2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip6_forward.c: IP v6 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
43 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
44 #include <vppinfra/cache.h>
45 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
46 #include <vnet/fib/ip6_fib.h>
47 #include <vnet/mfib/ip6_mfib.h>
48 #include <vnet/dpo/load_balance.h>
49 #include <vnet/dpo/classify_dpo.h>
51 #include <vppinfra/bihash_template.c>
53 /* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */
54 #define OI_DECAP 0x80000000
58 * @brief IPv6 Forwarding.
60 * This file contains the source code for IPv6 forwarding.
64 ip6_forward_next_trace (vlib_main_t * vm,
65 vlib_node_runtime_t * node,
67 vlib_rx_or_tx_t which_adj_index);
70 ip6_lookup_inline (vlib_main_t * vm,
71 vlib_node_runtime_t * node, vlib_frame_t * frame)
73 ip6_main_t *im = &ip6_main;
74 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_to_counters;
75 u32 n_left_from, n_left_to_next, *from, *to_next;
76 ip_lookup_next_t next;
77 u32 cpu_index = os_get_cpu_number ();
79 from = vlib_frame_vector_args (frame);
80 n_left_from = frame->n_vectors;
81 next = node->cached_next_index;
83 while (n_left_from > 0)
85 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
87 while (n_left_from >= 4 && n_left_to_next >= 2)
89 vlib_buffer_t *p0, *p1;
90 u32 pi0, pi1, lbi0, lbi1, wrong_next;
91 ip_lookup_next_t next0, next1;
92 ip6_header_t *ip0, *ip1;
93 ip6_address_t *dst_addr0, *dst_addr1;
94 u32 fib_index0, fib_index1;
95 u32 flow_hash_config0, flow_hash_config1;
96 const dpo_id_t *dpo0, *dpo1;
97 const load_balance_t *lb0, *lb1;
99 /* Prefetch next iteration. */
101 vlib_buffer_t *p2, *p3;
103 p2 = vlib_get_buffer (vm, from[2]);
104 p3 = vlib_get_buffer (vm, from[3]);
106 vlib_prefetch_buffer_header (p2, LOAD);
107 vlib_prefetch_buffer_header (p3, LOAD);
108 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), LOAD);
109 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), LOAD);
112 pi0 = to_next[0] = from[0];
113 pi1 = to_next[1] = from[1];
115 p0 = vlib_get_buffer (vm, pi0);
116 p1 = vlib_get_buffer (vm, pi1);
118 ip0 = vlib_buffer_get_current (p0);
119 ip1 = vlib_buffer_get_current (p1);
121 dst_addr0 = &ip0->dst_address;
122 dst_addr1 = &ip1->dst_address;
125 vec_elt (im->fib_index_by_sw_if_index,
126 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
128 vec_elt (im->fib_index_by_sw_if_index,
129 vnet_buffer (p1)->sw_if_index[VLIB_RX]);
131 fib_index0 = (vnet_buffer (p0)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
132 fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
133 fib_index1 = (vnet_buffer (p1)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
134 fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
136 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
137 lbi1 = ip6_fib_table_fwding_lookup (im, fib_index1, dst_addr1);
139 lb0 = load_balance_get (lbi0);
140 lb1 = load_balance_get (lbi1);
142 vnet_buffer (p0)->ip.flow_hash = vnet_buffer (p1)->ip.flow_hash = 0;
144 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
146 flow_hash_config0 = lb0->lb_hash_config;
147 vnet_buffer (p0)->ip.flow_hash =
148 ip6_compute_flow_hash (ip0, flow_hash_config0);
150 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
152 flow_hash_config1 = lb1->lb_hash_config;
153 vnet_buffer (p1)->ip.flow_hash =
154 ip6_compute_flow_hash (ip1, flow_hash_config1);
157 ASSERT (lb0->lb_n_buckets > 0);
158 ASSERT (lb1->lb_n_buckets > 0);
159 ASSERT (is_pow2 (lb0->lb_n_buckets));
160 ASSERT (is_pow2 (lb1->lb_n_buckets));
161 dpo0 = load_balance_get_bucket_i (lb0,
162 (vnet_buffer (p0)->ip.flow_hash &
163 lb0->lb_n_buckets_minus_1));
164 dpo1 = load_balance_get_bucket_i (lb1,
165 (vnet_buffer (p1)->ip.flow_hash &
166 lb1->lb_n_buckets_minus_1));
168 next0 = dpo0->dpoi_next_node;
169 next1 = dpo1->dpoi_next_node;
171 /* Only process the HBH Option Header if explicitly configured to do so */
173 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
175 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
176 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
179 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
181 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
182 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
184 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
185 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
187 vlib_increment_combined_counter
188 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
189 vlib_increment_combined_counter
190 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
197 wrong_next = (next0 != next) + 2 * (next1 != next);
198 if (PREDICT_FALSE (wrong_next != 0))
207 vlib_set_next_frame_buffer (vm, node, next0, pi0);
214 vlib_set_next_frame_buffer (vm, node, next1, pi1);
221 vlib_set_next_frame_buffer (vm, node, next0, pi0);
222 vlib_set_next_frame_buffer (vm, node, next1, pi1);
226 vlib_put_next_frame (vm, node, next, n_left_to_next);
228 vlib_get_next_frame (vm, node, next, to_next,
235 while (n_left_from > 0 && n_left_to_next > 0)
240 ip_lookup_next_t next0;
242 ip6_address_t *dst_addr0;
243 u32 fib_index0, flow_hash_config0;
244 const dpo_id_t *dpo0;
249 p0 = vlib_get_buffer (vm, pi0);
251 ip0 = vlib_buffer_get_current (p0);
253 dst_addr0 = &ip0->dst_address;
256 vec_elt (im->fib_index_by_sw_if_index,
257 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
259 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
260 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
262 flow_hash_config0 = ip6_fib_get (fib_index0)->flow_hash_config;
264 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
266 lb0 = load_balance_get (lbi0);
268 vnet_buffer (p0)->ip.flow_hash = 0;
270 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
272 flow_hash_config0 = lb0->lb_hash_config;
273 vnet_buffer (p0)->ip.flow_hash =
274 ip6_compute_flow_hash (ip0, flow_hash_config0);
277 ASSERT (lb0->lb_n_buckets > 0);
278 ASSERT (is_pow2 (lb0->lb_n_buckets));
279 dpo0 = load_balance_get_bucket_i (lb0,
280 (vnet_buffer (p0)->ip.flow_hash &
281 lb0->lb_n_buckets_minus_1));
282 next0 = dpo0->dpoi_next_node;
284 /* Only process the HBH Option Header if explicitly configured to do so */
286 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
288 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
289 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
291 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
293 vlib_increment_combined_counter
294 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
301 if (PREDICT_FALSE (next0 != next))
304 vlib_put_next_frame (vm, node, next, n_left_to_next);
306 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
313 vlib_put_next_frame (vm, node, next, n_left_to_next);
316 if (node->flags & VLIB_NODE_FLAG_TRACE)
317 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
319 return frame->n_vectors;
323 ip6_add_interface_routes (vnet_main_t * vnm, u32 sw_if_index,
324 ip6_main_t * im, u32 fib_index,
325 ip_interface_address_t * a)
327 ip_lookup_main_t *lm = &im->lookup_main;
328 ip6_address_t *address = ip_interface_address_get_address (lm, a);
330 .fp_len = a->address_length,
331 .fp_proto = FIB_PROTOCOL_IP6,
332 .fp_addr.ip6 = *address,
335 a->neighbor_probe_adj_index = ~0;
336 if (a->address_length < 128)
338 fib_node_index_t fei;
340 fei = fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_ATTACHED), FIB_PROTOCOL_IP6, NULL, /* No next-hop address */
341 sw_if_index, ~0, // invalid FIB index
342 1, NULL, // no label stack
343 FIB_ROUTE_PATH_FLAG_NONE);
344 a->neighbor_probe_adj_index = fib_entry_get_adj (fei);
348 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
350 u32 classify_table_index =
351 lm->classify_table_index_by_sw_if_index[sw_if_index];
352 if (classify_table_index != (u32) ~ 0)
354 dpo_id_t dpo = DPO_INVALID;
359 classify_dpo_create (DPO_PROTO_IP6, classify_table_index));
361 fib_table_entry_special_dpo_add (fib_index,
364 FIB_ENTRY_FLAG_NONE, &dpo);
369 fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_LOCAL), FIB_PROTOCOL_IP6, &pfx.fp_addr, sw_if_index, ~0, // invalid FIB index
370 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
374 ip6_del_interface_routes (ip6_main_t * im,
376 ip6_address_t * address, u32 address_length)
379 .fp_len = address_length,
380 .fp_proto = FIB_PROTOCOL_IP6,
381 .fp_addr.ip6 = *address,
384 if (pfx.fp_len < 128)
386 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
391 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
395 ip6_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
397 ip6_main_t *im = &ip6_main;
399 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
402 * enable/disable only on the 1<->0 transition
406 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
411 /* The ref count is 0 when an address is removed from an interface that has
412 * no address - this is not a ciritical error */
413 if (0 == im->ip_enabled_by_sw_if_index[sw_if_index] ||
414 0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
418 vnet_feature_enable_disable ("ip6-unicast", "ip6-lookup", sw_if_index,
421 vnet_feature_enable_disable ("ip6-multicast", "ip6-mfib-forward-lookup",
422 sw_if_index, is_enable, 0, 0);
426 /* get first interface address */
428 ip6_interface_first_address (ip6_main_t * im, u32 sw_if_index)
430 ip_lookup_main_t *lm = &im->lookup_main;
431 ip_interface_address_t *ia = 0;
432 ip6_address_t *result = 0;
435 foreach_ip_interface_address (lm, ia, sw_if_index,
436 1 /* honor unnumbered */,
438 ip6_address_t * a = ip_interface_address_get_address (lm, ia);
447 ip6_add_del_interface_address (vlib_main_t * vm,
449 ip6_address_t * address,
450 u32 address_length, u32 is_del)
452 vnet_main_t *vnm = vnet_get_main ();
453 ip6_main_t *im = &ip6_main;
454 ip_lookup_main_t *lm = &im->lookup_main;
456 u32 if_address_index;
457 ip6_address_fib_t ip6_af, *addr_fib = 0;
459 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
460 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
462 ip6_addr_fib_init (&ip6_af, address,
463 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
464 vec_add1 (addr_fib, ip6_af);
467 uword elts_before = pool_elts (lm->if_address_pool);
469 error = ip_interface_address_add_del
470 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
474 /* Pool did not grow: add duplicate address. */
475 if (elts_before == pool_elts (lm->if_address_pool))
479 ip6_sw_interface_enable_disable (sw_if_index, !is_del);
482 ip6_del_interface_routes (im, ip6_af.fib_index, address, address_length);
484 ip6_add_interface_routes (vnm, sw_if_index,
485 im, ip6_af.fib_index,
486 pool_elt_at_index (lm->if_address_pool,
490 ip6_add_del_interface_address_callback_t *cb;
491 vec_foreach (cb, im->add_del_interface_address_callbacks)
492 cb->function (im, cb->function_opaque, sw_if_index,
493 address, address_length, if_address_index, is_del);
502 ip6_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
504 ip6_main_t *im = &ip6_main;
505 ip_interface_address_t *ia;
507 u32 is_admin_up, fib_index;
509 /* Fill in lookup tables with default table (0). */
510 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
512 vec_validate_init_empty (im->
513 lookup_main.if_address_pool_index_by_sw_if_index,
516 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
518 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
521 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
522 0 /* honor unnumbered */,
524 a = ip_interface_address_get_address (&im->lookup_main, ia);
526 ip6_add_interface_routes (vnm, sw_if_index,
530 ip6_del_interface_routes (im, fib_index,
531 a, ia->address_length);
538 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down);
540 /* Built-in ip6 unicast rx feature path definition */
542 VNET_FEATURE_ARC_INIT (ip6_unicast, static) =
544 .arc_name = "ip6-unicast",
545 .start_nodes = VNET_FEATURES ("ip6-input"),
546 .arc_index_ptr = &ip6_main.lookup_main.ucast_feature_arc_index,
549 VNET_FEATURE_INIT (ip6_flow_classify, static) =
551 .arc_name = "ip6-unicast",
552 .node_name = "ip6-flow-classify",
553 .runs_before = VNET_FEATURES ("ip6-inacl"),
556 VNET_FEATURE_INIT (ip6_inacl, static) =
558 .arc_name = "ip6-unicast",
559 .node_name = "ip6-inacl",
560 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
563 VNET_FEATURE_INIT (ip6_policer_classify, static) =
565 .arc_name = "ip6-unicast",
566 .node_name = "ip6-policer-classify",
567 .runs_before = VNET_FEATURES ("ipsec-input-ip6"),
570 VNET_FEATURE_INIT (ip6_ipsec, static) =
572 .arc_name = "ip6-unicast",
573 .node_name = "ipsec-input-ip6",
574 .runs_before = VNET_FEATURES ("l2tp-decap"),
577 VNET_FEATURE_INIT (ip6_l2tp, static) =
579 .arc_name = "ip6-unicast",
580 .node_name = "l2tp-decap",
581 .runs_before = VNET_FEATURES ("vpath-input-ip6"),
584 VNET_FEATURE_INIT (ip6_vpath, static) =
586 .arc_name = "ip6-unicast",
587 .node_name = "vpath-input-ip6",
588 .runs_before = VNET_FEATURES ("ip6-vxlan-bypass"),
591 VNET_FEATURE_INIT (ip6_vxlan_bypass, static) =
593 .arc_name = "ip6-unicast",
594 .node_name = "ip6-vxlan-bypass",
595 .runs_before = VNET_FEATURES ("ip6-lookup"),
598 VNET_FEATURE_INIT (ip6_lookup, static) =
600 .arc_name = "ip6-unicast",
601 .node_name = "ip6-lookup",
602 .runs_before = VNET_FEATURES ("ip6-drop"),
605 VNET_FEATURE_INIT (ip6_drop, static) =
607 .arc_name = "ip6-unicast",
608 .node_name = "ip6-drop",
609 .runs_before = 0, /*last feature*/
612 /* Built-in ip6 multicast rx feature path definition (none now) */
613 VNET_FEATURE_ARC_INIT (ip6_multicast, static) =
615 .arc_name = "ip6-multicast",
616 .start_nodes = VNET_FEATURES ("ip6-input"),
617 .arc_index_ptr = &ip6_main.lookup_main.mcast_feature_arc_index,
620 VNET_FEATURE_INIT (ip6_vpath_mc, static) = {
621 .arc_name = "ip6-multicast",
622 .node_name = "vpath-input-ip6",
623 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
626 VNET_FEATURE_INIT (ip6_mc_lookup, static) = {
627 .arc_name = "ip6-multicast",
628 .node_name = "ip6-mfib-forward-lookup",
629 .runs_before = VNET_FEATURES ("ip6-drop"),
632 VNET_FEATURE_INIT (ip6_drop_mc, static) = {
633 .arc_name = "ip6-multicast",
634 .node_name = "ip6-drop",
635 .runs_before = 0, /* last feature */
638 /* Built-in ip4 tx feature path definition */
639 VNET_FEATURE_ARC_INIT (ip6_output, static) =
641 .arc_name = "ip6-output",
642 .start_nodes = VNET_FEATURES ("ip6-rewrite", "ip6-midchain"),
643 .arc_index_ptr = &ip6_main.lookup_main.output_feature_arc_index,
646 VNET_FEATURE_INIT (ip6_ipsec_output, static) = {
647 .arc_name = "ip6-output",
648 .node_name = "ipsec-output-ip6",
649 .runs_before = VNET_FEATURES ("interface-output"),
652 VNET_FEATURE_INIT (ip6_interface_output, static) = {
653 .arc_name = "ip6-output",
654 .node_name = "interface-output",
655 .runs_before = 0, /* not before any other features */
660 ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
662 vnet_feature_enable_disable ("ip6-unicast", "ip6-drop", sw_if_index,
665 vnet_feature_enable_disable ("ip6-multicast", "ip6-drop", sw_if_index,
668 vnet_feature_enable_disable ("ip6-output", "interface-output", sw_if_index,
671 return /* no error */ 0;
674 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_sw_interface_add_del);
677 ip6_lookup (vlib_main_t * vm,
678 vlib_node_runtime_t * node, vlib_frame_t * frame)
680 return ip6_lookup_inline (vm, node, frame);
683 static u8 *format_ip6_lookup_trace (u8 * s, va_list * args);
686 VLIB_REGISTER_NODE (ip6_lookup_node) =
688 .function = ip6_lookup,
689 .name = "ip6-lookup",
690 .vector_size = sizeof (u32),
691 .format_trace = format_ip6_lookup_trace,
692 .n_next_nodes = IP6_LOOKUP_N_NEXT,
693 .next_nodes = IP6_LOOKUP_NEXT_NODES,
697 VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup);
700 ip6_load_balance (vlib_main_t * vm,
701 vlib_node_runtime_t * node, vlib_frame_t * frame)
703 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
704 u32 n_left_from, n_left_to_next, *from, *to_next;
705 ip_lookup_next_t next;
706 u32 cpu_index = os_get_cpu_number ();
707 ip6_main_t *im = &ip6_main;
709 from = vlib_frame_vector_args (frame);
710 n_left_from = frame->n_vectors;
711 next = node->cached_next_index;
713 if (node->flags & VLIB_NODE_FLAG_TRACE)
714 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
716 while (n_left_from > 0)
718 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
721 while (n_left_from >= 4 && n_left_to_next >= 2)
723 ip_lookup_next_t next0, next1;
724 const load_balance_t *lb0, *lb1;
725 vlib_buffer_t *p0, *p1;
726 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
727 const ip6_header_t *ip0, *ip1;
728 const dpo_id_t *dpo0, *dpo1;
730 /* Prefetch next iteration. */
732 vlib_buffer_t *p2, *p3;
734 p2 = vlib_get_buffer (vm, from[2]);
735 p3 = vlib_get_buffer (vm, from[3]);
737 vlib_prefetch_buffer_header (p2, STORE);
738 vlib_prefetch_buffer_header (p3, STORE);
740 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
741 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
744 pi0 = to_next[0] = from[0];
745 pi1 = to_next[1] = from[1];
752 p0 = vlib_get_buffer (vm, pi0);
753 p1 = vlib_get_buffer (vm, pi1);
755 ip0 = vlib_buffer_get_current (p0);
756 ip1 = vlib_buffer_get_current (p1);
757 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
758 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
760 lb0 = load_balance_get (lbi0);
761 lb1 = load_balance_get (lbi1);
764 * this node is for via FIBs we can re-use the hash value from the
765 * to node if present.
766 * We don't want to use the same hash value at each level in the recursion
767 * graph as that would lead to polarisation
769 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
770 hc1 = vnet_buffer (p1)->ip.flow_hash = 0;
772 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
774 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
776 hc0 = vnet_buffer (p0)->ip.flow_hash =
777 vnet_buffer (p0)->ip.flow_hash >> 1;
781 hc0 = vnet_buffer (p0)->ip.flow_hash =
782 ip6_compute_flow_hash (ip0, hc0);
785 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
787 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
789 hc1 = vnet_buffer (p1)->ip.flow_hash =
790 vnet_buffer (p1)->ip.flow_hash >> 1;
794 hc1 = vnet_buffer (p1)->ip.flow_hash =
795 ip6_compute_flow_hash (ip1, hc1);
800 load_balance_get_bucket_i (lb0,
801 hc0 & (lb0->lb_n_buckets_minus_1));
803 load_balance_get_bucket_i (lb1,
804 hc1 & (lb1->lb_n_buckets_minus_1));
806 next0 = dpo0->dpoi_next_node;
807 next1 = dpo1->dpoi_next_node;
809 /* Only process the HBH Option Header if explicitly configured to do so */
811 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
813 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
814 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
816 /* Only process the HBH Option Header if explicitly configured to do so */
818 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
820 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
821 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
824 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
825 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
827 vlib_increment_combined_counter
828 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
829 vlib_increment_combined_counter
830 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
832 vlib_validate_buffer_enqueue_x2 (vm, node, next,
833 to_next, n_left_to_next,
834 pi0, pi1, next0, next1);
837 while (n_left_from > 0 && n_left_to_next > 0)
839 ip_lookup_next_t next0;
840 const load_balance_t *lb0;
843 const ip6_header_t *ip0;
844 const dpo_id_t *dpo0;
853 p0 = vlib_get_buffer (vm, pi0);
855 ip0 = vlib_buffer_get_current (p0);
856 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
858 lb0 = load_balance_get (lbi0);
860 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
861 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
863 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
865 hc0 = vnet_buffer (p0)->ip.flow_hash =
866 vnet_buffer (p0)->ip.flow_hash >> 1;
870 hc0 = vnet_buffer (p0)->ip.flow_hash =
871 ip6_compute_flow_hash (ip0, hc0);
875 load_balance_get_bucket_i (lb0,
876 hc0 & (lb0->lb_n_buckets_minus_1));
878 next0 = dpo0->dpoi_next_node;
879 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
881 /* Only process the HBH Option Header if explicitly configured to do so */
883 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
885 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
886 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
889 vlib_increment_combined_counter
890 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
892 vlib_validate_buffer_enqueue_x1 (vm, node, next,
893 to_next, n_left_to_next,
897 vlib_put_next_frame (vm, node, next, n_left_to_next);
900 return frame->n_vectors;
904 VLIB_REGISTER_NODE (ip6_load_balance_node) =
906 .function = ip6_load_balance,
907 .name = "ip6-load-balance",
908 .vector_size = sizeof (u32),
909 .sibling_of = "ip6-lookup",
910 .format_trace = format_ip6_lookup_trace,
914 VLIB_NODE_FUNCTION_MULTIARCH (ip6_load_balance_node, ip6_load_balance);
918 /* Adjacency taken. */
923 /* Packet data, possibly *after* rewrite. */
924 u8 packet_data[128 - 1 * sizeof (u32)];
926 ip6_forward_next_trace_t;
929 format_ip6_forward_next_trace (u8 * s, va_list * args)
931 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
932 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
933 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
934 uword indent = format_get_indent (s);
936 s = format (s, "%U%U",
937 format_white_space, indent,
938 format_ip6_header, t->packet_data, sizeof (t->packet_data));
943 format_ip6_lookup_trace (u8 * s, va_list * args)
945 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
946 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
947 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
948 uword indent = format_get_indent (s);
950 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
951 t->fib_index, t->adj_index, t->flow_hash);
952 s = format (s, "\n%U%U",
953 format_white_space, indent,
954 format_ip6_header, t->packet_data, sizeof (t->packet_data));
960 format_ip6_rewrite_trace (u8 * s, va_list * args)
962 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
963 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
964 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
965 vnet_main_t *vnm = vnet_get_main ();
966 uword indent = format_get_indent (s);
968 s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x",
969 t->fib_index, t->adj_index, format_ip_adjacency,
970 t->adj_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
971 s = format (s, "\n%U%U",
972 format_white_space, indent,
973 format_ip_adjacency_packet_data,
974 vnm, t->adj_index, t->packet_data, sizeof (t->packet_data));
978 /* Common trace function for all ip6-forward next nodes. */
980 ip6_forward_next_trace (vlib_main_t * vm,
981 vlib_node_runtime_t * node,
982 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
985 ip6_main_t *im = &ip6_main;
987 n_left = frame->n_vectors;
988 from = vlib_frame_vector_args (frame);
993 vlib_buffer_t *b0, *b1;
994 ip6_forward_next_trace_t *t0, *t1;
996 /* Prefetch next iteration. */
997 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
998 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1003 b0 = vlib_get_buffer (vm, bi0);
1004 b1 = vlib_get_buffer (vm, bi1);
1006 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1008 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1009 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1010 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1012 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1013 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1014 vec_elt (im->fib_index_by_sw_if_index,
1015 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1017 clib_memcpy (t0->packet_data,
1018 vlib_buffer_get_current (b0),
1019 sizeof (t0->packet_data));
1021 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1023 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1024 t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1025 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1027 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1028 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1029 vec_elt (im->fib_index_by_sw_if_index,
1030 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1032 clib_memcpy (t1->packet_data,
1033 vlib_buffer_get_current (b1),
1034 sizeof (t1->packet_data));
1044 ip6_forward_next_trace_t *t0;
1048 b0 = vlib_get_buffer (vm, bi0);
1050 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1052 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1053 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1054 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1056 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1057 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1058 vec_elt (im->fib_index_by_sw_if_index,
1059 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1061 clib_memcpy (t0->packet_data,
1062 vlib_buffer_get_current (b0),
1063 sizeof (t0->packet_data));
1071 ip6_drop_or_punt (vlib_main_t * vm,
1072 vlib_node_runtime_t * node,
1073 vlib_frame_t * frame, ip6_error_t error_code)
1075 u32 *buffers = vlib_frame_vector_args (frame);
1076 uword n_packets = frame->n_vectors;
1078 vlib_error_drop_buffers (vm, node, buffers,
1082 ip6_input_node.index, error_code);
1084 if (node->flags & VLIB_NODE_FLAG_TRACE)
1085 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1091 ip6_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1093 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_DROP);
1097 ip6_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1099 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_PUNT);
1103 VLIB_REGISTER_NODE (ip6_drop_node, static) =
1105 .function = ip6_drop,
1107 .vector_size = sizeof (u32),
1108 .format_trace = format_ip6_forward_next_trace,
1112 [0] = "error-drop",},
1116 VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop);
1119 VLIB_REGISTER_NODE (ip6_punt_node, static) =
1121 .function = ip6_punt,
1123 .vector_size = sizeof (u32),
1124 .format_trace = format_ip6_forward_next_trace,
1128 [0] = "error-punt",},
1132 VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt);
1134 /* Compute TCP/UDP/ICMP6 checksum in software. */
1136 ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1137 ip6_header_t * ip0, int *bogus_lengthp)
1140 u16 sum16, payload_length_host_byte_order;
1141 u32 i, n_this_buffer, n_bytes_left;
1142 u32 headers_size = sizeof (ip0[0]);
1143 void *data_this_buffer;
1145 ASSERT (bogus_lengthp);
1148 /* Initialize checksum with ip header. */
1149 sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
1150 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1151 data_this_buffer = (void *) (ip0 + 1);
1153 for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
1155 sum0 = ip_csum_with_carry (sum0,
1156 clib_mem_unaligned (&ip0->
1157 src_address.as_uword[i],
1160 ip_csum_with_carry (sum0,
1161 clib_mem_unaligned (&ip0->dst_address.as_uword[i],
1165 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1166 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1169 ip6_hop_by_hop_ext_t *ext_hdr =
1170 (ip6_hop_by_hop_ext_t *) data_this_buffer;
1172 /* validate really icmp6 next */
1173 ASSERT (ext_hdr->next_hdr == IP_PROTOCOL_ICMP6);
1175 skip_bytes = 8 * (1 + ext_hdr->n_data_u64s);
1176 data_this_buffer = (void *) ((u8 *) data_this_buffer + skip_bytes);
1178 payload_length_host_byte_order -= skip_bytes;
1179 headers_size += skip_bytes;
1182 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1183 if (p0 && n_this_buffer + headers_size > p0->current_length)
1185 p0->current_length >
1186 headers_size ? p0->current_length - headers_size : 0;
1189 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1190 n_bytes_left -= n_this_buffer;
1191 if (n_bytes_left == 0)
1194 if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
1199 p0 = vlib_get_buffer (vm, p0->next_buffer);
1200 data_this_buffer = vlib_buffer_get_current (p0);
1201 n_this_buffer = p0->current_length;
1204 sum16 = ~ip_csum_fold (sum0);
1210 ip6_tcp_udp_icmp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1212 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1217 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1218 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1219 || ip0->protocol == IP_PROTOCOL_ICMP6
1220 || ip0->protocol == IP_PROTOCOL_UDP
1221 || ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS);
1223 udp0 = (void *) (ip0 + 1);
1224 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1226 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1227 | IP_BUFFER_L4_CHECKSUM_CORRECT);
1231 sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0, &bogus_length);
1233 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1234 | ((sum16 == 0) << LOG2_IP_BUFFER_L4_CHECKSUM_CORRECT));
1239 /* ip6_locate_header
1241 * This function is to search for the header specified by the find_hdr number.
1242 * 1. If the find_hdr < 0 then it finds and returns the protocol number and
1243 * offset stored in *offset of the transport or ESP header in the chain if
1245 * 2. If a header with find_hdr > 0 protocol number is found then the
1246 * offset is stored in *offset and protocol number of the header is
1248 * 3. If find_hdr header is not found or packet is malformed or
1249 * it is a non-first fragment -1 is returned.
1252 ip6_locate_header (vlib_buffer_t * p0,
1253 ip6_header_t * ip0, int find_hdr, u32 * offset)
1255 u8 next_proto = ip0->protocol;
1259 u8 *temp_nxthdr = 0;
1262 next_header = ip6_next_header (ip0);
1263 cur_offset = sizeof (ip6_header_t);
1266 done = (next_proto == find_hdr);
1269 (u8 *) vlib_buffer_get_current (p0) + p0->current_length))
1271 //A malicious packet could set an extension header with a too big size
1276 if ((!ip6_ext_hdr (next_proto)) || next_proto == IP_PROTOCOL_IP6_NONXT)
1282 if (next_proto == IP_PROTOCOL_IPV6_FRAGMENTATION)
1284 ip6_frag_hdr_t *frag_hdr = (ip6_frag_hdr_t *) next_header;
1285 u16 frag_off = ip6_frag_hdr_offset (frag_hdr);
1286 /* Non first fragment return -1 */
1289 exthdr_len = sizeof (ip6_frag_hdr_t);
1290 temp_nxthdr = next_header + exthdr_len;
1292 else if (next_proto == IP_PROTOCOL_IPSEC_AH)
1295 ip6_ext_authhdr_len (((ip6_ext_header_t *) next_header));
1296 temp_nxthdr = next_header + exthdr_len;
1301 ip6_ext_header_len (((ip6_ext_header_t *) next_header));
1302 temp_nxthdr = next_header + exthdr_len;
1304 next_proto = ((ip6_ext_header_t *) next_header)->next_hdr;
1305 next_header = temp_nxthdr;
1306 cur_offset += exthdr_len;
1309 *offset = cur_offset;
1310 return (next_proto);
1314 * @brief returns number of links on which src is reachable.
1317 ip6_urpf_loose_check (ip6_main_t * im, vlib_buffer_t * b, ip6_header_t * i)
1319 const load_balance_t *lb0;
1322 lbi = ip6_fib_table_fwding_lookup_with_if_index (im,
1324 (b)->sw_if_index[VLIB_RX],
1327 lb0 = load_balance_get (lbi);
1329 return (fib_urpf_check_size (lb0->lb_urpf));
1333 ip6_local (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1335 ip6_main_t *im = &ip6_main;
1336 ip_lookup_main_t *lm = &im->lookup_main;
1337 ip_local_next_t next_index;
1338 u32 *from, *to_next, n_left_from, n_left_to_next;
1339 vlib_node_runtime_t *error_node =
1340 vlib_node_get_runtime (vm, ip6_input_node.index);
1342 from = vlib_frame_vector_args (frame);
1343 n_left_from = frame->n_vectors;
1344 next_index = node->cached_next_index;
1346 if (node->flags & VLIB_NODE_FLAG_TRACE)
1347 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1349 while (n_left_from > 0)
1351 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1353 while (n_left_from >= 4 && n_left_to_next >= 2)
1355 vlib_buffer_t *p0, *p1;
1356 ip6_header_t *ip0, *ip1;
1357 udp_header_t *udp0, *udp1;
1358 u32 pi0, ip_len0, udp_len0, flags0, next0;
1359 u32 pi1, ip_len1, udp_len1, flags1, next1;
1360 i32 len_diff0, len_diff1;
1361 u8 error0, type0, good_l4_checksum0;
1362 u8 error1, type1, good_l4_checksum1;
1363 u32 udp_offset0, udp_offset1;
1365 pi0 = to_next[0] = from[0];
1366 pi1 = to_next[1] = from[1];
1370 n_left_to_next -= 2;
1372 p0 = vlib_get_buffer (vm, pi0);
1373 p1 = vlib_get_buffer (vm, pi1);
1375 ip0 = vlib_buffer_get_current (p0);
1376 ip1 = vlib_buffer_get_current (p1);
1378 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1379 vnet_buffer (p1)->ip.start_of_ip_header = p1->current_data;
1381 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1382 type1 = lm->builtin_protocol_by_ip_protocol[ip1->protocol];
1384 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1385 next1 = lm->local_next_by_ip_protocol[ip1->protocol];
1390 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1391 good_l4_checksum1 = (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1395 /* Skip HBH local processing */
1397 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1399 ip6_hop_by_hop_ext_t *ext_hdr =
1400 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1401 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1402 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1405 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1407 ip6_hop_by_hop_ext_t *ext_hdr =
1408 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip1);
1409 next1 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1410 type1 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1412 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1416 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1417 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1418 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1419 && udp0->checksum == 0;
1420 /* Verify UDP length. */
1421 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1422 udp_len0 = clib_net_to_host_u16 (udp0->length);
1423 len_diff0 = ip_len0 - udp_len0;
1425 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p1, ip1,
1429 udp1 = (udp_header_t *) ((u8 *) ip1 + udp_offset1);
1430 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1431 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UDP
1432 && udp1->checksum == 0;
1433 /* Verify UDP length. */
1434 ip_len1 = clib_net_to_host_u16 (ip1->payload_length);
1435 udp_len1 = clib_net_to_host_u16 (udp1->length);
1436 len_diff1 = ip_len1 - udp_len1;
1439 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1440 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1442 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1443 len_diff1 = type1 == IP_BUILTIN_PROTOCOL_UDP ? len_diff1 : 0;
1445 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1446 && !good_l4_checksum0
1447 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1449 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1451 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1453 if (PREDICT_FALSE (type1 != IP_BUILTIN_PROTOCOL_UNKNOWN
1454 && !good_l4_checksum1
1455 && !(flags1 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1457 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, p1);
1459 (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1462 error0 = error1 = IP6_ERROR_UNKNOWN_PROTOCOL;
1464 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1465 error1 = len_diff1 < 0 ? IP6_ERROR_UDP_LENGTH : error1;
1467 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1468 IP6_ERROR_UDP_CHECKSUM);
1469 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1470 IP6_ERROR_ICMP_CHECKSUM);
1472 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1474 (!good_l4_checksum1 ? IP6_ERROR_UDP_CHECKSUM + type1 : error1);
1476 /* Drop packets from unroutable hosts. */
1477 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1478 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1479 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1480 !ip6_address_is_link_local_unicast (&ip0->src_address))
1482 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1483 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1485 if (error1 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1486 type1 != IP_BUILTIN_PROTOCOL_ICMP &&
1487 !ip6_address_is_link_local_unicast (&ip1->src_address))
1489 error1 = (!ip6_urpf_loose_check (im, p1, ip1)
1490 ? IP6_ERROR_SRC_LOOKUP_MISS : error1);
1494 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1496 error1 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1;
1498 p0->error = error_node->errors[error0];
1499 p1->error = error_node->errors[error1];
1501 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
1502 to_next, n_left_to_next,
1503 pi0, pi1, next0, next1);
1506 while (n_left_from > 0 && n_left_to_next > 0)
1511 u32 pi0, ip_len0, udp_len0, flags0, next0;
1513 u8 error0, type0, good_l4_checksum0;
1516 pi0 = to_next[0] = from[0];
1520 n_left_to_next -= 1;
1522 p0 = vlib_get_buffer (vm, pi0);
1524 ip0 = vlib_buffer_get_current (p0);
1526 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1528 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1529 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1533 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1536 /* Skip HBH local processing */
1538 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1540 ip6_hop_by_hop_ext_t *ext_hdr =
1541 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1542 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1543 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1545 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1549 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1550 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1551 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1552 && udp0->checksum == 0;
1553 /* Verify UDP length. */
1554 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1555 udp_len0 = clib_net_to_host_u16 (udp0->length);
1556 len_diff0 = ip_len0 - udp_len0;
1559 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1560 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1562 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1563 && !good_l4_checksum0
1564 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1566 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1568 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1571 error0 = IP6_ERROR_UNKNOWN_PROTOCOL;
1573 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1575 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1576 IP6_ERROR_UDP_CHECKSUM);
1577 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1578 IP6_ERROR_ICMP_CHECKSUM);
1580 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1582 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1583 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1584 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1585 !ip6_address_is_link_local_unicast (&ip0->src_address))
1587 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1588 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1592 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1594 p0->error = error_node->errors[error0];
1596 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1597 to_next, n_left_to_next,
1601 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1604 return frame->n_vectors;
1608 VLIB_REGISTER_NODE (ip6_local_node, static) =
1610 .function = ip6_local,
1611 .name = "ip6-local",
1612 .vector_size = sizeof (u32),
1613 .format_trace = format_ip6_forward_next_trace,
1614 .n_next_nodes = IP_LOCAL_N_NEXT,
1617 [IP_LOCAL_NEXT_DROP] = "error-drop",
1618 [IP_LOCAL_NEXT_PUNT] = "error-punt",
1619 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip6-udp-lookup",
1620 [IP_LOCAL_NEXT_ICMP] = "ip6-icmp-input",
1625 VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local);
1628 ip6_register_protocol (u32 protocol, u32 node_index)
1630 vlib_main_t *vm = vlib_get_main ();
1631 ip6_main_t *im = &ip6_main;
1632 ip_lookup_main_t *lm = &im->lookup_main;
1634 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1635 lm->local_next_by_ip_protocol[protocol] =
1636 vlib_node_add_next (vm, ip6_local_node.index, node_index);
1641 IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1642 IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX,
1643 IP6_DISCOVER_NEIGHBOR_N_NEXT,
1644 } ip6_discover_neighbor_next_t;
1648 IP6_DISCOVER_NEIGHBOR_ERROR_DROP,
1649 IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT,
1650 IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS,
1651 } ip6_discover_neighbor_error_t;
1654 ip6_discover_neighbor_inline (vlib_main_t * vm,
1655 vlib_node_runtime_t * node,
1656 vlib_frame_t * frame, int is_glean)
1658 vnet_main_t *vnm = vnet_get_main ();
1659 ip6_main_t *im = &ip6_main;
1660 ip_lookup_main_t *lm = &im->lookup_main;
1661 u32 *from, *to_next_drop;
1662 uword n_left_from, n_left_to_next_drop;
1663 static f64 time_last_seed_change = -1e100;
1664 static u32 hash_seeds[3];
1665 static uword hash_bitmap[256 / BITS (uword)];
1669 if (node->flags & VLIB_NODE_FLAG_TRACE)
1670 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1672 time_now = vlib_time_now (vm);
1673 if (time_now - time_last_seed_change > 1e-3)
1676 u32 *r = clib_random_buffer_get_data (&vm->random_buffer,
1677 sizeof (hash_seeds));
1678 for (i = 0; i < ARRAY_LEN (hash_seeds); i++)
1679 hash_seeds[i] = r[i];
1681 /* Mark all hash keys as been not-seen before. */
1682 for (i = 0; i < ARRAY_LEN (hash_bitmap); i++)
1685 time_last_seed_change = time_now;
1688 from = vlib_frame_vector_args (frame);
1689 n_left_from = frame->n_vectors;
1691 while (n_left_from > 0)
1693 vlib_get_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1694 to_next_drop, n_left_to_next_drop);
1696 while (n_left_from > 0 && n_left_to_next_drop > 0)
1700 u32 pi0, adj_index0, a0, b0, c0, m0, sw_if_index0, drop0;
1702 ip_adjacency_t *adj0;
1703 vnet_hw_interface_t *hw_if0;
1708 p0 = vlib_get_buffer (vm, pi0);
1710 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1712 ip0 = vlib_buffer_get_current (p0);
1714 adj0 = ip_get_adjacency (lm, adj_index0);
1718 ip0->dst_address.as_u64[0] =
1719 adj0->sub_type.nbr.next_hop.ip6.as_u64[0];
1720 ip0->dst_address.as_u64[1] =
1721 adj0->sub_type.nbr.next_hop.ip6.as_u64[1];
1728 sw_if_index0 = adj0->rewrite_header.sw_if_index;
1729 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1732 b0 ^= ip0->dst_address.as_u32[0];
1733 c0 ^= ip0->dst_address.as_u32[1];
1735 hash_v3_mix32 (a0, b0, c0);
1737 b0 ^= ip0->dst_address.as_u32[2];
1738 c0 ^= ip0->dst_address.as_u32[3];
1740 hash_v3_finalize32 (a0, b0, c0);
1742 c0 &= BITS (hash_bitmap) - 1;
1743 c0 = c0 / BITS (uword);
1744 m0 = (uword) 1 << (c0 % BITS (uword));
1746 bm0 = hash_bitmap[c0];
1747 drop0 = (bm0 & m0) != 0;
1749 /* Mark it as seen. */
1750 hash_bitmap[c0] = bm0 | m0;
1754 to_next_drop[0] = pi0;
1756 n_left_to_next_drop -= 1;
1758 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1760 /* If the interface is link-down, drop the pkt */
1761 if (!(hw_if0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP))
1765 node->errors[drop0 ? IP6_DISCOVER_NEIGHBOR_ERROR_DROP
1766 : IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT];
1771 * the adj has been updated to a rewrite but the node the DPO that got
1772 * us here hasn't - yet. no big deal. we'll drop while we wait.
1774 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
1779 icmp6_neighbor_solicitation_header_t *h0;
1782 h0 = vlib_packet_template_get_packet
1783 (vm, &im->discover_neighbor_packet_template, &bi0);
1786 * Build ethernet header.
1787 * Choose source address based on destination lookup
1790 if (ip6_src_address_for_packet (lm,
1792 &h0->ip.src_address))
1794 /* There is no address on the interface */
1796 node->errors[IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS];
1797 vlib_buffer_free (vm, &bi0, 1);
1802 * Destination address is a solicited node multicast address.
1803 * We need to fill in
1804 * the low 24 bits with low 24 bits of target's address.
1806 h0->ip.dst_address.as_u8[13] = ip0->dst_address.as_u8[13];
1807 h0->ip.dst_address.as_u8[14] = ip0->dst_address.as_u8[14];
1808 h0->ip.dst_address.as_u8[15] = ip0->dst_address.as_u8[15];
1810 h0->neighbor.target_address = ip0->dst_address;
1812 clib_memcpy (h0->link_layer_option.ethernet_address,
1813 hw_if0->hw_address, vec_len (hw_if0->hw_address));
1815 /* $$$$ appears we need this; why is the checksum non-zero? */
1816 h0->neighbor.icmp.checksum = 0;
1817 h0->neighbor.icmp.checksum =
1818 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h0->ip,
1821 ASSERT (bogus_length == 0);
1823 vlib_buffer_copy_trace_flag (vm, p0, bi0);
1824 b0 = vlib_get_buffer (vm, bi0);
1825 vnet_buffer (b0)->sw_if_index[VLIB_TX]
1826 = vnet_buffer (p0)->sw_if_index[VLIB_TX];
1828 /* Add rewrite/encap string. */
1829 vnet_rewrite_one_header (adj0[0], h0, sizeof (ethernet_header_t));
1830 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
1832 next0 = IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX;
1834 vlib_set_next_frame_buffer (vm, node, next0, bi0);
1838 vlib_put_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1839 n_left_to_next_drop);
1842 return frame->n_vectors;
1846 ip6_discover_neighbor (vlib_main_t * vm,
1847 vlib_node_runtime_t * node, vlib_frame_t * frame)
1849 return (ip6_discover_neighbor_inline (vm, node, frame, 0));
1853 ip6_glean (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1855 return (ip6_discover_neighbor_inline (vm, node, frame, 1));
1858 static char *ip6_discover_neighbor_error_strings[] = {
1859 [IP6_DISCOVER_NEIGHBOR_ERROR_DROP] = "address overflow drops",
1860 [IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT] = "neighbor solicitations sent",
1861 [IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]
1862 = "no source address for ND solicitation",
1866 VLIB_REGISTER_NODE (ip6_discover_neighbor_node) =
1868 .function = ip6_discover_neighbor,
1869 .name = "ip6-discover-neighbor",
1870 .vector_size = sizeof (u32),
1871 .format_trace = format_ip6_forward_next_trace,
1872 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1873 .error_strings = ip6_discover_neighbor_error_strings,
1874 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1877 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1878 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1884 VLIB_REGISTER_NODE (ip6_glean_node) =
1886 .function = ip6_glean,
1887 .name = "ip6-glean",
1888 .vector_size = sizeof (u32),
1889 .format_trace = format_ip6_forward_next_trace,
1890 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1891 .error_strings = ip6_discover_neighbor_error_strings,
1892 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1895 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1896 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1902 ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index)
1904 vnet_main_t *vnm = vnet_get_main ();
1905 ip6_main_t *im = &ip6_main;
1906 icmp6_neighbor_solicitation_header_t *h;
1908 ip_interface_address_t *ia;
1909 ip_adjacency_t *adj;
1910 vnet_hw_interface_t *hi;
1911 vnet_sw_interface_t *si;
1916 si = vnet_get_sw_interface (vnm, sw_if_index);
1918 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1920 return clib_error_return (0, "%U: interface %U down",
1921 format_ip6_address, dst,
1922 format_vnet_sw_if_index_name, vnm,
1927 ip6_interface_address_matching_destination (im, dst, sw_if_index, &ia);
1930 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
1931 return clib_error_return
1932 (0, "no matching interface address for destination %U (interface %U)",
1933 format_ip6_address, dst,
1934 format_vnet_sw_if_index_name, vnm, sw_if_index);
1938 vlib_packet_template_get_packet (vm,
1939 &im->discover_neighbor_packet_template,
1942 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1944 /* Destination address is a solicited node multicast address. We need to fill in
1945 the low 24 bits with low 24 bits of target's address. */
1946 h->ip.dst_address.as_u8[13] = dst->as_u8[13];
1947 h->ip.dst_address.as_u8[14] = dst->as_u8[14];
1948 h->ip.dst_address.as_u8[15] = dst->as_u8[15];
1950 h->ip.src_address = src[0];
1951 h->neighbor.target_address = dst[0];
1953 clib_memcpy (h->link_layer_option.ethernet_address, hi->hw_address,
1954 vec_len (hi->hw_address));
1956 h->neighbor.icmp.checksum =
1957 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h->ip, &bogus_length);
1958 ASSERT (bogus_length == 0);
1960 b = vlib_get_buffer (vm, bi);
1961 vnet_buffer (b)->sw_if_index[VLIB_RX] =
1962 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
1964 /* Add encapsulation string for software interface (e.g. ethernet header). */
1965 adj = ip_get_adjacency (&im->lookup_main, ia->neighbor_probe_adj_index);
1966 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
1967 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
1970 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
1971 u32 *to_next = vlib_frame_vector_args (f);
1974 vlib_put_frame_to_node (vm, hi->output_node_index, f);
1977 return /* no error */ 0;
1982 IP6_REWRITE_NEXT_DROP,
1983 IP6_REWRITE_NEXT_ICMP_ERROR,
1984 } ip6_rewrite_next_t;
1987 ip6_rewrite_inline (vlib_main_t * vm,
1988 vlib_node_runtime_t * node,
1989 vlib_frame_t * frame, int is_midchain, int is_mcast)
1991 ip_lookup_main_t *lm = &ip6_main.lookup_main;
1992 u32 *from = vlib_frame_vector_args (frame);
1993 u32 n_left_from, n_left_to_next, *to_next, next_index;
1994 vlib_node_runtime_t *error_node =
1995 vlib_node_get_runtime (vm, ip6_input_node.index);
1997 n_left_from = frame->n_vectors;
1998 next_index = node->cached_next_index;
1999 u32 cpu_index = os_get_cpu_number ();
2001 while (n_left_from > 0)
2003 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2005 while (n_left_from >= 4 && n_left_to_next >= 2)
2007 ip_adjacency_t *adj0, *adj1;
2008 vlib_buffer_t *p0, *p1;
2009 ip6_header_t *ip0, *ip1;
2010 u32 pi0, rw_len0, next0, error0, adj_index0;
2011 u32 pi1, rw_len1, next1, error1, adj_index1;
2012 u32 tx_sw_if_index0, tx_sw_if_index1;
2014 /* Prefetch next iteration. */
2016 vlib_buffer_t *p2, *p3;
2018 p2 = vlib_get_buffer (vm, from[2]);
2019 p3 = vlib_get_buffer (vm, from[3]);
2021 vlib_prefetch_buffer_header (p2, LOAD);
2022 vlib_prefetch_buffer_header (p3, LOAD);
2024 CLIB_PREFETCH (p2->pre_data, 32, STORE);
2025 CLIB_PREFETCH (p3->pre_data, 32, STORE);
2027 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
2028 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
2031 pi0 = to_next[0] = from[0];
2032 pi1 = to_next[1] = from[1];
2037 n_left_to_next -= 2;
2039 p0 = vlib_get_buffer (vm, pi0);
2040 p1 = vlib_get_buffer (vm, pi1);
2042 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2043 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
2045 /* We should never rewrite a pkt using the MISS adjacency */
2046 ASSERT (adj_index0 && adj_index1);
2048 ip0 = vlib_buffer_get_current (p0);
2049 ip1 = vlib_buffer_get_current (p1);
2051 error0 = error1 = IP6_ERROR_NONE;
2052 next0 = next1 = IP6_REWRITE_NEXT_DROP;
2054 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2056 i32 hop_limit0 = ip0->hop_limit;
2058 /* Input node should have reject packets with hop limit 0. */
2059 ASSERT (ip0->hop_limit > 0);
2063 ip0->hop_limit = hop_limit0;
2066 * If the hop count drops below 1 when forwarding, generate
2069 if (PREDICT_FALSE (hop_limit0 <= 0))
2071 error0 = IP6_ERROR_TIME_EXPIRED;
2072 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2073 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2074 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2075 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2081 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2083 if (PREDICT_TRUE (!(p1->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2085 i32 hop_limit1 = ip1->hop_limit;
2087 /* Input node should have reject packets with hop limit 0. */
2088 ASSERT (ip1->hop_limit > 0);
2092 ip1->hop_limit = hop_limit1;
2095 * If the hop count drops below 1 when forwarding, generate
2098 if (PREDICT_FALSE (hop_limit1 <= 0))
2100 error1 = IP6_ERROR_TIME_EXPIRED;
2101 next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
2102 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2103 icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
2104 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2110 p1->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2112 adj0 = ip_get_adjacency (lm, adj_index0);
2113 adj1 = ip_get_adjacency (lm, adj_index1);
2115 rw_len0 = adj0[0].rewrite_header.data_bytes;
2116 rw_len1 = adj1[0].rewrite_header.data_bytes;
2117 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2118 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
2120 vlib_increment_combined_counter
2121 (&adjacency_counters,
2123 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2124 vlib_increment_combined_counter
2125 (&adjacency_counters,
2126 cpu_index, adj_index1,
2127 1, vlib_buffer_length_in_chain (vm, p1) + rw_len1);
2129 /* Check MTU of outgoing interface. */
2131 (vlib_buffer_length_in_chain (vm, p0) >
2133 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2136 (vlib_buffer_length_in_chain (vm, p1) >
2138 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2141 /* Don't adjust the buffer for hop count issue; icmp-error node
2142 * wants to see the IP headerr */
2143 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2145 p0->current_data -= rw_len0;
2146 p0->current_length += rw_len0;
2148 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2149 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2150 next0 = adj0[0].rewrite_header.next_index;
2152 vnet_feature_arc_start (lm->output_feature_arc_index,
2153 tx_sw_if_index0, &next0, p0);
2155 if (PREDICT_TRUE (error1 == IP6_ERROR_NONE))
2157 p1->current_data -= rw_len1;
2158 p1->current_length += rw_len1;
2160 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2161 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2162 next1 = adj1[0].rewrite_header.next_index;
2164 vnet_feature_arc_start (lm->output_feature_arc_index,
2165 tx_sw_if_index1, &next1, p1);
2168 /* Guess we are only writing on simple Ethernet header. */
2169 vnet_rewrite_two_headers (adj0[0], adj1[0],
2170 ip0, ip1, sizeof (ethernet_header_t));
2174 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2175 adj1->sub_type.midchain.fixup_func (vm, adj1, p1);
2180 * copy bytes from the IP address into the MAC rewrite
2182 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2183 vnet_fixup_one_header (adj1[0], &ip1->dst_address, ip1, 0);
2186 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
2187 to_next, n_left_to_next,
2188 pi0, pi1, next0, next1);
2191 while (n_left_from > 0 && n_left_to_next > 0)
2193 ip_adjacency_t *adj0;
2197 u32 adj_index0, next0, error0;
2198 u32 tx_sw_if_index0;
2200 pi0 = to_next[0] = from[0];
2202 p0 = vlib_get_buffer (vm, pi0);
2204 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2206 /* We should never rewrite a pkt using the MISS adjacency */
2207 ASSERT (adj_index0);
2209 adj0 = ip_get_adjacency (lm, adj_index0);
2211 ip0 = vlib_buffer_get_current (p0);
2213 error0 = IP6_ERROR_NONE;
2214 next0 = IP6_REWRITE_NEXT_DROP;
2216 /* Check hop limit */
2217 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2219 i32 hop_limit0 = ip0->hop_limit;
2221 ASSERT (ip0->hop_limit > 0);
2225 ip0->hop_limit = hop_limit0;
2227 if (PREDICT_FALSE (hop_limit0 <= 0))
2230 * If the hop count drops below 1 when forwarding, generate
2233 error0 = IP6_ERROR_TIME_EXPIRED;
2234 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2235 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2236 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2237 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2243 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2246 /* Guess we are only writing on simple Ethernet header. */
2247 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2249 /* Update packet buffer attributes/set output interface. */
2250 rw_len0 = adj0[0].rewrite_header.data_bytes;
2251 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2253 vlib_increment_combined_counter
2254 (&adjacency_counters,
2256 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2258 /* Check MTU of outgoing interface. */
2260 (vlib_buffer_length_in_chain (vm, p0) >
2262 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2265 /* Don't adjust the buffer for hop count issue; icmp-error node
2266 * wants to see the IP headerr */
2267 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2269 p0->current_data -= rw_len0;
2270 p0->current_length += rw_len0;
2272 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2274 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2275 next0 = adj0[0].rewrite_header.next_index;
2277 vnet_feature_arc_start (lm->output_feature_arc_index,
2278 tx_sw_if_index0, &next0, p0);
2283 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2287 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2290 p0->error = error_node->errors[error0];
2295 n_left_to_next -= 1;
2297 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2298 to_next, n_left_to_next,
2302 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2305 /* Need to do trace after rewrites to pick up new packet data. */
2306 if (node->flags & VLIB_NODE_FLAG_TRACE)
2307 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
2309 return frame->n_vectors;
2313 ip6_rewrite (vlib_main_t * vm,
2314 vlib_node_runtime_t * node, vlib_frame_t * frame)
2316 return ip6_rewrite_inline (vm, node, frame, 0, 0);
2320 ip6_rewrite_mcast (vlib_main_t * vm,
2321 vlib_node_runtime_t * node, vlib_frame_t * frame)
2323 return ip6_rewrite_inline (vm, node, frame, 0, 1);
2327 ip6_midchain (vlib_main_t * vm,
2328 vlib_node_runtime_t * node, vlib_frame_t * frame)
2330 return ip6_rewrite_inline (vm, node, frame, 1, 0);
2334 VLIB_REGISTER_NODE (ip6_midchain_node) =
2336 .function = ip6_midchain,
2337 .name = "ip6-midchain",
2338 .vector_size = sizeof (u32),
2339 .format_trace = format_ip6_forward_next_trace,
2340 .sibling_of = "ip6-rewrite",
2344 VLIB_NODE_FUNCTION_MULTIARCH (ip6_midchain_node, ip6_midchain);
2347 VLIB_REGISTER_NODE (ip6_rewrite_node) =
2349 .function = ip6_rewrite,
2350 .name = "ip6-rewrite",
2351 .vector_size = sizeof (u32),
2352 .format_trace = format_ip6_rewrite_trace,
2356 [IP6_REWRITE_NEXT_DROP] = "error-drop",
2357 [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
2362 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite);
2365 VLIB_REGISTER_NODE (ip6_rewrite_mcast_node) =
2367 .function = ip6_rewrite_mcast,
2368 .name = "ip6-rewrite-mcast",
2369 .vector_size = sizeof (u32),
2370 .format_trace = format_ip6_rewrite_trace,
2371 .sibling_of = "ip6-rewrite",
2375 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_mcast_node, ip6_rewrite_mcast);
2378 * Hop-by-Hop handling
2380 ip6_hop_by_hop_main_t ip6_hop_by_hop_main;
2382 #define foreach_ip6_hop_by_hop_error \
2383 _(PROCESSED, "pkts with ip6 hop-by-hop options") \
2384 _(FORMAT, "incorrectly formatted hop-by-hop options") \
2385 _(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options")
2390 #define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym,
2391 foreach_ip6_hop_by_hop_error
2393 IP6_HOP_BY_HOP_N_ERROR,
2394 } ip6_hop_by_hop_error_t;
2398 * Primary h-b-h handler trace support
2399 * We work pretty hard on the problem for obvious reasons
2405 u8 option_data[256];
2406 } ip6_hop_by_hop_trace_t;
2408 vlib_node_registration_t ip6_hop_by_hop_node;
2410 static char *ip6_hop_by_hop_error_strings[] = {
2411 #define _(sym,string) string,
2412 foreach_ip6_hop_by_hop_error
2417 format_ip6_hop_by_hop_trace (u8 * s, va_list * args)
2419 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
2420 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
2421 ip6_hop_by_hop_trace_t *t = va_arg (*args, ip6_hop_by_hop_trace_t *);
2422 ip6_hop_by_hop_header_t *hbh0;
2423 ip6_hop_by_hop_option_t *opt0, *limit0;
2424 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2428 hbh0 = (ip6_hop_by_hop_header_t *) t->option_data;
2430 s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d",
2431 t->next_index, (hbh0->length + 1) << 3, t->trace_len);
2433 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2434 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0) + t->trace_len;
2436 while (opt0 < limit0)
2441 case 0: /* Pad, just stop */
2442 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2446 if (hm->trace[type0])
2448 s = (*hm->trace[type0]) (s, opt0);
2453 format (s, "\n unrecognized option %d length %d", type0,
2457 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2458 sizeof (ip6_hop_by_hop_option_t));
2466 ip6_scan_hbh_options (vlib_buffer_t * b0,
2468 ip6_hop_by_hop_header_t * hbh0,
2469 ip6_hop_by_hop_option_t * opt0,
2470 ip6_hop_by_hop_option_t * limit0, u32 * next0)
2472 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2476 while (opt0 < limit0)
2482 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2487 if (hm->options[type0])
2489 if ((*hm->options[type0]) (b0, ip0, opt0) < 0)
2491 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2497 /* Unrecognized mandatory option, check the two high order bits */
2498 switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
2500 case HBH_OPTION_TYPE_SKIP_UNKNOWN:
2502 case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
2503 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2504 *next0 = IP_LOOKUP_NEXT_DROP;
2506 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
2507 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2508 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2509 icmp6_error_set_vnet_buffer (b0, ICMP6_parameter_problem,
2510 ICMP6_parameter_problem_unrecognized_option,
2511 (u8 *) opt0 - (u8 *) ip0);
2513 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
2514 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2515 if (!ip6_address_is_multicast (&ip0->dst_address))
2517 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2518 icmp6_error_set_vnet_buffer (b0,
2519 ICMP6_parameter_problem,
2520 ICMP6_parameter_problem_unrecognized_option,
2521 (u8 *) opt0 - (u8 *) ip0);
2525 *next0 = IP_LOOKUP_NEXT_DROP;
2533 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2534 sizeof (ip6_hop_by_hop_option_t));
2540 * Process the Hop-by-Hop Options header
2543 ip6_hop_by_hop (vlib_main_t * vm,
2544 vlib_node_runtime_t * node, vlib_frame_t * frame)
2546 vlib_node_runtime_t *error_node =
2547 vlib_node_get_runtime (vm, ip6_hop_by_hop_node.index);
2548 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2549 u32 n_left_from, *from, *to_next;
2550 ip_lookup_next_t next_index;
2551 ip6_main_t *im = &ip6_main;
2552 ip_lookup_main_t *lm = &im->lookup_main;
2554 from = vlib_frame_vector_args (frame);
2555 n_left_from = frame->n_vectors;
2556 next_index = node->cached_next_index;
2558 while (n_left_from > 0)
2562 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2564 while (n_left_from >= 4 && n_left_to_next >= 2)
2567 vlib_buffer_t *b0, *b1;
2569 ip6_header_t *ip0, *ip1;
2570 ip6_hop_by_hop_header_t *hbh0, *hbh1;
2571 ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
2572 u8 error0 = 0, error1 = 0;
2574 /* Prefetch next iteration. */
2576 vlib_buffer_t *p2, *p3;
2578 p2 = vlib_get_buffer (vm, from[2]);
2579 p3 = vlib_get_buffer (vm, from[3]);
2581 vlib_prefetch_buffer_header (p2, LOAD);
2582 vlib_prefetch_buffer_header (p3, LOAD);
2584 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2585 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2588 /* Speculatively enqueue b0, b1 to the current next frame */
2589 to_next[0] = bi0 = from[0];
2590 to_next[1] = bi1 = from[1];
2594 n_left_to_next -= 2;
2596 b0 = vlib_get_buffer (vm, bi0);
2597 b1 = vlib_get_buffer (vm, bi1);
2599 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2600 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2601 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2602 u32 adj_index1 = vnet_buffer (b1)->ip.adj_index[VLIB_TX];
2603 ip_adjacency_t *adj1 = ip_get_adjacency (lm, adj_index1);
2605 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2606 next0 = adj0->lookup_next_index;
2607 next1 = adj1->lookup_next_index;
2609 ip0 = vlib_buffer_get_current (b0);
2610 ip1 = vlib_buffer_get_current (b1);
2611 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2612 hbh1 = (ip6_hop_by_hop_header_t *) (ip1 + 1);
2613 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2614 opt1 = (ip6_hop_by_hop_option_t *) (hbh1 + 1);
2616 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2617 ((hbh0->length + 1) << 3));
2619 (ip6_hop_by_hop_option_t *) ((u8 *) hbh1 +
2620 ((hbh1->length + 1) << 3));
2623 * Basic validity checks
2625 if ((hbh0->length + 1) << 3 >
2626 clib_net_to_host_u16 (ip0->payload_length))
2628 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2629 next0 = IP_LOOKUP_NEXT_DROP;
2632 /* Scan the set of h-b-h options, process ones that we understand */
2633 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2635 if ((hbh1->length + 1) << 3 >
2636 clib_net_to_host_u16 (ip1->payload_length))
2638 error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2639 next1 = IP_LOOKUP_NEXT_DROP;
2642 /* Scan the set of h-b-h options, process ones that we understand */
2643 error1 = ip6_scan_hbh_options (b1, ip1, hbh1, opt1, limit1, &next1);
2646 /* Has the classifier flagged this buffer for special treatment? */
2649 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2650 next0 = hm->next_override;
2652 /* Has the classifier flagged this buffer for special treatment? */
2655 && (vnet_buffer (b1)->l2_classify.opaque_index & OI_DECAP)))
2656 next1 = hm->next_override;
2658 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
2660 if (b0->flags & VLIB_BUFFER_IS_TRACED)
2662 ip6_hop_by_hop_trace_t *t =
2663 vlib_add_trace (vm, node, b0, sizeof (*t));
2664 u32 trace_len = (hbh0->length + 1) << 3;
2665 t->next_index = next0;
2666 /* Capture the h-b-h option verbatim */
2669 ARRAY_LEN (t->option_data) ? trace_len :
2670 ARRAY_LEN (t->option_data);
2671 t->trace_len = trace_len;
2672 clib_memcpy (t->option_data, hbh0, trace_len);
2674 if (b1->flags & VLIB_BUFFER_IS_TRACED)
2676 ip6_hop_by_hop_trace_t *t =
2677 vlib_add_trace (vm, node, b1, sizeof (*t));
2678 u32 trace_len = (hbh1->length + 1) << 3;
2679 t->next_index = next1;
2680 /* Capture the h-b-h option verbatim */
2683 ARRAY_LEN (t->option_data) ? trace_len :
2684 ARRAY_LEN (t->option_data);
2685 t->trace_len = trace_len;
2686 clib_memcpy (t->option_data, hbh1, trace_len);
2691 b0->error = error_node->errors[error0];
2692 b1->error = error_node->errors[error1];
2694 /* verify speculative enqueue, maybe switch current next frame */
2695 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
2696 n_left_to_next, bi0, bi1, next0,
2700 while (n_left_from > 0 && n_left_to_next > 0)
2706 ip6_hop_by_hop_header_t *hbh0;
2707 ip6_hop_by_hop_option_t *opt0, *limit0;
2710 /* Speculatively enqueue b0 to the current next frame */
2716 n_left_to_next -= 1;
2718 b0 = vlib_get_buffer (vm, bi0);
2720 * Default use the next_index from the adjacency.
2721 * A HBH option rarely redirects to a different node
2723 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2724 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2725 next0 = adj0->lookup_next_index;
2727 ip0 = vlib_buffer_get_current (b0);
2728 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2729 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2731 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2732 ((hbh0->length + 1) << 3));
2735 * Basic validity checks
2737 if ((hbh0->length + 1) << 3 >
2738 clib_net_to_host_u16 (ip0->payload_length))
2740 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2741 next0 = IP_LOOKUP_NEXT_DROP;
2745 /* Scan the set of h-b-h options, process ones that we understand */
2746 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2749 /* Has the classifier flagged this buffer for special treatment? */
2752 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2753 next0 = hm->next_override;
2755 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2757 ip6_hop_by_hop_trace_t *t =
2758 vlib_add_trace (vm, node, b0, sizeof (*t));
2759 u32 trace_len = (hbh0->length + 1) << 3;
2760 t->next_index = next0;
2761 /* Capture the h-b-h option verbatim */
2764 ARRAY_LEN (t->option_data) ? trace_len :
2765 ARRAY_LEN (t->option_data);
2766 t->trace_len = trace_len;
2767 clib_memcpy (t->option_data, hbh0, trace_len);
2770 b0->error = error_node->errors[error0];
2772 /* verify speculative enqueue, maybe switch current next frame */
2773 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2774 n_left_to_next, bi0, next0);
2776 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2778 return frame->n_vectors;
2782 VLIB_REGISTER_NODE (ip6_hop_by_hop_node) =
2784 .function = ip6_hop_by_hop,
2785 .name = "ip6-hop-by-hop",
2786 .sibling_of = "ip6-lookup",
2787 .vector_size = sizeof (u32),
2788 .format_trace = format_ip6_hop_by_hop_trace,
2789 .type = VLIB_NODE_TYPE_INTERNAL,
2790 .n_errors = ARRAY_LEN (ip6_hop_by_hop_error_strings),
2791 .error_strings = ip6_hop_by_hop_error_strings,
2796 VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop);
2798 static clib_error_t *
2799 ip6_hop_by_hop_init (vlib_main_t * vm)
2801 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2802 memset (hm->options, 0, sizeof (hm->options));
2803 memset (hm->trace, 0, sizeof (hm->trace));
2804 hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
2808 VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
2811 ip6_hbh_set_next_override (uword next)
2813 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2815 hm->next_override = next;
2819 ip6_hbh_register_option (u8 option,
2820 int options (vlib_buffer_t * b, ip6_header_t * ip,
2821 ip6_hop_by_hop_option_t * opt),
2822 u8 * trace (u8 * s, ip6_hop_by_hop_option_t * opt))
2824 ip6_main_t *im = &ip6_main;
2825 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2827 ASSERT (option < ARRAY_LEN (hm->options));
2829 /* Already registered */
2830 if (hm->options[option])
2833 hm->options[option] = options;
2834 hm->trace[option] = trace;
2836 /* Set global variable */
2837 im->hbh_enabled = 1;
2843 ip6_hbh_unregister_option (u8 option)
2845 ip6_main_t *im = &ip6_main;
2846 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2848 ASSERT (option < ARRAY_LEN (hm->options));
2850 /* Not registered */
2851 if (!hm->options[option])
2854 hm->options[option] = NULL;
2855 hm->trace[option] = NULL;
2857 /* Disable global knob if this was the last option configured */
2860 for (i = 0; i < 256; i++)
2862 if (hm->options[option])
2869 im->hbh_enabled = 0;
2874 /* Global IP6 main. */
2875 ip6_main_t ip6_main;
2877 static clib_error_t *
2878 ip6_lookup_init (vlib_main_t * vm)
2880 ip6_main_t *im = &ip6_main;
2881 clib_error_t *error;
2884 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
2887 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
2894 for (j = 0; j < i0; j++)
2895 im->fib_masks[i].as_u32[j] = ~0;
2898 im->fib_masks[i].as_u32[i0] =
2899 clib_host_to_net_u32 (pow2_mask (i1) << (32 - i1));
2902 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 1);
2904 if (im->lookup_table_nbuckets == 0)
2905 im->lookup_table_nbuckets = IP6_FIB_DEFAULT_HASH_NUM_BUCKETS;
2907 im->lookup_table_nbuckets = 1 << max_log2 (im->lookup_table_nbuckets);
2909 if (im->lookup_table_size == 0)
2910 im->lookup_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE;
2912 BV (clib_bihash_init) (&(im->ip6_table[IP6_FIB_TABLE_FWDING].ip6_hash),
2913 "ip6 FIB fwding table",
2914 im->lookup_table_nbuckets, im->lookup_table_size);
2915 BV (clib_bihash_init) (&im->ip6_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash,
2916 "ip6 FIB non-fwding table",
2917 im->lookup_table_nbuckets, im->lookup_table_size);
2919 /* Create FIB with index 0 and table id of 0. */
2920 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2921 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2925 pn = pg_get_node (ip6_lookup_node.index);
2926 pn->unformat_edit = unformat_pg_ip6_header;
2929 /* Unless explicitly configured, don't process HBH options */
2930 im->hbh_enabled = 0;
2933 icmp6_neighbor_solicitation_header_t p;
2935 memset (&p, 0, sizeof (p));
2937 p.ip.ip_version_traffic_class_and_flow_label =
2938 clib_host_to_net_u32 (0x6 << 28);
2939 p.ip.payload_length =
2940 clib_host_to_net_u16 (sizeof (p) -
2942 (icmp6_neighbor_solicitation_header_t, neighbor));
2943 p.ip.protocol = IP_PROTOCOL_ICMP6;
2944 p.ip.hop_limit = 255;
2945 ip6_set_solicited_node_multicast_address (&p.ip.dst_address, 0);
2947 p.neighbor.icmp.type = ICMP6_neighbor_solicitation;
2949 p.link_layer_option.header.type =
2950 ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address;
2951 p.link_layer_option.header.n_data_u64s =
2952 sizeof (p.link_layer_option) / sizeof (u64);
2954 vlib_packet_template_init (vm,
2955 &im->discover_neighbor_packet_template,
2957 /* alloc chunk size */ 8,
2958 "ip6 neighbor discovery");
2964 VLIB_INIT_FUNCTION (ip6_lookup_init);
2966 static clib_error_t *
2967 add_del_ip6_interface_table (vlib_main_t * vm,
2968 unformat_input_t * input,
2969 vlib_cli_command_t * cmd)
2971 vnet_main_t *vnm = vnet_get_main ();
2972 ip_interface_address_t *ia;
2973 clib_error_t *error = 0;
2974 u32 sw_if_index, table_id;
2978 if (!unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index))
2980 error = clib_error_return (0, "unknown interface `%U'",
2981 format_unformat_error, input);
2985 if (unformat (input, "%d", &table_id))
2989 error = clib_error_return (0, "expected table id `%U'",
2990 format_unformat_error, input);
2995 * If the interface already has in IP address, then a change int
2996 * VRF is not allowed. The IP address applied must first be removed.
2997 * We do not do that automatically here, since VPP has no knowledge
2998 * of whether thoses subnets are valid in the destination VRF.
3001 foreach_ip_interface_address (&ip6_main.lookup_main,
3003 1 /* honor unnumbered */,
3007 a = ip_interface_address_get_address (&ip6_main.lookup_main, ia);
3008 error = clib_error_return (0, "interface %U has address %U",
3009 format_vnet_sw_if_index_name, vnm,
3011 format_ip6_address, a);
3017 u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3020 vec_validate (ip6_main.fib_index_by_sw_if_index, sw_if_index);
3021 ip6_main.fib_index_by_sw_if_index[sw_if_index] = fib_index;
3023 fib_index = mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3026 vec_validate (ip6_main.mfib_index_by_sw_if_index, sw_if_index);
3027 ip6_main.mfib_index_by_sw_if_index[sw_if_index] = fib_index;
3036 * Place the indicated interface into the supplied IPv6 FIB table (also known
3037 * as a VRF). If the FIB table does not exist, this command creates it. To
3038 * display the current IPv6 FIB table, use the command '<em>show ip6 fib</em>'.
3039 * FIB table will only be displayed if a route has been added to the table, or
3040 * an IP Address is assigned to an interface in the table (which adds a route
3043 * @note IP addresses added after setting the interface IP table are added to
3044 * the indicated FIB table. If an IP address is added prior to changing the
3045 * table then this is an error. The control plane must remove these addresses
3046 * first and then change the table. VPP will not automatically move the
3047 * addresses from the old to the new table as it does not know the validity
3051 * Example of how to add an interface to an IPv6 FIB table (where 2 is the table-id):
3052 * @cliexcmd{set interface ip6 table GigabitEthernet2/0/0 2}
3055 VLIB_CLI_COMMAND (set_interface_ip6_table_command, static) =
3057 .path = "set interface ip6 table",
3058 .function = add_del_ip6_interface_table,
3059 .short_help = "set interface ip6 table <interface> <table-id>"
3064 ip6_link_local_address_from_ethernet_mac_address (ip6_address_t * ip,
3067 ip->as_u64[0] = clib_host_to_net_u64 (0xFE80000000000000ULL);
3068 /* Invert the "u" bit */
3069 ip->as_u8[8] = mac[0] ^ (1 << 1);
3070 ip->as_u8[9] = mac[1];
3071 ip->as_u8[10] = mac[2];
3072 ip->as_u8[11] = 0xFF;
3073 ip->as_u8[12] = 0xFE;
3074 ip->as_u8[13] = mac[3];
3075 ip->as_u8[14] = mac[4];
3076 ip->as_u8[15] = mac[5];
3080 ip6_ethernet_mac_address_from_link_local_address (u8 * mac,
3083 /* Invert the previously inverted "u" bit */
3084 mac[0] = ip->as_u8[8] ^ (1 << 1);
3085 mac[1] = ip->as_u8[9];
3086 mac[2] = ip->as_u8[10];
3087 mac[3] = ip->as_u8[13];
3088 mac[4] = ip->as_u8[14];
3089 mac[5] = ip->as_u8[15];
3092 static clib_error_t *
3093 test_ip6_link_command_fn (vlib_main_t * vm,
3094 unformat_input_t * input, vlib_cli_command_t * cmd)
3097 ip6_address_t _a, *a = &_a;
3099 if (unformat (input, "%U", unformat_ethernet_address, mac))
3101 ip6_link_local_address_from_ethernet_mac_address (a, mac);
3102 vlib_cli_output (vm, "Link local address: %U", format_ip6_address, a);
3103 ip6_ethernet_mac_address_from_link_local_address (mac, a);
3104 vlib_cli_output (vm, "Original MAC address: %U",
3105 format_ethernet_address, mac);
3112 * This command converts the given MAC Address into an IPv6 link-local
3116 * Example of how to create an IPv6 link-local address:
3117 * @cliexstart{test ip6 link 16:d9:e0:91:79:86}
3118 * Link local address: fe80::14d9:e0ff:fe91:7986
3119 * Original MAC address: 16:d9:e0:91:79:86
3123 VLIB_CLI_COMMAND (test_link_command, static) =
3125 .path = "test ip6 link",
3126 .function = test_ip6_link_command_fn,
3127 .short_help = "test ip6 link <mac-address>",
3132 vnet_set_ip6_flow_hash (u32 table_id, u32 flow_hash_config)
3134 ip6_main_t *im6 = &ip6_main;
3136 uword *p = hash_get (im6->fib_index_by_table_id, table_id);
3141 fib = ip6_fib_get (p[0]);
3143 fib->flow_hash_config = flow_hash_config;
3147 static clib_error_t *
3148 set_ip6_flow_hash_command_fn (vlib_main_t * vm,
3149 unformat_input_t * input,
3150 vlib_cli_command_t * cmd)
3154 u32 flow_hash_config = 0;
3157 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3159 if (unformat (input, "table %d", &table_id))
3162 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
3163 foreach_flow_hash_bit
3170 return clib_error_return (0, "unknown input `%U'",
3171 format_unformat_error, input);
3173 rv = vnet_set_ip6_flow_hash (table_id, flow_hash_config);
3180 return clib_error_return (0, "no such FIB table %d", table_id);
3183 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
3191 * Configure the set of IPv6 fields used by the flow hash.
3195 * Example of how to set the flow hash on a given table:
3196 * @cliexcmd{set ip6 flow-hash table 8 dst sport dport proto}
3198 * Example of display the configured flow hash:
3199 * @cliexstart{show ip6 fib}
3200 * ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
3203 * [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
3204 * [0] [@0]: dpo-drop ip6
3207 * [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
3208 * [0] [@2]: dpo-receive
3211 * [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
3212 * [0] [@2]: dpo-receive
3215 * [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
3216 * [0] [@2]: dpo-receive
3219 * [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
3220 * [0] [@2]: dpo-receive
3221 * ff02::1:ff00:0/104
3223 * [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
3224 * [0] [@2]: dpo-receive
3225 * ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
3228 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
3229 * [0] [@0]: dpo-drop ip6
3232 * [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
3233 * [0] [@4]: ipv6-glean: af_packet0
3236 * [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
3237 * [0] [@2]: dpo-receive: @::a:1:1:0:7 on af_packet0
3240 * [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
3241 * [0] [@2]: dpo-receive
3242 * fe80::fe:3eff:fe3e:9222/128
3244 * [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
3245 * [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
3248 * [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
3249 * [0] [@2]: dpo-receive
3252 * [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
3253 * [0] [@2]: dpo-receive
3256 * [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
3257 * [0] [@2]: dpo-receive
3258 * ff02::1:ff00:0/104
3260 * [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
3261 * [0] [@2]: dpo-receive
3266 VLIB_CLI_COMMAND (set_ip6_flow_hash_command, static) =
3268 .path = "set ip6 flow-hash",
3270 "set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
3271 .function = set_ip6_flow_hash_command_fn,
3275 static clib_error_t *
3276 show_ip6_local_command_fn (vlib_main_t * vm,
3277 unformat_input_t * input, vlib_cli_command_t * cmd)
3279 ip6_main_t *im = &ip6_main;
3280 ip_lookup_main_t *lm = &im->lookup_main;
3283 vlib_cli_output (vm, "Protocols handled by ip6_local");
3284 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
3286 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
3287 vlib_cli_output (vm, "%d", i);
3295 * Display the set of protocols handled by the local IPv6 stack.
3298 * Example of how to display local protocol table:
3299 * @cliexstart{show ip6 local}
3300 * Protocols handled by ip6_local
3308 VLIB_CLI_COMMAND (show_ip6_local, static) =
3310 .path = "show ip6 local",
3311 .function = show_ip6_local_command_fn,
3312 .short_help = "show ip6 local",
3317 vnet_set_ip6_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3320 vnet_main_t *vnm = vnet_get_main ();
3321 vnet_interface_main_t *im = &vnm->interface_main;
3322 ip6_main_t *ipm = &ip6_main;
3323 ip_lookup_main_t *lm = &ipm->lookup_main;
3324 vnet_classify_main_t *cm = &vnet_classify_main;
3325 ip6_address_t *if_addr;
3327 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3328 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3330 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3331 return VNET_API_ERROR_NO_SUCH_ENTRY;
3333 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3334 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3336 if_addr = ip6_interface_first_address (ipm, sw_if_index);
3338 if (NULL != if_addr)
3340 fib_prefix_t pfx = {
3342 .fp_proto = FIB_PROTOCOL_IP6,
3343 .fp_addr.ip6 = *if_addr,
3347 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3351 if (table_index != (u32) ~ 0)
3353 dpo_id_t dpo = DPO_INVALID;
3358 classify_dpo_create (DPO_PROTO_IP6, table_index));
3360 fib_table_entry_special_dpo_add (fib_index,
3362 FIB_SOURCE_CLASSIFY,
3363 FIB_ENTRY_FLAG_NONE, &dpo);
3368 fib_table_entry_special_remove (fib_index,
3369 &pfx, FIB_SOURCE_CLASSIFY);
3376 static clib_error_t *
3377 set_ip6_classify_command_fn (vlib_main_t * vm,
3378 unformat_input_t * input,
3379 vlib_cli_command_t * cmd)
3381 u32 table_index = ~0;
3382 int table_index_set = 0;
3383 u32 sw_if_index = ~0;
3386 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3388 if (unformat (input, "table-index %d", &table_index))
3389 table_index_set = 1;
3390 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3391 vnet_get_main (), &sw_if_index))
3397 if (table_index_set == 0)
3398 return clib_error_return (0, "classify table-index must be specified");
3400 if (sw_if_index == ~0)
3401 return clib_error_return (0, "interface / subif must be specified");
3403 rv = vnet_set_ip6_classify_intfc (vm, sw_if_index, table_index);
3410 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3411 return clib_error_return (0, "No such interface");
3413 case VNET_API_ERROR_NO_SUCH_ENTRY:
3414 return clib_error_return (0, "No such classifier table");
3420 * Assign a classification table to an interface. The classification
3421 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3422 * commands. Once the table is create, use this command to filter packets
3426 * Example of how to assign a classification table to an interface:
3427 * @cliexcmd{set ip6 classify intfc GigabitEthernet2/0/0 table-index 1}
3430 VLIB_CLI_COMMAND (set_ip6_classify_command, static) =
3432 .path = "set ip6 classify",
3434 "set ip6 classify intfc <interface> table-index <classify-idx>",
3435 .function = set_ip6_classify_command_fn,
3439 static clib_error_t *
3440 ip6_config (vlib_main_t * vm, unformat_input_t * input)
3442 ip6_main_t *im = &ip6_main;
3447 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3449 if (unformat (input, "hash-buckets %d", &tmp))
3451 else if (unformat (input, "heap-size %dm", &tmp))
3452 heapsize = ((u64) tmp) << 20;
3453 else if (unformat (input, "heap-size %dM", &tmp))
3454 heapsize = ((u64) tmp) << 20;
3455 else if (unformat (input, "heap-size %dg", &tmp))
3456 heapsize = ((u64) tmp) << 30;
3457 else if (unformat (input, "heap-size %dG", &tmp))
3458 heapsize = ((u64) tmp) << 30;
3460 return clib_error_return (0, "unknown input '%U'",
3461 format_unformat_error, input);
3464 im->lookup_table_nbuckets = nbuckets;
3465 im->lookup_table_size = heapsize;
3470 VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
3473 * fd.io coding-style-patch-verification: ON
3476 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob