2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip6_forward.c: IP v6 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
43 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
44 #include <vppinfra/cache.h>
45 #include <vnet/fib/ip6_fib.h>
46 #include <vnet/mfib/ip6_mfib.h>
47 #include <vnet/dpo/load_balance.h>
48 #include <vnet/dpo/classify_dpo.h>
50 #include <vppinfra/bihash_template.c>
54 * @brief IPv6 Forwarding.
56 * This file contains the source code for IPv6 forwarding.
60 ip6_forward_next_trace (vlib_main_t * vm,
61 vlib_node_runtime_t * node,
63 vlib_rx_or_tx_t which_adj_index);
66 ip6_lookup_inline (vlib_main_t * vm,
67 vlib_node_runtime_t * node, vlib_frame_t * frame)
69 ip6_main_t *im = &ip6_main;
70 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_to_counters;
71 u32 n_left_from, n_left_to_next, *from, *to_next;
72 ip_lookup_next_t next;
73 u32 cpu_index = os_get_cpu_number ();
75 from = vlib_frame_vector_args (frame);
76 n_left_from = frame->n_vectors;
77 next = node->cached_next_index;
79 while (n_left_from > 0)
81 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
83 while (n_left_from >= 4 && n_left_to_next >= 2)
85 vlib_buffer_t *p0, *p1;
86 u32 pi0, pi1, lbi0, lbi1, wrong_next;
87 ip_lookup_next_t next0, next1;
88 ip6_header_t *ip0, *ip1;
89 ip6_address_t *dst_addr0, *dst_addr1;
90 u32 fib_index0, fib_index1;
91 u32 flow_hash_config0, flow_hash_config1;
92 const dpo_id_t *dpo0, *dpo1;
93 const load_balance_t *lb0, *lb1;
95 /* Prefetch next iteration. */
97 vlib_buffer_t *p2, *p3;
99 p2 = vlib_get_buffer (vm, from[2]);
100 p3 = vlib_get_buffer (vm, from[3]);
102 vlib_prefetch_buffer_header (p2, LOAD);
103 vlib_prefetch_buffer_header (p3, LOAD);
104 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), LOAD);
105 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), LOAD);
108 pi0 = to_next[0] = from[0];
109 pi1 = to_next[1] = from[1];
111 p0 = vlib_get_buffer (vm, pi0);
112 p1 = vlib_get_buffer (vm, pi1);
114 ip0 = vlib_buffer_get_current (p0);
115 ip1 = vlib_buffer_get_current (p1);
117 dst_addr0 = &ip0->dst_address;
118 dst_addr1 = &ip1->dst_address;
121 vec_elt (im->fib_index_by_sw_if_index,
122 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
124 vec_elt (im->fib_index_by_sw_if_index,
125 vnet_buffer (p1)->sw_if_index[VLIB_RX]);
127 fib_index0 = (vnet_buffer (p0)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
128 fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
129 fib_index1 = (vnet_buffer (p1)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
130 fib_index1 : vnet_buffer (p1)->sw_if_index[VLIB_TX];
132 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
133 lbi1 = ip6_fib_table_fwding_lookup (im, fib_index1, dst_addr1);
135 lb0 = load_balance_get (lbi0);
136 lb1 = load_balance_get (lbi1);
138 vnet_buffer (p0)->ip.flow_hash = vnet_buffer (p1)->ip.flow_hash = 0;
140 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
142 flow_hash_config0 = lb0->lb_hash_config;
143 vnet_buffer (p0)->ip.flow_hash =
144 ip6_compute_flow_hash (ip0, flow_hash_config0);
146 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
148 flow_hash_config1 = lb1->lb_hash_config;
149 vnet_buffer (p1)->ip.flow_hash =
150 ip6_compute_flow_hash (ip1, flow_hash_config1);
153 ASSERT (lb0->lb_n_buckets > 0);
154 ASSERT (lb1->lb_n_buckets > 0);
155 ASSERT (is_pow2 (lb0->lb_n_buckets));
156 ASSERT (is_pow2 (lb1->lb_n_buckets));
157 dpo0 = load_balance_get_bucket_i (lb0,
158 (vnet_buffer (p0)->ip.flow_hash &
159 lb0->lb_n_buckets_minus_1));
160 dpo1 = load_balance_get_bucket_i (lb1,
161 (vnet_buffer (p1)->ip.flow_hash &
162 lb1->lb_n_buckets_minus_1));
164 next0 = dpo0->dpoi_next_node;
165 next1 = dpo1->dpoi_next_node;
167 /* Only process the HBH Option Header if explicitly configured to do so */
169 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
171 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
172 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
175 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
177 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
178 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
180 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
181 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
183 vlib_increment_combined_counter
184 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
185 vlib_increment_combined_counter
186 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
193 wrong_next = (next0 != next) + 2 * (next1 != next);
194 if (PREDICT_FALSE (wrong_next != 0))
203 vlib_set_next_frame_buffer (vm, node, next0, pi0);
210 vlib_set_next_frame_buffer (vm, node, next1, pi1);
217 vlib_set_next_frame_buffer (vm, node, next0, pi0);
218 vlib_set_next_frame_buffer (vm, node, next1, pi1);
222 vlib_put_next_frame (vm, node, next, n_left_to_next);
224 vlib_get_next_frame (vm, node, next, to_next,
231 while (n_left_from > 0 && n_left_to_next > 0)
236 ip_lookup_next_t next0;
238 ip6_address_t *dst_addr0;
239 u32 fib_index0, flow_hash_config0;
240 const dpo_id_t *dpo0;
245 p0 = vlib_get_buffer (vm, pi0);
247 ip0 = vlib_buffer_get_current (p0);
249 dst_addr0 = &ip0->dst_address;
252 vec_elt (im->fib_index_by_sw_if_index,
253 vnet_buffer (p0)->sw_if_index[VLIB_RX]);
255 (vnet_buffer (p0)->sw_if_index[VLIB_TX] ==
256 (u32) ~ 0) ? fib_index0 : vnet_buffer (p0)->sw_if_index[VLIB_TX];
258 flow_hash_config0 = ip6_fib_get (fib_index0)->flow_hash_config;
260 lbi0 = ip6_fib_table_fwding_lookup (im, fib_index0, dst_addr0);
262 lb0 = load_balance_get (lbi0);
264 vnet_buffer (p0)->ip.flow_hash = 0;
266 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
268 flow_hash_config0 = lb0->lb_hash_config;
269 vnet_buffer (p0)->ip.flow_hash =
270 ip6_compute_flow_hash (ip0, flow_hash_config0);
273 ASSERT (lb0->lb_n_buckets > 0);
274 ASSERT (is_pow2 (lb0->lb_n_buckets));
275 dpo0 = load_balance_get_bucket_i (lb0,
276 (vnet_buffer (p0)->ip.flow_hash &
277 lb0->lb_n_buckets_minus_1));
278 next0 = dpo0->dpoi_next_node;
280 /* Only process the HBH Option Header if explicitly configured to do so */
282 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
284 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
285 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
287 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
289 vlib_increment_combined_counter
290 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
297 if (PREDICT_FALSE (next0 != next))
300 vlib_put_next_frame (vm, node, next, n_left_to_next);
302 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
309 vlib_put_next_frame (vm, node, next, n_left_to_next);
312 if (node->flags & VLIB_NODE_FLAG_TRACE)
313 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
315 return frame->n_vectors;
319 ip6_add_interface_routes (vnet_main_t * vnm, u32 sw_if_index,
320 ip6_main_t * im, u32 fib_index,
321 ip_interface_address_t * a)
323 ip_lookup_main_t *lm = &im->lookup_main;
324 ip6_address_t *address = ip_interface_address_get_address (lm, a);
326 .fp_len = a->address_length,
327 .fp_proto = FIB_PROTOCOL_IP6,
328 .fp_addr.ip6 = *address,
331 a->neighbor_probe_adj_index = ~0;
332 if (a->address_length < 128)
334 fib_node_index_t fei;
336 fei = fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_ATTACHED), FIB_PROTOCOL_IP6, NULL, /* No next-hop address */
337 sw_if_index, ~0, // invalid FIB index
338 1, NULL, // no label stack
339 FIB_ROUTE_PATH_FLAG_NONE);
340 a->neighbor_probe_adj_index = fib_entry_get_adj (fei);
344 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
346 u32 classify_table_index =
347 lm->classify_table_index_by_sw_if_index[sw_if_index];
348 if (classify_table_index != (u32) ~ 0)
350 dpo_id_t dpo = DPO_INVALID;
355 classify_dpo_create (DPO_PROTO_IP6, classify_table_index));
357 fib_table_entry_special_dpo_add (fib_index,
360 FIB_ENTRY_FLAG_NONE, &dpo);
365 fib_table_entry_update_one_path (fib_index, &pfx, FIB_SOURCE_INTERFACE, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_LOCAL), FIB_PROTOCOL_IP6, &pfx.fp_addr, sw_if_index, ~0, // invalid FIB index
366 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
370 ip6_del_interface_routes (ip6_main_t * im,
372 ip6_address_t * address, u32 address_length)
375 .fp_len = address_length,
376 .fp_proto = FIB_PROTOCOL_IP6,
377 .fp_addr.ip6 = *address,
380 if (pfx.fp_len < 128)
382 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
387 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
391 ip6_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
393 ip6_main_t *im = &ip6_main;
395 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
398 * enable/disable only on the 1<->0 transition
402 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
407 /* The ref count is 0 when an address is removed from an interface that has
408 * no address - this is not a ciritical error */
409 if (0 == im->ip_enabled_by_sw_if_index[sw_if_index] ||
410 0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
414 if (sw_if_index != 0)
415 ip6_mfib_interface_enable_disable (sw_if_index, is_enable);
417 vnet_feature_enable_disable ("ip6-unicast", "ip6-lookup", sw_if_index,
420 vnet_feature_enable_disable ("ip6-multicast", "ip6-mfib-forward-lookup",
421 sw_if_index, is_enable, 0, 0);
425 /* get first interface address */
427 ip6_interface_first_address (ip6_main_t * im,
429 ip_interface_address_t ** result_ia)
431 ip_lookup_main_t *lm = &im->lookup_main;
432 ip_interface_address_t *ia = 0;
433 ip6_address_t *result = 0;
436 foreach_ip_interface_address (lm, ia, sw_if_index,
437 1 /* honor unnumbered */,
439 ip6_address_t * a = ip_interface_address_get_address (lm, ia);
445 *result_ia = result ? ia : 0;
450 ip6_add_del_interface_address (vlib_main_t * vm,
452 ip6_address_t * address,
453 u32 address_length, u32 is_del)
455 vnet_main_t *vnm = vnet_get_main ();
456 ip6_main_t *im = &ip6_main;
457 ip_lookup_main_t *lm = &im->lookup_main;
459 u32 if_address_index;
460 ip6_address_fib_t ip6_af, *addr_fib = 0;
462 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
463 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
465 ip6_addr_fib_init (&ip6_af, address,
466 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
467 vec_add1 (addr_fib, ip6_af);
470 uword elts_before = pool_elts (lm->if_address_pool);
472 error = ip_interface_address_add_del
473 (lm, sw_if_index, addr_fib, address_length, is_del, &if_address_index);
477 /* Pool did not grow: add duplicate address. */
478 if (elts_before == pool_elts (lm->if_address_pool))
482 ip6_sw_interface_enable_disable (sw_if_index, !is_del);
485 ip6_del_interface_routes (im, ip6_af.fib_index, address, address_length);
487 ip6_add_interface_routes (vnm, sw_if_index,
488 im, ip6_af.fib_index,
489 pool_elt_at_index (lm->if_address_pool,
493 ip6_add_del_interface_address_callback_t *cb;
494 vec_foreach (cb, im->add_del_interface_address_callbacks)
495 cb->function (im, cb->function_opaque, sw_if_index,
496 address, address_length, if_address_index, is_del);
505 ip6_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
507 ip6_main_t *im = &ip6_main;
508 ip_interface_address_t *ia;
510 u32 is_admin_up, fib_index;
512 /* Fill in lookup tables with default table (0). */
513 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
515 vec_validate_init_empty (im->
516 lookup_main.if_address_pool_index_by_sw_if_index,
519 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
521 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
524 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
525 0 /* honor unnumbered */,
527 a = ip_interface_address_get_address (&im->lookup_main, ia);
529 ip6_add_interface_routes (vnm, sw_if_index,
533 ip6_del_interface_routes (im, fib_index,
534 a, ia->address_length);
541 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down);
543 /* Built-in ip6 unicast rx feature path definition */
545 VNET_FEATURE_ARC_INIT (ip6_unicast, static) =
547 .arc_name = "ip6-unicast",
548 .start_nodes = VNET_FEATURES ("ip6-input"),
549 .arc_index_ptr = &ip6_main.lookup_main.ucast_feature_arc_index,
552 VNET_FEATURE_INIT (ip6_flow_classify, static) =
554 .arc_name = "ip6-unicast",
555 .node_name = "ip6-flow-classify",
556 .runs_before = VNET_FEATURES ("ip6-inacl"),
559 VNET_FEATURE_INIT (ip6_inacl, static) =
561 .arc_name = "ip6-unicast",
562 .node_name = "ip6-inacl",
563 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
566 VNET_FEATURE_INIT (ip6_policer_classify, static) =
568 .arc_name = "ip6-unicast",
569 .node_name = "ip6-policer-classify",
570 .runs_before = VNET_FEATURES ("ipsec-input-ip6"),
573 VNET_FEATURE_INIT (ip6_ipsec, static) =
575 .arc_name = "ip6-unicast",
576 .node_name = "ipsec-input-ip6",
577 .runs_before = VNET_FEATURES ("l2tp-decap"),
580 VNET_FEATURE_INIT (ip6_l2tp, static) =
582 .arc_name = "ip6-unicast",
583 .node_name = "l2tp-decap",
584 .runs_before = VNET_FEATURES ("vpath-input-ip6"),
587 VNET_FEATURE_INIT (ip6_vpath, static) =
589 .arc_name = "ip6-unicast",
590 .node_name = "vpath-input-ip6",
591 .runs_before = VNET_FEATURES ("ip6-vxlan-bypass"),
594 VNET_FEATURE_INIT (ip6_vxlan_bypass, static) =
596 .arc_name = "ip6-unicast",
597 .node_name = "ip6-vxlan-bypass",
598 .runs_before = VNET_FEATURES ("ip6-lookup"),
601 VNET_FEATURE_INIT (ip6_lookup, static) =
603 .arc_name = "ip6-unicast",
604 .node_name = "ip6-lookup",
605 .runs_before = VNET_FEATURES ("ip6-drop"),
608 VNET_FEATURE_INIT (ip6_drop, static) =
610 .arc_name = "ip6-unicast",
611 .node_name = "ip6-drop",
612 .runs_before = 0, /*last feature*/
615 /* Built-in ip6 multicast rx feature path definition (none now) */
616 VNET_FEATURE_ARC_INIT (ip6_multicast, static) =
618 .arc_name = "ip6-multicast",
619 .start_nodes = VNET_FEATURES ("ip6-input"),
620 .arc_index_ptr = &ip6_main.lookup_main.mcast_feature_arc_index,
623 VNET_FEATURE_INIT (ip6_vpath_mc, static) = {
624 .arc_name = "ip6-multicast",
625 .node_name = "vpath-input-ip6",
626 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
629 VNET_FEATURE_INIT (ip6_mc_lookup, static) = {
630 .arc_name = "ip6-multicast",
631 .node_name = "ip6-mfib-forward-lookup",
632 .runs_before = VNET_FEATURES ("ip6-drop"),
635 VNET_FEATURE_INIT (ip6_drop_mc, static) = {
636 .arc_name = "ip6-multicast",
637 .node_name = "ip6-drop",
638 .runs_before = 0, /* last feature */
641 /* Built-in ip4 tx feature path definition */
642 VNET_FEATURE_ARC_INIT (ip6_output, static) =
644 .arc_name = "ip6-output",
645 .start_nodes = VNET_FEATURES ("ip6-rewrite", "ip6-midchain"),
646 .arc_index_ptr = &ip6_main.lookup_main.output_feature_arc_index,
649 VNET_FEATURE_INIT (ip6_ipsec_output, static) = {
650 .arc_name = "ip6-output",
651 .node_name = "ipsec-output-ip6",
652 .runs_before = VNET_FEATURES ("interface-output"),
655 VNET_FEATURE_INIT (ip6_interface_output, static) = {
656 .arc_name = "ip6-output",
657 .node_name = "interface-output",
658 .runs_before = 0, /* not before any other features */
663 ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
665 vnet_feature_enable_disable ("ip6-unicast", "ip6-drop", sw_if_index,
668 vnet_feature_enable_disable ("ip6-multicast", "ip6-drop", sw_if_index,
671 vnet_feature_enable_disable ("ip6-output", "interface-output", sw_if_index,
674 return /* no error */ 0;
677 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_sw_interface_add_del);
680 ip6_lookup (vlib_main_t * vm,
681 vlib_node_runtime_t * node, vlib_frame_t * frame)
683 return ip6_lookup_inline (vm, node, frame);
686 static u8 *format_ip6_lookup_trace (u8 * s, va_list * args);
689 VLIB_REGISTER_NODE (ip6_lookup_node) =
691 .function = ip6_lookup,
692 .name = "ip6-lookup",
693 .vector_size = sizeof (u32),
694 .format_trace = format_ip6_lookup_trace,
695 .n_next_nodes = IP6_LOOKUP_N_NEXT,
696 .next_nodes = IP6_LOOKUP_NEXT_NODES,
700 VLIB_NODE_FUNCTION_MULTIARCH (ip6_lookup_node, ip6_lookup);
703 ip6_load_balance (vlib_main_t * vm,
704 vlib_node_runtime_t * node, vlib_frame_t * frame)
706 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
707 u32 n_left_from, n_left_to_next, *from, *to_next;
708 ip_lookup_next_t next;
709 u32 cpu_index = os_get_cpu_number ();
710 ip6_main_t *im = &ip6_main;
712 from = vlib_frame_vector_args (frame);
713 n_left_from = frame->n_vectors;
714 next = node->cached_next_index;
716 if (node->flags & VLIB_NODE_FLAG_TRACE)
717 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
719 while (n_left_from > 0)
721 vlib_get_next_frame (vm, node, next, to_next, n_left_to_next);
724 while (n_left_from >= 4 && n_left_to_next >= 2)
726 ip_lookup_next_t next0, next1;
727 const load_balance_t *lb0, *lb1;
728 vlib_buffer_t *p0, *p1;
729 u32 pi0, lbi0, hc0, pi1, lbi1, hc1;
730 const ip6_header_t *ip0, *ip1;
731 const dpo_id_t *dpo0, *dpo1;
733 /* Prefetch next iteration. */
735 vlib_buffer_t *p2, *p3;
737 p2 = vlib_get_buffer (vm, from[2]);
738 p3 = vlib_get_buffer (vm, from[3]);
740 vlib_prefetch_buffer_header (p2, STORE);
741 vlib_prefetch_buffer_header (p3, STORE);
743 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
744 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
747 pi0 = to_next[0] = from[0];
748 pi1 = to_next[1] = from[1];
755 p0 = vlib_get_buffer (vm, pi0);
756 p1 = vlib_get_buffer (vm, pi1);
758 ip0 = vlib_buffer_get_current (p0);
759 ip1 = vlib_buffer_get_current (p1);
760 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
761 lbi1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
763 lb0 = load_balance_get (lbi0);
764 lb1 = load_balance_get (lbi1);
767 * this node is for via FIBs we can re-use the hash value from the
768 * to node if present.
769 * We don't want to use the same hash value at each level in the recursion
770 * graph as that would lead to polarisation
772 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
773 hc1 = vnet_buffer (p1)->ip.flow_hash = 0;
775 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
777 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
779 hc0 = vnet_buffer (p0)->ip.flow_hash =
780 vnet_buffer (p0)->ip.flow_hash >> 1;
784 hc0 = vnet_buffer (p0)->ip.flow_hash =
785 ip6_compute_flow_hash (ip0, hc0);
788 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
790 if (PREDICT_TRUE (vnet_buffer (p1)->ip.flow_hash))
792 hc1 = vnet_buffer (p1)->ip.flow_hash =
793 vnet_buffer (p1)->ip.flow_hash >> 1;
797 hc1 = vnet_buffer (p1)->ip.flow_hash =
798 ip6_compute_flow_hash (ip1, hc1);
803 load_balance_get_bucket_i (lb0,
804 hc0 & (lb0->lb_n_buckets_minus_1));
806 load_balance_get_bucket_i (lb1,
807 hc1 & (lb1->lb_n_buckets_minus_1));
809 next0 = dpo0->dpoi_next_node;
810 next1 = dpo1->dpoi_next_node;
812 /* Only process the HBH Option Header if explicitly configured to do so */
814 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
816 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
817 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
819 /* Only process the HBH Option Header if explicitly configured to do so */
821 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
823 next1 = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
824 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next1;
827 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
828 vnet_buffer (p1)->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
830 vlib_increment_combined_counter
831 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
832 vlib_increment_combined_counter
833 (cm, cpu_index, lbi1, 1, vlib_buffer_length_in_chain (vm, p1));
835 vlib_validate_buffer_enqueue_x2 (vm, node, next,
836 to_next, n_left_to_next,
837 pi0, pi1, next0, next1);
840 while (n_left_from > 0 && n_left_to_next > 0)
842 ip_lookup_next_t next0;
843 const load_balance_t *lb0;
846 const ip6_header_t *ip0;
847 const dpo_id_t *dpo0;
856 p0 = vlib_get_buffer (vm, pi0);
858 ip0 = vlib_buffer_get_current (p0);
859 lbi0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
861 lb0 = load_balance_get (lbi0);
863 hc0 = vnet_buffer (p0)->ip.flow_hash = 0;
864 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
866 if (PREDICT_TRUE (vnet_buffer (p0)->ip.flow_hash))
868 hc0 = vnet_buffer (p0)->ip.flow_hash =
869 vnet_buffer (p0)->ip.flow_hash >> 1;
873 hc0 = vnet_buffer (p0)->ip.flow_hash =
874 ip6_compute_flow_hash (ip0, hc0);
878 load_balance_get_bucket_i (lb0,
879 hc0 & (lb0->lb_n_buckets_minus_1));
881 next0 = dpo0->dpoi_next_node;
882 vnet_buffer (p0)->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
884 /* Only process the HBH Option Header if explicitly configured to do so */
886 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
888 next0 = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
889 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next0;
892 vlib_increment_combined_counter
893 (cm, cpu_index, lbi0, 1, vlib_buffer_length_in_chain (vm, p0));
895 vlib_validate_buffer_enqueue_x1 (vm, node, next,
896 to_next, n_left_to_next,
900 vlib_put_next_frame (vm, node, next, n_left_to_next);
903 return frame->n_vectors;
907 VLIB_REGISTER_NODE (ip6_load_balance_node) =
909 .function = ip6_load_balance,
910 .name = "ip6-load-balance",
911 .vector_size = sizeof (u32),
912 .sibling_of = "ip6-lookup",
913 .format_trace = format_ip6_lookup_trace,
917 VLIB_NODE_FUNCTION_MULTIARCH (ip6_load_balance_node, ip6_load_balance);
921 /* Adjacency taken. */
926 /* Packet data, possibly *after* rewrite. */
927 u8 packet_data[128 - 1 * sizeof (u32)];
929 ip6_forward_next_trace_t;
932 format_ip6_forward_next_trace (u8 * s, va_list * args)
934 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
935 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
936 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
937 uword indent = format_get_indent (s);
939 s = format (s, "%U%U",
940 format_white_space, indent,
941 format_ip6_header, t->packet_data, sizeof (t->packet_data));
946 format_ip6_lookup_trace (u8 * s, va_list * args)
948 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
949 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
950 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
951 uword indent = format_get_indent (s);
953 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
954 t->fib_index, t->adj_index, t->flow_hash);
955 s = format (s, "\n%U%U",
956 format_white_space, indent,
957 format_ip6_header, t->packet_data, sizeof (t->packet_data));
963 format_ip6_rewrite_trace (u8 * s, va_list * args)
965 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
966 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
967 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
968 vnet_main_t *vnm = vnet_get_main ();
969 uword indent = format_get_indent (s);
971 s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x",
972 t->fib_index, t->adj_index, format_ip_adjacency,
973 t->adj_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
974 s = format (s, "\n%U%U",
975 format_white_space, indent,
976 format_ip_adjacency_packet_data,
977 vnm, t->adj_index, t->packet_data, sizeof (t->packet_data));
981 /* Common trace function for all ip6-forward next nodes. */
983 ip6_forward_next_trace (vlib_main_t * vm,
984 vlib_node_runtime_t * node,
985 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
988 ip6_main_t *im = &ip6_main;
990 n_left = frame->n_vectors;
991 from = vlib_frame_vector_args (frame);
996 vlib_buffer_t *b0, *b1;
997 ip6_forward_next_trace_t *t0, *t1;
999 /* Prefetch next iteration. */
1000 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1001 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1006 b0 = vlib_get_buffer (vm, bi0);
1007 b1 = vlib_get_buffer (vm, bi1);
1009 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1011 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1012 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1013 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1015 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1016 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1017 vec_elt (im->fib_index_by_sw_if_index,
1018 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1020 clib_memcpy (t0->packet_data,
1021 vlib_buffer_get_current (b0),
1022 sizeof (t0->packet_data));
1024 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1026 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1027 t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1028 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1030 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1031 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1032 vec_elt (im->fib_index_by_sw_if_index,
1033 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1035 clib_memcpy (t1->packet_data,
1036 vlib_buffer_get_current (b1),
1037 sizeof (t1->packet_data));
1047 ip6_forward_next_trace_t *t0;
1051 b0 = vlib_get_buffer (vm, bi0);
1053 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1055 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1056 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1057 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1059 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1060 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1061 vec_elt (im->fib_index_by_sw_if_index,
1062 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1064 clib_memcpy (t0->packet_data,
1065 vlib_buffer_get_current (b0),
1066 sizeof (t0->packet_data));
1074 ip6_drop_or_punt (vlib_main_t * vm,
1075 vlib_node_runtime_t * node,
1076 vlib_frame_t * frame, ip6_error_t error_code)
1078 u32 *buffers = vlib_frame_vector_args (frame);
1079 uword n_packets = frame->n_vectors;
1081 vlib_error_drop_buffers (vm, node, buffers,
1085 ip6_input_node.index, error_code);
1087 if (node->flags & VLIB_NODE_FLAG_TRACE)
1088 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1094 ip6_drop (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1096 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_DROP);
1100 ip6_punt (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1102 return ip6_drop_or_punt (vm, node, frame, IP6_ERROR_ADJACENCY_PUNT);
1106 VLIB_REGISTER_NODE (ip6_drop_node, static) =
1108 .function = ip6_drop,
1110 .vector_size = sizeof (u32),
1111 .format_trace = format_ip6_forward_next_trace,
1115 [0] = "error-drop",},
1119 VLIB_NODE_FUNCTION_MULTIARCH (ip6_drop_node, ip6_drop);
1122 VLIB_REGISTER_NODE (ip6_punt_node, static) =
1124 .function = ip6_punt,
1126 .vector_size = sizeof (u32),
1127 .format_trace = format_ip6_forward_next_trace,
1131 [0] = "error-punt",},
1135 VLIB_NODE_FUNCTION_MULTIARCH (ip6_punt_node, ip6_punt);
1137 /* Compute TCP/UDP/ICMP6 checksum in software. */
1139 ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1140 ip6_header_t * ip0, int *bogus_lengthp)
1143 u16 sum16, payload_length_host_byte_order;
1144 u32 i, n_this_buffer, n_bytes_left;
1145 u32 headers_size = sizeof (ip0[0]);
1146 void *data_this_buffer;
1148 ASSERT (bogus_lengthp);
1151 /* Initialize checksum with ip header. */
1152 sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
1153 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1154 data_this_buffer = (void *) (ip0 + 1);
1156 for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
1158 sum0 = ip_csum_with_carry (sum0,
1159 clib_mem_unaligned (&ip0->
1160 src_address.as_uword[i],
1163 ip_csum_with_carry (sum0,
1164 clib_mem_unaligned (&ip0->dst_address.as_uword[i],
1168 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1169 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1172 ip6_hop_by_hop_ext_t *ext_hdr =
1173 (ip6_hop_by_hop_ext_t *) data_this_buffer;
1175 /* validate really icmp6 next */
1176 ASSERT (ext_hdr->next_hdr == IP_PROTOCOL_ICMP6);
1178 skip_bytes = 8 * (1 + ext_hdr->n_data_u64s);
1179 data_this_buffer = (void *) ((u8 *) data_this_buffer + skip_bytes);
1181 payload_length_host_byte_order -= skip_bytes;
1182 headers_size += skip_bytes;
1185 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1186 if (p0 && n_this_buffer + headers_size > p0->current_length)
1188 p0->current_length >
1189 headers_size ? p0->current_length - headers_size : 0;
1192 sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
1193 n_bytes_left -= n_this_buffer;
1194 if (n_bytes_left == 0)
1197 if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
1202 p0 = vlib_get_buffer (vm, p0->next_buffer);
1203 data_this_buffer = vlib_buffer_get_current (p0);
1204 n_this_buffer = p0->current_length;
1207 sum16 = ~ip_csum_fold (sum0);
1213 ip6_tcp_udp_icmp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1215 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1220 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1221 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1222 || ip0->protocol == IP_PROTOCOL_ICMP6
1223 || ip0->protocol == IP_PROTOCOL_UDP
1224 || ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS);
1226 udp0 = (void *) (ip0 + 1);
1227 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1229 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1230 | IP_BUFFER_L4_CHECKSUM_CORRECT);
1234 sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0, &bogus_length);
1236 p0->flags |= (IP_BUFFER_L4_CHECKSUM_COMPUTED
1237 | ((sum16 == 0) << LOG2_IP_BUFFER_L4_CHECKSUM_CORRECT));
1242 /* ip6_locate_header
1244 * This function is to search for the header specified by the find_hdr number.
1245 * 1. If the find_hdr < 0 then it finds and returns the protocol number and
1246 * offset stored in *offset of the transport or ESP header in the chain if
1248 * 2. If a header with find_hdr > 0 protocol number is found then the
1249 * offset is stored in *offset and protocol number of the header is
1251 * 3. If find_hdr header is not found or packet is malformed or
1252 * it is a non-first fragment -1 is returned.
1255 ip6_locate_header (vlib_buffer_t * p0,
1256 ip6_header_t * ip0, int find_hdr, u32 * offset)
1258 u8 next_proto = ip0->protocol;
1262 u8 *temp_nxthdr = 0;
1265 next_header = ip6_next_header (ip0);
1266 cur_offset = sizeof (ip6_header_t);
1269 done = (next_proto == find_hdr);
1272 (u8 *) vlib_buffer_get_current (p0) + p0->current_length))
1274 //A malicious packet could set an extension header with a too big size
1279 if ((!ip6_ext_hdr (next_proto)) || next_proto == IP_PROTOCOL_IP6_NONXT)
1285 if (next_proto == IP_PROTOCOL_IPV6_FRAGMENTATION)
1287 ip6_frag_hdr_t *frag_hdr = (ip6_frag_hdr_t *) next_header;
1288 u16 frag_off = ip6_frag_hdr_offset (frag_hdr);
1289 /* Non first fragment return -1 */
1292 exthdr_len = sizeof (ip6_frag_hdr_t);
1293 temp_nxthdr = next_header + exthdr_len;
1295 else if (next_proto == IP_PROTOCOL_IPSEC_AH)
1298 ip6_ext_authhdr_len (((ip6_ext_header_t *) next_header));
1299 temp_nxthdr = next_header + exthdr_len;
1304 ip6_ext_header_len (((ip6_ext_header_t *) next_header));
1305 temp_nxthdr = next_header + exthdr_len;
1307 next_proto = ((ip6_ext_header_t *) next_header)->next_hdr;
1308 next_header = temp_nxthdr;
1309 cur_offset += exthdr_len;
1312 *offset = cur_offset;
1313 return (next_proto);
1317 ip6_local (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1319 ip6_main_t *im = &ip6_main;
1320 ip_lookup_main_t *lm = &im->lookup_main;
1321 ip_local_next_t next_index;
1322 u32 *from, *to_next, n_left_from, n_left_to_next;
1323 vlib_node_runtime_t *error_node =
1324 vlib_node_get_runtime (vm, ip6_input_node.index);
1326 from = vlib_frame_vector_args (frame);
1327 n_left_from = frame->n_vectors;
1328 next_index = node->cached_next_index;
1330 if (node->flags & VLIB_NODE_FLAG_TRACE)
1331 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1333 while (n_left_from > 0)
1335 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1337 while (n_left_from >= 4 && n_left_to_next >= 2)
1339 vlib_buffer_t *p0, *p1;
1340 ip6_header_t *ip0, *ip1;
1341 udp_header_t *udp0, *udp1;
1342 u32 pi0, ip_len0, udp_len0, flags0, next0;
1343 u32 pi1, ip_len1, udp_len1, flags1, next1;
1344 i32 len_diff0, len_diff1;
1345 u8 error0, type0, good_l4_checksum0;
1346 u8 error1, type1, good_l4_checksum1;
1347 u32 udp_offset0, udp_offset1;
1349 pi0 = to_next[0] = from[0];
1350 pi1 = to_next[1] = from[1];
1354 n_left_to_next -= 2;
1356 p0 = vlib_get_buffer (vm, pi0);
1357 p1 = vlib_get_buffer (vm, pi1);
1359 ip0 = vlib_buffer_get_current (p0);
1360 ip1 = vlib_buffer_get_current (p1);
1362 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1363 vnet_buffer (p1)->ip.start_of_ip_header = p1->current_data;
1365 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1366 type1 = lm->builtin_protocol_by_ip_protocol[ip1->protocol];
1368 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1369 next1 = lm->local_next_by_ip_protocol[ip1->protocol];
1374 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1375 good_l4_checksum1 = (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1379 /* Skip HBH local processing */
1381 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1383 ip6_hop_by_hop_ext_t *ext_hdr =
1384 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1385 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1386 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1389 (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1391 ip6_hop_by_hop_ext_t *ext_hdr =
1392 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip1);
1393 next1 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1394 type1 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1396 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1400 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1401 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1402 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1403 && udp0->checksum == 0;
1404 /* Verify UDP length. */
1405 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1406 udp_len0 = clib_net_to_host_u16 (udp0->length);
1407 len_diff0 = ip_len0 - udp_len0;
1409 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p1, ip1,
1413 udp1 = (udp_header_t *) ((u8 *) ip1 + udp_offset1);
1414 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1415 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UDP
1416 && udp1->checksum == 0;
1417 /* Verify UDP length. */
1418 ip_len1 = clib_net_to_host_u16 (ip1->payload_length);
1419 udp_len1 = clib_net_to_host_u16 (udp1->length);
1420 len_diff1 = ip_len1 - udp_len1;
1423 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1424 good_l4_checksum1 |= type1 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1426 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1427 len_diff1 = type1 == IP_BUILTIN_PROTOCOL_UDP ? len_diff1 : 0;
1429 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1430 && !good_l4_checksum0
1431 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1433 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1435 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1437 if (PREDICT_FALSE (type1 != IP_BUILTIN_PROTOCOL_UNKNOWN
1438 && !good_l4_checksum1
1439 && !(flags1 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1441 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, p1);
1443 (flags1 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1446 error0 = error1 = IP6_ERROR_UNKNOWN_PROTOCOL;
1448 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1449 error1 = len_diff1 < 0 ? IP6_ERROR_UDP_LENGTH : error1;
1451 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1452 IP6_ERROR_UDP_CHECKSUM);
1453 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1454 IP6_ERROR_ICMP_CHECKSUM);
1456 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1458 (!good_l4_checksum1 ? IP6_ERROR_UDP_CHECKSUM + type1 : error1);
1460 /* Drop packets from unroutable hosts. */
1461 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1462 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1463 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1464 !ip6_address_is_link_local_unicast (&ip0->src_address))
1466 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1467 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1469 if (error1 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1470 type1 != IP_BUILTIN_PROTOCOL_ICMP &&
1471 !ip6_address_is_link_local_unicast (&ip1->src_address))
1473 error1 = (!ip6_urpf_loose_check (im, p1, ip1)
1474 ? IP6_ERROR_SRC_LOOKUP_MISS : error1);
1478 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1480 error1 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next1;
1482 p0->error = error_node->errors[error0];
1483 p1->error = error_node->errors[error1];
1485 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
1486 to_next, n_left_to_next,
1487 pi0, pi1, next0, next1);
1490 while (n_left_from > 0 && n_left_to_next > 0)
1495 u32 pi0, ip_len0, udp_len0, flags0, next0;
1497 u8 error0, type0, good_l4_checksum0;
1500 pi0 = to_next[0] = from[0];
1504 n_left_to_next -= 1;
1506 p0 = vlib_get_buffer (vm, pi0);
1508 ip0 = vlib_buffer_get_current (p0);
1510 vnet_buffer (p0)->ip.start_of_ip_header = p0->current_data;
1512 type0 = lm->builtin_protocol_by_ip_protocol[ip0->protocol];
1513 next0 = lm->local_next_by_ip_protocol[ip0->protocol];
1517 good_l4_checksum0 = (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1520 /* Skip HBH local processing */
1522 (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1524 ip6_hop_by_hop_ext_t *ext_hdr =
1525 (ip6_hop_by_hop_ext_t *) ip6_next_header (ip0);
1526 next0 = lm->local_next_by_ip_protocol[ext_hdr->next_hdr];
1527 type0 = lm->builtin_protocol_by_ip_protocol[ext_hdr->next_hdr];
1529 if (PREDICT_TRUE (IP_PROTOCOL_UDP == ip6_locate_header (p0, ip0,
1533 udp0 = (udp_header_t *) ((u8 *) ip0 + udp_offset0);
1534 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1535 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UDP
1536 && udp0->checksum == 0;
1537 /* Verify UDP length. */
1538 ip_len0 = clib_net_to_host_u16 (ip0->payload_length);
1539 udp_len0 = clib_net_to_host_u16 (udp0->length);
1540 len_diff0 = ip_len0 - udp_len0;
1543 good_l4_checksum0 |= type0 == IP_BUILTIN_PROTOCOL_UNKNOWN;
1544 len_diff0 = type0 == IP_BUILTIN_PROTOCOL_UDP ? len_diff0 : 0;
1546 if (PREDICT_FALSE (type0 != IP_BUILTIN_PROTOCOL_UNKNOWN
1547 && !good_l4_checksum0
1548 && !(flags0 & IP_BUFFER_L4_CHECKSUM_COMPUTED)))
1550 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, p0);
1552 (flags0 & IP_BUFFER_L4_CHECKSUM_CORRECT) != 0;
1555 error0 = IP6_ERROR_UNKNOWN_PROTOCOL;
1557 error0 = len_diff0 < 0 ? IP6_ERROR_UDP_LENGTH : error0;
1559 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1560 IP6_ERROR_UDP_CHECKSUM);
1561 ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1562 IP6_ERROR_ICMP_CHECKSUM);
1564 (!good_l4_checksum0 ? IP6_ERROR_UDP_CHECKSUM + type0 : error0);
1566 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1567 if (error0 == IP6_ERROR_UNKNOWN_PROTOCOL &&
1568 type0 != IP_BUILTIN_PROTOCOL_ICMP &&
1569 !ip6_address_is_link_local_unicast (&ip0->src_address))
1571 error0 = (!ip6_urpf_loose_check (im, p0, ip0)
1572 ? IP6_ERROR_SRC_LOOKUP_MISS : error0);
1576 error0 != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next0;
1578 p0->error = error_node->errors[error0];
1580 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1581 to_next, n_left_to_next,
1585 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1588 return frame->n_vectors;
1592 VLIB_REGISTER_NODE (ip6_local_node, static) =
1594 .function = ip6_local,
1595 .name = "ip6-local",
1596 .vector_size = sizeof (u32),
1597 .format_trace = format_ip6_forward_next_trace,
1598 .n_next_nodes = IP_LOCAL_N_NEXT,
1601 [IP_LOCAL_NEXT_DROP] = "error-drop",
1602 [IP_LOCAL_NEXT_PUNT] = "error-punt",
1603 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip6-udp-lookup",
1604 [IP_LOCAL_NEXT_ICMP] = "ip6-icmp-input",
1609 VLIB_NODE_FUNCTION_MULTIARCH (ip6_local_node, ip6_local);
1612 ip6_register_protocol (u32 protocol, u32 node_index)
1614 vlib_main_t *vm = vlib_get_main ();
1615 ip6_main_t *im = &ip6_main;
1616 ip_lookup_main_t *lm = &im->lookup_main;
1618 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1619 lm->local_next_by_ip_protocol[protocol] =
1620 vlib_node_add_next (vm, ip6_local_node.index, node_index);
1625 IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1626 IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX,
1627 IP6_DISCOVER_NEIGHBOR_N_NEXT,
1628 } ip6_discover_neighbor_next_t;
1632 IP6_DISCOVER_NEIGHBOR_ERROR_DROP,
1633 IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT,
1634 IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS,
1635 } ip6_discover_neighbor_error_t;
1638 ip6_discover_neighbor_inline (vlib_main_t * vm,
1639 vlib_node_runtime_t * node,
1640 vlib_frame_t * frame, int is_glean)
1642 vnet_main_t *vnm = vnet_get_main ();
1643 ip6_main_t *im = &ip6_main;
1644 ip_lookup_main_t *lm = &im->lookup_main;
1645 u32 *from, *to_next_drop;
1646 uword n_left_from, n_left_to_next_drop;
1647 static f64 time_last_seed_change = -1e100;
1648 static u32 hash_seeds[3];
1649 static uword hash_bitmap[256 / BITS (uword)];
1653 if (node->flags & VLIB_NODE_FLAG_TRACE)
1654 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1656 time_now = vlib_time_now (vm);
1657 if (time_now - time_last_seed_change > 1e-3)
1660 u32 *r = clib_random_buffer_get_data (&vm->random_buffer,
1661 sizeof (hash_seeds));
1662 for (i = 0; i < ARRAY_LEN (hash_seeds); i++)
1663 hash_seeds[i] = r[i];
1665 /* Mark all hash keys as been not-seen before. */
1666 for (i = 0; i < ARRAY_LEN (hash_bitmap); i++)
1669 time_last_seed_change = time_now;
1672 from = vlib_frame_vector_args (frame);
1673 n_left_from = frame->n_vectors;
1675 while (n_left_from > 0)
1677 vlib_get_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1678 to_next_drop, n_left_to_next_drop);
1680 while (n_left_from > 0 && n_left_to_next_drop > 0)
1684 u32 pi0, adj_index0, a0, b0, c0, m0, sw_if_index0, drop0;
1686 ip_adjacency_t *adj0;
1687 vnet_hw_interface_t *hw_if0;
1692 p0 = vlib_get_buffer (vm, pi0);
1694 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1696 ip0 = vlib_buffer_get_current (p0);
1698 adj0 = ip_get_adjacency (lm, adj_index0);
1702 ip0->dst_address.as_u64[0] =
1703 adj0->sub_type.nbr.next_hop.ip6.as_u64[0];
1704 ip0->dst_address.as_u64[1] =
1705 adj0->sub_type.nbr.next_hop.ip6.as_u64[1];
1712 sw_if_index0 = adj0->rewrite_header.sw_if_index;
1713 vnet_buffer (p0)->sw_if_index[VLIB_TX] = sw_if_index0;
1716 b0 ^= ip0->dst_address.as_u32[0];
1717 c0 ^= ip0->dst_address.as_u32[1];
1719 hash_v3_mix32 (a0, b0, c0);
1721 b0 ^= ip0->dst_address.as_u32[2];
1722 c0 ^= ip0->dst_address.as_u32[3];
1724 hash_v3_finalize32 (a0, b0, c0);
1726 c0 &= BITS (hash_bitmap) - 1;
1727 c0 = c0 / BITS (uword);
1728 m0 = (uword) 1 << (c0 % BITS (uword));
1730 bm0 = hash_bitmap[c0];
1731 drop0 = (bm0 & m0) != 0;
1733 /* Mark it as seen. */
1734 hash_bitmap[c0] = bm0 | m0;
1738 to_next_drop[0] = pi0;
1740 n_left_to_next_drop -= 1;
1742 hw_if0 = vnet_get_sup_hw_interface (vnm, sw_if_index0);
1744 /* If the interface is link-down, drop the pkt */
1745 if (!(hw_if0->flags & VNET_HW_INTERFACE_FLAG_LINK_UP))
1749 node->errors[drop0 ? IP6_DISCOVER_NEIGHBOR_ERROR_DROP
1750 : IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT];
1755 * the adj has been updated to a rewrite but the node the DPO that got
1756 * us here hasn't - yet. no big deal. we'll drop while we wait.
1758 if (IP_LOOKUP_NEXT_REWRITE == adj0->lookup_next_index)
1763 icmp6_neighbor_solicitation_header_t *h0;
1766 h0 = vlib_packet_template_get_packet
1767 (vm, &im->discover_neighbor_packet_template, &bi0);
1770 * Build ethernet header.
1771 * Choose source address based on destination lookup
1774 if (ip6_src_address_for_packet (lm,
1776 &h0->ip.src_address))
1778 /* There is no address on the interface */
1780 node->errors[IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS];
1781 vlib_buffer_free (vm, &bi0, 1);
1786 * Destination address is a solicited node multicast address.
1787 * We need to fill in
1788 * the low 24 bits with low 24 bits of target's address.
1790 h0->ip.dst_address.as_u8[13] = ip0->dst_address.as_u8[13];
1791 h0->ip.dst_address.as_u8[14] = ip0->dst_address.as_u8[14];
1792 h0->ip.dst_address.as_u8[15] = ip0->dst_address.as_u8[15];
1794 h0->neighbor.target_address = ip0->dst_address;
1796 clib_memcpy (h0->link_layer_option.ethernet_address,
1797 hw_if0->hw_address, vec_len (hw_if0->hw_address));
1799 /* $$$$ appears we need this; why is the checksum non-zero? */
1800 h0->neighbor.icmp.checksum = 0;
1801 h0->neighbor.icmp.checksum =
1802 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h0->ip,
1805 ASSERT (bogus_length == 0);
1807 vlib_buffer_copy_trace_flag (vm, p0, bi0);
1808 b0 = vlib_get_buffer (vm, bi0);
1809 vnet_buffer (b0)->sw_if_index[VLIB_TX]
1810 = vnet_buffer (p0)->sw_if_index[VLIB_TX];
1812 /* Add rewrite/encap string. */
1813 vnet_rewrite_one_header (adj0[0], h0, sizeof (ethernet_header_t));
1814 vlib_buffer_advance (b0, -adj0->rewrite_header.data_bytes);
1816 next0 = IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX;
1818 vlib_set_next_frame_buffer (vm, node, next0, bi0);
1822 vlib_put_next_frame (vm, node, IP6_DISCOVER_NEIGHBOR_NEXT_DROP,
1823 n_left_to_next_drop);
1826 return frame->n_vectors;
1830 ip6_discover_neighbor (vlib_main_t * vm,
1831 vlib_node_runtime_t * node, vlib_frame_t * frame)
1833 return (ip6_discover_neighbor_inline (vm, node, frame, 0));
1837 ip6_glean (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1839 return (ip6_discover_neighbor_inline (vm, node, frame, 1));
1842 static char *ip6_discover_neighbor_error_strings[] = {
1843 [IP6_DISCOVER_NEIGHBOR_ERROR_DROP] = "address overflow drops",
1844 [IP6_DISCOVER_NEIGHBOR_ERROR_REQUEST_SENT] = "neighbor solicitations sent",
1845 [IP6_DISCOVER_NEIGHBOR_ERROR_NO_SOURCE_ADDRESS]
1846 = "no source address for ND solicitation",
1850 VLIB_REGISTER_NODE (ip6_discover_neighbor_node) =
1852 .function = ip6_discover_neighbor,
1853 .name = "ip6-discover-neighbor",
1854 .vector_size = sizeof (u32),
1855 .format_trace = format_ip6_forward_next_trace,
1856 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1857 .error_strings = ip6_discover_neighbor_error_strings,
1858 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1861 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1862 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1868 VLIB_REGISTER_NODE (ip6_glean_node) =
1870 .function = ip6_glean,
1871 .name = "ip6-glean",
1872 .vector_size = sizeof (u32),
1873 .format_trace = format_ip6_forward_next_trace,
1874 .n_errors = ARRAY_LEN (ip6_discover_neighbor_error_strings),
1875 .error_strings = ip6_discover_neighbor_error_strings,
1876 .n_next_nodes = IP6_DISCOVER_NEIGHBOR_N_NEXT,
1879 [IP6_DISCOVER_NEIGHBOR_NEXT_DROP] = "error-drop",
1880 [IP6_DISCOVER_NEIGHBOR_NEXT_REPLY_TX] = "interface-output",
1886 ip6_probe_neighbor (vlib_main_t * vm, ip6_address_t * dst, u32 sw_if_index)
1888 vnet_main_t *vnm = vnet_get_main ();
1889 ip6_main_t *im = &ip6_main;
1890 icmp6_neighbor_solicitation_header_t *h;
1892 ip_interface_address_t *ia;
1893 ip_adjacency_t *adj;
1894 vnet_hw_interface_t *hi;
1895 vnet_sw_interface_t *si;
1900 si = vnet_get_sw_interface (vnm, sw_if_index);
1902 if (!(si->flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP))
1904 return clib_error_return (0, "%U: interface %U down",
1905 format_ip6_address, dst,
1906 format_vnet_sw_if_index_name, vnm,
1911 ip6_interface_address_matching_destination (im, dst, sw_if_index, &ia);
1914 vnm->api_errno = VNET_API_ERROR_NO_MATCHING_INTERFACE;
1915 return clib_error_return
1916 (0, "no matching interface address for destination %U (interface %U)",
1917 format_ip6_address, dst,
1918 format_vnet_sw_if_index_name, vnm, sw_if_index);
1922 vlib_packet_template_get_packet (vm,
1923 &im->discover_neighbor_packet_template,
1926 hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
1928 /* Destination address is a solicited node multicast address. We need to fill in
1929 the low 24 bits with low 24 bits of target's address. */
1930 h->ip.dst_address.as_u8[13] = dst->as_u8[13];
1931 h->ip.dst_address.as_u8[14] = dst->as_u8[14];
1932 h->ip.dst_address.as_u8[15] = dst->as_u8[15];
1934 h->ip.src_address = src[0];
1935 h->neighbor.target_address = dst[0];
1937 clib_memcpy (h->link_layer_option.ethernet_address, hi->hw_address,
1938 vec_len (hi->hw_address));
1940 h->neighbor.icmp.checksum =
1941 ip6_tcp_udp_icmp_compute_checksum (vm, 0, &h->ip, &bogus_length);
1942 ASSERT (bogus_length == 0);
1944 b = vlib_get_buffer (vm, bi);
1945 vnet_buffer (b)->sw_if_index[VLIB_RX] =
1946 vnet_buffer (b)->sw_if_index[VLIB_TX] = sw_if_index;
1948 /* Add encapsulation string for software interface (e.g. ethernet header). */
1949 adj = ip_get_adjacency (&im->lookup_main, ia->neighbor_probe_adj_index);
1950 vnet_rewrite_one_header (adj[0], h, sizeof (ethernet_header_t));
1951 vlib_buffer_advance (b, -adj->rewrite_header.data_bytes);
1954 vlib_frame_t *f = vlib_get_frame_to_node (vm, hi->output_node_index);
1955 u32 *to_next = vlib_frame_vector_args (f);
1958 vlib_put_frame_to_node (vm, hi->output_node_index, f);
1961 return /* no error */ 0;
1966 IP6_REWRITE_NEXT_DROP,
1967 IP6_REWRITE_NEXT_ICMP_ERROR,
1968 } ip6_rewrite_next_t;
1971 ip6_rewrite_inline (vlib_main_t * vm,
1972 vlib_node_runtime_t * node,
1973 vlib_frame_t * frame, int is_midchain, int is_mcast)
1975 ip_lookup_main_t *lm = &ip6_main.lookup_main;
1976 u32 *from = vlib_frame_vector_args (frame);
1977 u32 n_left_from, n_left_to_next, *to_next, next_index;
1978 vlib_node_runtime_t *error_node =
1979 vlib_node_get_runtime (vm, ip6_input_node.index);
1981 n_left_from = frame->n_vectors;
1982 next_index = node->cached_next_index;
1983 u32 cpu_index = os_get_cpu_number ();
1985 while (n_left_from > 0)
1987 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1989 while (n_left_from >= 4 && n_left_to_next >= 2)
1991 ip_adjacency_t *adj0, *adj1;
1992 vlib_buffer_t *p0, *p1;
1993 ip6_header_t *ip0, *ip1;
1994 u32 pi0, rw_len0, next0, error0, adj_index0;
1995 u32 pi1, rw_len1, next1, error1, adj_index1;
1996 u32 tx_sw_if_index0, tx_sw_if_index1;
1998 /* Prefetch next iteration. */
2000 vlib_buffer_t *p2, *p3;
2002 p2 = vlib_get_buffer (vm, from[2]);
2003 p3 = vlib_get_buffer (vm, from[3]);
2005 vlib_prefetch_buffer_header (p2, LOAD);
2006 vlib_prefetch_buffer_header (p3, LOAD);
2008 CLIB_PREFETCH (p2->pre_data, 32, STORE);
2009 CLIB_PREFETCH (p3->pre_data, 32, STORE);
2011 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
2012 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
2015 pi0 = to_next[0] = from[0];
2016 pi1 = to_next[1] = from[1];
2021 n_left_to_next -= 2;
2023 p0 = vlib_get_buffer (vm, pi0);
2024 p1 = vlib_get_buffer (vm, pi1);
2026 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2027 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
2029 /* We should never rewrite a pkt using the MISS adjacency */
2030 ASSERT (adj_index0 && adj_index1);
2032 ip0 = vlib_buffer_get_current (p0);
2033 ip1 = vlib_buffer_get_current (p1);
2035 error0 = error1 = IP6_ERROR_NONE;
2036 next0 = next1 = IP6_REWRITE_NEXT_DROP;
2038 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2040 i32 hop_limit0 = ip0->hop_limit;
2042 /* Input node should have reject packets with hop limit 0. */
2043 ASSERT (ip0->hop_limit > 0);
2047 ip0->hop_limit = hop_limit0;
2050 * If the hop count drops below 1 when forwarding, generate
2053 if (PREDICT_FALSE (hop_limit0 <= 0))
2055 error0 = IP6_ERROR_TIME_EXPIRED;
2056 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2057 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2058 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2059 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2065 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2067 if (PREDICT_TRUE (!(p1->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2069 i32 hop_limit1 = ip1->hop_limit;
2071 /* Input node should have reject packets with hop limit 0. */
2072 ASSERT (ip1->hop_limit > 0);
2076 ip1->hop_limit = hop_limit1;
2079 * If the hop count drops below 1 when forwarding, generate
2082 if (PREDICT_FALSE (hop_limit1 <= 0))
2084 error1 = IP6_ERROR_TIME_EXPIRED;
2085 next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
2086 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2087 icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
2088 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2094 p1->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2096 adj0 = ip_get_adjacency (lm, adj_index0);
2097 adj1 = ip_get_adjacency (lm, adj_index1);
2099 rw_len0 = adj0[0].rewrite_header.data_bytes;
2100 rw_len1 = adj1[0].rewrite_header.data_bytes;
2101 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2102 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
2104 vlib_increment_combined_counter
2105 (&adjacency_counters,
2107 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2108 vlib_increment_combined_counter
2109 (&adjacency_counters,
2110 cpu_index, adj_index1,
2111 1, vlib_buffer_length_in_chain (vm, p1) + rw_len1);
2113 /* Check MTU of outgoing interface. */
2115 (vlib_buffer_length_in_chain (vm, p0) >
2117 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2120 (vlib_buffer_length_in_chain (vm, p1) >
2122 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2125 /* Don't adjust the buffer for hop count issue; icmp-error node
2126 * wants to see the IP headerr */
2127 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2129 p0->current_data -= rw_len0;
2130 p0->current_length += rw_len0;
2132 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2133 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2134 next0 = adj0[0].rewrite_header.next_index;
2136 vnet_feature_arc_start (lm->output_feature_arc_index,
2137 tx_sw_if_index0, &next0, p0);
2139 if (PREDICT_TRUE (error1 == IP6_ERROR_NONE))
2141 p1->current_data -= rw_len1;
2142 p1->current_length += rw_len1;
2144 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
2145 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
2146 next1 = adj1[0].rewrite_header.next_index;
2148 vnet_feature_arc_start (lm->output_feature_arc_index,
2149 tx_sw_if_index1, &next1, p1);
2152 /* Guess we are only writing on simple Ethernet header. */
2153 vnet_rewrite_two_headers (adj0[0], adj1[0],
2154 ip0, ip1, sizeof (ethernet_header_t));
2158 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2159 adj1->sub_type.midchain.fixup_func (vm, adj1, p1);
2164 * copy bytes from the IP address into the MAC rewrite
2166 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2167 vnet_fixup_one_header (adj1[0], &ip1->dst_address, ip1, 0);
2170 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
2171 to_next, n_left_to_next,
2172 pi0, pi1, next0, next1);
2175 while (n_left_from > 0 && n_left_to_next > 0)
2177 ip_adjacency_t *adj0;
2181 u32 adj_index0, next0, error0;
2182 u32 tx_sw_if_index0;
2184 pi0 = to_next[0] = from[0];
2186 p0 = vlib_get_buffer (vm, pi0);
2188 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
2190 /* We should never rewrite a pkt using the MISS adjacency */
2191 ASSERT (adj_index0);
2193 adj0 = ip_get_adjacency (lm, adj_index0);
2195 ip0 = vlib_buffer_get_current (p0);
2197 error0 = IP6_ERROR_NONE;
2198 next0 = IP6_REWRITE_NEXT_DROP;
2200 /* Check hop limit */
2201 if (PREDICT_TRUE (!(p0->flags & VNET_BUFFER_LOCALLY_ORIGINATED)))
2203 i32 hop_limit0 = ip0->hop_limit;
2205 ASSERT (ip0->hop_limit > 0);
2209 ip0->hop_limit = hop_limit0;
2211 if (PREDICT_FALSE (hop_limit0 <= 0))
2214 * If the hop count drops below 1 when forwarding, generate
2217 error0 = IP6_ERROR_TIME_EXPIRED;
2218 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2219 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2220 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2221 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2227 p0->flags &= ~VNET_BUFFER_LOCALLY_ORIGINATED;
2230 /* Guess we are only writing on simple Ethernet header. */
2231 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ethernet_header_t));
2233 /* Update packet buffer attributes/set output interface. */
2234 rw_len0 = adj0[0].rewrite_header.data_bytes;
2235 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2237 vlib_increment_combined_counter
2238 (&adjacency_counters,
2240 adj_index0, 1, vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2242 /* Check MTU of outgoing interface. */
2244 (vlib_buffer_length_in_chain (vm, p0) >
2246 rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED :
2249 /* Don't adjust the buffer for hop count issue; icmp-error node
2250 * wants to see the IP headerr */
2251 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2253 p0->current_data -= rw_len0;
2254 p0->current_length += rw_len0;
2256 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2258 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2259 next0 = adj0[0].rewrite_header.next_index;
2261 vnet_feature_arc_start (lm->output_feature_arc_index,
2262 tx_sw_if_index0, &next0, p0);
2267 adj0->sub_type.midchain.fixup_func (vm, adj0, p0);
2271 vnet_fixup_one_header (adj0[0], &ip0->dst_address, ip0, 0);
2274 p0->error = error_node->errors[error0];
2279 n_left_to_next -= 1;
2281 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2282 to_next, n_left_to_next,
2286 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2289 /* Need to do trace after rewrites to pick up new packet data. */
2290 if (node->flags & VLIB_NODE_FLAG_TRACE)
2291 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
2293 return frame->n_vectors;
2297 ip6_rewrite (vlib_main_t * vm,
2298 vlib_node_runtime_t * node, vlib_frame_t * frame)
2300 return ip6_rewrite_inline (vm, node, frame, 0, 0);
2304 ip6_rewrite_mcast (vlib_main_t * vm,
2305 vlib_node_runtime_t * node, vlib_frame_t * frame)
2307 return ip6_rewrite_inline (vm, node, frame, 0, 1);
2311 ip6_midchain (vlib_main_t * vm,
2312 vlib_node_runtime_t * node, vlib_frame_t * frame)
2314 return ip6_rewrite_inline (vm, node, frame, 1, 0);
2318 VLIB_REGISTER_NODE (ip6_midchain_node) =
2320 .function = ip6_midchain,
2321 .name = "ip6-midchain",
2322 .vector_size = sizeof (u32),
2323 .format_trace = format_ip6_forward_next_trace,
2324 .sibling_of = "ip6-rewrite",
2328 VLIB_NODE_FUNCTION_MULTIARCH (ip6_midchain_node, ip6_midchain);
2331 VLIB_REGISTER_NODE (ip6_rewrite_node) =
2333 .function = ip6_rewrite,
2334 .name = "ip6-rewrite",
2335 .vector_size = sizeof (u32),
2336 .format_trace = format_ip6_rewrite_trace,
2340 [IP6_REWRITE_NEXT_DROP] = "error-drop",
2341 [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
2346 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_node, ip6_rewrite);
2349 VLIB_REGISTER_NODE (ip6_rewrite_mcast_node) =
2351 .function = ip6_rewrite_mcast,
2352 .name = "ip6-rewrite-mcast",
2353 .vector_size = sizeof (u32),
2354 .format_trace = format_ip6_rewrite_trace,
2355 .sibling_of = "ip6-rewrite",
2359 VLIB_NODE_FUNCTION_MULTIARCH (ip6_rewrite_mcast_node, ip6_rewrite_mcast);
2362 * Hop-by-Hop handling
2364 ip6_hop_by_hop_main_t ip6_hop_by_hop_main;
2366 #define foreach_ip6_hop_by_hop_error \
2367 _(PROCESSED, "pkts with ip6 hop-by-hop options") \
2368 _(FORMAT, "incorrectly formatted hop-by-hop options") \
2369 _(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options")
2374 #define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym,
2375 foreach_ip6_hop_by_hop_error
2377 IP6_HOP_BY_HOP_N_ERROR,
2378 } ip6_hop_by_hop_error_t;
2382 * Primary h-b-h handler trace support
2383 * We work pretty hard on the problem for obvious reasons
2389 u8 option_data[256];
2390 } ip6_hop_by_hop_trace_t;
2392 vlib_node_registration_t ip6_hop_by_hop_node;
2394 static char *ip6_hop_by_hop_error_strings[] = {
2395 #define _(sym,string) string,
2396 foreach_ip6_hop_by_hop_error
2401 format_ip6_hop_by_hop_trace (u8 * s, va_list * args)
2403 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
2404 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
2405 ip6_hop_by_hop_trace_t *t = va_arg (*args, ip6_hop_by_hop_trace_t *);
2406 ip6_hop_by_hop_header_t *hbh0;
2407 ip6_hop_by_hop_option_t *opt0, *limit0;
2408 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2412 hbh0 = (ip6_hop_by_hop_header_t *) t->option_data;
2414 s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d",
2415 t->next_index, (hbh0->length + 1) << 3, t->trace_len);
2417 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2418 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0) + t->trace_len;
2420 while (opt0 < limit0)
2425 case 0: /* Pad, just stop */
2426 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2430 if (hm->trace[type0])
2432 s = (*hm->trace[type0]) (s, opt0);
2437 format (s, "\n unrecognized option %d length %d", type0,
2441 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2442 sizeof (ip6_hop_by_hop_option_t));
2450 ip6_scan_hbh_options (vlib_buffer_t * b0,
2452 ip6_hop_by_hop_header_t * hbh0,
2453 ip6_hop_by_hop_option_t * opt0,
2454 ip6_hop_by_hop_option_t * limit0, u32 * next0)
2456 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2460 while (opt0 < limit0)
2466 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2471 if (hm->options[type0])
2473 if ((*hm->options[type0]) (b0, ip0, opt0) < 0)
2475 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2481 /* Unrecognized mandatory option, check the two high order bits */
2482 switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
2484 case HBH_OPTION_TYPE_SKIP_UNKNOWN:
2486 case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
2487 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2488 *next0 = IP_LOOKUP_NEXT_DROP;
2490 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
2491 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2492 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2493 icmp6_error_set_vnet_buffer (b0, ICMP6_parameter_problem,
2494 ICMP6_parameter_problem_unrecognized_option,
2495 (u8 *) opt0 - (u8 *) ip0);
2497 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
2498 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2499 if (!ip6_address_is_multicast (&ip0->dst_address))
2501 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2502 icmp6_error_set_vnet_buffer (b0,
2503 ICMP6_parameter_problem,
2504 ICMP6_parameter_problem_unrecognized_option,
2505 (u8 *) opt0 - (u8 *) ip0);
2509 *next0 = IP_LOOKUP_NEXT_DROP;
2517 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2518 sizeof (ip6_hop_by_hop_option_t));
2524 * Process the Hop-by-Hop Options header
2527 ip6_hop_by_hop (vlib_main_t * vm,
2528 vlib_node_runtime_t * node, vlib_frame_t * frame)
2530 vlib_node_runtime_t *error_node =
2531 vlib_node_get_runtime (vm, ip6_hop_by_hop_node.index);
2532 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2533 u32 n_left_from, *from, *to_next;
2534 ip_lookup_next_t next_index;
2535 ip6_main_t *im = &ip6_main;
2536 ip_lookup_main_t *lm = &im->lookup_main;
2538 from = vlib_frame_vector_args (frame);
2539 n_left_from = frame->n_vectors;
2540 next_index = node->cached_next_index;
2542 while (n_left_from > 0)
2546 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2548 while (n_left_from >= 4 && n_left_to_next >= 2)
2551 vlib_buffer_t *b0, *b1;
2553 ip6_header_t *ip0, *ip1;
2554 ip6_hop_by_hop_header_t *hbh0, *hbh1;
2555 ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
2556 u8 error0 = 0, error1 = 0;
2558 /* Prefetch next iteration. */
2560 vlib_buffer_t *p2, *p3;
2562 p2 = vlib_get_buffer (vm, from[2]);
2563 p3 = vlib_get_buffer (vm, from[3]);
2565 vlib_prefetch_buffer_header (p2, LOAD);
2566 vlib_prefetch_buffer_header (p3, LOAD);
2568 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2569 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2572 /* Speculatively enqueue b0, b1 to the current next frame */
2573 to_next[0] = bi0 = from[0];
2574 to_next[1] = bi1 = from[1];
2578 n_left_to_next -= 2;
2580 b0 = vlib_get_buffer (vm, bi0);
2581 b1 = vlib_get_buffer (vm, bi1);
2583 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2584 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2585 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2586 u32 adj_index1 = vnet_buffer (b1)->ip.adj_index[VLIB_TX];
2587 ip_adjacency_t *adj1 = ip_get_adjacency (lm, adj_index1);
2589 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2590 next0 = adj0->lookup_next_index;
2591 next1 = adj1->lookup_next_index;
2593 ip0 = vlib_buffer_get_current (b0);
2594 ip1 = vlib_buffer_get_current (b1);
2595 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2596 hbh1 = (ip6_hop_by_hop_header_t *) (ip1 + 1);
2597 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2598 opt1 = (ip6_hop_by_hop_option_t *) (hbh1 + 1);
2600 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2601 ((hbh0->length + 1) << 3));
2603 (ip6_hop_by_hop_option_t *) ((u8 *) hbh1 +
2604 ((hbh1->length + 1) << 3));
2607 * Basic validity checks
2609 if ((hbh0->length + 1) << 3 >
2610 clib_net_to_host_u16 (ip0->payload_length))
2612 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2613 next0 = IP_LOOKUP_NEXT_DROP;
2616 /* Scan the set of h-b-h options, process ones that we understand */
2617 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2619 if ((hbh1->length + 1) << 3 >
2620 clib_net_to_host_u16 (ip1->payload_length))
2622 error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2623 next1 = IP_LOOKUP_NEXT_DROP;
2626 /* Scan the set of h-b-h options, process ones that we understand */
2627 error1 = ip6_scan_hbh_options (b1, ip1, hbh1, opt1, limit1, &next1);
2630 /* Has the classifier flagged this buffer for special treatment? */
2633 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2634 next0 = hm->next_override;
2636 /* Has the classifier flagged this buffer for special treatment? */
2639 && (vnet_buffer (b1)->l2_classify.opaque_index & OI_DECAP)))
2640 next1 = hm->next_override;
2642 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
2644 if (b0->flags & VLIB_BUFFER_IS_TRACED)
2646 ip6_hop_by_hop_trace_t *t =
2647 vlib_add_trace (vm, node, b0, sizeof (*t));
2648 u32 trace_len = (hbh0->length + 1) << 3;
2649 t->next_index = next0;
2650 /* Capture the h-b-h option verbatim */
2653 ARRAY_LEN (t->option_data) ? trace_len :
2654 ARRAY_LEN (t->option_data);
2655 t->trace_len = trace_len;
2656 clib_memcpy (t->option_data, hbh0, trace_len);
2658 if (b1->flags & VLIB_BUFFER_IS_TRACED)
2660 ip6_hop_by_hop_trace_t *t =
2661 vlib_add_trace (vm, node, b1, sizeof (*t));
2662 u32 trace_len = (hbh1->length + 1) << 3;
2663 t->next_index = next1;
2664 /* Capture the h-b-h option verbatim */
2667 ARRAY_LEN (t->option_data) ? trace_len :
2668 ARRAY_LEN (t->option_data);
2669 t->trace_len = trace_len;
2670 clib_memcpy (t->option_data, hbh1, trace_len);
2675 b0->error = error_node->errors[error0];
2676 b1->error = error_node->errors[error1];
2678 /* verify speculative enqueue, maybe switch current next frame */
2679 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
2680 n_left_to_next, bi0, bi1, next0,
2684 while (n_left_from > 0 && n_left_to_next > 0)
2690 ip6_hop_by_hop_header_t *hbh0;
2691 ip6_hop_by_hop_option_t *opt0, *limit0;
2694 /* Speculatively enqueue b0 to the current next frame */
2700 n_left_to_next -= 1;
2702 b0 = vlib_get_buffer (vm, bi0);
2704 * Default use the next_index from the adjacency.
2705 * A HBH option rarely redirects to a different node
2707 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2708 ip_adjacency_t *adj0 = ip_get_adjacency (lm, adj_index0);
2709 next0 = adj0->lookup_next_index;
2711 ip0 = vlib_buffer_get_current (b0);
2712 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2713 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2715 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2716 ((hbh0->length + 1) << 3));
2719 * Basic validity checks
2721 if ((hbh0->length + 1) << 3 >
2722 clib_net_to_host_u16 (ip0->payload_length))
2724 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2725 next0 = IP_LOOKUP_NEXT_DROP;
2729 /* Scan the set of h-b-h options, process ones that we understand */
2730 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2733 /* Has the classifier flagged this buffer for special treatment? */
2736 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2737 next0 = hm->next_override;
2739 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2741 ip6_hop_by_hop_trace_t *t =
2742 vlib_add_trace (vm, node, b0, sizeof (*t));
2743 u32 trace_len = (hbh0->length + 1) << 3;
2744 t->next_index = next0;
2745 /* Capture the h-b-h option verbatim */
2748 ARRAY_LEN (t->option_data) ? trace_len :
2749 ARRAY_LEN (t->option_data);
2750 t->trace_len = trace_len;
2751 clib_memcpy (t->option_data, hbh0, trace_len);
2754 b0->error = error_node->errors[error0];
2756 /* verify speculative enqueue, maybe switch current next frame */
2757 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2758 n_left_to_next, bi0, next0);
2760 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2762 return frame->n_vectors;
2766 VLIB_REGISTER_NODE (ip6_hop_by_hop_node) =
2768 .function = ip6_hop_by_hop,
2769 .name = "ip6-hop-by-hop",
2770 .sibling_of = "ip6-lookup",
2771 .vector_size = sizeof (u32),
2772 .format_trace = format_ip6_hop_by_hop_trace,
2773 .type = VLIB_NODE_TYPE_INTERNAL,
2774 .n_errors = ARRAY_LEN (ip6_hop_by_hop_error_strings),
2775 .error_strings = ip6_hop_by_hop_error_strings,
2780 VLIB_NODE_FUNCTION_MULTIARCH (ip6_hop_by_hop_node, ip6_hop_by_hop);
2782 static clib_error_t *
2783 ip6_hop_by_hop_init (vlib_main_t * vm)
2785 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2786 memset (hm->options, 0, sizeof (hm->options));
2787 memset (hm->trace, 0, sizeof (hm->trace));
2788 hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
2792 VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
2795 ip6_hbh_set_next_override (uword next)
2797 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2799 hm->next_override = next;
2803 ip6_hbh_register_option (u8 option,
2804 int options (vlib_buffer_t * b, ip6_header_t * ip,
2805 ip6_hop_by_hop_option_t * opt),
2806 u8 * trace (u8 * s, ip6_hop_by_hop_option_t * opt))
2808 ip6_main_t *im = &ip6_main;
2809 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2811 ASSERT (option < ARRAY_LEN (hm->options));
2813 /* Already registered */
2814 if (hm->options[option])
2817 hm->options[option] = options;
2818 hm->trace[option] = trace;
2820 /* Set global variable */
2821 im->hbh_enabled = 1;
2827 ip6_hbh_unregister_option (u8 option)
2829 ip6_main_t *im = &ip6_main;
2830 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2832 ASSERT (option < ARRAY_LEN (hm->options));
2834 /* Not registered */
2835 if (!hm->options[option])
2838 hm->options[option] = NULL;
2839 hm->trace[option] = NULL;
2841 /* Disable global knob if this was the last option configured */
2844 for (i = 0; i < 256; i++)
2846 if (hm->options[option])
2853 im->hbh_enabled = 0;
2858 /* Global IP6 main. */
2859 ip6_main_t ip6_main;
2861 static clib_error_t *
2862 ip6_lookup_init (vlib_main_t * vm)
2864 ip6_main_t *im = &ip6_main;
2865 clib_error_t *error;
2868 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
2871 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
2878 for (j = 0; j < i0; j++)
2879 im->fib_masks[i].as_u32[j] = ~0;
2882 im->fib_masks[i].as_u32[i0] =
2883 clib_host_to_net_u32 (pow2_mask (i1) << (32 - i1));
2886 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 1);
2888 if (im->lookup_table_nbuckets == 0)
2889 im->lookup_table_nbuckets = IP6_FIB_DEFAULT_HASH_NUM_BUCKETS;
2891 im->lookup_table_nbuckets = 1 << max_log2 (im->lookup_table_nbuckets);
2893 if (im->lookup_table_size == 0)
2894 im->lookup_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE;
2896 BV (clib_bihash_init) (&(im->ip6_table[IP6_FIB_TABLE_FWDING].ip6_hash),
2897 "ip6 FIB fwding table",
2898 im->lookup_table_nbuckets, im->lookup_table_size);
2899 BV (clib_bihash_init) (&im->ip6_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash,
2900 "ip6 FIB non-fwding table",
2901 im->lookup_table_nbuckets, im->lookup_table_size);
2903 /* Create FIB with index 0 and table id of 0. */
2904 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2905 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0);
2909 pn = pg_get_node (ip6_lookup_node.index);
2910 pn->unformat_edit = unformat_pg_ip6_header;
2913 /* Unless explicitly configured, don't process HBH options */
2914 im->hbh_enabled = 0;
2917 icmp6_neighbor_solicitation_header_t p;
2919 memset (&p, 0, sizeof (p));
2921 p.ip.ip_version_traffic_class_and_flow_label =
2922 clib_host_to_net_u32 (0x6 << 28);
2923 p.ip.payload_length =
2924 clib_host_to_net_u16 (sizeof (p) -
2926 (icmp6_neighbor_solicitation_header_t, neighbor));
2927 p.ip.protocol = IP_PROTOCOL_ICMP6;
2928 p.ip.hop_limit = 255;
2929 ip6_set_solicited_node_multicast_address (&p.ip.dst_address, 0);
2931 p.neighbor.icmp.type = ICMP6_neighbor_solicitation;
2933 p.link_layer_option.header.type =
2934 ICMP6_NEIGHBOR_DISCOVERY_OPTION_source_link_layer_address;
2935 p.link_layer_option.header.n_data_u64s =
2936 sizeof (p.link_layer_option) / sizeof (u64);
2938 vlib_packet_template_init (vm,
2939 &im->discover_neighbor_packet_template,
2941 /* alloc chunk size */ 8,
2942 "ip6 neighbor discovery");
2948 VLIB_INIT_FUNCTION (ip6_lookup_init);
2950 static clib_error_t *
2951 add_del_ip6_interface_table (vlib_main_t * vm,
2952 unformat_input_t * input,
2953 vlib_cli_command_t * cmd)
2955 vnet_main_t *vnm = vnet_get_main ();
2956 clib_error_t *error = 0;
2957 u32 sw_if_index, table_id;
2961 if (!unformat_user (input, unformat_vnet_sw_interface, vnm, &sw_if_index))
2963 error = clib_error_return (0, "unknown interface `%U'",
2964 format_unformat_error, input);
2968 if (unformat (input, "%d", &table_id))
2972 error = clib_error_return (0, "expected table id `%U'",
2973 format_unformat_error, input);
2978 u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
2981 vec_validate (ip6_main.fib_index_by_sw_if_index, sw_if_index);
2982 ip6_main.fib_index_by_sw_if_index[sw_if_index] = fib_index;
2984 fib_index = mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
2987 vec_validate (ip6_main.mfib_index_by_sw_if_index, sw_if_index);
2988 ip6_main.mfib_index_by_sw_if_index[sw_if_index] = fib_index;
2997 * Place the indicated interface into the supplied IPv6 FIB table (also known
2998 * as a VRF). If the FIB table does not exist, this command creates it. To
2999 * display the current IPv6 FIB table, use the command '<em>show ip6 fib</em>'.
3000 * FIB table will only be displayed if a route has been added to the table, or
3001 * an IP Address is assigned to an interface in the table (which adds a route
3004 * @note IP addresses added after setting the interface IP table end up in
3005 * the indicated FIB table. If the IP address is added prior to adding the
3006 * interface to the FIB table, it will NOT be part of the FIB table. Predictable
3007 * but potentially counter-intuitive results occur if you provision interface
3008 * addresses in multiple FIBs. Upon RX, packets will be processed in the last
3009 * IP table ID provisioned. It might be marginally useful to evade source RPF
3010 * drops to put an interface address into multiple FIBs.
3013 * Example of how to add an interface to an IPv6 FIB table (where 2 is the table-id):
3014 * @cliexcmd{set interface ip6 table GigabitEthernet2/0/0 2}
3017 VLIB_CLI_COMMAND (set_interface_ip6_table_command, static) =
3019 .path = "set interface ip6 table",
3020 .function = add_del_ip6_interface_table,
3021 .short_help = "set interface ip6 table <interface> <table-id>"
3026 ip6_link_local_address_from_ethernet_mac_address (ip6_address_t * ip,
3029 ip->as_u64[0] = clib_host_to_net_u64 (0xFE80000000000000ULL);
3030 /* Invert the "u" bit */
3031 ip->as_u8[8] = mac[0] ^ (1 << 1);
3032 ip->as_u8[9] = mac[1];
3033 ip->as_u8[10] = mac[2];
3034 ip->as_u8[11] = 0xFF;
3035 ip->as_u8[12] = 0xFE;
3036 ip->as_u8[13] = mac[3];
3037 ip->as_u8[14] = mac[4];
3038 ip->as_u8[15] = mac[5];
3042 ip6_ethernet_mac_address_from_link_local_address (u8 * mac,
3045 /* Invert the previously inverted "u" bit */
3046 mac[0] = ip->as_u8[8] ^ (1 << 1);
3047 mac[1] = ip->as_u8[9];
3048 mac[2] = ip->as_u8[10];
3049 mac[3] = ip->as_u8[13];
3050 mac[4] = ip->as_u8[14];
3051 mac[5] = ip->as_u8[15];
3054 static clib_error_t *
3055 test_ip6_link_command_fn (vlib_main_t * vm,
3056 unformat_input_t * input, vlib_cli_command_t * cmd)
3059 ip6_address_t _a, *a = &_a;
3061 if (unformat (input, "%U", unformat_ethernet_address, mac))
3063 ip6_link_local_address_from_ethernet_mac_address (a, mac);
3064 vlib_cli_output (vm, "Link local address: %U", format_ip6_address, a);
3065 ip6_ethernet_mac_address_from_link_local_address (mac, a);
3066 vlib_cli_output (vm, "Original MAC address: %U",
3067 format_ethernet_address, mac);
3074 * This command converts the given MAC Address into an IPv6 link-local
3078 * Example of how to create an IPv6 link-local address:
3079 * @cliexstart{test ip6 link 16:d9:e0:91:79:86}
3080 * Link local address: fe80::14d9:e0ff:fe91:7986
3081 * Original MAC address: 16:d9:e0:91:79:86
3085 VLIB_CLI_COMMAND (test_link_command, static) =
3087 .path = "test ip6 link",
3088 .function = test_ip6_link_command_fn,
3089 .short_help = "test ip6 link <mac-address>",
3094 vnet_set_ip6_flow_hash (u32 table_id, u32 flow_hash_config)
3096 ip6_main_t *im6 = &ip6_main;
3098 uword *p = hash_get (im6->fib_index_by_table_id, table_id);
3103 fib = ip6_fib_get (p[0]);
3105 fib->flow_hash_config = flow_hash_config;
3109 static clib_error_t *
3110 set_ip6_flow_hash_command_fn (vlib_main_t * vm,
3111 unformat_input_t * input,
3112 vlib_cli_command_t * cmd)
3116 u32 flow_hash_config = 0;
3119 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3121 if (unformat (input, "table %d", &table_id))
3124 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
3125 foreach_flow_hash_bit
3132 return clib_error_return (0, "unknown input `%U'",
3133 format_unformat_error, input);
3135 rv = vnet_set_ip6_flow_hash (table_id, flow_hash_config);
3142 return clib_error_return (0, "no such FIB table %d", table_id);
3145 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
3153 * Configure the set of IPv6 fields used by the flow hash.
3157 * Example of how to set the flow hash on a given table:
3158 * @cliexcmd{set ip6 flow-hash table 8 dst sport dport proto}
3160 * Example of display the configured flow hash:
3161 * @cliexstart{show ip6 fib}
3162 * ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
3165 * [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
3166 * [0] [@0]: dpo-drop ip6
3169 * [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
3170 * [0] [@2]: dpo-receive
3173 * [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
3174 * [0] [@2]: dpo-receive
3177 * [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
3178 * [0] [@2]: dpo-receive
3181 * [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
3182 * [0] [@2]: dpo-receive
3183 * ff02::1:ff00:0/104
3185 * [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
3186 * [0] [@2]: dpo-receive
3187 * ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
3190 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
3191 * [0] [@0]: dpo-drop ip6
3194 * [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
3195 * [0] [@4]: ipv6-glean: af_packet0
3198 * [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
3199 * [0] [@2]: dpo-receive: @::a:1:1:0:7 on af_packet0
3202 * [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
3203 * [0] [@2]: dpo-receive
3204 * fe80::fe:3eff:fe3e:9222/128
3206 * [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
3207 * [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
3210 * [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
3211 * [0] [@2]: dpo-receive
3214 * [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
3215 * [0] [@2]: dpo-receive
3218 * [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
3219 * [0] [@2]: dpo-receive
3220 * ff02::1:ff00:0/104
3222 * [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
3223 * [0] [@2]: dpo-receive
3228 VLIB_CLI_COMMAND (set_ip6_flow_hash_command, static) =
3230 .path = "set ip6 flow-hash",
3232 "set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
3233 .function = set_ip6_flow_hash_command_fn,
3237 static clib_error_t *
3238 show_ip6_local_command_fn (vlib_main_t * vm,
3239 unformat_input_t * input, vlib_cli_command_t * cmd)
3241 ip6_main_t *im = &ip6_main;
3242 ip_lookup_main_t *lm = &im->lookup_main;
3245 vlib_cli_output (vm, "Protocols handled by ip6_local");
3246 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
3248 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
3249 vlib_cli_output (vm, "%d", i);
3257 * Display the set of protocols handled by the local IPv6 stack.
3260 * Example of how to display local protocol table:
3261 * @cliexstart{show ip6 local}
3262 * Protocols handled by ip6_local
3270 VLIB_CLI_COMMAND (show_ip6_local, static) =
3272 .path = "show ip6 local",
3273 .function = show_ip6_local_command_fn,
3274 .short_help = "show ip6 local",
3279 vnet_set_ip6_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3282 vnet_main_t *vnm = vnet_get_main ();
3283 vnet_interface_main_t *im = &vnm->interface_main;
3284 ip6_main_t *ipm = &ip6_main;
3285 ip_lookup_main_t *lm = &ipm->lookup_main;
3286 vnet_classify_main_t *cm = &vnet_classify_main;
3287 ip6_address_t *if_addr;
3289 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3290 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3292 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3293 return VNET_API_ERROR_NO_SUCH_ENTRY;
3295 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3296 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3298 if_addr = ip6_interface_first_address (ipm, sw_if_index, NULL);
3300 if (NULL != if_addr)
3302 fib_prefix_t pfx = {
3304 .fp_proto = FIB_PROTOCOL_IP6,
3305 .fp_addr.ip6 = *if_addr,
3309 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3313 if (table_index != (u32) ~ 0)
3315 dpo_id_t dpo = DPO_INVALID;
3320 classify_dpo_create (DPO_PROTO_IP6, table_index));
3322 fib_table_entry_special_dpo_add (fib_index,
3324 FIB_SOURCE_CLASSIFY,
3325 FIB_ENTRY_FLAG_NONE, &dpo);
3330 fib_table_entry_special_remove (fib_index,
3331 &pfx, FIB_SOURCE_CLASSIFY);
3338 static clib_error_t *
3339 set_ip6_classify_command_fn (vlib_main_t * vm,
3340 unformat_input_t * input,
3341 vlib_cli_command_t * cmd)
3343 u32 table_index = ~0;
3344 int table_index_set = 0;
3345 u32 sw_if_index = ~0;
3348 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3350 if (unformat (input, "table-index %d", &table_index))
3351 table_index_set = 1;
3352 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3353 vnet_get_main (), &sw_if_index))
3359 if (table_index_set == 0)
3360 return clib_error_return (0, "classify table-index must be specified");
3362 if (sw_if_index == ~0)
3363 return clib_error_return (0, "interface / subif must be specified");
3365 rv = vnet_set_ip6_classify_intfc (vm, sw_if_index, table_index);
3372 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3373 return clib_error_return (0, "No such interface");
3375 case VNET_API_ERROR_NO_SUCH_ENTRY:
3376 return clib_error_return (0, "No such classifier table");
3382 * Assign a classification table to an interface. The classification
3383 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3384 * commands. Once the table is create, use this command to filter packets
3388 * Example of how to assign a classification table to an interface:
3389 * @cliexcmd{set ip6 classify intfc GigabitEthernet2/0/0 table-index 1}
3392 VLIB_CLI_COMMAND (set_ip6_classify_command, static) =
3394 .path = "set ip6 classify",
3396 "set ip6 classify intfc <interface> table-index <classify-idx>",
3397 .function = set_ip6_classify_command_fn,
3401 static clib_error_t *
3402 ip6_config (vlib_main_t * vm, unformat_input_t * input)
3404 ip6_main_t *im = &ip6_main;
3409 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3411 if (unformat (input, "hash-buckets %d", &tmp))
3413 else if (unformat (input, "heap-size %dm", &tmp))
3414 heapsize = ((u64) tmp) << 20;
3415 else if (unformat (input, "heap-size %dM", &tmp))
3416 heapsize = ((u64) tmp) << 20;
3417 else if (unformat (input, "heap-size %dg", &tmp))
3418 heapsize = ((u64) tmp) << 30;
3419 else if (unformat (input, "heap-size %dG", &tmp))
3420 heapsize = ((u64) tmp) << 30;
3422 return clib_error_return (0, "unknown input '%U'",
3423 format_unformat_error, input);
3426 im->lookup_table_nbuckets = nbuckets;
3427 im->lookup_table_size = heapsize;
3432 VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
3435 * fd.io coding-style-patch-verification: ON
3438 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob