2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 * @brief IPv4 Reassembly.
20 * This file contains the source code for IPv4 reassembly.
23 #include <vppinfra/vec.h>
24 #include <vnet/vnet.h>
25 #include <vnet/ip/ip.h>
26 #include <vppinfra/bihash_16_8.h>
27 #include <vnet/ip/ip4_reassembly.h>
29 #define MSEC_PER_SEC 1000
30 #define IP4_REASS_TIMEOUT_DEFAULT_MS 100
31 #define IP4_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS 10000 // 10 seconds default
32 #define IP4_REASS_MAX_REASSEMBLIES_DEFAULT 1024
33 #define IP4_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT 3
34 #define IP4_REASS_HT_LOAD_FACTOR (0.75)
36 #define IP4_REASS_DEBUG_BUFFERS 0
37 #if IP4_REASS_DEBUG_BUFFERS
38 #define IP4_REASS_DEBUG_BUFFER(bi, what) \
42 printf (#what "buffer %u", _bi); \
43 vlib_buffer_t *_b = vlib_get_buffer (vm, _bi); \
44 while (_b->flags & VLIB_BUFFER_NEXT_PRESENT) \
46 _bi = _b->next_buffer; \
47 printf ("[%u]", _bi); \
48 _b = vlib_get_buffer (vm, _bi); \
55 #define IP4_REASS_DEBUG_BUFFER(...)
61 IP4_REASS_RC_TOO_MANY_FRAGMENTS,
62 IP4_REASS_RC_INTERNAL_ERROR,
100 clib_bihash_kv_16_8_t kv;
104 ip4_reass_buffer_get_data_offset (vlib_buffer_t * b)
106 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
107 return vnb->ip.reass.range_first - vnb->ip.reass.fragment_first;
111 ip4_reass_buffer_get_data_len (vlib_buffer_t * b)
113 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
114 return clib_min (vnb->ip.reass.range_last, vnb->ip.reass.fragment_last) -
115 (vnb->ip.reass.fragment_first + ip4_reass_buffer_get_data_offset (b)) + 1;
122 // time when last packet was received
124 // internal id of this reassembly
126 // buffer index of first buffer in this reassembly context
128 // last octet of packet, ~0 until fragment without more_fragments arrives
129 u32 last_packet_octet;
130 // length of data collected so far
132 // trace operation counter
133 u32 trace_op_counter;
134 // next index - used by non-feature node
136 // minimum fragment length for this reassembly - used to estimate MTU
137 u16 min_fragment_length;
138 // number of fragments in this reassembly
147 clib_spinlock_t lock;
148 } ip4_reass_per_thread_t;
155 u32 expire_walk_interval_ms;
156 // maximum number of fragments in one reassembly
158 // maximum number of reassemblies
162 clib_bihash_16_8_t hash;
164 ip4_reass_per_thread_t *per_thread_data;
167 vlib_main_t *vlib_main;
168 vnet_main_t *vnet_main;
170 // node index of ip4-drop node
172 u32 ip4_reass_expire_node_idx;
174 /** Worker handoff */
176 u32 fq_feature_index;
180 extern ip4_reass_main_t ip4_reass_main;
182 #ifndef CLIB_MARCH_VARIANT
183 ip4_reass_main_t ip4_reass_main;
184 #endif /* CLIB_MARCH_VARIANT */
188 IP4_REASSEMBLY_NEXT_INPUT,
189 IP4_REASSEMBLY_NEXT_DROP,
190 IP4_REASSEMBLY_NEXT_HANDOFF,
191 IP4_REASSEMBLY_N_NEXT,
201 } ip4_reass_trace_operation_e;
211 } ip4_reass_range_trace_t;
215 ip4_reass_trace_operation_e action;
217 ip4_reass_range_trace_t trace_range;
225 extern vlib_node_registration_t ip4_reass_node;
226 extern vlib_node_registration_t ip4_reass_node_feature;
229 ip4_reass_trace_details (vlib_main_t * vm, u32 bi,
230 ip4_reass_range_trace_t * trace)
232 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
233 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
234 trace->range_first = vnb->ip.reass.range_first;
235 trace->range_last = vnb->ip.reass.range_last;
236 trace->data_offset = ip4_reass_buffer_get_data_offset (b);
237 trace->data_len = ip4_reass_buffer_get_data_len (b);
238 trace->range_bi = bi;
242 format_ip4_reass_range_trace (u8 * s, va_list * args)
244 ip4_reass_range_trace_t *trace = va_arg (*args, ip4_reass_range_trace_t *);
245 s = format (s, "range: [%u, %u], off %d, len %u, bi %u", trace->range_first,
246 trace->range_last, trace->data_offset, trace->data_len,
252 format_ip4_reass_trace (u8 * s, va_list * args)
254 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
255 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
256 ip4_reass_trace_t *t = va_arg (*args, ip4_reass_trace_t *);
257 s = format (s, "reass id: %u, op id: %u ", t->reass_id, t->op_id);
258 u32 indent = format_get_indent (s);
259 s = format (s, "first bi: %u, data len: %u, ip/fragment[%u, %u]",
260 t->trace_range.first_bi, t->total_data_len, t->fragment_first,
265 s = format (s, "\n%Ushrink %U by %u", format_white_space, indent,
266 format_ip4_reass_range_trace, &t->trace_range,
270 s = format (s, "\n%Udiscard %U", format_white_space, indent,
271 format_ip4_reass_range_trace, &t->trace_range);
274 s = format (s, "\n%Unew %U", format_white_space, indent,
275 format_ip4_reass_range_trace, &t->trace_range);
278 s = format (s, "\n%Uoverlapping/ignored %U", format_white_space, indent,
279 format_ip4_reass_range_trace, &t->trace_range);
282 s = format (s, "\n%Ufinalize reassembly", format_white_space, indent);
289 ip4_reass_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
290 ip4_reass_main_t * rm, ip4_reass_t * reass, u32 bi,
291 ip4_reass_trace_operation_e action, u32 size_diff)
293 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
294 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
295 if (pool_is_free_index (vm->trace_main.trace_buffer_pool, b->trace_index))
297 // this buffer's trace is gone
298 b->flags &= ~VLIB_BUFFER_IS_TRACED;
301 ip4_reass_trace_t *t = vlib_add_trace (vm, node, b, sizeof (t[0]));
302 t->reass_id = reass->id;
304 ip4_reass_trace_details (vm, bi, &t->trace_range);
305 t->size_diff = size_diff;
306 t->op_id = reass->trace_op_counter;
307 ++reass->trace_op_counter;
308 t->fragment_first = vnb->ip.reass.fragment_first;
309 t->fragment_last = vnb->ip.reass.fragment_last;
310 t->trace_range.first_bi = reass->first_bi;
311 t->total_data_len = reass->data_len;
314 s = format (s, "%U", format_ip4_reass_trace, NULL, NULL, t);
315 printf ("%.*s\n", vec_len (s), s);
317 vec_reset_length (s);
323 ip4_reass_free (ip4_reass_main_t * rm, ip4_reass_per_thread_t * rt,
326 clib_bihash_kv_16_8_t kv;
327 kv.key[0] = reass->key.as_u64[0];
328 kv.key[1] = reass->key.as_u64[1];
329 clib_bihash_add_del_16_8 (&rm->hash, &kv, 0);
330 pool_put (rt->pool, reass);
335 ip4_reass_on_timeout (vlib_main_t * vm, ip4_reass_main_t * rm,
338 u32 range_bi = reass->first_bi;
339 vlib_buffer_t *range_b;
340 vnet_buffer_opaque_t *range_vnb;
342 while (~0 != range_bi)
344 range_b = vlib_get_buffer (vm, range_bi);
345 range_vnb = vnet_buffer (range_b);
349 vec_add1 (to_free, bi);
350 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
351 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
354 b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
361 range_bi = range_vnb->ip.reass.next_range_bi;
363 vlib_buffer_free (vm, to_free, vec_len (to_free));
368 ip4_reass_find_or_create (vlib_main_t * vm, ip4_reass_main_t * rm,
369 ip4_reass_per_thread_t * rt, ip4_reass_kv_t * kv,
372 ip4_reass_t *reass = NULL;
373 f64 now = vlib_time_now (rm->vlib_main);
375 if (!clib_bihash_search_16_8
376 (&rm->hash, (clib_bihash_kv_16_8_t *) kv, (clib_bihash_kv_16_8_t *) kv))
378 if (vm->thread_index != kv->v.thread_index)
383 reass = pool_elt_at_index (rt->pool, kv->v.reass_index);
385 if (now > reass->last_heard + rm->timeout)
387 ip4_reass_on_timeout (vm, rm, reass);
388 ip4_reass_free (rm, rt, reass);
395 reass->last_heard = now;
399 if (rt->reass_n >= rm->max_reass_n)
406 pool_get (rt->pool, reass);
407 clib_memset (reass, 0, sizeof (*reass));
408 reass->id = ((u64) vm->thread_index * 1000000000) + rt->id_counter;
410 reass->first_bi = ~0;
411 reass->last_packet_octet = ~0;
416 reass->key.as_u64[0] = ((clib_bihash_kv_16_8_t *) kv)->key[0];
417 reass->key.as_u64[1] = ((clib_bihash_kv_16_8_t *) kv)->key[1];
418 kv->v.reass_index = (reass - rt->pool);
419 kv->v.thread_index = vm->thread_index;
420 reass->last_heard = now;
422 if (clib_bihash_add_del_16_8 (&rm->hash, (clib_bihash_kv_16_8_t *) kv, 1))
424 ip4_reass_free (rm, rt, reass);
431 always_inline ip4_reass_rc_t
432 ip4_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * node,
433 ip4_reass_main_t * rm, ip4_reass_per_thread_t * rt,
434 ip4_reass_t * reass, u32 * bi0, u32 * next0, u32 * error0,
437 vlib_buffer_t *first_b = vlib_get_buffer (vm, reass->first_bi);
438 vlib_buffer_t *last_b = NULL;
439 u32 sub_chain_bi = reass->first_bi;
440 u32 total_length = 0;
444 u32 tmp_bi = sub_chain_bi;
445 vlib_buffer_t *tmp = vlib_get_buffer (vm, tmp_bi);
446 ip4_header_t *ip = vlib_buffer_get_current (tmp);
447 vnet_buffer_opaque_t *vnb = vnet_buffer (tmp);
448 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
449 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
451 return IP4_REASS_RC_INTERNAL_ERROR;
454 u32 data_len = ip4_reass_buffer_get_data_len (tmp);
456 ip4_header_bytes (ip) + ip4_reass_buffer_get_data_offset (tmp);
458 vlib_buffer_length_in_chain (vm, tmp) - trim_front - data_len;
459 if (tmp_bi == reass->first_bi)
461 /* first buffer - keep ip4 header */
462 if (0 != ip4_reass_buffer_get_data_offset (tmp))
464 return IP4_REASS_RC_INTERNAL_ERROR;
467 trim_end = vlib_buffer_length_in_chain (vm, tmp) - data_len -
468 ip4_header_bytes (ip);
469 if (!(vlib_buffer_length_in_chain (vm, tmp) - trim_end > 0))
471 return IP4_REASS_RC_INTERNAL_ERROR;
475 vlib_buffer_length_in_chain (vm, tmp) - trim_front - trim_end;
481 if (trim_front > tmp->current_length)
483 /* drop whole buffer */
484 u32 to_be_freed_bi = tmp_bi;
485 trim_front -= tmp->current_length;
486 if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
488 return IP4_REASS_RC_INTERNAL_ERROR;
490 tmp->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
491 tmp_bi = tmp->next_buffer;
492 tmp = vlib_get_buffer (vm, tmp_bi);
493 vlib_buffer_free_one (vm, to_be_freed_bi);
498 vlib_buffer_advance (tmp, trim_front);
506 last_b->flags |= VLIB_BUFFER_NEXT_PRESENT;
507 last_b->next_buffer = tmp_bi;
510 if (keep_data <= tmp->current_length)
512 tmp->current_length = keep_data;
517 keep_data -= tmp->current_length;
518 if (!(tmp->flags & VLIB_BUFFER_NEXT_PRESENT))
520 return IP4_REASS_RC_INTERNAL_ERROR;
523 total_length += tmp->current_length;
524 if (tmp->flags & VLIB_BUFFER_NEXT_PRESENT)
526 tmp_bi = tmp->next_buffer;
527 tmp = vlib_get_buffer (vm, tmp->next_buffer);
536 u32 to_be_freed_bi = tmp_bi;
537 if (reass->first_bi == tmp_bi)
539 return IP4_REASS_RC_INTERNAL_ERROR;
541 if (tmp->flags & VLIB_BUFFER_NEXT_PRESENT)
543 tmp_bi = tmp->next_buffer;
544 tmp = vlib_get_buffer (vm, tmp->next_buffer);
545 vlib_buffer_free_one (vm, to_be_freed_bi);
549 vlib_buffer_free_one (vm, to_be_freed_bi);
555 vnet_buffer (vlib_get_buffer (vm, sub_chain_bi))->ip.
558 while (~0 != sub_chain_bi);
562 return IP4_REASS_RC_INTERNAL_ERROR;
564 last_b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
565 if (total_length < first_b->current_length)
567 return IP4_REASS_RC_INTERNAL_ERROR;
569 total_length -= first_b->current_length;
570 first_b->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
571 first_b->total_length_not_including_first_buffer = total_length;
572 ip4_header_t *ip = vlib_buffer_get_current (first_b);
573 ip->flags_and_fragment_offset = 0;
574 ip->length = clib_host_to_net_u16 (first_b->current_length + total_length);
575 ip->checksum = ip4_header_checksum (ip);
576 if (!vlib_buffer_chain_linearize (vm, first_b))
578 return IP4_REASS_RC_NO_BUF;
581 if (PREDICT_FALSE (first_b->flags & VLIB_BUFFER_IS_TRACED))
583 ip4_reass_add_trace (vm, node, rm, reass, reass->first_bi, FINALIZE, 0);
585 // following code does a hexdump of packet fragments to stdout ...
588 u32 bi = reass->first_bi;
592 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
593 s = format (s, "%u: %U\n", bi, format_hexdump,
594 vlib_buffer_get_current (b), b->current_length);
595 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
604 printf ("%.*s\n", vec_len (s), s);
611 *bi0 = reass->first_bi;
614 *next0 = IP4_REASSEMBLY_NEXT_INPUT;
618 *next0 = reass->next_index;
620 vnet_buffer (first_b)->ip.reass.estimated_mtu = reass->min_fragment_length;
621 *error0 = IP4_ERROR_NONE;
622 ip4_reass_free (rm, rt, reass);
624 return IP4_REASS_RC_OK;
627 always_inline ip4_reass_rc_t
628 ip4_reass_insert_range_in_chain (vlib_main_t * vm,
629 ip4_reass_main_t * rm,
630 ip4_reass_per_thread_t * rt,
632 u32 prev_range_bi, u32 new_next_bi)
634 vlib_buffer_t *new_next_b = vlib_get_buffer (vm, new_next_bi);
635 vnet_buffer_opaque_t *new_next_vnb = vnet_buffer (new_next_b);
636 if (~0 != prev_range_bi)
638 vlib_buffer_t *prev_b = vlib_get_buffer (vm, prev_range_bi);
639 vnet_buffer_opaque_t *prev_vnb = vnet_buffer (prev_b);
640 new_next_vnb->ip.reass.next_range_bi = prev_vnb->ip.reass.next_range_bi;
641 prev_vnb->ip.reass.next_range_bi = new_next_bi;
645 if (~0 != reass->first_bi)
647 new_next_vnb->ip.reass.next_range_bi = reass->first_bi;
649 reass->first_bi = new_next_bi;
651 vnet_buffer_opaque_t *vnb = vnet_buffer (new_next_b);
652 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
653 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
655 return IP4_REASS_RC_INTERNAL_ERROR;
657 reass->data_len += ip4_reass_buffer_get_data_len (new_next_b);
658 return IP4_REASS_RC_OK;
661 always_inline ip4_reass_rc_t
662 ip4_reass_remove_range_from_chain (vlib_main_t * vm,
663 vlib_node_runtime_t * node,
664 ip4_reass_main_t * rm,
665 ip4_reass_t * reass, u32 prev_range_bi,
668 vlib_buffer_t *discard_b = vlib_get_buffer (vm, discard_bi);
669 vnet_buffer_opaque_t *discard_vnb = vnet_buffer (discard_b);
670 if (~0 != prev_range_bi)
672 vlib_buffer_t *prev_b = vlib_get_buffer (vm, prev_range_bi);
673 vnet_buffer_opaque_t *prev_vnb = vnet_buffer (prev_b);
674 if (!(prev_vnb->ip.reass.next_range_bi == discard_bi))
676 return IP4_REASS_RC_INTERNAL_ERROR;
678 prev_vnb->ip.reass.next_range_bi = discard_vnb->ip.reass.next_range_bi;
682 reass->first_bi = discard_vnb->ip.reass.next_range_bi;
684 vnet_buffer_opaque_t *vnb = vnet_buffer (discard_b);
685 if (!(vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first) &&
686 !(vnb->ip.reass.range_last > vnb->ip.reass.fragment_first))
688 return IP4_REASS_RC_INTERNAL_ERROR;
690 reass->data_len -= ip4_reass_buffer_get_data_len (discard_b);
693 u32 to_be_freed_bi = discard_bi;
694 if (PREDICT_FALSE (discard_b->flags & VLIB_BUFFER_IS_TRACED))
696 ip4_reass_add_trace (vm, node, rm, reass, discard_bi, RANGE_DISCARD,
699 if (discard_b->flags & VLIB_BUFFER_NEXT_PRESENT)
701 discard_b->flags &= ~VLIB_BUFFER_NEXT_PRESENT;
702 discard_bi = discard_b->next_buffer;
703 discard_b = vlib_get_buffer (vm, discard_bi);
704 vlib_buffer_free_one (vm, to_be_freed_bi);
708 vlib_buffer_free_one (vm, to_be_freed_bi);
712 return IP4_REASS_RC_OK;
715 always_inline ip4_reass_rc_t
716 ip4_reass_update (vlib_main_t * vm, vlib_node_runtime_t * node,
717 ip4_reass_main_t * rm, ip4_reass_per_thread_t * rt,
718 ip4_reass_t * reass, u32 * bi0, u32 * next0, u32 * error0,
721 ip4_reass_rc_t rc = IP4_REASS_RC_OK;
723 vlib_buffer_t *fb = vlib_get_buffer (vm, *bi0);
724 ip4_header_t *fip = vlib_buffer_get_current (fb);
725 vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
726 reass->next_index = fvnb->ip.reass.next_index; // store next_index before it's overwritten
727 const u32 fragment_first = ip4_get_fragment_offset_bytes (fip);
728 const u32 fragment_length =
729 clib_net_to_host_u16 (fip->length) - ip4_header_bytes (fip);
730 const u32 fragment_last = fragment_first + fragment_length - 1;
731 fvnb->ip.reass.fragment_first = fragment_first;
732 fvnb->ip.reass.fragment_last = fragment_last;
733 int more_fragments = ip4_get_fragment_more (fip);
734 u32 candidate_range_bi = reass->first_bi;
735 u32 prev_range_bi = ~0;
736 fvnb->ip.reass.range_first = fragment_first;
737 fvnb->ip.reass.range_last = fragment_last;
738 fvnb->ip.reass.next_range_bi = ~0;
741 reass->last_packet_octet = fragment_last;
743 if (~0 == reass->first_bi)
745 // starting a new reassembly
747 ip4_reass_insert_range_in_chain (vm, rm, rt, reass, prev_range_bi,
749 if (IP4_REASS_RC_OK != rc)
753 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
755 ip4_reass_add_trace (vm, node, rm, reass, *bi0, RANGE_NEW, 0);
758 reass->min_fragment_length = clib_net_to_host_u16 (fip->length);
759 reass->fragments_n = 1;
760 return IP4_REASS_RC_OK;
762 reass->min_fragment_length = clib_min (clib_net_to_host_u16 (fip->length),
763 fvnb->ip.reass.estimated_mtu);
764 while (~0 != candidate_range_bi)
766 vlib_buffer_t *candidate_b = vlib_get_buffer (vm, candidate_range_bi);
767 vnet_buffer_opaque_t *candidate_vnb = vnet_buffer (candidate_b);
768 if (fragment_first > candidate_vnb->ip.reass.range_last)
770 // this fragments starts after candidate range
771 prev_range_bi = candidate_range_bi;
772 candidate_range_bi = candidate_vnb->ip.reass.next_range_bi;
773 if (candidate_vnb->ip.reass.range_last < fragment_last &&
774 ~0 == candidate_range_bi)
776 // special case - this fragment falls beyond all known ranges
778 ip4_reass_insert_range_in_chain (vm, rm, rt, reass,
779 prev_range_bi, *bi0);
780 if (IP4_REASS_RC_OK != rc)
789 if (fragment_last < candidate_vnb->ip.reass.range_first)
791 // this fragment ends before candidate range without any overlap
793 ip4_reass_insert_range_in_chain (vm, rm, rt, reass, prev_range_bi,
795 if (IP4_REASS_RC_OK != rc)
803 if (fragment_first >= candidate_vnb->ip.reass.range_first &&
804 fragment_last <= candidate_vnb->ip.reass.range_last)
806 // this fragment is a (sub)part of existing range, ignore it
807 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
809 ip4_reass_add_trace (vm, node, rm, reass, *bi0,
814 int discard_candidate = 0;
815 if (fragment_first < candidate_vnb->ip.reass.range_first)
818 fragment_last - candidate_vnb->ip.reass.range_first + 1;
819 if (overlap < ip4_reass_buffer_get_data_len (candidate_b))
821 candidate_vnb->ip.reass.range_first += overlap;
822 if (reass->data_len < overlap)
824 return IP4_REASS_RC_INTERNAL_ERROR;
826 reass->data_len -= overlap;
827 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
829 ip4_reass_add_trace (vm, node, rm, reass,
830 candidate_range_bi, RANGE_SHRINK,
834 ip4_reass_insert_range_in_chain (vm, rm, rt, reass,
835 prev_range_bi, *bi0);
836 if (IP4_REASS_RC_OK != rc)
844 discard_candidate = 1;
847 else if (fragment_last > candidate_vnb->ip.reass.range_last)
850 candidate_vnb->ip.reass.range_last - fragment_first + 1;
851 if (overlap < ip4_reass_buffer_get_data_len (candidate_b))
853 fvnb->ip.reass.range_first += overlap;
854 if (~0 != candidate_vnb->ip.reass.next_range_bi)
856 prev_range_bi = candidate_range_bi;
858 candidate_vnb->ip.reass.next_range_bi;
863 // special case - last range discarded
865 ip4_reass_insert_range_in_chain (vm, rm, rt, reass,
868 if (IP4_REASS_RC_OK != rc)
877 discard_candidate = 1;
882 discard_candidate = 1;
884 if (discard_candidate)
886 u32 next_range_bi = candidate_vnb->ip.reass.next_range_bi;
887 // discard candidate range, probe next range
889 ip4_reass_remove_range_from_chain (vm, node, rm, reass,
892 if (IP4_REASS_RC_OK != rc)
896 if (~0 != next_range_bi)
898 candidate_range_bi = next_range_bi;
903 // special case - last range discarded
905 ip4_reass_insert_range_in_chain (vm, rm, rt, reass,
906 prev_range_bi, *bi0);
907 if (IP4_REASS_RC_OK != rc)
917 ++reass->fragments_n;
920 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
922 ip4_reass_add_trace (vm, node, rm, reass, *bi0, RANGE_NEW, 0);
925 if (~0 != reass->last_packet_octet &&
926 reass->data_len == reass->last_packet_octet + 1)
928 return ip4_reass_finalize (vm, node, rm, rt, reass, bi0, next0, error0,
936 if (reass->fragments_n > rm->max_reass_len)
938 rc = IP4_REASS_RC_TOO_MANY_FRAGMENTS;
943 *next0 = IP4_REASSEMBLY_NEXT_DROP;
944 *error0 = IP4_ERROR_REASS_DUPLICATE_FRAGMENT;
951 ip4_reassembly_inline (vlib_main_t * vm,
952 vlib_node_runtime_t * node,
953 vlib_frame_t * frame, bool is_feature)
955 u32 *from = vlib_frame_vector_args (frame);
956 u32 n_left_from, n_left_to_next, *to_next, next_index;
957 ip4_reass_main_t *rm = &ip4_reass_main;
958 ip4_reass_per_thread_t *rt = &rm->per_thread_data[vm->thread_index];
959 clib_spinlock_lock (&rt->lock);
961 n_left_from = frame->n_vectors;
962 next_index = node->cached_next_index;
963 while (n_left_from > 0)
965 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
967 while (n_left_from > 0 && n_left_to_next > 0)
972 u32 error0 = IP4_ERROR_NONE;
975 b0 = vlib_get_buffer (vm, bi0);
977 ip4_header_t *ip0 = vlib_buffer_get_current (b0);
978 if (!ip4_get_fragment_more (ip0) && !ip4_get_fragment_offset (ip0))
980 // this is a whole packet - no fragmentation
983 next0 = IP4_REASSEMBLY_NEXT_INPUT;
987 next0 = vnet_buffer (b0)->ip.reass.next_index;
992 const u32 fragment_first = ip4_get_fragment_offset_bytes (ip0);
993 const u32 fragment_length =
994 clib_net_to_host_u16 (ip0->length) - ip4_header_bytes (ip0);
995 const u32 fragment_last = fragment_first + fragment_length - 1;
996 if (fragment_first > fragment_last || fragment_first + fragment_length > UINT16_MAX - 20 || (fragment_length < 8 && ip4_get_fragment_more (ip0))) // 8 is minimum frag length per RFC 791
998 next0 = IP4_REASSEMBLY_NEXT_DROP;
999 error0 = IP4_ERROR_REASS_MALFORMED_PACKET;
1007 (u64) vec_elt (ip4_main.fib_index_by_sw_if_index,
1008 vnet_buffer (b0)->sw_if_index[VLIB_RX]) |
1009 (u64) ip0->src_address.as_u32 << 32;
1011 (u64) ip0->dst_address.as_u32 |
1012 (u64) ip0->fragment_id << 32 | (u64) ip0->protocol << 48;
1014 ip4_reass_t *reass =
1015 ip4_reass_find_or_create (vm, rm, rt, &kv, &do_handoff);
1017 if (PREDICT_FALSE (do_handoff))
1019 next0 = IP4_REASSEMBLY_NEXT_HANDOFF;
1021 vnet_buffer (b0)->ip.
1022 reass.owner_feature_thread_index =
1025 vnet_buffer (b0)->ip.reass.owner_thread_index =
1030 switch (ip4_reass_update
1031 (vm, node, rm, rt, reass, &bi0, &next0,
1032 &error0, is_feature))
1034 case IP4_REASS_RC_OK:
1035 /* nothing to do here */
1037 case IP4_REASS_RC_TOO_MANY_FRAGMENTS:
1038 vlib_node_increment_counter (vm, node->node_index,
1039 IP4_ERROR_REASS_FRAGMENT_CHAIN_TOO_LONG,
1041 ip4_reass_on_timeout (vm, rm, reass);
1042 ip4_reass_free (rm, rt, reass);
1045 case IP4_REASS_RC_NO_BUF:
1046 vlib_node_increment_counter (vm, node->node_index,
1047 IP4_ERROR_REASS_NO_BUF,
1049 ip4_reass_on_timeout (vm, rm, reass);
1050 ip4_reass_free (rm, rt, reass);
1053 case IP4_REASS_RC_INTERNAL_ERROR:
1054 vlib_node_increment_counter (vm, node->node_index,
1055 IP4_ERROR_REASS_INTERNAL_ERROR,
1057 ip4_reass_on_timeout (vm, rm, reass);
1058 ip4_reass_free (rm, rt, reass);
1065 next0 = IP4_REASSEMBLY_NEXT_DROP;
1066 error0 = IP4_ERROR_REASS_LIMIT_REACHED;
1070 b0->error = node->errors[error0];
1077 n_left_to_next -= 1;
1078 if (is_feature && IP4_ERROR_NONE == error0)
1080 b0 = vlib_get_buffer (vm, bi0);
1081 vnet_feature_next (&next0, b0);
1083 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1084 to_next, n_left_to_next,
1086 IP4_REASS_DEBUG_BUFFER (bi0, enqueue_next);
1094 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1097 clib_spinlock_unlock (&rt->lock);
1098 return frame->n_vectors;
1101 static char *ip4_reassembly_error_strings[] = {
1102 #define _(sym, string) string,
1107 VLIB_NODE_FN (ip4_reass_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
1108 vlib_frame_t * frame)
1110 return ip4_reassembly_inline (vm, node, frame, false /* is_feature */ );
1114 VLIB_REGISTER_NODE (ip4_reass_node) = {
1115 .name = "ip4-reassembly",
1116 .vector_size = sizeof (u32),
1117 .format_trace = format_ip4_reass_trace,
1118 .n_errors = ARRAY_LEN (ip4_reassembly_error_strings),
1119 .error_strings = ip4_reassembly_error_strings,
1120 .n_next_nodes = IP4_REASSEMBLY_N_NEXT,
1123 [IP4_REASSEMBLY_NEXT_INPUT] = "ip4-input",
1124 [IP4_REASSEMBLY_NEXT_DROP] = "ip4-drop",
1125 [IP4_REASSEMBLY_NEXT_HANDOFF] = "ip4-reassembly-handoff",
1131 VLIB_NODE_FN (ip4_reass_node_feature) (vlib_main_t * vm,
1132 vlib_node_runtime_t * node,
1133 vlib_frame_t * frame)
1135 return ip4_reassembly_inline (vm, node, frame, true /* is_feature */ );
1139 VLIB_REGISTER_NODE (ip4_reass_node_feature) = {
1140 .name = "ip4-reassembly-feature",
1141 .vector_size = sizeof (u32),
1142 .format_trace = format_ip4_reass_trace,
1143 .n_errors = ARRAY_LEN (ip4_reassembly_error_strings),
1144 .error_strings = ip4_reassembly_error_strings,
1145 .n_next_nodes = IP4_REASSEMBLY_N_NEXT,
1148 [IP4_REASSEMBLY_NEXT_INPUT] = "ip4-input",
1149 [IP4_REASSEMBLY_NEXT_DROP] = "ip4-drop",
1150 [IP4_REASSEMBLY_NEXT_HANDOFF] = "ip4-reass-feature-hoff",
1156 VNET_FEATURE_INIT (ip4_reassembly_feature, static) = {
1157 .arc_name = "ip4-unicast",
1158 .node_name = "ip4-reassembly-feature",
1159 .runs_before = VNET_FEATURES ("ip4-lookup"),
1164 #ifndef CLIB_MARCH_VARIANT
1166 ip4_reass_get_nbuckets ()
1168 ip4_reass_main_t *rm = &ip4_reass_main;
1172 nbuckets = (u32) (rm->max_reass_n / IP4_REASS_HT_LOAD_FACTOR);
1174 for (i = 0; i < 31; i++)
1175 if ((1 << i) >= nbuckets)
1181 #endif /* CLIB_MARCH_VARIANT */
1185 IP4_EVENT_CONFIG_CHANGED = 1,
1186 } ip4_reass_event_t;
1191 clib_bihash_16_8_t *new_hash;
1192 } ip4_rehash_cb_ctx;
1194 #ifndef CLIB_MARCH_VARIANT
1196 ip4_rehash_cb (clib_bihash_kv_16_8_t * kv, void *_ctx)
1198 ip4_rehash_cb_ctx *ctx = _ctx;
1199 if (clib_bihash_add_del_16_8 (ctx->new_hash, kv, 1))
1206 ip4_reass_set_params (u32 timeout_ms, u32 max_reassemblies,
1207 u32 max_reassembly_length, u32 expire_walk_interval_ms)
1209 ip4_reass_main.timeout_ms = timeout_ms;
1210 ip4_reass_main.timeout = (f64) timeout_ms / (f64) MSEC_PER_SEC;
1211 ip4_reass_main.max_reass_n = max_reassemblies;
1212 ip4_reass_main.max_reass_len = max_reassembly_length;
1213 ip4_reass_main.expire_walk_interval_ms = expire_walk_interval_ms;
1217 ip4_reass_set (u32 timeout_ms, u32 max_reassemblies,
1218 u32 max_reassembly_length, u32 expire_walk_interval_ms)
1220 u32 old_nbuckets = ip4_reass_get_nbuckets ();
1221 ip4_reass_set_params (timeout_ms, max_reassemblies, max_reassembly_length,
1222 expire_walk_interval_ms);
1223 vlib_process_signal_event (ip4_reass_main.vlib_main,
1224 ip4_reass_main.ip4_reass_expire_node_idx,
1225 IP4_EVENT_CONFIG_CHANGED, 0);
1226 u32 new_nbuckets = ip4_reass_get_nbuckets ();
1227 if (ip4_reass_main.max_reass_n > 0 && new_nbuckets > old_nbuckets)
1229 clib_bihash_16_8_t new_hash;
1230 clib_memset (&new_hash, 0, sizeof (new_hash));
1231 ip4_rehash_cb_ctx ctx;
1233 ctx.new_hash = &new_hash;
1234 clib_bihash_init_16_8 (&new_hash, "ip4-reass", new_nbuckets,
1235 new_nbuckets * 1024);
1236 clib_bihash_foreach_key_value_pair_16_8 (&ip4_reass_main.hash,
1237 ip4_rehash_cb, &ctx);
1240 clib_bihash_free_16_8 (&new_hash);
1245 clib_bihash_free_16_8 (&ip4_reass_main.hash);
1246 clib_memcpy_fast (&ip4_reass_main.hash, &new_hash,
1247 sizeof (ip4_reass_main.hash));
1254 ip4_reass_get (u32 * timeout_ms, u32 * max_reassemblies,
1255 u32 * max_reassembly_length, u32 * expire_walk_interval_ms)
1257 *timeout_ms = ip4_reass_main.timeout_ms;
1258 *max_reassemblies = ip4_reass_main.max_reass_n;
1259 *max_reassembly_length = ip4_reass_main.max_reass_len;
1260 *expire_walk_interval_ms = ip4_reass_main.expire_walk_interval_ms;
1264 static clib_error_t *
1265 ip4_reass_init_function (vlib_main_t * vm)
1267 ip4_reass_main_t *rm = &ip4_reass_main;
1268 clib_error_t *error = 0;
1273 rm->vnet_main = vnet_get_main ();
1275 vec_validate (rm->per_thread_data, vlib_num_workers ());
1276 ip4_reass_per_thread_t *rt;
1277 vec_foreach (rt, rm->per_thread_data)
1279 clib_spinlock_init (&rt->lock);
1280 pool_alloc (rt->pool, rm->max_reass_n);
1283 node = vlib_get_node_by_name (vm, (u8 *) "ip4-reassembly-expire-walk");
1285 rm->ip4_reass_expire_node_idx = node->index;
1287 ip4_reass_set_params (IP4_REASS_TIMEOUT_DEFAULT_MS,
1288 IP4_REASS_MAX_REASSEMBLIES_DEFAULT,
1289 IP4_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT,
1290 IP4_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS);
1292 nbuckets = ip4_reass_get_nbuckets ();
1293 clib_bihash_init_16_8 (&rm->hash, "ip4-reass", nbuckets, nbuckets * 1024);
1295 node = vlib_get_node_by_name (vm, (u8 *) "ip4-drop");
1297 rm->ip4_drop_idx = node->index;
1299 rm->fq_index = vlib_frame_queue_main_init (ip4_reass_node.index, 0);
1300 rm->fq_feature_index =
1301 vlib_frame_queue_main_init (ip4_reass_node_feature.index, 0);
1307 VLIB_INIT_FUNCTION (ip4_reass_init_function);
1308 #endif /* CLIB_MARCH_VARIANT */
1311 ip4_reass_walk_expired (vlib_main_t * vm,
1312 vlib_node_runtime_t * node, vlib_frame_t * f)
1314 ip4_reass_main_t *rm = &ip4_reass_main;
1315 uword event_type, *event_data = 0;
1319 vlib_process_wait_for_event_or_clock (vm,
1321 rm->expire_walk_interval_ms /
1322 (f64) MSEC_PER_SEC);
1323 event_type = vlib_process_get_events (vm, &event_data);
1327 case ~0: /* no events => timeout */
1328 /* nothing to do here */
1330 case IP4_EVENT_CONFIG_CHANGED:
1333 clib_warning ("BUG: event type 0x%wx", event_type);
1336 f64 now = vlib_time_now (vm);
1339 int *pool_indexes_to_free = NULL;
1341 uword thread_index = 0;
1343 const uword nthreads = vlib_num_workers () + 1;
1344 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1346 ip4_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1347 clib_spinlock_lock (&rt->lock);
1349 vec_reset_length (pool_indexes_to_free);
1351 pool_foreach_index (index, rt->pool, ({
1352 reass = pool_elt_at_index (rt->pool, index);
1353 if (now > reass->last_heard + rm->timeout)
1355 vec_add1 (pool_indexes_to_free, index);
1361 vec_foreach (i, pool_indexes_to_free)
1363 ip4_reass_t *reass = pool_elt_at_index (rt->pool, i[0]);
1364 ip4_reass_on_timeout (vm, rm, reass);
1365 ip4_reass_free (rm, rt, reass);
1369 clib_spinlock_unlock (&rt->lock);
1372 vec_free (pool_indexes_to_free);
1375 _vec_len (event_data) = 0;
1383 VLIB_REGISTER_NODE (ip4_reass_expire_node, static) = {
1384 .function = ip4_reass_walk_expired,
1385 .type = VLIB_NODE_TYPE_PROCESS,
1386 .name = "ip4-reassembly-expire-walk",
1387 .format_trace = format_ip4_reass_trace,
1388 .n_errors = ARRAY_LEN (ip4_reassembly_error_strings),
1389 .error_strings = ip4_reassembly_error_strings,
1395 format_ip4_reass_key (u8 * s, va_list * args)
1397 ip4_reass_key_t *key = va_arg (*args, ip4_reass_key_t *);
1398 s = format (s, "xx_id: %u, src: %U, dst: %U, frag_id: %u, proto: %u",
1399 key->xx_id, format_ip4_address, &key->src, format_ip4_address,
1400 &key->dst, clib_net_to_host_u16 (key->frag_id), key->proto);
1405 format_ip4_reass (u8 * s, va_list * args)
1407 vlib_main_t *vm = va_arg (*args, vlib_main_t *);
1408 ip4_reass_t *reass = va_arg (*args, ip4_reass_t *);
1410 s = format (s, "ID: %lu, key: %U\n first_bi: %u, data_len: %u, "
1411 "last_packet_octet: %u, trace_op_counter: %u\n",
1412 reass->id, format_ip4_reass_key, &reass->key, reass->first_bi,
1413 reass->data_len, reass->last_packet_octet,
1414 reass->trace_op_counter);
1415 u32 bi = reass->first_bi;
1419 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
1420 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
1421 s = format (s, " #%03u: range: [%u, %u], bi: %u, off: %d, len: %u, "
1422 "fragment[%u, %u]\n",
1423 counter, vnb->ip.reass.range_first,
1424 vnb->ip.reass.range_last, bi,
1425 ip4_reass_buffer_get_data_offset (b),
1426 ip4_reass_buffer_get_data_len (b),
1427 vnb->ip.reass.fragment_first, vnb->ip.reass.fragment_last);
1428 if (b->flags & VLIB_BUFFER_NEXT_PRESENT)
1430 bi = b->next_buffer;
1440 static clib_error_t *
1441 show_ip4_reass (vlib_main_t * vm,
1442 unformat_input_t * input,
1443 CLIB_UNUSED (vlib_cli_command_t * lmd))
1445 ip4_reass_main_t *rm = &ip4_reass_main;
1447 vlib_cli_output (vm, "---------------------");
1448 vlib_cli_output (vm, "IP4 reassembly status");
1449 vlib_cli_output (vm, "---------------------");
1450 bool details = false;
1451 if (unformat (input, "details"))
1456 u32 sum_reass_n = 0;
1459 const uword nthreads = vlib_num_workers () + 1;
1460 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1462 ip4_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1463 clib_spinlock_lock (&rt->lock);
1467 pool_foreach (reass, rt->pool, {
1468 vlib_cli_output (vm, "%U", format_ip4_reass, vm, reass);
1472 sum_reass_n += rt->reass_n;
1473 clib_spinlock_unlock (&rt->lock);
1475 vlib_cli_output (vm, "---------------------");
1476 vlib_cli_output (vm, "Current IP4 reassemblies count: %lu\n",
1477 (long unsigned) sum_reass_n);
1478 vlib_cli_output (vm,
1479 "Maximum configured concurrent IP4 reassemblies per worker-thread: %lu\n",
1480 (long unsigned) rm->max_reass_n);
1485 VLIB_CLI_COMMAND (show_ip4_reassembly_cmd, static) = {
1486 .path = "show ip4-reassembly",
1487 .short_help = "show ip4-reassembly [details]",
1488 .function = show_ip4_reass,
1492 #ifndef CLIB_MARCH_VARIANT
1494 ip4_reass_enable_disable (u32 sw_if_index, u8 enable_disable)
1496 return vnet_feature_enable_disable ("ip4-unicast",
1497 "ip4-reassembly-feature", sw_if_index,
1498 enable_disable, 0, 0);
1500 #endif /* CLIB_MARCH_VARIANT */
1503 #define foreach_ip4_reassembly_handoff_error \
1504 _(CONGESTION_DROP, "congestion drop")
1509 #define _(sym,str) IP4_REASSEMBLY_HANDOFF_ERROR_##sym,
1510 foreach_ip4_reassembly_handoff_error
1512 IP4_REASSEMBLY_HANDOFF_N_ERROR,
1513 } ip4_reassembly_handoff_error_t;
1515 static char *ip4_reassembly_handoff_error_strings[] = {
1516 #define _(sym,string) string,
1517 foreach_ip4_reassembly_handoff_error
1523 u32 next_worker_index;
1524 } ip4_reassembly_handoff_trace_t;
1527 format_ip4_reassembly_handoff_trace (u8 * s, va_list * args)
1529 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1530 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1531 ip4_reassembly_handoff_trace_t *t =
1532 va_arg (*args, ip4_reassembly_handoff_trace_t *);
1535 format (s, "ip4-reassembly-handoff: next-worker %d",
1536 t->next_worker_index);
1542 ip4_reassembly_handoff_node_inline (vlib_main_t * vm,
1543 vlib_node_runtime_t * node,
1544 vlib_frame_t * frame, bool is_feature)
1546 ip4_reass_main_t *rm = &ip4_reass_main;
1548 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1549 u32 n_enq, n_left_from, *from;
1550 u16 thread_indices[VLIB_FRAME_SIZE], *ti;
1553 from = vlib_frame_vector_args (frame);
1554 n_left_from = frame->n_vectors;
1555 vlib_get_buffers (vm, from, bufs, n_left_from);
1558 ti = thread_indices;
1560 fq_index = (is_feature) ? rm->fq_feature_index : rm->fq_index;
1562 while (n_left_from > 0)
1565 (is_feature) ? vnet_buffer (b[0])->ip.
1566 reass.owner_feature_thread_index : vnet_buffer (b[0])->ip.
1567 reass.owner_thread_index;
1570 ((node->flags & VLIB_NODE_FLAG_TRACE)
1571 && (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
1573 ip4_reassembly_handoff_trace_t *t =
1574 vlib_add_trace (vm, node, b[0], sizeof (*t));
1575 t->next_worker_index = ti[0];
1583 vlib_buffer_enqueue_to_thread (vm, fq_index, from, thread_indices,
1584 frame->n_vectors, 1);
1586 if (n_enq < frame->n_vectors)
1587 vlib_node_increment_counter (vm, node->node_index,
1588 IP4_REASSEMBLY_HANDOFF_ERROR_CONGESTION_DROP,
1589 frame->n_vectors - n_enq);
1590 return frame->n_vectors;
1593 VLIB_NODE_FN (ip4_reassembly_handoff_node) (vlib_main_t * vm,
1594 vlib_node_runtime_t * node,
1595 vlib_frame_t * frame)
1597 return ip4_reassembly_handoff_node_inline (vm, node, frame,
1598 false /* is_feature */ );
1603 VLIB_REGISTER_NODE (ip4_reassembly_handoff_node) = {
1604 .name = "ip4-reassembly-handoff",
1605 .vector_size = sizeof (u32),
1606 .n_errors = ARRAY_LEN(ip4_reassembly_handoff_error_strings),
1607 .error_strings = ip4_reassembly_handoff_error_strings,
1608 .format_trace = format_ip4_reassembly_handoff_trace,
1620 VLIB_NODE_FN (ip4_reassembly_feature_handoff_node) (vlib_main_t * vm,
1621 vlib_node_runtime_t *
1623 vlib_frame_t * frame)
1625 return ip4_reassembly_handoff_node_inline (vm, node, frame,
1626 true /* is_feature */ );
1632 VLIB_REGISTER_NODE (ip4_reassembly_feature_handoff_node) = {
1633 .name = "ip4-reass-feature-hoff",
1634 .vector_size = sizeof (u32),
1635 .n_errors = ARRAY_LEN(ip4_reassembly_handoff_error_strings),
1636 .error_strings = ip4_reassembly_handoff_error_strings,
1637 .format_trace = format_ip4_reassembly_handoff_trace,
1648 * fd.io coding-style-patch-verification: ON
1651 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob