2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip6_forward.c: IP v6 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
43 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
44 #include <vppinfra/cache.h>
45 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
46 #include <vnet/fib/ip6_fib.h>
47 #include <vnet/mfib/ip6_mfib.h>
48 #include <vnet/dpo/load_balance.h>
49 #include <vnet/dpo/classify_dpo.h>
51 #include <vppinfra/bihash_template.c>
53 /* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */
54 #define OI_DECAP 0x80000000
58 * @brief IPv6 Forwarding.
60 * This file contains the source code for IPv6 forwarding.
64 ip6_forward_next_trace (vlib_main_t * vm,
65 vlib_node_runtime_t * node,
67 vlib_rx_or_tx_t which_adj_index);
70 ip6_lookup_inline (vlib_main_t * vm,
71 vlib_node_runtime_t * node, vlib_frame_t * frame)
73 ip6_main_t *im = &ip6_main;
74 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_to_counters;
75 u32 n_left_from, n_left_to_next, *from, *to_next;
76 ip_lookup_next_t next;
77 u32 cpu_index = os_get_cpu_number ();
79 from = vlib_frame_vector_args (frame);
80 n_left_from = frame->n_vectors;
81 next = node->cached_next_index;
83 while (n_left_from > 0)
85 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
87 while (n_left_from >= 4 && n_left_to_next >= 2)
89 vlib_buffer_t *p0, *p1;
90 u32 pi0, pi1, lbi0, lbi1, wrong_next;
91 ip_lookup_next_t next0, next1;
92 ip6_header_t *ip0, *ip1;
93 ip6_address_t *dst_addr0, *dst_addr1;
94 u32 fib_index0, fib_index1;
95 u32 flow_hash_config0, flow_hash_config1;
96 const dpo_id_t *dpo0, *dpo1;
97 const load_balance_t *lb0, *lb1;
99 /* Prefetch next iteration. */
101 vlib_buffer_t *p2, *p3;
103 p2 = vlib_get_buffer (vm, from[2]);
104 p3 = vlib_get_buffer (vm, from[3]);
106 vlib_prefetch_buffer_header (p2, LOAD);
107 vlib_prefetch_buffer_header (p3, LOAD);
108 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), LOAD);
109 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), LOAD);
112 pi0 = to_next[0] = from[0];
113 pi1 = to_next[1] = from[1];
115 p0 = vlib_get_buffer (vm, pi0);
116 p1 = vlib_get_buffer (vm, pi1);
118 ip0 = vlib_buffer_get_current (p0);
119 ip1 = vlib_buffer_get_current (p1);
121 dst_addr0 = &ip0->dst_address;
122 dst_addr1 = &ip1->dst_address;
125 vec_elt (im->fib_index_by_sw_if_index,
126 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
128 vec_elt (im->fib_index_by_sw_if_index,
129 vnet_buffer (p1)->sw_if_index[VLIB_RX]);
131 fib_index0 = (vnet_buffer (p0)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
132 fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
133 fib_index1 = (vnet_buffer (p1)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
134 fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
136 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
137 lbi1 = ip6_fib_table_fwding_lookup (im, fib_index1, dst_addr1);
139 lb0 = load_balance_get (lbi0);
140 lb1 = load_balance_get (lbi1);
142 vnet_buffer (p0)->ip.flow_hash = vnet_buffer (p1)->ip.flow_hash = 0;
144 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
146 flow_hash_config0 = lb0->lb_hash_config;
147 vnet_buffer (p0)->ip.flow_hash =
148 ip6_compute_flow_hash (ip0, flow_hash_config0);
150 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
152 flow_hash_config1 = lb1->lb_hash_config;
153 vnet_buffer (p1)->ip.flow_hash =
154 ip6_compute_flow_hash (ip1, flow_hash_config1);
157 ASSERT (lb0->lb_n_buckets > 0);
158 ASSERT (lb1->lb_n_buckets > 0);
159 ASSERT (is_pow2 (lb0->lb_n_buckets));
160 ASSERT (is_pow2 (lb1->lb_n_buckets));
161 dpo0 = load_balance_get_bucket_i (lb0,
162 (vnet_buffer (p0)->ip.flow_hash &
163 lb0->lb_n_buckets_minus_1));
164 dpo1 = load_balance_get_bucket_i (lb1,
165 (vnet_buffer (p1)->ip.flow_hash &
166 lb1->lb_n_buckets_minus_1));
168 next0 = dpo0->dpoi_next_node;
169 next1 = dpo1->dpoi_next_node;
171 /* Only process the HBH Option Header if explicitly configured to do so */
173 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
175 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
176 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
179 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
181 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
182 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
184 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
185 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
187 vlib_increment_combined_counter
188 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
189 vlib_increment_combined_counter
190 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
197 wrong_next = (next0 != next) + 2 * (next1 != next);
198 if (PREDICT_FALSE (wrong_next != 0))
207 vlib_set_next_frame_buffer (vm, node, next0, pi0);
214 vlib_set_next_frame_buffer (vm, node, next1, pi1);
221 vlib_set_next_frame_buffer (vm, node, next0, pi0);
222 vlib_set_next_frame_buffer (vm, node, next1, pi1);
226 vlib_put_next_frame (vm, node, next, n_left_to_next);
228 vlib_get_next_frame (vm, node, next, to_next,
235 while (n_left_from > 0 && n_left_to_next > 0)
240 ip_lookup_next_t next0;
242 ip6_address_t *dst_addr0;
243 u32 fib_index0, flow_hash_config0;
244 const dpo_id_t *dpo0;
249 p0 = vlib_get_buffer (vm, pi0);
251 ip0 = vlib_buffer_get_current (p0);
253 dst_addr0 = &ip0->dst_address;
256 vec_elt (im->fib_index_by_sw_if_index,
257 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
259 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
260 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
262 flow_hash_config0 = ip6_fib_get (fib_index0)->flow_hash_config;
264 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
266 lb0 = load_balance_get (lbi0);
268 vnet_buffer (p0)->ip.flow_hash = 0;
270 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
272 flow_hash_config0 = lb0->lb_hash_config;
273 vnet_buffer (p0)->ip.flow_hash =
274 ip6_compute_flow_hash (ip0, flow_hash_config0);
277 ASSERT (lb0->lb_n_buckets > 0);
278 ASSERT (is_pow2 (lb0->lb_n_buckets));
279 dpo0 = load_balance_get_bucket_i (lb0,
280 (vnet_buffer (p0)->ip.flow_hash &
281 lb0->lb_n_buckets_minus_1));
282 next0 = dpo0->dpoi_next_node;
284 /* Only process the HBH Option Header if explicitly configured to do so */
286 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
288 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
289 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
291 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
293 vlib_increment_combined_counter
294 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
301 if (PREDICT_FALSE (next0 != next))
304 vlib_put_next_frame (vm, node, next, n_left_to_next);
306 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
313 vlib_put_next_frame (vm, node, next, n_left_to_next);
316 if (node->flags & VLIB_NODE_FLAG_TRACE)
317 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
319 return frame->n_vectors;
323 ip6_add_interface_routes (vnet_main_t * vnm, u32 sw_if_index,
324 ip6_main_t * im, u32 fib_index,
325 ip_interface_address_t * a)
327 ip_lookup_main_t *lm = &im->lookup_main;
328 ip6_address_t *address = ip_interface_address_get_address (lm, a);
330 .fp_len = a->address_length,
331 .fp_proto = FIB_PROTOCOL_IP6,
332 .fp_addr.ip6 = *address,
335 a->neighbor_probe_adj_index = ~0;
336 if (a->address_length < 128)
338 fib_node_index_t fei;
340 fei = fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_ATTACHED), FIB_PROTOCOL_IP6, NULL, /* No next-hop address */
341 sw_if_index, ~0, // invalid FIB index
342 1, NULL, // no label stack
343 FIB_ROUTE_PATH_FLAG_NONE);
344 a->neighbor_probe_adj_index = fib_entry_get_adj (fei);
348 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
350 u32 classify_table_index =
351 lm->classify_table_index_by_sw_if_index[sw_if_index];
352 if (classify_table_index != (u32) ~ 0)
354 dpo_id_t dpo = DPO_INVALID;
359 classify_dpo_create (DPO_PROTO_IP6, classify_table_index));
361 fib_table_entry_special_dpo_add (fib_index,
364 FIB_ENTRY_FLAG_NONE, &dpo);
369 fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_LOCAL), FIB_PROTOCOL_IP6, &pfx.fp_addr, sw_if_index, ~0, // invalid FIB index
370 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
374 ip6_del_interface_routes (ip6_main_t * im,
376 ip6_address_t * address, u32 address_length)
379 .fp_len = address_length,
380 .fp_proto = FIB_PROTOCOL_IP6,
381 .fp_addr.ip6 = *address,
384 if (pfx.fp_len < 128)
386 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
391 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
395 ip6_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
397 ip6_main_t *im = &ip6_main;
399 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
402 * enable/disable only on the 1<->0 transition
406 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
411 /* The ref count is 0 when an address is removed from an interface that has
412 * no address - this is not a ciritical error */
413 if (0 == im->ip_enabled_by_sw_if_index[sw_if_index] ||
414 0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
418 if (sw_if_index != 0)
419 ip6_mfib_interface_enable_disable (sw_if_index, is_enable);
421 vnet_feature_enable_disable ("ip6-unicast", "ip6-lookup", sw_if_index,
424 vnet_feature_enable_disable ("ip6-multicast", "ip6-mfib-forward-lookup",
425 sw_if_index, is_enable, 0, 0);
429 /* get first interface address */
431 ip6_interface_first_address (ip6_main_t * im,
433 ip_interface_address_t ** result_ia)
435 ip_lookup_main_t *lm = &im->lookup_main;
436 ip_interface_address_t *ia = 0;
437 ip6_address_t *result = 0;
440 foreach_ip_interface_address (lm, ia, sw_if_index,
441 1 /* honor unnumbered */,
443 ip6_address_t * a = ip_interface_address_get_address (lm, ia);
449 *result_ia = result ? ia : 0;
454 ip6_add_del_interface_address (vlib_main_t * vm,
456 ip6_address_t * address,
457 u32 address_length, u32 is_del)
459 vnet_main_t *vnm = vnet_get_main ();
460 ip6_main_t *im = &ip6_main;
461 ip_lookup_main_t *lm = &im->lookup_main;
463 u32 if_address_index;
464 ip6_address_fib_t ip6_af, *addr_fib = 0;
466 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
467 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
469 ip6_addr_fib_init (&ip6_af, address,
470 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
471 vec_add1 (addr_fib, ip6_af);
474 uword elts_before = pool_elts (lm->if_address_pool);
476 error = ip_interface_address_add_del
477 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
481 /* Pool did not grow: add duplicate address. */
482 if (elts_before == pool_elts (lm->if_address_pool))
486 ip6_sw_interface_enable_disable (sw_if_index, !is_del);
489 ip6_del_interface_routes (im, ip6_af.fib_index, address, address_length);
491 ip6_add_interface_routes (vnm, sw_if_index,
492 im, ip6_af.fib_index,
493 pool_elt_at_index (lm->if_address_pool,
497 ip6_add_del_interface_address_callback_t *cb;
498 vec_foreach (cb, im->add_del_interface_address_callbacks)
499 cb->function (im, cb->function_opaque, sw_if_index,
500 address, address_length, if_address_index, is_del);
509 ip6_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
511 ip6_main_t *im = &ip6_main;
512 ip_interface_address_t *ia;
514 u32 is_admin_up, fib_index;
516 /* Fill in lookup tables with default table (0). */
517 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
519 vec_validate_init_empty (im->
520 lookup_main.if_address_pool_index_by_sw_if_index,
523 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
525 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
528 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
529 0 /* honor unnumbered */,
531 a = ip_interface_address_get_address (&im->lookup_main, ia);
533 ip6_add_interface_routes (vnm, sw_if_index,
537 ip6_del_interface_routes (im, fib_index,
538 a, ia->address_length);
545 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down);
547 /* Built-in ip6 unicast rx feature path definition */
549 VNET_FEATURE_ARC_INIT (ip6_unicast, static) =
551 .arc_name = "ip6-unicast",
552 .start_nodes = VNET_FEATURES ("ip6-input"),
553 .arc_index_ptr = &ip6_main.lookup_main.ucast_feature_arc_index,
556 VNET_FEATURE_INIT (ip6_flow_classify, static) =
558 .arc_name = "ip6-unicast",
559 .node_name = "ip6-flow-classify",
560 .runs_before = VNET_FEATURES ("ip6-inacl"),
563 VNET_FEATURE_INIT (ip6_inacl, static) =
565 .arc_name = "ip6-unicast",
566 .node_name = "ip6-inacl",
567 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
570 VNET_FEATURE_INIT (ip6_policer_classify, static) =
572 .arc_name = "ip6-unicast",
573 .node_name = "ip6-policer-classify",
574 .runs_before = VNET_FEATURES ("ipsec-input-ip6"),
577 VNET_FEATURE_INIT (ip6_ipsec, static) =
579 .arc_name = "ip6-unicast",
580 .node_name = "ipsec-input-ip6",
581 .runs_before = VNET_FEATURES ("l2tp-decap"),
584 VNET_FEATURE_INIT (ip6_l2tp, static) =
586 .arc_name = "ip6-unicast",
587 .node_name = "l2tp-decap",
588 .runs_before = VNET_FEATURES ("vpath-input-ip6"),
591 VNET_FEATURE_INIT (ip6_vpath, static) =
593 .arc_name = "ip6-unicast",
594 .node_name = "vpath-input-ip6",
595 .runs_before = VNET_FEATURES ("ip6-vxlan-bypass"),
598 VNET_FEATURE_INIT (ip6_vxlan_bypass, static) =
600 .arc_name = "ip6-unicast",
601 .node_name = "ip6-vxlan-bypass",
602 .runs_before = VNET_FEATURES ("ip6-lookup"),
605 VNET_FEATURE_INIT (ip6_lookup, static) =
607 .arc_name = "ip6-unicast",
608 .node_name = "ip6-lookup",
609 .runs_before = VNET_FEATURES ("ip6-drop"),
612 VNET_FEATURE_INIT (ip6_drop, static) =
614 .arc_name = "ip6-unicast",
615 .node_name = "ip6-drop",
616 .runs_before = 0, /*last feature*/
619 /* Built-in ip6 multicast rx feature path definition (none now) */
620 VNET_FEATURE_ARC_INIT (ip6_multicast, static) =
622 .arc_name = "ip6-multicast",
623 .start_nodes = VNET_FEATURES ("ip6-input"),
624 .arc_index_ptr = &ip6_main.lookup_main.mcast_feature_arc_index,
627 VNET_FEATURE_INIT (ip6_vpath_mc, static) = {
628 .arc_name = "ip6-multicast",
629 .node_name = "vpath-input-ip6",
630 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
633 VNET_FEATURE_INIT (ip6_mc_lookup, static) = {
634 .arc_name = "ip6-multicast",
635 .node_name = "ip6-mfib-forward-lookup",
636 .runs_before = VNET_FEATURES ("ip6-drop"),
639 VNET_FEATURE_INIT (ip6_drop_mc, static) = {
640 .arc_name = "ip6-multicast",
641 .node_name = "ip6-drop",
642 .runs_before = 0, /* last feature */
645 /* Built-in ip4 tx feature path definition */
646 VNET_FEATURE_ARC_INIT (ip6_output, static) =
648 .arc_name = "ip6-output",
649 .start_nodes = VNET_FEATURES ("ip6-rewrite", "ip6-midchain"),
650 .arc_index_ptr = &ip6_main.lookup_main.output_feature_arc_index,
653 VNET_FEATURE_INIT (ip6_ipsec_output, static) = {
654 .arc_name = "ip6-output",
655 .node_name = "ipsec-output-ip6",
656 .runs_before = VNET_FEATURES ("interface-output"),
659 VNET_FEATURE_INIT (ip6_interface_output, static) = {
660 .arc_name = "ip6-output",
661 .node_name = "interface-output",
662 .runs_before = 0, /* not before any other features */
667 ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
669 vnet_feature_enable_disable ("ip6-unicast", "ip6-drop", sw_if_index,
672 vnet_feature_enable_disable ("ip6-multicast", "ip6-drop", sw_if_index,
675 vnet_feature_enable_disable ("ip6-output", "interface-output", sw_if_index,
678 return /* no error */ 0;
681 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_sw_interface_add_del);
684 ip6_lookup (vlib_main_t * vm,
685 vlib_node_runtime_t * node, vlib_frame_t * frame)
687 return ip6_lookup_inline (vm, node, frame);
690 static u8 *format_ip6_lookup_trace (u8 * s, va_list * args);
693 VLIB_REGISTER_NODE (ip6_lookup_node) =
695 .function = ip6_lookup,
696 .name = "ip6-lookup",
697 .vector_size = sizeof (u32),
698 .format_trace = format_ip6_lookup_trace,
699 .n_next_nodes = IP6_LOOKUP_N_NEXT,
700 .next_nodes = IP6_LOOKUP_NEXT_NODES,
704 VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup);
707 ip6_load_balance (vlib_main_t * vm,
708 vlib_node_runtime_t * node, vlib_frame_t * frame)
710 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
711 u32 n_left_from, n_left_to_next, *from, *to_next;
712 ip_lookup_next_t next;
713 u32 cpu_index = os_get_cpu_number ();
714 ip6_main_t *im = &ip6_main;
716 from = vlib_frame_vector_args (frame);
717 n_left_from = frame->n_vectors;
718 next = node->cached_next_index;
720 if (node->flags & VLIB_NODE_FLAG_TRACE)
721 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
723 while (n_left_from > 0)
725 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
728 while (n_left_from >= 4 && n_left_to_next >= 2)
730 ip_lookup_next_t next0, next1;
731 const load_balance_t *lb0, *lb1;
732 vlib_buffer_t *p0, *p1;
733 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
734 const ip6_header_t *ip0, *ip1;
735 const dpo_id_t *dpo0, *dpo1;
737 /* Prefetch next iteration. */
739 vlib_buffer_t *p2, *p3;
741 p2 = vlib_get_buffer (vm, from[2]);
742 p3 = vlib_get_buffer (vm, from[3]);
744 vlib_prefetch_buffer_header (p2, STORE);
745 vlib_prefetch_buffer_header (p3, STORE);
747 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
748 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
751 pi0 = to_next[0] = from[0];
752 pi1 = to_next[1] = from[1];
759 p0 = vlib_get_buffer (vm, pi0);
760 p1 = vlib_get_buffer (vm, pi1);
762 ip0 = vlib_buffer_get_current (p0);
763 ip1 = vlib_buffer_get_current (p1);
764 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
765 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
767 lb0 = load_balance_get (lbi0);
768 lb1 = load_balance_get (lbi1);
771 * this node is for via FIBs we can re-use the hash value from the
772 * to node if present.
773 * We don't want to use the same hash value at each level in the recursion
774 * graph as that would lead to polarisation
776 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
777 hc1 = vnet_buffer (p1)->ip.flow_hash = 0;
779 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
781 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
783 hc0 = vnet_buffer (p0)->ip.flow_hash =
784 vnet_buffer (p0)->ip.flow_hash >> 1;
788 hc0 = vnet_buffer (p0)->ip.flow_hash =
789 ip6_compute_flow_hash (ip0, hc0);
792 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
794 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
796 hc1 = vnet_buffer (p1)->ip.flow_hash =
797 vnet_buffer (p1)->ip.flow_hash >> 1;
801 hc1 = vnet_buffer (p1)->ip.flow_hash =
802 ip6_compute_flow_hash (ip1, hc1);
807 load_balance_get_bucket_i (lb0,
808 hc0 & (lb0->lb_n_buckets_minus_1));
810 load_balance_get_bucket_i (lb1,
811 hc1 & (lb1->lb_n_buckets_minus_1));
813 next0 = dpo0->dpoi_next_node;
814 next1 = dpo1->dpoi_next_node;
816 /* Only process the HBH Option Header if explicitly configured to do so */
818 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
820 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
821 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
823 /* Only process the HBH Option Header if explicitly configured to do so */
825 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
827 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
828 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
831 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
832 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
834 vlib_increment_combined_counter
835 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
836 vlib_increment_combined_counter
837 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
839 vlib_validate_buffer_enqueue_x2 (vm, node, next,
840 to_next, n_left_to_next,
841 pi0, pi1, next0, next1);
844 while (n_left_from > 0 && n_left_to_next > 0)
846 ip_lookup_next_t next0;
847 const load_balance_t *lb0;
850 const ip6_header_t *ip0;
851 const dpo_id_t *dpo0;
860 p0 = vlib_get_buffer (vm, pi0);
862 ip0 = vlib_buffer_get_current (p0);
863 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
865 lb0 = load_balance_get (lbi0);
867 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
868 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
870 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
872 hc0 = vnet_buffer (p0)->ip.flow_hash =
873 vnet_buffer (p0)->ip.flow_hash >> 1;
877 hc0 = vnet_buffer (p0)->ip.flow_hash =
878 ip6_compute_flow_hash (ip0, hc0);
882 load_balance_get_bucket_i (lb0,
883 hc0 & (lb0->lb_n_buckets_minus_1));
885 next0 = dpo0->dpoi_next_node;
886 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
888 /* Only process the HBH Option Header if explicitly configured to do so */
890 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
892 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
893 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
896 vlib_increment_combined_counter
897 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
899 vlib_validate_buffer_enqueue_x1 (vm, node, next,
900 to_next, n_left_to_next,
904 vlib_put_next_frame (vm, node, next, n_left_to_next);
907 return frame->n_vectors;
911 VLIB_REGISTER_NODE (ip6_load_balance_node) =
913 .function = ip6_load_balance,
914 .name = "ip6-load-balance",
915 .vector_size = sizeof (u32),
916 .sibling_of = "ip6-lookup",
917 .format_trace = format_ip6_lookup_trace,
921 VLIB_NODE_FUNCTION_MULTIARCH (ip6_load_balance_node, ip6_load_balance);
925 /* Adjacency taken. */
930 /* Packet data, possibly *after* rewrite. */
931 u8 packet_data[128 - 1 * sizeof (u32)];
933 ip6_forward_next_trace_t;
936 format_ip6_forward_next_trace (u8 * s, va_list * args)
938 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
939 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
940 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
941 uword indent = format_get_indent (s);
943 s = format (s, "%U%U",
944 format_white_space, indent,
945 format_ip6_header, t->packet_data, sizeof (t->packet_data));
950 format_ip6_lookup_trace (u8 * s, va_list * args)
952 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
953 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
954 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
955 uword indent = format_get_indent (s);
957 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
958 t->fib_index, t->adj_index, t->flow_hash);
959 s = format (s, "\n%U%U",
960 format_white_space, indent,
961 format_ip6_header, t->packet_data, sizeof (t->packet_data));
967 format_ip6_rewrite_trace (u8 * s, va_list * args)
969 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
970 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
971 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
972 vnet_main_t *vnm = vnet_get_main ();
973 uword indent = format_get_indent (s);
975 s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x",
976 t->fib_index, t->adj_index, format_ip_adjacency,
977 t->adj_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
978 s = format (s, "\n%U%U",
979 format_white_space, indent,
980 format_ip_adjacency_packet_data,
981 vnm, t->adj_index, t->packet_data, sizeof (t->packet_data));
985 /* Common trace function for all ip6-forward next nodes. */
987 ip6_forward_next_trace (vlib_main_t * vm,
988 vlib_node_runtime_t * node,
989 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
992 ip6_main_t *im = &ip6_main;
994 n_left = frame->n_vectors;
995 from = vlib_frame_vector_args (frame);
1000 vlib_buffer_t *b0, *b1;
1001 ip6_forward_next_trace_t *t0, *t1;
1003 /* Prefetch next iteration. */
1004 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1005 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1010 b0 = vlib_get_buffer (vm, bi0);
1011 b1 = vlib_get_buffer (vm, bi1);
1013 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1015 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1016 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1017 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1019 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1020 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1021 vec_elt (im->fib_index_by_sw_if_index,
1022 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1024 clib_memcpy (t0->packet_data,
1025 vlib_buffer_get_current (b0),
1026 sizeof (t0->packet_data));
1028 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1030 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1031 t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1032 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1034 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1035 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1036 vec_elt (im->fib_index_by_sw_if_index,
1037 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1039 clib_memcpy (t1->packet_data,
1040 vlib_buffer_get_current (b1),
1041 sizeof (t1->packet_data));
1051 ip6_forward_next_trace_t *t0;
1055 b0 = vlib_get_buffer (vm, bi0);
1057 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1059 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1060 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1061 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1063 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1064 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1065 vec_elt (im->fib_index_by_sw_if_index,
1066 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1068 clib_memcpy (t0->packet_data,
1069 vlib_buffer_get_current (b0),
1070 sizeof (t0->packet_data));
1078 ip6_drop_or_punt (vlib_main_t * vm,
1079 vlib_node_runtime_t * node,
1080 vlib_frame_t * frame, ip6_error_t error_code)
1082 u32 *buffers = vlib_frame_vector_args (frame);
1083 uword n_packets = frame->n_vectors;
1085 vlib_error_drop_buffers (vm, node, buffers,
1089 ip6_input_node.index, error_code);
1091 if (node->flags & VLIB_NODE_FLAG_TRACE)
1092 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1098 ip6_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1100 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_DROP);
1104 ip6_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1106 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_PUNT);
1110 VLIB_REGISTER_NODE (ip6_drop_node, static) =
1112 .function = ip6_drop,
1114 .vector_size = sizeof (u32),
1115 .format_trace = format_ip6_forward_next_trace,
1119 [0] = "error-drop",},
1123 VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop);
1126 VLIB_REGISTER_NODE (ip6_punt_node, static) =
1128 .function = ip6_punt,
1130 .vector_size = sizeof (u32),
1131 .format_trace = format_ip6_forward_next_trace,
1135 [0] = "error-punt",},
1139 VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt);
1141 /* Compute TCP/UDP/ICMP6 checksum in software. */
1143 ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1144 ip6_header_t * ip0, int *bogus_lengthp)
1147 u16 sum16, payload_length_host_byte_order;
1148 u32 i, n_this_buffer, n_bytes_left;
1149 u32 headers_size = sizeof (ip0[0]);
1150 void *data_this_buffer;
1152 ASSERT (bogus_lengthp);
1155 /* Initialize checksum with ip header. */
1156 sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
1157 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1158 data_this_buffer = (void *) (ip0 + 1);
1160 for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
1162 sum0 = ip_csum_with_carry (sum0,
1163 clib_mem_unaligned (&ip0->
1164 src_address.as_uword[i],
1167 ip_csum_with_carry (sum0,
1168 clib_mem_unaligned (&ip0->dst_address.as_uword[i],
1172 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1173 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1176 ip6_hop_by_hop_ext_t *ext_hdr =
1177 (ip6_hop_by_hop_ext_t *) data_this_buffer;
1179 /* validate really icmp6 next */
1180 ASSERT (ext_hdr->next_hdr == IP_PROTOCOL_ICMP6);
1182 skip_bytes = 8 * (1 + ext_hdr->n_data_u64s);
1183 data_this_buffer = (void *) ((u8 *) data_this_buffer + skip_bytes);
1185 payload_length_host_byte_order -= skip_bytes;
1186 headers_size += skip_bytes;
1189 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1190 if (p0 && n_this_buffer + headers_size > p0->current_length)
1192 p0->current_length >
1193 headers_size ? p0->current_length - headers_size : 0;
1196 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1197 n_bytes_left -= n_this_buffer;
1198 if (n_bytes_left == 0)
1201 if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
1206 p0 = vlib_get_buffer (vm, p0->next_buffer);
1207 data_this_buffer = vlib_buffer_get_current (p0);
1208 n_this_buffer = p0->current_length;
1211 sum16 = ~ip_csum_fold (sum0);
1217 ip6_tcp_udp_icmp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1219 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1224 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1225 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1226 || ip0->protocol == IP_PROTOCOL_ICMP6
1227 || ip0->protocol == IP_PROTOCOL_UDP
1228 || ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS);
1230 udp0 = (void *) (ip0 + 1);
1231 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1233 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1234 | IP_BUFFER_L4_CHECKSUM_CORRECT);
1238 sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0, &bogus_length);
1240 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1241 | ((sum16 == 0) << LOG2_IP_BUFFER_L4_CHECKSUM_CORRECT));
1246 /* ip6_locate_header
1248 * This function is to search for the header specified by the find_hdr number.
1249 * 1. If the find_hdr < 0 then it finds and returns the protocol number and
1250 * offset stored in *offset of the transport or ESP header in the chain if
1252 * 2. If a header with find_hdr > 0 protocol number is found then the
1253 * offset is stored in *offset and protocol number of the header is
1255 * 3. If find_hdr header is not found or packet is malformed or
1256 * it is a non-first fragment -1 is returned.
1259 ip6_locate_header (vlib_buffer_t * p0,
1260 ip6_header_t * ip0, int find_hdr, u32 * offset)
1262 u8 next_proto = ip0->protocol;
1266 u8 *temp_nxthdr = 0;
1269 next_header = ip6_next_header (ip0);
1270 cur_offset = sizeof (ip6_header_t);
1273 done = (next_proto == find_hdr);
1276 (u8 *) vlib_buffer_get_current (p0) + p0->current_length))
1278 //A malicious packet could set an extension header with a too big size
1283 if ((!ip6_ext_hdr (next_proto)) || next_proto == IP_PROTOCOL_IP6_NONXT)
1289 if (next_proto == IP_PROTOCOL_IPV6_FRAGMENTATION)
1291 ip6_frag_hdr_t *frag_hdr = (ip6_frag_hdr_t *) next_header;
1292 u16 frag_off = ip6_frag_hdr_offset (frag_hdr);
1293 /* Non first fragment return -1 */
1296 exthdr_len = sizeof (ip6_frag_hdr_t);
1297 temp_nxthdr = next_header + exthdr_len;
1299 else if (next_proto == IP_PROTOCOL_IPSEC_AH)
1302 ip6_ext_authhdr_len (((ip6_ext_header_t *) next_header));
1303 temp_nxthdr = next_header + exthdr_len;
1308 ip6_ext_header_len (((ip6_ext_header_t *) next_header));
1309 temp_nxthdr = next_header + exthdr_len;
1311 next_proto = ((ip6_ext_header_t *) next_header)->next_hdr;
1312 next_header = temp_nxthdr;
1313 cur_offset += exthdr_len;
1316 *offset = cur_offset;
1317 return (next_proto);
1321 * @brief returns number of links on which src is reachable.
1324 ip6_urpf_loose_check (ip6_main_t * im, vlib_buffer_t * b, ip6_header_t * i)
1326 const load_balance_t *lb0;
1329 lbi = ip6_fib_table_fwding_lookup_with_if_index (im,
1331 (b)->sw_if_index[VLIB_RX],
1334 lb0 = load_balance_get (lbi);
1336 return (fib_urpf_check_size (lb0->lb_urpf));
1340 ip6_local (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1342 ip6_main_t *im = &ip6_main;
1343 ip_lookup_main_t *lm = &im->lookup_main;
1344 ip_local_next_t next_index;
1345 u32 *from, *to_next, n_left_from, n_left_to_next;
1346 vlib_node_runtime_t *error_node =
1347 vlib_node_get_runtime (vm, ip6_input_node.index);
1349 from = vlib_frame_vector_args (frame);
1350 n_left_from = frame->n_vectors;
1351 next_index = node->cached_next_index;
1353 if (node->flags & VLIB_NODE_FLAG_TRACE)
1354 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1356 while (n_left_from > 0)
1358 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1360 while (n_left_from >= 4 && n_left_to_next >= 2)
1362 vlib_buffer_t *p0, *p1;
1363 ip6_header_t *ip0, *ip1;
1364 udp_header_t *udp0, *udp1;
1365 u32 pi0, ip_len0, udp_len0, flags0, next0;
1366 u32 pi1, ip_len1, udp_len1, flags1, next1;
1367 i32 len_diff0, len_diff1;
1368 u8 error0, type0, good_l4_checksum0;
1369 u8 error1, type1, good_l4_checksum1;
1370 u32 udp_offset0, udp_offset1;
1372 pi0 = to_next[0] = from[0];
1373 pi1 = to_next[1] = from[1];
1377 n_left_to_next -= 2;
1379 p0 = vlib_get_buffer (vm, pi0);
1380 p1 = vlib_get_buffer (vm, pi1);
1382 ip0 = vlib_buffer_get_current (p0);
1383 ip1 = vlib_buffer_get_current (p1);
1385 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1386 vnet_buffer (p1)->ip.start_of_ip_header = p1->current_data;
1388 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1389 type1 = lm->builtin_protocol_by_ip_protocol[ip1->protocol];
1391 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1392 next1 = lm->local_next_by_ip_protocol[ip1->protocol];
1397 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1398 good_l4_checksum1 = (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1402 /* Skip HBH local processing */
1404 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1406 ip6_hop_by_hop_ext_t *ext_hdr =
1407 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1408 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1409 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1412 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1414 ip6_hop_by_hop_ext_t *ext_hdr =
1415 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip1);
1416 next1 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1417 type1 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1419 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1423 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1424 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1425 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1426 && udp0->checksum == 0;
1427 /* Verify UDP length. */
1428 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1429 udp_len0 = clib_net_to_host_u16 (udp0->length);
1430 len_diff0 = ip_len0 - udp_len0;
1432 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p1, ip1,
1436 udp1 = (udp_header_t *) ((u8 *) ip1 + udp_offset1);
1437 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1438 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UDP
1439 && udp1->checksum == 0;
1440 /* Verify UDP length. */
1441 ip_len1 = clib_net_to_host_u16 (ip1->payload_length);
1442 udp_len1 = clib_net_to_host_u16 (udp1->length);
1443 len_diff1 = ip_len1 - udp_len1;
1446 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1447 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1449 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1450 len_diff1 = type1 == IP_BUILTIN_PROTOCOL_UDP ? len_diff1 : 0;
1452 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1453 && !good_l4_checksum0
1454 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1456 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1458 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1460 if (PREDICT_FALSE (type1 != IP_BUILTIN_PROTOCOL_UNKNOWN
1461 && !good_l4_checksum1
1462 && !(flags1 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1464 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, p1);
1466 (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1469 error0 = error1 = IP6_ERROR_UNKNOWN_PROTOCOL;
1471 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1472 error1 = len_diff1 < 0 ? IP6_ERROR_UDP_LENGTH : error1;
1474 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1475 IP6_ERROR_UDP_CHECKSUM);
1476 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1477 IP6_ERROR_ICMP_CHECKSUM);
1479 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1481 (!good_l4_checksum1 ? IP6_ERROR_UDP_CHECKSUM + type1 : error1);
1483 /* Drop packets from unroutable hosts. */
1484 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1485 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1486 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1487 !ip6_address_is_link_local_unicast (&ip0->src_address))
1489 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1490 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1492 if (error1 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1493 type1 != IP_BUILTIN_PROTOCOL_ICMP &&
1494 !ip6_address_is_link_local_unicast (&ip1->src_address))
1496 error1 = (!ip6_urpf_loose_check (im, p1, ip1)
1497 ? IP6_ERROR_SRC_LOOKUP_MISS : error1);
1501 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1503 error1 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1;
1505 p0->error = error_node->errors[error0];
1506 p1->error = error_node->errors[error1];
1508 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
1509 to_next, n_left_to_next,
1510 pi0, pi1, next0, next1);
1513 while (n_left_from > 0 && n_left_to_next > 0)
1518 u32 pi0, ip_len0, udp_len0, flags0, next0;
1520 u8 error0, type0, good_l4_checksum0;
1523 pi0 = to_next[0] = from[0];
1527 n_left_to_next -= 1;
1529 p0 = vlib_get_buffer (vm, pi0);
1531 ip0 = vlib_buffer_get_current (p0);
1533 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1535 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1536 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1540 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1543 /* Skip HBH local processing */
1545 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1547 ip6_hop_by_hop_ext_t *ext_hdr =
1548 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1549 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1550 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1552 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1556 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1557 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1558 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1559 && udp0->checksum == 0;
1560 /* Verify UDP length. */
1561 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1562 udp_len0 = clib_net_to_host_u16 (udp0->length);
1563 len_diff0 = ip_len0 - udp_len0;
1566 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1567 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1569 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1570 && !good_l4_checksum0
1571 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1573 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1575 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1578 error0 = IP6_ERROR_UNKNOWN_PROTOCOL;
1580 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1582 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1583 IP6_ERROR_UDP_CHECKSUM);
1584 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1585 IP6_ERROR_ICMP_CHECKSUM);
1587 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1589 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1590 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1591 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1592 !ip6_address_is_link_local_unicast (&ip0->src_address))
1594 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1595 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1599 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1601 p0->error = error_node->errors[error0];
1603 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1604 to_next, n_left_to_next,
1608 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1611 return frame->n_vectors;
1615 VLIB_REGISTER_NODE (ip6_local_node, static) =
1617 .function = ip6_local,
1618 .name = "ip6-local",
1619 .vector_size = sizeof (u32),
1620 .format_trace = format_ip6_forward_next_trace,
1621 .n_next_nodes = IP_LOCAL_N_NEXT,
1624 [IP_LOCAL_NEXT_DROP] = "error-drop",
1625 [IP_LOCAL_NEXT_PUNT] = "error-punt",
1626 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip6-udp-lookup",
1627 [IP_LOCAL_NEXT_ICMP] = "ip6-icmp-input",
1632 VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local);
1635 ip6_register_protocol (u32 protocol, u32 node_index)
1637 vlib_main_t *vm = vlib_get_main ();
1638 ip6_main_t *im = &ip6_main;
1639 ip_lookup_main_t *lm = &im->lookup_main;
1641 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1642 lm->local_next_by_ip_protocol[protocol] =
1643 vlib_node_add_next (vm, ip6_local_node.index, node_index);
1648 IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1649 IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX,
1650 IP6_DISCOVER_NEIGHBOR_N_NEXT,
1651 } ip6_discover_neighbor_next_t;
1655 IP6_DISCOVER_NEIGHBOR_ERROR_DROP,
1656 IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT,
1657 IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS,
1658 } ip6_discover_neighbor_error_t;
1661 ip6_discover_neighbor_inline (vlib_main_t * vm,
1662 vlib_node_runtime_t * node,
1663 vlib_frame_t * frame, int is_glean)
1665 vnet_main_t *vnm = vnet_get_main ();
1666 ip6_main_t *im = &ip6_main;
1667 ip_lookup_main_t *lm = &im->lookup_main;
1668 u32 *from, *to_next_drop;
1669 uword n_left_from, n_left_to_next_drop;
1670 static f64 time_last_seed_change = -1e100;
1671 static u32 hash_seeds[3];
1672 static uword hash_bitmap[256 / BITS (uword)];
1676 if (node->flags & VLIB_NODE_FLAG_TRACE)
1677 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1679 time_now = vlib_time_now (vm);
1680 if (time_now - time_last_seed_change > 1e-3)
1683 u32 *r = clib_random_buffer_get_data (&vm->random_buffer,
1684 sizeof (hash_seeds));
1685 for (i = 0; i < ARRAY_LEN (hash_seeds); i++)
1686 hash_seeds[i] = r[i];
1688 /* Mark all hash keys as been not-seen before. */
1689 for (i = 0; i < ARRAY_LEN (hash_bitmap); i++)
1692 time_last_seed_change = time_now;
1695 from = vlib_frame_vector_args (frame);
1696 n_left_from = frame->n_vectors;
1698 while (n_left_from > 0)
1700 vlib_get_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1701 to_next_drop, n_left_to_next_drop);
1703 while (n_left_from > 0 && n_left_to_next_drop > 0)
1707 u32 pi0, adj_index0, a0, b0, c0, m0, sw_if_index0, drop0;
1709 ip_adjacency_t *adj0;
1710 vnet_hw_interface_t *hw_if0;
1715 p0 = vlib_get_buffer (vm, pi0);
1717 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1719 ip0 = vlib_buffer_get_current (p0);
1721 adj0 = ip_get_adjacency (lm, adj_index0);
1725 ip0->dst_address.as_u64[0] =
1726 adj0->sub_type.nbr.next_hop.ip6.as_u64[0];
1727 ip0->dst_address.as_u64[1] =
1728 adj0->sub_type.nbr.next_hop.ip6.as_u64[1];
1735 sw_if_index0 = adj0->rewrite_header.sw_if_index;
1736 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1739 b0 ^= ip0->dst_address.as_u32[0];
1740 c0 ^= ip0->dst_address.as_u32[1];
1742 hash_v3_mix32 (a0, b0, c0);
1744 b0 ^= ip0->dst_address.as_u32[2];
1745 c0 ^= ip0->dst_address.as_u32[3];
1747 hash_v3_finalize32 (a0, b0, c0);
1749 c0 &= BITS (hash_bitmap) - 1;
1750 c0 = c0 / BITS (uword);
1751 m0 = (uword) 1 << (c0 % BITS (uword));
1753 bm0 = hash_bitmap[c0];
1754 drop0 = (bm0 & m0) != 0;
1756 /* Mark it as seen. */
1757 hash_bitmap[c0] = bm0 | m0;
1761 to_next_drop[0] = pi0;
1763 n_left_to_next_drop -= 1;
1765 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1767 /* If the interface is link-down, drop the pkt */
1768 if (!(hw_if0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP))
1772 node->errors[drop0 ? IP6_DISCOVER_NEIGHBOR_ERROR_DROP
1773 : IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT];
1778 * the adj has been updated to a rewrite but the node the DPO that got
1779 * us here hasn't - yet. no big deal. we'll drop while we wait.
1781 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
1786 icmp6_neighbor_solicitation_header_t *h0;
1789 h0 = vlib_packet_template_get_packet
1790 (vm, &im->discover_neighbor_packet_template, &bi0);
1793 * Build ethernet header.
1794 * Choose source address based on destination lookup
1797 if (ip6_src_address_for_packet (lm,
1799 &h0->ip.src_address))
1801 /* There is no address on the interface */
1803 node->errors[IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS];
1804 vlib_buffer_free (vm, &bi0, 1);
1809 * Destination address is a solicited node multicast address.
1810 * We need to fill in
1811 * the low 24 bits with low 24 bits of target's address.
1813 h0->ip.dst_address.as_u8[13] = ip0->dst_address.as_u8[13];
1814 h0->ip.dst_address.as_u8[14] = ip0->dst_address.as_u8[14];
1815 h0->ip.dst_address.as_u8[15] = ip0->dst_address.as_u8[15];
1817 h0->neighbor.target_address = ip0->dst_address;
1819 clib_memcpy (h0->link_layer_option.ethernet_address,
1820 hw_if0->hw_address, vec_len (hw_if0->hw_address));
1822 /* $$$$ appears we need this; why is the checksum non-zero? */
1823 h0->neighbor.icmp.checksum = 0;
1824 h0->neighbor.icmp.checksum =
1825 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h0->ip,
1828 ASSERT (bogus_length == 0);
1830 vlib_buffer_copy_trace_flag (vm, p0, bi0);
1831 b0 = vlib_get_buffer (vm, bi0);
1832 vnet_buffer (b0)->sw_if_index[VLIB_TX]
1833 = vnet_buffer (p0)->sw_if_index[VLIB_TX];
1835 /* Add rewrite/encap string. */
1836 vnet_rewrite_one_header (adj0[0], h0, sizeof (ethernet_header_t));
1837 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
1839 next0 = IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX;
1841 vlib_set_next_frame_buffer (vm, node, next0, bi0);
1845 vlib_put_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1846 n_left_to_next_drop);
1849 return frame->n_vectors;
1853 ip6_discover_neighbor (vlib_main_t * vm,
1854 vlib_node_runtime_t * node, vlib_frame_t * frame)
1856 return (ip6_discover_neighbor_inline (vm, node, frame, 0));
1860 ip6_glean (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1862 return (ip6_discover_neighbor_inline (vm, node, frame, 1));
1865 static char *ip6_discover_neighbor_error_strings[] = {
1866 [IP6_DISCOVER_NEIGHBOR_ERROR_DROP] = "address overflow drops",
1867 [IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT] = "neighbor solicitations sent",
1868 [IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]
1869 = "no source address for ND solicitation",
1873 VLIB_REGISTER_NODE (ip6_discover_neighbor_node) =
1875 .function = ip6_discover_neighbor,
1876 .name = "ip6-discover-neighbor",
1877 .vector_size = sizeof (u32),
1878 .format_trace = format_ip6_forward_next_trace,
1879 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1880 .error_strings = ip6_discover_neighbor_error_strings,
1881 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1884 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1885 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1891 VLIB_REGISTER_NODE (ip6_glean_node) =
1893 .function = ip6_glean,
1894 .name = "ip6-glean",
1895 .vector_size = sizeof (u32),
1896 .format_trace = format_ip6_forward_next_trace,
1897 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1898 .error_strings = ip6_discover_neighbor_error_strings,
1899 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1902 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1903 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1909 ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index)
1911 vnet_main_t *vnm = vnet_get_main ();
1912 ip6_main_t *im = &ip6_main;
1913 icmp6_neighbor_solicitation_header_t *h;
1915 ip_interface_address_t *ia;
1916 ip_adjacency_t *adj;
1917 vnet_hw_interface_t *hi;
1918 vnet_sw_interface_t *si;
1923 si = vnet_get_sw_interface (vnm, sw_if_index);
1925 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1927 return clib_error_return (0, "%U: interface %U down",
1928 format_ip6_address, dst,
1929 format_vnet_sw_if_index_name, vnm,
1934 ip6_interface_address_matching_destination (im, dst, sw_if_index, &ia);
1937 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
1938 return clib_error_return
1939 (0, "no matching interface address for destination %U (interface %U)",
1940 format_ip6_address, dst,
1941 format_vnet_sw_if_index_name, vnm, sw_if_index);
1945 vlib_packet_template_get_packet (vm,
1946 &im->discover_neighbor_packet_template,
1949 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1951 /* Destination address is a solicited node multicast address. We need to fill in
1952 the low 24 bits with low 24 bits of target's address. */
1953 h->ip.dst_address.as_u8[13] = dst->as_u8[13];
1954 h->ip.dst_address.as_u8[14] = dst->as_u8[14];
1955 h->ip.dst_address.as_u8[15] = dst->as_u8[15];
1957 h->ip.src_address = src[0];
1958 h->neighbor.target_address = dst[0];
1960 clib_memcpy (h->link_layer_option.ethernet_address, hi->hw_address,
1961 vec_len (hi->hw_address));
1963 h->neighbor.icmp.checksum =
1964 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h->ip, &bogus_length);
1965 ASSERT (bogus_length == 0);
1967 b = vlib_get_buffer (vm, bi);
1968 vnet_buffer (b)->sw_if_index[VLIB_RX] =
1969 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
1971 /* Add encapsulation string for software interface (e.g. ethernet header). */
1972 adj = ip_get_adjacency (&im->lookup_main, ia->neighbor_probe_adj_index);
1973 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
1974 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
1977 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
1978 u32 *to_next = vlib_frame_vector_args (f);
1981 vlib_put_frame_to_node (vm, hi->output_node_index, f);
1984 return /* no error */ 0;
1989 IP6_REWRITE_NEXT_DROP,
1990 IP6_REWRITE_NEXT_ICMP_ERROR,
1991 } ip6_rewrite_next_t;
1994 ip6_rewrite_inline (vlib_main_t * vm,
1995 vlib_node_runtime_t * node,
1996 vlib_frame_t * frame, int is_midchain, int is_mcast)
1998 ip_lookup_main_t *lm = &ip6_main.lookup_main;
1999 u32 *from = vlib_frame_vector_args (frame);
2000 u32 n_left_from, n_left_to_next, *to_next, next_index;
2001 vlib_node_runtime_t *error_node =
2002 vlib_node_get_runtime (vm, ip6_input_node.index);
2004 n_left_from = frame->n_vectors;
2005 next_index = node->cached_next_index;
2006 u32 cpu_index = os_get_cpu_number ();
2008 while (n_left_from > 0)
2010 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2012 while (n_left_from >= 4 && n_left_to_next >= 2)
2014 ip_adjacency_t *adj0, *adj1;
2015 vlib_buffer_t *p0, *p1;
2016 ip6_header_t *ip0, *ip1;
2017 u32 pi0, rw_len0, next0, error0, adj_index0;
2018 u32 pi1, rw_len1, next1, error1, adj_index1;
2019 u32 tx_sw_if_index0, tx_sw_if_index1;
2021 /* Prefetch next iteration. */
2023 vlib_buffer_t *p2, *p3;
2025 p2 = vlib_get_buffer (vm, from[2]);
2026 p3 = vlib_get_buffer (vm, from[3]);
2028 vlib_prefetch_buffer_header (p2, LOAD);
2029 vlib_prefetch_buffer_header (p3, LOAD);
2031 CLIB_PREFETCH (p2->pre_data, 32, STORE);
2032 CLIB_PREFETCH (p3->pre_data, 32, STORE);
2034 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
2035 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
2038 pi0 = to_next[0] = from[0];
2039 pi1 = to_next[1] = from[1];
2044 n_left_to_next -= 2;
2046 p0 = vlib_get_buffer (vm, pi0);
2047 p1 = vlib_get_buffer (vm, pi1);
2049 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2050 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
2052 /* We should never rewrite a pkt using the MISS adjacency */
2053 ASSERT (adj_index0 && adj_index1);
2055 ip0 = vlib_buffer_get_current (p0);
2056 ip1 = vlib_buffer_get_current (p1);
2058 error0 = error1 = IP6_ERROR_NONE;
2059 next0 = next1 = IP6_REWRITE_NEXT_DROP;
2061 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2063 i32 hop_limit0 = ip0->hop_limit;
2065 /* Input node should have reject packets with hop limit 0. */
2066 ASSERT (ip0->hop_limit > 0);
2070 ip0->hop_limit = hop_limit0;
2073 * If the hop count drops below 1 when forwarding, generate
2076 if (PREDICT_FALSE (hop_limit0 <= 0))
2078 error0 = IP6_ERROR_TIME_EXPIRED;
2079 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2080 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2081 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2082 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2088 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2090 if (PREDICT_TRUE (!(p1->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2092 i32 hop_limit1 = ip1->hop_limit;
2094 /* Input node should have reject packets with hop limit 0. */
2095 ASSERT (ip1->hop_limit > 0);
2099 ip1->hop_limit = hop_limit1;
2102 * If the hop count drops below 1 when forwarding, generate
2105 if (PREDICT_FALSE (hop_limit1 <= 0))
2107 error1 = IP6_ERROR_TIME_EXPIRED;
2108 next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
2109 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2110 icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
2111 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2117 p1->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2119 adj0 = ip_get_adjacency (lm, adj_index0);
2120 adj1 = ip_get_adjacency (lm, adj_index1);
2122 rw_len0 = adj0[0].rewrite_header.data_bytes;
2123 rw_len1 = adj1[0].rewrite_header.data_bytes;
2124 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2125 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
2127 vlib_increment_combined_counter
2128 (&adjacency_counters,
2130 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2131 vlib_increment_combined_counter
2132 (&adjacency_counters,
2133 cpu_index, adj_index1,
2134 1, vlib_buffer_length_in_chain (vm, p1) + rw_len1);
2136 /* Check MTU of outgoing interface. */
2138 (vlib_buffer_length_in_chain (vm, p0) >
2140 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2143 (vlib_buffer_length_in_chain (vm, p1) >
2145 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2148 /* Don't adjust the buffer for hop count issue; icmp-error node
2149 * wants to see the IP headerr */
2150 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2152 p0->current_data -= rw_len0;
2153 p0->current_length += rw_len0;
2155 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2156 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2157 next0 = adj0[0].rewrite_header.next_index;
2159 vnet_feature_arc_start (lm->output_feature_arc_index,
2160 tx_sw_if_index0, &next0, p0);
2162 if (PREDICT_TRUE (error1 == IP6_ERROR_NONE))
2164 p1->current_data -= rw_len1;
2165 p1->current_length += rw_len1;
2167 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2168 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2169 next1 = adj1[0].rewrite_header.next_index;
2171 vnet_feature_arc_start (lm->output_feature_arc_index,
2172 tx_sw_if_index1, &next1, p1);
2175 /* Guess we are only writing on simple Ethernet header. */
2176 vnet_rewrite_two_headers (adj0[0], adj1[0],
2177 ip0, ip1, sizeof (ethernet_header_t));
2181 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2182 adj1->sub_type.midchain.fixup_func (vm, adj1, p1);
2187 * copy bytes from the IP address into the MAC rewrite
2189 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2190 vnet_fixup_one_header (adj1[0], &ip1->dst_address, ip1, 0);
2193 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
2194 to_next, n_left_to_next,
2195 pi0, pi1, next0, next1);
2198 while (n_left_from > 0 && n_left_to_next > 0)
2200 ip_adjacency_t *adj0;
2204 u32 adj_index0, next0, error0;
2205 u32 tx_sw_if_index0;
2207 pi0 = to_next[0] = from[0];
2209 p0 = vlib_get_buffer (vm, pi0);
2211 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2213 /* We should never rewrite a pkt using the MISS adjacency */
2214 ASSERT (adj_index0);
2216 adj0 = ip_get_adjacency (lm, adj_index0);
2218 ip0 = vlib_buffer_get_current (p0);
2220 error0 = IP6_ERROR_NONE;
2221 next0 = IP6_REWRITE_NEXT_DROP;
2223 /* Check hop limit */
2224 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2226 i32 hop_limit0 = ip0->hop_limit;
2228 ASSERT (ip0->hop_limit > 0);
2232 ip0->hop_limit = hop_limit0;
2234 if (PREDICT_FALSE (hop_limit0 <= 0))
2237 * If the hop count drops below 1 when forwarding, generate
2240 error0 = IP6_ERROR_TIME_EXPIRED;
2241 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2242 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2243 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2244 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2250 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2253 /* Guess we are only writing on simple Ethernet header. */
2254 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2256 /* Update packet buffer attributes/set output interface. */
2257 rw_len0 = adj0[0].rewrite_header.data_bytes;
2258 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2260 vlib_increment_combined_counter
2261 (&adjacency_counters,
2263 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2265 /* Check MTU of outgoing interface. */
2267 (vlib_buffer_length_in_chain (vm, p0) >
2269 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2272 /* Don't adjust the buffer for hop count issue; icmp-error node
2273 * wants to see the IP headerr */
2274 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2276 p0->current_data -= rw_len0;
2277 p0->current_length += rw_len0;
2279 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2281 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2282 next0 = adj0[0].rewrite_header.next_index;
2284 vnet_feature_arc_start (lm->output_feature_arc_index,
2285 tx_sw_if_index0, &next0, p0);
2290 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2294 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2297 p0->error = error_node->errors[error0];
2302 n_left_to_next -= 1;
2304 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2305 to_next, n_left_to_next,
2309 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2312 /* Need to do trace after rewrites to pick up new packet data. */
2313 if (node->flags & VLIB_NODE_FLAG_TRACE)
2314 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
2316 return frame->n_vectors;
2320 ip6_rewrite (vlib_main_t * vm,
2321 vlib_node_runtime_t * node, vlib_frame_t * frame)
2323 return ip6_rewrite_inline (vm, node, frame, 0, 0);
2327 ip6_rewrite_mcast (vlib_main_t * vm,
2328 vlib_node_runtime_t * node, vlib_frame_t * frame)
2330 return ip6_rewrite_inline (vm, node, frame, 0, 1);
2334 ip6_midchain (vlib_main_t * vm,
2335 vlib_node_runtime_t * node, vlib_frame_t * frame)
2337 return ip6_rewrite_inline (vm, node, frame, 1, 0);
2341 VLIB_REGISTER_NODE (ip6_midchain_node) =
2343 .function = ip6_midchain,
2344 .name = "ip6-midchain",
2345 .vector_size = sizeof (u32),
2346 .format_trace = format_ip6_forward_next_trace,
2347 .sibling_of = "ip6-rewrite",
2351 VLIB_NODE_FUNCTION_MULTIARCH (ip6_midchain_node, ip6_midchain);
2354 VLIB_REGISTER_NODE (ip6_rewrite_node) =
2356 .function = ip6_rewrite,
2357 .name = "ip6-rewrite",
2358 .vector_size = sizeof (u32),
2359 .format_trace = format_ip6_rewrite_trace,
2363 [IP6_REWRITE_NEXT_DROP] = "error-drop",
2364 [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
2369 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite);
2372 VLIB_REGISTER_NODE (ip6_rewrite_mcast_node) =
2374 .function = ip6_rewrite_mcast,
2375 .name = "ip6-rewrite-mcast",
2376 .vector_size = sizeof (u32),
2377 .format_trace = format_ip6_rewrite_trace,
2378 .sibling_of = "ip6-rewrite",
2382 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_mcast_node, ip6_rewrite_mcast);
2385 * Hop-by-Hop handling
2387 ip6_hop_by_hop_main_t ip6_hop_by_hop_main;
2389 #define foreach_ip6_hop_by_hop_error \
2390 _(PROCESSED, "pkts with ip6 hop-by-hop options") \
2391 _(FORMAT, "incorrectly formatted hop-by-hop options") \
2392 _(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options")
2397 #define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym,
2398 foreach_ip6_hop_by_hop_error
2400 IP6_HOP_BY_HOP_N_ERROR,
2401 } ip6_hop_by_hop_error_t;
2405 * Primary h-b-h handler trace support
2406 * We work pretty hard on the problem for obvious reasons
2412 u8 option_data[256];
2413 } ip6_hop_by_hop_trace_t;
2415 vlib_node_registration_t ip6_hop_by_hop_node;
2417 static char *ip6_hop_by_hop_error_strings[] = {
2418 #define _(sym,string) string,
2419 foreach_ip6_hop_by_hop_error
2424 format_ip6_hop_by_hop_trace (u8 * s, va_list * args)
2426 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
2427 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
2428 ip6_hop_by_hop_trace_t *t = va_arg (*args, ip6_hop_by_hop_trace_t *);
2429 ip6_hop_by_hop_header_t *hbh0;
2430 ip6_hop_by_hop_option_t *opt0, *limit0;
2431 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2435 hbh0 = (ip6_hop_by_hop_header_t *) t->option_data;
2437 s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d",
2438 t->next_index, (hbh0->length + 1) << 3, t->trace_len);
2440 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2441 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0) + t->trace_len;
2443 while (opt0 < limit0)
2448 case 0: /* Pad, just stop */
2449 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2453 if (hm->trace[type0])
2455 s = (*hm->trace[type0]) (s, opt0);
2460 format (s, "\n unrecognized option %d length %d", type0,
2464 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2465 sizeof (ip6_hop_by_hop_option_t));
2473 ip6_scan_hbh_options (vlib_buffer_t * b0,
2475 ip6_hop_by_hop_header_t * hbh0,
2476 ip6_hop_by_hop_option_t * opt0,
2477 ip6_hop_by_hop_option_t * limit0, u32 * next0)
2479 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2483 while (opt0 < limit0)
2489 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2494 if (hm->options[type0])
2496 if ((*hm->options[type0]) (b0, ip0, opt0) < 0)
2498 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2504 /* Unrecognized mandatory option, check the two high order bits */
2505 switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
2507 case HBH_OPTION_TYPE_SKIP_UNKNOWN:
2509 case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
2510 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2511 *next0 = IP_LOOKUP_NEXT_DROP;
2513 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
2514 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2515 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2516 icmp6_error_set_vnet_buffer (b0, ICMP6_parameter_problem,
2517 ICMP6_parameter_problem_unrecognized_option,
2518 (u8 *) opt0 - (u8 *) ip0);
2520 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
2521 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2522 if (!ip6_address_is_multicast (&ip0->dst_address))
2524 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2525 icmp6_error_set_vnet_buffer (b0,
2526 ICMP6_parameter_problem,
2527 ICMP6_parameter_problem_unrecognized_option,
2528 (u8 *) opt0 - (u8 *) ip0);
2532 *next0 = IP_LOOKUP_NEXT_DROP;
2540 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2541 sizeof (ip6_hop_by_hop_option_t));
2547 * Process the Hop-by-Hop Options header
2550 ip6_hop_by_hop (vlib_main_t * vm,
2551 vlib_node_runtime_t * node, vlib_frame_t * frame)
2553 vlib_node_runtime_t *error_node =
2554 vlib_node_get_runtime (vm, ip6_hop_by_hop_node.index);
2555 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2556 u32 n_left_from, *from, *to_next;
2557 ip_lookup_next_t next_index;
2558 ip6_main_t *im = &ip6_main;
2559 ip_lookup_main_t *lm = &im->lookup_main;
2561 from = vlib_frame_vector_args (frame);
2562 n_left_from = frame->n_vectors;
2563 next_index = node->cached_next_index;
2565 while (n_left_from > 0)
2569 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2571 while (n_left_from >= 4 && n_left_to_next >= 2)
2574 vlib_buffer_t *b0, *b1;
2576 ip6_header_t *ip0, *ip1;
2577 ip6_hop_by_hop_header_t *hbh0, *hbh1;
2578 ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
2579 u8 error0 = 0, error1 = 0;
2581 /* Prefetch next iteration. */
2583 vlib_buffer_t *p2, *p3;
2585 p2 = vlib_get_buffer (vm, from[2]);
2586 p3 = vlib_get_buffer (vm, from[3]);
2588 vlib_prefetch_buffer_header (p2, LOAD);
2589 vlib_prefetch_buffer_header (p3, LOAD);
2591 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2592 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2595 /* Speculatively enqueue b0, b1 to the current next frame */
2596 to_next[0] = bi0 = from[0];
2597 to_next[1] = bi1 = from[1];
2601 n_left_to_next -= 2;
2603 b0 = vlib_get_buffer (vm, bi0);
2604 b1 = vlib_get_buffer (vm, bi1);
2606 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2607 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2608 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2609 u32 adj_index1 = vnet_buffer (b1)->ip.adj_index[VLIB_TX];
2610 ip_adjacency_t *adj1 = ip_get_adjacency (lm, adj_index1);
2612 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2613 next0 = adj0->lookup_next_index;
2614 next1 = adj1->lookup_next_index;
2616 ip0 = vlib_buffer_get_current (b0);
2617 ip1 = vlib_buffer_get_current (b1);
2618 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2619 hbh1 = (ip6_hop_by_hop_header_t *) (ip1 + 1);
2620 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2621 opt1 = (ip6_hop_by_hop_option_t *) (hbh1 + 1);
2623 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2624 ((hbh0->length + 1) << 3));
2626 (ip6_hop_by_hop_option_t *) ((u8 *) hbh1 +
2627 ((hbh1->length + 1) << 3));
2630 * Basic validity checks
2632 if ((hbh0->length + 1) << 3 >
2633 clib_net_to_host_u16 (ip0->payload_length))
2635 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2636 next0 = IP_LOOKUP_NEXT_DROP;
2639 /* Scan the set of h-b-h options, process ones that we understand */
2640 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2642 if ((hbh1->length + 1) << 3 >
2643 clib_net_to_host_u16 (ip1->payload_length))
2645 error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2646 next1 = IP_LOOKUP_NEXT_DROP;
2649 /* Scan the set of h-b-h options, process ones that we understand */
2650 error1 = ip6_scan_hbh_options (b1, ip1, hbh1, opt1, limit1, &next1);
2653 /* Has the classifier flagged this buffer for special treatment? */
2656 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2657 next0 = hm->next_override;
2659 /* Has the classifier flagged this buffer for special treatment? */
2662 && (vnet_buffer (b1)->l2_classify.opaque_index & OI_DECAP)))
2663 next1 = hm->next_override;
2665 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
2667 if (b0->flags & VLIB_BUFFER_IS_TRACED)
2669 ip6_hop_by_hop_trace_t *t =
2670 vlib_add_trace (vm, node, b0, sizeof (*t));
2671 u32 trace_len = (hbh0->length + 1) << 3;
2672 t->next_index = next0;
2673 /* Capture the h-b-h option verbatim */
2676 ARRAY_LEN (t->option_data) ? trace_len :
2677 ARRAY_LEN (t->option_data);
2678 t->trace_len = trace_len;
2679 clib_memcpy (t->option_data, hbh0, trace_len);
2681 if (b1->flags & VLIB_BUFFER_IS_TRACED)
2683 ip6_hop_by_hop_trace_t *t =
2684 vlib_add_trace (vm, node, b1, sizeof (*t));
2685 u32 trace_len = (hbh1->length + 1) << 3;
2686 t->next_index = next1;
2687 /* Capture the h-b-h option verbatim */
2690 ARRAY_LEN (t->option_data) ? trace_len :
2691 ARRAY_LEN (t->option_data);
2692 t->trace_len = trace_len;
2693 clib_memcpy (t->option_data, hbh1, trace_len);
2698 b0->error = error_node->errors[error0];
2699 b1->error = error_node->errors[error1];
2701 /* verify speculative enqueue, maybe switch current next frame */
2702 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
2703 n_left_to_next, bi0, bi1, next0,
2707 while (n_left_from > 0 && n_left_to_next > 0)
2713 ip6_hop_by_hop_header_t *hbh0;
2714 ip6_hop_by_hop_option_t *opt0, *limit0;
2717 /* Speculatively enqueue b0 to the current next frame */
2723 n_left_to_next -= 1;
2725 b0 = vlib_get_buffer (vm, bi0);
2727 * Default use the next_index from the adjacency.
2728 * A HBH option rarely redirects to a different node
2730 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2731 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2732 next0 = adj0->lookup_next_index;
2734 ip0 = vlib_buffer_get_current (b0);
2735 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2736 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2738 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2739 ((hbh0->length + 1) << 3));
2742 * Basic validity checks
2744 if ((hbh0->length + 1) << 3 >
2745 clib_net_to_host_u16 (ip0->payload_length))
2747 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2748 next0 = IP_LOOKUP_NEXT_DROP;
2752 /* Scan the set of h-b-h options, process ones that we understand */
2753 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2756 /* Has the classifier flagged this buffer for special treatment? */
2759 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2760 next0 = hm->next_override;
2762 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2764 ip6_hop_by_hop_trace_t *t =
2765 vlib_add_trace (vm, node, b0, sizeof (*t));
2766 u32 trace_len = (hbh0->length + 1) << 3;
2767 t->next_index = next0;
2768 /* Capture the h-b-h option verbatim */
2771 ARRAY_LEN (t->option_data) ? trace_len :
2772 ARRAY_LEN (t->option_data);
2773 t->trace_len = trace_len;
2774 clib_memcpy (t->option_data, hbh0, trace_len);
2777 b0->error = error_node->errors[error0];
2779 /* verify speculative enqueue, maybe switch current next frame */
2780 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2781 n_left_to_next, bi0, next0);
2783 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2785 return frame->n_vectors;
2789 VLIB_REGISTER_NODE (ip6_hop_by_hop_node) =
2791 .function = ip6_hop_by_hop,
2792 .name = "ip6-hop-by-hop",
2793 .sibling_of = "ip6-lookup",
2794 .vector_size = sizeof (u32),
2795 .format_trace = format_ip6_hop_by_hop_trace,
2796 .type = VLIB_NODE_TYPE_INTERNAL,
2797 .n_errors = ARRAY_LEN (ip6_hop_by_hop_error_strings),
2798 .error_strings = ip6_hop_by_hop_error_strings,
2803 VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop);
2805 static clib_error_t *
2806 ip6_hop_by_hop_init (vlib_main_t * vm)
2808 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2809 memset (hm->options, 0, sizeof (hm->options));
2810 memset (hm->trace, 0, sizeof (hm->trace));
2811 hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
2815 VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
2818 ip6_hbh_set_next_override (uword next)
2820 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2822 hm->next_override = next;
2826 ip6_hbh_register_option (u8 option,
2827 int options (vlib_buffer_t * b, ip6_header_t * ip,
2828 ip6_hop_by_hop_option_t * opt),
2829 u8 * trace (u8 * s, ip6_hop_by_hop_option_t * opt))
2831 ip6_main_t *im = &ip6_main;
2832 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2834 ASSERT (option < ARRAY_LEN (hm->options));
2836 /* Already registered */
2837 if (hm->options[option])
2840 hm->options[option] = options;
2841 hm->trace[option] = trace;
2843 /* Set global variable */
2844 im->hbh_enabled = 1;
2850 ip6_hbh_unregister_option (u8 option)
2852 ip6_main_t *im = &ip6_main;
2853 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2855 ASSERT (option < ARRAY_LEN (hm->options));
2857 /* Not registered */
2858 if (!hm->options[option])
2861 hm->options[option] = NULL;
2862 hm->trace[option] = NULL;
2864 /* Disable global knob if this was the last option configured */
2867 for (i = 0; i < 256; i++)
2869 if (hm->options[option])
2876 im->hbh_enabled = 0;
2881 /* Global IP6 main. */
2882 ip6_main_t ip6_main;
2884 static clib_error_t *
2885 ip6_lookup_init (vlib_main_t * vm)
2887 ip6_main_t *im = &ip6_main;
2888 clib_error_t *error;
2891 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
2894 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
2901 for (j = 0; j < i0; j++)
2902 im->fib_masks[i].as_u32[j] = ~0;
2905 im->fib_masks[i].as_u32[i0] =
2906 clib_host_to_net_u32 (pow2_mask (i1) << (32 - i1));
2909 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 1);
2911 if (im->lookup_table_nbuckets == 0)
2912 im->lookup_table_nbuckets = IP6_FIB_DEFAULT_HASH_NUM_BUCKETS;
2914 im->lookup_table_nbuckets = 1 << max_log2 (im->lookup_table_nbuckets);
2916 if (im->lookup_table_size == 0)
2917 im->lookup_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE;
2919 BV (clib_bihash_init) (&(im->ip6_table[IP6_FIB_TABLE_FWDING].ip6_hash),
2920 "ip6 FIB fwding table",
2921 im->lookup_table_nbuckets, im->lookup_table_size);
2922 BV (clib_bihash_init) (&im->ip6_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash,
2923 "ip6 FIB non-fwding table",
2924 im->lookup_table_nbuckets, im->lookup_table_size);
2926 /* Create FIB with index 0 and table id of 0. */
2927 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2928 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2932 pn = pg_get_node (ip6_lookup_node.index);
2933 pn->unformat_edit = unformat_pg_ip6_header;
2936 /* Unless explicitly configured, don't process HBH options */
2937 im->hbh_enabled = 0;
2940 icmp6_neighbor_solicitation_header_t p;
2942 memset (&p, 0, sizeof (p));
2944 p.ip.ip_version_traffic_class_and_flow_label =
2945 clib_host_to_net_u32 (0x6 << 28);
2946 p.ip.payload_length =
2947 clib_host_to_net_u16 (sizeof (p) -
2949 (icmp6_neighbor_solicitation_header_t, neighbor));
2950 p.ip.protocol = IP_PROTOCOL_ICMP6;
2951 p.ip.hop_limit = 255;
2952 ip6_set_solicited_node_multicast_address (&p.ip.dst_address, 0);
2954 p.neighbor.icmp.type = ICMP6_neighbor_solicitation;
2956 p.link_layer_option.header.type =
2957 ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address;
2958 p.link_layer_option.header.n_data_u64s =
2959 sizeof (p.link_layer_option) / sizeof (u64);
2961 vlib_packet_template_init (vm,
2962 &im->discover_neighbor_packet_template,
2964 /* alloc chunk size */ 8,
2965 "ip6 neighbor discovery");
2971 VLIB_INIT_FUNCTION (ip6_lookup_init);
2973 static clib_error_t *
2974 add_del_ip6_interface_table (vlib_main_t * vm,
2975 unformat_input_t * input,
2976 vlib_cli_command_t * cmd)
2978 vnet_main_t *vnm = vnet_get_main ();
2979 clib_error_t *error = 0;
2980 u32 sw_if_index, table_id;
2984 if (!unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index))
2986 error = clib_error_return (0, "unknown interface `%U'",
2987 format_unformat_error, input);
2991 if (unformat (input, "%d", &table_id))
2995 error = clib_error_return (0, "expected table id `%U'",
2996 format_unformat_error, input);
3001 u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3004 vec_validate (ip6_main.fib_index_by_sw_if_index, sw_if_index);
3005 ip6_main.fib_index_by_sw_if_index[sw_if_index] = fib_index;
3007 fib_index = mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
3010 vec_validate (ip6_main.mfib_index_by_sw_if_index, sw_if_index);
3011 ip6_main.mfib_index_by_sw_if_index[sw_if_index] = fib_index;
3020 * Place the indicated interface into the supplied IPv6 FIB table (also known
3021 * as a VRF). If the FIB table does not exist, this command creates it. To
3022 * display the current IPv6 FIB table, use the command '<em>show ip6 fib</em>'.
3023 * FIB table will only be displayed if a route has been added to the table, or
3024 * an IP Address is assigned to an interface in the table (which adds a route
3027 * @note IP addresses added after setting the interface IP table end up in
3028 * the indicated FIB table. If the IP address is added prior to adding the
3029 * interface to the FIB table, it will NOT be part of the FIB table. Predictable
3030 * but potentially counter-intuitive results occur if you provision interface
3031 * addresses in multiple FIBs. Upon RX, packets will be processed in the last
3032 * IP table ID provisioned. It might be marginally useful to evade source RPF
3033 * drops to put an interface address into multiple FIBs.
3036 * Example of how to add an interface to an IPv6 FIB table (where 2 is the table-id):
3037 * @cliexcmd{set interface ip6 table GigabitEthernet2/0/0 2}
3040 VLIB_CLI_COMMAND (set_interface_ip6_table_command, static) =
3042 .path = "set interface ip6 table",
3043 .function = add_del_ip6_interface_table,
3044 .short_help = "set interface ip6 table <interface> <table-id>"
3049 ip6_link_local_address_from_ethernet_mac_address (ip6_address_t * ip,
3052 ip->as_u64[0] = clib_host_to_net_u64 (0xFE80000000000000ULL);
3053 /* Invert the "u" bit */
3054 ip->as_u8[8] = mac[0] ^ (1 << 1);
3055 ip->as_u8[9] = mac[1];
3056 ip->as_u8[10] = mac[2];
3057 ip->as_u8[11] = 0xFF;
3058 ip->as_u8[12] = 0xFE;
3059 ip->as_u8[13] = mac[3];
3060 ip->as_u8[14] = mac[4];
3061 ip->as_u8[15] = mac[5];
3065 ip6_ethernet_mac_address_from_link_local_address (u8 * mac,
3068 /* Invert the previously inverted "u" bit */
3069 mac[0] = ip->as_u8[8] ^ (1 << 1);
3070 mac[1] = ip->as_u8[9];
3071 mac[2] = ip->as_u8[10];
3072 mac[3] = ip->as_u8[13];
3073 mac[4] = ip->as_u8[14];
3074 mac[5] = ip->as_u8[15];
3077 static clib_error_t *
3078 test_ip6_link_command_fn (vlib_main_t * vm,
3079 unformat_input_t * input, vlib_cli_command_t * cmd)
3082 ip6_address_t _a, *a = &_a;
3084 if (unformat (input, "%U", unformat_ethernet_address, mac))
3086 ip6_link_local_address_from_ethernet_mac_address (a, mac);
3087 vlib_cli_output (vm, "Link local address: %U", format_ip6_address, a);
3088 ip6_ethernet_mac_address_from_link_local_address (mac, a);
3089 vlib_cli_output (vm, "Original MAC address: %U",
3090 format_ethernet_address, mac);
3097 * This command converts the given MAC Address into an IPv6 link-local
3101 * Example of how to create an IPv6 link-local address:
3102 * @cliexstart{test ip6 link 16:d9:e0:91:79:86}
3103 * Link local address: fe80::14d9:e0ff:fe91:7986
3104 * Original MAC address: 16:d9:e0:91:79:86
3108 VLIB_CLI_COMMAND (test_link_command, static) =
3110 .path = "test ip6 link",
3111 .function = test_ip6_link_command_fn,
3112 .short_help = "test ip6 link <mac-address>",
3117 vnet_set_ip6_flow_hash (u32 table_id, u32 flow_hash_config)
3119 ip6_main_t *im6 = &ip6_main;
3121 uword *p = hash_get (im6->fib_index_by_table_id, table_id);
3126 fib = ip6_fib_get (p[0]);
3128 fib->flow_hash_config = flow_hash_config;
3132 static clib_error_t *
3133 set_ip6_flow_hash_command_fn (vlib_main_t * vm,
3134 unformat_input_t * input,
3135 vlib_cli_command_t * cmd)
3139 u32 flow_hash_config = 0;
3142 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3144 if (unformat (input, "table %d", &table_id))
3147 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
3148 foreach_flow_hash_bit
3155 return clib_error_return (0, "unknown input `%U'",
3156 format_unformat_error, input);
3158 rv = vnet_set_ip6_flow_hash (table_id, flow_hash_config);
3165 return clib_error_return (0, "no such FIB table %d", table_id);
3168 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
3176 * Configure the set of IPv6 fields used by the flow hash.
3180 * Example of how to set the flow hash on a given table:
3181 * @cliexcmd{set ip6 flow-hash table 8 dst sport dport proto}
3183 * Example of display the configured flow hash:
3184 * @cliexstart{show ip6 fib}
3185 * ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
3188 * [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
3189 * [0] [@0]: dpo-drop ip6
3192 * [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
3193 * [0] [@2]: dpo-receive
3196 * [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
3197 * [0] [@2]: dpo-receive
3200 * [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
3201 * [0] [@2]: dpo-receive
3204 * [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
3205 * [0] [@2]: dpo-receive
3206 * ff02::1:ff00:0/104
3208 * [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
3209 * [0] [@2]: dpo-receive
3210 * ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
3213 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
3214 * [0] [@0]: dpo-drop ip6
3217 * [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
3218 * [0] [@4]: ipv6-glean: af_packet0
3221 * [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
3222 * [0] [@2]: dpo-receive: @::a:1:1:0:7 on af_packet0
3225 * [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
3226 * [0] [@2]: dpo-receive
3227 * fe80::fe:3eff:fe3e:9222/128
3229 * [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
3230 * [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
3233 * [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
3234 * [0] [@2]: dpo-receive
3237 * [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
3238 * [0] [@2]: dpo-receive
3241 * [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
3242 * [0] [@2]: dpo-receive
3243 * ff02::1:ff00:0/104
3245 * [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
3246 * [0] [@2]: dpo-receive
3251 VLIB_CLI_COMMAND (set_ip6_flow_hash_command, static) =
3253 .path = "set ip6 flow-hash",
3255 "set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
3256 .function = set_ip6_flow_hash_command_fn,
3260 static clib_error_t *
3261 show_ip6_local_command_fn (vlib_main_t * vm,
3262 unformat_input_t * input, vlib_cli_command_t * cmd)
3264 ip6_main_t *im = &ip6_main;
3265 ip_lookup_main_t *lm = &im->lookup_main;
3268 vlib_cli_output (vm, "Protocols handled by ip6_local");
3269 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
3271 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
3272 vlib_cli_output (vm, "%d", i);
3280 * Display the set of protocols handled by the local IPv6 stack.
3283 * Example of how to display local protocol table:
3284 * @cliexstart{show ip6 local}
3285 * Protocols handled by ip6_local
3293 VLIB_CLI_COMMAND (show_ip6_local, static) =
3295 .path = "show ip6 local",
3296 .function = show_ip6_local_command_fn,
3297 .short_help = "show ip6 local",
3302 vnet_set_ip6_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3305 vnet_main_t *vnm = vnet_get_main ();
3306 vnet_interface_main_t *im = &vnm->interface_main;
3307 ip6_main_t *ipm = &ip6_main;
3308 ip_lookup_main_t *lm = &ipm->lookup_main;
3309 vnet_classify_main_t *cm = &vnet_classify_main;
3310 ip6_address_t *if_addr;
3312 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3313 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3315 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3316 return VNET_API_ERROR_NO_SUCH_ENTRY;
3318 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3319 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3321 if_addr = ip6_interface_first_address (ipm, sw_if_index, NULL);
3323 if (NULL != if_addr)
3325 fib_prefix_t pfx = {
3327 .fp_proto = FIB_PROTOCOL_IP6,
3328 .fp_addr.ip6 = *if_addr,
3332 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3336 if (table_index != (u32) ~ 0)
3338 dpo_id_t dpo = DPO_INVALID;
3343 classify_dpo_create (DPO_PROTO_IP6, table_index));
3345 fib_table_entry_special_dpo_add (fib_index,
3347 FIB_SOURCE_CLASSIFY,
3348 FIB_ENTRY_FLAG_NONE, &dpo);
3353 fib_table_entry_special_remove (fib_index,
3354 &pfx, FIB_SOURCE_CLASSIFY);
3361 static clib_error_t *
3362 set_ip6_classify_command_fn (vlib_main_t * vm,
3363 unformat_input_t * input,
3364 vlib_cli_command_t * cmd)
3366 u32 table_index = ~0;
3367 int table_index_set = 0;
3368 u32 sw_if_index = ~0;
3371 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3373 if (unformat (input, "table-index %d", &table_index))
3374 table_index_set = 1;
3375 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3376 vnet_get_main (), &sw_if_index))
3382 if (table_index_set == 0)
3383 return clib_error_return (0, "classify table-index must be specified");
3385 if (sw_if_index == ~0)
3386 return clib_error_return (0, "interface / subif must be specified");
3388 rv = vnet_set_ip6_classify_intfc (vm, sw_if_index, table_index);
3395 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3396 return clib_error_return (0, "No such interface");
3398 case VNET_API_ERROR_NO_SUCH_ENTRY:
3399 return clib_error_return (0, "No such classifier table");
3405 * Assign a classification table to an interface. The classification
3406 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3407 * commands. Once the table is create, use this command to filter packets
3411 * Example of how to assign a classification table to an interface:
3412 * @cliexcmd{set ip6 classify intfc GigabitEthernet2/0/0 table-index 1}
3415 VLIB_CLI_COMMAND (set_ip6_classify_command, static) =
3417 .path = "set ip6 classify",
3419 "set ip6 classify intfc <interface> table-index <classify-idx>",
3420 .function = set_ip6_classify_command_fn,
3424 static clib_error_t *
3425 ip6_config (vlib_main_t * vm, unformat_input_t * input)
3427 ip6_main_t *im = &ip6_main;
3432 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3434 if (unformat (input, "hash-buckets %d", &tmp))
3436 else if (unformat (input, "heap-size %dm", &tmp))
3437 heapsize = ((u64) tmp) << 20;
3438 else if (unformat (input, "heap-size %dM", &tmp))
3439 heapsize = ((u64) tmp) << 20;
3440 else if (unformat (input, "heap-size %dg", &tmp))
3441 heapsize = ((u64) tmp) << 30;
3442 else if (unformat (input, "heap-size %dG", &tmp))
3443 heapsize = ((u64) tmp) << 30;
3445 return clib_error_return (0, "unknown input '%U'",
3446 format_unformat_error, input);
3449 im->lookup_table_nbuckets = nbuckets;
3450 im->lookup_table_size = heapsize;
3455 VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
3458 * fd.io coding-style-patch-verification: ON
3461 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob