2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip6_forward.c: IP v6 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
43 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
44 #include <vppinfra/cache.h>
45 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
46 #include <vnet/fib/ip6_fib.h>
47 #include <vnet/mfib/ip6_mfib.h>
48 #include <vnet/dpo/load_balance.h>
49 #include <vnet/dpo/classify_dpo.h>
51 #include <vppinfra/bihash_template.c>
53 /* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */
54 #define OI_DECAP 0x80000000
58 * @brief IPv6 Forwarding.
60 * This file contains the source code for IPv6 forwarding.
64 ip6_forward_next_trace (vlib_main_t * vm,
65 vlib_node_runtime_t * node,
67 vlib_rx_or_tx_t which_adj_index);
70 ip6_lookup_inline (vlib_main_t * vm,
71 vlib_node_runtime_t * node, vlib_frame_t * frame)
73 ip6_main_t *im = &ip6_main;
74 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_to_counters;
75 u32 n_left_from, n_left_to_next, *from, *to_next;
76 ip_lookup_next_t next;
77 u32 cpu_index = os_get_cpu_number ();
79 from = vlib_frame_vector_args (frame);
80 n_left_from = frame->n_vectors;
81 next = node->cached_next_index;
83 while (n_left_from > 0)
85 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
87 while (n_left_from >= 4 && n_left_to_next >= 2)
89 vlib_buffer_t *p0, *p1;
90 u32 pi0, pi1, lbi0, lbi1, wrong_next;
91 ip_lookup_next_t next0, next1;
92 ip6_header_t *ip0, *ip1;
93 ip6_address_t *dst_addr0, *dst_addr1;
94 u32 fib_index0, fib_index1;
95 u32 flow_hash_config0, flow_hash_config1;
96 const dpo_id_t *dpo0, *dpo1;
97 const load_balance_t *lb0, *lb1;
99 /* Prefetch next iteration. */
101 vlib_buffer_t *p2, *p3;
103 p2 = vlib_get_buffer (vm, from[2]);
104 p3 = vlib_get_buffer (vm, from[3]);
106 vlib_prefetch_buffer_header (p2, LOAD);
107 vlib_prefetch_buffer_header (p3, LOAD);
108 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), LOAD);
109 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), LOAD);
112 pi0 = to_next[0] = from[0];
113 pi1 = to_next[1] = from[1];
115 p0 = vlib_get_buffer (vm, pi0);
116 p1 = vlib_get_buffer (vm, pi1);
118 ip0 = vlib_buffer_get_current (p0);
119 ip1 = vlib_buffer_get_current (p1);
121 dst_addr0 = &ip0->dst_address;
122 dst_addr1 = &ip1->dst_address;
125 vec_elt (im->fib_index_by_sw_if_index,
126 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
128 vec_elt (im->fib_index_by_sw_if_index,
129 vnet_buffer (p1)->sw_if_index[VLIB_RX]);
131 fib_index0 = (vnet_buffer (p0)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
132 fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
133 fib_index1 = (vnet_buffer (p1)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
134 fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
136 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
137 lbi1 = ip6_fib_table_fwding_lookup (im, fib_index1, dst_addr1);
139 lb0 = load_balance_get (lbi0);
140 lb1 = load_balance_get (lbi1);
142 vnet_buffer (p0)->ip.flow_hash = vnet_buffer (p1)->ip.flow_hash = 0;
144 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
146 flow_hash_config0 = lb0->lb_hash_config;
147 vnet_buffer (p0)->ip.flow_hash =
148 ip6_compute_flow_hash (ip0, flow_hash_config0);
150 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
152 flow_hash_config1 = lb1->lb_hash_config;
153 vnet_buffer (p1)->ip.flow_hash =
154 ip6_compute_flow_hash (ip1, flow_hash_config1);
157 ASSERT (lb0->lb_n_buckets > 0);
158 ASSERT (lb1->lb_n_buckets > 0);
159 ASSERT (is_pow2 (lb0->lb_n_buckets));
160 ASSERT (is_pow2 (lb1->lb_n_buckets));
161 dpo0 = load_balance_get_bucket_i (lb0,
162 (vnet_buffer (p0)->ip.flow_hash &
163 lb0->lb_n_buckets_minus_1));
164 dpo1 = load_balance_get_bucket_i (lb1,
165 (vnet_buffer (p1)->ip.flow_hash &
166 lb1->lb_n_buckets_minus_1));
168 next0 = dpo0->dpoi_next_node;
169 next1 = dpo1->dpoi_next_node;
171 /* Only process the HBH Option Header if explicitly configured to do so */
173 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
175 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
176 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
179 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
181 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
182 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
184 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
185 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
187 vlib_increment_combined_counter
188 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
189 vlib_increment_combined_counter
190 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
197 wrong_next = (next0 != next) + 2 * (next1 != next);
198 if (PREDICT_FALSE (wrong_next != 0))
207 vlib_set_next_frame_buffer (vm, node, next0, pi0);
214 vlib_set_next_frame_buffer (vm, node, next1, pi1);
221 vlib_set_next_frame_buffer (vm, node, next0, pi0);
222 vlib_set_next_frame_buffer (vm, node, next1, pi1);
226 vlib_put_next_frame (vm, node, next, n_left_to_next);
228 vlib_get_next_frame (vm, node, next, to_next,
235 while (n_left_from > 0 && n_left_to_next > 0)
240 ip_lookup_next_t next0;
242 ip6_address_t *dst_addr0;
243 u32 fib_index0, flow_hash_config0;
244 const dpo_id_t *dpo0;
249 p0 = vlib_get_buffer (vm, pi0);
251 ip0 = vlib_buffer_get_current (p0);
253 dst_addr0 = &ip0->dst_address;
256 vec_elt (im->fib_index_by_sw_if_index,
257 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
259 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
260 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
262 flow_hash_config0 = ip6_fib_get (fib_index0)->flow_hash_config;
264 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
266 lb0 = load_balance_get (lbi0);
268 vnet_buffer (p0)->ip.flow_hash = 0;
270 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
272 flow_hash_config0 = lb0->lb_hash_config;
273 vnet_buffer (p0)->ip.flow_hash =
274 ip6_compute_flow_hash (ip0, flow_hash_config0);
277 ASSERT (lb0->lb_n_buckets > 0);
278 ASSERT (is_pow2 (lb0->lb_n_buckets));
279 dpo0 = load_balance_get_bucket_i (lb0,
280 (vnet_buffer (p0)->ip.flow_hash &
281 lb0->lb_n_buckets_minus_1));
282 next0 = dpo0->dpoi_next_node;
284 /* Only process the HBH Option Header if explicitly configured to do so */
286 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
288 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
289 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
291 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
293 vlib_increment_combined_counter
294 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
301 if (PREDICT_FALSE (next0 != next))
304 vlib_put_next_frame (vm, node, next, n_left_to_next);
306 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
313 vlib_put_next_frame (vm, node, next, n_left_to_next);
316 if (node->flags & VLIB_NODE_FLAG_TRACE)
317 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
319 return frame->n_vectors;
323 ip6_add_interface_routes (vnet_main_t * vnm, u32 sw_if_index,
324 ip6_main_t * im, u32 fib_index,
325 ip_interface_address_t * a)
327 ip_lookup_main_t *lm = &im->lookup_main;
328 ip6_address_t *address = ip_interface_address_get_address (lm, a);
330 .fp_len = a->address_length,
331 .fp_proto = FIB_PROTOCOL_IP6,
332 .fp_addr.ip6 = *address,
335 a->neighbor_probe_adj_index = ~0;
336 if (a->address_length < 128)
338 fib_node_index_t fei;
340 fei = fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_ATTACHED), FIB_PROTOCOL_IP6, NULL, /* No next-hop address */
341 sw_if_index, ~0, // invalid FIB index
342 1, NULL, // no label stack
343 FIB_ROUTE_PATH_FLAG_NONE);
344 a->neighbor_probe_adj_index = fib_entry_get_adj (fei);
348 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
350 u32 classify_table_index =
351 lm->classify_table_index_by_sw_if_index[sw_if_index];
352 if (classify_table_index != (u32) ~ 0)
354 dpo_id_t dpo = DPO_INVALID;
359 classify_dpo_create (DPO_PROTO_IP6, classify_table_index));
361 fib_table_entry_special_dpo_add (fib_index,
364 FIB_ENTRY_FLAG_NONE, &dpo);
369 fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_LOCAL), FIB_PROTOCOL_IP6, &pfx.fp_addr, sw_if_index, ~0, // invalid FIB index
370 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
374 ip6_del_interface_routes (ip6_main_t * im,
376 ip6_address_t * address, u32 address_length)
379 .fp_len = address_length,
380 .fp_proto = FIB_PROTOCOL_IP6,
381 .fp_addr.ip6 = *address,
384 if (pfx.fp_len < 128)
386 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
391 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
395 ip6_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
397 ip6_main_t *im = &ip6_main;
399 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
402 * enable/disable only on the 1<->0 transition
406 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
411 /* The ref count is 0 when an address is removed from an interface that has
412 * no address - this is not a ciritical error */
413 if (0 == im->ip_enabled_by_sw_if_index[sw_if_index] ||
414 0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
418 if (sw_if_index != 0)
419 ip6_mfib_interface_enable_disable (sw_if_index, is_enable);
421 vnet_feature_enable_disable ("ip6-unicast", "ip6-lookup", sw_if_index,
424 vnet_feature_enable_disable ("ip6-multicast", "ip6-mfib-forward-lookup",
425 sw_if_index, is_enable, 0, 0);
429 /* get first interface address */
431 ip6_interface_first_address (ip6_main_t * im, u32 sw_if_index)
433 ip_lookup_main_t *lm = &im->lookup_main;
434 ip_interface_address_t *ia = 0;
435 ip6_address_t *result = 0;
438 foreach_ip_interface_address (lm, ia, sw_if_index,
439 1 /* honor unnumbered */,
441 ip6_address_t * a = ip_interface_address_get_address (lm, ia);
450 ip6_add_del_interface_address (vlib_main_t * vm,
452 ip6_address_t * address,
453 u32 address_length, u32 is_del)
455 vnet_main_t *vnm = vnet_get_main ();
456 ip6_main_t *im = &ip6_main;
457 ip_lookup_main_t *lm = &im->lookup_main;
459 u32 if_address_index;
460 ip6_address_fib_t ip6_af, *addr_fib = 0;
462 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
463 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
465 ip6_addr_fib_init (&ip6_af, address,
466 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
467 vec_add1 (addr_fib, ip6_af);
470 uword elts_before = pool_elts (lm->if_address_pool);
472 error = ip_interface_address_add_del
473 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
477 /* Pool did not grow: add duplicate address. */
478 if (elts_before == pool_elts (lm->if_address_pool))
482 ip6_sw_interface_enable_disable (sw_if_index, !is_del);
485 ip6_del_interface_routes (im, ip6_af.fib_index, address, address_length);
487 ip6_add_interface_routes (vnm, sw_if_index,
488 im, ip6_af.fib_index,
489 pool_elt_at_index (lm->if_address_pool,
493 ip6_add_del_interface_address_callback_t *cb;
494 vec_foreach (cb, im->add_del_interface_address_callbacks)
495 cb->function (im, cb->function_opaque, sw_if_index,
496 address, address_length, if_address_index, is_del);
505 ip6_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
507 ip6_main_t *im = &ip6_main;
508 ip_interface_address_t *ia;
510 u32 is_admin_up, fib_index;
512 /* Fill in lookup tables with default table (0). */
513 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
515 vec_validate_init_empty (im->
516 lookup_main.if_address_pool_index_by_sw_if_index,
519 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
521 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
524 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
525 0 /* honor unnumbered */,
527 a = ip_interface_address_get_address (&im->lookup_main, ia);
529 ip6_add_interface_routes (vnm, sw_if_index,
533 ip6_del_interface_routes (im, fib_index,
534 a, ia->address_length);
541 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down);
543 /* Built-in ip6 unicast rx feature path definition */
545 VNET_FEATURE_ARC_INIT (ip6_unicast, static) =
547 .arc_name = "ip6-unicast",
548 .start_nodes = VNET_FEATURES ("ip6-input"),
549 .arc_index_ptr = &ip6_main.lookup_main.ucast_feature_arc_index,
552 VNET_FEATURE_INIT (ip6_flow_classify, static) =
554 .arc_name = "ip6-unicast",
555 .node_name = "ip6-flow-classify",
556 .runs_before = VNET_FEATURES ("ip6-inacl"),
559 VNET_FEATURE_INIT (ip6_inacl, static) =
561 .arc_name = "ip6-unicast",
562 .node_name = "ip6-inacl",
563 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
566 VNET_FEATURE_INIT (ip6_policer_classify, static) =
568 .arc_name = "ip6-unicast",
569 .node_name = "ip6-policer-classify",
570 .runs_before = VNET_FEATURES ("ipsec-input-ip6"),
573 VNET_FEATURE_INIT (ip6_ipsec, static) =
575 .arc_name = "ip6-unicast",
576 .node_name = "ipsec-input-ip6",
577 .runs_before = VNET_FEATURES ("l2tp-decap"),
580 VNET_FEATURE_INIT (ip6_l2tp, static) =
582 .arc_name = "ip6-unicast",
583 .node_name = "l2tp-decap",
584 .runs_before = VNET_FEATURES ("vpath-input-ip6"),
587 VNET_FEATURE_INIT (ip6_vpath, static) =
589 .arc_name = "ip6-unicast",
590 .node_name = "vpath-input-ip6",
591 .runs_before = VNET_FEATURES ("ip6-vxlan-bypass"),
594 VNET_FEATURE_INIT (ip6_vxlan_bypass, static) =
596 .arc_name = "ip6-unicast",
597 .node_name = "ip6-vxlan-bypass",
598 .runs_before = VNET_FEATURES ("ip6-lookup"),
601 VNET_FEATURE_INIT (ip6_lookup, static) =
603 .arc_name = "ip6-unicast",
604 .node_name = "ip6-lookup",
605 .runs_before = VNET_FEATURES ("ip6-drop"),
608 VNET_FEATURE_INIT (ip6_drop, static) =
610 .arc_name = "ip6-unicast",
611 .node_name = "ip6-drop",
612 .runs_before = 0, /*last feature*/
615 /* Built-in ip6 multicast rx feature path definition (none now) */
616 VNET_FEATURE_ARC_INIT (ip6_multicast, static) =
618 .arc_name = "ip6-multicast",
619 .start_nodes = VNET_FEATURES ("ip6-input"),
620 .arc_index_ptr = &ip6_main.lookup_main.mcast_feature_arc_index,
623 VNET_FEATURE_INIT (ip6_vpath_mc, static) = {
624 .arc_name = "ip6-multicast",
625 .node_name = "vpath-input-ip6",
626 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
629 VNET_FEATURE_INIT (ip6_mc_lookup, static) = {
630 .arc_name = "ip6-multicast",
631 .node_name = "ip6-mfib-forward-lookup",
632 .runs_before = VNET_FEATURES ("ip6-drop"),
635 VNET_FEATURE_INIT (ip6_drop_mc, static) = {
636 .arc_name = "ip6-multicast",
637 .node_name = "ip6-drop",
638 .runs_before = 0, /* last feature */
641 /* Built-in ip4 tx feature path definition */
642 VNET_FEATURE_ARC_INIT (ip6_output, static) =
644 .arc_name = "ip6-output",
645 .start_nodes = VNET_FEATURES ("ip6-rewrite", "ip6-midchain"),
646 .arc_index_ptr = &ip6_main.lookup_main.output_feature_arc_index,
649 VNET_FEATURE_INIT (ip6_ipsec_output, static) = {
650 .arc_name = "ip6-output",
651 .node_name = "ipsec-output-ip6",
652 .runs_before = VNET_FEATURES ("interface-output"),
655 VNET_FEATURE_INIT (ip6_interface_output, static) = {
656 .arc_name = "ip6-output",
657 .node_name = "interface-output",
658 .runs_before = 0, /* not before any other features */
663 ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
665 vnet_feature_enable_disable ("ip6-unicast", "ip6-drop", sw_if_index,
668 vnet_feature_enable_disable ("ip6-multicast", "ip6-drop", sw_if_index,
671 vnet_feature_enable_disable ("ip6-output", "interface-output", sw_if_index,
674 return /* no error */ 0;
677 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_sw_interface_add_del);
680 ip6_lookup (vlib_main_t * vm,
681 vlib_node_runtime_t * node, vlib_frame_t * frame)
683 return ip6_lookup_inline (vm, node, frame);
686 static u8 *format_ip6_lookup_trace (u8 * s, va_list * args);
689 VLIB_REGISTER_NODE (ip6_lookup_node) =
691 .function = ip6_lookup,
692 .name = "ip6-lookup",
693 .vector_size = sizeof (u32),
694 .format_trace = format_ip6_lookup_trace,
695 .n_next_nodes = IP6_LOOKUP_N_NEXT,
696 .next_nodes = IP6_LOOKUP_NEXT_NODES,
700 VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup);
703 ip6_load_balance (vlib_main_t * vm,
704 vlib_node_runtime_t * node, vlib_frame_t * frame)
706 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
707 u32 n_left_from, n_left_to_next, *from, *to_next;
708 ip_lookup_next_t next;
709 u32 cpu_index = os_get_cpu_number ();
710 ip6_main_t *im = &ip6_main;
712 from = vlib_frame_vector_args (frame);
713 n_left_from = frame->n_vectors;
714 next = node->cached_next_index;
716 if (node->flags & VLIB_NODE_FLAG_TRACE)
717 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
719 while (n_left_from > 0)
721 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
724 while (n_left_from >= 4 && n_left_to_next >= 2)
726 ip_lookup_next_t next0, next1;
727 const load_balance_t *lb0, *lb1;
728 vlib_buffer_t *p0, *p1;
729 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
730 const ip6_header_t *ip0, *ip1;
731 const dpo_id_t *dpo0, *dpo1;
733 /* Prefetch next iteration. */
735 vlib_buffer_t *p2, *p3;
737 p2 = vlib_get_buffer (vm, from[2]);
738 p3 = vlib_get_buffer (vm, from[3]);
740 vlib_prefetch_buffer_header (p2, STORE);
741 vlib_prefetch_buffer_header (p3, STORE);
743 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
744 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
747 pi0 = to_next[0] = from[0];
748 pi1 = to_next[1] = from[1];
755 p0 = vlib_get_buffer (vm, pi0);
756 p1 = vlib_get_buffer (vm, pi1);
758 ip0 = vlib_buffer_get_current (p0);
759 ip1 = vlib_buffer_get_current (p1);
760 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
761 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
763 lb0 = load_balance_get (lbi0);
764 lb1 = load_balance_get (lbi1);
767 * this node is for via FIBs we can re-use the hash value from the
768 * to node if present.
769 * We don't want to use the same hash value at each level in the recursion
770 * graph as that would lead to polarisation
772 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
773 hc1 = vnet_buffer (p1)->ip.flow_hash = 0;
775 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
777 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
779 hc0 = vnet_buffer (p0)->ip.flow_hash =
780 vnet_buffer (p0)->ip.flow_hash >> 1;
784 hc0 = vnet_buffer (p0)->ip.flow_hash =
785 ip6_compute_flow_hash (ip0, hc0);
788 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
790 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
792 hc1 = vnet_buffer (p1)->ip.flow_hash =
793 vnet_buffer (p1)->ip.flow_hash >> 1;
797 hc1 = vnet_buffer (p1)->ip.flow_hash =
798 ip6_compute_flow_hash (ip1, hc1);
803 load_balance_get_bucket_i (lb0,
804 hc0 & (lb0->lb_n_buckets_minus_1));
806 load_balance_get_bucket_i (lb1,
807 hc1 & (lb1->lb_n_buckets_minus_1));
809 next0 = dpo0->dpoi_next_node;
810 next1 = dpo1->dpoi_next_node;
812 /* Only process the HBH Option Header if explicitly configured to do so */
814 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
816 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
817 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
819 /* Only process the HBH Option Header if explicitly configured to do so */
821 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
823 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
824 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
827 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
828 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
830 vlib_increment_combined_counter
831 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
832 vlib_increment_combined_counter
833 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
835 vlib_validate_buffer_enqueue_x2 (vm, node, next,
836 to_next, n_left_to_next,
837 pi0, pi1, next0, next1);
840 while (n_left_from > 0 && n_left_to_next > 0)
842 ip_lookup_next_t next0;
843 const load_balance_t *lb0;
846 const ip6_header_t *ip0;
847 const dpo_id_t *dpo0;
856 p0 = vlib_get_buffer (vm, pi0);
858 ip0 = vlib_buffer_get_current (p0);
859 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
861 lb0 = load_balance_get (lbi0);
863 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
864 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
866 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
868 hc0 = vnet_buffer (p0)->ip.flow_hash =
869 vnet_buffer (p0)->ip.flow_hash >> 1;
873 hc0 = vnet_buffer (p0)->ip.flow_hash =
874 ip6_compute_flow_hash (ip0, hc0);
878 load_balance_get_bucket_i (lb0,
879 hc0 & (lb0->lb_n_buckets_minus_1));
881 next0 = dpo0->dpoi_next_node;
882 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
884 /* Only process the HBH Option Header if explicitly configured to do so */
886 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
888 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
889 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
892 vlib_increment_combined_counter
893 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
895 vlib_validate_buffer_enqueue_x1 (vm, node, next,
896 to_next, n_left_to_next,
900 vlib_put_next_frame (vm, node, next, n_left_to_next);
903 return frame->n_vectors;
907 VLIB_REGISTER_NODE (ip6_load_balance_node) =
909 .function = ip6_load_balance,
910 .name = "ip6-load-balance",
911 .vector_size = sizeof (u32),
912 .sibling_of = "ip6-lookup",
913 .format_trace = format_ip6_lookup_trace,
917 VLIB_NODE_FUNCTION_MULTIARCH (ip6_load_balance_node, ip6_load_balance);
921 /* Adjacency taken. */
926 /* Packet data, possibly *after* rewrite. */
927 u8 packet_data[128 - 1 * sizeof (u32)];
929 ip6_forward_next_trace_t;
932 format_ip6_forward_next_trace (u8 * s, va_list * args)
934 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
935 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
936 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
937 uword indent = format_get_indent (s);
939 s = format (s, "%U%U",
940 format_white_space, indent,
941 format_ip6_header, t->packet_data, sizeof (t->packet_data));
946 format_ip6_lookup_trace (u8 * s, va_list * args)
948 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
949 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
950 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
951 uword indent = format_get_indent (s);
953 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
954 t->fib_index, t->adj_index, t->flow_hash);
955 s = format (s, "\n%U%U",
956 format_white_space, indent,
957 format_ip6_header, t->packet_data, sizeof (t->packet_data));
963 format_ip6_rewrite_trace (u8 * s, va_list * args)
965 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
966 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
967 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
968 vnet_main_t *vnm = vnet_get_main ();
969 uword indent = format_get_indent (s);
971 s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x",
972 t->fib_index, t->adj_index, format_ip_adjacency,
973 t->adj_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
974 s = format (s, "\n%U%U",
975 format_white_space, indent,
976 format_ip_adjacency_packet_data,
977 vnm, t->adj_index, t->packet_data, sizeof (t->packet_data));
981 /* Common trace function for all ip6-forward next nodes. */
983 ip6_forward_next_trace (vlib_main_t * vm,
984 vlib_node_runtime_t * node,
985 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
988 ip6_main_t *im = &ip6_main;
990 n_left = frame->n_vectors;
991 from = vlib_frame_vector_args (frame);
996 vlib_buffer_t *b0, *b1;
997 ip6_forward_next_trace_t *t0, *t1;
999 /* Prefetch next iteration. */
1000 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1001 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1006 b0 = vlib_get_buffer (vm, bi0);
1007 b1 = vlib_get_buffer (vm, bi1);
1009 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1011 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1012 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1013 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1015 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1016 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1017 vec_elt (im->fib_index_by_sw_if_index,
1018 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1020 clib_memcpy (t0->packet_data,
1021 vlib_buffer_get_current (b0),
1022 sizeof (t0->packet_data));
1024 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1026 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1027 t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1028 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1030 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1031 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1032 vec_elt (im->fib_index_by_sw_if_index,
1033 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1035 clib_memcpy (t1->packet_data,
1036 vlib_buffer_get_current (b1),
1037 sizeof (t1->packet_data));
1047 ip6_forward_next_trace_t *t0;
1051 b0 = vlib_get_buffer (vm, bi0);
1053 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1055 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1056 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1057 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1059 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1060 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1061 vec_elt (im->fib_index_by_sw_if_index,
1062 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1064 clib_memcpy (t0->packet_data,
1065 vlib_buffer_get_current (b0),
1066 sizeof (t0->packet_data));
1074 ip6_drop_or_punt (vlib_main_t * vm,
1075 vlib_node_runtime_t * node,
1076 vlib_frame_t * frame, ip6_error_t error_code)
1078 u32 *buffers = vlib_frame_vector_args (frame);
1079 uword n_packets = frame->n_vectors;
1081 vlib_error_drop_buffers (vm, node, buffers,
1085 ip6_input_node.index, error_code);
1087 if (node->flags & VLIB_NODE_FLAG_TRACE)
1088 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1094 ip6_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1096 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_DROP);
1100 ip6_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1102 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_PUNT);
1106 VLIB_REGISTER_NODE (ip6_drop_node, static) =
1108 .function = ip6_drop,
1110 .vector_size = sizeof (u32),
1111 .format_trace = format_ip6_forward_next_trace,
1115 [0] = "error-drop",},
1119 VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop);
1122 VLIB_REGISTER_NODE (ip6_punt_node, static) =
1124 .function = ip6_punt,
1126 .vector_size = sizeof (u32),
1127 .format_trace = format_ip6_forward_next_trace,
1131 [0] = "error-punt",},
1135 VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt);
1137 /* Compute TCP/UDP/ICMP6 checksum in software. */
1139 ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1140 ip6_header_t * ip0, int *bogus_lengthp)
1143 u16 sum16, payload_length_host_byte_order;
1144 u32 i, n_this_buffer, n_bytes_left;
1145 u32 headers_size = sizeof (ip0[0]);
1146 void *data_this_buffer;
1148 ASSERT (bogus_lengthp);
1151 /* Initialize checksum with ip header. */
1152 sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
1153 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1154 data_this_buffer = (void *) (ip0 + 1);
1156 for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
1158 sum0 = ip_csum_with_carry (sum0,
1159 clib_mem_unaligned (&ip0->
1160 src_address.as_uword[i],
1163 ip_csum_with_carry (sum0,
1164 clib_mem_unaligned (&ip0->dst_address.as_uword[i],
1168 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1169 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1172 ip6_hop_by_hop_ext_t *ext_hdr =
1173 (ip6_hop_by_hop_ext_t *) data_this_buffer;
1175 /* validate really icmp6 next */
1176 ASSERT (ext_hdr->next_hdr == IP_PROTOCOL_ICMP6);
1178 skip_bytes = 8 * (1 + ext_hdr->n_data_u64s);
1179 data_this_buffer = (void *) ((u8 *) data_this_buffer + skip_bytes);
1181 payload_length_host_byte_order -= skip_bytes;
1182 headers_size += skip_bytes;
1185 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1186 if (p0 && n_this_buffer + headers_size > p0->current_length)
1188 p0->current_length >
1189 headers_size ? p0->current_length - headers_size : 0;
1192 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1193 n_bytes_left -= n_this_buffer;
1194 if (n_bytes_left == 0)
1197 if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
1202 p0 = vlib_get_buffer (vm, p0->next_buffer);
1203 data_this_buffer = vlib_buffer_get_current (p0);
1204 n_this_buffer = p0->current_length;
1207 sum16 = ~ip_csum_fold (sum0);
1213 ip6_tcp_udp_icmp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1215 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1220 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1221 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1222 || ip0->protocol == IP_PROTOCOL_ICMP6
1223 || ip0->protocol == IP_PROTOCOL_UDP
1224 || ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS);
1226 udp0 = (void *) (ip0 + 1);
1227 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1229 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1230 | IP_BUFFER_L4_CHECKSUM_CORRECT);
1234 sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0, &bogus_length);
1236 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1237 | ((sum16 == 0) << LOG2_IP_BUFFER_L4_CHECKSUM_CORRECT));
1242 /* ip6_locate_header
1244 * This function is to search for the header specified by the find_hdr number.
1245 * 1. If the find_hdr < 0 then it finds and returns the protocol number and
1246 * offset stored in *offset of the transport or ESP header in the chain if
1248 * 2. If a header with find_hdr > 0 protocol number is found then the
1249 * offset is stored in *offset and protocol number of the header is
1251 * 3. If find_hdr header is not found or packet is malformed or
1252 * it is a non-first fragment -1 is returned.
1255 ip6_locate_header (vlib_buffer_t * p0,
1256 ip6_header_t * ip0, int find_hdr, u32 * offset)
1258 u8 next_proto = ip0->protocol;
1262 u8 *temp_nxthdr = 0;
1265 next_header = ip6_next_header (ip0);
1266 cur_offset = sizeof (ip6_header_t);
1269 done = (next_proto == find_hdr);
1272 (u8 *) vlib_buffer_get_current (p0) + p0->current_length))
1274 //A malicious packet could set an extension header with a too big size
1279 if ((!ip6_ext_hdr (next_proto)) || next_proto == IP_PROTOCOL_IP6_NONXT)
1285 if (next_proto == IP_PROTOCOL_IPV6_FRAGMENTATION)
1287 ip6_frag_hdr_t *frag_hdr = (ip6_frag_hdr_t *) next_header;
1288 u16 frag_off = ip6_frag_hdr_offset (frag_hdr);
1289 /* Non first fragment return -1 */
1292 exthdr_len = sizeof (ip6_frag_hdr_t);
1293 temp_nxthdr = next_header + exthdr_len;
1295 else if (next_proto == IP_PROTOCOL_IPSEC_AH)
1298 ip6_ext_authhdr_len (((ip6_ext_header_t *) next_header));
1299 temp_nxthdr = next_header + exthdr_len;
1304 ip6_ext_header_len (((ip6_ext_header_t *) next_header));
1305 temp_nxthdr = next_header + exthdr_len;
1307 next_proto = ((ip6_ext_header_t *) next_header)->next_hdr;
1308 next_header = temp_nxthdr;
1309 cur_offset += exthdr_len;
1312 *offset = cur_offset;
1313 return (next_proto);
1317 * @brief returns number of links on which src is reachable.
1320 ip6_urpf_loose_check (ip6_main_t * im, vlib_buffer_t * b, ip6_header_t * i)
1322 const load_balance_t *lb0;
1325 lbi = ip6_fib_table_fwding_lookup_with_if_index (im,
1327 (b)->sw_if_index[VLIB_RX],
1330 lb0 = load_balance_get (lbi);
1332 return (fib_urpf_check_size (lb0->lb_urpf));
1336 ip6_local (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1338 ip6_main_t *im = &ip6_main;
1339 ip_lookup_main_t *lm = &im->lookup_main;
1340 ip_local_next_t next_index;
1341 u32 *from, *to_next, n_left_from, n_left_to_next;
1342 vlib_node_runtime_t *error_node =
1343 vlib_node_get_runtime (vm, ip6_input_node.index);
1345 from = vlib_frame_vector_args (frame);
1346 n_left_from = frame->n_vectors;
1347 next_index = node->cached_next_index;
1349 if (node->flags & VLIB_NODE_FLAG_TRACE)
1350 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1352 while (n_left_from > 0)
1354 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1356 while (n_left_from >= 4 && n_left_to_next >= 2)
1358 vlib_buffer_t *p0, *p1;
1359 ip6_header_t *ip0, *ip1;
1360 udp_header_t *udp0, *udp1;
1361 u32 pi0, ip_len0, udp_len0, flags0, next0;
1362 u32 pi1, ip_len1, udp_len1, flags1, next1;
1363 i32 len_diff0, len_diff1;
1364 u8 error0, type0, good_l4_checksum0;
1365 u8 error1, type1, good_l4_checksum1;
1366 u32 udp_offset0, udp_offset1;
1368 pi0 = to_next[0] = from[0];
1369 pi1 = to_next[1] = from[1];
1373 n_left_to_next -= 2;
1375 p0 = vlib_get_buffer (vm, pi0);
1376 p1 = vlib_get_buffer (vm, pi1);
1378 ip0 = vlib_buffer_get_current (p0);
1379 ip1 = vlib_buffer_get_current (p1);
1381 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1382 vnet_buffer (p1)->ip.start_of_ip_header = p1->current_data;
1384 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1385 type1 = lm->builtin_protocol_by_ip_protocol[ip1->protocol];
1387 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1388 next1 = lm->local_next_by_ip_protocol[ip1->protocol];
1393 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1394 good_l4_checksum1 = (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1398 /* Skip HBH local processing */
1400 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1402 ip6_hop_by_hop_ext_t *ext_hdr =
1403 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1404 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1405 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1408 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1410 ip6_hop_by_hop_ext_t *ext_hdr =
1411 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip1);
1412 next1 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1413 type1 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1415 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1419 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1420 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1421 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1422 && udp0->checksum == 0;
1423 /* Verify UDP length. */
1424 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1425 udp_len0 = clib_net_to_host_u16 (udp0->length);
1426 len_diff0 = ip_len0 - udp_len0;
1428 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p1, ip1,
1432 udp1 = (udp_header_t *) ((u8 *) ip1 + udp_offset1);
1433 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1434 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UDP
1435 && udp1->checksum == 0;
1436 /* Verify UDP length. */
1437 ip_len1 = clib_net_to_host_u16 (ip1->payload_length);
1438 udp_len1 = clib_net_to_host_u16 (udp1->length);
1439 len_diff1 = ip_len1 - udp_len1;
1442 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1443 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1445 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1446 len_diff1 = type1 == IP_BUILTIN_PROTOCOL_UDP ? len_diff1 : 0;
1448 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1449 && !good_l4_checksum0
1450 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1452 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1454 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1456 if (PREDICT_FALSE (type1 != IP_BUILTIN_PROTOCOL_UNKNOWN
1457 && !good_l4_checksum1
1458 && !(flags1 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1460 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, p1);
1462 (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1465 error0 = error1 = IP6_ERROR_UNKNOWN_PROTOCOL;
1467 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1468 error1 = len_diff1 < 0 ? IP6_ERROR_UDP_LENGTH : error1;
1470 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1471 IP6_ERROR_UDP_CHECKSUM);
1472 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1473 IP6_ERROR_ICMP_CHECKSUM);
1475 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1477 (!good_l4_checksum1 ? IP6_ERROR_UDP_CHECKSUM + type1 : error1);
1479 /* Drop packets from unroutable hosts. */
1480 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1481 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1482 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1483 !ip6_address_is_link_local_unicast (&ip0->src_address))
1485 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1486 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1488 if (error1 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1489 type1 != IP_BUILTIN_PROTOCOL_ICMP &&
1490 !ip6_address_is_link_local_unicast (&ip1->src_address))
1492 error1 = (!ip6_urpf_loose_check (im, p1, ip1)
1493 ? IP6_ERROR_SRC_LOOKUP_MISS : error1);
1497 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1499 error1 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1;
1501 p0->error = error_node->errors[error0];
1502 p1->error = error_node->errors[error1];
1504 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
1505 to_next, n_left_to_next,
1506 pi0, pi1, next0, next1);
1509 while (n_left_from > 0 && n_left_to_next > 0)
1514 u32 pi0, ip_len0, udp_len0, flags0, next0;
1516 u8 error0, type0, good_l4_checksum0;
1519 pi0 = to_next[0] = from[0];
1523 n_left_to_next -= 1;
1525 p0 = vlib_get_buffer (vm, pi0);
1527 ip0 = vlib_buffer_get_current (p0);
1529 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1531 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1532 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1536 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1539 /* Skip HBH local processing */
1541 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1543 ip6_hop_by_hop_ext_t *ext_hdr =
1544 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1545 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1546 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1548 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1552 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1553 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1554 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1555 && udp0->checksum == 0;
1556 /* Verify UDP length. */
1557 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1558 udp_len0 = clib_net_to_host_u16 (udp0->length);
1559 len_diff0 = ip_len0 - udp_len0;
1562 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1563 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1565 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1566 && !good_l4_checksum0
1567 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1569 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1571 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1574 error0 = IP6_ERROR_UNKNOWN_PROTOCOL;
1576 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1578 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1579 IP6_ERROR_UDP_CHECKSUM);
1580 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1581 IP6_ERROR_ICMP_CHECKSUM);
1583 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1585 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1586 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1587 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1588 !ip6_address_is_link_local_unicast (&ip0->src_address))
1590 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1591 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1595 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1597 p0->error = error_node->errors[error0];
1599 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1600 to_next, n_left_to_next,
1604 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1607 return frame->n_vectors;
1611 VLIB_REGISTER_NODE (ip6_local_node, static) =
1613 .function = ip6_local,
1614 .name = "ip6-local",
1615 .vector_size = sizeof (u32),
1616 .format_trace = format_ip6_forward_next_trace,
1617 .n_next_nodes = IP_LOCAL_N_NEXT,
1620 [IP_LOCAL_NEXT_DROP] = "error-drop",
1621 [IP_LOCAL_NEXT_PUNT] = "error-punt",
1622 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip6-udp-lookup",
1623 [IP_LOCAL_NEXT_ICMP] = "ip6-icmp-input",
1628 VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local);
1631 ip6_register_protocol (u32 protocol, u32 node_index)
1633 vlib_main_t *vm = vlib_get_main ();
1634 ip6_main_t *im = &ip6_main;
1635 ip_lookup_main_t *lm = &im->lookup_main;
1637 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1638 lm->local_next_by_ip_protocol[protocol] =
1639 vlib_node_add_next (vm, ip6_local_node.index, node_index);
1644 IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1645 IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX,
1646 IP6_DISCOVER_NEIGHBOR_N_NEXT,
1647 } ip6_discover_neighbor_next_t;
1651 IP6_DISCOVER_NEIGHBOR_ERROR_DROP,
1652 IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT,
1653 IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS,
1654 } ip6_discover_neighbor_error_t;
1657 ip6_discover_neighbor_inline (vlib_main_t * vm,
1658 vlib_node_runtime_t * node,
1659 vlib_frame_t * frame, int is_glean)
1661 vnet_main_t *vnm = vnet_get_main ();
1662 ip6_main_t *im = &ip6_main;
1663 ip_lookup_main_t *lm = &im->lookup_main;
1664 u32 *from, *to_next_drop;
1665 uword n_left_from, n_left_to_next_drop;
1666 static f64 time_last_seed_change = -1e100;
1667 static u32 hash_seeds[3];
1668 static uword hash_bitmap[256 / BITS (uword)];
1672 if (node->flags & VLIB_NODE_FLAG_TRACE)
1673 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1675 time_now = vlib_time_now (vm);
1676 if (time_now - time_last_seed_change > 1e-3)
1679 u32 *r = clib_random_buffer_get_data (&vm->random_buffer,
1680 sizeof (hash_seeds));
1681 for (i = 0; i < ARRAY_LEN (hash_seeds); i++)
1682 hash_seeds[i] = r[i];
1684 /* Mark all hash keys as been not-seen before. */
1685 for (i = 0; i < ARRAY_LEN (hash_bitmap); i++)
1688 time_last_seed_change = time_now;
1691 from = vlib_frame_vector_args (frame);
1692 n_left_from = frame->n_vectors;
1694 while (n_left_from > 0)
1696 vlib_get_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1697 to_next_drop, n_left_to_next_drop);
1699 while (n_left_from > 0 && n_left_to_next_drop > 0)
1703 u32 pi0, adj_index0, a0, b0, c0, m0, sw_if_index0, drop0;
1705 ip_adjacency_t *adj0;
1706 vnet_hw_interface_t *hw_if0;
1711 p0 = vlib_get_buffer (vm, pi0);
1713 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1715 ip0 = vlib_buffer_get_current (p0);
1717 adj0 = ip_get_adjacency (lm, adj_index0);
1721 ip0->dst_address.as_u64[0] =
1722 adj0->sub_type.nbr.next_hop.ip6.as_u64[0];
1723 ip0->dst_address.as_u64[1] =
1724 adj0->sub_type.nbr.next_hop.ip6.as_u64[1];
1731 sw_if_index0 = adj0->rewrite_header.sw_if_index;
1732 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1735 b0 ^= ip0->dst_address.as_u32[0];
1736 c0 ^= ip0->dst_address.as_u32[1];
1738 hash_v3_mix32 (a0, b0, c0);
1740 b0 ^= ip0->dst_address.as_u32[2];
1741 c0 ^= ip0->dst_address.as_u32[3];
1743 hash_v3_finalize32 (a0, b0, c0);
1745 c0 &= BITS (hash_bitmap) - 1;
1746 c0 = c0 / BITS (uword);
1747 m0 = (uword) 1 << (c0 % BITS (uword));
1749 bm0 = hash_bitmap[c0];
1750 drop0 = (bm0 & m0) != 0;
1752 /* Mark it as seen. */
1753 hash_bitmap[c0] = bm0 | m0;
1757 to_next_drop[0] = pi0;
1759 n_left_to_next_drop -= 1;
1761 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1763 /* If the interface is link-down, drop the pkt */
1764 if (!(hw_if0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP))
1768 node->errors[drop0 ? IP6_DISCOVER_NEIGHBOR_ERROR_DROP
1769 : IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT];
1774 * the adj has been updated to a rewrite but the node the DPO that got
1775 * us here hasn't - yet. no big deal. we'll drop while we wait.
1777 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
1782 icmp6_neighbor_solicitation_header_t *h0;
1785 h0 = vlib_packet_template_get_packet
1786 (vm, &im->discover_neighbor_packet_template, &bi0);
1789 * Build ethernet header.
1790 * Choose source address based on destination lookup
1793 if (ip6_src_address_for_packet (lm,
1795 &h0->ip.src_address))
1797 /* There is no address on the interface */
1799 node->errors[IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS];
1800 vlib_buffer_free (vm, &bi0, 1);
1805 * Destination address is a solicited node multicast address.
1806 * We need to fill in
1807 * the low 24 bits with low 24 bits of target's address.
1809 h0->ip.dst_address.as_u8[13] = ip0->dst_address.as_u8[13];
1810 h0->ip.dst_address.as_u8[14] = ip0->dst_address.as_u8[14];
1811 h0->ip.dst_address.as_u8[15] = ip0->dst_address.as_u8[15];
1813 h0->neighbor.target_address = ip0->dst_address;
1815 clib_memcpy (h0->link_layer_option.ethernet_address,
1816 hw_if0->hw_address, vec_len (hw_if0->hw_address));
1818 /* $$$$ appears we need this; why is the checksum non-zero? */
1819 h0->neighbor.icmp.checksum = 0;
1820 h0->neighbor.icmp.checksum =
1821 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h0->ip,
1824 ASSERT (bogus_length == 0);
1826 vlib_buffer_copy_trace_flag (vm, p0, bi0);
1827 b0 = vlib_get_buffer (vm, bi0);
1828 vnet_buffer (b0)->sw_if_index[VLIB_TX]
1829 = vnet_buffer (p0)->sw_if_index[VLIB_TX];
1831 /* Add rewrite/encap string. */
1832 vnet_rewrite_one_header (adj0[0], h0, sizeof (ethernet_header_t));
1833 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
1835 next0 = IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX;
1837 vlib_set_next_frame_buffer (vm, node, next0, bi0);
1841 vlib_put_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1842 n_left_to_next_drop);
1845 return frame->n_vectors;
1849 ip6_discover_neighbor (vlib_main_t * vm,
1850 vlib_node_runtime_t * node, vlib_frame_t * frame)
1852 return (ip6_discover_neighbor_inline (vm, node, frame, 0));
1856 ip6_glean (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1858 return (ip6_discover_neighbor_inline (vm, node, frame, 1));
1861 static char *ip6_discover_neighbor_error_strings[] = {
1862 [IP6_DISCOVER_NEIGHBOR_ERROR_DROP] = "address overflow drops",
1863 [IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT] = "neighbor solicitations sent",
1864 [IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]
1865 = "no source address for ND solicitation",
1869 VLIB_REGISTER_NODE (ip6_discover_neighbor_node) =
1871 .function = ip6_discover_neighbor,
1872 .name = "ip6-discover-neighbor",
1873 .vector_size = sizeof (u32),
1874 .format_trace = format_ip6_forward_next_trace,
1875 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1876 .error_strings = ip6_discover_neighbor_error_strings,
1877 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1880 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1881 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1887 VLIB_REGISTER_NODE (ip6_glean_node) =
1889 .function = ip6_glean,
1890 .name = "ip6-glean",
1891 .vector_size = sizeof (u32),
1892 .format_trace = format_ip6_forward_next_trace,
1893 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1894 .error_strings = ip6_discover_neighbor_error_strings,
1895 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1898 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1899 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1905 ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index)
1907 vnet_main_t *vnm = vnet_get_main ();
1908 ip6_main_t *im = &ip6_main;
1909 icmp6_neighbor_solicitation_header_t *h;
1911 ip_interface_address_t *ia;
1912 ip_adjacency_t *adj;
1913 vnet_hw_interface_t *hi;
1914 vnet_sw_interface_t *si;
1919 si = vnet_get_sw_interface (vnm, sw_if_index);
1921 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1923 return clib_error_return (0, "%U: interface %U down",
1924 format_ip6_address, dst,
1925 format_vnet_sw_if_index_name, vnm,
1930 ip6_interface_address_matching_destination (im, dst, sw_if_index, &ia);
1933 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
1934 return clib_error_return
1935 (0, "no matching interface address for destination %U (interface %U)",
1936 format_ip6_address, dst,
1937 format_vnet_sw_if_index_name, vnm, sw_if_index);
1941 vlib_packet_template_get_packet (vm,
1942 &im->discover_neighbor_packet_template,
1945 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1947 /* Destination address is a solicited node multicast address. We need to fill in
1948 the low 24 bits with low 24 bits of target's address. */
1949 h->ip.dst_address.as_u8[13] = dst->as_u8[13];
1950 h->ip.dst_address.as_u8[14] = dst->as_u8[14];
1951 h->ip.dst_address.as_u8[15] = dst->as_u8[15];
1953 h->ip.src_address = src[0];
1954 h->neighbor.target_address = dst[0];
1956 clib_memcpy (h->link_layer_option.ethernet_address, hi->hw_address,
1957 vec_len (hi->hw_address));
1959 h->neighbor.icmp.checksum =
1960 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h->ip, &bogus_length);
1961 ASSERT (bogus_length == 0);
1963 b = vlib_get_buffer (vm, bi);
1964 vnet_buffer (b)->sw_if_index[VLIB_RX] =
1965 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
1967 /* Add encapsulation string for software interface (e.g. ethernet header). */
1968 adj = ip_get_adjacency (&im->lookup_main, ia->neighbor_probe_adj_index);
1969 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
1970 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
1973 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
1974 u32 *to_next = vlib_frame_vector_args (f);
1977 vlib_put_frame_to_node (vm, hi->output_node_index, f);
1980 return /* no error */ 0;
1985 IP6_REWRITE_NEXT_DROP,
1986 IP6_REWRITE_NEXT_ICMP_ERROR,
1987 } ip6_rewrite_next_t;
1990 ip6_rewrite_inline (vlib_main_t * vm,
1991 vlib_node_runtime_t * node,
1992 vlib_frame_t * frame, int is_midchain, int is_mcast)
1994 ip_lookup_main_t *lm = &ip6_main.lookup_main;
1995 u32 *from = vlib_frame_vector_args (frame);
1996 u32 n_left_from, n_left_to_next, *to_next, next_index;
1997 vlib_node_runtime_t *error_node =
1998 vlib_node_get_runtime (vm, ip6_input_node.index);
2000 n_left_from = frame->n_vectors;
2001 next_index = node->cached_next_index;
2002 u32 cpu_index = os_get_cpu_number ();
2004 while (n_left_from > 0)
2006 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2008 while (n_left_from >= 4 && n_left_to_next >= 2)
2010 ip_adjacency_t *adj0, *adj1;
2011 vlib_buffer_t *p0, *p1;
2012 ip6_header_t *ip0, *ip1;
2013 u32 pi0, rw_len0, next0, error0, adj_index0;
2014 u32 pi1, rw_len1, next1, error1, adj_index1;
2015 u32 tx_sw_if_index0, tx_sw_if_index1;
2017 /* Prefetch next iteration. */
2019 vlib_buffer_t *p2, *p3;
2021 p2 = vlib_get_buffer (vm, from[2]);
2022 p3 = vlib_get_buffer (vm, from[3]);
2024 vlib_prefetch_buffer_header (p2, LOAD);
2025 vlib_prefetch_buffer_header (p3, LOAD);
2027 CLIB_PREFETCH (p2->pre_data, 32, STORE);
2028 CLIB_PREFETCH (p3->pre_data, 32, STORE);
2030 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
2031 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
2034 pi0 = to_next[0] = from[0];
2035 pi1 = to_next[1] = from[1];
2040 n_left_to_next -= 2;
2042 p0 = vlib_get_buffer (vm, pi0);
2043 p1 = vlib_get_buffer (vm, pi1);
2045 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2046 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
2048 /* We should never rewrite a pkt using the MISS adjacency */
2049 ASSERT (adj_index0 && adj_index1);
2051 ip0 = vlib_buffer_get_current (p0);
2052 ip1 = vlib_buffer_get_current (p1);
2054 error0 = error1 = IP6_ERROR_NONE;
2055 next0 = next1 = IP6_REWRITE_NEXT_DROP;
2057 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2059 i32 hop_limit0 = ip0->hop_limit;
2061 /* Input node should have reject packets with hop limit 0. */
2062 ASSERT (ip0->hop_limit > 0);
2066 ip0->hop_limit = hop_limit0;
2069 * If the hop count drops below 1 when forwarding, generate
2072 if (PREDICT_FALSE (hop_limit0 <= 0))
2074 error0 = IP6_ERROR_TIME_EXPIRED;
2075 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2076 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2077 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2078 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2084 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2086 if (PREDICT_TRUE (!(p1->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2088 i32 hop_limit1 = ip1->hop_limit;
2090 /* Input node should have reject packets with hop limit 0. */
2091 ASSERT (ip1->hop_limit > 0);
2095 ip1->hop_limit = hop_limit1;
2098 * If the hop count drops below 1 when forwarding, generate
2101 if (PREDICT_FALSE (hop_limit1 <= 0))
2103 error1 = IP6_ERROR_TIME_EXPIRED;
2104 next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
2105 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2106 icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
2107 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2113 p1->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2115 adj0 = ip_get_adjacency (lm, adj_index0);
2116 adj1 = ip_get_adjacency (lm, adj_index1);
2118 rw_len0 = adj0[0].rewrite_header.data_bytes;
2119 rw_len1 = adj1[0].rewrite_header.data_bytes;
2120 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2121 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
2123 vlib_increment_combined_counter
2124 (&adjacency_counters,
2126 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2127 vlib_increment_combined_counter
2128 (&adjacency_counters,
2129 cpu_index, adj_index1,
2130 1, vlib_buffer_length_in_chain (vm, p1) + rw_len1);
2132 /* Check MTU of outgoing interface. */
2134 (vlib_buffer_length_in_chain (vm, p0) >
2136 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2139 (vlib_buffer_length_in_chain (vm, p1) >
2141 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2144 /* Don't adjust the buffer for hop count issue; icmp-error node
2145 * wants to see the IP headerr */
2146 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2148 p0->current_data -= rw_len0;
2149 p0->current_length += rw_len0;
2151 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2152 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2153 next0 = adj0[0].rewrite_header.next_index;
2155 vnet_feature_arc_start (lm->output_feature_arc_index,
2156 tx_sw_if_index0, &next0, p0);
2158 if (PREDICT_TRUE (error1 == IP6_ERROR_NONE))
2160 p1->current_data -= rw_len1;
2161 p1->current_length += rw_len1;
2163 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2164 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2165 next1 = adj1[0].rewrite_header.next_index;
2167 vnet_feature_arc_start (lm->output_feature_arc_index,
2168 tx_sw_if_index1, &next1, p1);
2171 /* Guess we are only writing on simple Ethernet header. */
2172 vnet_rewrite_two_headers (adj0[0], adj1[0],
2173 ip0, ip1, sizeof (ethernet_header_t));
2177 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2178 adj1->sub_type.midchain.fixup_func (vm, adj1, p1);
2183 * copy bytes from the IP address into the MAC rewrite
2185 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2186 vnet_fixup_one_header (adj1[0], &ip1->dst_address, ip1, 0);
2189 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
2190 to_next, n_left_to_next,
2191 pi0, pi1, next0, next1);
2194 while (n_left_from > 0 && n_left_to_next > 0)
2196 ip_adjacency_t *adj0;
2200 u32 adj_index0, next0, error0;
2201 u32 tx_sw_if_index0;
2203 pi0 = to_next[0] = from[0];
2205 p0 = vlib_get_buffer (vm, pi0);
2207 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2209 /* We should never rewrite a pkt using the MISS adjacency */
2210 ASSERT (adj_index0);
2212 adj0 = ip_get_adjacency (lm, adj_index0);
2214 ip0 = vlib_buffer_get_current (p0);
2216 error0 = IP6_ERROR_NONE;
2217 next0 = IP6_REWRITE_NEXT_DROP;
2219 /* Check hop limit */
2220 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2222 i32 hop_limit0 = ip0->hop_limit;
2224 ASSERT (ip0->hop_limit > 0);
2228 ip0->hop_limit = hop_limit0;
2230 if (PREDICT_FALSE (hop_limit0 <= 0))
2233 * If the hop count drops below 1 when forwarding, generate
2236 error0 = IP6_ERROR_TIME_EXPIRED;
2237 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2238 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2239 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2240 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2246 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2249 /* Guess we are only writing on simple Ethernet header. */
2250 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2252 /* Update packet buffer attributes/set output interface. */
2253 rw_len0 = adj0[0].rewrite_header.data_bytes;
2254 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2256 vlib_increment_combined_counter
2257 (&adjacency_counters,
2259 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2261 /* Check MTU of outgoing interface. */
2263 (vlib_buffer_length_in_chain (vm, p0) >
2265 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2268 /* Don't adjust the buffer for hop count issue; icmp-error node
2269 * wants to see the IP headerr */
2270 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2272 p0->current_data -= rw_len0;
2273 p0->current_length += rw_len0;
2275 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2277 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2278 next0 = adj0[0].rewrite_header.next_index;
2280 vnet_feature_arc_start (lm->output_feature_arc_index,
2281 tx_sw_if_index0, &next0, p0);
2286 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2290 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2293 p0->error = error_node->errors[error0];
2298 n_left_to_next -= 1;
2300 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2301 to_next, n_left_to_next,
2305 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2308 /* Need to do trace after rewrites to pick up new packet data. */
2309 if (node->flags & VLIB_NODE_FLAG_TRACE)
2310 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
2312 return frame->n_vectors;
2316 ip6_rewrite (vlib_main_t * vm,
2317 vlib_node_runtime_t * node, vlib_frame_t * frame)
2319 return ip6_rewrite_inline (vm, node, frame, 0, 0);
2323 ip6_rewrite_mcast (vlib_main_t * vm,
2324 vlib_node_runtime_t * node, vlib_frame_t * frame)
2326 return ip6_rewrite_inline (vm, node, frame, 0, 1);
2330 ip6_midchain (vlib_main_t * vm,
2331 vlib_node_runtime_t * node, vlib_frame_t * frame)
2333 return ip6_rewrite_inline (vm, node, frame, 1, 0);
2337 VLIB_REGISTER_NODE (ip6_midchain_node) =
2339 .function = ip6_midchain,
2340 .name = "ip6-midchain",
2341 .vector_size = sizeof (u32),
2342 .format_trace = format_ip6_forward_next_trace,
2343 .sibling_of = "ip6-rewrite",
2347 VLIB_NODE_FUNCTION_MULTIARCH (ip6_midchain_node, ip6_midchain);
2350 VLIB_REGISTER_NODE (ip6_rewrite_node) =
2352 .function = ip6_rewrite,
2353 .name = "ip6-rewrite",
2354 .vector_size = sizeof (u32),
2355 .format_trace = format_ip6_rewrite_trace,
2359 [IP6_REWRITE_NEXT_DROP] = "error-drop",
2360 [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
2365 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite);
2368 VLIB_REGISTER_NODE (ip6_rewrite_mcast_node) =
2370 .function = ip6_rewrite_mcast,
2371 .name = "ip6-rewrite-mcast",
2372 .vector_size = sizeof (u32),
2373 .format_trace = format_ip6_rewrite_trace,
2374 .sibling_of = "ip6-rewrite",
2378 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_mcast_node, ip6_rewrite_mcast);
2381 * Hop-by-Hop handling
2383 ip6_hop_by_hop_main_t ip6_hop_by_hop_main;
2385 #define foreach_ip6_hop_by_hop_error \
2386 _(PROCESSED, "pkts with ip6 hop-by-hop options") \
2387 _(FORMAT, "incorrectly formatted hop-by-hop options") \
2388 _(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options")
2393 #define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym,
2394 foreach_ip6_hop_by_hop_error
2396 IP6_HOP_BY_HOP_N_ERROR,
2397 } ip6_hop_by_hop_error_t;
2401 * Primary h-b-h handler trace support
2402 * We work pretty hard on the problem for obvious reasons
2408 u8 option_data[256];
2409 } ip6_hop_by_hop_trace_t;
2411 vlib_node_registration_t ip6_hop_by_hop_node;
2413 static char *ip6_hop_by_hop_error_strings[] = {
2414 #define _(sym,string) string,
2415 foreach_ip6_hop_by_hop_error
2420 format_ip6_hop_by_hop_trace (u8 * s, va_list * args)
2422 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
2423 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
2424 ip6_hop_by_hop_trace_t *t = va_arg (*args, ip6_hop_by_hop_trace_t *);
2425 ip6_hop_by_hop_header_t *hbh0;
2426 ip6_hop_by_hop_option_t *opt0, *limit0;
2427 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2431 hbh0 = (ip6_hop_by_hop_header_t *) t->option_data;
2433 s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d",
2434 t->next_index, (hbh0->length + 1) << 3, t->trace_len);
2436 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2437 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0) + t->trace_len;
2439 while (opt0 < limit0)
2444 case 0: /* Pad, just stop */
2445 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2449 if (hm->trace[type0])
2451 s = (*hm->trace[type0]) (s, opt0);
2456 format (s, "\n unrecognized option %d length %d", type0,
2460 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2461 sizeof (ip6_hop_by_hop_option_t));
2469 ip6_scan_hbh_options (vlib_buffer_t * b0,
2471 ip6_hop_by_hop_header_t * hbh0,
2472 ip6_hop_by_hop_option_t * opt0,
2473 ip6_hop_by_hop_option_t * limit0, u32 * next0)
2475 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2479 while (opt0 < limit0)
2485 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2490 if (hm->options[type0])
2492 if ((*hm->options[type0]) (b0, ip0, opt0) < 0)
2494 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2500 /* Unrecognized mandatory option, check the two high order bits */
2501 switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
2503 case HBH_OPTION_TYPE_SKIP_UNKNOWN:
2505 case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
2506 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2507 *next0 = IP_LOOKUP_NEXT_DROP;
2509 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
2510 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2511 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2512 icmp6_error_set_vnet_buffer (b0, ICMP6_parameter_problem,
2513 ICMP6_parameter_problem_unrecognized_option,
2514 (u8 *) opt0 - (u8 *) ip0);
2516 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
2517 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2518 if (!ip6_address_is_multicast (&ip0->dst_address))
2520 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2521 icmp6_error_set_vnet_buffer (b0,
2522 ICMP6_parameter_problem,
2523 ICMP6_parameter_problem_unrecognized_option,
2524 (u8 *) opt0 - (u8 *) ip0);
2528 *next0 = IP_LOOKUP_NEXT_DROP;
2536 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2537 sizeof (ip6_hop_by_hop_option_t));
2543 * Process the Hop-by-Hop Options header
2546 ip6_hop_by_hop (vlib_main_t * vm,
2547 vlib_node_runtime_t * node, vlib_frame_t * frame)
2549 vlib_node_runtime_t *error_node =
2550 vlib_node_get_runtime (vm, ip6_hop_by_hop_node.index);
2551 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2552 u32 n_left_from, *from, *to_next;
2553 ip_lookup_next_t next_index;
2554 ip6_main_t *im = &ip6_main;
2555 ip_lookup_main_t *lm = &im->lookup_main;
2557 from = vlib_frame_vector_args (frame);
2558 n_left_from = frame->n_vectors;
2559 next_index = node->cached_next_index;
2561 while (n_left_from > 0)
2565 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2567 while (n_left_from >= 4 && n_left_to_next >= 2)
2570 vlib_buffer_t *b0, *b1;
2572 ip6_header_t *ip0, *ip1;
2573 ip6_hop_by_hop_header_t *hbh0, *hbh1;
2574 ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
2575 u8 error0 = 0, error1 = 0;
2577 /* Prefetch next iteration. */
2579 vlib_buffer_t *p2, *p3;
2581 p2 = vlib_get_buffer (vm, from[2]);
2582 p3 = vlib_get_buffer (vm, from[3]);
2584 vlib_prefetch_buffer_header (p2, LOAD);
2585 vlib_prefetch_buffer_header (p3, LOAD);
2587 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2588 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2591 /* Speculatively enqueue b0, b1 to the current next frame */
2592 to_next[0] = bi0 = from[0];
2593 to_next[1] = bi1 = from[1];
2597 n_left_to_next -= 2;
2599 b0 = vlib_get_buffer (vm, bi0);
2600 b1 = vlib_get_buffer (vm, bi1);
2602 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2603 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2604 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2605 u32 adj_index1 = vnet_buffer (b1)->ip.adj_index[VLIB_TX];
2606 ip_adjacency_t *adj1 = ip_get_adjacency (lm, adj_index1);
2608 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2609 next0 = adj0->lookup_next_index;
2610 next1 = adj1->lookup_next_index;
2612 ip0 = vlib_buffer_get_current (b0);
2613 ip1 = vlib_buffer_get_current (b1);
2614 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2615 hbh1 = (ip6_hop_by_hop_header_t *) (ip1 + 1);
2616 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2617 opt1 = (ip6_hop_by_hop_option_t *) (hbh1 + 1);
2619 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2620 ((hbh0->length + 1) << 3));
2622 (ip6_hop_by_hop_option_t *) ((u8 *) hbh1 +
2623 ((hbh1->length + 1) << 3));
2626 * Basic validity checks
2628 if ((hbh0->length + 1) << 3 >
2629 clib_net_to_host_u16 (ip0->payload_length))
2631 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2632 next0 = IP_LOOKUP_NEXT_DROP;
2635 /* Scan the set of h-b-h options, process ones that we understand */
2636 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2638 if ((hbh1->length + 1) << 3 >
2639 clib_net_to_host_u16 (ip1->payload_length))
2641 error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2642 next1 = IP_LOOKUP_NEXT_DROP;
2645 /* Scan the set of h-b-h options, process ones that we understand */
2646 error1 = ip6_scan_hbh_options (b1, ip1, hbh1, opt1, limit1, &next1);
2649 /* Has the classifier flagged this buffer for special treatment? */
2652 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2653 next0 = hm->next_override;
2655 /* Has the classifier flagged this buffer for special treatment? */
2658 && (vnet_buffer (b1)->l2_classify.opaque_index & OI_DECAP)))
2659 next1 = hm->next_override;
2661 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
2663 if (b0->flags & VLIB_BUFFER_IS_TRACED)
2665 ip6_hop_by_hop_trace_t *t =
2666 vlib_add_trace (vm, node, b0, sizeof (*t));
2667 u32 trace_len = (hbh0->length + 1) << 3;
2668 t->next_index = next0;
2669 /* Capture the h-b-h option verbatim */
2672 ARRAY_LEN (t->option_data) ? trace_len :
2673 ARRAY_LEN (t->option_data);
2674 t->trace_len = trace_len;
2675 clib_memcpy (t->option_data, hbh0, trace_len);
2677 if (b1->flags & VLIB_BUFFER_IS_TRACED)
2679 ip6_hop_by_hop_trace_t *t =
2680 vlib_add_trace (vm, node, b1, sizeof (*t));
2681 u32 trace_len = (hbh1->length + 1) << 3;
2682 t->next_index = next1;
2683 /* Capture the h-b-h option verbatim */
2686 ARRAY_LEN (t->option_data) ? trace_len :
2687 ARRAY_LEN (t->option_data);
2688 t->trace_len = trace_len;
2689 clib_memcpy (t->option_data, hbh1, trace_len);
2694 b0->error = error_node->errors[error0];
2695 b1->error = error_node->errors[error1];
2697 /* verify speculative enqueue, maybe switch current next frame */
2698 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
2699 n_left_to_next, bi0, bi1, next0,
2703 while (n_left_from > 0 && n_left_to_next > 0)
2709 ip6_hop_by_hop_header_t *hbh0;
2710 ip6_hop_by_hop_option_t *opt0, *limit0;
2713 /* Speculatively enqueue b0 to the current next frame */
2719 n_left_to_next -= 1;
2721 b0 = vlib_get_buffer (vm, bi0);
2723 * Default use the next_index from the adjacency.
2724 * A HBH option rarely redirects to a different node
2726 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2727 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2728 next0 = adj0->lookup_next_index;
2730 ip0 = vlib_buffer_get_current (b0);
2731 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2732 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2734 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2735 ((hbh0->length + 1) << 3));
2738 * Basic validity checks
2740 if ((hbh0->length + 1) << 3 >
2741 clib_net_to_host_u16 (ip0->payload_length))
2743 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2744 next0 = IP_LOOKUP_NEXT_DROP;
2748 /* Scan the set of h-b-h options, process ones that we understand */
2749 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2752 /* Has the classifier flagged this buffer for special treatment? */
2755 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2756 next0 = hm->next_override;
2758 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2760 ip6_hop_by_hop_trace_t *t =
2761 vlib_add_trace (vm, node, b0, sizeof (*t));
2762 u32 trace_len = (hbh0->length + 1) << 3;
2763 t->next_index = next0;
2764 /* Capture the h-b-h option verbatim */
2767 ARRAY_LEN (t->option_data) ? trace_len :
2768 ARRAY_LEN (t->option_data);
2769 t->trace_len = trace_len;
2770 clib_memcpy (t->option_data, hbh0, trace_len);
2773 b0->error = error_node->errors[error0];
2775 /* verify speculative enqueue, maybe switch current next frame */
2776 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2777 n_left_to_next, bi0, next0);
2779 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2781 return frame->n_vectors;
2785 VLIB_REGISTER_NODE (ip6_hop_by_hop_node) =
2787 .function = ip6_hop_by_hop,
2788 .name = "ip6-hop-by-hop",
2789 .sibling_of = "ip6-lookup",
2790 .vector_size = sizeof (u32),
2791 .format_trace = format_ip6_hop_by_hop_trace,
2792 .type = VLIB_NODE_TYPE_INTERNAL,
2793 .n_errors = ARRAY_LEN (ip6_hop_by_hop_error_strings),
2794 .error_strings = ip6_hop_by_hop_error_strings,
2799 VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop);
2801 static clib_error_t *
2802 ip6_hop_by_hop_init (vlib_main_t * vm)
2804 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2805 memset (hm->options, 0, sizeof (hm->options));
2806 memset (hm->trace, 0, sizeof (hm->trace));
2807 hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
2811 VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
2814 ip6_hbh_set_next_override (uword next)
2816 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2818 hm->next_override = next;
2822 ip6_hbh_register_option (u8 option,
2823 int options (vlib_buffer_t * b, ip6_header_t * ip,
2824 ip6_hop_by_hop_option_t * opt),
2825 u8 * trace (u8 * s, ip6_hop_by_hop_option_t * opt))
2827 ip6_main_t *im = &ip6_main;
2828 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2830 ASSERT (option < ARRAY_LEN (hm->options));
2832 /* Already registered */
2833 if (hm->options[option])
2836 hm->options[option] = options;
2837 hm->trace[option] = trace;
2839 /* Set global variable */
2840 im->hbh_enabled = 1;
2846 ip6_hbh_unregister_option (u8 option)
2848 ip6_main_t *im = &ip6_main;
2849 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2851 ASSERT (option < ARRAY_LEN (hm->options));
2853 /* Not registered */
2854 if (!hm->options[option])
2857 hm->options[option] = NULL;
2858 hm->trace[option] = NULL;
2860 /* Disable global knob if this was the last option configured */
2863 for (i = 0; i < 256; i++)
2865 if (hm->options[option])
2872 im->hbh_enabled = 0;
2877 /* Global IP6 main. */
2878 ip6_main_t ip6_main;
2880 static clib_error_t *
2881 ip6_lookup_init (vlib_main_t * vm)
2883 ip6_main_t *im = &ip6_main;
2884 clib_error_t *error;
2887 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
2890 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
2897 for (j = 0; j < i0; j++)
2898 im->fib_masks[i].as_u32[j] = ~0;
2901 im->fib_masks[i].as_u32[i0] =
2902 clib_host_to_net_u32 (pow2_mask (i1) << (32 - i1));
2905 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 1);
2907 if (im->lookup_table_nbuckets == 0)
2908 im->lookup_table_nbuckets = IP6_FIB_DEFAULT_HASH_NUM_BUCKETS;
2910 im->lookup_table_nbuckets = 1 << max_log2 (im->lookup_table_nbuckets);
2912 if (im->lookup_table_size == 0)
2913 im->lookup_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE;
2915 BV (clib_bihash_init) (&(im->ip6_table[IP6_FIB_TABLE_FWDING].ip6_hash),
2916 "ip6 FIB fwding table",
2917 im->lookup_table_nbuckets, im->lookup_table_size);
2918 BV (clib_bihash_init) (&im->ip6_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash,
2919 "ip6 FIB non-fwding table",
2920 im->lookup_table_nbuckets, im->lookup_table_size);
2922 /* Create FIB with index 0 and table id of 0. */
2923 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2924 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2928 pn = pg_get_node (ip6_lookup_node.index);
2929 pn->unformat_edit = unformat_pg_ip6_header;
2932 /* Unless explicitly configured, don't process HBH options */
2933 im->hbh_enabled = 0;
2936 icmp6_neighbor_solicitation_header_t p;
2938 memset (&p, 0, sizeof (p));
2940 p.ip.ip_version_traffic_class_and_flow_label =
2941 clib_host_to_net_u32 (0x6 << 28);
2942 p.ip.payload_length =
2943 clib_host_to_net_u16 (sizeof (p) -
2945 (icmp6_neighbor_solicitation_header_t, neighbor));
2946 p.ip.protocol = IP_PROTOCOL_ICMP6;
2947 p.ip.hop_limit = 255;
2948 ip6_set_solicited_node_multicast_address (&p.ip.dst_address, 0);
2950 p.neighbor.icmp.type = ICMP6_neighbor_solicitation;
2952 p.link_layer_option.header.type =
2953 ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address;
2954 p.link_layer_option.header.n_data_u64s =
2955 sizeof (p.link_layer_option) / sizeof (u64);
2957 vlib_packet_template_init (vm,
2958 &im->discover_neighbor_packet_template,
2960 /* alloc chunk size */ 8,
2961 "ip6 neighbor discovery");
2967 VLIB_INIT_FUNCTION (ip6_lookup_init);
2969 static clib_error_t *
2970 add_del_ip6_interface_table (vlib_main_t * vm,
2971 unformat_input_t * input,
2972 vlib_cli_command_t * cmd)
2974 vnet_main_t *vnm = vnet_get_main ();
2975 clib_error_t *error = 0;
2976 u32 sw_if_index, table_id;
2980 if (!unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index))
2982 error = clib_error_return (0, "unknown interface `%U'",
2983 format_unformat_error, input);
2987 if (unformat (input, "%d", &table_id))
2991 error = clib_error_return (0, "expected table id `%U'",
2992 format_unformat_error, input);
2997 u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3000 vec_validate (ip6_main.fib_index_by_sw_if_index, sw_if_index);
3001 ip6_main.fib_index_by_sw_if_index[sw_if_index] = fib_index;
3003 fib_index = mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3006 vec_validate (ip6_main.mfib_index_by_sw_if_index, sw_if_index);
3007 ip6_main.mfib_index_by_sw_if_index[sw_if_index] = fib_index;
3016 * Place the indicated interface into the supplied IPv6 FIB table (also known
3017 * as a VRF). If the FIB table does not exist, this command creates it. To
3018 * display the current IPv6 FIB table, use the command '<em>show ip6 fib</em>'.
3019 * FIB table will only be displayed if a route has been added to the table, or
3020 * an IP Address is assigned to an interface in the table (which adds a route
3023 * @note IP addresses added after setting the interface IP table end up in
3024 * the indicated FIB table. If the IP address is added prior to adding the
3025 * interface to the FIB table, it will NOT be part of the FIB table. Predictable
3026 * but potentially counter-intuitive results occur if you provision interface
3027 * addresses in multiple FIBs. Upon RX, packets will be processed in the last
3028 * IP table ID provisioned. It might be marginally useful to evade source RPF
3029 * drops to put an interface address into multiple FIBs.
3032 * Example of how to add an interface to an IPv6 FIB table (where 2 is the table-id):
3033 * @cliexcmd{set interface ip6 table GigabitEthernet2/0/0 2}
3036 VLIB_CLI_COMMAND (set_interface_ip6_table_command, static) =
3038 .path = "set interface ip6 table",
3039 .function = add_del_ip6_interface_table,
3040 .short_help = "set interface ip6 table <interface> <table-id>"
3045 ip6_link_local_address_from_ethernet_mac_address (ip6_address_t * ip,
3048 ip->as_u64[0] = clib_host_to_net_u64 (0xFE80000000000000ULL);
3049 /* Invert the "u" bit */
3050 ip->as_u8[8] = mac[0] ^ (1 << 1);
3051 ip->as_u8[9] = mac[1];
3052 ip->as_u8[10] = mac[2];
3053 ip->as_u8[11] = 0xFF;
3054 ip->as_u8[12] = 0xFE;
3055 ip->as_u8[13] = mac[3];
3056 ip->as_u8[14] = mac[4];
3057 ip->as_u8[15] = mac[5];
3061 ip6_ethernet_mac_address_from_link_local_address (u8 * mac,
3064 /* Invert the previously inverted "u" bit */
3065 mac[0] = ip->as_u8[8] ^ (1 << 1);
3066 mac[1] = ip->as_u8[9];
3067 mac[2] = ip->as_u8[10];
3068 mac[3] = ip->as_u8[13];
3069 mac[4] = ip->as_u8[14];
3070 mac[5] = ip->as_u8[15];
3073 static clib_error_t *
3074 test_ip6_link_command_fn (vlib_main_t * vm,
3075 unformat_input_t * input, vlib_cli_command_t * cmd)
3078 ip6_address_t _a, *a = &_a;
3080 if (unformat (input, "%U", unformat_ethernet_address, mac))
3082 ip6_link_local_address_from_ethernet_mac_address (a, mac);
3083 vlib_cli_output (vm, "Link local address: %U", format_ip6_address, a);
3084 ip6_ethernet_mac_address_from_link_local_address (mac, a);
3085 vlib_cli_output (vm, "Original MAC address: %U",
3086 format_ethernet_address, mac);
3093 * This command converts the given MAC Address into an IPv6 link-local
3097 * Example of how to create an IPv6 link-local address:
3098 * @cliexstart{test ip6 link 16:d9:e0:91:79:86}
3099 * Link local address: fe80::14d9:e0ff:fe91:7986
3100 * Original MAC address: 16:d9:e0:91:79:86
3104 VLIB_CLI_COMMAND (test_link_command, static) =
3106 .path = "test ip6 link",
3107 .function = test_ip6_link_command_fn,
3108 .short_help = "test ip6 link <mac-address>",
3113 vnet_set_ip6_flow_hash (u32 table_id, u32 flow_hash_config)
3115 ip6_main_t *im6 = &ip6_main;
3117 uword *p = hash_get (im6->fib_index_by_table_id, table_id);
3122 fib = ip6_fib_get (p[0]);
3124 fib->flow_hash_config = flow_hash_config;
3128 static clib_error_t *
3129 set_ip6_flow_hash_command_fn (vlib_main_t * vm,
3130 unformat_input_t * input,
3131 vlib_cli_command_t * cmd)
3135 u32 flow_hash_config = 0;
3138 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3140 if (unformat (input, "table %d", &table_id))
3143 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
3144 foreach_flow_hash_bit
3151 return clib_error_return (0, "unknown input `%U'",
3152 format_unformat_error, input);
3154 rv = vnet_set_ip6_flow_hash (table_id, flow_hash_config);
3161 return clib_error_return (0, "no such FIB table %d", table_id);
3164 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
3172 * Configure the set of IPv6 fields used by the flow hash.
3176 * Example of how to set the flow hash on a given table:
3177 * @cliexcmd{set ip6 flow-hash table 8 dst sport dport proto}
3179 * Example of display the configured flow hash:
3180 * @cliexstart{show ip6 fib}
3181 * ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
3184 * [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
3185 * [0] [@0]: dpo-drop ip6
3188 * [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
3189 * [0] [@2]: dpo-receive
3192 * [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
3193 * [0] [@2]: dpo-receive
3196 * [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
3197 * [0] [@2]: dpo-receive
3200 * [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
3201 * [0] [@2]: dpo-receive
3202 * ff02::1:ff00:0/104
3204 * [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
3205 * [0] [@2]: dpo-receive
3206 * ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
3209 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
3210 * [0] [@0]: dpo-drop ip6
3213 * [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
3214 * [0] [@4]: ipv6-glean: af_packet0
3217 * [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
3218 * [0] [@2]: dpo-receive: @::a:1:1:0:7 on af_packet0
3221 * [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
3222 * [0] [@2]: dpo-receive
3223 * fe80::fe:3eff:fe3e:9222/128
3225 * [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
3226 * [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
3229 * [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
3230 * [0] [@2]: dpo-receive
3233 * [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
3234 * [0] [@2]: dpo-receive
3237 * [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
3238 * [0] [@2]: dpo-receive
3239 * ff02::1:ff00:0/104
3241 * [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
3242 * [0] [@2]: dpo-receive
3247 VLIB_CLI_COMMAND (set_ip6_flow_hash_command, static) =
3249 .path = "set ip6 flow-hash",
3251 "set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
3252 .function = set_ip6_flow_hash_command_fn,
3256 static clib_error_t *
3257 show_ip6_local_command_fn (vlib_main_t * vm,
3258 unformat_input_t * input, vlib_cli_command_t * cmd)
3260 ip6_main_t *im = &ip6_main;
3261 ip_lookup_main_t *lm = &im->lookup_main;
3264 vlib_cli_output (vm, "Protocols handled by ip6_local");
3265 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
3267 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
3268 vlib_cli_output (vm, "%d", i);
3276 * Display the set of protocols handled by the local IPv6 stack.
3279 * Example of how to display local protocol table:
3280 * @cliexstart{show ip6 local}
3281 * Protocols handled by ip6_local
3289 VLIB_CLI_COMMAND (show_ip6_local, static) =
3291 .path = "show ip6 local",
3292 .function = show_ip6_local_command_fn,
3293 .short_help = "show ip6 local",
3298 vnet_set_ip6_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3301 vnet_main_t *vnm = vnet_get_main ();
3302 vnet_interface_main_t *im = &vnm->interface_main;
3303 ip6_main_t *ipm = &ip6_main;
3304 ip_lookup_main_t *lm = &ipm->lookup_main;
3305 vnet_classify_main_t *cm = &vnet_classify_main;
3306 ip6_address_t *if_addr;
3308 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3309 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3311 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3312 return VNET_API_ERROR_NO_SUCH_ENTRY;
3314 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3315 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3317 if_addr = ip6_interface_first_address (ipm, sw_if_index);
3319 if (NULL != if_addr)
3321 fib_prefix_t pfx = {
3323 .fp_proto = FIB_PROTOCOL_IP6,
3324 .fp_addr.ip6 = *if_addr,
3328 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3332 if (table_index != (u32) ~ 0)
3334 dpo_id_t dpo = DPO_INVALID;
3339 classify_dpo_create (DPO_PROTO_IP6, table_index));
3341 fib_table_entry_special_dpo_add (fib_index,
3343 FIB_SOURCE_CLASSIFY,
3344 FIB_ENTRY_FLAG_NONE, &dpo);
3349 fib_table_entry_special_remove (fib_index,
3350 &pfx, FIB_SOURCE_CLASSIFY);
3357 static clib_error_t *
3358 set_ip6_classify_command_fn (vlib_main_t * vm,
3359 unformat_input_t * input,
3360 vlib_cli_command_t * cmd)
3362 u32 table_index = ~0;
3363 int table_index_set = 0;
3364 u32 sw_if_index = ~0;
3367 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3369 if (unformat (input, "table-index %d", &table_index))
3370 table_index_set = 1;
3371 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3372 vnet_get_main (), &sw_if_index))
3378 if (table_index_set == 0)
3379 return clib_error_return (0, "classify table-index must be specified");
3381 if (sw_if_index == ~0)
3382 return clib_error_return (0, "interface / subif must be specified");
3384 rv = vnet_set_ip6_classify_intfc (vm, sw_if_index, table_index);
3391 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3392 return clib_error_return (0, "No such interface");
3394 case VNET_API_ERROR_NO_SUCH_ENTRY:
3395 return clib_error_return (0, "No such classifier table");
3401 * Assign a classification table to an interface. The classification
3402 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3403 * commands. Once the table is create, use this command to filter packets
3407 * Example of how to assign a classification table to an interface:
3408 * @cliexcmd{set ip6 classify intfc GigabitEthernet2/0/0 table-index 1}
3411 VLIB_CLI_COMMAND (set_ip6_classify_command, static) =
3413 .path = "set ip6 classify",
3415 "set ip6 classify intfc <interface> table-index <classify-idx>",
3416 .function = set_ip6_classify_command_fn,
3420 static clib_error_t *
3421 ip6_config (vlib_main_t * vm, unformat_input_t * input)
3423 ip6_main_t *im = &ip6_main;
3428 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3430 if (unformat (input, "hash-buckets %d", &tmp))
3432 else if (unformat (input, "heap-size %dm", &tmp))
3433 heapsize = ((u64) tmp) << 20;
3434 else if (unformat (input, "heap-size %dM", &tmp))
3435 heapsize = ((u64) tmp) << 20;
3436 else if (unformat (input, "heap-size %dg", &tmp))
3437 heapsize = ((u64) tmp) << 30;
3438 else if (unformat (input, "heap-size %dG", &tmp))
3439 heapsize = ((u64) tmp) << 30;
3441 return clib_error_return (0, "unknown input '%U'",
3442 format_unformat_error, input);
3445 im->lookup_table_nbuckets = nbuckets;
3446 im->lookup_table_size = heapsize;
3451 VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
3454 * fd.io coding-style-patch-verification: ON
3457 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob