2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip6_forward.c: IP v6 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
43 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
44 #include <vppinfra/cache.h>
45 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
46 #include <vnet/fib/ip6_fib.h>
47 #include <vnet/mfib/ip6_mfib.h>
48 #include <vnet/dpo/load_balance_map.h>
49 #include <vnet/dpo/classify_dpo.h>
51 #include <vppinfra/bihash_template.c>
53 /* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */
54 #define OI_DECAP 0x80000000
58 * @brief IPv6 Forwarding.
60 * This file contains the source code for IPv6 forwarding.
64 ip6_forward_next_trace (vlib_main_t * vm,
65 vlib_node_runtime_t * node,
67 vlib_rx_or_tx_t which_adj_index);
70 ip6_lookup_inline (vlib_main_t * vm,
71 vlib_node_runtime_t * node, vlib_frame_t * frame)
73 ip6_main_t *im = &ip6_main;
74 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_to_counters;
75 u32 n_left_from, n_left_to_next, *from, *to_next;
76 ip_lookup_next_t next;
77 u32 thread_index = vlib_get_thread_index ();
79 from = vlib_frame_vector_args (frame);
80 n_left_from = frame->n_vectors;
81 next = node->cached_next_index;
83 while (n_left_from > 0)
85 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
87 while (n_left_from >= 4 && n_left_to_next >= 2)
89 vlib_buffer_t *p0, *p1;
90 u32 pi0, pi1, lbi0, lbi1, wrong_next;
91 ip_lookup_next_t next0, next1;
92 ip6_header_t *ip0, *ip1;
93 ip6_address_t *dst_addr0, *dst_addr1;
94 u32 fib_index0, fib_index1;
95 u32 flow_hash_config0, flow_hash_config1;
96 const dpo_id_t *dpo0, *dpo1;
97 const load_balance_t *lb0, *lb1;
99 /* Prefetch next iteration. */
101 vlib_buffer_t *p2, *p3;
103 p2 = vlib_get_buffer (vm, from[2]);
104 p3 = vlib_get_buffer (vm, from[3]);
106 vlib_prefetch_buffer_header (p2, LOAD);
107 vlib_prefetch_buffer_header (p3, LOAD);
108 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), LOAD);
109 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), LOAD);
112 pi0 = to_next[0] = from[0];
113 pi1 = to_next[1] = from[1];
115 p0 = vlib_get_buffer (vm, pi0);
116 p1 = vlib_get_buffer (vm, pi1);
118 ip0 = vlib_buffer_get_current (p0);
119 ip1 = vlib_buffer_get_current (p1);
121 dst_addr0 = &ip0->dst_address;
122 dst_addr1 = &ip1->dst_address;
125 vec_elt (im->fib_index_by_sw_if_index,
126 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
128 vec_elt (im->fib_index_by_sw_if_index,
129 vnet_buffer (p1)->sw_if_index[VLIB_RX]);
131 fib_index0 = (vnet_buffer (p0)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
132 fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
133 fib_index1 = (vnet_buffer (p1)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
134 fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
136 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
137 lbi1 = ip6_fib_table_fwding_lookup (im, fib_index1, dst_addr1);
139 lb0 = load_balance_get (lbi0);
140 lb1 = load_balance_get (lbi1);
141 ASSERT (lb0->lb_n_buckets > 0);
142 ASSERT (lb1->lb_n_buckets > 0);
143 ASSERT (is_pow2 (lb0->lb_n_buckets));
144 ASSERT (is_pow2 (lb1->lb_n_buckets));
146 vnet_buffer (p0)->ip.flow_hash = vnet_buffer (p1)->ip.flow_hash = 0;
148 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
150 flow_hash_config0 = lb0->lb_hash_config;
151 vnet_buffer (p0)->ip.flow_hash =
152 ip6_compute_flow_hash (ip0, flow_hash_config0);
154 load_balance_get_fwd_bucket (lb0,
155 (vnet_buffer (p0)->ip.flow_hash &
156 (lb0->lb_n_buckets_minus_1)));
160 dpo0 = load_balance_get_bucket_i (lb0, 0);
162 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
164 flow_hash_config1 = lb1->lb_hash_config;
165 vnet_buffer (p1)->ip.flow_hash =
166 ip6_compute_flow_hash (ip1, flow_hash_config1);
168 load_balance_get_fwd_bucket (lb1,
169 (vnet_buffer (p1)->ip.flow_hash &
170 (lb1->lb_n_buckets_minus_1)));
174 dpo1 = load_balance_get_bucket_i (lb1, 0);
176 next0 = dpo0->dpoi_next_node;
177 next1 = dpo1->dpoi_next_node;
179 /* Only process the HBH Option Header if explicitly configured to do so */
181 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
183 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
184 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
187 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
189 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
190 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
192 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
193 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
195 vlib_increment_combined_counter
196 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
197 vlib_increment_combined_counter
198 (cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
205 wrong_next = (next0 != next) + 2 * (next1 != next);
206 if (PREDICT_FALSE (wrong_next != 0))
215 vlib_set_next_frame_buffer (vm, node, next0, pi0);
222 vlib_set_next_frame_buffer (vm, node, next1, pi1);
229 vlib_set_next_frame_buffer (vm, node, next0, pi0);
230 vlib_set_next_frame_buffer (vm, node, next1, pi1);
234 vlib_put_next_frame (vm, node, next, n_left_to_next);
236 vlib_get_next_frame (vm, node, next, to_next,
243 while (n_left_from > 0 && n_left_to_next > 0)
248 ip_lookup_next_t next0;
250 ip6_address_t *dst_addr0;
251 u32 fib_index0, flow_hash_config0;
252 const dpo_id_t *dpo0;
257 p0 = vlib_get_buffer (vm, pi0);
259 ip0 = vlib_buffer_get_current (p0);
261 dst_addr0 = &ip0->dst_address;
264 vec_elt (im->fib_index_by_sw_if_index,
265 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
267 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
268 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
270 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
272 lb0 = load_balance_get (lbi0);
273 flow_hash_config0 = lb0->lb_hash_config;
275 vnet_buffer (p0)->ip.flow_hash = 0;
276 ASSERT (lb0->lb_n_buckets > 0);
277 ASSERT (is_pow2 (lb0->lb_n_buckets));
279 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
281 flow_hash_config0 = lb0->lb_hash_config;
282 vnet_buffer (p0)->ip.flow_hash =
283 ip6_compute_flow_hash (ip0, flow_hash_config0);
285 load_balance_get_fwd_bucket (lb0,
286 (vnet_buffer (p0)->ip.flow_hash &
287 (lb0->lb_n_buckets_minus_1)));
291 dpo0 = load_balance_get_bucket_i (lb0, 0);
294 dpo0 = load_balance_get_bucket_i (lb0,
295 (vnet_buffer (p0)->ip.flow_hash &
296 lb0->lb_n_buckets_minus_1));
297 next0 = dpo0->dpoi_next_node;
299 /* Only process the HBH Option Header if explicitly configured to do so */
301 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
303 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
304 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
306 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
308 vlib_increment_combined_counter
309 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
316 if (PREDICT_FALSE (next0 != next))
319 vlib_put_next_frame (vm, node, next, n_left_to_next);
321 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
328 vlib_put_next_frame (vm, node, next, n_left_to_next);
331 if (node->flags & VLIB_NODE_FLAG_TRACE)
332 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
334 return frame->n_vectors;
338 ip6_add_interface_routes (vnet_main_t * vnm, u32 sw_if_index,
339 ip6_main_t * im, u32 fib_index,
340 ip_interface_address_t * a)
342 ip_lookup_main_t *lm = &im->lookup_main;
343 ip6_address_t *address = ip_interface_address_get_address (lm, a);
345 .fp_len = a->address_length,
346 .fp_proto = FIB_PROTOCOL_IP6,
347 .fp_addr.ip6 = *address,
350 a->neighbor_probe_adj_index = ~0;
351 if (a->address_length < 128)
353 fib_node_index_t fei;
355 fei = fib_table_entry_update_one_path (fib_index,
357 FIB_SOURCE_INTERFACE,
358 (FIB_ENTRY_FLAG_CONNECTED |
359 FIB_ENTRY_FLAG_ATTACHED),
361 /* No next-hop address */
363 /* invalid FIB index */
366 NULL, FIB_ROUTE_PATH_FLAG_NONE);
367 a->neighbor_probe_adj_index = fib_entry_get_adj (fei);
371 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
373 u32 classify_table_index =
374 lm->classify_table_index_by_sw_if_index[sw_if_index];
375 if (classify_table_index != (u32) ~ 0)
377 dpo_id_t dpo = DPO_INVALID;
382 classify_dpo_create (DPO_PROTO_IP6, classify_table_index));
384 fib_table_entry_special_dpo_add (fib_index,
387 FIB_ENTRY_FLAG_NONE, &dpo);
392 fib_table_entry_update_one_path (fib_index, &pfx,
393 FIB_SOURCE_INTERFACE,
394 (FIB_ENTRY_FLAG_CONNECTED |
395 FIB_ENTRY_FLAG_LOCAL),
399 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
403 ip6_del_interface_routes (ip6_main_t * im,
405 ip6_address_t * address, u32 address_length)
408 .fp_len = address_length,
409 .fp_proto = FIB_PROTOCOL_IP6,
410 .fp_addr.ip6 = *address,
413 if (pfx.fp_len < 128)
415 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
420 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
424 ip6_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
426 ip6_main_t *im = &ip6_main;
428 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
431 * enable/disable only on the 1<->0 transition
435 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
440 /* The ref count is 0 when an address is removed from an interface that has
441 * no address - this is not a ciritical error */
442 if (0 == im->ip_enabled_by_sw_if_index[sw_if_index] ||
443 0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
447 vnet_feature_enable_disable ("ip6-unicast", "ip6-lookup", sw_if_index,
450 vnet_feature_enable_disable ("ip6-multicast", "ip6-mfib-forward-lookup",
451 sw_if_index, is_enable, 0, 0);
455 /* get first interface address */
457 ip6_interface_first_address (ip6_main_t * im, u32 sw_if_index)
459 ip_lookup_main_t *lm = &im->lookup_main;
460 ip_interface_address_t *ia = 0;
461 ip6_address_t *result = 0;
464 foreach_ip_interface_address (lm, ia, sw_if_index,
465 1 /* honor unnumbered */,
467 ip6_address_t * a = ip_interface_address_get_address (lm, ia);
476 ip6_add_del_interface_address (vlib_main_t * vm,
478 ip6_address_t * address,
479 u32 address_length, u32 is_del)
481 vnet_main_t *vnm = vnet_get_main ();
482 ip6_main_t *im = &ip6_main;
483 ip_lookup_main_t *lm = &im->lookup_main;
485 u32 if_address_index;
486 ip6_address_fib_t ip6_af, *addr_fib = 0;
488 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
489 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
491 ip6_addr_fib_init (&ip6_af, address,
492 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
493 vec_add1 (addr_fib, ip6_af);
496 uword elts_before = pool_elts (lm->if_address_pool);
498 error = ip_interface_address_add_del
499 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
503 /* Pool did not grow: add duplicate address. */
504 if (elts_before == pool_elts (lm->if_address_pool))
508 ip6_sw_interface_enable_disable (sw_if_index, !is_del);
511 ip6_del_interface_routes (im, ip6_af.fib_index, address, address_length);
513 ip6_add_interface_routes (vnm, sw_if_index,
514 im, ip6_af.fib_index,
515 pool_elt_at_index (lm->if_address_pool,
519 ip6_add_del_interface_address_callback_t *cb;
520 vec_foreach (cb, im->add_del_interface_address_callbacks)
521 cb->function (im, cb->function_opaque, sw_if_index,
522 address, address_length, if_address_index, is_del);
531 ip6_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
533 ip6_main_t *im = &ip6_main;
534 ip_interface_address_t *ia;
536 u32 is_admin_up, fib_index;
538 /* Fill in lookup tables with default table (0). */
539 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
541 vec_validate_init_empty (im->
542 lookup_main.if_address_pool_index_by_sw_if_index,
545 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
547 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
550 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
551 0 /* honor unnumbered */,
553 a = ip_interface_address_get_address (&im->lookup_main, ia);
555 ip6_add_interface_routes (vnm, sw_if_index,
559 ip6_del_interface_routes (im, fib_index,
560 a, ia->address_length);
567 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down);
569 /* Built-in ip6 unicast rx feature path definition */
571 VNET_FEATURE_ARC_INIT (ip6_unicast, static) =
573 .arc_name = "ip6-unicast",
574 .start_nodes = VNET_FEATURES ("ip6-input"),
575 .arc_index_ptr = &ip6_main.lookup_main.ucast_feature_arc_index,
578 VNET_FEATURE_INIT (ip6_flow_classify, static) =
580 .arc_name = "ip6-unicast",
581 .node_name = "ip6-flow-classify",
582 .runs_before = VNET_FEATURES ("ip6-inacl"),
585 VNET_FEATURE_INIT (ip6_inacl, static) =
587 .arc_name = "ip6-unicast",
588 .node_name = "ip6-inacl",
589 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
592 VNET_FEATURE_INIT (ip6_policer_classify, static) =
594 .arc_name = "ip6-unicast",
595 .node_name = "ip6-policer-classify",
596 .runs_before = VNET_FEATURES ("ipsec-input-ip6"),
599 VNET_FEATURE_INIT (ip6_ipsec, static) =
601 .arc_name = "ip6-unicast",
602 .node_name = "ipsec-input-ip6",
603 .runs_before = VNET_FEATURES ("l2tp-decap"),
606 VNET_FEATURE_INIT (ip6_l2tp, static) =
608 .arc_name = "ip6-unicast",
609 .node_name = "l2tp-decap",
610 .runs_before = VNET_FEATURES ("vpath-input-ip6"),
613 VNET_FEATURE_INIT (ip6_vpath, static) =
615 .arc_name = "ip6-unicast",
616 .node_name = "vpath-input-ip6",
617 .runs_before = VNET_FEATURES ("ip6-vxlan-bypass"),
620 VNET_FEATURE_INIT (ip6_vxlan_bypass, static) =
622 .arc_name = "ip6-unicast",
623 .node_name = "ip6-vxlan-bypass",
624 .runs_before = VNET_FEATURES ("ip6-lookup"),
627 VNET_FEATURE_INIT (ip6_lookup, static) =
629 .arc_name = "ip6-unicast",
630 .node_name = "ip6-lookup",
631 .runs_before = VNET_FEATURES ("ip6-drop"),
634 VNET_FEATURE_INIT (ip6_drop, static) =
636 .arc_name = "ip6-unicast",
637 .node_name = "ip6-drop",
638 .runs_before = 0, /*last feature*/
641 /* Built-in ip6 multicast rx feature path definition (none now) */
642 VNET_FEATURE_ARC_INIT (ip6_multicast, static) =
644 .arc_name = "ip6-multicast",
645 .start_nodes = VNET_FEATURES ("ip6-input"),
646 .arc_index_ptr = &ip6_main.lookup_main.mcast_feature_arc_index,
649 VNET_FEATURE_INIT (ip6_vpath_mc, static) = {
650 .arc_name = "ip6-multicast",
651 .node_name = "vpath-input-ip6",
652 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
655 VNET_FEATURE_INIT (ip6_mc_lookup, static) = {
656 .arc_name = "ip6-multicast",
657 .node_name = "ip6-mfib-forward-lookup",
658 .runs_before = VNET_FEATURES ("ip6-drop"),
661 VNET_FEATURE_INIT (ip6_drop_mc, static) = {
662 .arc_name = "ip6-multicast",
663 .node_name = "ip6-drop",
664 .runs_before = 0, /* last feature */
667 /* Built-in ip4 tx feature path definition */
668 VNET_FEATURE_ARC_INIT (ip6_output, static) =
670 .arc_name = "ip6-output",
671 .start_nodes = VNET_FEATURES ("ip6-rewrite", "ip6-midchain"),
672 .arc_index_ptr = &ip6_main.lookup_main.output_feature_arc_index,
675 VNET_FEATURE_INIT (ip6_ipsec_output, static) = {
676 .arc_name = "ip6-output",
677 .node_name = "ipsec-output-ip6",
678 .runs_before = VNET_FEATURES ("interface-output"),
681 VNET_FEATURE_INIT (ip6_interface_output, static) = {
682 .arc_name = "ip6-output",
683 .node_name = "interface-output",
684 .runs_before = 0, /* not before any other features */
689 ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
691 ip6_main_t *im = &ip6_main;
693 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
694 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
696 vnet_feature_enable_disable ("ip6-unicast", "ip6-drop", sw_if_index,
699 vnet_feature_enable_disable ("ip6-multicast", "ip6-drop", sw_if_index,
702 vnet_feature_enable_disable ("ip6-output", "interface-output", sw_if_index,
705 return /* no error */ 0;
708 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_sw_interface_add_del);
711 ip6_lookup (vlib_main_t * vm,
712 vlib_node_runtime_t * node, vlib_frame_t * frame)
714 return ip6_lookup_inline (vm, node, frame);
717 static u8 *format_ip6_lookup_trace (u8 * s, va_list * args);
720 VLIB_REGISTER_NODE (ip6_lookup_node) =
722 .function = ip6_lookup,
723 .name = "ip6-lookup",
724 .vector_size = sizeof (u32),
725 .format_trace = format_ip6_lookup_trace,
726 .n_next_nodes = IP6_LOOKUP_N_NEXT,
727 .next_nodes = IP6_LOOKUP_NEXT_NODES,
731 VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup);
734 ip6_load_balance (vlib_main_t * vm,
735 vlib_node_runtime_t * node, vlib_frame_t * frame)
737 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
738 u32 n_left_from, n_left_to_next, *from, *to_next;
739 ip_lookup_next_t next;
740 u32 thread_index = vlib_get_thread_index ();
741 ip6_main_t *im = &ip6_main;
743 from = vlib_frame_vector_args (frame);
744 n_left_from = frame->n_vectors;
745 next = node->cached_next_index;
747 if (node->flags & VLIB_NODE_FLAG_TRACE)
748 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
750 while (n_left_from > 0)
752 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
755 while (n_left_from >= 4 && n_left_to_next >= 2)
757 ip_lookup_next_t next0, next1;
758 const load_balance_t *lb0, *lb1;
759 vlib_buffer_t *p0, *p1;
760 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
761 const ip6_header_t *ip0, *ip1;
762 const dpo_id_t *dpo0, *dpo1;
764 /* Prefetch next iteration. */
766 vlib_buffer_t *p2, *p3;
768 p2 = vlib_get_buffer (vm, from[2]);
769 p3 = vlib_get_buffer (vm, from[3]);
771 vlib_prefetch_buffer_header (p2, STORE);
772 vlib_prefetch_buffer_header (p3, STORE);
774 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
775 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
778 pi0 = to_next[0] = from[0];
779 pi1 = to_next[1] = from[1];
786 p0 = vlib_get_buffer (vm, pi0);
787 p1 = vlib_get_buffer (vm, pi1);
789 ip0 = vlib_buffer_get_current (p0);
790 ip1 = vlib_buffer_get_current (p1);
791 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
792 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
794 lb0 = load_balance_get (lbi0);
795 lb1 = load_balance_get (lbi1);
798 * this node is for via FIBs we can re-use the hash value from the
799 * to node if present.
800 * We don't want to use the same hash value at each level in the recursion
801 * graph as that would lead to polarisation
805 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
807 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
809 hc0 = vnet_buffer (p0)->ip.flow_hash =
810 vnet_buffer (p0)->ip.flow_hash >> 1;
814 hc0 = vnet_buffer (p0)->ip.flow_hash =
815 ip6_compute_flow_hash (ip0, lb0->lb_hash_config);
818 load_balance_get_fwd_bucket (lb0,
820 lb0->lb_n_buckets_minus_1));
824 dpo0 = load_balance_get_bucket_i (lb0, 0);
826 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
828 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
830 hc1 = vnet_buffer (p1)->ip.flow_hash =
831 vnet_buffer (p1)->ip.flow_hash >> 1;
835 hc1 = vnet_buffer (p1)->ip.flow_hash =
836 ip6_compute_flow_hash (ip1, lb1->lb_hash_config);
839 load_balance_get_fwd_bucket (lb1,
841 lb1->lb_n_buckets_minus_1));
845 dpo1 = load_balance_get_bucket_i (lb1, 0);
848 next0 = dpo0->dpoi_next_node;
849 next1 = dpo1->dpoi_next_node;
851 /* Only process the HBH Option Header if explicitly configured to do so */
853 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
855 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
856 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
858 /* Only process the HBH Option Header if explicitly configured to do so */
860 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
862 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
863 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
866 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
867 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
869 vlib_increment_combined_counter
870 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
871 vlib_increment_combined_counter
872 (cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
874 vlib_validate_buffer_enqueue_x2 (vm, node, next,
875 to_next, n_left_to_next,
876 pi0, pi1, next0, next1);
879 while (n_left_from > 0 && n_left_to_next > 0)
881 ip_lookup_next_t next0;
882 const load_balance_t *lb0;
885 const ip6_header_t *ip0;
886 const dpo_id_t *dpo0;
895 p0 = vlib_get_buffer (vm, pi0);
897 ip0 = vlib_buffer_get_current (p0);
898 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
900 lb0 = load_balance_get (lbi0);
903 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
905 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
907 hc0 = vnet_buffer (p0)->ip.flow_hash =
908 vnet_buffer (p0)->ip.flow_hash >> 1;
912 hc0 = vnet_buffer (p0)->ip.flow_hash =
913 ip6_compute_flow_hash (ip0, lb0->lb_hash_config);
916 load_balance_get_fwd_bucket (lb0,
918 lb0->lb_n_buckets_minus_1));
922 dpo0 = load_balance_get_bucket_i (lb0, 0);
925 next0 = dpo0->dpoi_next_node;
926 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
928 /* Only process the HBH Option Header if explicitly configured to do so */
930 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
932 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
933 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
936 vlib_increment_combined_counter
937 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
939 vlib_validate_buffer_enqueue_x1 (vm, node, next,
940 to_next, n_left_to_next,
944 vlib_put_next_frame (vm, node, next, n_left_to_next);
947 return frame->n_vectors;
951 VLIB_REGISTER_NODE (ip6_load_balance_node) =
953 .function = ip6_load_balance,
954 .name = "ip6-load-balance",
955 .vector_size = sizeof (u32),
956 .sibling_of = "ip6-lookup",
957 .format_trace = format_ip6_lookup_trace,
961 VLIB_NODE_FUNCTION_MULTIARCH (ip6_load_balance_node, ip6_load_balance);
965 /* Adjacency taken. */
970 /* Packet data, possibly *after* rewrite. */
971 u8 packet_data[128 - 1 * sizeof (u32)];
973 ip6_forward_next_trace_t;
976 format_ip6_forward_next_trace (u8 * s, va_list * args)
978 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
979 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
980 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
981 uword indent = format_get_indent (s);
983 s = format (s, "%U%U",
984 format_white_space, indent,
985 format_ip6_header, t->packet_data, sizeof (t->packet_data));
990 format_ip6_lookup_trace (u8 * s, va_list * args)
992 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
993 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
994 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
995 uword indent = format_get_indent (s);
997 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
998 t->fib_index, t->adj_index, t->flow_hash);
999 s = format (s, "\n%U%U",
1000 format_white_space, indent,
1001 format_ip6_header, t->packet_data, sizeof (t->packet_data));
1007 format_ip6_rewrite_trace (u8 * s, va_list * args)
1009 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1010 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1011 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
1012 uword indent = format_get_indent (s);
1014 s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x",
1015 t->fib_index, t->adj_index, format_ip_adjacency,
1016 t->adj_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
1017 s = format (s, "\n%U%U",
1018 format_white_space, indent,
1019 format_ip_adjacency_packet_data,
1020 t->adj_index, t->packet_data, sizeof (t->packet_data));
1024 /* Common trace function for all ip6-forward next nodes. */
1026 ip6_forward_next_trace (vlib_main_t * vm,
1027 vlib_node_runtime_t * node,
1028 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
1031 ip6_main_t *im = &ip6_main;
1033 n_left = frame->n_vectors;
1034 from = vlib_frame_vector_args (frame);
1039 vlib_buffer_t *b0, *b1;
1040 ip6_forward_next_trace_t *t0, *t1;
1042 /* Prefetch next iteration. */
1043 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1044 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1049 b0 = vlib_get_buffer (vm, bi0);
1050 b1 = vlib_get_buffer (vm, bi1);
1052 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1054 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1055 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1056 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1058 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1059 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1060 vec_elt (im->fib_index_by_sw_if_index,
1061 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1063 clib_memcpy (t0->packet_data,
1064 vlib_buffer_get_current (b0),
1065 sizeof (t0->packet_data));
1067 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1069 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1070 t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1071 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1073 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1074 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1075 vec_elt (im->fib_index_by_sw_if_index,
1076 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1078 clib_memcpy (t1->packet_data,
1079 vlib_buffer_get_current (b1),
1080 sizeof (t1->packet_data));
1090 ip6_forward_next_trace_t *t0;
1094 b0 = vlib_get_buffer (vm, bi0);
1096 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1098 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1099 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1100 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1102 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1103 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1104 vec_elt (im->fib_index_by_sw_if_index,
1105 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1107 clib_memcpy (t0->packet_data,
1108 vlib_buffer_get_current (b0),
1109 sizeof (t0->packet_data));
1117 ip6_drop_or_punt (vlib_main_t * vm,
1118 vlib_node_runtime_t * node,
1119 vlib_frame_t * frame, ip6_error_t error_code)
1121 u32 *buffers = vlib_frame_vector_args (frame);
1122 uword n_packets = frame->n_vectors;
1124 vlib_error_drop_buffers (vm, node, buffers,
1128 ip6_input_node.index, error_code);
1130 if (node->flags & VLIB_NODE_FLAG_TRACE)
1131 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1137 ip6_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1139 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_DROP);
1143 ip6_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1145 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_PUNT);
1149 VLIB_REGISTER_NODE (ip6_drop_node, static) =
1151 .function = ip6_drop,
1153 .vector_size = sizeof (u32),
1154 .format_trace = format_ip6_forward_next_trace,
1158 [0] = "error-drop",},
1162 VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop);
1165 VLIB_REGISTER_NODE (ip6_punt_node, static) =
1167 .function = ip6_punt,
1169 .vector_size = sizeof (u32),
1170 .format_trace = format_ip6_forward_next_trace,
1174 [0] = "error-punt",},
1178 VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt);
1180 /* Compute TCP/UDP/ICMP6 checksum in software. */
1182 ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1183 ip6_header_t * ip0, int *bogus_lengthp)
1186 u16 sum16, payload_length_host_byte_order;
1187 u32 i, n_this_buffer, n_bytes_left;
1188 u32 headers_size = sizeof (ip0[0]);
1189 void *data_this_buffer;
1191 ASSERT (bogus_lengthp);
1194 /* Initialize checksum with ip header. */
1195 sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
1196 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1197 data_this_buffer = (void *) (ip0 + 1);
1199 for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
1201 sum0 = ip_csum_with_carry (sum0,
1202 clib_mem_unaligned (&ip0->
1203 src_address.as_uword[i],
1206 ip_csum_with_carry (sum0,
1207 clib_mem_unaligned (&ip0->dst_address.as_uword[i],
1211 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets)
1212 * or UDP-Ping packets */
1213 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1216 ip6_hop_by_hop_ext_t *ext_hdr =
1217 (ip6_hop_by_hop_ext_t *) data_this_buffer;
1219 /* validate really icmp6 next */
1220 ASSERT ((ext_hdr->next_hdr == IP_PROTOCOL_ICMP6)
1221 || (ext_hdr->next_hdr == IP_PROTOCOL_UDP));
1223 skip_bytes = 8 * (1 + ext_hdr->n_data_u64s);
1224 data_this_buffer = (void *) ((u8 *) data_this_buffer + skip_bytes);
1226 payload_length_host_byte_order -= skip_bytes;
1227 headers_size += skip_bytes;
1230 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1231 if (p0 && n_this_buffer + headers_size > p0->current_length)
1233 p0->current_length >
1234 headers_size ? p0->current_length - headers_size : 0;
1237 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1238 n_bytes_left -= n_this_buffer;
1239 if (n_bytes_left == 0)
1242 if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
1247 p0 = vlib_get_buffer (vm, p0->next_buffer);
1248 data_this_buffer = vlib_buffer_get_current (p0);
1249 n_this_buffer = p0->current_length;
1252 sum16 = ~ip_csum_fold (sum0);
1258 ip6_tcp_udp_icmp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1260 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1265 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1266 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1267 || ip0->protocol == IP_PROTOCOL_ICMP6
1268 || ip0->protocol == IP_PROTOCOL_UDP
1269 || ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS);
1271 udp0 = (void *) (ip0 + 1);
1272 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1274 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1275 | IP_BUFFER_L4_CHECKSUM_CORRECT);
1279 sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0, &bogus_length);
1281 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1282 | ((sum16 == 0) << LOG2_IP_BUFFER_L4_CHECKSUM_CORRECT));
1288 * @brief returns number of links on which src is reachable.
1291 ip6_urpf_loose_check (ip6_main_t * im, vlib_buffer_t * b, ip6_header_t * i)
1293 const load_balance_t *lb0;
1296 lbi = ip6_fib_table_fwding_lookup_with_if_index (im,
1298 (b)->sw_if_index[VLIB_RX],
1301 lb0 = load_balance_get (lbi);
1303 return (fib_urpf_check_size (lb0->lb_urpf));
1307 ip6_local (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1309 ip6_main_t *im = &ip6_main;
1310 ip_lookup_main_t *lm = &im->lookup_main;
1311 ip_local_next_t next_index;
1312 u32 *from, *to_next, n_left_from, n_left_to_next;
1313 vlib_node_runtime_t *error_node =
1314 vlib_node_get_runtime (vm, ip6_input_node.index);
1316 from = vlib_frame_vector_args (frame);
1317 n_left_from = frame->n_vectors;
1318 next_index = node->cached_next_index;
1320 if (node->flags & VLIB_NODE_FLAG_TRACE)
1321 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1323 while (n_left_from > 0)
1325 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1327 while (n_left_from >= 4 && n_left_to_next >= 2)
1329 vlib_buffer_t *p0, *p1;
1330 ip6_header_t *ip0, *ip1;
1331 udp_header_t *udp0, *udp1;
1332 u32 pi0, ip_len0, udp_len0, flags0, next0;
1333 u32 pi1, ip_len1, udp_len1, flags1, next1;
1334 i32 len_diff0, len_diff1;
1335 u8 error0, type0, good_l4_checksum0;
1336 u8 error1, type1, good_l4_checksum1;
1337 u32 udp_offset0, udp_offset1;
1339 pi0 = to_next[0] = from[0];
1340 pi1 = to_next[1] = from[1];
1344 n_left_to_next -= 2;
1346 p0 = vlib_get_buffer (vm, pi0);
1347 p1 = vlib_get_buffer (vm, pi1);
1349 ip0 = vlib_buffer_get_current (p0);
1350 ip1 = vlib_buffer_get_current (p1);
1352 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1353 vnet_buffer (p1)->ip.start_of_ip_header = p1->current_data;
1355 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1356 type1 = lm->builtin_protocol_by_ip_protocol[ip1->protocol];
1358 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1359 next1 = lm->local_next_by_ip_protocol[ip1->protocol];
1364 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1365 good_l4_checksum1 = (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1369 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1373 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1374 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1375 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1376 && udp0->checksum == 0;
1377 /* Verify UDP length. */
1378 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1379 udp_len0 = clib_net_to_host_u16 (udp0->length);
1380 len_diff0 = ip_len0 - udp_len0;
1382 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p1, ip1,
1386 udp1 = (udp_header_t *) ((u8 *) ip1 + udp_offset1);
1387 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1388 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UDP
1389 && udp1->checksum == 0;
1390 /* Verify UDP length. */
1391 ip_len1 = clib_net_to_host_u16 (ip1->payload_length);
1392 udp_len1 = clib_net_to_host_u16 (udp1->length);
1393 len_diff1 = ip_len1 - udp_len1;
1396 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1397 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1399 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1400 len_diff1 = type1 == IP_BUILTIN_PROTOCOL_UDP ? len_diff1 : 0;
1402 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1403 && !good_l4_checksum0
1404 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1406 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1408 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1410 if (PREDICT_FALSE (type1 != IP_BUILTIN_PROTOCOL_UNKNOWN
1411 && !good_l4_checksum1
1412 && !(flags1 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1414 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, p1);
1416 (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1419 error0 = error1 = IP6_ERROR_UNKNOWN_PROTOCOL;
1421 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1422 error1 = len_diff1 < 0 ? IP6_ERROR_UDP_LENGTH : error1;
1424 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1425 IP6_ERROR_UDP_CHECKSUM);
1426 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1427 IP6_ERROR_ICMP_CHECKSUM);
1429 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1431 (!good_l4_checksum1 ? IP6_ERROR_UDP_CHECKSUM + type1 : error1);
1433 /* Drop packets from unroutable hosts. */
1434 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1435 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1436 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1437 !ip6_address_is_link_local_unicast (&ip0->src_address))
1439 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1440 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1442 if (error1 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1443 type1 != IP_BUILTIN_PROTOCOL_ICMP &&
1444 !ip6_address_is_link_local_unicast (&ip1->src_address))
1446 error1 = (!ip6_urpf_loose_check (im, p1, ip1)
1447 ? IP6_ERROR_SRC_LOOKUP_MISS : error1);
1451 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1453 error1 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1;
1455 p0->error = error_node->errors[error0];
1456 p1->error = error_node->errors[error1];
1458 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
1459 to_next, n_left_to_next,
1460 pi0, pi1, next0, next1);
1463 while (n_left_from > 0 && n_left_to_next > 0)
1468 u32 pi0, ip_len0, udp_len0, flags0, next0;
1470 u8 error0, type0, good_l4_checksum0;
1473 pi0 = to_next[0] = from[0];
1477 n_left_to_next -= 1;
1479 p0 = vlib_get_buffer (vm, pi0);
1481 ip0 = vlib_buffer_get_current (p0);
1483 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1485 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1486 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1490 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1493 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1497 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1498 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1499 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1500 && udp0->checksum == 0;
1501 /* Verify UDP length. */
1502 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1503 udp_len0 = clib_net_to_host_u16 (udp0->length);
1504 len_diff0 = ip_len0 - udp_len0;
1507 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1508 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1510 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1511 && !good_l4_checksum0
1512 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1514 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1516 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1519 error0 = IP6_ERROR_UNKNOWN_PROTOCOL;
1521 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1523 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1524 IP6_ERROR_UDP_CHECKSUM);
1525 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1526 IP6_ERROR_ICMP_CHECKSUM);
1528 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1530 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1531 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1532 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1533 !ip6_address_is_link_local_unicast (&ip0->src_address))
1535 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1536 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1540 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1542 p0->error = error_node->errors[error0];
1544 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1545 to_next, n_left_to_next,
1549 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1552 return frame->n_vectors;
1556 VLIB_REGISTER_NODE (ip6_local_node, static) =
1558 .function = ip6_local,
1559 .name = "ip6-local",
1560 .vector_size = sizeof (u32),
1561 .format_trace = format_ip6_forward_next_trace,
1562 .n_next_nodes = IP_LOCAL_N_NEXT,
1565 [IP_LOCAL_NEXT_DROP] = "error-drop",
1566 [IP_LOCAL_NEXT_PUNT] = "error-punt",
1567 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip6-udp-lookup",
1568 [IP_LOCAL_NEXT_ICMP] = "ip6-icmp-input",
1573 VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local);
1576 ip6_register_protocol (u32 protocol, u32 node_index)
1578 vlib_main_t *vm = vlib_get_main ();
1579 ip6_main_t *im = &ip6_main;
1580 ip_lookup_main_t *lm = &im->lookup_main;
1582 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1583 lm->local_next_by_ip_protocol[protocol] =
1584 vlib_node_add_next (vm, ip6_local_node.index, node_index);
1589 IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1590 IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX,
1591 IP6_DISCOVER_NEIGHBOR_N_NEXT,
1592 } ip6_discover_neighbor_next_t;
1596 IP6_DISCOVER_NEIGHBOR_ERROR_DROP,
1597 IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT,
1598 IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS,
1599 } ip6_discover_neighbor_error_t;
1602 ip6_discover_neighbor_inline (vlib_main_t * vm,
1603 vlib_node_runtime_t * node,
1604 vlib_frame_t * frame, int is_glean)
1606 vnet_main_t *vnm = vnet_get_main ();
1607 ip6_main_t *im = &ip6_main;
1608 ip_lookup_main_t *lm = &im->lookup_main;
1609 u32 *from, *to_next_drop;
1610 uword n_left_from, n_left_to_next_drop;
1611 static f64 time_last_seed_change = -1e100;
1612 static u32 hash_seeds[3];
1613 static uword hash_bitmap[256 / BITS (uword)];
1617 if (node->flags & VLIB_NODE_FLAG_TRACE)
1618 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1620 time_now = vlib_time_now (vm);
1621 if (time_now - time_last_seed_change > 1e-3)
1624 u32 *r = clib_random_buffer_get_data (&vm->random_buffer,
1625 sizeof (hash_seeds));
1626 for (i = 0; i < ARRAY_LEN (hash_seeds); i++)
1627 hash_seeds[i] = r[i];
1629 /* Mark all hash keys as been not-seen before. */
1630 for (i = 0; i < ARRAY_LEN (hash_bitmap); i++)
1633 time_last_seed_change = time_now;
1636 from = vlib_frame_vector_args (frame);
1637 n_left_from = frame->n_vectors;
1639 while (n_left_from > 0)
1641 vlib_get_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1642 to_next_drop, n_left_to_next_drop);
1644 while (n_left_from > 0 && n_left_to_next_drop > 0)
1648 u32 pi0, adj_index0, a0, b0, c0, m0, sw_if_index0, drop0;
1650 ip_adjacency_t *adj0;
1651 vnet_hw_interface_t *hw_if0;
1656 p0 = vlib_get_buffer (vm, pi0);
1658 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1660 ip0 = vlib_buffer_get_current (p0);
1662 adj0 = adj_get (adj_index0);
1666 ip0->dst_address.as_u64[0] =
1667 adj0->sub_type.nbr.next_hop.ip6.as_u64[0];
1668 ip0->dst_address.as_u64[1] =
1669 adj0->sub_type.nbr.next_hop.ip6.as_u64[1];
1676 sw_if_index0 = adj0->rewrite_header.sw_if_index;
1677 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1680 b0 ^= ip0->dst_address.as_u32[0];
1681 c0 ^= ip0->dst_address.as_u32[1];
1683 hash_v3_mix32 (a0, b0, c0);
1685 b0 ^= ip0->dst_address.as_u32[2];
1686 c0 ^= ip0->dst_address.as_u32[3];
1688 hash_v3_finalize32 (a0, b0, c0);
1690 c0 &= BITS (hash_bitmap) - 1;
1691 c0 = c0 / BITS (uword);
1692 m0 = (uword) 1 << (c0 % BITS (uword));
1694 bm0 = hash_bitmap[c0];
1695 drop0 = (bm0 & m0) != 0;
1697 /* Mark it as seen. */
1698 hash_bitmap[c0] = bm0 | m0;
1702 to_next_drop[0] = pi0;
1704 n_left_to_next_drop -= 1;
1706 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1708 /* If the interface is link-down, drop the pkt */
1709 if (!(hw_if0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP))
1713 node->errors[drop0 ? IP6_DISCOVER_NEIGHBOR_ERROR_DROP
1714 : IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT];
1719 * the adj has been updated to a rewrite but the node the DPO that got
1720 * us here hasn't - yet. no big deal. we'll drop while we wait.
1722 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
1727 icmp6_neighbor_solicitation_header_t *h0;
1730 h0 = vlib_packet_template_get_packet
1731 (vm, &im->discover_neighbor_packet_template, &bi0);
1734 * Build ethernet header.
1735 * Choose source address based on destination lookup
1738 if (ip6_src_address_for_packet (lm,
1740 &h0->ip.src_address))
1742 /* There is no address on the interface */
1744 node->errors[IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS];
1745 vlib_buffer_free (vm, &bi0, 1);
1750 * Destination address is a solicited node multicast address.
1751 * We need to fill in
1752 * the low 24 bits with low 24 bits of target's address.
1754 h0->ip.dst_address.as_u8[13] = ip0->dst_address.as_u8[13];
1755 h0->ip.dst_address.as_u8[14] = ip0->dst_address.as_u8[14];
1756 h0->ip.dst_address.as_u8[15] = ip0->dst_address.as_u8[15];
1758 h0->neighbor.target_address = ip0->dst_address;
1760 clib_memcpy (h0->link_layer_option.ethernet_address,
1761 hw_if0->hw_address, vec_len (hw_if0->hw_address));
1763 /* $$$$ appears we need this; why is the checksum non-zero? */
1764 h0->neighbor.icmp.checksum = 0;
1765 h0->neighbor.icmp.checksum =
1766 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h0->ip,
1769 ASSERT (bogus_length == 0);
1771 vlib_buffer_copy_trace_flag (vm, p0, bi0);
1772 b0 = vlib_get_buffer (vm, bi0);
1773 vnet_buffer (b0)->sw_if_index[VLIB_TX]
1774 = vnet_buffer (p0)->sw_if_index[VLIB_TX];
1776 /* Add rewrite/encap string. */
1777 vnet_rewrite_one_header (adj0[0], h0, sizeof (ethernet_header_t));
1778 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
1780 next0 = IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX;
1782 vlib_set_next_frame_buffer (vm, node, next0, bi0);
1786 vlib_put_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1787 n_left_to_next_drop);
1790 return frame->n_vectors;
1794 ip6_discover_neighbor (vlib_main_t * vm,
1795 vlib_node_runtime_t * node, vlib_frame_t * frame)
1797 return (ip6_discover_neighbor_inline (vm, node, frame, 0));
1801 ip6_glean (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1803 return (ip6_discover_neighbor_inline (vm, node, frame, 1));
1806 static char *ip6_discover_neighbor_error_strings[] = {
1807 [IP6_DISCOVER_NEIGHBOR_ERROR_DROP] = "address overflow drops",
1808 [IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT] = "neighbor solicitations sent",
1809 [IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]
1810 = "no source address for ND solicitation",
1814 VLIB_REGISTER_NODE (ip6_discover_neighbor_node) =
1816 .function = ip6_discover_neighbor,
1817 .name = "ip6-discover-neighbor",
1818 .vector_size = sizeof (u32),
1819 .format_trace = format_ip6_forward_next_trace,
1820 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1821 .error_strings = ip6_discover_neighbor_error_strings,
1822 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1825 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1826 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1832 VLIB_REGISTER_NODE (ip6_glean_node) =
1834 .function = ip6_glean,
1835 .name = "ip6-glean",
1836 .vector_size = sizeof (u32),
1837 .format_trace = format_ip6_forward_next_trace,
1838 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1839 .error_strings = ip6_discover_neighbor_error_strings,
1840 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1843 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1844 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1850 ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index)
1852 vnet_main_t *vnm = vnet_get_main ();
1853 ip6_main_t *im = &ip6_main;
1854 icmp6_neighbor_solicitation_header_t *h;
1856 ip_interface_address_t *ia;
1857 ip_adjacency_t *adj;
1858 vnet_hw_interface_t *hi;
1859 vnet_sw_interface_t *si;
1864 si = vnet_get_sw_interface (vnm, sw_if_index);
1866 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1868 return clib_error_return (0, "%U: interface %U down",
1869 format_ip6_address, dst,
1870 format_vnet_sw_if_index_name, vnm,
1875 ip6_interface_address_matching_destination (im, dst, sw_if_index, &ia);
1878 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
1879 return clib_error_return
1880 (0, "no matching interface address for destination %U (interface %U)",
1881 format_ip6_address, dst,
1882 format_vnet_sw_if_index_name, vnm, sw_if_index);
1886 vlib_packet_template_get_packet (vm,
1887 &im->discover_neighbor_packet_template,
1890 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1892 /* Destination address is a solicited node multicast address. We need to fill in
1893 the low 24 bits with low 24 bits of target's address. */
1894 h->ip.dst_address.as_u8[13] = dst->as_u8[13];
1895 h->ip.dst_address.as_u8[14] = dst->as_u8[14];
1896 h->ip.dst_address.as_u8[15] = dst->as_u8[15];
1898 h->ip.src_address = src[0];
1899 h->neighbor.target_address = dst[0];
1901 clib_memcpy (h->link_layer_option.ethernet_address, hi->hw_address,
1902 vec_len (hi->hw_address));
1904 h->neighbor.icmp.checksum =
1905 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h->ip, &bogus_length);
1906 ASSERT (bogus_length == 0);
1908 b = vlib_get_buffer (vm, bi);
1909 vnet_buffer (b)->sw_if_index[VLIB_RX] =
1910 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
1912 /* Add encapsulation string for software interface (e.g. ethernet header). */
1913 adj = adj_get (ia->neighbor_probe_adj_index);
1914 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
1915 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
1918 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
1919 u32 *to_next = vlib_frame_vector_args (f);
1922 vlib_put_frame_to_node (vm, hi->output_node_index, f);
1925 return /* no error */ 0;
1930 IP6_REWRITE_NEXT_DROP,
1931 IP6_REWRITE_NEXT_ICMP_ERROR,
1932 } ip6_rewrite_next_t;
1935 ip6_rewrite_inline (vlib_main_t * vm,
1936 vlib_node_runtime_t * node,
1937 vlib_frame_t * frame,
1938 int do_counters, int is_midchain, int is_mcast)
1940 ip_lookup_main_t *lm = &ip6_main.lookup_main;
1941 u32 *from = vlib_frame_vector_args (frame);
1942 u32 n_left_from, n_left_to_next, *to_next, next_index;
1943 vlib_node_runtime_t *error_node =
1944 vlib_node_get_runtime (vm, ip6_input_node.index);
1946 n_left_from = frame->n_vectors;
1947 next_index = node->cached_next_index;
1948 u32 thread_index = vlib_get_thread_index ();
1950 while (n_left_from > 0)
1952 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1954 while (n_left_from >= 4 && n_left_to_next >= 2)
1956 ip_adjacency_t *adj0, *adj1;
1957 vlib_buffer_t *p0, *p1;
1958 ip6_header_t *ip0, *ip1;
1959 u32 pi0, rw_len0, next0, error0, adj_index0;
1960 u32 pi1, rw_len1, next1, error1, adj_index1;
1961 u32 tx_sw_if_index0, tx_sw_if_index1;
1963 /* Prefetch next iteration. */
1965 vlib_buffer_t *p2, *p3;
1967 p2 = vlib_get_buffer (vm, from[2]);
1968 p3 = vlib_get_buffer (vm, from[3]);
1970 vlib_prefetch_buffer_header (p2, LOAD);
1971 vlib_prefetch_buffer_header (p3, LOAD);
1973 CLIB_PREFETCH (p2->pre_data, 32, STORE);
1974 CLIB_PREFETCH (p3->pre_data, 32, STORE);
1976 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
1977 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
1980 pi0 = to_next[0] = from[0];
1981 pi1 = to_next[1] = from[1];
1986 n_left_to_next -= 2;
1988 p0 = vlib_get_buffer (vm, pi0);
1989 p1 = vlib_get_buffer (vm, pi1);
1991 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1992 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
1994 ip0 = vlib_buffer_get_current (p0);
1995 ip1 = vlib_buffer_get_current (p1);
1997 error0 = error1 = IP6_ERROR_NONE;
1998 next0 = next1 = IP6_REWRITE_NEXT_DROP;
2000 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2002 i32 hop_limit0 = ip0->hop_limit;
2004 /* Input node should have reject packets with hop limit 0. */
2005 ASSERT (ip0->hop_limit > 0);
2009 ip0->hop_limit = hop_limit0;
2012 * If the hop count drops below 1 when forwarding, generate
2015 if (PREDICT_FALSE (hop_limit0 <= 0))
2017 error0 = IP6_ERROR_TIME_EXPIRED;
2018 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2019 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2020 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2021 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2027 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2029 if (PREDICT_TRUE (!(p1->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2031 i32 hop_limit1 = ip1->hop_limit;
2033 /* Input node should have reject packets with hop limit 0. */
2034 ASSERT (ip1->hop_limit > 0);
2038 ip1->hop_limit = hop_limit1;
2041 * If the hop count drops below 1 when forwarding, generate
2044 if (PREDICT_FALSE (hop_limit1 <= 0))
2046 error1 = IP6_ERROR_TIME_EXPIRED;
2047 next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
2048 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2049 icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
2050 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2056 p1->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2058 adj0 = adj_get (adj_index0);
2059 adj1 = adj_get (adj_index1);
2061 rw_len0 = adj0[0].rewrite_header.data_bytes;
2062 rw_len1 = adj1[0].rewrite_header.data_bytes;
2063 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2064 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
2068 vlib_increment_combined_counter
2069 (&adjacency_counters,
2070 thread_index, adj_index0, 1,
2071 vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2072 vlib_increment_combined_counter
2073 (&adjacency_counters,
2074 thread_index, adj_index1, 1,
2075 vlib_buffer_length_in_chain (vm, p1) + rw_len1);
2078 /* Check MTU of outgoing interface. */
2080 (vlib_buffer_length_in_chain (vm, p0) >
2082 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2085 (vlib_buffer_length_in_chain (vm, p1) >
2087 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2090 /* Don't adjust the buffer for hop count issue; icmp-error node
2091 * wants to see the IP headerr */
2092 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2094 p0->current_data -= rw_len0;
2095 p0->current_length += rw_len0;
2097 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2098 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2099 next0 = adj0[0].rewrite_header.next_index;
2102 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2103 vnet_feature_arc_start (lm->output_feature_arc_index,
2104 tx_sw_if_index0, &next0, p0);
2106 if (PREDICT_TRUE (error1 == IP6_ERROR_NONE))
2108 p1->current_data -= rw_len1;
2109 p1->current_length += rw_len1;
2111 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2112 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2113 next1 = adj1[0].rewrite_header.next_index;
2116 (adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2117 vnet_feature_arc_start (lm->output_feature_arc_index,
2118 tx_sw_if_index1, &next1, p1);
2121 /* Guess we are only writing on simple Ethernet header. */
2122 vnet_rewrite_two_headers (adj0[0], adj1[0],
2123 ip0, ip1, sizeof (ethernet_header_t));
2127 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2128 adj1->sub_type.midchain.fixup_func (vm, adj1, p1);
2133 * copy bytes from the IP address into the MAC rewrite
2135 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0);
2136 vnet_fixup_one_header (adj1[0], &ip1->dst_address, ip1);
2139 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
2140 to_next, n_left_to_next,
2141 pi0, pi1, next0, next1);
2144 while (n_left_from > 0 && n_left_to_next > 0)
2146 ip_adjacency_t *adj0;
2150 u32 adj_index0, next0, error0;
2151 u32 tx_sw_if_index0;
2153 pi0 = to_next[0] = from[0];
2155 p0 = vlib_get_buffer (vm, pi0);
2157 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2159 adj0 = adj_get (adj_index0);
2161 ip0 = vlib_buffer_get_current (p0);
2163 error0 = IP6_ERROR_NONE;
2164 next0 = IP6_REWRITE_NEXT_DROP;
2166 /* Check hop limit */
2167 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2169 i32 hop_limit0 = ip0->hop_limit;
2171 ASSERT (ip0->hop_limit > 0);
2175 ip0->hop_limit = hop_limit0;
2177 if (PREDICT_FALSE (hop_limit0 <= 0))
2180 * If the hop count drops below 1 when forwarding, generate
2183 error0 = IP6_ERROR_TIME_EXPIRED;
2184 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2185 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2186 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2187 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2193 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2196 /* Guess we are only writing on simple Ethernet header. */
2197 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2199 /* Update packet buffer attributes/set output interface. */
2200 rw_len0 = adj0[0].rewrite_header.data_bytes;
2201 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2205 vlib_increment_combined_counter
2206 (&adjacency_counters,
2207 thread_index, adj_index0, 1,
2208 vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2211 /* Check MTU of outgoing interface. */
2213 (vlib_buffer_length_in_chain (vm, p0) >
2215 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2218 /* Don't adjust the buffer for hop count issue; icmp-error node
2219 * wants to see the IP headerr */
2220 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2222 p0->current_data -= rw_len0;
2223 p0->current_length += rw_len0;
2225 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2227 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2228 next0 = adj0[0].rewrite_header.next_index;
2231 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2232 vnet_feature_arc_start (lm->output_feature_arc_index,
2233 tx_sw_if_index0, &next0, p0);
2238 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2242 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0);
2245 p0->error = error_node->errors[error0];
2250 n_left_to_next -= 1;
2252 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2253 to_next, n_left_to_next,
2257 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2260 /* Need to do trace after rewrites to pick up new packet data. */
2261 if (node->flags & VLIB_NODE_FLAG_TRACE)
2262 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
2264 return frame->n_vectors;
2268 ip6_rewrite (vlib_main_t * vm,
2269 vlib_node_runtime_t * node, vlib_frame_t * frame)
2271 if (adj_are_counters_enabled ())
2272 return ip6_rewrite_inline (vm, node, frame, 1, 0, 0);
2274 return ip6_rewrite_inline (vm, node, frame, 0, 0, 0);
2278 ip6_rewrite_mcast (vlib_main_t * vm,
2279 vlib_node_runtime_t * node, vlib_frame_t * frame)
2281 if (adj_are_counters_enabled ())
2282 return ip6_rewrite_inline (vm, node, frame, 1, 0, 1);
2284 return ip6_rewrite_inline (vm, node, frame, 0, 0, 1);
2288 ip6_midchain (vlib_main_t * vm,
2289 vlib_node_runtime_t * node, vlib_frame_t * frame)
2291 if (adj_are_counters_enabled ())
2292 return ip6_rewrite_inline (vm, node, frame, 1, 1, 0);
2294 return ip6_rewrite_inline (vm, node, frame, 0, 1, 0);
2298 ip6_mcast_midchain (vlib_main_t * vm,
2299 vlib_node_runtime_t * node, vlib_frame_t * frame)
2301 if (adj_are_counters_enabled ())
2302 return ip6_rewrite_inline (vm, node, frame, 1, 1, 1);
2304 return ip6_rewrite_inline (vm, node, frame, 0, 1, 1);
2308 VLIB_REGISTER_NODE (ip6_midchain_node) =
2310 .function = ip6_midchain,
2311 .name = "ip6-midchain",
2312 .vector_size = sizeof (u32),
2313 .format_trace = format_ip6_forward_next_trace,
2314 .sibling_of = "ip6-rewrite",
2318 VLIB_NODE_FUNCTION_MULTIARCH (ip6_midchain_node, ip6_midchain);
2321 VLIB_REGISTER_NODE (ip6_rewrite_node) =
2323 .function = ip6_rewrite,
2324 .name = "ip6-rewrite",
2325 .vector_size = sizeof (u32),
2326 .format_trace = format_ip6_rewrite_trace,
2330 [IP6_REWRITE_NEXT_DROP] = "error-drop",
2331 [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
2336 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite);
2339 VLIB_REGISTER_NODE (ip6_rewrite_mcast_node) =
2341 .function = ip6_rewrite_mcast,
2342 .name = "ip6-rewrite-mcast",
2343 .vector_size = sizeof (u32),
2344 .format_trace = format_ip6_rewrite_trace,
2345 .sibling_of = "ip6-rewrite",
2349 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_mcast_node, ip6_rewrite_mcast);
2352 VLIB_REGISTER_NODE (ip6_mcast_midchain_node, static) =
2354 .function = ip6_mcast_midchain,
2355 .name = "ip6-mcast-midchain",
2356 .vector_size = sizeof (u32),
2357 .format_trace = format_ip6_rewrite_trace,
2358 .sibling_of = "ip6-rewrite",
2362 VLIB_NODE_FUNCTION_MULTIARCH (ip6_mcast_midchain_node, ip6_mcast_midchain);
2365 * Hop-by-Hop handling
2367 ip6_hop_by_hop_main_t ip6_hop_by_hop_main;
2369 #define foreach_ip6_hop_by_hop_error \
2370 _(PROCESSED, "pkts with ip6 hop-by-hop options") \
2371 _(FORMAT, "incorrectly formatted hop-by-hop options") \
2372 _(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options")
2377 #define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym,
2378 foreach_ip6_hop_by_hop_error
2380 IP6_HOP_BY_HOP_N_ERROR,
2381 } ip6_hop_by_hop_error_t;
2385 * Primary h-b-h handler trace support
2386 * We work pretty hard on the problem for obvious reasons
2392 u8 option_data[256];
2393 } ip6_hop_by_hop_trace_t;
2395 vlib_node_registration_t ip6_hop_by_hop_node;
2397 static char *ip6_hop_by_hop_error_strings[] = {
2398 #define _(sym,string) string,
2399 foreach_ip6_hop_by_hop_error
2404 format_ip6_hop_by_hop_ext_hdr (u8 * s, va_list * args)
2406 ip6_hop_by_hop_header_t *hbh0 = va_arg (*args, ip6_hop_by_hop_header_t *);
2407 int total_len = va_arg (*args, int);
2408 ip6_hop_by_hop_option_t *opt0, *limit0;
2409 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2412 s = format (s, "IP6_HOP_BY_HOP: next protocol %d len %d total %d",
2413 hbh0->protocol, (hbh0->length + 1) << 3, total_len);
2415 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2416 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 + total_len);
2418 while (opt0 < limit0)
2423 case 0: /* Pad, just stop */
2424 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0 + 1);
2428 if (hm->trace[type0])
2430 s = (*hm->trace[type0]) (s, opt0);
2435 format (s, "\n unrecognized option %d length %d", type0,
2439 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2440 sizeof (ip6_hop_by_hop_option_t));
2448 format_ip6_hop_by_hop_trace (u8 * s, va_list * args)
2450 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
2451 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
2452 ip6_hop_by_hop_trace_t *t = va_arg (*args, ip6_hop_by_hop_trace_t *);
2453 ip6_hop_by_hop_header_t *hbh0;
2454 ip6_hop_by_hop_option_t *opt0, *limit0;
2455 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2459 hbh0 = (ip6_hop_by_hop_header_t *) t->option_data;
2461 s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d",
2462 t->next_index, (hbh0->length + 1) << 3, t->trace_len);
2464 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2465 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0) + t->trace_len;
2467 while (opt0 < limit0)
2472 case 0: /* Pad, just stop */
2473 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2477 if (hm->trace[type0])
2479 s = (*hm->trace[type0]) (s, opt0);
2484 format (s, "\n unrecognized option %d length %d", type0,
2488 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2489 sizeof (ip6_hop_by_hop_option_t));
2497 ip6_scan_hbh_options (vlib_buffer_t * b0,
2499 ip6_hop_by_hop_header_t * hbh0,
2500 ip6_hop_by_hop_option_t * opt0,
2501 ip6_hop_by_hop_option_t * limit0, u32 * next0)
2503 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2507 while (opt0 < limit0)
2513 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2518 if (hm->options[type0])
2520 if ((*hm->options[type0]) (b0, ip0, opt0) < 0)
2522 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2528 /* Unrecognized mandatory option, check the two high order bits */
2529 switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
2531 case HBH_OPTION_TYPE_SKIP_UNKNOWN:
2533 case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
2534 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2535 *next0 = IP_LOOKUP_NEXT_DROP;
2537 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
2538 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2539 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2540 icmp6_error_set_vnet_buffer (b0, ICMP6_parameter_problem,
2541 ICMP6_parameter_problem_unrecognized_option,
2542 (u8 *) opt0 - (u8 *) ip0);
2544 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
2545 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2546 if (!ip6_address_is_multicast (&ip0->dst_address))
2548 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2549 icmp6_error_set_vnet_buffer (b0,
2550 ICMP6_parameter_problem,
2551 ICMP6_parameter_problem_unrecognized_option,
2552 (u8 *) opt0 - (u8 *) ip0);
2556 *next0 = IP_LOOKUP_NEXT_DROP;
2564 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2565 sizeof (ip6_hop_by_hop_option_t));
2571 * Process the Hop-by-Hop Options header
2574 ip6_hop_by_hop (vlib_main_t * vm,
2575 vlib_node_runtime_t * node, vlib_frame_t * frame)
2577 vlib_node_runtime_t *error_node =
2578 vlib_node_get_runtime (vm, ip6_hop_by_hop_node.index);
2579 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2580 u32 n_left_from, *from, *to_next;
2581 ip_lookup_next_t next_index;
2583 from = vlib_frame_vector_args (frame);
2584 n_left_from = frame->n_vectors;
2585 next_index = node->cached_next_index;
2587 while (n_left_from > 0)
2591 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2593 while (n_left_from >= 4 && n_left_to_next >= 2)
2596 vlib_buffer_t *b0, *b1;
2598 ip6_header_t *ip0, *ip1;
2599 ip6_hop_by_hop_header_t *hbh0, *hbh1;
2600 ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
2601 u8 error0 = 0, error1 = 0;
2603 /* Prefetch next iteration. */
2605 vlib_buffer_t *p2, *p3;
2607 p2 = vlib_get_buffer (vm, from[2]);
2608 p3 = vlib_get_buffer (vm, from[3]);
2610 vlib_prefetch_buffer_header (p2, LOAD);
2611 vlib_prefetch_buffer_header (p3, LOAD);
2613 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2614 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2617 /* Speculatively enqueue b0, b1 to the current next frame */
2618 to_next[0] = bi0 = from[0];
2619 to_next[1] = bi1 = from[1];
2623 n_left_to_next -= 2;
2625 b0 = vlib_get_buffer (vm, bi0);
2626 b1 = vlib_get_buffer (vm, bi1);
2628 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2629 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2630 ip_adjacency_t *adj0 = adj_get (adj_index0);
2631 u32 adj_index1 = vnet_buffer (b1)->ip.adj_index[VLIB_TX];
2632 ip_adjacency_t *adj1 = adj_get (adj_index1);
2634 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2635 next0 = adj0->lookup_next_index;
2636 next1 = adj1->lookup_next_index;
2638 ip0 = vlib_buffer_get_current (b0);
2639 ip1 = vlib_buffer_get_current (b1);
2640 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2641 hbh1 = (ip6_hop_by_hop_header_t *) (ip1 + 1);
2642 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2643 opt1 = (ip6_hop_by_hop_option_t *) (hbh1 + 1);
2645 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2646 ((hbh0->length + 1) << 3));
2648 (ip6_hop_by_hop_option_t *) ((u8 *) hbh1 +
2649 ((hbh1->length + 1) << 3));
2652 * Basic validity checks
2654 if ((hbh0->length + 1) << 3 >
2655 clib_net_to_host_u16 (ip0->payload_length))
2657 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2658 next0 = IP_LOOKUP_NEXT_DROP;
2661 /* Scan the set of h-b-h options, process ones that we understand */
2662 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2664 if ((hbh1->length + 1) << 3 >
2665 clib_net_to_host_u16 (ip1->payload_length))
2667 error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2668 next1 = IP_LOOKUP_NEXT_DROP;
2671 /* Scan the set of h-b-h options, process ones that we understand */
2672 error1 = ip6_scan_hbh_options (b1, ip1, hbh1, opt1, limit1, &next1);
2675 /* Has the classifier flagged this buffer for special treatment? */
2678 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2679 next0 = hm->next_override;
2681 /* Has the classifier flagged this buffer for special treatment? */
2684 && (vnet_buffer (b1)->l2_classify.opaque_index & OI_DECAP)))
2685 next1 = hm->next_override;
2687 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
2689 if (b0->flags & VLIB_BUFFER_IS_TRACED)
2691 ip6_hop_by_hop_trace_t *t =
2692 vlib_add_trace (vm, node, b0, sizeof (*t));
2693 u32 trace_len = (hbh0->length + 1) << 3;
2694 t->next_index = next0;
2695 /* Capture the h-b-h option verbatim */
2698 ARRAY_LEN (t->option_data) ? trace_len :
2699 ARRAY_LEN (t->option_data);
2700 t->trace_len = trace_len;
2701 clib_memcpy (t->option_data, hbh0, trace_len);
2703 if (b1->flags & VLIB_BUFFER_IS_TRACED)
2705 ip6_hop_by_hop_trace_t *t =
2706 vlib_add_trace (vm, node, b1, sizeof (*t));
2707 u32 trace_len = (hbh1->length + 1) << 3;
2708 t->next_index = next1;
2709 /* Capture the h-b-h option verbatim */
2712 ARRAY_LEN (t->option_data) ? trace_len :
2713 ARRAY_LEN (t->option_data);
2714 t->trace_len = trace_len;
2715 clib_memcpy (t->option_data, hbh1, trace_len);
2720 b0->error = error_node->errors[error0];
2721 b1->error = error_node->errors[error1];
2723 /* verify speculative enqueue, maybe switch current next frame */
2724 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
2725 n_left_to_next, bi0, bi1, next0,
2729 while (n_left_from > 0 && n_left_to_next > 0)
2735 ip6_hop_by_hop_header_t *hbh0;
2736 ip6_hop_by_hop_option_t *opt0, *limit0;
2739 /* Speculatively enqueue b0 to the current next frame */
2745 n_left_to_next -= 1;
2747 b0 = vlib_get_buffer (vm, bi0);
2749 * Default use the next_index from the adjacency.
2750 * A HBH option rarely redirects to a different node
2752 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2753 ip_adjacency_t *adj0 = adj_get (adj_index0);
2754 next0 = adj0->lookup_next_index;
2756 ip0 = vlib_buffer_get_current (b0);
2757 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2758 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2760 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2761 ((hbh0->length + 1) << 3));
2764 * Basic validity checks
2766 if ((hbh0->length + 1) << 3 >
2767 clib_net_to_host_u16 (ip0->payload_length))
2769 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2770 next0 = IP_LOOKUP_NEXT_DROP;
2774 /* Scan the set of h-b-h options, process ones that we understand */
2775 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2778 /* Has the classifier flagged this buffer for special treatment? */
2781 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2782 next0 = hm->next_override;
2784 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2786 ip6_hop_by_hop_trace_t *t =
2787 vlib_add_trace (vm, node, b0, sizeof (*t));
2788 u32 trace_len = (hbh0->length + 1) << 3;
2789 t->next_index = next0;
2790 /* Capture the h-b-h option verbatim */
2793 ARRAY_LEN (t->option_data) ? trace_len :
2794 ARRAY_LEN (t->option_data);
2795 t->trace_len = trace_len;
2796 clib_memcpy (t->option_data, hbh0, trace_len);
2799 b0->error = error_node->errors[error0];
2801 /* verify speculative enqueue, maybe switch current next frame */
2802 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2803 n_left_to_next, bi0, next0);
2805 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2807 return frame->n_vectors;
2811 VLIB_REGISTER_NODE (ip6_hop_by_hop_node) =
2813 .function = ip6_hop_by_hop,
2814 .name = "ip6-hop-by-hop",
2815 .sibling_of = "ip6-lookup",
2816 .vector_size = sizeof (u32),
2817 .format_trace = format_ip6_hop_by_hop_trace,
2818 .type = VLIB_NODE_TYPE_INTERNAL,
2819 .n_errors = ARRAY_LEN (ip6_hop_by_hop_error_strings),
2820 .error_strings = ip6_hop_by_hop_error_strings,
2825 VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop);
2827 static clib_error_t *
2828 ip6_hop_by_hop_init (vlib_main_t * vm)
2830 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2831 memset (hm->options, 0, sizeof (hm->options));
2832 memset (hm->trace, 0, sizeof (hm->trace));
2833 hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
2837 VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
2840 ip6_hbh_set_next_override (uword next)
2842 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2844 hm->next_override = next;
2848 ip6_hbh_register_option (u8 option,
2849 int options (vlib_buffer_t * b, ip6_header_t * ip,
2850 ip6_hop_by_hop_option_t * opt),
2851 u8 * trace (u8 * s, ip6_hop_by_hop_option_t * opt))
2853 ip6_main_t *im = &ip6_main;
2854 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2856 ASSERT (option < ARRAY_LEN (hm->options));
2858 /* Already registered */
2859 if (hm->options[option])
2862 hm->options[option] = options;
2863 hm->trace[option] = trace;
2865 /* Set global variable */
2866 im->hbh_enabled = 1;
2872 ip6_hbh_unregister_option (u8 option)
2874 ip6_main_t *im = &ip6_main;
2875 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2877 ASSERT (option < ARRAY_LEN (hm->options));
2879 /* Not registered */
2880 if (!hm->options[option])
2883 hm->options[option] = NULL;
2884 hm->trace[option] = NULL;
2886 /* Disable global knob if this was the last option configured */
2889 for (i = 0; i < 256; i++)
2891 if (hm->options[option])
2898 im->hbh_enabled = 0;
2903 /* Global IP6 main. */
2904 ip6_main_t ip6_main;
2906 static clib_error_t *
2907 ip6_lookup_init (vlib_main_t * vm)
2909 ip6_main_t *im = &ip6_main;
2910 clib_error_t *error;
2913 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
2916 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
2923 for (j = 0; j < i0; j++)
2924 im->fib_masks[i].as_u32[j] = ~0;
2927 im->fib_masks[i].as_u32[i0] =
2928 clib_host_to_net_u32 (pow2_mask (i1) << (32 - i1));
2931 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 1);
2933 if (im->lookup_table_nbuckets == 0)
2934 im->lookup_table_nbuckets = IP6_FIB_DEFAULT_HASH_NUM_BUCKETS;
2936 im->lookup_table_nbuckets = 1 << max_log2 (im->lookup_table_nbuckets);
2938 if (im->lookup_table_size == 0)
2939 im->lookup_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE;
2941 BV (clib_bihash_init) (&(im->ip6_table[IP6_FIB_TABLE_FWDING].ip6_hash),
2942 "ip6 FIB fwding table",
2943 im->lookup_table_nbuckets, im->lookup_table_size);
2944 BV (clib_bihash_init) (&im->ip6_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash,
2945 "ip6 FIB non-fwding table",
2946 im->lookup_table_nbuckets, im->lookup_table_size);
2948 /* Create FIB with index 0 and table id of 0. */
2949 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2950 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2954 pn = pg_get_node (ip6_lookup_node.index);
2955 pn->unformat_edit = unformat_pg_ip6_header;
2958 /* Unless explicitly configured, don't process HBH options */
2959 im->hbh_enabled = 0;
2962 icmp6_neighbor_solicitation_header_t p;
2964 memset (&p, 0, sizeof (p));
2966 p.ip.ip_version_traffic_class_and_flow_label =
2967 clib_host_to_net_u32 (0x6 << 28);
2968 p.ip.payload_length =
2969 clib_host_to_net_u16 (sizeof (p) -
2971 (icmp6_neighbor_solicitation_header_t, neighbor));
2972 p.ip.protocol = IP_PROTOCOL_ICMP6;
2973 p.ip.hop_limit = 255;
2974 ip6_set_solicited_node_multicast_address (&p.ip.dst_address, 0);
2976 p.neighbor.icmp.type = ICMP6_neighbor_solicitation;
2978 p.link_layer_option.header.type =
2979 ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address;
2980 p.link_layer_option.header.n_data_u64s =
2981 sizeof (p.link_layer_option) / sizeof (u64);
2983 vlib_packet_template_init (vm,
2984 &im->discover_neighbor_packet_template,
2986 /* alloc chunk size */ 8,
2987 "ip6 neighbor discovery");
2993 VLIB_INIT_FUNCTION (ip6_lookup_init);
2995 static clib_error_t *
2996 add_del_ip6_interface_table (vlib_main_t * vm,
2997 unformat_input_t * input,
2998 vlib_cli_command_t * cmd)
3000 vnet_main_t *vnm = vnet_get_main ();
3001 ip_interface_address_t *ia;
3002 clib_error_t *error = 0;
3003 u32 sw_if_index, table_id;
3007 if (!unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index))
3009 error = clib_error_return (0, "unknown interface `%U'",
3010 format_unformat_error, input);
3014 if (unformat (input, "%d", &table_id))
3018 error = clib_error_return (0, "expected table id `%U'",
3019 format_unformat_error, input);
3024 * If the interface already has in IP address, then a change int
3025 * VRF is not allowed. The IP address applied must first be removed.
3026 * We do not do that automatically here, since VPP has no knowledge
3027 * of whether thoses subnets are valid in the destination VRF.
3030 foreach_ip_interface_address (&ip6_main.lookup_main,
3032 1 /* honor unnumbered */,
3036 a = ip_interface_address_get_address (&ip6_main.lookup_main, ia);
3037 error = clib_error_return (0, "interface %U has address %U",
3038 format_vnet_sw_if_index_name, vnm,
3040 format_ip6_address, a);
3046 u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3049 vec_validate (ip6_main.fib_index_by_sw_if_index, sw_if_index);
3050 ip6_main.fib_index_by_sw_if_index[sw_if_index] = fib_index;
3052 fib_index = mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3055 vec_validate (ip6_main.mfib_index_by_sw_if_index, sw_if_index);
3056 ip6_main.mfib_index_by_sw_if_index[sw_if_index] = fib_index;
3065 * Place the indicated interface into the supplied IPv6 FIB table (also known
3066 * as a VRF). If the FIB table does not exist, this command creates it. To
3067 * display the current IPv6 FIB table, use the command '<em>show ip6 fib</em>'.
3068 * FIB table will only be displayed if a route has been added to the table, or
3069 * an IP Address is assigned to an interface in the table (which adds a route
3072 * @note IP addresses added after setting the interface IP table are added to
3073 * the indicated FIB table. If an IP address is added prior to changing the
3074 * table then this is an error. The control plane must remove these addresses
3075 * first and then change the table. VPP will not automatically move the
3076 * addresses from the old to the new table as it does not know the validity
3080 * Example of how to add an interface to an IPv6 FIB table (where 2 is the table-id):
3081 * @cliexcmd{set interface ip6 table GigabitEthernet2/0/0 2}
3084 VLIB_CLI_COMMAND (set_interface_ip6_table_command, static) =
3086 .path = "set interface ip6 table",
3087 .function = add_del_ip6_interface_table,
3088 .short_help = "set interface ip6 table <interface> <table-id>"
3093 ip6_link_local_address_from_ethernet_mac_address (ip6_address_t * ip,
3096 ip->as_u64[0] = clib_host_to_net_u64 (0xFE80000000000000ULL);
3097 /* Invert the "u" bit */
3098 ip->as_u8[8] = mac[0] ^ (1 << 1);
3099 ip->as_u8[9] = mac[1];
3100 ip->as_u8[10] = mac[2];
3101 ip->as_u8[11] = 0xFF;
3102 ip->as_u8[12] = 0xFE;
3103 ip->as_u8[13] = mac[3];
3104 ip->as_u8[14] = mac[4];
3105 ip->as_u8[15] = mac[5];
3109 ip6_ethernet_mac_address_from_link_local_address (u8 * mac,
3112 /* Invert the previously inverted "u" bit */
3113 mac[0] = ip->as_u8[8] ^ (1 << 1);
3114 mac[1] = ip->as_u8[9];
3115 mac[2] = ip->as_u8[10];
3116 mac[3] = ip->as_u8[13];
3117 mac[4] = ip->as_u8[14];
3118 mac[5] = ip->as_u8[15];
3121 static clib_error_t *
3122 test_ip6_link_command_fn (vlib_main_t * vm,
3123 unformat_input_t * input, vlib_cli_command_t * cmd)
3126 ip6_address_t _a, *a = &_a;
3128 if (unformat (input, "%U", unformat_ethernet_address, mac))
3130 ip6_link_local_address_from_ethernet_mac_address (a, mac);
3131 vlib_cli_output (vm, "Link local address: %U", format_ip6_address, a);
3132 ip6_ethernet_mac_address_from_link_local_address (mac, a);
3133 vlib_cli_output (vm, "Original MAC address: %U",
3134 format_ethernet_address, mac);
3141 * This command converts the given MAC Address into an IPv6 link-local
3145 * Example of how to create an IPv6 link-local address:
3146 * @cliexstart{test ip6 link 16:d9:e0:91:79:86}
3147 * Link local address: fe80::14d9:e0ff:fe91:7986
3148 * Original MAC address: 16:d9:e0:91:79:86
3152 VLIB_CLI_COMMAND (test_link_command, static) =
3154 .path = "test ip6 link",
3155 .function = test_ip6_link_command_fn,
3156 .short_help = "test ip6 link <mac-address>",
3161 vnet_set_ip6_flow_hash (u32 table_id, u32 flow_hash_config)
3165 fib_index = fib_table_find (FIB_PROTOCOL_IP6, table_id);
3167 if (~0 == fib_index)
3168 return VNET_API_ERROR_NO_SUCH_FIB;
3170 fib_table_set_flow_hash_config (fib_index, FIB_PROTOCOL_IP6,
3176 static clib_error_t *
3177 set_ip6_flow_hash_command_fn (vlib_main_t * vm,
3178 unformat_input_t * input,
3179 vlib_cli_command_t * cmd)
3183 u32 flow_hash_config = 0;
3186 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3188 if (unformat (input, "table %d", &table_id))
3191 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
3192 foreach_flow_hash_bit
3199 return clib_error_return (0, "unknown input `%U'",
3200 format_unformat_error, input);
3202 rv = vnet_set_ip6_flow_hash (table_id, flow_hash_config);
3209 return clib_error_return (0, "no such FIB table %d", table_id);
3212 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
3220 * Configure the set of IPv6 fields used by the flow hash.
3224 * Example of how to set the flow hash on a given table:
3225 * @cliexcmd{set ip6 flow-hash table 8 dst sport dport proto}
3227 * Example of display the configured flow hash:
3228 * @cliexstart{show ip6 fib}
3229 * ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
3232 * [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
3233 * [0] [@0]: dpo-drop ip6
3236 * [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
3237 * [0] [@2]: dpo-receive
3240 * [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
3241 * [0] [@2]: dpo-receive
3244 * [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
3245 * [0] [@2]: dpo-receive
3248 * [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
3249 * [0] [@2]: dpo-receive
3250 * ff02::1:ff00:0/104
3252 * [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
3253 * [0] [@2]: dpo-receive
3254 * ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
3257 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
3258 * [0] [@0]: dpo-drop ip6
3261 * [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
3262 * [0] [@4]: ipv6-glean: af_packet0
3265 * [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
3266 * [0] [@2]: dpo-receive: @::a:1:1:0:7 on af_packet0
3269 * [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
3270 * [0] [@2]: dpo-receive
3271 * fe80::fe:3eff:fe3e:9222/128
3273 * [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
3274 * [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
3277 * [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
3278 * [0] [@2]: dpo-receive
3281 * [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
3282 * [0] [@2]: dpo-receive
3285 * [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
3286 * [0] [@2]: dpo-receive
3287 * ff02::1:ff00:0/104
3289 * [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
3290 * [0] [@2]: dpo-receive
3295 VLIB_CLI_COMMAND (set_ip6_flow_hash_command, static) =
3297 .path = "set ip6 flow-hash",
3299 "set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
3300 .function = set_ip6_flow_hash_command_fn,
3304 static clib_error_t *
3305 show_ip6_local_command_fn (vlib_main_t * vm,
3306 unformat_input_t * input, vlib_cli_command_t * cmd)
3308 ip6_main_t *im = &ip6_main;
3309 ip_lookup_main_t *lm = &im->lookup_main;
3312 vlib_cli_output (vm, "Protocols handled by ip6_local");
3313 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
3315 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
3316 vlib_cli_output (vm, "%d", i);
3324 * Display the set of protocols handled by the local IPv6 stack.
3327 * Example of how to display local protocol table:
3328 * @cliexstart{show ip6 local}
3329 * Protocols handled by ip6_local
3337 VLIB_CLI_COMMAND (show_ip6_local, static) =
3339 .path = "show ip6 local",
3340 .function = show_ip6_local_command_fn,
3341 .short_help = "show ip6 local",
3346 vnet_set_ip6_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3349 vnet_main_t *vnm = vnet_get_main ();
3350 vnet_interface_main_t *im = &vnm->interface_main;
3351 ip6_main_t *ipm = &ip6_main;
3352 ip_lookup_main_t *lm = &ipm->lookup_main;
3353 vnet_classify_main_t *cm = &vnet_classify_main;
3354 ip6_address_t *if_addr;
3356 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3357 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3359 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3360 return VNET_API_ERROR_NO_SUCH_ENTRY;
3362 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3363 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3365 if_addr = ip6_interface_first_address (ipm, sw_if_index);
3367 if (NULL != if_addr)
3369 fib_prefix_t pfx = {
3371 .fp_proto = FIB_PROTOCOL_IP6,
3372 .fp_addr.ip6 = *if_addr,
3376 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3380 if (table_index != (u32) ~ 0)
3382 dpo_id_t dpo = DPO_INVALID;
3387 classify_dpo_create (DPO_PROTO_IP6, table_index));
3389 fib_table_entry_special_dpo_add (fib_index,
3391 FIB_SOURCE_CLASSIFY,
3392 FIB_ENTRY_FLAG_NONE, &dpo);
3397 fib_table_entry_special_remove (fib_index,
3398 &pfx, FIB_SOURCE_CLASSIFY);
3405 static clib_error_t *
3406 set_ip6_classify_command_fn (vlib_main_t * vm,
3407 unformat_input_t * input,
3408 vlib_cli_command_t * cmd)
3410 u32 table_index = ~0;
3411 int table_index_set = 0;
3412 u32 sw_if_index = ~0;
3415 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3417 if (unformat (input, "table-index %d", &table_index))
3418 table_index_set = 1;
3419 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3420 vnet_get_main (), &sw_if_index))
3426 if (table_index_set == 0)
3427 return clib_error_return (0, "classify table-index must be specified");
3429 if (sw_if_index == ~0)
3430 return clib_error_return (0, "interface / subif must be specified");
3432 rv = vnet_set_ip6_classify_intfc (vm, sw_if_index, table_index);
3439 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3440 return clib_error_return (0, "No such interface");
3442 case VNET_API_ERROR_NO_SUCH_ENTRY:
3443 return clib_error_return (0, "No such classifier table");
3449 * Assign a classification table to an interface. The classification
3450 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3451 * commands. Once the table is create, use this command to filter packets
3455 * Example of how to assign a classification table to an interface:
3456 * @cliexcmd{set ip6 classify intfc GigabitEthernet2/0/0 table-index 1}
3459 VLIB_CLI_COMMAND (set_ip6_classify_command, static) =
3461 .path = "set ip6 classify",
3463 "set ip6 classify intfc <interface> table-index <classify-idx>",
3464 .function = set_ip6_classify_command_fn,
3468 static clib_error_t *
3469 ip6_config (vlib_main_t * vm, unformat_input_t * input)
3471 ip6_main_t *im = &ip6_main;
3476 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3478 if (unformat (input, "hash-buckets %d", &tmp))
3480 else if (unformat (input, "heap-size %dm", &tmp))
3481 heapsize = ((u64) tmp) << 20;
3482 else if (unformat (input, "heap-size %dM", &tmp))
3483 heapsize = ((u64) tmp) << 20;
3484 else if (unformat (input, "heap-size %dg", &tmp))
3485 heapsize = ((u64) tmp) << 30;
3486 else if (unformat (input, "heap-size %dG", &tmp))
3487 heapsize = ((u64) tmp) << 30;
3489 return clib_error_return (0, "unknown input '%U'",
3490 format_unformat_error, input);
3493 im->lookup_table_nbuckets = nbuckets;
3494 im->lookup_table_size = heapsize;
3499 VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
3502 * fd.io coding-style-patch-verification: ON
3505 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob