2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip4_forward.c: IP v4 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ip/ip_frag.h>
43 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
44 #include <vnet/ethernet/arp_packet.h> /* for ethernet_arp_header_t */
45 #include <vnet/ppp/ppp.h>
46 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
47 #include <vnet/api_errno.h> /* for API error numbers */
48 #include <vnet/fib/fib_table.h> /* for FIB table and entry creation */
49 #include <vnet/fib/fib_entry.h> /* for FIB table and entry creation */
50 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
51 #include <vnet/fib/ip4_fib.h>
52 #include <vnet/mfib/ip4_mfib.h>
53 #include <vnet/dpo/load_balance.h>
54 #include <vnet/dpo/load_balance_map.h>
55 #include <vnet/dpo/classify_dpo.h>
56 #include <vnet/mfib/mfib_table.h> /* for mFIB table and entry creation */
58 #include <vnet/ip/ip4_forward.h>
59 #include <vnet/interface_output.h>
60 #include <vnet/classify/vnet_classify.h>
62 /** @brief IPv4 lookup node.
65 This is the main IPv4 lookup dispatch node.
67 @param vm vlib_main_t corresponding to the current thread
68 @param node vlib_node_runtime_t
69 @param frame vlib_frame_t whose contents should be dispatched
71 @par Graph mechanics: buffer metadata, next index usage
74 - <code>vnet_buffer(b)->sw_if_index[VLIB_RX]</code>
75 - Indicates the @c sw_if_index value of the interface that the
76 packet was received on.
77 - <code>vnet_buffer(b)->sw_if_index[VLIB_TX]</code>
78 - When the value is @c ~0 then the node performs a longest prefix
79 match (LPM) for the packet destination address in the FIB attached
80 to the receive interface.
81 - Otherwise perform LPM for the packet destination address in the
82 indicated FIB. In this case <code>[VLIB_TX]</code> is a FIB index
83 value (0, 1, ...) and not a VRF id.
86 - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
87 - The lookup result adjacency index.
90 - Dispatches the packet to the node index found in
91 ip_adjacency_t @c adj->lookup_next_index
92 (where @c adj is the lookup result adjacency).
94 VLIB_NODE_FN (ip4_lookup_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
97 return ip4_lookup_inline (vm, node, frame);
100 static u8 *format_ip4_lookup_trace (u8 * s, va_list * args);
103 VLIB_REGISTER_NODE (ip4_lookup_node) =
105 .name = "ip4-lookup",
106 .vector_size = sizeof (u32),
107 .format_trace = format_ip4_lookup_trace,
108 .n_next_nodes = IP_LOOKUP_N_NEXT,
109 .next_nodes = IP4_LOOKUP_NEXT_NODES,
113 VLIB_NODE_FN (ip4_load_balance_node) (vlib_main_t * vm,
114 vlib_node_runtime_t * node,
115 vlib_frame_t * frame)
117 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
119 u32 thread_index = vm->thread_index;
120 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
121 u16 nexts[VLIB_FRAME_SIZE], *next;
123 from = vlib_frame_vector_args (frame);
124 n_left = frame->n_vectors;
127 vlib_get_buffers (vm, from, bufs, n_left);
131 const load_balance_t *lb0, *lb1;
132 const ip4_header_t *ip0, *ip1;
133 u32 lbi0, hc0, lbi1, hc1;
134 const dpo_id_t *dpo0, *dpo1;
136 /* Prefetch next iteration. */
138 vlib_prefetch_buffer_header (b[2], LOAD);
139 vlib_prefetch_buffer_header (b[3], LOAD);
141 CLIB_PREFETCH (b[2]->data, sizeof (ip0[0]), LOAD);
142 CLIB_PREFETCH (b[3]->data, sizeof (ip0[0]), LOAD);
145 ip0 = vlib_buffer_get_current (b[0]);
146 ip1 = vlib_buffer_get_current (b[1]);
147 lbi0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
148 lbi1 = vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
150 lb0 = load_balance_get (lbi0);
151 lb1 = load_balance_get (lbi1);
154 * this node is for via FIBs we can re-use the hash value from the
155 * to node if present.
156 * We don't want to use the same hash value at each level in the recursion
157 * graph as that would lead to polarisation
161 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
163 if (PREDICT_TRUE (vnet_buffer (b[0])->ip.flow_hash))
165 hc0 = vnet_buffer (b[0])->ip.flow_hash =
166 vnet_buffer (b[0])->ip.flow_hash >> 1;
170 hc0 = vnet_buffer (b[0])->ip.flow_hash =
171 ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
173 dpo0 = load_balance_get_fwd_bucket
174 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
178 dpo0 = load_balance_get_bucket_i (lb0, 0);
180 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
182 if (PREDICT_TRUE (vnet_buffer (b[1])->ip.flow_hash))
184 hc1 = vnet_buffer (b[1])->ip.flow_hash =
185 vnet_buffer (b[1])->ip.flow_hash >> 1;
189 hc1 = vnet_buffer (b[1])->ip.flow_hash =
190 ip4_compute_flow_hash (ip1, lb1->lb_hash_config);
192 dpo1 = load_balance_get_fwd_bucket
193 (lb1, (hc1 & (lb1->lb_n_buckets_minus_1)));
197 dpo1 = load_balance_get_bucket_i (lb1, 0);
200 next[0] = dpo0->dpoi_next_node;
201 next[1] = dpo1->dpoi_next_node;
203 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
204 vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
206 vlib_increment_combined_counter
207 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, b[0]));
208 vlib_increment_combined_counter
209 (cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, b[1]));
218 const load_balance_t *lb0;
219 const ip4_header_t *ip0;
220 const dpo_id_t *dpo0;
223 ip0 = vlib_buffer_get_current (b[0]);
224 lbi0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
226 lb0 = load_balance_get (lbi0);
229 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
231 if (PREDICT_TRUE (vnet_buffer (b[0])->ip.flow_hash))
233 hc0 = vnet_buffer (b[0])->ip.flow_hash =
234 vnet_buffer (b[0])->ip.flow_hash >> 1;
238 hc0 = vnet_buffer (b[0])->ip.flow_hash =
239 ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
241 dpo0 = load_balance_get_fwd_bucket
242 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
246 dpo0 = load_balance_get_bucket_i (lb0, 0);
249 next[0] = dpo0->dpoi_next_node;
250 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
252 vlib_increment_combined_counter
253 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, b[0]));
260 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
261 if (node->flags & VLIB_NODE_FLAG_TRACE)
262 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
264 return frame->n_vectors;
268 VLIB_REGISTER_NODE (ip4_load_balance_node) =
270 .name = "ip4-load-balance",
271 .vector_size = sizeof (u32),
272 .sibling_of = "ip4-lookup",
273 .format_trace = format_ip4_lookup_trace,
277 #ifndef CLIB_MARCH_VARIANT
278 /* get first interface address */
280 ip4_interface_first_address (ip4_main_t * im, u32 sw_if_index,
281 ip_interface_address_t ** result_ia)
283 ip_lookup_main_t *lm = &im->lookup_main;
284 ip_interface_address_t *ia = 0;
285 ip4_address_t *result = 0;
288 foreach_ip_interface_address
289 (lm, ia, sw_if_index,
290 1 /* honor unnumbered */ ,
293 ip_interface_address_get_address (lm, ia);
299 *result_ia = result ? ia : 0;
305 ip4_add_subnet_bcast_route (u32 fib_index,
309 vnet_sw_interface_flags_t iflags;
311 iflags = vnet_sw_interface_get_flags(vnet_get_main(), sw_if_index);
313 fib_table_entry_special_remove(fib_index,
315 FIB_SOURCE_INTERFACE);
317 if (iflags & VNET_SW_INTERFACE_FLAG_DIRECTED_BCAST)
319 fib_table_entry_update_one_path (fib_index, pfx,
320 FIB_SOURCE_INTERFACE,
323 /* No next-hop address */
329 // no out-label stack
331 FIB_ROUTE_PATH_FLAG_NONE);
335 fib_table_entry_special_add(fib_index,
337 FIB_SOURCE_INTERFACE,
338 (FIB_ENTRY_FLAG_DROP |
339 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
344 ip4_add_interface_prefix_routes (ip4_main_t *im,
347 ip_interface_address_t * a)
349 ip_lookup_main_t *lm = &im->lookup_main;
350 ip_interface_prefix_t *if_prefix;
351 ip4_address_t *address = ip_interface_address_get_address (lm, a);
353 ip_interface_prefix_key_t key = {
355 .fp_len = a->address_length,
356 .fp_proto = FIB_PROTOCOL_IP4,
357 .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[a->address_length],
359 .sw_if_index = sw_if_index,
362 fib_prefix_t pfx_special = {
363 .fp_proto = FIB_PROTOCOL_IP4,
366 /* If prefix already set on interface, just increment ref count & return */
367 if_prefix = ip_get_interface_prefix (lm, &key);
370 if_prefix->ref_count += 1;
374 /* New prefix - allocate a pool entry, initialize it, add to the hash */
375 pool_get (lm->if_prefix_pool, if_prefix);
376 if_prefix->ref_count = 1;
377 if_prefix->src_ia_index = a - lm->if_address_pool;
378 clib_memcpy (&if_prefix->key, &key, sizeof (key));
379 mhash_set (&lm->prefix_to_if_prefix_index, &key,
380 if_prefix - lm->if_prefix_pool, 0 /* old value */);
382 /* length <= 30 - add glean, drop first address, maybe drop bcast address */
383 if (a->address_length <= 30)
385 pfx_special.fp_len = a->address_length;
386 pfx_special.fp_addr.ip4.as_u32 = address->as_u32;
388 /* set the glean route for the prefix */
389 fib_table_entry_update_one_path (fib_index, &pfx_special,
390 FIB_SOURCE_INTERFACE,
391 (FIB_ENTRY_FLAG_CONNECTED |
392 FIB_ENTRY_FLAG_ATTACHED),
394 /* No next-hop address */
397 /* invalid FIB index */
400 /* no out-label stack */
402 FIB_ROUTE_PATH_FLAG_NONE);
404 /* set a drop route for the base address of the prefix */
405 pfx_special.fp_len = 32;
406 pfx_special.fp_addr.ip4.as_u32 =
407 address->as_u32 & im->fib_masks[a->address_length];
409 if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
410 fib_table_entry_special_add (fib_index, &pfx_special,
411 FIB_SOURCE_INTERFACE,
412 (FIB_ENTRY_FLAG_DROP |
413 FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
415 /* set a route for the broadcast address of the prefix */
416 pfx_special.fp_len = 32;
417 pfx_special.fp_addr.ip4.as_u32 =
418 address->as_u32 | ~im->fib_masks[a->address_length];
419 if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
420 ip4_add_subnet_bcast_route (fib_index, &pfx_special, sw_if_index);
424 /* length == 31 - add an attached route for the other address */
425 else if (a->address_length == 31)
427 pfx_special.fp_len = 32;
428 pfx_special.fp_addr.ip4.as_u32 =
429 address->as_u32 ^ clib_host_to_net_u32(1);
431 fib_table_entry_update_one_path (fib_index, &pfx_special,
432 FIB_SOURCE_INTERFACE,
433 (FIB_ENTRY_FLAG_ATTACHED),
435 &pfx_special.fp_addr,
437 /* invalid FIB index */
441 FIB_ROUTE_PATH_FLAG_NONE);
446 ip4_add_interface_routes (u32 sw_if_index,
447 ip4_main_t * im, u32 fib_index,
448 ip_interface_address_t * a)
450 ip_lookup_main_t *lm = &im->lookup_main;
451 ip4_address_t *address = ip_interface_address_get_address (lm, a);
454 .fp_proto = FIB_PROTOCOL_IP4,
455 .fp_addr.ip4 = *address,
458 /* set special routes for the prefix if needed */
459 ip4_add_interface_prefix_routes (im, sw_if_index, fib_index, a);
461 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
463 u32 classify_table_index =
464 lm->classify_table_index_by_sw_if_index[sw_if_index];
465 if (classify_table_index != (u32) ~ 0)
467 dpo_id_t dpo = DPO_INVALID;
472 classify_dpo_create (DPO_PROTO_IP4, classify_table_index));
474 fib_table_entry_special_dpo_add (fib_index,
477 FIB_ENTRY_FLAG_NONE, &dpo);
482 fib_table_entry_update_one_path (fib_index, &pfx,
483 FIB_SOURCE_INTERFACE,
484 (FIB_ENTRY_FLAG_CONNECTED |
485 FIB_ENTRY_FLAG_LOCAL),
492 FIB_ROUTE_PATH_FLAG_NONE);
496 ip4_del_interface_prefix_routes (ip4_main_t * im,
499 ip4_address_t * address,
502 ip_lookup_main_t *lm = &im->lookup_main;
503 ip_interface_prefix_t *if_prefix;
505 ip_interface_prefix_key_t key = {
507 .fp_len = address_length,
508 .fp_proto = FIB_PROTOCOL_IP4,
509 .fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[address_length],
511 .sw_if_index = sw_if_index,
514 fib_prefix_t pfx_special = {
516 .fp_proto = FIB_PROTOCOL_IP4,
519 if_prefix = ip_get_interface_prefix (lm, &key);
522 clib_warning ("Prefix not found while deleting %U",
523 format_ip4_address_and_length, address, address_length);
527 if_prefix->ref_count -= 1;
530 * Routes need to be adjusted if:
531 * - deleting last intf addr in prefix
532 * - deleting intf addr used as default source address in glean adjacency
534 * We're done now otherwise
536 if ((if_prefix->ref_count > 0) &&
537 !pool_is_free_index (lm->if_address_pool, if_prefix->src_ia_index))
540 /* length <= 30, delete glean route, first address, last address */
541 if (address_length <= 30)
544 /* remove glean route for prefix */
545 pfx_special.fp_addr.ip4 = *address;
546 pfx_special.fp_len = address_length;
547 fib_table_entry_delete (fib_index, &pfx_special, FIB_SOURCE_INTERFACE);
549 /* if no more intf addresses in prefix, remove other special routes */
550 if (!if_prefix->ref_count)
552 /* first address in prefix */
553 pfx_special.fp_addr.ip4.as_u32 =
554 address->as_u32 & im->fib_masks[address_length];
555 pfx_special.fp_len = 32;
557 if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
558 fib_table_entry_special_remove (fib_index,
560 FIB_SOURCE_INTERFACE);
562 /* prefix broadcast address */
563 pfx_special.fp_addr.ip4.as_u32 =
564 address->as_u32 | ~im->fib_masks[address_length];
565 pfx_special.fp_len = 32;
567 if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
568 fib_table_entry_special_remove (fib_index,
570 FIB_SOURCE_INTERFACE);
573 /* default source addr just got deleted, find another */
575 ip_interface_address_t *new_src_ia = NULL;
576 ip4_address_t *new_src_addr = NULL;
579 ip4_interface_address_matching_destination
580 (im, address, sw_if_index, &new_src_ia);
582 if_prefix->src_ia_index = new_src_ia - lm->if_address_pool;
584 pfx_special.fp_len = address_length;
585 pfx_special.fp_addr.ip4 = *new_src_addr;
587 /* set new glean route for the prefix */
588 fib_table_entry_update_one_path (fib_index, &pfx_special,
589 FIB_SOURCE_INTERFACE,
590 (FIB_ENTRY_FLAG_CONNECTED |
591 FIB_ENTRY_FLAG_ATTACHED),
593 /* No next-hop address */
596 /* invalid FIB index */
599 /* no out-label stack */
601 FIB_ROUTE_PATH_FLAG_NONE);
605 /* length == 31, delete attached route for the other address */
606 else if (address_length == 31)
608 pfx_special.fp_addr.ip4.as_u32 =
609 address->as_u32 ^ clib_host_to_net_u32(1);
611 fib_table_entry_delete (fib_index, &pfx_special, FIB_SOURCE_INTERFACE);
614 mhash_unset (&lm->prefix_to_if_prefix_index, &key, 0 /* old_value */);
615 pool_put (lm->if_prefix_pool, if_prefix);
619 ip4_del_interface_routes (u32 sw_if_index,
622 ip4_address_t * address, u32 address_length)
625 .fp_len = address_length,
626 .fp_proto = FIB_PROTOCOL_IP4,
627 .fp_addr.ip4 = *address,
630 ip4_del_interface_prefix_routes (im, sw_if_index, fib_index,
631 address, address_length);
634 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
637 #ifndef CLIB_MARCH_VARIANT
639 ip4_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
641 ip4_main_t *im = &ip4_main;
643 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
646 * enable/disable only on the 1<->0 transition
650 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
655 ASSERT (im->ip_enabled_by_sw_if_index[sw_if_index] > 0);
656 if (0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
659 vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
663 vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
664 sw_if_index, !is_enable, 0, 0);
667 ip4_enable_disable_interface_callback_t *cb;
668 vec_foreach (cb, im->enable_disable_interface_callbacks)
669 cb->function (im, cb->function_opaque, sw_if_index, is_enable);
673 static clib_error_t *
674 ip4_add_del_interface_address_internal (vlib_main_t * vm,
676 ip4_address_t * address,
677 u32 address_length, u32 is_del)
679 vnet_main_t *vnm = vnet_get_main ();
680 ip4_main_t *im = &ip4_main;
681 ip_lookup_main_t *lm = &im->lookup_main;
682 clib_error_t *error = 0;
683 u32 if_address_index;
684 ip4_address_fib_t ip4_af, *addr_fib = 0;
686 /* local0 interface doesn't support IP addressing */
687 if (sw_if_index == 0)
690 clib_error_create ("local0 interface doesn't support IP addressing");
693 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
694 ip4_addr_fib_init (&ip4_af, address,
695 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
696 vec_add1 (addr_fib, ip4_af);
699 * there is no support for adj-fib handling in the presence of overlapping
700 * subnets on interfaces. Easy fix - disallow overlapping subnets, like
706 /* When adding an address check that it does not conflict
707 with an existing address on any interface in this table. */
708 ip_interface_address_t *ia;
709 vnet_sw_interface_t *sif;
711 pool_foreach(sif, vnm->interface_main.sw_interfaces,
713 if (im->fib_index_by_sw_if_index[sw_if_index] ==
714 im->fib_index_by_sw_if_index[sif->sw_if_index])
716 foreach_ip_interface_address
717 (&im->lookup_main, ia, sif->sw_if_index,
718 0 /* honor unnumbered */ ,
721 ip_interface_address_get_address
722 (&im->lookup_main, ia);
724 if (ip4_destination_matches_route
725 (im, address, x, ia->address_length) ||
726 ip4_destination_matches_route (im,
731 /* an intf may have >1 addr from the same prefix */
732 if ((sw_if_index == sif->sw_if_index) &&
733 (ia->address_length == address_length) &&
734 (x->as_u32 != address->as_u32))
737 if (ia->flags & IP_INTERFACE_ADDRESS_FLAG_STALE)
738 /* if the address we're comparing against is stale
739 * then the CP has not added this one back yet, maybe
740 * it never will, so we have to assume it won't and
741 * ignore it. if it does add it back, then it will fail
742 * because this one is now present */
745 /* error if the length or intf was different */
746 vnm->api_errno = VNET_API_ERROR_ADDRESS_IN_USE;
748 error = clib_error_create
749 ("failed to add %U on %U which conflicts with %U for interface %U",
750 format_ip4_address_and_length, address,
752 format_vnet_sw_if_index_name, vnm,
754 format_ip4_address_and_length, x,
756 format_vnet_sw_if_index_name, vnm,
766 if_address_index = ip_interface_address_find (lm, addr_fib, address_length);
770 if (~0 == if_address_index)
772 vnm->api_errno = VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
773 error = clib_error_create ("%U not found for interface %U",
774 lm->format_address_and_length,
775 addr_fib, address_length,
776 format_vnet_sw_if_index_name, vnm,
781 ip_interface_address_del (lm, if_address_index, addr_fib);
785 if (~0 != if_address_index)
787 ip_interface_address_t *ia;
789 ia = pool_elt_at_index (lm->if_address_pool, if_address_index);
791 if (ia->flags & IP_INTERFACE_ADDRESS_FLAG_STALE)
793 if (ia->sw_if_index == sw_if_index)
795 /* re-adding an address during the replace action.
796 * consdier this the update. clear the flag and
798 ia->flags &= ~IP_INTERFACE_ADDRESS_FLAG_STALE;
803 /* The prefix is moving from one interface to another.
804 * delete the stale and add the new */
805 ip4_add_del_interface_address_internal (vm,
810 error = ip_interface_address_add (lm, sw_if_index,
811 addr_fib, address_length,
817 vnm->api_errno = VNET_API_ERROR_DUPLICATE_IF_ADDRESS;
818 error = clib_error_create
819 ("Prefix %U already found on interface %U",
820 lm->format_address_and_length, addr_fib, address_length,
821 format_vnet_sw_if_index_name, vnm, ia->sw_if_index);
825 error = ip_interface_address_add (lm, sw_if_index,
826 addr_fib, address_length,
833 ip4_sw_interface_enable_disable (sw_if_index, !is_del);
834 ip4_mfib_interface_enable_disable (sw_if_index, !is_del);
836 /* intf addr routes are added/deleted on admin up/down */
837 if (vnet_sw_interface_is_admin_up (vnm, sw_if_index))
840 ip4_del_interface_routes (sw_if_index,
841 im, ip4_af.fib_index, address,
844 ip4_add_interface_routes (sw_if_index,
845 im, ip4_af.fib_index,
847 (lm->if_address_pool, if_address_index));
850 ip4_add_del_interface_address_callback_t *cb;
851 vec_foreach (cb, im->add_del_interface_address_callbacks)
852 cb->function (im, cb->function_opaque, sw_if_index,
853 address, address_length, if_address_index, is_del);
861 ip4_add_del_interface_address (vlib_main_t * vm,
863 ip4_address_t * address,
864 u32 address_length, u32 is_del)
866 return ip4_add_del_interface_address_internal
867 (vm, sw_if_index, address, address_length, is_del);
871 ip4_directed_broadcast (u32 sw_if_index, u8 enable)
873 ip_interface_address_t *ia;
879 * when directed broadcast is enabled, the subnet braodcast route will forward
880 * packets using an adjacency with a broadcast MAC. otherwise it drops
883 foreach_ip_interface_address(&im->lookup_main, ia,
886 if (ia->address_length <= 30)
890 ipa = ip_interface_address_get_address (&im->lookup_main, ia);
894 .fp_proto = FIB_PROTOCOL_IP4,
896 .ip4.as_u32 = (ipa->as_u32 | ~im->fib_masks[ia->address_length]),
900 ip4_add_subnet_bcast_route
901 (fib_table_get_index_for_sw_if_index(FIB_PROTOCOL_IP4,
910 static clib_error_t *
911 ip4_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
913 ip4_main_t *im = &ip4_main;
914 ip_interface_address_t *ia;
916 u32 is_admin_up, fib_index;
918 /* Fill in lookup tables with default table (0). */
919 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
921 vec_validate_init_empty (im->
922 lookup_main.if_address_pool_index_by_sw_if_index,
925 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
927 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
930 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
931 0 /* honor unnumbered */,
933 a = ip_interface_address_get_address (&im->lookup_main, ia);
935 ip4_add_interface_routes (sw_if_index,
939 ip4_del_interface_routes (sw_if_index,
941 a, ia->address_length);
948 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip4_sw_interface_admin_up_down);
950 /* Built-in ip4 unicast rx feature path definition */
952 VNET_FEATURE_ARC_INIT (ip4_unicast, static) =
954 .arc_name = "ip4-unicast",
955 .start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
956 .last_in_arc = "ip4-lookup",
957 .arc_index_ptr = &ip4_main.lookup_main.ucast_feature_arc_index,
960 VNET_FEATURE_INIT (ip4_flow_classify, static) =
962 .arc_name = "ip4-unicast",
963 .node_name = "ip4-flow-classify",
964 .runs_before = VNET_FEATURES ("ip4-inacl"),
967 VNET_FEATURE_INIT (ip4_inacl, static) =
969 .arc_name = "ip4-unicast",
970 .node_name = "ip4-inacl",
971 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
974 VNET_FEATURE_INIT (ip4_source_and_port_range_check_rx, static) =
976 .arc_name = "ip4-unicast",
977 .node_name = "ip4-source-and-port-range-check-rx",
978 .runs_before = VNET_FEATURES ("ip4-policer-classify"),
981 VNET_FEATURE_INIT (ip4_policer_classify, static) =
983 .arc_name = "ip4-unicast",
984 .node_name = "ip4-policer-classify",
985 .runs_before = VNET_FEATURES ("ipsec4-input-feature"),
988 VNET_FEATURE_INIT (ip4_ipsec, static) =
990 .arc_name = "ip4-unicast",
991 .node_name = "ipsec4-input-feature",
992 .runs_before = VNET_FEATURES ("vpath-input-ip4"),
995 VNET_FEATURE_INIT (ip4_vpath, static) =
997 .arc_name = "ip4-unicast",
998 .node_name = "vpath-input-ip4",
999 .runs_before = VNET_FEATURES ("ip4-vxlan-bypass"),
1002 VNET_FEATURE_INIT (ip4_vxlan_bypass, static) =
1004 .arc_name = "ip4-unicast",
1005 .node_name = "ip4-vxlan-bypass",
1006 .runs_before = VNET_FEATURES ("ip4-lookup"),
1009 VNET_FEATURE_INIT (ip4_not_enabled, static) =
1011 .arc_name = "ip4-unicast",
1012 .node_name = "ip4-not-enabled",
1013 .runs_before = VNET_FEATURES ("ip4-lookup"),
1016 VNET_FEATURE_INIT (ip4_lookup, static) =
1018 .arc_name = "ip4-unicast",
1019 .node_name = "ip4-lookup",
1020 .runs_before = 0, /* not before any other features */
1023 /* Built-in ip4 multicast rx feature path definition */
1024 VNET_FEATURE_ARC_INIT (ip4_multicast, static) =
1026 .arc_name = "ip4-multicast",
1027 .start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
1028 .last_in_arc = "ip4-mfib-forward-lookup",
1029 .arc_index_ptr = &ip4_main.lookup_main.mcast_feature_arc_index,
1032 VNET_FEATURE_INIT (ip4_vpath_mc, static) =
1034 .arc_name = "ip4-multicast",
1035 .node_name = "vpath-input-ip4",
1036 .runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
1039 VNET_FEATURE_INIT (ip4_mc_not_enabled, static) =
1041 .arc_name = "ip4-multicast",
1042 .node_name = "ip4-not-enabled",
1043 .runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
1046 VNET_FEATURE_INIT (ip4_lookup_mc, static) =
1048 .arc_name = "ip4-multicast",
1049 .node_name = "ip4-mfib-forward-lookup",
1050 .runs_before = 0, /* last feature */
1053 /* Source and port-range check ip4 tx feature path definition */
1054 VNET_FEATURE_ARC_INIT (ip4_output, static) =
1056 .arc_name = "ip4-output",
1057 .start_nodes = VNET_FEATURES ("ip4-rewrite", "ip4-midchain", "ip4-dvr-dpo"),
1058 .last_in_arc = "interface-output",
1059 .arc_index_ptr = &ip4_main.lookup_main.output_feature_arc_index,
1062 VNET_FEATURE_INIT (ip4_source_and_port_range_check_tx, static) =
1064 .arc_name = "ip4-output",
1065 .node_name = "ip4-source-and-port-range-check-tx",
1066 .runs_before = VNET_FEATURES ("ip4-outacl"),
1069 VNET_FEATURE_INIT (ip4_outacl, static) =
1071 .arc_name = "ip4-output",
1072 .node_name = "ip4-outacl",
1073 .runs_before = VNET_FEATURES ("ipsec4-output-feature"),
1076 VNET_FEATURE_INIT (ip4_ipsec_output, static) =
1078 .arc_name = "ip4-output",
1079 .node_name = "ipsec4-output-feature",
1080 .runs_before = VNET_FEATURES ("interface-output"),
1083 /* Built-in ip4 tx feature path definition */
1084 VNET_FEATURE_INIT (ip4_interface_output, static) =
1086 .arc_name = "ip4-output",
1087 .node_name = "interface-output",
1088 .runs_before = 0, /* not before any other features */
1092 static clib_error_t *
1093 ip4_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
1095 ip4_main_t *im = &ip4_main;
1097 /* Fill in lookup tables with default table (0). */
1098 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
1099 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
1103 ip4_main_t *im4 = &ip4_main;
1104 ip_lookup_main_t *lm4 = &im4->lookup_main;
1105 ip_interface_address_t *ia = 0;
1106 ip4_address_t *address;
1107 vlib_main_t *vm = vlib_get_main ();
1109 vnet_sw_interface_update_unnumbered (sw_if_index, ~0, 0);
1111 foreach_ip_interface_address (lm4, ia, sw_if_index, 0,
1113 address = ip_interface_address_get_address (lm4, ia);
1114 ip4_add_del_interface_address(vm, sw_if_index, address, ia->address_length, 1);
1117 ip4_mfib_interface_enable_disable (sw_if_index, 0);
1120 vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
1123 vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
1124 sw_if_index, is_add, 0, 0);
1126 return /* no error */ 0;
1129 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip4_sw_interface_add_del);
1131 /* Global IP4 main. */
1132 #ifndef CLIB_MARCH_VARIANT
1133 ip4_main_t ip4_main;
1134 #endif /* CLIB_MARCH_VARIANT */
1136 static clib_error_t *
1137 ip4_lookup_init (vlib_main_t * vm)
1139 ip4_main_t *im = &ip4_main;
1140 clib_error_t *error;
1143 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
1145 if ((error = vlib_call_init_function (vm, ip4_mtrie_module_init)))
1147 if ((error = vlib_call_init_function (vm, fib_module_init)))
1149 if ((error = vlib_call_init_function (vm, mfib_module_init)))
1152 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
1157 m = pow2_mask (i) << (32 - i);
1160 im->fib_masks[i] = clib_host_to_net_u32 (m);
1163 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 0);
1165 /* Create FIB with index 0 and table id of 0. */
1166 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
1167 FIB_SOURCE_DEFAULT_ROUTE);
1168 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
1169 MFIB_SOURCE_DEFAULT_ROUTE);
1173 pn = pg_get_node (ip4_lookup_node.index);
1174 pn->unformat_edit = unformat_pg_ip4_header;
1178 ethernet_arp_header_t h;
1180 clib_memset (&h, 0, sizeof (h));
1182 #define _16(f,v) h.f = clib_host_to_net_u16 (v);
1183 #define _8(f,v) h.f = v;
1184 _16 (l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
1185 _16 (l3_type, ETHERNET_TYPE_IP4);
1186 _8 (n_l2_address_bytes, 6);
1187 _8 (n_l3_address_bytes, 4);
1188 _16 (opcode, ETHERNET_ARP_OPCODE_request);
1192 vlib_packet_template_init (vm, &im->ip4_arp_request_packet_template,
1195 /* alloc chunk size */ 8,
1202 VLIB_INIT_FUNCTION (ip4_lookup_init);
1206 /* Adjacency taken. */
1211 /* Packet data, possibly *after* rewrite. */
1212 u8 packet_data[64 - 1 * sizeof (u32)];
1214 ip4_forward_next_trace_t;
1216 #ifndef CLIB_MARCH_VARIANT
1218 format_ip4_forward_next_trace (u8 * s, va_list * args)
1220 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1221 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1222 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1223 u32 indent = format_get_indent (s);
1224 s = format (s, "%U%U",
1225 format_white_space, indent,
1226 format_ip4_header, t->packet_data, sizeof (t->packet_data));
1232 format_ip4_lookup_trace (u8 * s, va_list * args)
1234 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1235 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1236 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1237 u32 indent = format_get_indent (s);
1239 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
1240 t->fib_index, t->dpo_index, t->flow_hash);
1241 s = format (s, "\n%U%U",
1242 format_white_space, indent,
1243 format_ip4_header, t->packet_data, sizeof (t->packet_data));
1248 format_ip4_rewrite_trace (u8 * s, va_list * args)
1250 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1251 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1252 ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
1253 u32 indent = format_get_indent (s);
1255 s = format (s, "tx_sw_if_index %d dpo-idx %d : %U flow hash: 0x%08x",
1256 t->fib_index, t->dpo_index, format_ip_adjacency,
1257 t->dpo_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
1258 s = format (s, "\n%U%U",
1259 format_white_space, indent,
1260 format_ip_adjacency_packet_data,
1261 t->packet_data, sizeof (t->packet_data));
1265 #ifndef CLIB_MARCH_VARIANT
1266 /* Common trace function for all ip4-forward next nodes. */
1268 ip4_forward_next_trace (vlib_main_t * vm,
1269 vlib_node_runtime_t * node,
1270 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
1273 ip4_main_t *im = &ip4_main;
1275 n_left = frame->n_vectors;
1276 from = vlib_frame_vector_args (frame);
1281 vlib_buffer_t *b0, *b1;
1282 ip4_forward_next_trace_t *t0, *t1;
1284 /* Prefetch next iteration. */
1285 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1286 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1291 b0 = vlib_get_buffer (vm, bi0);
1292 b1 = vlib_get_buffer (vm, bi1);
1294 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1296 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1297 t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1298 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1300 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1301 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1302 vec_elt (im->fib_index_by_sw_if_index,
1303 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1305 clib_memcpy_fast (t0->packet_data,
1306 vlib_buffer_get_current (b0),
1307 sizeof (t0->packet_data));
1309 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1311 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1312 t1->dpo_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1313 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1315 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1316 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1317 vec_elt (im->fib_index_by_sw_if_index,
1318 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1319 clib_memcpy_fast (t1->packet_data, vlib_buffer_get_current (b1),
1320 sizeof (t1->packet_data));
1330 ip4_forward_next_trace_t *t0;
1334 b0 = vlib_get_buffer (vm, bi0);
1336 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1338 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1339 t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1340 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1342 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1343 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1344 vec_elt (im->fib_index_by_sw_if_index,
1345 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1346 clib_memcpy_fast (t0->packet_data, vlib_buffer_get_current (b0),
1347 sizeof (t0->packet_data));
1354 /* Compute TCP/UDP/ICMP4 checksum in software. */
1356 ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1360 u32 ip_header_length, payload_length_host_byte_order;
1362 /* Initialize checksum with ip header. */
1363 ip_header_length = ip4_header_bytes (ip0);
1364 payload_length_host_byte_order =
1365 clib_net_to_host_u16 (ip0->length) - ip_header_length;
1367 clib_host_to_net_u32 (payload_length_host_byte_order +
1368 (ip0->protocol << 16));
1370 if (BITS (uword) == 32)
1373 ip_csum_with_carry (sum0,
1374 clib_mem_unaligned (&ip0->src_address, u32));
1376 ip_csum_with_carry (sum0,
1377 clib_mem_unaligned (&ip0->dst_address, u32));
1381 ip_csum_with_carry (sum0, clib_mem_unaligned (&ip0->src_address, u64));
1383 return ip_calculate_l4_checksum (vm, p0, sum0,
1384 payload_length_host_byte_order, (u8 *) ip0,
1385 ip_header_length, NULL);
1389 ip4_tcp_udp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1391 ip4_header_t *ip0 = vlib_buffer_get_current (p0);
1395 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1396 || ip0->protocol == IP_PROTOCOL_UDP);
1398 udp0 = (void *) (ip0 + 1);
1399 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1401 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1402 | VNET_BUFFER_F_L4_CHECKSUM_CORRECT);
1406 sum16 = ip4_tcp_udp_compute_checksum (vm, p0, ip0);
1408 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1409 | ((sum16 == 0) << VNET_BUFFER_F_LOG2_L4_CHECKSUM_CORRECT));
1416 VNET_FEATURE_ARC_INIT (ip4_local) =
1418 .arc_name = "ip4-local",
1419 .start_nodes = VNET_FEATURES ("ip4-local"),
1420 .last_in_arc = "ip4-local-end-of-arc",
1425 ip4_local_l4_csum_validate (vlib_main_t * vm, vlib_buffer_t * p,
1426 ip4_header_t * ip, u8 is_udp, u8 * error,
1430 flags0 = ip4_tcp_udp_validate_checksum (vm, p);
1431 *good_tcp_udp = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
1435 u32 ip_len, udp_len;
1437 udp = ip4_next_header (ip);
1438 /* Verify UDP length. */
1439 ip_len = clib_net_to_host_u16 (ip->length);
1440 udp_len = clib_net_to_host_u16 (udp->length);
1442 len_diff = ip_len - udp_len;
1443 *good_tcp_udp &= len_diff >= 0;
1444 *error = len_diff < 0 ? IP4_ERROR_UDP_LENGTH : *error;
1448 #define ip4_local_csum_is_offloaded(_b) \
1449 _b->flags & VNET_BUFFER_F_OFFLOAD_TCP_CKSUM \
1450 || _b->flags & VNET_BUFFER_F_OFFLOAD_UDP_CKSUM
1452 #define ip4_local_need_csum_check(is_tcp_udp, _b) \
1453 (is_tcp_udp && !(_b->flags & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED \
1454 || ip4_local_csum_is_offloaded (_b)))
1456 #define ip4_local_csum_is_valid(_b) \
1457 (_b->flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT \
1458 || (ip4_local_csum_is_offloaded (_b))) != 0
1461 ip4_local_check_l4_csum (vlib_main_t * vm, vlib_buffer_t * b,
1462 ip4_header_t * ih, u8 * error)
1464 u8 is_udp, is_tcp_udp, good_tcp_udp;
1466 is_udp = ih->protocol == IP_PROTOCOL_UDP;
1467 is_tcp_udp = is_udp || ih->protocol == IP_PROTOCOL_TCP;
1469 if (PREDICT_FALSE (ip4_local_need_csum_check (is_tcp_udp, b)))
1470 ip4_local_l4_csum_validate (vm, b, ih, is_udp, error, &good_tcp_udp);
1472 good_tcp_udp = ip4_local_csum_is_valid (b);
1474 ASSERT (IP4_ERROR_TCP_CHECKSUM + 1 == IP4_ERROR_UDP_CHECKSUM);
1475 *error = (is_tcp_udp && !good_tcp_udp
1476 ? IP4_ERROR_TCP_CHECKSUM + is_udp : *error);
1480 ip4_local_check_l4_csum_x2 (vlib_main_t * vm, vlib_buffer_t ** b,
1481 ip4_header_t ** ih, u8 * error)
1483 u8 is_udp[2], is_tcp_udp[2], good_tcp_udp[2];
1485 is_udp[0] = ih[0]->protocol == IP_PROTOCOL_UDP;
1486 is_udp[1] = ih[1]->protocol == IP_PROTOCOL_UDP;
1488 is_tcp_udp[0] = is_udp[0] || ih[0]->protocol == IP_PROTOCOL_TCP;
1489 is_tcp_udp[1] = is_udp[1] || ih[1]->protocol == IP_PROTOCOL_TCP;
1491 good_tcp_udp[0] = ip4_local_csum_is_valid (b[0]);
1492 good_tcp_udp[1] = ip4_local_csum_is_valid (b[1]);
1494 if (PREDICT_FALSE (ip4_local_need_csum_check (is_tcp_udp[0], b[0])
1495 || ip4_local_need_csum_check (is_tcp_udp[1], b[1])))
1498 ip4_local_l4_csum_validate (vm, b[0], ih[0], is_udp[0], &error[0],
1501 ip4_local_l4_csum_validate (vm, b[1], ih[1], is_udp[1], &error[1],
1505 error[0] = (is_tcp_udp[0] && !good_tcp_udp[0] ?
1506 IP4_ERROR_TCP_CHECKSUM + is_udp[0] : error[0]);
1507 error[1] = (is_tcp_udp[1] && !good_tcp_udp[1] ?
1508 IP4_ERROR_TCP_CHECKSUM + is_udp[1] : error[1]);
1512 ip4_local_set_next_and_error (vlib_node_runtime_t * error_node,
1513 vlib_buffer_t * b, u16 * next, u8 error,
1514 u8 head_of_feature_arc)
1516 u8 arc_index = vnet_feat_arc_ip4_local.feature_arc_index;
1519 *next = error != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : *next;
1520 b->error = error ? error_node->errors[error] : 0;
1521 if (head_of_feature_arc)
1524 if (PREDICT_TRUE (error == (u8) IP4_ERROR_UNKNOWN_PROTOCOL))
1526 vnet_feature_arc_start (arc_index,
1527 vnet_buffer (b)->sw_if_index[VLIB_RX],
1540 } ip4_local_last_check_t;
1543 ip4_local_check_src (vlib_buffer_t * b, ip4_header_t * ip0,
1544 ip4_local_last_check_t * last_check, u8 * error0)
1546 ip4_fib_mtrie_leaf_t leaf0;
1547 ip4_fib_mtrie_t *mtrie0;
1548 const dpo_id_t *dpo0;
1549 load_balance_t *lb0;
1552 vnet_buffer (b)->ip.fib_index =
1553 vnet_buffer (b)->sw_if_index[VLIB_TX] != ~0 ?
1554 vnet_buffer (b)->sw_if_index[VLIB_TX] : vnet_buffer (b)->ip.fib_index;
1557 * vnet_buffer()->ip.adj_index[VLIB_RX] will be set to the index of the
1558 * adjacency for the destination address (the local interface address).
1559 * vnet_buffer()->ip.adj_index[VLIB_TX] will be set to the index of the
1560 * adjacency for the source address (the remote sender's address)
1562 if (PREDICT_TRUE (last_check->src.as_u32 != ip0->src_address.as_u32) ||
1565 mtrie0 = &ip4_fib_get (vnet_buffer (b)->ip.fib_index)->mtrie;
1566 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, &ip0->src_address);
1567 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address, 2);
1568 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, &ip0->src_address, 3);
1569 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
1571 vnet_buffer (b)->ip.adj_index[VLIB_RX] =
1572 vnet_buffer (b)->ip.adj_index[VLIB_TX];
1573 vnet_buffer (b)->ip.adj_index[VLIB_TX] = lbi0;
1575 lb0 = load_balance_get (lbi0);
1576 dpo0 = load_balance_get_bucket_i (lb0, 0);
1579 * Must have a route to source otherwise we drop the packet.
1580 * ip4 broadcasts are accepted, e.g. to make dhcp client work
1583 * - the source is a recieve => it's from us => bogus, do this
1584 * first since it sets a different error code.
1585 * - uRPF check for any route to source - accept if passes.
1586 * - allow packets destined to the broadcast address from unknown sources
1589 *error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
1590 && dpo0->dpoi_type == DPO_RECEIVE) ?
1591 IP4_ERROR_SPOOFED_LOCAL_PACKETS : *error0);
1592 *error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
1593 && !fib_urpf_check_size (lb0->lb_urpf)
1594 && ip0->dst_address.as_u32 != 0xFFFFFFFF) ?
1595 IP4_ERROR_SRC_LOOKUP_MISS : *error0);
1597 last_check->src.as_u32 = ip0->src_address.as_u32;
1598 last_check->lbi = lbi0;
1599 last_check->error = *error0;
1600 last_check->first = 0;
1604 vnet_buffer (b)->ip.adj_index[VLIB_RX] =
1605 vnet_buffer (b)->ip.adj_index[VLIB_TX];
1606 vnet_buffer (b)->ip.adj_index[VLIB_TX] = last_check->lbi;
1607 *error0 = last_check->error;
1612 ip4_local_check_src_x2 (vlib_buffer_t ** b, ip4_header_t ** ip,
1613 ip4_local_last_check_t * last_check, u8 * error)
1615 ip4_fib_mtrie_leaf_t leaf[2];
1616 ip4_fib_mtrie_t *mtrie[2];
1617 const dpo_id_t *dpo[2];
1618 load_balance_t *lb[2];
1622 not_last_hit = last_check->first;
1623 not_last_hit |= ip[0]->src_address.as_u32 ^ last_check->src.as_u32;
1624 not_last_hit |= ip[1]->src_address.as_u32 ^ last_check->src.as_u32;
1626 vnet_buffer (b[0])->ip.fib_index =
1627 vnet_buffer (b[0])->sw_if_index[VLIB_TX] != ~0 ?
1628 vnet_buffer (b[0])->sw_if_index[VLIB_TX] :
1629 vnet_buffer (b[0])->ip.fib_index;
1631 vnet_buffer (b[1])->ip.fib_index =
1632 vnet_buffer (b[1])->sw_if_index[VLIB_TX] != ~0 ?
1633 vnet_buffer (b[1])->sw_if_index[VLIB_TX] :
1634 vnet_buffer (b[1])->ip.fib_index;
1637 * vnet_buffer()->ip.adj_index[VLIB_RX] will be set to the index of the
1638 * adjacency for the destination address (the local interface address).
1639 * vnet_buffer()->ip.adj_index[VLIB_TX] will be set to the index of the
1640 * adjacency for the source address (the remote sender's address)
1642 if (PREDICT_TRUE (not_last_hit))
1644 mtrie[0] = &ip4_fib_get (vnet_buffer (b[0])->ip.fib_index)->mtrie;
1645 mtrie[1] = &ip4_fib_get (vnet_buffer (b[1])->ip.fib_index)->mtrie;
1647 leaf[0] = ip4_fib_mtrie_lookup_step_one (mtrie[0], &ip[0]->src_address);
1648 leaf[1] = ip4_fib_mtrie_lookup_step_one (mtrie[1], &ip[1]->src_address);
1650 leaf[0] = ip4_fib_mtrie_lookup_step (mtrie[0], leaf[0],
1651 &ip[0]->src_address, 2);
1652 leaf[1] = ip4_fib_mtrie_lookup_step (mtrie[1], leaf[1],
1653 &ip[1]->src_address, 2);
1655 leaf[0] = ip4_fib_mtrie_lookup_step (mtrie[0], leaf[0],
1656 &ip[0]->src_address, 3);
1657 leaf[1] = ip4_fib_mtrie_lookup_step (mtrie[1], leaf[1],
1658 &ip[1]->src_address, 3);
1660 lbi[0] = ip4_fib_mtrie_leaf_get_adj_index (leaf[0]);
1661 lbi[1] = ip4_fib_mtrie_leaf_get_adj_index (leaf[1]);
1663 vnet_buffer (b[0])->ip.adj_index[VLIB_RX] =
1664 vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
1665 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = lbi[0];
1667 vnet_buffer (b[1])->ip.adj_index[VLIB_RX] =
1668 vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
1669 vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = lbi[1];
1671 lb[0] = load_balance_get (lbi[0]);
1672 lb[1] = load_balance_get (lbi[1]);
1674 dpo[0] = load_balance_get_bucket_i (lb[0], 0);
1675 dpo[1] = load_balance_get_bucket_i (lb[1], 0);
1677 error[0] = ((error[0] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1678 dpo[0]->dpoi_type == DPO_RECEIVE) ?
1679 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error[0]);
1680 error[0] = ((error[0] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1681 !fib_urpf_check_size (lb[0]->lb_urpf) &&
1682 ip[0]->dst_address.as_u32 != 0xFFFFFFFF)
1683 ? IP4_ERROR_SRC_LOOKUP_MISS : error[0]);
1685 error[1] = ((error[1] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1686 dpo[1]->dpoi_type == DPO_RECEIVE) ?
1687 IP4_ERROR_SPOOFED_LOCAL_PACKETS : error[1]);
1688 error[1] = ((error[1] == IP4_ERROR_UNKNOWN_PROTOCOL &&
1689 !fib_urpf_check_size (lb[1]->lb_urpf) &&
1690 ip[1]->dst_address.as_u32 != 0xFFFFFFFF)
1691 ? IP4_ERROR_SRC_LOOKUP_MISS : error[1]);
1693 last_check->src.as_u32 = ip[1]->src_address.as_u32;
1694 last_check->lbi = lbi[1];
1695 last_check->error = error[1];
1696 last_check->first = 0;
1700 vnet_buffer (b[0])->ip.adj_index[VLIB_RX] =
1701 vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
1702 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = last_check->lbi;
1704 vnet_buffer (b[1])->ip.adj_index[VLIB_RX] =
1705 vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
1706 vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = last_check->lbi;
1708 error[0] = last_check->error;
1709 error[1] = last_check->error;
1713 enum ip_local_packet_type_e
1715 IP_LOCAL_PACKET_TYPE_L4,
1716 IP_LOCAL_PACKET_TYPE_NAT,
1717 IP_LOCAL_PACKET_TYPE_FRAG,
1721 * Determine packet type and next node.
1723 * The expectation is that all packets that are not L4 will skip
1724 * checksums and source checks.
1727 ip4_local_classify (vlib_buffer_t * b, ip4_header_t * ip, u16 * next)
1729 ip_lookup_main_t *lm = &ip4_main.lookup_main;
1731 if (PREDICT_FALSE (ip4_is_fragment (ip)))
1733 *next = IP_LOCAL_NEXT_REASSEMBLY;
1734 return IP_LOCAL_PACKET_TYPE_FRAG;
1736 if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_IS_NATED))
1738 *next = lm->local_next_by_ip_protocol[ip->protocol];
1739 return IP_LOCAL_PACKET_TYPE_NAT;
1742 *next = lm->local_next_by_ip_protocol[ip->protocol];
1743 return IP_LOCAL_PACKET_TYPE_L4;
1747 ip4_local_inline (vlib_main_t * vm,
1748 vlib_node_runtime_t * node,
1749 vlib_frame_t * frame, int head_of_feature_arc)
1751 u32 *from, n_left_from;
1752 vlib_node_runtime_t *error_node =
1753 vlib_node_get_runtime (vm, ip4_local_node.index);
1754 u16 nexts[VLIB_FRAME_SIZE], *next;
1755 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1756 ip4_header_t *ip[2];
1759 ip4_local_last_check_t last_check = {
1761 * 0.0.0.0 can appear as the source address of an IP packet,
1762 * as can any other address, hence the need to use the 'first'
1763 * member to make sure the .lbi is initialised for the first
1766 .src = {.as_u32 = 0},
1768 .error = IP4_ERROR_UNKNOWN_PROTOCOL,
1772 from = vlib_frame_vector_args (frame);
1773 n_left_from = frame->n_vectors;
1775 if (node->flags & VLIB_NODE_FLAG_TRACE)
1776 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
1778 vlib_get_buffers (vm, from, bufs, n_left_from);
1782 while (n_left_from >= 6)
1786 /* Prefetch next iteration. */
1788 vlib_prefetch_buffer_header (b[4], LOAD);
1789 vlib_prefetch_buffer_header (b[5], LOAD);
1791 CLIB_PREFETCH (b[4]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1792 CLIB_PREFETCH (b[5]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1795 error[0] = error[1] = IP4_ERROR_UNKNOWN_PROTOCOL;
1797 ip[0] = vlib_buffer_get_current (b[0]);
1798 ip[1] = vlib_buffer_get_current (b[1]);
1800 vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
1801 vnet_buffer (b[1])->l3_hdr_offset = b[1]->current_data;
1803 pt[0] = ip4_local_classify (b[0], ip[0], &next[0]);
1804 pt[1] = ip4_local_classify (b[1], ip[1], &next[1]);
1806 not_batch = pt[0] ^ pt[1];
1808 if (head_of_feature_arc == 0 || (pt[0] && not_batch == 0))
1811 if (PREDICT_TRUE (not_batch == 0))
1813 ip4_local_check_l4_csum_x2 (vm, b, ip, error);
1814 ip4_local_check_src_x2 (b, ip, &last_check, error);
1820 ip4_local_check_l4_csum (vm, b[0], ip[0], &error[0]);
1821 ip4_local_check_src (b[0], ip[0], &last_check, &error[0]);
1825 ip4_local_check_l4_csum (vm, b[1], ip[1], &error[1]);
1826 ip4_local_check_src (b[1], ip[1], &last_check, &error[1]);
1832 ip4_local_set_next_and_error (error_node, b[0], &next[0], error[0],
1833 head_of_feature_arc);
1834 ip4_local_set_next_and_error (error_node, b[1], &next[1], error[1],
1835 head_of_feature_arc);
1842 while (n_left_from > 0)
1844 error[0] = IP4_ERROR_UNKNOWN_PROTOCOL;
1846 ip[0] = vlib_buffer_get_current (b[0]);
1847 vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
1848 pt[0] = ip4_local_classify (b[0], ip[0], &next[0]);
1850 if (head_of_feature_arc == 0 || pt[0])
1853 ip4_local_check_l4_csum (vm, b[0], ip[0], &error[0]);
1854 ip4_local_check_src (b[0], ip[0], &last_check, &error[0]);
1858 ip4_local_set_next_and_error (error_node, b[0], &next[0], error[0],
1859 head_of_feature_arc);
1866 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
1867 return frame->n_vectors;
1870 VLIB_NODE_FN (ip4_local_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
1871 vlib_frame_t * frame)
1873 return ip4_local_inline (vm, node, frame, 1 /* head of feature arc */ );
1877 VLIB_REGISTER_NODE (ip4_local_node) =
1879 .name = "ip4-local",
1880 .vector_size = sizeof (u32),
1881 .format_trace = format_ip4_forward_next_trace,
1882 .n_errors = IP4_N_ERROR,
1883 .error_strings = ip4_error_strings,
1884 .n_next_nodes = IP_LOCAL_N_NEXT,
1887 [IP_LOCAL_NEXT_DROP] = "ip4-drop",
1888 [IP_LOCAL_NEXT_PUNT] = "ip4-punt",
1889 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip4-udp-lookup",
1890 [IP_LOCAL_NEXT_ICMP] = "ip4-icmp-input",
1891 [IP_LOCAL_NEXT_REASSEMBLY] = "ip4-full-reassembly",
1897 VLIB_NODE_FN (ip4_local_end_of_arc_node) (vlib_main_t * vm,
1898 vlib_node_runtime_t * node,
1899 vlib_frame_t * frame)
1901 return ip4_local_inline (vm, node, frame, 0 /* head of feature arc */ );
1905 VLIB_REGISTER_NODE (ip4_local_end_of_arc_node) = {
1906 .name = "ip4-local-end-of-arc",
1907 .vector_size = sizeof (u32),
1909 .format_trace = format_ip4_forward_next_trace,
1910 .sibling_of = "ip4-local",
1913 VNET_FEATURE_INIT (ip4_local_end_of_arc, static) = {
1914 .arc_name = "ip4-local",
1915 .node_name = "ip4-local-end-of-arc",
1916 .runs_before = 0, /* not before any other features */
1920 #ifndef CLIB_MARCH_VARIANT
1922 ip4_register_protocol (u32 protocol, u32 node_index)
1924 vlib_main_t *vm = vlib_get_main ();
1925 ip4_main_t *im = &ip4_main;
1926 ip_lookup_main_t *lm = &im->lookup_main;
1928 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1929 lm->local_next_by_ip_protocol[protocol] =
1930 vlib_node_add_next (vm, ip4_local_node.index, node_index);
1934 ip4_unregister_protocol (u32 protocol)
1936 ip4_main_t *im = &ip4_main;
1937 ip_lookup_main_t *lm = &im->lookup_main;
1939 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1940 lm->local_next_by_ip_protocol[protocol] = IP_LOCAL_NEXT_PUNT;
1944 static clib_error_t *
1945 show_ip_local_command_fn (vlib_main_t * vm,
1946 unformat_input_t * input, vlib_cli_command_t * cmd)
1948 ip4_main_t *im = &ip4_main;
1949 ip_lookup_main_t *lm = &im->lookup_main;
1952 vlib_cli_output (vm, "Protocols handled by ip4_local");
1953 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
1955 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
1957 u32 node_index = vlib_get_node (vm,
1958 ip4_local_node.index)->
1959 next_nodes[lm->local_next_by_ip_protocol[i]];
1960 vlib_cli_output (vm, "%U: %U", format_ip_protocol, i,
1961 format_vlib_node_name, vm, node_index);
1970 * Display the set of protocols handled by the local IPv4 stack.
1973 * Example of how to display local protocol table:
1974 * @cliexstart{show ip local}
1975 * Protocols handled by ip4_local
1982 VLIB_CLI_COMMAND (show_ip_local, static) =
1984 .path = "show ip local",
1985 .function = show_ip_local_command_fn,
1986 .short_help = "show ip local",
1992 IP4_REWRITE_NEXT_DROP,
1993 IP4_REWRITE_NEXT_ICMP_ERROR,
1994 IP4_REWRITE_NEXT_FRAGMENT,
1995 IP4_REWRITE_N_NEXT /* Last */
1996 } ip4_rewrite_next_t;
1999 * This bits of an IPv4 address to mask to construct a multicast
2002 #if CLIB_ARCH_IS_BIG_ENDIAN
2003 #define IP4_MCAST_ADDR_MASK 0x007fffff
2005 #define IP4_MCAST_ADDR_MASK 0xffff7f00
2009 ip4_mtu_check (vlib_buffer_t * b, u16 packet_len,
2010 u16 adj_packet_bytes, bool df, u16 * next,
2011 u8 is_midchain, u32 * error)
2013 if (packet_len > adj_packet_bytes)
2015 *error = IP4_ERROR_MTU_EXCEEDED;
2018 icmp4_error_set_vnet_buffer
2019 (b, ICMP4_destination_unreachable,
2020 ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set,
2022 *next = IP4_REWRITE_NEXT_ICMP_ERROR;
2026 /* IP fragmentation */
2027 ip_frag_set_vnet_buffer (b, adj_packet_bytes,
2029 IP_FRAG_NEXT_IP_REWRITE_MIDCHAIN :
2030 IP_FRAG_NEXT_IP_REWRITE), 0);
2031 *next = IP4_REWRITE_NEXT_FRAGMENT;
2036 /* increment TTL & update checksum.
2037 Works either endian, so no need for byte swap. */
2038 static_always_inline void
2039 ip4_ttl_inc (vlib_buffer_t * b, ip4_header_t * ip)
2043 if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED))
2048 checksum = ip->checksum - clib_host_to_net_u16 (0x0100);
2049 checksum += checksum >= 0xffff;
2051 ip->checksum = checksum;
2055 ASSERT (ip->checksum == ip4_header_checksum (ip));
2058 /* Decrement TTL & update checksum.
2059 Works either endian, so no need for byte swap. */
2060 static_always_inline void
2061 ip4_ttl_and_checksum_check (vlib_buffer_t * b, ip4_header_t * ip, u16 * next,
2066 if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED))
2071 /* Input node should have reject packets with ttl 0. */
2072 ASSERT (ip->ttl > 0);
2074 checksum = ip->checksum + clib_host_to_net_u16 (0x0100);
2075 checksum += checksum >= 0xffff;
2077 ip->checksum = checksum;
2082 * If the ttl drops below 1 when forwarding, generate
2085 if (PREDICT_FALSE (ttl <= 0))
2087 *error = IP4_ERROR_TIME_EXPIRED;
2088 vnet_buffer (b)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2089 icmp4_error_set_vnet_buffer (b, ICMP4_time_exceeded,
2090 ICMP4_time_exceeded_ttl_exceeded_in_transit,
2092 *next = IP4_REWRITE_NEXT_ICMP_ERROR;
2095 /* Verify checksum. */
2096 ASSERT ((ip->checksum == ip4_header_checksum (ip)) ||
2097 (b->flags & VNET_BUFFER_F_OFFLOAD_IP_CKSUM));
2102 ip4_rewrite_inline_with_gso (vlib_main_t * vm,
2103 vlib_node_runtime_t * node,
2104 vlib_frame_t * frame,
2105 int do_counters, int is_midchain, int is_mcast)
2107 ip_lookup_main_t *lm = &ip4_main.lookup_main;
2108 u32 *from = vlib_frame_vector_args (frame);
2109 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
2110 u16 nexts[VLIB_FRAME_SIZE], *next;
2112 vlib_node_runtime_t *error_node =
2113 vlib_node_get_runtime (vm, ip4_input_node.index);
2115 n_left_from = frame->n_vectors;
2116 u32 thread_index = vm->thread_index;
2118 vlib_get_buffers (vm, from, bufs, n_left_from);
2119 clib_memset_u16 (nexts, IP4_REWRITE_NEXT_DROP, n_left_from);
2121 #if (CLIB_N_PREFETCHES >= 8)
2122 if (n_left_from >= 6)
2125 for (i = 2; i < 6; i++)
2126 vlib_prefetch_buffer_header (bufs[i], LOAD);
2131 while (n_left_from >= 8)
2133 const ip_adjacency_t *adj0, *adj1;
2134 ip4_header_t *ip0, *ip1;
2135 u32 rw_len0, error0, adj_index0;
2136 u32 rw_len1, error1, adj_index1;
2137 u32 tx_sw_if_index0, tx_sw_if_index1;
2140 vlib_prefetch_buffer_header (b[6], LOAD);
2141 vlib_prefetch_buffer_header (b[7], LOAD);
2143 adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
2144 adj_index1 = vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
2147 * pre-fetch the per-adjacency counters
2151 vlib_prefetch_combined_counter (&adjacency_counters,
2152 thread_index, adj_index0);
2153 vlib_prefetch_combined_counter (&adjacency_counters,
2154 thread_index, adj_index1);
2157 ip0 = vlib_buffer_get_current (b[0]);
2158 ip1 = vlib_buffer_get_current (b[1]);
2160 error0 = error1 = IP4_ERROR_NONE;
2162 ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
2163 ip4_ttl_and_checksum_check (b[1], ip1, next + 1, &error1);
2165 /* Rewrite packet header and updates lengths. */
2166 adj0 = adj_get (adj_index0);
2167 adj1 = adj_get (adj_index1);
2169 /* Worth pipelining. No guarantee that adj0,1 are hot... */
2170 rw_len0 = adj0[0].rewrite_header.data_bytes;
2171 rw_len1 = adj1[0].rewrite_header.data_bytes;
2172 vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
2173 vnet_buffer (b[1])->ip.save_rewrite_length = rw_len1;
2175 p = vlib_buffer_get_current (b[2]);
2176 CLIB_PREFETCH (p - CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES, STORE);
2177 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
2179 p = vlib_buffer_get_current (b[3]);
2180 CLIB_PREFETCH (p - CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES, STORE);
2181 CLIB_PREFETCH (p, CLIB_CACHE_LINE_BYTES, LOAD);
2183 /* Check MTU of outgoing interface. */
2184 u16 ip0_len = clib_net_to_host_u16 (ip0->length);
2185 u16 ip1_len = clib_net_to_host_u16 (ip1->length);
2187 if (b[0]->flags & VNET_BUFFER_F_GSO)
2188 ip0_len = gso_mtu_sz (b[0]);
2189 if (b[1]->flags & VNET_BUFFER_F_GSO)
2190 ip1_len = gso_mtu_sz (b[1]);
2192 ip4_mtu_check (b[0], ip0_len,
2193 adj0[0].rewrite_header.max_l3_packet_bytes,
2194 ip0->flags_and_fragment_offset &
2195 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2196 next + 0, is_midchain, &error0);
2197 ip4_mtu_check (b[1], ip1_len,
2198 adj1[0].rewrite_header.max_l3_packet_bytes,
2199 ip1->flags_and_fragment_offset &
2200 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2201 next + 1, is_midchain, &error1);
2205 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2206 vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
2207 IP4_ERROR_SAME_INTERFACE : error0);
2208 error1 = ((adj1[0].rewrite_header.sw_if_index ==
2209 vnet_buffer (b[1])->sw_if_index[VLIB_RX]) ?
2210 IP4_ERROR_SAME_INTERFACE : error1);
2213 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2214 * to see the IP header */
2215 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2217 u32 next_index = adj0[0].rewrite_header.next_index;
2218 vlib_buffer_advance (b[0], -(word) rw_len0);
2220 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2221 vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2224 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2225 vnet_feature_arc_start (lm->output_feature_arc_index,
2226 tx_sw_if_index0, &next_index, b[0]);
2227 next[0] = next_index;
2229 vnet_calc_checksums_inline (vm, b[0], 1 /* is_ip4 */ ,
2235 b[0]->error = error_node->errors[error0];
2236 if (error0 == IP4_ERROR_MTU_EXCEEDED)
2237 ip4_ttl_inc (b[0], ip0);
2239 if (PREDICT_TRUE (error1 == IP4_ERROR_NONE))
2241 u32 next_index = adj1[0].rewrite_header.next_index;
2242 vlib_buffer_advance (b[1], -(word) rw_len1);
2244 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2245 vnet_buffer (b[1])->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2248 (adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2249 vnet_feature_arc_start (lm->output_feature_arc_index,
2250 tx_sw_if_index1, &next_index, b[1]);
2251 next[1] = next_index;
2253 vnet_calc_checksums_inline (vm, b[0], 1 /* is_ip4 */ ,
2259 b[1]->error = error_node->errors[error1];
2260 if (error1 == IP4_ERROR_MTU_EXCEEDED)
2261 ip4_ttl_inc (b[1], ip1);
2264 /* Guess we are only writing on simple Ethernet header. */
2265 vnet_rewrite_two_headers (adj0[0], adj1[0],
2266 ip0, ip1, sizeof (ethernet_header_t));
2270 if (error0 == IP4_ERROR_NONE)
2271 vlib_increment_combined_counter
2272 (&adjacency_counters,
2275 vlib_buffer_length_in_chain (vm, b[0]) + rw_len0);
2277 if (error1 == IP4_ERROR_NONE)
2278 vlib_increment_combined_counter
2279 (&adjacency_counters,
2282 vlib_buffer_length_in_chain (vm, b[1]) + rw_len1);
2287 if (error0 == IP4_ERROR_NONE && adj0->sub_type.midchain.fixup_func)
2288 adj0->sub_type.midchain.fixup_func
2289 (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
2290 if (error1 == IP4_ERROR_NONE && adj1->sub_type.midchain.fixup_func)
2291 adj1->sub_type.midchain.fixup_func
2292 (vm, adj1, b[1], adj1->sub_type.midchain.fixup_data);
2297 /* copy bytes from the IP address into the MAC rewrite */
2298 if (error0 == IP4_ERROR_NONE)
2299 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2300 adj0->rewrite_header.dst_mcast_offset,
2301 &ip0->dst_address.as_u32, (u8 *) ip0);
2302 if (error1 == IP4_ERROR_NONE)
2303 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2304 adj1->rewrite_header.dst_mcast_offset,
2305 &ip1->dst_address.as_u32, (u8 *) ip1);
2312 #elif (CLIB_N_PREFETCHES >= 4)
2315 while (n_left_from >= 1)
2317 ip_adjacency_t *adj0;
2319 u32 rw_len0, error0, adj_index0;
2320 u32 tx_sw_if_index0;
2323 /* Prefetch next iteration */
2324 if (PREDICT_TRUE (n_left_from >= 4))
2326 ip_adjacency_t *adj2;
2329 vlib_prefetch_buffer_header (b[3], LOAD);
2330 vlib_prefetch_buffer_data (b[2], LOAD);
2332 /* Prefetch adj->rewrite_header */
2333 adj_index2 = vnet_buffer (b[2])->ip.adj_index[VLIB_TX];
2334 adj2 = adj_get (adj_index2);
2336 CLIB_PREFETCH (p + CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES,
2340 adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
2343 * Prefetch the per-adjacency counters
2347 vlib_prefetch_combined_counter (&adjacency_counters,
2348 thread_index, adj_index0);
2351 ip0 = vlib_buffer_get_current (b[0]);
2353 error0 = IP4_ERROR_NONE;
2355 ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
2357 /* Rewrite packet header and updates lengths. */
2358 adj0 = adj_get (adj_index0);
2360 /* Rewrite header was prefetched. */
2361 rw_len0 = adj0[0].rewrite_header.data_bytes;
2362 vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
2364 /* Check MTU of outgoing interface. */
2365 u16 ip0_len = clib_net_to_host_u16 (ip0->length);
2367 if (b[0]->flags & VNET_BUFFER_F_GSO)
2368 ip0_len = gso_mtu_sz (b[0]);
2370 ip4_mtu_check (b[0], ip0_len,
2371 adj0[0].rewrite_header.max_l3_packet_bytes,
2372 ip0->flags_and_fragment_offset &
2373 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2374 next + 0, is_midchain, &error0);
2378 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2379 vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
2380 IP4_ERROR_SAME_INTERFACE : error0);
2383 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2384 * to see the IP header */
2385 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2387 u32 next_index = adj0[0].rewrite_header.next_index;
2388 vlib_buffer_advance (b[0], -(word) rw_len0);
2389 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2390 vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2393 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2394 vnet_feature_arc_start (lm->output_feature_arc_index,
2395 tx_sw_if_index0, &next_index, b[0]);
2396 next[0] = next_index;
2399 vnet_calc_checksums_inline (vm, b[0], 1 /* is_ip4 */ ,
2403 /* Guess we are only writing on simple Ethernet header. */
2404 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2407 * Bump the per-adjacency counters
2410 vlib_increment_combined_counter
2411 (&adjacency_counters,
2413 adj_index0, 1, vlib_buffer_length_in_chain (vm,
2416 if (is_midchain && adj0->sub_type.midchain.fixup_func)
2417 adj0->sub_type.midchain.fixup_func
2418 (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
2421 /* copy bytes from the IP address into the MAC rewrite */
2422 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2423 adj0->rewrite_header.dst_mcast_offset,
2424 &ip0->dst_address.as_u32, (u8 *) ip0);
2428 b[0]->error = error_node->errors[error0];
2429 if (error0 == IP4_ERROR_MTU_EXCEEDED)
2430 ip4_ttl_inc (b[0], ip0);
2439 while (n_left_from > 0)
2441 ip_adjacency_t *adj0;
2443 u32 rw_len0, adj_index0, error0;
2444 u32 tx_sw_if_index0;
2446 adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
2448 adj0 = adj_get (adj_index0);
2451 vlib_prefetch_combined_counter (&adjacency_counters,
2452 thread_index, adj_index0);
2454 ip0 = vlib_buffer_get_current (b[0]);
2456 error0 = IP4_ERROR_NONE;
2458 ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
2461 /* Update packet buffer attributes/set output interface. */
2462 rw_len0 = adj0[0].rewrite_header.data_bytes;
2463 vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
2465 /* Check MTU of outgoing interface. */
2466 u16 ip0_len = clib_net_to_host_u16 (ip0->length);
2467 if (b[0]->flags & VNET_BUFFER_F_GSO)
2468 ip0_len = gso_mtu_sz (b[0]);
2470 ip4_mtu_check (b[0], ip0_len,
2471 adj0[0].rewrite_header.max_l3_packet_bytes,
2472 ip0->flags_and_fragment_offset &
2473 clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
2474 next + 0, is_midchain, &error0);
2478 error0 = ((adj0[0].rewrite_header.sw_if_index ==
2479 vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
2480 IP4_ERROR_SAME_INTERFACE : error0);
2483 /* Don't adjust the buffer for ttl issue; icmp-error node wants
2484 * to see the IP header */
2485 if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
2487 u32 next_index = adj0[0].rewrite_header.next_index;
2488 vlib_buffer_advance (b[0], -(word) rw_len0);
2489 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2490 vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2493 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2494 vnet_feature_arc_start (lm->output_feature_arc_index,
2495 tx_sw_if_index0, &next_index, b[0]);
2496 next[0] = next_index;
2499 /* this acts on the packet that is about to be encapped */
2500 vnet_calc_checksums_inline (vm, b[0], 1 /* is_ip4 */ ,
2504 /* Guess we are only writing on simple Ethernet header. */
2505 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2508 vlib_increment_combined_counter
2509 (&adjacency_counters,
2510 thread_index, adj_index0, 1,
2511 vlib_buffer_length_in_chain (vm, b[0]) + rw_len0);
2513 if (is_midchain && adj0->sub_type.midchain.fixup_func)
2514 adj0->sub_type.midchain.fixup_func
2515 (vm, adj0, b[0], adj0->sub_type.midchain.fixup_data);
2518 /* copy bytes from the IP address into the MAC rewrite */
2519 vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
2520 adj0->rewrite_header.dst_mcast_offset,
2521 &ip0->dst_address.as_u32, (u8 *) ip0);
2525 b[0]->error = error_node->errors[error0];
2526 /* undo the TTL decrement - we'll be back to do it again */
2527 if (error0 == IP4_ERROR_MTU_EXCEEDED)
2528 ip4_ttl_inc (b[0], ip0);
2537 /* Need to do trace after rewrites to pick up new packet data. */
2538 if (node->flags & VLIB_NODE_FLAG_TRACE)
2539 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
2541 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
2542 return frame->n_vectors;
2546 ip4_rewrite_inline (vlib_main_t * vm,
2547 vlib_node_runtime_t * node,
2548 vlib_frame_t * frame,
2549 int do_counters, int is_midchain, int is_mcast)
2551 return ip4_rewrite_inline_with_gso (vm, node, frame, do_counters,
2552 is_midchain, is_mcast);
2556 /** @brief IPv4 rewrite node.
2559 This is the IPv4 transit-rewrite node: decrement TTL, fix the ipv4
2560 header checksum, fetch the ip adjacency, check the outbound mtu,
2561 apply the adjacency rewrite, and send pkts to the adjacency
2562 rewrite header's rewrite_next_index.
2564 @param vm vlib_main_t corresponding to the current thread
2565 @param node vlib_node_runtime_t
2566 @param frame vlib_frame_t whose contents should be dispatched
2568 @par Graph mechanics: buffer metadata, next index usage
2571 - <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
2572 - the rewrite adjacency index
2573 - <code>adj->lookup_next_index</code>
2574 - Must be IP_LOOKUP_NEXT_REWRITE or IP_LOOKUP_NEXT_ARP, otherwise
2575 the packet will be dropped.
2576 - <code>adj->rewrite_header</code>
2577 - Rewrite string length, rewrite string, next_index
2580 - <code>b->current_data, b->current_length</code>
2581 - Updated net of applying the rewrite string
2583 <em>Next Indices:</em>
2584 - <code> adj->rewrite_header.next_index </code>
2588 VLIB_NODE_FN (ip4_rewrite_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
2589 vlib_frame_t * frame)
2591 if (adj_are_counters_enabled ())
2592 return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
2594 return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
2597 VLIB_NODE_FN (ip4_rewrite_bcast_node) (vlib_main_t * vm,
2598 vlib_node_runtime_t * node,
2599 vlib_frame_t * frame)
2601 if (adj_are_counters_enabled ())
2602 return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
2604 return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
2607 VLIB_NODE_FN (ip4_midchain_node) (vlib_main_t * vm,
2608 vlib_node_runtime_t * node,
2609 vlib_frame_t * frame)
2611 if (adj_are_counters_enabled ())
2612 return ip4_rewrite_inline (vm, node, frame, 1, 1, 0);
2614 return ip4_rewrite_inline (vm, node, frame, 0, 1, 0);
2617 VLIB_NODE_FN (ip4_rewrite_mcast_node) (vlib_main_t * vm,
2618 vlib_node_runtime_t * node,
2619 vlib_frame_t * frame)
2621 if (adj_are_counters_enabled ())
2622 return ip4_rewrite_inline (vm, node, frame, 1, 0, 1);
2624 return ip4_rewrite_inline (vm, node, frame, 0, 0, 1);
2627 VLIB_NODE_FN (ip4_mcast_midchain_node) (vlib_main_t * vm,
2628 vlib_node_runtime_t * node,
2629 vlib_frame_t * frame)
2631 if (adj_are_counters_enabled ())
2632 return ip4_rewrite_inline (vm, node, frame, 1, 1, 1);
2634 return ip4_rewrite_inline (vm, node, frame, 0, 1, 1);
2638 VLIB_REGISTER_NODE (ip4_rewrite_node) = {
2639 .name = "ip4-rewrite",
2640 .vector_size = sizeof (u32),
2642 .format_trace = format_ip4_rewrite_trace,
2644 .n_next_nodes = IP4_REWRITE_N_NEXT,
2646 [IP4_REWRITE_NEXT_DROP] = "ip4-drop",
2647 [IP4_REWRITE_NEXT_ICMP_ERROR] = "ip4-icmp-error",
2648 [IP4_REWRITE_NEXT_FRAGMENT] = "ip4-frag",
2652 VLIB_REGISTER_NODE (ip4_rewrite_bcast_node) = {
2653 .name = "ip4-rewrite-bcast",
2654 .vector_size = sizeof (u32),
2656 .format_trace = format_ip4_rewrite_trace,
2657 .sibling_of = "ip4-rewrite",
2660 VLIB_REGISTER_NODE (ip4_rewrite_mcast_node) = {
2661 .name = "ip4-rewrite-mcast",
2662 .vector_size = sizeof (u32),
2664 .format_trace = format_ip4_rewrite_trace,
2665 .sibling_of = "ip4-rewrite",
2668 VLIB_REGISTER_NODE (ip4_mcast_midchain_node) = {
2669 .name = "ip4-mcast-midchain",
2670 .vector_size = sizeof (u32),
2672 .format_trace = format_ip4_rewrite_trace,
2673 .sibling_of = "ip4-rewrite",
2676 VLIB_REGISTER_NODE (ip4_midchain_node) = {
2677 .name = "ip4-midchain",
2678 .vector_size = sizeof (u32),
2679 .format_trace = format_ip4_rewrite_trace,
2680 .sibling_of = "ip4-rewrite",
2685 ip4_lookup_validate (ip4_address_t * a, u32 fib_index0)
2687 ip4_fib_mtrie_t *mtrie0;
2688 ip4_fib_mtrie_leaf_t leaf0;
2691 mtrie0 = &ip4_fib_get (fib_index0)->mtrie;
2693 leaf0 = ip4_fib_mtrie_lookup_step_one (mtrie0, a);
2694 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, a, 2);
2695 leaf0 = ip4_fib_mtrie_lookup_step (mtrie0, leaf0, a, 3);
2697 lbi0 = ip4_fib_mtrie_leaf_get_adj_index (leaf0);
2699 return lbi0 == ip4_fib_table_lookup_lb (ip4_fib_get (fib_index0), a);
2702 static clib_error_t *
2703 test_lookup_command_fn (vlib_main_t * vm,
2704 unformat_input_t * input, vlib_cli_command_t * cmd)
2711 ip4_address_t ip4_base_address;
2714 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2716 if (unformat (input, "table %d", &table_id))
2718 /* Make sure the entry exists. */
2719 fib = ip4_fib_get (table_id);
2720 if ((fib) && (fib->index != table_id))
2721 return clib_error_return (0, "<fib-index> %d does not exist",
2724 else if (unformat (input, "count %f", &count))
2727 else if (unformat (input, "%U",
2728 unformat_ip4_address, &ip4_base_address))
2731 return clib_error_return (0, "unknown input `%U'",
2732 format_unformat_error, input);
2737 for (i = 0; i < n; i++)
2739 if (!ip4_lookup_validate (&ip4_base_address, table_id))
2742 ip4_base_address.as_u32 =
2743 clib_host_to_net_u32 (1 +
2744 clib_net_to_host_u32 (ip4_base_address.as_u32));
2748 vlib_cli_output (vm, "%llu errors out of %d lookups\n", errors, n);
2750 vlib_cli_output (vm, "No errors in %d lookups\n", n);
2756 * Perform a lookup of an IPv4 Address (or range of addresses) in the
2757 * given FIB table to determine if there is a conflict with the
2758 * adjacency table. The fib-id can be determined by using the
2759 * '<em>show ip fib</em>' command. If fib-id is not entered, default value
2762 * @todo This command uses fib-id, other commands use table-id (not
2763 * just a name, they are different indexes). Would like to change this
2764 * to table-id for consistency.
2767 * Example of how to run the test lookup command:
2768 * @cliexstart{test lookup 172.16.1.1 table 1 count 2}
2769 * No errors in 2 lookups
2773 VLIB_CLI_COMMAND (lookup_test_command, static) =
2775 .path = "test lookup",
2776 .short_help = "test lookup <ipv4-addr> [table <fib-id>] [count <nn>]",
2777 .function = test_lookup_command_fn,
2781 #ifndef CLIB_MARCH_VARIANT
2783 vnet_set_ip4_flow_hash (u32 table_id, u32 flow_hash_config)
2787 fib_index = fib_table_find (FIB_PROTOCOL_IP4, table_id);
2789 if (~0 == fib_index)
2790 return VNET_API_ERROR_NO_SUCH_FIB;
2792 fib_table_set_flow_hash_config (fib_index, FIB_PROTOCOL_IP4,
2799 static clib_error_t *
2800 set_ip_flow_hash_command_fn (vlib_main_t * vm,
2801 unformat_input_t * input,
2802 vlib_cli_command_t * cmd)
2806 u32 flow_hash_config = 0;
2809 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2811 if (unformat (input, "table %d", &table_id))
2814 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
2815 foreach_flow_hash_bit
2822 return clib_error_return (0, "unknown input `%U'",
2823 format_unformat_error, input);
2825 rv = vnet_set_ip4_flow_hash (table_id, flow_hash_config);
2831 case VNET_API_ERROR_NO_SUCH_FIB:
2832 return clib_error_return (0, "no such FIB table %d", table_id);
2835 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
2843 * Configure the set of IPv4 fields used by the flow hash.
2846 * Example of how to set the flow hash on a given table:
2847 * @cliexcmd{set ip flow-hash table 7 dst sport dport proto}
2848 * Example of display the configured flow hash:
2849 * @cliexstart{show ip fib}
2850 * ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
2853 * [@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
2854 * [0] [@0]: dpo-drop ip6
2857 * [@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
2858 * [0] [@0]: dpo-drop ip6
2861 * [@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
2862 * [0] [@0]: dpo-drop ip6
2865 * [@0]: dpo-load-balance: [index:30 buckets:1 uRPF:29 to:[0:0]]
2866 * [0] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
2869 * [@0]: dpo-load-balance: [index:31 buckets:4 uRPF:30 to:[0:0]]
2870 * [0] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
2871 * [1] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
2872 * [2] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
2873 * [3] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
2876 * [@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
2877 * [0] [@0]: dpo-drop ip6
2878 * 255.255.255.255/32
2880 * [@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
2881 * [0] [@0]: dpo-drop ip6
2882 * ipv4-VRF:7, fib_index 1, flow hash: dst sport dport proto
2885 * [@0]: dpo-load-balance: [index:12 buckets:1 uRPF:11 to:[0:0]]
2886 * [0] [@0]: dpo-drop ip6
2889 * [@0]: dpo-load-balance: [index:13 buckets:1 uRPF:12 to:[0:0]]
2890 * [0] [@0]: dpo-drop ip6
2893 * [@0]: dpo-load-balance: [index:17 buckets:1 uRPF:16 to:[0:0]]
2894 * [0] [@4]: ipv4-glean: af_packet0
2897 * [@0]: dpo-load-balance: [index:18 buckets:1 uRPF:17 to:[1:84]]
2898 * [0] [@2]: dpo-receive: 172.16.1.1 on af_packet0
2901 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
2902 * [0] [@5]: ipv4 via 172.16.1.2 af_packet0: IP4: 02:fe:9e:70:7a:2b -> 26:a5:f6:9c:3a:36
2905 * [@0]: dpo-load-balance: [index:19 buckets:1 uRPF:18 to:[0:0]]
2906 * [0] [@4]: ipv4-glean: af_packet1
2909 * [@0]: dpo-load-balance: [index:20 buckets:1 uRPF:19 to:[0:0]]
2910 * [0] [@2]: dpo-receive: 172.16.2.1 on af_packet1
2913 * [@0]: dpo-load-balance: [index:15 buckets:1 uRPF:14 to:[0:0]]
2914 * [0] [@0]: dpo-drop ip6
2917 * [@0]: dpo-load-balance: [index:14 buckets:1 uRPF:13 to:[0:0]]
2918 * [0] [@0]: dpo-drop ip6
2919 * 255.255.255.255/32
2921 * [@0]: dpo-load-balance: [index:16 buckets:1 uRPF:15 to:[0:0]]
2922 * [0] [@0]: dpo-drop ip6
2926 VLIB_CLI_COMMAND (set_ip_flow_hash_command, static) =
2928 .path = "set ip flow-hash",
2930 "set ip flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
2931 .function = set_ip_flow_hash_command_fn,
2935 #ifndef CLIB_MARCH_VARIANT
2937 vnet_set_ip4_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
2940 vnet_main_t *vnm = vnet_get_main ();
2941 vnet_interface_main_t *im = &vnm->interface_main;
2942 ip4_main_t *ipm = &ip4_main;
2943 ip_lookup_main_t *lm = &ipm->lookup_main;
2944 vnet_classify_main_t *cm = &vnet_classify_main;
2945 ip4_address_t *if_addr;
2947 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
2948 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
2950 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
2951 return VNET_API_ERROR_NO_SUCH_ENTRY;
2953 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
2954 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
2956 if_addr = ip4_interface_first_address (ipm, sw_if_index, NULL);
2958 if (NULL != if_addr)
2960 fib_prefix_t pfx = {
2962 .fp_proto = FIB_PROTOCOL_IP4,
2963 .fp_addr.ip4 = *if_addr,
2967 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
2971 if (table_index != (u32) ~ 0)
2973 dpo_id_t dpo = DPO_INVALID;
2978 classify_dpo_create (DPO_PROTO_IP4, table_index));
2980 fib_table_entry_special_dpo_add (fib_index,
2982 FIB_SOURCE_CLASSIFY,
2983 FIB_ENTRY_FLAG_NONE, &dpo);
2988 fib_table_entry_special_remove (fib_index,
2989 &pfx, FIB_SOURCE_CLASSIFY);
2997 static clib_error_t *
2998 set_ip_classify_command_fn (vlib_main_t * vm,
2999 unformat_input_t * input,
3000 vlib_cli_command_t * cmd)
3002 u32 table_index = ~0;
3003 int table_index_set = 0;
3004 u32 sw_if_index = ~0;
3007 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3009 if (unformat (input, "table-index %d", &table_index))
3010 table_index_set = 1;
3011 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3012 vnet_get_main (), &sw_if_index))
3018 if (table_index_set == 0)
3019 return clib_error_return (0, "classify table-index must be specified");
3021 if (sw_if_index == ~0)
3022 return clib_error_return (0, "interface / subif must be specified");
3024 rv = vnet_set_ip4_classify_intfc (vm, sw_if_index, table_index);
3031 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3032 return clib_error_return (0, "No such interface");
3034 case VNET_API_ERROR_NO_SUCH_ENTRY:
3035 return clib_error_return (0, "No such classifier table");
3041 * Assign a classification table to an interface. The classification
3042 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3043 * commands. Once the table is create, use this command to filter packets
3047 * Example of how to assign a classification table to an interface:
3048 * @cliexcmd{set ip classify intfc GigabitEthernet2/0/0 table-index 1}
3051 VLIB_CLI_COMMAND (set_ip_classify_command, static) =
3053 .path = "set ip classify",
3055 "set ip classify intfc <interface> table-index <classify-idx>",
3056 .function = set_ip_classify_command_fn,
3060 static clib_error_t *
3061 ip4_config (vlib_main_t * vm, unformat_input_t * input)
3063 ip4_main_t *im = &ip4_main;
3066 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3068 if (unformat (input, "heap-size %U", unformat_memory_size, &heapsize))
3071 return clib_error_return (0,
3072 "invalid heap-size parameter `%U'",
3073 format_unformat_error, input);
3076 im->mtrie_heap_size = heapsize;
3081 VLIB_EARLY_CONFIG_FUNCTION (ip4_config, "ip");
3084 * fd.io coding-style-patch-verification: ON
3087 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob