET_FEATURE_INIT (ip4_source_and_port_range_check_rx, static) =
1036 .arc_name = "ip4-unicast",
1037 .node_name = "ip4-source-and-port-range-check-rx",
1038 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
1041 VNET_FEATURE_INIT (ip4_policer_classify, static) =
1043 .arc_name = "ip4-unicast",
1044 .node_name = "ip4-policer-classify",
1045 .runs_before = VNET_FEATURES ("ipsec-input-ip4"),
1048 VNET_FEATURE_INIT (ip4_ipsec, static) =
1050 .arc_name = "ip4-unicast",
1051 .node_name = "ipsec-input-ip4",
1052 .runs_before = VNET_FEATURES ("vpath-input-ip4"),
1055 VNET_FEATURE_INIT (ip4_vpath, static) =
1057 .arc_name = "ip4-unicast",
1058 .node_name = "vpath-input-ip4",
1059 .runs_before = VNET_FEATURES ("ip4-vxlan-bypass"),
1062 VNET_FEATURE_INIT (ip4_vxlan_bypass, static) =
1064 .arc_name = "ip4-unicast",
1065 .node_name = "ip4-vxlan-bypass",
1066 .runs_before = VNET_FEATURES ("ip4-lookup"),
1069 VNET_FEATURE_INIT (ip4_not_enabled, static) =
1071 .arc_name = "ip4-unicast",
1072 .node_name = "ip4-not-enabled",
1073 .runs_before = VNET_FEATURES ("ip4-lookup"),
1076 VNET_FEATURE_INIT (ip4_lookup, static) =
1078 .arc_name = "ip4-unicast",
1079 .node_name = "ip4-lookup",
1080 .runs_before = 0, /* not before any other features */
1083 /* Built-in ip4 multicast rx feature path definition */
1084 VNET_FEATURE_ARC_INIT (ip4_multicast, static) =
1086 .arc_name = "ip4-multicast",
1087 .start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
1088 .arc_index_ptr = &ip4_main.lookup_main.mcast_feature_arc_index,
1091 VNET_FEATURE_INIT (ip4_vpath_mc, static) =
1093 .arc_name = "ip4-multicast",
1094 .node_name = "vpath-input-ip4",
1095 .runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
1098 VNET_FEATURE_INIT (ip4_mc_not_enabled, static) =
1100 .arc_name = "ip4-multicast",
1101 .node_name = "ip4-not-enabled",
1102 .runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
1105 VNET_FEATURE_INIT (ip4_lookup_mc, static) =
1107 .arc_name = "ip4-multicast",
1108 .node_name = "ip4-mfib-forward-lookup",
1109 .runs_before = 0, /* last feature */
1112 /* Source and port-range check ip4 tx feature path definition */
1113 VNET_FEATURE_ARC_INIT (ip4_output, static) =
1115 .arc_name = "ip4-output",
1116 .start_nodes = VNET_FEATURES ("ip4-rewrite", "ip4-midchain", "ip4-dvr-dpo"),
1117 .arc_index_ptr = &ip4_main.lookup_main.output_feature_arc_index,
1120 VNET_FEATURE_INIT (ip4_source_and_port_range_check_tx, static) =
1122 .arc_name = "ip4-output",
1123 .node_name = "ip4-source-and-port-range-check-tx",
1124 .runs_before = VNET_FEATURES ("ip4-outacl"),
1127 VNET_FEATURE_INIT (ip4_outacl, static) =
1129 .arc_name = "ip4-output",
1130 .node_name = "ip4-outacl",
1131 .runs_before = VNET_FEATURES ("ipsec-output-ip4"),
1134 VNET_FEATURE_INIT (ip4_ipsec_output, static) =
1136 .arc_name = "ip4-output",
1137 .node_name = "ipsec-output-ip4",
1138 .runs_before = VNET_FEATURES ("interface-output"),
1141 /* Built-in ip4 tx feature path definition */
1142 VNET_FEATURE_INIT (ip4_interface_output, static) =
1144 .arc_name = "ip4-output",
1145 .node_name = "interface-output",
1146 .runs_before = 0, /* not before any other features */
1150 static clib_error_t *
1151 ip4_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
1153 ip4_main_t *im = &ip4_main;
1155 /* Fill in lookup tables with default table (0). */
1156 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
1157 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
1161 ip4_main_t *im4 = &ip4_main;
1162 ip_lookup_main_t *lm4 = &im4->lookup_main;
1163 ip_interface_address_t *ia = 0;
1164 ip4_address_t *address;
1165 vlib_main_t *vm = vlib_get_main ();
1168 foreach_ip_interface_address (lm4, ia, sw_if_index, 1 /* honor unnumbered */,
1170 address = ip_interface_address_get_address (lm4, ia);
1171 ip4_add_del_interface_address(vm, sw_if_index, address, ia->address_length, 1);
1176 vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
1179 vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
1180 sw_if_index, is_add, 0, 0);
1182 return /* no error */ 0;
1185 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip4_sw_interface_add_del);
1187 /* Global IP4 main. */
1188 ip4_main_t ip4_main;
1191 ip4_lookup_init (vlib_main_t * vm)
1193 ip4_main_t *im = &ip4_main;
1194 clib_error_t *error;
1197 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
1199 if ((error = vlib_call_init_function (vm, ip4_mtrie_module_init)))
1201 if ((error = vlib_call_init_function (vm, fib_module_init)))
1203 if ((error = vlib_call_init_function (vm, mfib_module_init)))
1206 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
1211 m = pow2_mask (i) << (32 - i);
1214 im->fib_masks[i] = clib_host_to_net_u32 (m);
1217 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 0);
1219 /* Create FIB with index 0 and table id of 0. */
1220 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
1221 FIB_SOURCE_DEFAULT_ROUTE);
1222 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
1223 MFIB_SOURCE_DEFAULT_ROUTE);
1227 pn = pg_get_node (ip4_lookup_node.index);
1228 pn->unformat_edit = unformat_pg_ip4_header;
1232 ethernet_arp_header_t h;
1234 memset (&h, 0, sizeof (h));
1236 /* Set target ethernet address to all zeros. */
1237 memset (h.ip4_over_ethernet[1].ethernet, 0,
1238 sizeof (h.ip4_over_ethernet[1].ethernet));
1240 #define _16(f,v) h.f = clib_host_to_net_u16 (v);
1241 #define _8(f,v) h.f = v;
1242 _16 (l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
1243 _16 (l3_type, ETHERNET_TYPE_IP4);
1244 _8 (n_l2_address_bytes, 6);
1245 _8 (n_l3_address_bytes, 4);
1246 _16 (opcode, ETHERNET_ARP_OPCODE_request);
1250 vlib_packet_template_init (vm, &im->ip4_arp_request_packet_template,
1253 /* alloc chunk size */ 8,
1260 VLIB_INIT_FUNCTION (ip4_lookup_init);
1264 /* Adjacency taken. */
1269 /* Packet data, possibly *after* rewrite. */
1270 u8 packet_data[64 - 1 * sizeof (u32)];
1272 ip4_forward_next_trace_t;
1275 format_ip4_forward_next_trace (u8 * s, va_list * args)
1277 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1278 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1279 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1280 u32 indent = format_get_indent (s);
1281 s = format (s, "%U%U",
1282 format_white_space, indent,
1283 format_ip4_header, t->packet_data, sizeof (t->packet_data));
1288 format_ip4_lookup_trace (u8 * s, va_list * args)
1290 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1291 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1292 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1293 u32 indent = format_get_indent (s);
1295 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
1296 t->fib_index, t->dpo_index, t->flow_hash);
1297 s = format (s, "\n%U%U",
1298 format_white_space, indent,
1299 format_ip4_header, t->packet_data, sizeof (t->packet_data));
1304 format_ip4_rewrite_trace (u8 * s, va_list * args)
1306 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1307 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1308 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1309 u32 indent = format_get_indent (s);
1311 s = format (s, "tx_sw_if_index %d dpo-idx %d : %U flow hash: 0x%08x",
1312 t->fib_index, t->dpo_index, format_ip_adjacency,
1313 t->dpo_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
1314 s = format (s, "\n%U%U",
1315 format_white_space, indent,
1316 format_ip_adjacency_packet_data,
1317 t->dpo_index, t->packet_data, sizeof (t->packet_data));
1321 /* Common trace function for all ip4-forward next nodes. */
1323 ip4_forward_next_trace (vlib_main_t * vm,
1324 vlib_node_runtime_t * node,
1325 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
1328 ip4_main_t *im = &ip4_main;
1330 n_left = frame->n_vectors;
1331 from = vlib_frame_vector_args (frame);
1336 vlib_buffer_t *b0, *b1;
1337 ip4_forward_next_trace_t *t0, *t1;
1339 /* Prefetch next iteration. */
1340 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1341 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1346 b0 = vlib_get_buffer (vm, bi0);
1347 b1 = vlib_get_buffer (vm, bi1);
1349 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1351 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1352 t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1353 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1355 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1356 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1357 vec_elt (im->fib_index_by_sw_if_index,
1358 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1360 clib_memcpy (t0->packet_data,
1361 vlib_buffer_get_current (b0),
1362 sizeof (t0->packet_data));
1364 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1366 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1367 t1->dpo_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1368 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1370 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1371 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1372 vec_elt (im->fib_index_by_sw_if_index,
1373 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1374 clib_memcpy (t1->packet_data, vlib_buffer_get_current (b1),
1375 sizeof (t1->packet_data));
1385 ip4_forward_next_trace_t *t0;
1389 b0 = vlib_get_buffer (vm, bi0);
1391 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1393 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1394 t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1395 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1397 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1398 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1399 vec_elt (im->fib_index_by_sw_if_index,
1400 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1401 clib_memcpy (t0->packet_data, vlib_buffer_get_current (b0),
1402 sizeof (t0->packet_data));
1409 /* Compute TCP/UDP/ICMP4 checksum in software. */
1411 ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1415 u32 ip_header_length, payload_length_host_byte_order;
1416 u32 n_this_buffer, n_bytes_left, n_ip_bytes_this_buffer;
1418 void *data_this_buffer;
1420 /* Initialize checksum with ip header. */
1421 ip_header_length = ip4_header_bytes (ip0);
1422 payload_length_host_byte_order =
1423 clib_net_to_host_u16 (ip0->length) - ip_header_length;
1425 clib_host_to_net_u32 (payload_length_host_byte_order +
1426 (ip0->protocol << 16));
1428 if (BITS (uword) == 32)
1431 ip_csum_with_carry (sum0,
1432 clib_mem_unaligned (&ip0->src_address, u32));
1434 ip_csum_with_carry (sum0,
1435 clib_mem_unaligned (&ip0->dst_address, u32));
1439 ip_csum_with_carry (sum0, clib_mem_unaligned (&ip0->src_address, u64));
1441 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1442 data_this_buffer = (void *) ip0 + ip_header_length;
1443 n_ip_bytes_this_buffer =
1444 p0->current_length - (((u8 *) ip0 - p0->data) - p0->current_data);
1445 if (n_this_buffer + ip_header_length > n_ip_bytes_this_buffer)
1447 n_this_buffer = n_ip_bytes_this_buffer > ip_header_length ?
1448 n_ip_bytes_this_buffer - ip_header_length : 0;
1452 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1453 n_bytes_left -= n_this_buffer;
1454 if (n_bytes_left == 0)
1457 ASSERT (p0->flags & VLIB_BUFFER_NEXT_PRESENT);
1458 p0 = vlib_get_buffer (vm, p0->next_buffer);
1459 data_this_buffer = vlib_buffer_get_current (p0);
1460 n_this_buffer = p0->current_length;
1463 sum16 = ~ip_csum_fold (sum0);
1469 ip4_tcp_udp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1471 ip4_header_t *ip0 = vlib_buffer_get_current (p0);
1475 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1476 || ip0->protocol == IP_PROTOCOL_UDP);
1478 udp0 = (void *) (ip0 + 1);
1479 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1481 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1482 | VNET_BUFFER_F_L4_CHECKSUM_CORRECT);
1486 sum16 = ip4_tcp_udp_compute_checksum (vm, p0, ip0);
1488 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1489 | ((sum16 == 0) << VNET_BUFFER_F_LOG2_L4_CHECKSUM_CORRECT));
1495 VNET_FEATURE_ARC_INIT (ip4_local) =
1497 .arc_name = "ip4-local",
1498 .start_nodes = VNET_FEATURES ("ip4-local"),
1503 ip4_local_validate_l4 (vlib_main_t * vm, vlib_buffer_t * p, ip4_header_t * ip,
1504 u8 is_udp, u8 * error, u8 * good_tcp_udp)
1507 flags0 = ip4_tcp_udp_validate_checksum (vm, p);
1508 *good_tcp_udp = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
1512 u32 ip_len, udp_len;
1514 udp = ip4_next_header (ip);
1515 /* Verify UDP length. */
1516 ip_len = clib_net_to_host_u16 (ip->length);
1517 udp_len = clib_net_to_host_u16 (udp->length);
1519 len_diff = ip_len - udp_len;
1520 *good_tcp_udp &= len_diff >= 0;
1521 *error = len_diff < 0 ? IP4_ERROR_UDP_LENGTH : *error;
1525 #define ip4_local_do_l4_check(is_tcp_udp, flags) \
1526 (is_tcp_udp && !(flags & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED \
1527 || flags & VNET_BUFFER_F_OFFLOAD_TCP_CKSUM \
1528 || flags & VNET_BUFFER_F_OFFLOAD_UDP_CKSUM))
1531 ip4_local_inline (vlib_main_t * vm,
1532 vlib_node_runtime_t * node,
1533 vlib_frame_t * frame, int head_of_feature_arc)
1535 ip4_main_t *im = &ip4_main;
1536 ip_lookup_main_t *lm = &im->lookup_main;
1537 ip_local_next_t next_index;
1538 u32 *from, *to_next, n_left_from, n_left_to_next;
1539 vlib_node_runtime_t *error_node =
1540 vlib_node_get_runtime (vm, ip4_input_node.index);
1541 u8 arc_index = vnet_feat_arc_ip4_local.feature_arc_index;
1543 from = vlib_frame_vector_args (frame);
1544 n_left_from = frame->n_vectors;
1545 next_index = node->cached_next_index;
1547 if (node->flags & VLIB_NODE_FLAG_TRACE)
1548 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
1550 while (n_left_from > 0)
1552 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1554 while (n_left_from >= 4 && n_left_to_next >= 2)
1556 vlib_buffer_t *p0, *p1;
1557 ip4_header_t *ip0, *ip1;
1558 ip4_fib_mtrie_t *mtrie0, *mtrie1;
1559 ip4_fib_mtrie_leaf_t leaf0, leaf1;
1560 const dpo_id_t *dpo0, *dpo1;
1561 const load_balance_t *lb0, *lb1;
1562 u32 pi0, next0, fib_index0, lbi0;
1563 u32 pi1, next1, fib_index1, lbi1;
1564 u8 error0, is_udp0, is_tcp_udp0, good_tcp_udp0, proto0;
1565 u8 error1, is_udp1, is_tcp_udp1, good_tcp_udp1, proto1;
1566 u32 sw_if_index0, sw_if_index1;
1568 pi0 = to_next[0] = from[0];
1569 pi1 = to_next[1] = from[1];
1573 n_left_to_next -= 2;
1575 next0 = next1 = IP_LOCAL_NEXT_DROP;
1576 error0 = error1 = IP4_ERROR_UNKNOWN_PROTOCOL;
1578 p0 = vlib_get_buffer (vm, pi0);
1579 p1 = vlib_get_buffer (vm, pi1);
1581 ip0 = vlib_buffer_get_current (p0);
1582 ip1 = vlib_buffer_get_current (p1);
1584 vnet_buffer (p0)->l3_hdr_offset = p0->current_data;
1585 vnet_buffer (p1)->l3_hdr_offset = p1->current_data;
1587 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1588 sw_if_index1 = vnet_buffer (p1)->sw_if_index[VLIB_RX];
1590 /* Treat IP frag packets as "experimental" protocol for now
1591 until support of IP frag reassembly is implemented */
1593 ip4_is_fragment (ip0) ? IP_PROTOCOL_VPP_FRAGMENTATION :
1596 ip4_is_fragment (ip1) ? IP_PROTOCOL_VPP_FRAGMENTATION :
1599 if (head_of_feature_arc == 0)
1602 is_udp0 = proto0 == IP_PROTOCOL_UDP;
1603 is_udp1 = proto1 == IP_PROTOCOL_UDP;
1604 is_tcp_udp0 = is_udp0 || proto0 == IP_PROTOCOL_TCP;
1605 is_tcp_udp1 = is_udp1 || proto1 == IP_PROTOCOL_TCP;
1608 (p0->flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT
1609 || (p0->flags & VNET_BUFFER_F_OFFLOAD_TCP_CKSUM
1610 || p0->flags & VNET_BUFFER_F_OFFLOAD_UDP_CKSUM)) != 0;
1611 good_tcp_udp1 = (p1->flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT
1612 || (p1->flags & VNET_BUFFER_F_OFFLOAD_TCP_CKSUM
1614 VNET_BUFFER_F_OFFLOAD_UDP_CKSUM)) != 0;
1616 if (PREDICT_FALSE (ip4_local_do_l4_check (is_tcp_udp0, p0->flags)
1617 || ip4_local_do_l4_check (is_tcp_udp1,
1621 ip4_local_validate_l4 (vm, p0, ip0, is_udp0, &error0,
1624 ip4_local_validate_l4 (vm, p1, ip1, is_udp1, &error1,
1628 ASSERT (IP4_ERROR_TCP_CHECKSUM + 1 == IP4_ERROR_UDP_CHECKSUM);
1629 error0 = (is_tcp_udp0 && !good_tcp_udp0
1630 ? IP4_ERROR_TCP_CHECKSUM + is_udp0 : error0);
1631 error1 = (is_tcp_udp1 && !good_tcp_udp1
1632 ? IP4_ERROR_TCP_CHECKSUM + is_udp1 : error1);
1634 fib_index0 = vec_elt (im->fib_index_by_sw_if_index, sw_if_index0);
1636 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
1637 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
1639 fib_index1 = vec_elt (im->fib_index_by_sw_if_index, sw_if_index1);
1641 (vnet_buffer (p1)->sw_if_index[VLIB_TX] ==
1642 (u32) ~ 0) ? fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
1644 /* TODO maybe move to lookup? */
1645 vnet_buffer (p0)->ip.fib_index = fib_index0;
1646 vnet_buffer (p1)->ip.fib_index = fib_index1;
1648 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
1649 mtrie1 = &ip4_fib_get (fib_index1)->mtrie;
1651 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, &ip0->src_address);
1652 leaf1 = ip4_fib_mtrie_lookup_step_one (mtrie1, &ip1->src_address);
1653 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address,
1655 leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1, &ip1->src_address,
1657 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address,
1659 leaf1 = ip4_fib_mtrie_lookup_step (mtrie1, leaf1, &ip1->src_address,
1662 vnet_buffer (p0)->ip.adj_index[VLIB_RX] = lbi0 =
1663 ip4_fib_mtrie_leaf_get_adj_index (leaf0);
1664 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = lbi0;
1666 vnet_buffer (p1)->ip.adj_index[VLIB_RX] = lbi1 =
1667 ip4_fib_mtrie_leaf_get_adj_index (leaf1);
1668 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = lbi1;
1670 lb0 = load_balance_get (lbi0);
1671 lb1 = load_balance_get (lbi1);
1672 dpo0 = load_balance_get_bucket_i (lb0, 0);
1673 dpo1 = load_balance_get_bucket_i (lb1, 0);
1676 * Must have a route to source otherwise we drop the packet.
1677 * ip4 broadcasts are accepted, e.g. to make dhcp client work
1680 * - the source is a recieve => it's from us => bogus, do this
1681 * first since it sets a different error code.
1682 * - uRPF check for any route to source - accept if passes.
1683 * - allow packets destined to the broadcast address from unknown sources
1685 if (p0->flags & VNET_BUFFER_F_IS_NATED)
1688 error0 = ((error0 == IP4_ERROR_UNKNOWN_PROTOCOL &&
1689 dpo0->dpoi_type == DPO_RECEIVE) ?
1690 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error0);
1691 error0 = ((error0 == IP4_ERROR_UNKNOWN_PROTOCOL &&
1692 !fib_urpf_check_size (lb0->lb_urpf) &&
1693 ip0->dst_address.as_u32 != 0xFFFFFFFF)
1694 ? IP4_ERROR_SRC_LOOKUP_MISS : error0);
1697 if (p1->flags & VNET_BUFFER_F_IS_NATED)
1700 error1 = ((error1 == IP4_ERROR_UNKNOWN_PROTOCOL &&
1701 dpo1->dpoi_type == DPO_RECEIVE) ?
1702 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error1);
1703 error1 = ((error1 == IP4_ERROR_UNKNOWN_PROTOCOL &&
1704 !fib_urpf_check_size (lb1->lb_urpf) &&
1705 ip1->dst_address.as_u32 != 0xFFFFFFFF)
1706 ? IP4_ERROR_SRC_LOOKUP_MISS : error1);
1710 next0 = lm->local_next_by_ip_protocol[proto0];
1711 next1 = lm->local_next_by_ip_protocol[proto1];
1714 error0 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1716 error1 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1;
1718 p0->error = error0 ? error_node->errors[error0] : 0;
1719 p1->error = error1 ? error_node->errors[error1] : 0;
1721 if (head_of_feature_arc)
1723 if (PREDICT_TRUE (error0 == (u8) IP4_ERROR_UNKNOWN_PROTOCOL))
1724 vnet_feature_arc_start (arc_index, sw_if_index0, &next0, p0);
1725 if (PREDICT_TRUE (error1 == (u8) IP4_ERROR_UNKNOWN_PROTOCOL))
1726 vnet_feature_arc_start (arc_index, sw_if_index1, &next1, p1);
1729 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
1730 n_left_to_next, pi0, pi1,
1734 while (n_left_from > 0 && n_left_to_next > 0)
1738 ip4_fib_mtrie_t *mtrie0;
1739 ip4_fib_mtrie_leaf_t leaf0;
1740 u32 pi0, next0, fib_index0, lbi0;
1741 u8 error0, is_udp0, is_tcp_udp0, good_tcp_udp0, proto0;
1742 load_balance_t *lb0;
1743 const dpo_id_t *dpo0;
1746 pi0 = to_next[0] = from[0];
1750 n_left_to_next -= 1;
1752 next0 = IP_LOCAL_NEXT_DROP;
1753 error0 = IP4_ERROR_UNKNOWN_PROTOCOL;
1755 p0 = vlib_get_buffer (vm, pi0);
1756 ip0 = vlib_buffer_get_current (p0);
1757 vnet_buffer (p0)->l3_hdr_offset = p0->current_data;
1758 sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
1760 /* Treat IP frag packets as "experimental" protocol for now
1761 until support of IP frag reassembly is implemented */
1763 ip4_is_fragment (ip0) ? IP_PROTOCOL_VPP_FRAGMENTATION :
1766 if (head_of_feature_arc == 0 || p0->flags & VNET_BUFFER_F_IS_NATED)
1769 is_udp0 = proto0 == IP_PROTOCOL_UDP;
1770 is_tcp_udp0 = is_udp0 || proto0 == IP_PROTOCOL_TCP;
1773 (p0->flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT
1774 || (p0->flags & VNET_BUFFER_F_OFFLOAD_TCP_CKSUM
1775 || p0->flags & VNET_BUFFER_F_OFFLOAD_UDP_CKSUM)) != 0;
1777 if (PREDICT_FALSE (ip4_local_do_l4_check (is_tcp_udp0, p0->flags)))
1779 ip4_local_validate_l4 (vm, p0, ip0, is_udp0, &error0,
1783 ASSERT (IP4_ERROR_TCP_CHECKSUM + 1 == IP4_ERROR_UDP_CHECKSUM);
1784 error0 = (is_tcp_udp0 && !good_tcp_udp0
1785 ? IP4_ERROR_TCP_CHECKSUM + is_udp0 : error0);
1787 fib_index0 = vec_elt (im->fib_index_by_sw_if_index, sw_if_index0);
1789 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
1790 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
1791 vnet_buffer (p0)->ip.fib_index = fib_index0;
1792 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
1793 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, &ip0->src_address);
1794 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address,
1796 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address,
1798 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
1799 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = lbi0;
1800 vnet_buffer (p0)->ip.adj_index[VLIB_RX] = lbi0;
1802 lb0 = load_balance_get (lbi0);
1803 dpo0 = load_balance_get_bucket_i (lb0, 0);
1805 error0 = ((error0 == IP4_ERROR_UNKNOWN_PROTOCOL &&
1806 dpo0->dpoi_type == DPO_RECEIVE) ?
1807 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error0);
1808 error0 = ((error0 == IP4_ERROR_UNKNOWN_PROTOCOL &&
1809 !fib_urpf_check_size (lb0->lb_urpf) &&
1810 ip0->dst_address.as_u32 != 0xFFFFFFFF)
1811 ? IP4_ERROR_SRC_LOOKUP_MISS : error0);
1814 next0 = lm->local_next_by_ip_protocol[proto0];
1816 error0 != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1818 p0->error = error0 ? error_node->errors[error0] : 0;
1820 if (head_of_feature_arc)
1822 if (PREDICT_TRUE (error0 == (u8) IP4_ERROR_UNKNOWN_PROTOCOL))
1823 vnet_feature_arc_start (arc_index, sw_if_index0, &next0, p0);
1826 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1827 n_left_to_next, pi0, next0);
1829 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1832 return frame->n_vectors;
1836 ip4_local (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1838 return ip4_local_inline (vm, node, frame, 1 /* head of feature arc */ );
1842 VLIB_REGISTER_NODE (ip4_local_node) =
1844 .function = ip4_local,
1845 .name = "ip4-local",
1846 .vector_size = sizeof (u32),
1847 .format_trace = format_ip4_forward_next_trace,
1848 .n_next_nodes = IP_LOCAL_N_NEXT,
1851 [IP_LOCAL_NEXT_DROP] = "ip4-drop",
1852 [IP_LOCAL_NEXT_PUNT] = "ip4-punt",
1853 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip4-udp-lookup",
1854 [IP_LOCAL_NEXT_ICMP] = "ip4-icmp-input",
1855 [IP_LOCAL_NEXT_REASSEMBLY] = "ip4-reassembly",
1860 VLIB_NODE_FUNCTION_MULTIARCH (ip4_local_node, ip4_local);
1863 ip4_local_end_of_arc (vlib_main_t * vm,
1864 vlib_node_runtime_t * node, vlib_frame_t * frame)
1866 return ip4_local_inline (vm, node, frame, 0 /* head of feature arc */ );
1870 VLIB_REGISTER_NODE (ip4_local_end_of_arc_node,static) = {
1871 .function = ip4_local_end_of_arc,
1872 .name = "ip4-local-end-of-arc",
1873 .vector_size = sizeof (u32),
1875 .format_trace = format_ip4_forward_next_trace,
1876 .sibling_of = "ip4-local",
1879 VLIB_NODE_FUNCTION_MULTIARCH (ip4_local_end_of_arc_node, ip4_local_end_of_arc)
1881 VNET_FEATURE_INIT (ip4_local_end_of_arc, static) = {
1882 .arc_name = "ip4-local",
1883 .node_name = "ip4-local-end-of-arc",
1884 .runs_before = 0, /* not before any other features */
1889 ip4_register_protocol (u32 protocol, u32 node_index)
1891 vlib_main_t *vm = vlib_get_main ();
1892 ip4_main_t *im = &ip4_main;
1893 ip_lookup_main_t *lm = &im->lookup_main;
1895 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1896 lm->local_next_by_ip_protocol[protocol] =
1897 vlib_node_add_next (vm, ip4_local_node.index, node_index);
1900 static clib_error_t *
1901 show_ip_local_command_fn (vlib_main_t * vm,
1902 unformat_input_t * input, vlib_cli_command_t * cmd)
1904 ip4_main_t *im = &ip4_main;
1905 ip_lookup_main_t *lm = &im->lookup_main;
1908 vlib_cli_output (vm, "Protocols handled by ip4_local");
1909 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
1911 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
1913 u32 node_index = vlib_get_node (vm,
1914 ip4_local_node.index)->
1915 next_nodes[lm->local_next_by_ip_protocol[i]];
1916 vlib_cli_output (vm, "%d: %U", i, format_vlib_node_name, vm,
1926 * Display the set of protocols handled by the local IPv4 stack.
1929 * Example of how to display local protocol table:
1930 * @cliexstart{show ip local}
1931 * Protocols handled by ip4_local
1938 VLIB_CLI_COMMAND (show_ip_local, static) =
1940 .path = "show ip local",
1941 .function = show_ip_local_command_fn,
1942 .short_help = "show ip local",
1947 ip4_arp_inline (vlib_main_t * vm,
1948 vlib_node_runtime_t * node,
1949 vlib_frame_t * frame, int is_glean)
1951 vnet_main_t *vnm = vnet_get_main ();
1952 ip4_main_t *im = &ip4_main;
1953 ip_lookup_main_t *lm = &im->lookup_main;
1954 u32 *from, *to_next_drop;
1955 uword n_left_from, n_left_to_next_drop, next_index;
1956 static f64 time_last_seed_change = -1e100;
1957 static u32 hash_seeds[3];
1958 static uword hash_bitmap[256 / BITS (uword)];
1961 if (node->flags & VLIB_NODE_FLAG_TRACE)
1962 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
1964 time_now = vlib_time_now (vm);
1965 if (time_now - time_last_seed_change > 1e-3)
1968 u32 *r = clib_random_buffer_get_data (&vm->random_buffer,
1969 sizeof (hash_seeds));
1970 for (i = 0; i < ARRAY_LEN (hash_seeds); i++)
1971 hash_seeds[i] = r[i];
1973 /* Mark all hash keys as been no-seen before. */
1974 for (i = 0; i < ARRAY_LEN (hash_bitmap); i++)
1977 time_last_seed_change = time_now;
1980 from = vlib_frame_vector_args (frame);
1981 n_left_from = frame->n_vectors;
1982 next_index = node->cached_next_index;
1983 if (next_index == IP4_ARP_NEXT_DROP)
1984 next_index = IP4_ARP_N_NEXT; /* point to first interface */
1986 while (n_left_from > 0)
1988 vlib_get_next_frame (vm, node, IP4_ARP_NEXT_DROP,
1989 to_next_drop, n_left_to_next_drop);
1991 while (n_left_from > 0 && n_left_to_next_drop > 0)
1993 u32 pi0, adj_index0, a0, b0, c0, m0, sw_if_index0, drop0;
1994 ip_adjacency_t *adj0;
2001 p0 = vlib_get_buffer (vm, pi0);
2003 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2004 adj0 = adj_get (adj_index0);
2005 ip0 = vlib_buffer_get_current (p0);
2011 sw_if_index0 = adj0->rewrite_header.sw_if_index;
2012 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
2017 * this is the Glean case, so we are ARPing for the
2018 * packet's destination
2020 a0 ^= ip0->dst_address.data_u32;
2024 a0 ^= adj0->sub_type.nbr.next_hop.ip4.data_u32;
2028 hash_v3_mix32 (a0, b0, c0);
2029 hash_v3_finalize32 (a0, b0, c0);
2031 c0 &= BITS (hash_bitmap) - 1;
2032 m0 = (uword) 1 << (c0 % BITS (uword));
2033 c0 = c0 / BITS (uword);
2035 bm0 = hash_bitmap[c0];
2036 drop0 = (bm0 & m0) != 0;
2038 /* Mark it as seen. */
2039 hash_bitmap[c0] = bm0 | m0;
2043 to_next_drop[0] = pi0;
2045 n_left_to_next_drop -= 1;
2048 node->errors[drop0 ? IP4_ARP_ERROR_DROP :
2049 IP4_ARP_ERROR_REQUEST_SENT];
2052 * the adj has been updated to a rewrite but the node the DPO that got
2053 * us here hasn't - yet. no big deal. we'll drop while we wait.
2055 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
2062 * Can happen if the control-plane is programming tables
2063 * with traffic flowing; at least that's today's lame excuse.
2065 if ((is_glean && adj0->lookup_next_index != IP_LOOKUP_NEXT_GLEAN)
2066 || (!is_glean && adj0->lookup_next_index != IP_LOOKUP_NEXT_ARP))
2068 p0->error = node->errors[IP4_ARP_ERROR_NON_ARP_ADJ];
2071 /* Send ARP request. */
2075 ethernet_arp_header_t *h0;
2076 vnet_hw_interface_t *hw_if0;
2079 vlib_packet_template_get_packet (vm,
2080 &im->ip4_arp_request_packet_template,
2083 /* Seems we're out of buffers */
2084 if (PREDICT_FALSE (!h0))
2087 /* Add rewrite/encap string for ARP packet. */
2088 vnet_rewrite_one_header (adj0[0], h0,
2089 sizeof (ethernet_header_t));
2091 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
2093 /* Src ethernet address in ARP header. */
2094 clib_memcpy (h0->ip4_over_ethernet[0].ethernet,
2096 sizeof (h0->ip4_over_ethernet[0].ethernet));
2100 /* The interface's source address is stashed in the Glean Adj */
2101 h0->ip4_over_ethernet[0].ip4 =
2102 adj0->sub_type.glean.receive_addr.ip4;
2104 /* Copy in destination address we are requesting. This is the
2105 * glean case, so it's the packet's destination.*/
2106 h0->ip4_over_ethernet[1].ip4.data_u32 =
2107 ip0->dst_address.data_u32;
2111 /* Src IP address in ARP header. */
2112 if (ip4_src_address_for_packet (lm, sw_if_index0,
2114 ip4_over_ethernet[0].ip4))
2116 /* No source address available */
2118 node->errors[IP4_ARP_ERROR_NO_SOURCE_ADDRESS];
2119 vlib_buffer_free (vm, &bi0, 1);
2123 /* Copy in destination address we are requesting from the
2125 h0->ip4_over_ethernet[1].ip4.data_u32 =
2126 adj0->sub_type.nbr.next_hop.ip4.as_u32;
2129 vlib_buffer_copy_trace_flag (vm, p0, bi0);
2130 b0 = vlib_get_buffer (vm, bi0);
2131 VLIB_BUFFER_TRACE_TRAJECTORY_INIT (b0);
2132 vnet_buffer (b0)->sw_if_index[VLIB_TX] = sw_if_index0;
2134 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
2136 vlib_set_next_frame_buffer (vm, node,
2137 adj0->rewrite_header.next_index,
2142 vlib_put_next_frame (vm, node, IP4_ARP_NEXT_DROP, n_left_to_next_drop);
2145 return frame->n_vectors;
2149 ip4_arp (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
2151 return (ip4_arp_inline (vm, node, frame, 0));
2155 ip4_glean (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
2157 return (ip4_arp_inline (vm, node, frame, 1));
2160 static char *ip4_arp_error_strings[] = {
2161 [IP4_ARP_ERROR_DROP] = "address overflow drops",
2162 [IP4_ARP_ERROR_REQUEST_SENT] = "ARP requests sent",
2163 [IP4_ARP_ERROR_NON_ARP_ADJ] = "ARPs to non-ARP adjacencies",
2164 [IP4_ARP_ERROR_REPLICATE_DROP] = "ARP replication completed",
2165 [IP4_ARP_ERROR_REPLICATE_FAIL] = "ARP replication failed",
2166 [IP4_ARP_ERROR_NO_SOURCE_ADDRESS] = "no source address for ARP request",
2170 VLIB_REGISTER_NODE (ip4_arp_node) =
2172 .function = ip4_arp,
2174 .vector_size = sizeof (u32),
2175 .format_trace = format_ip4_forward_next_trace,
2176 .n_errors = ARRAY_LEN (ip4_arp_error_strings),
2177 .error_strings = ip4_arp_error_strings,
2178 .n_next_nodes = IP4_ARP_N_NEXT,
2181 [IP4_ARP_NEXT_DROP] = "error-drop",
2185 VLIB_REGISTER_NODE (ip4_glean_node) =
2187 .function = ip4_glean,
2188 .name = "ip4-glean",
2189 .vector_size = sizeof (u32),
2190 .format_trace = format_ip4_forward_next_trace,
2191 .n_errors = ARRAY_LEN (ip4_arp_error_strings),
2192 .error_strings = ip4_arp_error_strings,
2193 .n_next_nodes = IP4_ARP_N_NEXT,
2195 [IP4_ARP_NEXT_DROP] = "error-drop",
2200 #define foreach_notrace_ip4_arp_error \
2207 arp_notrace_init (vlib_main_t * vm)
2209 vlib_node_runtime_t *rt = vlib_node_get_runtime (vm, ip4_arp_node.index);
2211 /* don't trace ARP request packets */
2213 vnet_pcap_drop_trace_filter_add_del \
2214 (rt->errors[IP4_ARP_ERROR_##a], \
2216 foreach_notrace_ip4_arp_error;
2221 VLIB_INIT_FUNCTION (arp_notrace_init);
2224 /* Send an ARP request to see if given destination is reachable on given interface. */
2226 ip4_probe_neighbor (vlib_main_t * vm, ip4_address_t * dst, u32 sw_if_index)
2228 vnet_main_t *vnm = vnet_get_main ();
2229 ip4_main_t *im = &ip4_main;
2230 ethernet_arp_header_t *h;
2232 ip_interface_address_t *ia;
2233 ip_adjacency_t *adj;
2234 vnet_hw_interface_t *hi;
2235 vnet_sw_interface_t *si;
2240 si = vnet_get_sw_interface (vnm, sw_if_index);
2242 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
2244 return clib_error_return (0, "%U: interface %U down",
2245 format_ip4_address, dst,
2246 format_vnet_sw_if_index_name, vnm,
2251 ip4_interface_address_matching_destination (im, dst, sw_if_index, &ia);
2254 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
2255 return clib_error_return
2257 "no matching interface address for destination %U (interface %U)",
2258 format_ip4_address, dst, format_vnet_sw_if_index_name, vnm,
2262 h = vlib_packet_template_get_packet (vm,
2263 &im->ip4_arp_request_packet_template,
2266 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
2267 if (PREDICT_FALSE (!hi->hw_address))
2269 return clib_error_return (0, "%U: interface %U do not support ip probe",
2270 format_ip4_address, dst,
2271 format_vnet_sw_if_index_name, vnm,
2275 clib_memcpy (h->ip4_over_ethernet[0].ethernet, hi->hw_address,
2276 sizeof (h->ip4_over_ethernet[0].ethernet));
2278 h->ip4_over_ethernet[0].ip4 = src[0];
2279 h->ip4_over_ethernet[1].ip4 = dst[0];
2281 b = vlib_get_buffer (vm, bi);
2282 vnet_buffer (b)->sw_if_index[VLIB_RX] =
2283 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
2285 ip46_address_t nh = {
2289 ai = adj_nbr_add_or_lock (FIB_PROTOCOL_IP4,
2290 VNET_LINK_IP4, &nh, sw_if_index);
2293 /* Peer has been previously resolved, retrieve glean adj instead */
2294 if (adj->lookup_next_index == IP_LOOKUP_NEXT_REWRITE)
2297 ai = adj_glean_add_or_lock (FIB_PROTOCOL_IP4, sw_if_index, &nh);
2301 /* Add encapsulation string for software interface (e.g. ethernet header). */
2302 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
2303 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
2306 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
2307 u32 *to_next = vlib_frame_vector_args (f);
2310 vlib_put_frame_to_node (vm, hi->output_node_index, f);
2314 return /* no error */ 0;
2319 IP4_REWRITE_NEXT_DROP,
2320 IP4_REWRITE_NEXT_ICMP_ERROR,
2321 } ip4_rewrite_next_t;
2324 ip4_rewrite_inline (vlib_main_t * vm,
2325 vlib_node_runtime_t * node,
2326 vlib_frame_t * frame,
2327 int do_counters, int is_midchain, int is_mcast)
2329 ip_lookup_main_t *lm = &ip4_main.lookup_main;
2330 u32 *from = vlib_frame_vector_args (frame);
2331 u32 n_left_from, n_left_to_next, *to_next, next_index;
2332 vlib_node_runtime_t *error_node =
2333 vlib_node_get_runtime (vm, ip4_input_node.index);
2335 n_left_from = frame->n_vectors;
2336 next_index = node->cached_next_index;
2337 u32 thread_index = vlib_get_thread_index ();
2339 while (n_left_from > 0)
2341 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2343 while (n_left_from >= 4 && n_left_to_next >= 2)
2345 ip_adjacency_t *adj0, *adj1;
2346 vlib_buffer_t *p0, *p1;
2347 ip4_header_t *ip0, *ip1;
2348 u32 pi0, rw_len0, next0, error0, checksum0, adj_index0;
2349 u32 pi1, rw_len1, next1, error1, checksum1, adj_index1;
2350 u32 tx_sw_if_index0, tx_sw_if_index1;
2352 /* Prefetch next iteration. */
2354 vlib_buffer_t *p2, *p3;
2356 p2 = vlib_get_buffer (vm, from[2]);
2357 p3 = vlib_get_buffer (vm, from[3]);
2359 vlib_prefetch_buffer_header (p2, STORE);
2360 vlib_prefetch_buffer_header (p3, STORE);
2362 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
2363 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
2366 pi0 = to_next[0] = from[0];
2367 pi1 = to_next[1] = from[1];
2372 n_left_to_next -= 2;
2374 p0 = vlib_get_buffer (vm, pi0);
2375 p1 = vlib_get_buffer (vm, pi1);
2377 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2378 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
2381 * pre-fetch the per-adjacency counters
2385 vlib_prefetch_combined_counter (&adjacency_counters,
2386 thread_index, adj_index0);
2387 vlib_prefetch_combined_counter (&adjacency_counters,
2388 thread_index, adj_index1);
2391 ip0 = vlib_buffer_get_current (p0);
2392 ip1 = vlib_buffer_get_current (p1);
2394 error0 = error1 = IP4_ERROR_NONE;
2395 next0 = next1 = IP4_REWRITE_NEXT_DROP;
2397 /* Decrement TTL & update checksum.
2398 Works either endian, so no need for byte swap. */
2399 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)))
2401 i32 ttl0 = ip0->ttl;
2403 /* Input node should have reject packets with ttl 0. */
2404 ASSERT (ip0->ttl > 0);
2406 checksum0 = ip0->checksum + clib_host_to_net_u16 (0x0100);
2407 checksum0 += checksum0 >= 0xffff;
2409 ip0->checksum = checksum0;
2414 * If the ttl drops below 1 when forwarding, generate
2417 if (PREDICT_FALSE (ttl0 <= 0))
2419 error0 = IP4_ERROR_TIME_EXPIRED;
2420 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2421 icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
2422 ICMP4_time_exceeded_ttl_exceeded_in_transit,
2424 next0 = IP4_REWRITE_NEXT_ICMP_ERROR;
2427 /* Verify checksum. */
2428 ASSERT ((ip0->checksum == ip4_header_checksum (ip0)) ||
2429 (p0->flags & VNET_BUFFER_F_OFFLOAD_IP_CKSUM));
2433 p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
2435 if (PREDICT_TRUE (!(p1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)))
2437 i32 ttl1 = ip1->ttl;
2439 /* Input node should have reject packets with ttl 0. */
2440 ASSERT (ip1->ttl > 0);
2442 checksum1 = ip1->checksum + clib_host_to_net_u16 (0x0100);
2443 checksum1 += checksum1 >= 0xffff;
2445 ip1->checksum = checksum1;
2450 * If the ttl drops below 1 when forwarding, generate
2453 if (PREDICT_FALSE (ttl1 <= 0))
2455 error1 = IP4_ERROR_TIME_EXPIRED;
2456 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2457 icmp4_error_set_vnet_buffer (p1, ICMP4_time_exceeded,
2458 ICMP4_time_exceeded_ttl_exceeded_in_transit,
2460 next1 = IP4_REWRITE_NEXT_ICMP_ERROR;
2463 /* Verify checksum. */
2464 ASSERT ((ip1->checksum == ip4_header_checksum (ip1)) ||
2465 (p1->flags & VNET_BUFFER_F_OFFLOAD_IP_CKSUM));
2469 p1->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
2472 /* Rewrite packet header and updates lengths. */
2473 adj0 = adj_get (adj_index0);
2474 adj1 = adj_get (adj_index1);
2476 /* Worth pipelining. No guarantee that adj0,1 are hot... */
2477 rw_len0 = adj0[0].rewrite_header.data_bytes;
2478 rw_len1 = adj1[0].rewrite_header.data_bytes;
2479 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2480 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
2482 /* Check MTU of outgoing interface. */
2484 (vlib_buffer_length_in_chain (vm, p0) >
2486 rewrite_header.max_l3_packet_bytes ? IP4_ERROR_MTU_EXCEEDED :
2489 (vlib_buffer_length_in_chain (vm, p1) >
2491 rewrite_header.max_l3_packet_bytes ? IP4_ERROR_MTU_EXCEEDED :
2496 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2497 vnet_buffer (p0)->sw_if_index[VLIB_RX]) ?
2498 IP4_ERROR_SAME_INTERFACE : error0);
2499 error1 = ((adj1[0].rewrite_header.sw_if_index ==
2500 vnet_buffer (p1)->sw_if_index[VLIB_RX]) ?
2501 IP4_ERROR_SAME_INTERFACE : error1);
2504 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2505 * to see the IP headerr */
2506 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2508 next0 = adj0[0].rewrite_header.next_index;
2509 p0->current_data -= rw_len0;
2510 p0->current_length += rw_len0;
2511 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2512 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2515 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2516 vnet_feature_arc_start (lm->output_feature_arc_index,
2517 tx_sw_if_index0, &next0, p0);
2519 if (PREDICT_TRUE (error1 == IP4_ERROR_NONE))
2521 next1 = adj1[0].rewrite_header.next_index;
2522 p1->current_data -= rw_len1;
2523 p1->current_length += rw_len1;
2525 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2526 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2529 (adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2530 vnet_feature_arc_start (lm->output_feature_arc_index,
2531 tx_sw_if_index1, &next1, p1);
2534 /* Guess we are only writing on simple Ethernet header. */
2535 vnet_rewrite_two_headers (adj0[0], adj1[0],
2536 ip0, ip1, sizeof (ethernet_header_t));
2539 * Bump the per-adjacency counters
2543 vlib_increment_combined_counter
2544 (&adjacency_counters,
2547 vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2549 vlib_increment_combined_counter
2550 (&adjacency_counters,
2553 vlib_buffer_length_in_chain (vm, p1) + rw_len1);
2558 adj0->sub_type.midchain.fixup_func
2559 (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
2560 adj1->sub_type.midchain.fixup_func
2561 (vm, adj1, p1, adj0->sub_type.midchain.fixup_data);
2566 * copy bytes from the IP address into the MAC rewrite
2568 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0);
2569 vnet_fixup_one_header (adj1[0], &ip1->dst_address, ip1);
2572 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
2573 to_next, n_left_to_next,
2574 pi0, pi1, next0, next1);
2577 while (n_left_from > 0 && n_left_to_next > 0)
2579 ip_adjacency_t *adj0;
2582 u32 pi0, rw_len0, adj_index0, next0, error0, checksum0;
2583 u32 tx_sw_if_index0;
2585 pi0 = to_next[0] = from[0];
2587 p0 = vlib_get_buffer (vm, pi0);
2589 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2591 adj0 = adj_get (adj_index0);
2593 ip0 = vlib_buffer_get_current (p0);
2595 error0 = IP4_ERROR_NONE;
2596 next0 = IP4_REWRITE_NEXT_DROP; /* drop on error */
2598 /* Decrement TTL & update checksum. */
2599 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)))
2601 i32 ttl0 = ip0->ttl;
2603 checksum0 = ip0->checksum + clib_host_to_net_u16 (0x0100);
2605 checksum0 += checksum0 >= 0xffff;
2607 ip0->checksum = checksum0;
2609 ASSERT (ip0->ttl > 0);
2615 ASSERT ((ip0->checksum == ip4_header_checksum (ip0)) ||
2616 (p0->flags & VNET_BUFFER_F_OFFLOAD_IP_CKSUM));
2618 if (PREDICT_FALSE (ttl0 <= 0))
2621 * If the ttl drops below 1 when forwarding, generate
2624 error0 = IP4_ERROR_TIME_EXPIRED;
2625 next0 = IP4_REWRITE_NEXT_ICMP_ERROR;
2626 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2627 icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
2628 ICMP4_time_exceeded_ttl_exceeded_in_transit,
2634 p0->flags &= ~VNET_BUFFER_F_LOCALLY_ORIGINATED;
2638 vlib_prefetch_combined_counter (&adjacency_counters,
2639 thread_index, adj_index0);
2641 /* Guess we are only writing on simple Ethernet header. */
2642 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2646 * copy bytes from the IP address into the MAC rewrite
2648 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0);
2651 /* Update packet buffer attributes/set output interface. */
2652 rw_len0 = adj0[0].rewrite_header.data_bytes;
2653 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2656 vlib_increment_combined_counter
2657 (&adjacency_counters,
2658 thread_index, adj_index0, 1,
2659 vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2661 /* Check MTU of outgoing interface. */
2662 error0 = (vlib_buffer_length_in_chain (vm, p0)
2663 > adj0[0].rewrite_header.max_l3_packet_bytes
2664 ? IP4_ERROR_MTU_EXCEEDED : error0);
2667 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2668 vnet_buffer (p0)->sw_if_index[VLIB_RX]) ?
2669 IP4_ERROR_SAME_INTERFACE : error0);
2671 p0->error = error_node->errors[error0];
2673 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2674 * to see the IP headerr */
2675 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2677 p0->current_data -= rw_len0;
2678 p0->current_length += rw_len0;
2679 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2681 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2682 next0 = adj0[0].rewrite_header.next_index;
2686 adj0->sub_type.midchain.fixup_func
2687 (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
2691 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2692 vnet_feature_arc_start (lm->output_feature_arc_index,
2693 tx_sw_if_index0, &next0, p0);
2700 n_left_to_next -= 1;
2702 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2703 to_next, n_left_to_next,
2707 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2710 /* Need to do trace after rewrites to pick up new packet data. */
2711 if (node->flags & VLIB_NODE_FLAG_TRACE)
2712 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
2714 return frame->n_vectors;
2718 /** @brief IPv4 rewrite node.
2721 This is the IPv4 transit-rewrite node: decrement TTL, fix the ipv4
2722 header checksum, fetch the ip adjacency, check the outbound mtu,
2723 apply the adjacency rewrite, and send pkts to the adjacency
2724 rewrite header's rewrite_next_index.
2726 @param vm vlib_main_t corresponding to the current thread
2727 @param node vlib_node_runtime_t
2728 @param frame vlib_frame_t whose contents should be dispatched
2730 @par Graph mechanics: buffer metadata, next index usage
2733 - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
2734 - the rewrite adjacency index
2735 - <code>adj->lookup_next_index</code>
2736 - Must be IP_LOOKUP_NEXT_REWRITE or IP_LOOKUP_NEXT_ARP, otherwise
2737 the packet will be dropped.
2738 - <code>adj->rewrite_header</code>
2739 - Rewrite string length, rewrite string, next_index
2742 - <code>b->current_data, b->current_length</code>
2743 - Updated net of applying the rewrite string
2745 <em>Next Indices:</em>
2746 - <code> adj->rewrite_header.next_index </code>
2750 ip4_rewrite (vlib_main_t * vm,
2751 vlib_node_runtime_t * node, vlib_frame_t * frame)
2753 if (adj_are_counters_enabled ())
2754 return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
2756 return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
2760 ip4_midchain (vlib_main_t * vm,
2761 vlib_node_runtime_t * node, vlib_frame_t * frame)
2763 if (adj_are_counters_enabled ())
2764 return ip4_rewrite_inline (vm, node, frame, 1, 1, 0);
2766 return ip4_rewrite_inline (vm, node, frame, 0, 1, 0);
2770 ip4_rewrite_mcast (vlib_main_t * vm,
2771 vlib_node_runtime_t * node, vlib_frame_t * frame)
2773 if (adj_are_counters_enabled ())
2774 return ip4_rewrite_inline (vm, node, frame, 1, 0, 1);
2776 return ip4_rewrite_inline (vm, node, frame, 0, 0, 1);
2780 ip4_mcast_midchain (vlib_main_t * vm,
2781 vlib_node_runtime_t * node, vlib_frame_t * frame)
2783 if (adj_are_counters_enabled ())
2784 return ip4_rewrite_inline (vm, node, frame, 1, 1, 1);
2786 return ip4_rewrite_inline (vm, node, frame, 0, 1, 1);
2790 VLIB_REGISTER_NODE (ip4_rewrite_node) = {
2791 .function = ip4_rewrite,
2792 .name = "ip4-rewrite",
2793 .vector_size = sizeof (u32),
2795 .format_trace = format_ip4_rewrite_trace,
2799 [IP4_REWRITE_NEXT_DROP] = "ip4-drop",
2800 [IP4_REWRITE_NEXT_ICMP_ERROR] = "ip4-icmp-error",
2803 VLIB_NODE_FUNCTION_MULTIARCH (ip4_rewrite_node, ip4_rewrite)
2805 VLIB_REGISTER_NODE (ip4_rewrite_mcast_node) = {
2806 .function = ip4_rewrite_mcast,
2807 .name = "ip4-rewrite-mcast",
2808 .vector_size = sizeof (u32),
2810 .format_trace = format_ip4_rewrite_trace,
2811 .sibling_of = "ip4-rewrite",
2813 VLIB_NODE_FUNCTION_MULTIARCH (ip4_rewrite_mcast_node, ip4_rewrite_mcast)
2815 VLIB_REGISTER_NODE (ip4_mcast_midchain_node, static) = {
2816 .function = ip4_mcast_midchain,
2817 .name = "ip4-mcast-midchain",
2818 .vector_size = sizeof (u32),
2820 .format_trace = format_ip4_rewrite_trace,
2821 .sibling_of = "ip4-rewrite",
2823 VLIB_NODE_FUNCTION_MULTIARCH (ip4_mcast_midchain_node, ip4_mcast_midchain)
2825 VLIB_REGISTER_NODE (ip4_midchain_node) = {
2826 .function = ip4_midchain,
2827 .name = "ip4-midchain",
2828 .vector_size = sizeof (u32),
2829 .format_trace = format_ip4_forward_next_trace,
2830 .sibling_of = "ip4-rewrite",
2832 VLIB_NODE_FUNCTION_MULTIARCH (ip4_midchain_node, ip4_midchain);
2836 ip4_lookup_validate (ip4_address_t * a, u32 fib_index0)
2838 ip4_fib_mtrie_t *mtrie0;
2839 ip4_fib_mtrie_leaf_t leaf0;
2842 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
2844 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, a);
2845 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, a, 2);
2846 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, a, 3);
2848 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
2850 return lbi0 == ip4_fib_table_lookup_lb (ip4_fib_get (fib_index0), a);
2853 static clib_error_t *
2854 test_lookup_command_fn (vlib_main_t * vm,
2855 unformat_input_t * input, vlib_cli_command_t * cmd)
2862 ip4_address_t ip4_base_address;
2865 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2867 if (unformat (input, "table %d", &table_id))
2869 /* Make sure the entry exists. */
2870 fib = ip4_fib_get (table_id);
2871 if ((fib) && (fib->index != table_id))
2872 return clib_error_return (0, "<fib-index> %d does not exist",
2875 else if (unformat (input, "count %f", &count))
2878 else if (unformat (input, "%U",
2879 unformat_ip4_address, &ip4_base_address))
2882 return clib_error_return (0, "unknown input `%U'",
2883 format_unformat_error, input);
2888 for (i = 0; i < n; i++)
2890 if (!ip4_lookup_validate (&ip4_base_address, table_id))
2893 ip4_base_address.as_u32 =
2894 clib_host_to_net_u32 (1 +
2895 clib_net_to_host_u32 (ip4_base_address.as_u32));
2899 vlib_cli_output (vm, "%llu errors out of %d lookups\n", errors, n);
2901 vlib_cli_output (vm, "No errors in %d lookups\n", n);
2907 * Perform a lookup of an IPv4 Address (or range of addresses) in the
2908 * given FIB table to determine if there is a conflict with the
2909 * adjacency table. The fib-id can be determined by using the
2910 * '<em>show ip fib</em>' command. If fib-id is not entered, default value
2913 * @todo This command uses fib-id, other commands use table-id (not
2914 * just a name, they are different indexes). Would like to change this
2915 * to table-id for consistency.
2918 * Example of how to run the test lookup command:
2919 * @cliexstart{test lookup 172.16.1.1 table 1 count 2}
2920 * No errors in 2 lookups
2924 VLIB_CLI_COMMAND (lookup_test_command, static) =
2926 .path = "test lookup",
2927 .short_help = "test lookup <ipv4-addr> [table <fib-id>] [count <nn>]",
2928 .function = test_lookup_command_fn,
2933 vnet_set_ip4_flow_hash (u32 table_id, u32 flow_hash_config)
2937 fib_index = fib_table_find (FIB_PROTOCOL_IP4, table_id);
2939 if (~0 == fib_index)
2940 return VNET_API_ERROR_NO_SUCH_FIB;
2942 fib_table_set_flow_hash_config (fib_index, FIB_PROTOCOL_IP4,
2948 static clib_error_t *
2949 set_ip_flow_hash_command_fn (vlib_main_t * vm,
2950 unformat_input_t * input,
2951 vlib_cli_command_t * cmd)
2955 u32 flow_hash_config = 0;
2958 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2960 if (unformat (input, "table %d", &table_id))
2963 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
2964 foreach_flow_hash_bit
2971 return clib_error_return (0, "unknown input `%U'",
2972 format_unformat_error, input);
2974 rv = vnet_set_ip4_flow_hash (table_id, flow_hash_config);
2980 case VNET_API_ERROR_NO_SUCH_FIB:
2981 return clib_error_return (0, "no such FIB table %d", table_id);
2984 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
2992 * Configure the set of IPv4 fields used by the flow hash.
2995 * Example of how to set the flow hash on a given table:
2996 * @cliexcmd{set ip flow-hash table 7 dst sport dport proto}
2997 * Example of display the configured flow hash:
2998 * @cliexstart{show ip fib}
2999 * ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
3002 * [@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
3003 * [0] [@0]: dpo-drop ip6
3006 * [@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
3007 * [0] [@0]: dpo-drop ip6
3010 * [@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
3011 * [0] [@0]: dpo-drop ip6
3014 * [@0]: dpo-load-balance: [index:30 buckets:1 uRPF:29 to:[0:0]]
3015 * [0] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
3018 * [@0]: dpo-load-balance: [index:31 buckets:4 uRPF:30 to:[0:0]]
3019 * [0] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
3020 * [1] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
3021 * [2] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
3022 * [3] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
3025 * [@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
3026 * [0] [@0]: dpo-drop ip6
3027 * 255.255.255.255/32
3029 * [@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
3030 * [0] [@0]: dpo-drop ip6
3031 * ipv4-VRF:7, fib_index 1, flow hash: dst sport dport proto
3034 * [@0]: dpo-load-balance: [index:12 buckets:1 uRPF:11 to:[0:0]]
3035 * [0] [@0]: dpo-drop ip6
3038 * [@0]: dpo-load-balance: [index:13 buckets:1 uRPF:12 to:[0:0]]
3039 * [0] [@0]: dpo-drop ip6
3042 * [@0]: dpo-load-balance: [index:17 buckets:1 uRPF:16 to:[0:0]]
3043 * [0] [@4]: ipv4-glean: af_packet0
3046 * [@0]: dpo-load-balance: [index:18 buckets:1 uRPF:17 to:[1:84]]
3047 * [0] [@2]: dpo-receive: 172.16.1.1 on af_packet0
3050 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
3051 * [0] [@5]: ipv4 via 172.16.1.2 af_packet0: IP4: 02:fe:9e:70:7a:2b -> 26:a5:f6:9c:3a:36
3054 * [@0]: dpo-load-balance: [index:19 buckets:1 uRPF:18 to:[0:0]]
3055 * [0] [@4]: ipv4-glean: af_packet1
3058 * [@0]: dpo-load-balance: [index:20 buckets:1 uRPF:19 to:[0:0]]
3059 * [0] [@2]: dpo-receive: 172.16.2.1 on af_packet1
3062 * [@0]: dpo-load-balance: [index:15 buckets:1 uRPF:14 to:[0:0]]
3063 * [0] [@0]: dpo-drop ip6
3066 * [@0]: dpo-load-balance: [index:14 buckets:1 uRPF:13 to:[0:0]]
3067 * [0] [@0]: dpo-drop ip6
3068 * 255.255.255.255/32
3070 * [@0]: dpo-load-balance: [index:16 buckets:1 uRPF:15 to:[0:0]]
3071 * [0] [@0]: dpo-drop ip6
3075 VLIB_CLI_COMMAND (set_ip_flow_hash_command, static) =
3077 .path = "set ip flow-hash",
3079 "set ip flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
3080 .function = set_ip_flow_hash_command_fn,
3085 vnet_set_ip4_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3088 vnet_main_t *vnm = vnet_get_main ();
3089 vnet_interface_main_t *im = &vnm->interface_main;
3090 ip4_main_t *ipm = &ip4_main;
3091 ip_lookup_main_t *lm = &ipm->lookup_main;
3092 vnet_classify_main_t *cm = &vnet_classify_main;
3093 ip4_address_t *if_addr;
3095 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3096 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3098 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3099 return VNET_API_ERROR_NO_SUCH_ENTRY;
3101 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3102 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3104 if_addr = ip4_interface_first_address (ipm, sw_if_index, NULL);
3106 if (NULL != if_addr)
3108 fib_prefix_t pfx = {
3110 .fp_proto = FIB_PROTOCOL_IP4,
3111 .fp_addr.ip4 = *if_addr,
3115 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3119 if (table_index != (u32) ~ 0)
3121 dpo_id_t dpo = DPO_INVALID;
3126 classify_dpo_create (DPO_PROTO_IP4, table_index));
3128 fib_table_entry_special_dpo_add (fib_index,
3130 FIB_SOURCE_CLASSIFY,
3131 FIB_ENTRY_FLAG_NONE, &dpo);
3136 fib_table_entry_special_remove (fib_index,
3137 &pfx, FIB_SOURCE_CLASSIFY);
3144 static clib_error_t *
3145 set_ip_classify_command_fn (vlib_main_t * vm,
3146 unformat_input_t * input,
3147 vlib_cli_command_t * cmd)
3149 u32 table_index = ~0;
3150 int table_index_set = 0;
3151 u32 sw_if_index = ~0;
3154 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3156 if (unformat (input, "table-index %d", &table_index))
3157 table_index_set = 1;
3158 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3159 vnet_get_main (), &sw_if_index))
3165 if (table_index_set == 0)
3166 return clib_error_return (0, "classify table-index must be specified");
3168 if (sw_if_index == ~0)
3169 return clib_error_return (0, "interface / subif must be specified");
3171 rv = vnet_set_ip4_classify_intfc (vm, sw_if_index, table_index);
3178 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3179 return clib_error_return (0, "No such interface");
3181 case VNET_API_ERROR_NO_SUCH_ENTRY:
3182 return clib_error_return (0, "No such classifier table");
3188 * Assign a classification table to an interface. The classification
3189 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3190 * commands. Once the table is create, use this command to filter packets
3194 * Example of how to assign a classification table to an interface:
3195 * @cliexcmd{set ip classify intfc GigabitEthernet2/0/0 table-index 1}
3198 VLIB_CLI_COMMAND (set_ip_classify_command, static) =
3200 .path = "set ip classify",
3202 "set ip classify intfc <interface> table-index <classify-idx>",
3203 .function = set_ip_classify_command_fn,
3207 static clib_error_t *
3208 ip4_config (vlib_main_t * vm, unformat_input_t * input)
3210 ip4_main_t *im = &ip4_main;
3213 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3215 if (unformat (input, "heap-size %U", unformat_memory_size, &heapsize))
3218 return clib_error_return (0,
3219 "invalid heap-size parameter `%U'",
3220 format_unformat_error, input);
3223 im->mtrie_heap_size = heapsize;
3228 VLIB_EARLY_CONFIG_FUNCTION (ip4_config, "ip");
3231 * fd.io coding-style-patch-verification: ON
3234 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob