2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * ip/ip6_forward.c: IP v6 forwarding
18 * Copyright (c) 2008 Eliot Dresselhaus
20 * Permission is hereby granted, free of charge, to any person obtaining
21 * a copy of this software and associated documentation files (the
22 * "Software"), to deal in the Software without restriction, including
23 * without limitation the rights to use, copy, modify, merge, publish,
24 * distribute, sublicense, and/or sell copies of the Software, and to
25 * permit persons to whom the Software is furnished to do so, subject to
26 * the following conditions:
28 * The above copyright notice and this permission notice shall be
29 * included in all copies or substantial portions of the Software.
31 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
40 #include <vnet/vnet.h>
41 #include <vnet/ip/ip.h>
42 #include <vnet/ip/ip_frag.h>
43 #include <vnet/ip/ip6_link.h>
44 #include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
45 #include <vnet/srp/srp.h> /* for srp_hw_interface_class */
46 #include <vppinfra/cache.h>
47 #include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
48 #include <vnet/fib/ip6_fib.h>
49 #include <vnet/mfib/ip6_mfib.h>
50 #include <vnet/dpo/load_balance_map.h>
51 #include <vnet/dpo/classify_dpo.h>
52 #include <vnet/classify/vnet_classify.h>
54 #ifndef CLIB_MARCH_VARIANT
55 #include <vppinfra/bihash_template.c>
57 #include <vnet/ip/ip6_forward.h>
58 #include <vnet/interface_output.h>
60 /* Flag used by IOAM code. Classifier sets it pop-hop-by-hop checks it */
61 #define OI_DECAP 0x80000000
64 ip6_add_interface_prefix_routes (ip6_main_t * im,
67 ip6_address_t * address, u32 address_length)
69 ip_lookup_main_t *lm = &im->lookup_main;
70 ip_interface_prefix_t *if_prefix;
73 ip_interface_prefix_key_t key = {
75 .fp_len = address_length,
76 .fp_proto = FIB_PROTOCOL_IP6,
79 address->as_u64[0] & im->fib_masks[address_length].as_u64[0],
80 address->as_u64[1] & im->fib_masks[address_length].as_u64[1],
84 .sw_if_index = sw_if_index,
88 /* If prefix already set on interface, just increment ref count & return */
89 if_prefix = ip_get_interface_prefix (lm, &key);
92 if_prefix->ref_count += 1;
96 /* New prefix - allocate a pool entry, initialize it, add to the hash */
97 pool_get (lm->if_prefix_pool, if_prefix);
98 if_prefix->ref_count = 1;
99 clib_memcpy (&if_prefix->key, &key, sizeof (key));
100 mhash_set (&lm->prefix_to_if_prefix_index, &key,
101 if_prefix - lm->if_prefix_pool, 0 /* old value */ );
103 /* length < 128 - add glean */
104 if (address_length < 128)
106 /* set the glean route for the prefix */
107 fib_table_entry_update_one_path (fib_index, &key.prefix,
108 FIB_SOURCE_INTERFACE,
109 (FIB_ENTRY_FLAG_CONNECTED |
110 FIB_ENTRY_FLAG_ATTACHED),
112 /* No next-hop address */
114 /* invalid FIB index */
116 /* no out-label stack */
117 NULL, FIB_ROUTE_PATH_FLAG_NONE);
122 ip6_add_interface_routes (vnet_main_t * vnm, u32 sw_if_index,
123 ip6_main_t * im, u32 fib_index,
124 ip_interface_address_t * a)
126 ip_lookup_main_t *lm = &im->lookup_main;
127 ip6_address_t *address = ip_interface_address_get_address (lm, a);
129 .fp_len = a->address_length,
130 .fp_proto = FIB_PROTOCOL_IP6,
131 .fp_addr.ip6 = *address,
134 /* set special routes for the prefix if needed */
135 ip6_add_interface_prefix_routes (im, sw_if_index, fib_index,
136 address, a->address_length);
139 if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
141 u32 classify_table_index =
142 lm->classify_table_index_by_sw_if_index[sw_if_index];
143 if (classify_table_index != (u32) ~ 0)
145 dpo_id_t dpo = DPO_INVALID;
150 classify_dpo_create (DPO_PROTO_IP6, classify_table_index));
152 fib_table_entry_special_dpo_add (fib_index,
155 FIB_ENTRY_FLAG_NONE, &dpo);
160 fib_table_entry_update_one_path (fib_index, &pfx,
161 FIB_SOURCE_INTERFACE,
162 (FIB_ENTRY_FLAG_CONNECTED |
163 FIB_ENTRY_FLAG_LOCAL),
167 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
171 ip6_del_interface_prefix_routes (ip6_main_t * im,
174 ip6_address_t * address, u32 address_length)
176 ip_lookup_main_t *lm = &im->lookup_main;
177 ip_interface_prefix_t *if_prefix;
180 ip_interface_prefix_key_t key = {
182 .fp_len = address_length,
183 .fp_proto = FIB_PROTOCOL_IP6,
186 address->as_u64[0] & im->fib_masks[address_length].as_u64[0],
187 address->as_u64[1] & im->fib_masks[address_length].as_u64[1],
191 .sw_if_index = sw_if_index,
195 if_prefix = ip_get_interface_prefix (lm, &key);
198 clib_warning ("Prefix not found while deleting %U",
199 format_ip4_address_and_length, address, address_length);
203 /* If not deleting last intf addr in prefix, decrement ref count & return */
204 if_prefix->ref_count -= 1;
205 if (if_prefix->ref_count > 0)
208 /* length <= 128, delete glean route */
209 if (address_length <= 128)
211 /* remove glean route for prefix */
212 fib_table_entry_delete (fib_index, &key.prefix, FIB_SOURCE_INTERFACE);
215 mhash_unset (&lm->prefix_to_if_prefix_index, &key, 0 /* old_value */ );
216 pool_put (lm->if_prefix_pool, if_prefix);
220 ip6_del_interface_routes (u32 sw_if_index, ip6_main_t * im,
222 ip6_address_t * address, u32 address_length)
226 .fp_proto = FIB_PROTOCOL_IP6,
227 .fp_addr.ip6 = *address,
230 /* delete special routes for the prefix if needed */
231 ip6_del_interface_prefix_routes (im, sw_if_index, fib_index,
232 address, address_length);
234 fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
237 #ifndef CLIB_MARCH_VARIANT
239 ip6_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
241 ip6_main_t *im = &ip6_main;
243 vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
246 * enable/disable only on the 1<->0 transition
250 if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
255 /* The ref count is 0 when an address is removed from an interface that has
256 * no address - this is not a ciritical error */
257 if (0 == im->ip_enabled_by_sw_if_index[sw_if_index] ||
258 0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
262 vnet_feature_enable_disable ("ip6-unicast", "ip6-not-enabled", sw_if_index,
265 vnet_feature_enable_disable ("ip6-multicast", "ip6-not-enabled",
266 sw_if_index, !is_enable, 0, 0);
269 /* get first interface address */
271 ip6_interface_first_address (ip6_main_t * im, u32 sw_if_index)
273 ip_lookup_main_t *lm = &im->lookup_main;
274 ip_interface_address_t *ia = 0;
275 ip6_address_t *result = 0;
278 foreach_ip_interface_address (lm, ia, sw_if_index,
279 1 /* honor unnumbered */,
281 ip6_address_t * a = ip_interface_address_get_address (lm, ia);
290 ip6_add_del_interface_address (vlib_main_t * vm,
292 ip6_address_t * address,
293 u32 address_length, u32 is_del)
295 vnet_main_t *vnm = vnet_get_main ();
296 ip6_main_t *im = &ip6_main;
297 ip_lookup_main_t *lm = &im->lookup_main;
298 clib_error_t *error = NULL;
299 u32 if_address_index;
300 ip6_address_fib_t ip6_af, *addr_fib = 0;
301 const ip6_address_t *ll_addr;
303 /* local0 interface doesn't support IP addressing */
304 if (sw_if_index == 0)
307 clib_error_create ("local0 interface doesn't support IP addressing");
310 if (ip6_address_is_link_local_unicast (address))
312 if (address_length != 128)
314 vnm->api_errno = VNET_API_ERROR_ADDRESS_LENGTH_MISMATCH;
317 ("prefix length of link-local address must be 128");
323 rv = ip6_link_set_local_address (sw_if_index, address);
328 return clib_error_create ("address not assignable");
333 ll_addr = ip6_get_link_local_address (sw_if_index);
334 if (ip6_address_is_equal (ll_addr, address))
336 vnm->api_errno = VNET_API_ERROR_ADDRESS_NOT_DELETABLE;
337 return clib_error_create ("address not deletable");
341 vnm->api_errno = VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
342 return clib_error_create ("address not found");
349 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
350 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
352 ip6_addr_fib_init (&ip6_af, address,
353 vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
354 vec_add1 (addr_fib, ip6_af);
359 /* When adding an address check that it does not conflict
360 with an existing address on any interface in this table. */
361 ip_interface_address_t *ia;
362 vnet_sw_interface_t *sif;
364 pool_foreach(sif, vnm->interface_main.sw_interfaces,
366 if (im->fib_index_by_sw_if_index[sw_if_index] ==
367 im->fib_index_by_sw_if_index[sif->sw_if_index])
369 foreach_ip_interface_address
370 (&im->lookup_main, ia, sif->sw_if_index,
371 0 /* honor unnumbered */ ,
374 ip_interface_address_get_address
375 (&im->lookup_main, ia);
377 if (ip6_destination_matches_route
378 (im, address, x, ia->address_length) ||
379 ip6_destination_matches_route (im,
384 /* an intf may have >1 addr from the same prefix */
385 if ((sw_if_index == sif->sw_if_index) &&
386 (ia->address_length == address_length) &&
387 !ip6_address_is_equal (x, address))
390 if (ia->flags & IP_INTERFACE_ADDRESS_FLAG_STALE)
391 /* if the address we're comparing against is stale
392 * then the CP has not added this one back yet, maybe
393 * it never will, so we have to assume it won't and
394 * ignore it. if it does add it back, then it will fail
395 * because this one is now present */
398 /* error if the length or intf was different */
399 vnm->api_errno = VNET_API_ERROR_DUPLICATE_IF_ADDRESS;
400 error = clib_error_create
401 ("failed to add %U which conflicts with %U for interface %U",
402 format_ip6_address_and_length, address,
404 format_ip6_address_and_length, x,
406 format_vnet_sw_if_index_name, vnm,
416 if_address_index = ip_interface_address_find (lm, addr_fib, address_length);
420 if (~0 == if_address_index)
422 vnm->api_errno = VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
423 error = clib_error_create ("%U not found for interface %U",
424 lm->format_address_and_length,
425 addr_fib, address_length,
426 format_vnet_sw_if_index_name, vnm,
431 error = ip_interface_address_del (lm, vnm, if_address_index, addr_fib,
432 address_length, sw_if_index);
438 if (~0 != if_address_index)
440 ip_interface_address_t *ia;
442 ia = pool_elt_at_index (lm->if_address_pool, if_address_index);
444 if (ia->flags & IP_INTERFACE_ADDRESS_FLAG_STALE)
446 if (ia->sw_if_index == sw_if_index)
448 /* re-adding an address during the replace action.
449 * consdier this the update. clear the flag and
451 ia->flags &= ~IP_INTERFACE_ADDRESS_FLAG_STALE;
456 /* The prefix is moving from one interface to another.
457 * delete the stale and add the new */
458 ip6_add_del_interface_address (vm,
460 address, address_length, 1);
462 error = ip_interface_address_add (lm, sw_if_index,
463 addr_fib, address_length,
469 vnm->api_errno = VNET_API_ERROR_DUPLICATE_IF_ADDRESS;
470 error = clib_error_create
471 ("Prefix %U already found on interface %U",
472 lm->format_address_and_length, addr_fib, address_length,
473 format_vnet_sw_if_index_name, vnm, ia->sw_if_index);
477 error = ip_interface_address_add (lm, sw_if_index,
478 addr_fib, address_length,
485 ip6_sw_interface_enable_disable (sw_if_index, !is_del);
487 ip6_link_enable (sw_if_index, NULL);
489 /* intf addr routes are added/deleted on admin up/down */
490 if (vnet_sw_interface_is_admin_up (vnm, sw_if_index))
493 ip6_del_interface_routes (sw_if_index,
494 im, ip6_af.fib_index, address,
497 ip6_add_interface_routes (vnm, sw_if_index,
498 im, ip6_af.fib_index,
499 pool_elt_at_index (lm->if_address_pool,
503 ip6_add_del_interface_address_callback_t *cb;
504 vec_foreach (cb, im->add_del_interface_address_callbacks)
505 cb->function (im, cb->function_opaque, sw_if_index,
506 address, address_length, if_address_index, is_del);
509 ip6_link_disable (sw_if_index);
518 static clib_error_t *
519 ip6_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
521 ip6_main_t *im = &ip6_main;
522 ip_interface_address_t *ia;
524 u32 is_admin_up, fib_index;
526 /* Fill in lookup tables with default table (0). */
527 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
529 vec_validate_init_empty (im->
530 lookup_main.if_address_pool_index_by_sw_if_index,
533 is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
535 fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
538 foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
539 0 /* honor unnumbered */,
541 a = ip_interface_address_get_address (&im->lookup_main, ia);
543 ip6_add_interface_routes (vnm, sw_if_index,
547 ip6_del_interface_routes (sw_if_index, im, fib_index,
548 a, ia->address_length);
555 VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip6_sw_interface_admin_up_down);
557 /* Built-in ip6 unicast rx feature path definition */
559 VNET_FEATURE_ARC_INIT (ip6_unicast, static) =
561 .arc_name = "ip6-unicast",
562 .start_nodes = VNET_FEATURES ("ip6-input"),
563 .last_in_arc = "ip6-lookup",
564 .arc_index_ptr = &ip6_main.lookup_main.ucast_feature_arc_index,
567 VNET_FEATURE_INIT (ip6_flow_classify, static) =
569 .arc_name = "ip6-unicast",
570 .node_name = "ip6-flow-classify",
571 .runs_before = VNET_FEATURES ("ip6-inacl"),
574 VNET_FEATURE_INIT (ip6_inacl, static) =
576 .arc_name = "ip6-unicast",
577 .node_name = "ip6-inacl",
578 .runs_before = VNET_FEATURES ("ip6-policer-classify"),
581 VNET_FEATURE_INIT (ip6_policer_classify, static) =
583 .arc_name = "ip6-unicast",
584 .node_name = "ip6-policer-classify",
585 .runs_before = VNET_FEATURES ("ipsec6-input-feature"),
588 VNET_FEATURE_INIT (ip6_ipsec, static) =
590 .arc_name = "ip6-unicast",
591 .node_name = "ipsec6-input-feature",
592 .runs_before = VNET_FEATURES ("l2tp-decap"),
595 VNET_FEATURE_INIT (ip6_l2tp, static) =
597 .arc_name = "ip6-unicast",
598 .node_name = "l2tp-decap",
599 .runs_before = VNET_FEATURES ("vpath-input-ip6"),
602 VNET_FEATURE_INIT (ip6_vpath, static) =
604 .arc_name = "ip6-unicast",
605 .node_name = "vpath-input-ip6",
606 .runs_before = VNET_FEATURES ("ip6-vxlan-bypass"),
609 VNET_FEATURE_INIT (ip6_vxlan_bypass, static) =
611 .arc_name = "ip6-unicast",
612 .node_name = "ip6-vxlan-bypass",
613 .runs_before = VNET_FEATURES ("ip6-lookup"),
616 VNET_FEATURE_INIT (ip6_not_enabled, static) =
618 .arc_name = "ip6-unicast",
619 .node_name = "ip6-not-enabled",
620 .runs_before = VNET_FEATURES ("ip6-lookup"),
623 VNET_FEATURE_INIT (ip6_lookup, static) =
625 .arc_name = "ip6-unicast",
626 .node_name = "ip6-lookup",
627 .runs_before = 0, /*last feature*/
630 /* Built-in ip6 multicast rx feature path definition (none now) */
631 VNET_FEATURE_ARC_INIT (ip6_multicast, static) =
633 .arc_name = "ip6-multicast",
634 .start_nodes = VNET_FEATURES ("ip6-input"),
635 .last_in_arc = "ip6-mfib-forward-lookup",
636 .arc_index_ptr = &ip6_main.lookup_main.mcast_feature_arc_index,
639 VNET_FEATURE_INIT (ip6_vpath_mc, static) = {
640 .arc_name = "ip6-multicast",
641 .node_name = "vpath-input-ip6",
642 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
645 VNET_FEATURE_INIT (ip6_not_enabled_mc, static) = {
646 .arc_name = "ip6-multicast",
647 .node_name = "ip6-not-enabled",
648 .runs_before = VNET_FEATURES ("ip6-mfib-forward-lookup"),
651 VNET_FEATURE_INIT (ip6_mc_lookup, static) = {
652 .arc_name = "ip6-multicast",
653 .node_name = "ip6-mfib-forward-lookup",
654 .runs_before = 0, /* last feature */
657 /* Built-in ip4 tx feature path definition */
658 VNET_FEATURE_ARC_INIT (ip6_output, static) =
660 .arc_name = "ip6-output",
661 .start_nodes = VNET_FEATURES ("ip6-rewrite", "ip6-midchain", "ip6-dvr-dpo"),
662 .last_in_arc = "interface-output",
663 .arc_index_ptr = &ip6_main.lookup_main.output_feature_arc_index,
666 VNET_FEATURE_INIT (ip6_outacl, static) = {
667 .arc_name = "ip6-output",
668 .node_name = "ip6-outacl",
669 .runs_before = VNET_FEATURES ("ipsec6-output-feature"),
672 VNET_FEATURE_INIT (ip6_ipsec_output, static) = {
673 .arc_name = "ip6-output",
674 .node_name = "ipsec6-output-feature",
675 .runs_before = VNET_FEATURES ("interface-output"),
678 VNET_FEATURE_INIT (ip6_interface_output, static) = {
679 .arc_name = "ip6-output",
680 .node_name = "interface-output",
681 .runs_before = 0, /* not before any other features */
685 static clib_error_t *
686 ip6_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
688 ip6_main_t *im = &ip6_main;
690 vec_validate (im->fib_index_by_sw_if_index, sw_if_index);
691 vec_validate (im->mfib_index_by_sw_if_index, sw_if_index);
695 /* Ensure that IPv6 is disabled */
696 ip6_main_t *im6 = &ip6_main;
697 ip_lookup_main_t *lm6 = &im6->lookup_main;
698 ip_interface_address_t *ia = 0;
699 ip6_address_t *address;
700 vlib_main_t *vm = vlib_get_main ();
702 vnet_sw_interface_update_unnumbered (sw_if_index, ~0, 0);
704 foreach_ip_interface_address (lm6, ia, sw_if_index, 0,
706 address = ip_interface_address_get_address (lm6, ia);
707 ip6_add_del_interface_address(vm, sw_if_index, address, ia->address_length, 1);
710 ip6_mfib_interface_enable_disable (sw_if_index, 0);
713 vnet_feature_enable_disable ("ip6-unicast", "ip6-not-enabled", sw_if_index,
716 vnet_feature_enable_disable ("ip6-multicast", "ip6-not-enabled",
717 sw_if_index, is_add, 0, 0);
719 return /* no error */ 0;
722 VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip6_sw_interface_add_del);
724 VLIB_NODE_FN (ip6_lookup_node) (vlib_main_t * vm,
725 vlib_node_runtime_t * node,
726 vlib_frame_t * frame)
728 return ip6_lookup_inline (vm, node, frame);
731 static u8 *format_ip6_lookup_trace (u8 * s, va_list * args);
734 VLIB_REGISTER_NODE (ip6_lookup_node) =
736 .name = "ip6-lookup",
737 .vector_size = sizeof (u32),
738 .format_trace = format_ip6_lookup_trace,
739 .n_next_nodes = IP6_LOOKUP_N_NEXT,
740 .next_nodes = IP6_LOOKUP_NEXT_NODES,
744 VLIB_NODE_FN (ip6_load_balance_node) (vlib_main_t * vm,
745 vlib_node_runtime_t * node,
746 vlib_frame_t * frame)
748 vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
750 u32 thread_index = vm->thread_index;
751 ip6_main_t *im = &ip6_main;
752 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
753 u16 nexts[VLIB_FRAME_SIZE], *next;
755 from = vlib_frame_vector_args (frame);
756 n_left = frame->n_vectors;
759 vlib_get_buffers (vm, from, bufs, n_left);
763 const load_balance_t *lb0, *lb1;
764 const ip6_header_t *ip0, *ip1;
765 u32 lbi0, hc0, lbi1, hc1;
766 const dpo_id_t *dpo0, *dpo1;
768 /* Prefetch next iteration. */
770 vlib_prefetch_buffer_header (b[2], STORE);
771 vlib_prefetch_buffer_header (b[3], STORE);
773 CLIB_PREFETCH (b[2]->data, sizeof (ip0[0]), STORE);
774 CLIB_PREFETCH (b[3]->data, sizeof (ip0[0]), STORE);
777 ip0 = vlib_buffer_get_current (b[0]);
778 ip1 = vlib_buffer_get_current (b[1]);
779 lbi0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
780 lbi1 = vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
782 lb0 = load_balance_get (lbi0);
783 lb1 = load_balance_get (lbi1);
786 * this node is for via FIBs we can re-use the hash value from the
787 * to node if present.
788 * We don't want to use the same hash value at each level in the recursion
789 * graph as that would lead to polarisation
793 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
795 if (PREDICT_TRUE (vnet_buffer (b[0])->ip.flow_hash))
797 hc0 = vnet_buffer (b[0])->ip.flow_hash =
798 vnet_buffer (b[0])->ip.flow_hash >> 1;
802 hc0 = vnet_buffer (b[0])->ip.flow_hash =
803 ip6_compute_flow_hash (ip0, lb0->lb_hash_config);
805 dpo0 = load_balance_get_fwd_bucket
806 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
810 dpo0 = load_balance_get_bucket_i (lb0, 0);
812 if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
814 if (PREDICT_TRUE (vnet_buffer (b[1])->ip.flow_hash))
816 hc1 = vnet_buffer (b[1])->ip.flow_hash =
817 vnet_buffer (b[1])->ip.flow_hash >> 1;
821 hc1 = vnet_buffer (b[1])->ip.flow_hash =
822 ip6_compute_flow_hash (ip1, lb1->lb_hash_config);
824 dpo1 = load_balance_get_fwd_bucket
825 (lb1, (hc1 & (lb1->lb_n_buckets_minus_1)));
829 dpo1 = load_balance_get_bucket_i (lb1, 0);
832 next[0] = dpo0->dpoi_next_node;
833 next[1] = dpo1->dpoi_next_node;
835 /* Only process the HBH Option Header if explicitly configured to do so */
836 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
838 next[0] = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
839 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next[0];
841 /* Only process the HBH Option Header if explicitly configured to do so */
842 if (PREDICT_FALSE (ip1->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
844 next[1] = (dpo_is_adj (dpo1) && im->hbh_enabled) ?
845 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next[1];
848 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
849 vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
851 vlib_increment_combined_counter
852 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, b[0]));
853 vlib_increment_combined_counter
854 (cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, b[1]));
863 const load_balance_t *lb0;
864 const ip6_header_t *ip0;
865 const dpo_id_t *dpo0;
868 ip0 = vlib_buffer_get_current (b[0]);
869 lbi0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
871 lb0 = load_balance_get (lbi0);
874 if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
876 if (PREDICT_TRUE (vnet_buffer (b[0])->ip.flow_hash))
878 hc0 = vnet_buffer (b[0])->ip.flow_hash =
879 vnet_buffer (b[0])->ip.flow_hash >> 1;
883 hc0 = vnet_buffer (b[0])->ip.flow_hash =
884 ip6_compute_flow_hash (ip0, lb0->lb_hash_config);
886 dpo0 = load_balance_get_fwd_bucket
887 (lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
891 dpo0 = load_balance_get_bucket_i (lb0, 0);
894 next[0] = dpo0->dpoi_next_node;
895 vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
897 /* Only process the HBH Option Header if explicitly configured to do so */
898 if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
900 next[0] = (dpo_is_adj (dpo0) && im->hbh_enabled) ?
901 (ip_lookup_next_t) IP6_LOOKUP_NEXT_HOP_BY_HOP : next[0];
904 vlib_increment_combined_counter
905 (cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, b[0]));
912 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
914 if (node->flags & VLIB_NODE_FLAG_TRACE)
915 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
917 return frame->n_vectors;
921 VLIB_REGISTER_NODE (ip6_load_balance_node) =
923 .name = "ip6-load-balance",
924 .vector_size = sizeof (u32),
925 .sibling_of = "ip6-lookup",
926 .format_trace = format_ip6_lookup_trace,
932 /* Adjacency taken. */
937 /* Packet data, possibly *after* rewrite. */
938 u8 packet_data[128 - 1 * sizeof (u32)];
940 ip6_forward_next_trace_t;
942 #ifndef CLIB_MARCH_VARIANT
944 format_ip6_forward_next_trace (u8 * s, va_list * args)
946 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
947 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
948 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
949 u32 indent = format_get_indent (s);
951 s = format (s, "%U%U",
952 format_white_space, indent,
953 format_ip6_header, t->packet_data, sizeof (t->packet_data));
959 format_ip6_lookup_trace (u8 * s, va_list * args)
961 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
962 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
963 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
964 u32 indent = format_get_indent (s);
966 s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
967 t->fib_index, t->adj_index, t->flow_hash);
968 s = format (s, "\n%U%U",
969 format_white_space, indent,
970 format_ip6_header, t->packet_data, sizeof (t->packet_data));
976 format_ip6_rewrite_trace (u8 * s, va_list * args)
978 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
979 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
980 ip6_forward_next_trace_t *t = va_arg (*args, ip6_forward_next_trace_t *);
981 u32 indent = format_get_indent (s);
983 s = format (s, "tx_sw_if_index %d adj-idx %d : %U flow hash: 0x%08x",
984 t->fib_index, t->adj_index, format_ip_adjacency,
985 t->adj_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
986 s = format (s, "\n%U%U",
987 format_white_space, indent,
988 format_ip_adjacency_packet_data,
989 t->packet_data, sizeof (t->packet_data));
993 /* Common trace function for all ip6-forward next nodes. */
994 #ifndef CLIB_MARCH_VARIANT
996 ip6_forward_next_trace (vlib_main_t * vm,
997 vlib_node_runtime_t * node,
998 vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
1001 ip6_main_t *im = &ip6_main;
1003 n_left = frame->n_vectors;
1004 from = vlib_frame_vector_args (frame);
1009 vlib_buffer_t *b0, *b1;
1010 ip6_forward_next_trace_t *t0, *t1;
1012 /* Prefetch next iteration. */
1013 vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
1014 vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
1019 b0 = vlib_get_buffer (vm, bi0);
1020 b1 = vlib_get_buffer (vm, bi1);
1022 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1024 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1025 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1026 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1028 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1029 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1030 vec_elt (im->fib_index_by_sw_if_index,
1031 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1033 clib_memcpy_fast (t0->packet_data,
1034 vlib_buffer_get_current (b0),
1035 sizeof (t0->packet_data));
1037 if (b1->flags & VLIB_BUFFER_IS_TRACED)
1039 t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
1040 t1->adj_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
1041 t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
1043 (vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
1044 (u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
1045 vec_elt (im->fib_index_by_sw_if_index,
1046 vnet_buffer (b1)->sw_if_index[VLIB_RX]);
1048 clib_memcpy_fast (t1->packet_data,
1049 vlib_buffer_get_current (b1),
1050 sizeof (t1->packet_data));
1060 ip6_forward_next_trace_t *t0;
1064 b0 = vlib_get_buffer (vm, bi0);
1066 if (b0->flags & VLIB_BUFFER_IS_TRACED)
1068 t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
1069 t0->adj_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
1070 t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
1072 (vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
1073 (u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
1074 vec_elt (im->fib_index_by_sw_if_index,
1075 vnet_buffer (b0)->sw_if_index[VLIB_RX]);
1077 clib_memcpy_fast (t0->packet_data,
1078 vlib_buffer_get_current (b0),
1079 sizeof (t0->packet_data));
1086 /* Compute TCP/UDP/ICMP6 checksum in software. */
1088 ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
1089 ip6_header_t * ip0, int *bogus_lengthp)
1092 u16 payload_length, payload_length_host_byte_order;
1094 u32 headers_size = sizeof (ip0[0]);
1095 u8 *data_this_buffer;
1096 u8 next_hdr = ip0->protocol;
1098 ASSERT (bogus_lengthp);
1101 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1102 data_this_buffer = (u8 *) (ip0 + 1);
1103 payload_length = ip0->payload_length;
1105 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets)
1106 * or UDP-Ping packets */
1107 if (PREDICT_FALSE (next_hdr == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS))
1110 ip6_hop_by_hop_ext_t *ext_hdr =
1111 (ip6_hop_by_hop_ext_t *) data_this_buffer;
1113 /* validate really icmp6 next */
1114 ASSERT ((ext_hdr->next_hdr == IP_PROTOCOL_ICMP6)
1115 || (ext_hdr->next_hdr == IP_PROTOCOL_UDP));
1117 skip_bytes = 8 * (1 + ext_hdr->n_data_u64s);
1118 data_this_buffer = (void *) ((u8 *) data_this_buffer + skip_bytes);
1120 payload_length_host_byte_order -= skip_bytes;
1121 headers_size += skip_bytes;
1123 /* pseudo-header adjustments:
1124 * exclude ext header bytes from payload length
1125 * use payload IP proto rather than ext header IP proto
1127 payload_length = clib_host_to_net_u16 (payload_length_host_byte_order);
1128 next_hdr = ext_hdr->next_hdr;
1131 /* Initialize checksum with ip pseudo-header. */
1132 sum0 = payload_length + clib_host_to_net_u16 (next_hdr);
1134 for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
1136 sum0 = ip_csum_with_carry
1137 (sum0, clib_mem_unaligned (&ip0->src_address.as_uword[i], uword));
1138 sum0 = ip_csum_with_carry
1139 (sum0, clib_mem_unaligned (&ip0->dst_address.as_uword[i], uword));
1143 return ip_calculate_l4_checksum (vm, p0, sum0,
1144 payload_length_host_byte_order,
1145 (u8 *) ip0, headers_size, NULL);
1147 return ip_calculate_l4_checksum (vm, 0, sum0,
1148 payload_length_host_byte_order, NULL, 0,
1153 ip6_tcp_udp_icmp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
1155 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1160 /* some icmp packets may come with a "router alert" hop-by-hop extension header (e.g., mldv2 packets) */
1161 ASSERT (ip0->protocol == IP_PROTOCOL_TCP
1162 || ip0->protocol == IP_PROTOCOL_ICMP6
1163 || ip0->protocol == IP_PROTOCOL_UDP
1164 || ip0->protocol == IP_PROTOCOL_IP6_HOP_BY_HOP_OPTIONS);
1166 udp0 = (void *) (ip0 + 1);
1167 if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
1169 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1170 | VNET_BUFFER_F_L4_CHECKSUM_CORRECT);
1174 sum16 = ip6_tcp_udp_icmp_compute_checksum (vm, p0, ip0, &bogus_length);
1176 p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
1177 | ((sum16 == 0) << VNET_BUFFER_F_LOG2_L4_CHECKSUM_CORRECT));
1184 * @brief returns number of links on which src is reachable.
1187 ip6_urpf_loose_check (ip6_main_t * im, vlib_buffer_t * b, ip6_header_t * i)
1189 const load_balance_t *lb0;
1193 fib_index = vec_elt (im->fib_index_by_sw_if_index,
1194 vnet_buffer (b)->sw_if_index[VLIB_RX]);
1196 (vnet_buffer (b)->sw_if_index[VLIB_TX] == (u32) ~ 0) ?
1197 fib_index : vnet_buffer (b)->sw_if_index[VLIB_TX];
1199 lbi = ip6_fib_table_fwding_lookup (fib_index, &i->src_address);
1200 lb0 = load_balance_get (lbi);
1202 return (fib_urpf_check_size (lb0->lb_urpf));
1206 ip6_next_proto_is_tcp_udp (vlib_buffer_t * p0, ip6_header_t * ip0,
1210 proto0 = ip6_locate_header (p0, ip0, IP_PROTOCOL_UDP, udp_offset0);
1211 if (proto0 != IP_PROTOCOL_UDP)
1213 proto0 = ip6_locate_header (p0, ip0, IP_PROTOCOL_TCP, udp_offset0);
1214 proto0 = (proto0 == IP_PROTOCOL_TCP) ? proto0 : 0;
1220 VNET_FEATURE_ARC_INIT (ip6_local) =
1222 .arc_name = "ip6-local",
1223 .start_nodes = VNET_FEATURES ("ip6-local"),
1227 static_always_inline u8
1228 ip6_tcp_udp_icmp_bad_length (vlib_main_t * vm, vlib_buffer_t * p0)
1231 u16 payload_length_host_byte_order;
1232 u32 n_this_buffer, n_bytes_left;
1233 ip6_header_t *ip0 = vlib_buffer_get_current (p0);
1234 u32 headers_size = sizeof (ip0[0]);
1235 u8 *data_this_buffer;
1238 data_this_buffer = (u8 *) (ip0 + 1);
1240 ip6_hop_by_hop_ext_t *ext_hdr = (ip6_hop_by_hop_ext_t *) data_this_buffer;
1242 /* validate really icmp6 next */
1244 if (!(ext_hdr->next_hdr == IP_PROTOCOL_ICMP6)
1245 || (ext_hdr->next_hdr == IP_PROTOCOL_UDP))
1249 payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
1250 n_bytes_left = n_this_buffer = payload_length_host_byte_order;
1253 u32 n_ip_bytes_this_buffer =
1254 p0->current_length - (((u8 *) ip0 - p0->data) - p0->current_data);
1255 if (n_this_buffer + headers_size > n_ip_bytes_this_buffer)
1257 n_this_buffer = p0->current_length > headers_size ?
1258 n_ip_bytes_this_buffer - headers_size : 0;
1261 n_bytes_left -= n_this_buffer;
1262 n_bytes_left -= p0->total_length_not_including_first_buffer;
1264 if (n_bytes_left == 0)
1272 ip6_local_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
1273 vlib_frame_t * frame, int head_of_feature_arc)
1275 ip6_main_t *im = &ip6_main;
1276 ip_lookup_main_t *lm = &im->lookup_main;
1277 u32 *from, n_left_from;
1278 vlib_node_runtime_t *error_node =
1279 vlib_node_get_runtime (vm, ip6_input_node.index);
1280 u8 arc_index = vnet_feat_arc_ip6_local.feature_arc_index;
1281 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1282 u16 nexts[VLIB_FRAME_SIZE], *next;
1284 from = vlib_frame_vector_args (frame);
1285 n_left_from = frame->n_vectors;
1287 if (node->flags & VLIB_NODE_FLAG_TRACE)
1288 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
1290 vlib_get_buffers (vm, from, bufs, n_left_from);
1294 while (n_left_from > 2)
1296 /* Prefetch next iteration. */
1297 if (n_left_from >= 6)
1299 vlib_prefetch_buffer_header (b[4], STORE);
1300 vlib_prefetch_buffer_header (b[5], STORE);
1301 vlib_prefetch_buffer_data (b[2], LOAD);
1302 vlib_prefetch_buffer_data (b[3], LOAD);
1306 error[0] = IP6_ERROR_UNKNOWN_PROTOCOL;
1307 error[1] = IP6_ERROR_UNKNOWN_PROTOCOL;
1309 ip6_header_t *ip[2];
1310 ip[0] = vlib_buffer_get_current (b[0]);
1311 ip[1] = vlib_buffer_get_current (b[1]);
1313 if (head_of_feature_arc)
1315 vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
1316 vnet_buffer (b[1])->l3_hdr_offset = b[1]->current_data;
1319 type[0] = lm->builtin_protocol_by_ip_protocol[ip[0]->protocol];
1320 type[1] = lm->builtin_protocol_by_ip_protocol[ip[1]->protocol];
1323 flags[0] = b[0]->flags;
1324 flags[1] = b[1]->flags;
1326 u32 good_l4_csum[2];
1328 flags[0] & (VNET_BUFFER_F_L4_CHECKSUM_CORRECT |
1329 VNET_BUFFER_F_OFFLOAD_TCP_CKSUM |
1330 VNET_BUFFER_F_OFFLOAD_UDP_CKSUM);
1332 flags[1] & (VNET_BUFFER_F_L4_CHECKSUM_CORRECT |
1333 VNET_BUFFER_F_OFFLOAD_TCP_CKSUM |
1334 VNET_BUFFER_F_OFFLOAD_UDP_CKSUM);
1336 u32 udp_offset[2] = { };
1339 ip6_next_proto_is_tcp_udp (b[0], ip[0], &udp_offset[0]);
1341 ip6_next_proto_is_tcp_udp (b[1], ip[1], &udp_offset[1]);
1342 i16 len_diff[2] = { 0 };
1343 if (PREDICT_TRUE (is_tcp_udp[0]))
1346 (udp_header_t *) ((u8 *) ip[0] + udp_offset[0]);
1347 good_l4_csum[0] |= type[0] == IP_BUILTIN_PROTOCOL_UDP
1348 && udp->checksum == 0;
1349 /* optimistically verify UDP length. */
1350 u16 ip_len, udp_len;
1351 ip_len = clib_net_to_host_u16 (ip[0]->payload_length);
1352 udp_len = clib_net_to_host_u16 (udp->length);
1353 len_diff[0] = ip_len - udp_len;
1355 if (PREDICT_TRUE (is_tcp_udp[1]))
1358 (udp_header_t *) ((u8 *) ip[1] + udp_offset[1]);
1359 good_l4_csum[1] |= type[1] == IP_BUILTIN_PROTOCOL_UDP
1360 && udp->checksum == 0;
1361 /* optimistically verify UDP length. */
1362 u16 ip_len, udp_len;
1363 ip_len = clib_net_to_host_u16 (ip[1]->payload_length);
1364 udp_len = clib_net_to_host_u16 (udp->length);
1365 len_diff[1] = ip_len - udp_len;
1368 good_l4_csum[0] |= type[0] == IP_BUILTIN_PROTOCOL_UNKNOWN;
1369 good_l4_csum[1] |= type[1] == IP_BUILTIN_PROTOCOL_UNKNOWN;
1371 len_diff[0] = type[0] == IP_BUILTIN_PROTOCOL_UDP ? len_diff[0] : 0;
1372 len_diff[1] = type[1] == IP_BUILTIN_PROTOCOL_UDP ? len_diff[1] : 0;
1375 need_csum[0] = type[0] != IP_BUILTIN_PROTOCOL_UNKNOWN
1377 && !(flags[0] & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED);
1378 need_csum[1] = type[1] != IP_BUILTIN_PROTOCOL_UNKNOWN
1380 && !(flags[1] & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED);
1381 if (PREDICT_FALSE (need_csum[0]))
1383 flags[0] = ip6_tcp_udp_icmp_validate_checksum (vm, b[0]);
1384 good_l4_csum[0] = flags[0] & VNET_BUFFER_F_L4_CHECKSUM_CORRECT;
1385 error[0] = IP6_ERROR_UNKNOWN_PROTOCOL;
1389 if (ip6_tcp_udp_icmp_bad_length (vm, b[0]))
1390 error[0] = IP6_ERROR_BAD_LENGTH;
1392 if (PREDICT_FALSE (need_csum[1]))
1394 flags[1] = ip6_tcp_udp_icmp_validate_checksum (vm, b[1]);
1395 good_l4_csum[1] = flags[1] & VNET_BUFFER_F_L4_CHECKSUM_CORRECT;
1396 error[1] = IP6_ERROR_UNKNOWN_PROTOCOL;
1400 if (ip6_tcp_udp_icmp_bad_length (vm, b[1]))
1401 error[1] = IP6_ERROR_BAD_LENGTH;
1405 error[0] = len_diff[0] < 0 ? IP6_ERROR_UDP_LENGTH : error[0];
1407 error[1] = len_diff[1] < 0 ? IP6_ERROR_UDP_LENGTH : error[1];
1409 STATIC_ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1410 IP6_ERROR_UDP_CHECKSUM,
1411 "Wrong IP6 errors constants");
1412 STATIC_ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1413 IP6_ERROR_ICMP_CHECKSUM,
1414 "Wrong IP6 errors constants");
1417 !good_l4_csum[0] ? IP6_ERROR_UDP_CHECKSUM + type[0] : error[0];
1419 !good_l4_csum[1] ? IP6_ERROR_UDP_CHECKSUM + type[1] : error[1];
1421 /* Drop packets from unroutable hosts. */
1422 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1424 unroutable[0] = error[0] == IP6_ERROR_UNKNOWN_PROTOCOL
1425 && type[0] != IP_BUILTIN_PROTOCOL_ICMP
1426 && !ip6_address_is_link_local_unicast (&ip[0]->src_address);
1427 unroutable[1] = error[1] == IP6_ERROR_UNKNOWN_PROTOCOL
1428 && type[1] != IP_BUILTIN_PROTOCOL_ICMP
1429 && !ip6_address_is_link_local_unicast (&ip[1]->src_address);
1430 if (PREDICT_FALSE (unroutable[0]))
1433 !ip6_urpf_loose_check (im, b[0],
1434 ip[0]) ? IP6_ERROR_SRC_LOOKUP_MISS
1437 if (PREDICT_FALSE (unroutable[1]))
1440 !ip6_urpf_loose_check (im, b[1],
1441 ip[1]) ? IP6_ERROR_SRC_LOOKUP_MISS
1445 vnet_buffer (b[0])->ip.fib_index =
1446 vnet_buffer (b[0])->sw_if_index[VLIB_TX] != ~0 ?
1447 vnet_buffer (b[0])->sw_if_index[VLIB_TX] :
1448 vnet_buffer (b[0])->ip.fib_index;
1449 vnet_buffer (b[1])->ip.fib_index =
1450 vnet_buffer (b[1])->sw_if_index[VLIB_TX] != ~0 ?
1451 vnet_buffer (b[1])->sw_if_index[VLIB_TX] :
1452 vnet_buffer (b[1])->ip.fib_index;
1453 } /* head_of_feature_arc */
1455 next[0] = lm->local_next_by_ip_protocol[ip[0]->protocol];
1457 error[0] != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next[0];
1458 next[1] = lm->local_next_by_ip_protocol[ip[1]->protocol];
1460 error[1] != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next[1];
1462 b[0]->error = error_node->errors[0];
1463 b[1]->error = error_node->errors[1];
1465 if (head_of_feature_arc)
1468 ip6_unknown[0] = error[0] == (u8) IP6_ERROR_UNKNOWN_PROTOCOL;
1469 ip6_unknown[1] = error[1] == (u8) IP6_ERROR_UNKNOWN_PROTOCOL;
1470 if (PREDICT_TRUE (ip6_unknown[0]))
1472 u32 next32 = next[0];
1473 vnet_feature_arc_start (arc_index,
1474 vnet_buffer (b[0])->sw_if_index
1475 [VLIB_RX], &next32, b[0]);
1478 if (PREDICT_TRUE (ip6_unknown[1]))
1480 u32 next32 = next[1];
1481 vnet_feature_arc_start (arc_index,
1482 vnet_buffer (b[1])->sw_if_index
1483 [VLIB_RX], &next32, b[1]);
1497 error = IP6_ERROR_UNKNOWN_PROTOCOL;
1500 ip = vlib_buffer_get_current (b[0]);
1502 if (head_of_feature_arc)
1504 vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
1505 u8 type = lm->builtin_protocol_by_ip_protocol[ip->protocol];
1507 u32 flags = b[0]->flags;
1509 flags & (VNET_BUFFER_F_L4_CHECKSUM_CORRECT |
1510 VNET_BUFFER_F_OFFLOAD_TCP_CKSUM |
1511 VNET_BUFFER_F_OFFLOAD_UDP_CKSUM);
1515 u8 is_tcp_udp = ip6_next_proto_is_tcp_udp (b[0], ip, &udp_offset);
1516 if (PREDICT_TRUE (is_tcp_udp))
1518 udp_header_t *udp = (udp_header_t *) ((u8 *) ip + udp_offset);
1519 /* Don't verify UDP checksum for packets with explicit zero checksum. */
1520 good_l4_csum |= type == IP_BUILTIN_PROTOCOL_UDP
1521 && udp->checksum == 0;
1522 /* optimistically verify UDP length. */
1523 u16 ip_len, udp_len;
1524 ip_len = clib_net_to_host_u16 (ip->payload_length);
1525 udp_len = clib_net_to_host_u16 (udp->length);
1526 len_diff = ip_len - udp_len;
1529 good_l4_csum |= type == IP_BUILTIN_PROTOCOL_UNKNOWN;
1530 len_diff = type == IP_BUILTIN_PROTOCOL_UDP ? len_diff : 0;
1532 u8 need_csum = type != IP_BUILTIN_PROTOCOL_UNKNOWN && !good_l4_csum
1533 && !(flags & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED);
1534 if (PREDICT_FALSE (need_csum))
1536 flags = ip6_tcp_udp_icmp_validate_checksum (vm, b[0]);
1537 good_l4_csum = flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT;
1538 error = IP6_ERROR_UNKNOWN_PROTOCOL;
1542 if (ip6_tcp_udp_icmp_bad_length (vm, b[0]))
1543 error = IP6_ERROR_BAD_LENGTH;
1548 error = len_diff < 0 ? IP6_ERROR_UDP_LENGTH : error;
1550 STATIC_ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_UDP ==
1551 IP6_ERROR_UDP_CHECKSUM,
1552 "Wrong IP6 errors constants");
1553 STATIC_ASSERT (IP6_ERROR_UDP_CHECKSUM + IP_BUILTIN_PROTOCOL_ICMP ==
1554 IP6_ERROR_ICMP_CHECKSUM,
1555 "Wrong IP6 errors constants");
1557 error = !good_l4_csum ? IP6_ERROR_UDP_CHECKSUM + type : error;
1559 /* Drop packets from unroutable hosts. */
1560 /* If this is a neighbor solicitation (ICMP), skip source RPF check */
1561 u8 unroutable = error == IP6_ERROR_UNKNOWN_PROTOCOL
1562 && type != IP_BUILTIN_PROTOCOL_ICMP
1563 && !ip6_address_is_link_local_unicast (&ip->src_address);
1564 if (PREDICT_FALSE (unroutable))
1567 !ip6_urpf_loose_check (im, b[0],
1568 ip) ? IP6_ERROR_SRC_LOOKUP_MISS :
1572 vnet_buffer (b[0])->ip.fib_index =
1573 vnet_buffer (b[0])->sw_if_index[VLIB_TX] != ~0 ?
1574 vnet_buffer (b[0])->sw_if_index[VLIB_TX] :
1575 vnet_buffer (b[0])->ip.fib_index;
1576 } /* head_of_feature_arc */
1578 next[0] = lm->local_next_by_ip_protocol[ip->protocol];
1580 error != IP6_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : next[0];
1582 b[0]->error = error_node->errors[0];
1584 if (head_of_feature_arc)
1586 if (PREDICT_TRUE (error == (u8) IP6_ERROR_UNKNOWN_PROTOCOL))
1588 u32 next32 = next[0];
1589 vnet_feature_arc_start (arc_index,
1590 vnet_buffer (b[0])->sw_if_index
1591 [VLIB_RX], &next32, b[0]);
1602 vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
1603 return frame->n_vectors;
1606 VLIB_NODE_FN (ip6_local_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
1607 vlib_frame_t * frame)
1609 return ip6_local_inline (vm, node, frame, 1 /* head of feature arc */ );
1613 VLIB_REGISTER_NODE (ip6_local_node) =
1615 .name = "ip6-local",
1616 .vector_size = sizeof (u32),
1617 .format_trace = format_ip6_forward_next_trace,
1618 .n_next_nodes = IP_LOCAL_N_NEXT,
1621 [IP_LOCAL_NEXT_DROP] = "ip6-drop",
1622 [IP_LOCAL_NEXT_PUNT] = "ip6-punt",
1623 [IP_LOCAL_NEXT_UDP_LOOKUP] = "ip6-udp-lookup",
1624 [IP_LOCAL_NEXT_ICMP] = "ip6-icmp-input",
1625 [IP_LOCAL_NEXT_REASSEMBLY] = "ip6-full-reassembly",
1630 VLIB_NODE_FN (ip6_local_end_of_arc_node) (vlib_main_t * vm,
1631 vlib_node_runtime_t * node,
1632 vlib_frame_t * frame)
1634 return ip6_local_inline (vm, node, frame, 0 /* head of feature arc */ );
1638 VLIB_REGISTER_NODE (ip6_local_end_of_arc_node) = {
1639 .name = "ip6-local-end-of-arc",
1640 .vector_size = sizeof (u32),
1642 .format_trace = format_ip6_forward_next_trace,
1643 .sibling_of = "ip6-local",
1646 VNET_FEATURE_INIT (ip6_local_end_of_arc, static) = {
1647 .arc_name = "ip6-local",
1648 .node_name = "ip6-local-end-of-arc",
1649 .runs_before = 0, /* not before any other features */
1653 #ifdef CLIB_MARCH_VARIANT
1654 extern vlib_node_registration_t ip6_local_node;
1657 ip6_register_protocol (u32 protocol, u32 node_index)
1659 vlib_main_t *vm = vlib_get_main ();
1660 ip6_main_t *im = &ip6_main;
1661 ip_lookup_main_t *lm = &im->lookup_main;
1663 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1664 lm->local_next_by_ip_protocol[protocol] =
1665 vlib_node_add_next (vm, ip6_local_node.index, node_index);
1669 ip6_unregister_protocol (u32 protocol)
1671 ip6_main_t *im = &ip6_main;
1672 ip_lookup_main_t *lm = &im->lookup_main;
1674 ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
1675 lm->local_next_by_ip_protocol[protocol] = IP_LOCAL_NEXT_PUNT;
1681 IP6_REWRITE_NEXT_DROP,
1682 IP6_REWRITE_NEXT_ICMP_ERROR,
1683 IP6_REWRITE_NEXT_FRAGMENT,
1684 IP6_REWRITE_N_NEXT /* Last */
1685 } ip6_rewrite_next_t;
1688 * This bits of an IPv6 address to mask to construct a multicast
1691 #define IP6_MCAST_ADDR_MASK 0xffffffff
1694 ip6_mtu_check (vlib_buffer_t * b, u16 packet_bytes,
1695 u16 adj_packet_bytes, bool is_locally_generated,
1696 u32 * next, u8 is_midchain, u32 * error)
1698 if (adj_packet_bytes >= 1280 && packet_bytes > adj_packet_bytes)
1700 if (is_locally_generated)
1702 /* IP fragmentation */
1703 ip_frag_set_vnet_buffer (b, adj_packet_bytes,
1705 IP_FRAG_NEXT_IP_REWRITE_MIDCHAIN :
1706 IP_FRAG_NEXT_IP_REWRITE), 0);
1707 *next = IP6_REWRITE_NEXT_FRAGMENT;
1708 *error = IP6_ERROR_MTU_EXCEEDED;
1712 *error = IP6_ERROR_MTU_EXCEEDED;
1713 icmp6_error_set_vnet_buffer (b, ICMP6_packet_too_big, 0,
1715 *next = IP6_REWRITE_NEXT_ICMP_ERROR;
1721 ip6_rewrite_inline_with_gso (vlib_main_t * vm,
1722 vlib_node_runtime_t * node,
1723 vlib_frame_t * frame,
1724 int do_counters, int is_midchain, int is_mcast)
1726 ip_lookup_main_t *lm = &ip6_main.lookup_main;
1727 u32 *from = vlib_frame_vector_args (frame);
1728 u32 n_left_from, n_left_to_next, *to_next, next_index;
1729 vlib_node_runtime_t *error_node =
1730 vlib_node_get_runtime (vm, ip6_input_node.index);
1732 n_left_from = frame->n_vectors;
1733 next_index = node->cached_next_index;
1734 u32 thread_index = vm->thread_index;
1736 while (n_left_from > 0)
1738 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1740 while (n_left_from >= 4 && n_left_to_next >= 2)
1742 const ip_adjacency_t *adj0, *adj1;
1743 vlib_buffer_t *p0, *p1;
1744 ip6_header_t *ip0, *ip1;
1745 u32 pi0, rw_len0, next0, error0, adj_index0;
1746 u32 pi1, rw_len1, next1, error1, adj_index1;
1747 u32 tx_sw_if_index0, tx_sw_if_index1;
1748 bool is_locally_originated0, is_locally_originated1;
1750 /* Prefetch next iteration. */
1752 vlib_buffer_t *p2, *p3;
1754 p2 = vlib_get_buffer (vm, from[2]);
1755 p3 = vlib_get_buffer (vm, from[3]);
1757 vlib_prefetch_buffer_header (p2, LOAD);
1758 vlib_prefetch_buffer_header (p3, LOAD);
1760 CLIB_PREFETCH (p2->pre_data, 32, STORE);
1761 CLIB_PREFETCH (p3->pre_data, 32, STORE);
1763 CLIB_PREFETCH (p2->data, sizeof (ip0[0]), STORE);
1764 CLIB_PREFETCH (p3->data, sizeof (ip0[0]), STORE);
1767 pi0 = to_next[0] = from[0];
1768 pi1 = to_next[1] = from[1];
1773 n_left_to_next -= 2;
1775 p0 = vlib_get_buffer (vm, pi0);
1776 p1 = vlib_get_buffer (vm, pi1);
1778 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1779 adj_index1 = vnet_buffer (p1)->ip.adj_index[VLIB_TX];
1781 ip0 = vlib_buffer_get_current (p0);
1782 ip1 = vlib_buffer_get_current (p1);
1784 error0 = error1 = IP6_ERROR_NONE;
1785 next0 = next1 = IP6_REWRITE_NEXT_DROP;
1787 is_locally_originated0 =
1788 p0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
1789 if (PREDICT_TRUE (!is_locally_originated0))
1791 i32 hop_limit0 = ip0->hop_limit;
1793 /* Input node should have reject packets with hop limit 0. */
1794 ASSERT (ip0->hop_limit > 0);
1798 ip0->hop_limit = hop_limit0;
1801 * If the hop count drops below 1 when forwarding, generate
1804 if (PREDICT_FALSE (hop_limit0 <= 0))
1806 error0 = IP6_ERROR_TIME_EXPIRED;
1807 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
1808 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1809 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
1810 ICMP6_time_exceeded_ttl_exceeded_in_transit,
1815 is_locally_originated1 =
1816 p1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
1817 if (PREDICT_TRUE (!is_locally_originated1))
1819 i32 hop_limit1 = ip1->hop_limit;
1821 /* Input node should have reject packets with hop limit 0. */
1822 ASSERT (ip1->hop_limit > 0);
1826 ip1->hop_limit = hop_limit1;
1829 * If the hop count drops below 1 when forwarding, generate
1832 if (PREDICT_FALSE (hop_limit1 <= 0))
1834 error1 = IP6_ERROR_TIME_EXPIRED;
1835 next1 = IP6_REWRITE_NEXT_ICMP_ERROR;
1836 vnet_buffer (p1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1837 icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
1838 ICMP6_time_exceeded_ttl_exceeded_in_transit,
1843 adj0 = adj_get (adj_index0);
1844 adj1 = adj_get (adj_index1);
1846 rw_len0 = adj0[0].rewrite_header.data_bytes;
1847 rw_len1 = adj1[0].rewrite_header.data_bytes;
1848 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
1849 vnet_buffer (p1)->ip.save_rewrite_length = rw_len1;
1853 vlib_increment_combined_counter
1854 (&adjacency_counters,
1855 thread_index, adj_index0, 1,
1856 vlib_buffer_length_in_chain (vm, p0) + rw_len0);
1857 vlib_increment_combined_counter
1858 (&adjacency_counters,
1859 thread_index, adj_index1, 1,
1860 vlib_buffer_length_in_chain (vm, p1) + rw_len1);
1863 /* Check MTU of outgoing interface. */
1865 clib_net_to_host_u16 (ip0->payload_length) +
1866 sizeof (ip6_header_t);
1868 clib_net_to_host_u16 (ip1->payload_length) +
1869 sizeof (ip6_header_t);
1870 if (p0->flags & VNET_BUFFER_F_GSO)
1871 ip0_len = gso_mtu_sz (p0);
1872 if (p1->flags & VNET_BUFFER_F_GSO)
1873 ip1_len = gso_mtu_sz (p1);
1877 ip6_mtu_check (p0, ip0_len,
1878 adj0[0].rewrite_header.max_l3_packet_bytes,
1879 is_locally_originated0, &next0, is_midchain,
1881 ip6_mtu_check (p1, ip1_len,
1882 adj1[0].rewrite_header.max_l3_packet_bytes,
1883 is_locally_originated1, &next1, is_midchain,
1886 /* Don't adjust the buffer for hop count issue; icmp-error node
1887 * wants to see the IP header */
1888 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
1890 p0->current_data -= rw_len0;
1891 p0->current_length += rw_len0;
1893 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
1894 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
1895 next0 = adj0[0].rewrite_header.next_index;
1898 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
1899 vnet_feature_arc_start_w_cfg_index
1900 (lm->output_feature_arc_index, tx_sw_if_index0, &next0, p0,
1901 adj0->ia_cfg_index);
1905 p0->error = error_node->errors[error0];
1907 if (PREDICT_TRUE (error1 == IP6_ERROR_NONE))
1909 p1->current_data -= rw_len1;
1910 p1->current_length += rw_len1;
1912 tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
1913 vnet_buffer (p1)->sw_if_index[VLIB_TX] = tx_sw_if_index1;
1914 next1 = adj1[0].rewrite_header.next_index;
1917 (adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
1918 vnet_feature_arc_start_w_cfg_index
1919 (lm->output_feature_arc_index, tx_sw_if_index1, &next1, p1,
1920 adj1->ia_cfg_index);
1924 p1->error = error_node->errors[error1];
1929 /* before we paint on the next header, update the L4
1930 * checksums if required, since there's no offload on a tunnel */
1931 vnet_calc_checksums_inline (vm, p0, 0 /* is_ip4 */ ,
1934 vnet_calc_checksums_inline (vm, p1, 0 /* is_ip4 */ ,
1938 /* Guess we are only writing on ipv6 header. */
1939 vnet_rewrite_two_headers (adj0[0], adj1[0],
1940 ip0, ip1, sizeof (ip6_header_t));
1943 /* Guess we are only writing on simple Ethernet header. */
1944 vnet_rewrite_two_headers (adj0[0], adj1[0],
1945 ip0, ip1, sizeof (ethernet_header_t));
1949 if (adj0->sub_type.midchain.fixup_func)
1950 adj0->sub_type.midchain.fixup_func
1951 (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
1952 if (adj1->sub_type.midchain.fixup_func)
1953 adj1->sub_type.midchain.fixup_func
1954 (vm, adj1, p1, adj1->sub_type.midchain.fixup_data);
1959 * copy bytes from the IP address into the MAC rewrite
1961 vnet_ip_mcast_fixup_header (IP6_MCAST_ADDR_MASK,
1963 rewrite_header.dst_mcast_offset,
1964 &ip0->dst_address.as_u32[3],
1966 vnet_ip_mcast_fixup_header (IP6_MCAST_ADDR_MASK,
1968 rewrite_header.dst_mcast_offset,
1969 &ip1->dst_address.as_u32[3],
1973 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
1974 to_next, n_left_to_next,
1975 pi0, pi1, next0, next1);
1978 while (n_left_from > 0 && n_left_to_next > 0)
1980 ip_adjacency_t *adj0;
1984 u32 adj_index0, next0, error0;
1985 u32 tx_sw_if_index0;
1986 bool is_locally_originated0;
1988 pi0 = to_next[0] = from[0];
1990 p0 = vlib_get_buffer (vm, pi0);
1992 adj_index0 = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
1994 adj0 = adj_get (adj_index0);
1996 ip0 = vlib_buffer_get_current (p0);
1998 error0 = IP6_ERROR_NONE;
1999 next0 = IP6_REWRITE_NEXT_DROP;
2001 /* Check hop limit */
2002 is_locally_originated0 =
2003 p0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED;
2004 if (PREDICT_TRUE (!is_locally_originated0))
2006 i32 hop_limit0 = ip0->hop_limit;
2008 ASSERT (ip0->hop_limit > 0);
2012 ip0->hop_limit = hop_limit0;
2014 if (PREDICT_FALSE (hop_limit0 <= 0))
2017 * If the hop count drops below 1 when forwarding, generate
2020 error0 = IP6_ERROR_TIME_EXPIRED;
2021 next0 = IP6_REWRITE_NEXT_ICMP_ERROR;
2022 vnet_buffer (p0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
2023 icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
2024 ICMP6_time_exceeded_ttl_exceeded_in_transit,
2031 vnet_calc_checksums_inline (vm, p0, 0 /* is_ip4 */ ,
2035 /* Guess we are only writing on ip6 header. */
2036 vnet_rewrite_one_header (adj0[0], ip0, sizeof (ip6_header_t));
2039 /* Guess we are only writing on simple Ethernet header. */
2040 vnet_rewrite_one_header (adj0[0], ip0,
2041 sizeof (ethernet_header_t));
2043 /* Update packet buffer attributes/set output interface. */
2044 rw_len0 = adj0[0].rewrite_header.data_bytes;
2045 vnet_buffer (p0)->ip.save_rewrite_length = rw_len0;
2049 vlib_increment_combined_counter
2050 (&adjacency_counters,
2051 thread_index, adj_index0, 1,
2052 vlib_buffer_length_in_chain (vm, p0) + rw_len0);
2055 /* Check MTU of outgoing interface. */
2057 clib_net_to_host_u16 (ip0->payload_length) +
2058 sizeof (ip6_header_t);
2059 if (p0->flags & VNET_BUFFER_F_GSO)
2060 ip0_len = gso_mtu_sz (p0);
2062 ip6_mtu_check (p0, ip0_len,
2063 adj0[0].rewrite_header.max_l3_packet_bytes,
2064 is_locally_originated0, &next0, is_midchain,
2067 /* Don't adjust the buffer for hop count issue; icmp-error node
2068 * wants to see the IP header */
2069 if (PREDICT_TRUE (error0 == IP6_ERROR_NONE))
2071 p0->current_data -= rw_len0;
2072 p0->current_length += rw_len0;
2074 tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
2076 vnet_buffer (p0)->sw_if_index[VLIB_TX] = tx_sw_if_index0;
2077 next0 = adj0[0].rewrite_header.next_index;
2080 (adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
2081 vnet_feature_arc_start_w_cfg_index
2082 (lm->output_feature_arc_index, tx_sw_if_index0, &next0, p0,
2083 adj0->ia_cfg_index);
2087 p0->error = error_node->errors[error0];
2092 if (adj0->sub_type.midchain.fixup_func)
2093 adj0->sub_type.midchain.fixup_func
2094 (vm, adj0, p0, adj0->sub_type.midchain.fixup_data);
2098 vnet_ip_mcast_fixup_header (IP6_MCAST_ADDR_MASK,
2100 rewrite_header.dst_mcast_offset,
2101 &ip0->dst_address.as_u32[3],
2108 n_left_to_next -= 1;
2110 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
2111 to_next, n_left_to_next,
2115 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2118 /* Need to do trace after rewrites to pick up new packet data. */
2119 if (node->flags & VLIB_NODE_FLAG_TRACE)
2120 ip6_forward_next_trace (vm, node, frame, VLIB_TX);
2122 return frame->n_vectors;
2126 ip6_rewrite_inline (vlib_main_t * vm,
2127 vlib_node_runtime_t * node,
2128 vlib_frame_t * frame,
2129 int do_counters, int is_midchain, int is_mcast)
2131 return ip6_rewrite_inline_with_gso (vm, node, frame, do_counters,
2132 is_midchain, is_mcast);
2135 VLIB_NODE_FN (ip6_rewrite_node) (vlib_main_t * vm,
2136 vlib_node_runtime_t * node,
2137 vlib_frame_t * frame)
2139 if (adj_are_counters_enabled ())
2140 return ip6_rewrite_inline (vm, node, frame, 1, 0, 0);
2142 return ip6_rewrite_inline (vm, node, frame, 0, 0, 0);
2145 VLIB_NODE_FN (ip6_rewrite_bcast_node) (vlib_main_t * vm,
2146 vlib_node_runtime_t * node,
2147 vlib_frame_t * frame)
2149 if (adj_are_counters_enabled ())
2150 return ip6_rewrite_inline (vm, node, frame, 1, 0, 0);
2152 return ip6_rewrite_inline (vm, node, frame, 0, 0, 0);
2155 VLIB_NODE_FN (ip6_rewrite_mcast_node) (vlib_main_t * vm,
2156 vlib_node_runtime_t * node,
2157 vlib_frame_t * frame)
2159 if (adj_are_counters_enabled ())
2160 return ip6_rewrite_inline (vm, node, frame, 1, 0, 1);
2162 return ip6_rewrite_inline (vm, node, frame, 0, 0, 1);
2165 VLIB_NODE_FN (ip6_midchain_node) (vlib_main_t * vm,
2166 vlib_node_runtime_t * node,
2167 vlib_frame_t * frame)
2169 if (adj_are_counters_enabled ())
2170 return ip6_rewrite_inline (vm, node, frame, 1, 1, 0);
2172 return ip6_rewrite_inline (vm, node, frame, 0, 1, 0);
2175 VLIB_NODE_FN (ip6_mcast_midchain_node) (vlib_main_t * vm,
2176 vlib_node_runtime_t * node,
2177 vlib_frame_t * frame)
2179 if (adj_are_counters_enabled ())
2180 return ip6_rewrite_inline (vm, node, frame, 1, 1, 1);
2182 return ip6_rewrite_inline (vm, node, frame, 0, 1, 1);
2186 VLIB_REGISTER_NODE (ip6_midchain_node) =
2188 .name = "ip6-midchain",
2189 .vector_size = sizeof (u32),
2190 .format_trace = format_ip6_forward_next_trace,
2191 .sibling_of = "ip6-rewrite",
2194 VLIB_REGISTER_NODE (ip6_rewrite_node) =
2196 .name = "ip6-rewrite",
2197 .vector_size = sizeof (u32),
2198 .format_trace = format_ip6_rewrite_trace,
2199 .n_next_nodes = IP6_REWRITE_N_NEXT,
2202 [IP6_REWRITE_NEXT_DROP] = "ip6-drop",
2203 [IP6_REWRITE_NEXT_ICMP_ERROR] = "ip6-icmp-error",
2204 [IP6_REWRITE_NEXT_FRAGMENT] = "ip6-frag",
2208 VLIB_REGISTER_NODE (ip6_rewrite_bcast_node) = {
2209 .name = "ip6-rewrite-bcast",
2210 .vector_size = sizeof (u32),
2212 .format_trace = format_ip6_rewrite_trace,
2213 .sibling_of = "ip6-rewrite",
2216 VLIB_REGISTER_NODE (ip6_rewrite_mcast_node) =
2218 .name = "ip6-rewrite-mcast",
2219 .vector_size = sizeof (u32),
2220 .format_trace = format_ip6_rewrite_trace,
2221 .sibling_of = "ip6-rewrite",
2225 VLIB_REGISTER_NODE (ip6_mcast_midchain_node) =
2227 .name = "ip6-mcast-midchain",
2228 .vector_size = sizeof (u32),
2229 .format_trace = format_ip6_rewrite_trace,
2230 .sibling_of = "ip6-rewrite",
2236 * Hop-by-Hop handling
2238 #ifndef CLIB_MARCH_VARIANT
2239 ip6_hop_by_hop_main_t ip6_hop_by_hop_main;
2240 #endif /* CLIB_MARCH_VARIANT */
2242 #define foreach_ip6_hop_by_hop_error \
2243 _(PROCESSED, "pkts with ip6 hop-by-hop options") \
2244 _(FORMAT, "incorrectly formatted hop-by-hop options") \
2245 _(UNKNOWN_OPTION, "unknown ip6 hop-by-hop options")
2250 #define _(sym,str) IP6_HOP_BY_HOP_ERROR_##sym,
2251 foreach_ip6_hop_by_hop_error
2253 IP6_HOP_BY_HOP_N_ERROR,
2254 } ip6_hop_by_hop_error_t;
2258 * Primary h-b-h handler trace support
2259 * We work pretty hard on the problem for obvious reasons
2265 u8 option_data[256];
2266 } ip6_hop_by_hop_trace_t;
2268 extern vlib_node_registration_t ip6_hop_by_hop_node;
2270 static char *ip6_hop_by_hop_error_strings[] = {
2271 #define _(sym,string) string,
2272 foreach_ip6_hop_by_hop_error
2276 #ifndef CLIB_MARCH_VARIANT
2278 format_ip6_hop_by_hop_ext_hdr (u8 * s, va_list * args)
2280 ip6_hop_by_hop_header_t *hbh0 = va_arg (*args, ip6_hop_by_hop_header_t *);
2281 int total_len = va_arg (*args, int);
2282 ip6_hop_by_hop_option_t *opt0, *limit0;
2283 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2286 s = format (s, "IP6_HOP_BY_HOP: next protocol %d len %d total %d",
2287 hbh0->protocol, (hbh0->length + 1) << 3, total_len);
2289 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2290 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 + total_len);
2292 while (opt0 < limit0)
2297 case 0: /* Pad, just stop */
2298 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0 + 1);
2302 if (hm->trace[type0])
2304 s = (*hm->trace[type0]) (s, opt0);
2309 format (s, "\n unrecognized option %d length %d", type0,
2313 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2314 sizeof (ip6_hop_by_hop_option_t));
2323 format_ip6_hop_by_hop_trace (u8 * s, va_list * args)
2325 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
2326 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
2327 ip6_hop_by_hop_trace_t *t = va_arg (*args, ip6_hop_by_hop_trace_t *);
2328 ip6_hop_by_hop_header_t *hbh0;
2329 ip6_hop_by_hop_option_t *opt0, *limit0;
2330 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2334 hbh0 = (ip6_hop_by_hop_header_t *) t->option_data;
2336 s = format (s, "IP6_HOP_BY_HOP: next index %d len %d traced %d",
2337 t->next_index, (hbh0->length + 1) << 3, t->trace_len);
2339 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2340 limit0 = (ip6_hop_by_hop_option_t *) ((u8 *) hbh0) + t->trace_len;
2342 while (opt0 < limit0)
2347 case 0: /* Pad, just stop */
2348 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2352 if (hm->trace[type0])
2354 s = (*hm->trace[type0]) (s, opt0);
2359 format (s, "\n unrecognized option %d length %d", type0,
2363 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2364 sizeof (ip6_hop_by_hop_option_t));
2372 ip6_scan_hbh_options (vlib_buffer_t * b0,
2374 ip6_hop_by_hop_header_t * hbh0,
2375 ip6_hop_by_hop_option_t * opt0,
2376 ip6_hop_by_hop_option_t * limit0, u32 * next0)
2378 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2382 while (opt0 < limit0)
2388 opt0 = (ip6_hop_by_hop_option_t *) ((u8 *) opt0) + 1;
2393 if (hm->options[type0])
2395 if ((*hm->options[type0]) (b0, ip0, opt0) < 0)
2397 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2403 /* Unrecognized mandatory option, check the two high order bits */
2404 switch (opt0->type & HBH_OPTION_TYPE_HIGH_ORDER_BITS)
2406 case HBH_OPTION_TYPE_SKIP_UNKNOWN:
2408 case HBH_OPTION_TYPE_DISCARD_UNKNOWN:
2409 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2410 *next0 = IP_LOOKUP_NEXT_DROP;
2412 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP:
2413 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2414 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2415 icmp6_error_set_vnet_buffer (b0, ICMP6_parameter_problem,
2416 ICMP6_parameter_problem_unrecognized_option,
2417 (u8 *) opt0 - (u8 *) ip0);
2419 case HBH_OPTION_TYPE_DISCARD_UNKNOWN_ICMP_NOT_MCAST:
2420 error0 = IP6_HOP_BY_HOP_ERROR_UNKNOWN_OPTION;
2421 if (!ip6_address_is_multicast (&ip0->dst_address))
2423 *next0 = IP_LOOKUP_NEXT_ICMP_ERROR;
2424 icmp6_error_set_vnet_buffer (b0,
2425 ICMP6_parameter_problem,
2426 ICMP6_parameter_problem_unrecognized_option,
2427 (u8 *) opt0 - (u8 *) ip0);
2431 *next0 = IP_LOOKUP_NEXT_DROP;
2439 (ip6_hop_by_hop_option_t *) (((u8 *) opt0) + opt0->length +
2440 sizeof (ip6_hop_by_hop_option_t));
2446 * Process the Hop-by-Hop Options header
2448 VLIB_NODE_FN (ip6_hop_by_hop_node) (vlib_main_t * vm,
2449 vlib_node_runtime_t * node,
2450 vlib_frame_t * frame)
2452 vlib_node_runtime_t *error_node =
2453 vlib_node_get_runtime (vm, ip6_hop_by_hop_node.index);
2454 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2455 u32 n_left_from, *from, *to_next;
2456 ip_lookup_next_t next_index;
2458 from = vlib_frame_vector_args (frame);
2459 n_left_from = frame->n_vectors;
2460 next_index = node->cached_next_index;
2462 while (n_left_from > 0)
2466 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2468 while (n_left_from >= 4 && n_left_to_next >= 2)
2471 vlib_buffer_t *b0, *b1;
2473 ip6_header_t *ip0, *ip1;
2474 ip6_hop_by_hop_header_t *hbh0, *hbh1;
2475 ip6_hop_by_hop_option_t *opt0, *limit0, *opt1, *limit1;
2476 u8 error0 = 0, error1 = 0;
2478 /* Prefetch next iteration. */
2480 vlib_buffer_t *p2, *p3;
2482 p2 = vlib_get_buffer (vm, from[2]);
2483 p3 = vlib_get_buffer (vm, from[3]);
2485 vlib_prefetch_buffer_header (p2, LOAD);
2486 vlib_prefetch_buffer_header (p3, LOAD);
2488 CLIB_PREFETCH (p2->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2489 CLIB_PREFETCH (p3->data, 2 * CLIB_CACHE_LINE_BYTES, LOAD);
2492 /* Speculatively enqueue b0, b1 to the current next frame */
2493 to_next[0] = bi0 = from[0];
2494 to_next[1] = bi1 = from[1];
2498 n_left_to_next -= 2;
2500 b0 = vlib_get_buffer (vm, bi0);
2501 b1 = vlib_get_buffer (vm, bi1);
2503 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2504 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2505 ip_adjacency_t *adj0 = adj_get (adj_index0);
2506 u32 adj_index1 = vnet_buffer (b1)->ip.adj_index[VLIB_TX];
2507 ip_adjacency_t *adj1 = adj_get (adj_index1);
2509 /* Default use the next_index from the adjacency. A HBH option rarely redirects to a different node */
2510 next0 = adj0->lookup_next_index;
2511 next1 = adj1->lookup_next_index;
2513 ip0 = vlib_buffer_get_current (b0);
2514 ip1 = vlib_buffer_get_current (b1);
2515 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2516 hbh1 = (ip6_hop_by_hop_header_t *) (ip1 + 1);
2517 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2518 opt1 = (ip6_hop_by_hop_option_t *) (hbh1 + 1);
2520 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2521 ((hbh0->length + 1) << 3));
2523 (ip6_hop_by_hop_option_t *) ((u8 *) hbh1 +
2524 ((hbh1->length + 1) << 3));
2527 * Basic validity checks
2529 if ((hbh0->length + 1) << 3 >
2530 clib_net_to_host_u16 (ip0->payload_length))
2532 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2533 next0 = IP_LOOKUP_NEXT_DROP;
2536 /* Scan the set of h-b-h options, process ones that we understand */
2537 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2539 if ((hbh1->length + 1) << 3 >
2540 clib_net_to_host_u16 (ip1->payload_length))
2542 error1 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2543 next1 = IP_LOOKUP_NEXT_DROP;
2546 /* Scan the set of h-b-h options, process ones that we understand */
2547 error1 = ip6_scan_hbh_options (b1, ip1, hbh1, opt1, limit1, &next1);
2550 /* Has the classifier flagged this buffer for special treatment? */
2553 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2554 next0 = hm->next_override;
2556 /* Has the classifier flagged this buffer for special treatment? */
2559 && (vnet_buffer (b1)->l2_classify.opaque_index & OI_DECAP)))
2560 next1 = hm->next_override;
2562 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
2564 if (b0->flags & VLIB_BUFFER_IS_TRACED)
2566 ip6_hop_by_hop_trace_t *t =
2567 vlib_add_trace (vm, node, b0, sizeof (*t));
2568 u32 trace_len = (hbh0->length + 1) << 3;
2569 t->next_index = next0;
2570 /* Capture the h-b-h option verbatim */
2573 ARRAY_LEN (t->option_data) ? trace_len :
2574 ARRAY_LEN (t->option_data);
2575 t->trace_len = trace_len;
2576 clib_memcpy_fast (t->option_data, hbh0, trace_len);
2578 if (b1->flags & VLIB_BUFFER_IS_TRACED)
2580 ip6_hop_by_hop_trace_t *t =
2581 vlib_add_trace (vm, node, b1, sizeof (*t));
2582 u32 trace_len = (hbh1->length + 1) << 3;
2583 t->next_index = next1;
2584 /* Capture the h-b-h option verbatim */
2587 ARRAY_LEN (t->option_data) ? trace_len :
2588 ARRAY_LEN (t->option_data);
2589 t->trace_len = trace_len;
2590 clib_memcpy_fast (t->option_data, hbh1, trace_len);
2595 b0->error = error_node->errors[error0];
2596 b1->error = error_node->errors[error1];
2598 /* verify speculative enqueue, maybe switch current next frame */
2599 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
2600 n_left_to_next, bi0, bi1, next0,
2604 while (n_left_from > 0 && n_left_to_next > 0)
2610 ip6_hop_by_hop_header_t *hbh0;
2611 ip6_hop_by_hop_option_t *opt0, *limit0;
2614 /* Speculatively enqueue b0 to the current next frame */
2620 n_left_to_next -= 1;
2622 b0 = vlib_get_buffer (vm, bi0);
2624 * Default use the next_index from the adjacency.
2625 * A HBH option rarely redirects to a different node
2627 u32 adj_index0 = vnet_buffer (b0)->ip.adj_index[VLIB_TX];
2628 ip_adjacency_t *adj0 = adj_get (adj_index0);
2629 next0 = adj0->lookup_next_index;
2631 ip0 = vlib_buffer_get_current (b0);
2632 hbh0 = (ip6_hop_by_hop_header_t *) (ip0 + 1);
2633 opt0 = (ip6_hop_by_hop_option_t *) (hbh0 + 1);
2635 (ip6_hop_by_hop_option_t *) ((u8 *) hbh0 +
2636 ((hbh0->length + 1) << 3));
2639 * Basic validity checks
2641 if ((hbh0->length + 1) << 3 >
2642 clib_net_to_host_u16 (ip0->payload_length))
2644 error0 = IP6_HOP_BY_HOP_ERROR_FORMAT;
2645 next0 = IP_LOOKUP_NEXT_DROP;
2649 /* Scan the set of h-b-h options, process ones that we understand */
2650 error0 = ip6_scan_hbh_options (b0, ip0, hbh0, opt0, limit0, &next0);
2653 /* Has the classifier flagged this buffer for special treatment? */
2656 && (vnet_buffer (b0)->l2_classify.opaque_index & OI_DECAP)))
2657 next0 = hm->next_override;
2659 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
2661 ip6_hop_by_hop_trace_t *t =
2662 vlib_add_trace (vm, node, b0, sizeof (*t));
2663 u32 trace_len = (hbh0->length + 1) << 3;
2664 t->next_index = next0;
2665 /* Capture the h-b-h option verbatim */
2668 ARRAY_LEN (t->option_data) ? trace_len :
2669 ARRAY_LEN (t->option_data);
2670 t->trace_len = trace_len;
2671 clib_memcpy_fast (t->option_data, hbh0, trace_len);
2674 b0->error = error_node->errors[error0];
2676 /* verify speculative enqueue, maybe switch current next frame */
2677 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2678 n_left_to_next, bi0, next0);
2680 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2682 return frame->n_vectors;
2686 VLIB_REGISTER_NODE (ip6_hop_by_hop_node) =
2688 .name = "ip6-hop-by-hop",
2689 .sibling_of = "ip6-lookup",
2690 .vector_size = sizeof (u32),
2691 .format_trace = format_ip6_hop_by_hop_trace,
2692 .type = VLIB_NODE_TYPE_INTERNAL,
2693 .n_errors = ARRAY_LEN (ip6_hop_by_hop_error_strings),
2694 .error_strings = ip6_hop_by_hop_error_strings,
2699 static clib_error_t *
2700 ip6_hop_by_hop_init (vlib_main_t * vm)
2702 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2703 clib_memset (hm->options, 0, sizeof (hm->options));
2704 clib_memset (hm->trace, 0, sizeof (hm->trace));
2705 hm->next_override = IP6_LOOKUP_NEXT_POP_HOP_BY_HOP;
2709 VLIB_INIT_FUNCTION (ip6_hop_by_hop_init);
2711 #ifndef CLIB_MARCH_VARIANT
2713 ip6_hbh_set_next_override (uword next)
2715 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2717 hm->next_override = next;
2721 ip6_hbh_register_option (u8 option,
2722 int options (vlib_buffer_t * b, ip6_header_t * ip,
2723 ip6_hop_by_hop_option_t * opt),
2724 u8 * trace (u8 * s, ip6_hop_by_hop_option_t * opt))
2726 ip6_main_t *im = &ip6_main;
2727 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2729 ASSERT ((u32) option < ARRAY_LEN (hm->options));
2731 /* Already registered */
2732 if (hm->options[option])
2735 hm->options[option] = options;
2736 hm->trace[option] = trace;
2738 /* Set global variable */
2739 im->hbh_enabled = 1;
2745 ip6_hbh_unregister_option (u8 option)
2747 ip6_main_t *im = &ip6_main;
2748 ip6_hop_by_hop_main_t *hm = &ip6_hop_by_hop_main;
2750 ASSERT ((u32) option < ARRAY_LEN (hm->options));
2752 /* Not registered */
2753 if (!hm->options[option])
2756 hm->options[option] = NULL;
2757 hm->trace[option] = NULL;
2759 /* Disable global knob if this was the last option configured */
2762 for (i = 0; i < 256; i++)
2764 if (hm->options[option])
2771 im->hbh_enabled = 0;
2776 /* Global IP6 main. */
2777 ip6_main_t ip6_main;
2780 static clib_error_t *
2781 ip6_lookup_init (vlib_main_t * vm)
2783 ip6_main_t *im = &ip6_main;
2784 clib_error_t *error;
2787 if ((error = vlib_call_init_function (vm, vnet_feature_init)))
2790 for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
2797 for (j = 0; j < i0; j++)
2798 im->fib_masks[i].as_u32[j] = ~0;
2801 im->fib_masks[i].as_u32[i0] =
2802 clib_host_to_net_u32 (pow2_mask (i1) << (32 - i1));
2805 ip_lookup_init (&im->lookup_main, /* is_ip6 */ 1);
2807 if (im->lookup_table_nbuckets == 0)
2808 im->lookup_table_nbuckets = IP6_FIB_DEFAULT_HASH_NUM_BUCKETS;
2810 im->lookup_table_nbuckets = 1 << max_log2 (im->lookup_table_nbuckets);
2812 if (im->lookup_table_size == 0)
2813 im->lookup_table_size = IP6_FIB_DEFAULT_HASH_MEMORY_SIZE;
2815 clib_bihash_init_24_8 (&(im->ip6_table[IP6_FIB_TABLE_FWDING].ip6_hash),
2816 "ip6 FIB fwding table",
2817 im->lookup_table_nbuckets, im->lookup_table_size);
2818 clib_bihash_init_24_8 (&im->ip6_table[IP6_FIB_TABLE_NON_FWDING].ip6_hash,
2819 "ip6 FIB non-fwding table",
2820 im->lookup_table_nbuckets, im->lookup_table_size);
2821 clib_bihash_init_40_8 (&im->ip6_mtable.ip6_mhash,
2823 im->lookup_table_nbuckets, im->lookup_table_size);
2825 /* Create FIB with index 0 and table id of 0. */
2826 fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0,
2827 FIB_SOURCE_DEFAULT_ROUTE);
2828 mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, 0,
2829 MFIB_SOURCE_DEFAULT_ROUTE);
2833 pn = pg_get_node (ip6_lookup_node.index);
2834 pn->unformat_edit = unformat_pg_ip6_header;
2837 /* Unless explicitly configured, don't process HBH options */
2838 im->hbh_enabled = 0;
2843 VLIB_INIT_FUNCTION (ip6_lookup_init);
2845 #ifndef CLIB_MARCH_VARIANT
2847 vnet_set_ip6_flow_hash (u32 table_id, u32 flow_hash_config)
2851 fib_index = fib_table_find (FIB_PROTOCOL_IP6, table_id);
2853 if (~0 == fib_index)
2854 return VNET_API_ERROR_NO_SUCH_FIB;
2856 fib_table_set_flow_hash_config (fib_index, FIB_PROTOCOL_IP6,
2863 static clib_error_t *
2864 set_ip6_flow_hash_command_fn (vlib_main_t * vm,
2865 unformat_input_t * input,
2866 vlib_cli_command_t * cmd)
2870 u32 flow_hash_config = 0;
2873 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2875 if (unformat (input, "table %d", &table_id))
2878 else if (unformat (input, #a)) { flow_hash_config |= v; matched=1;}
2879 foreach_flow_hash_bit
2886 return clib_error_return (0, "unknown input `%U'",
2887 format_unformat_error, input);
2889 rv = vnet_set_ip6_flow_hash (table_id, flow_hash_config);
2896 return clib_error_return (0, "no such FIB table %d", table_id);
2899 clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
2907 * Configure the set of IPv6 fields used by the flow hash.
2911 * Example of how to set the flow hash on a given table:
2912 * @cliexcmd{set ip6 flow-hash table 8 dst sport dport proto}
2914 * Example of display the configured flow hash:
2915 * @cliexstart{show ip6 fib}
2916 * ipv6-VRF:0, fib_index 0, flow hash: src dst sport dport proto
2919 * [@0]: dpo-load-balance: [index:5 buckets:1 uRPF:5 to:[0:0]]
2920 * [0] [@0]: dpo-drop ip6
2923 * [@0]: dpo-load-balance: [index:10 buckets:1 uRPF:10 to:[0:0]]
2924 * [0] [@2]: dpo-receive
2927 * [@0]: dpo-load-balance: [index:8 buckets:1 uRPF:8 to:[0:0]]
2928 * [0] [@2]: dpo-receive
2931 * [@0]: dpo-load-balance: [index:7 buckets:1 uRPF:7 to:[0:0]]
2932 * [0] [@2]: dpo-receive
2935 * [@0]: dpo-load-balance: [index:9 buckets:1 uRPF:9 to:[0:0]]
2936 * [0] [@2]: dpo-receive
2937 * ff02::1:ff00:0/104
2939 * [@0]: dpo-load-balance: [index:6 buckets:1 uRPF:6 to:[0:0]]
2940 * [0] [@2]: dpo-receive
2941 * ipv6-VRF:8, fib_index 1, flow hash: dst sport dport proto
2944 * [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
2945 * [0] [@0]: dpo-drop ip6
2948 * [@0]: dpo-load-balance: [index:27 buckets:1 uRPF:26 to:[0:0]]
2949 * [0] [@4]: ipv6-glean: af_packet0
2952 * [@0]: dpo-load-balance: [index:28 buckets:1 uRPF:27 to:[0:0]]
2953 * [0] [@2]: dpo-receive: @::a:1:1:0:7 on af_packet0
2956 * [@0]: dpo-load-balance: [index:26 buckets:1 uRPF:25 to:[0:0]]
2957 * [0] [@2]: dpo-receive
2958 * fe80::fe:3eff:fe3e:9222/128
2960 * [@0]: dpo-load-balance: [index:29 buckets:1 uRPF:28 to:[0:0]]
2961 * [0] [@2]: dpo-receive: fe80::fe:3eff:fe3e:9222 on af_packet0
2964 * [@0]: dpo-load-balance: [index:24 buckets:1 uRPF:23 to:[0:0]]
2965 * [0] [@2]: dpo-receive
2968 * [@0]: dpo-load-balance: [index:23 buckets:1 uRPF:22 to:[0:0]]
2969 * [0] [@2]: dpo-receive
2972 * [@0]: dpo-load-balance: [index:25 buckets:1 uRPF:24 to:[0:0]]
2973 * [0] [@2]: dpo-receive
2974 * ff02::1:ff00:0/104
2976 * [@0]: dpo-load-balance: [index:22 buckets:1 uRPF:21 to:[0:0]]
2977 * [0] [@2]: dpo-receive
2982 VLIB_CLI_COMMAND (set_ip6_flow_hash_command, static) =
2984 .path = "set ip6 flow-hash",
2986 "set ip6 flow-hash table <table-id> [src] [dst] [sport] [dport] [proto] [reverse]",
2987 .function = set_ip6_flow_hash_command_fn,
2991 static clib_error_t *
2992 show_ip6_local_command_fn (vlib_main_t * vm,
2993 unformat_input_t * input, vlib_cli_command_t * cmd)
2995 ip6_main_t *im = &ip6_main;
2996 ip_lookup_main_t *lm = &im->lookup_main;
2999 vlib_cli_output (vm, "Protocols handled by ip6_local");
3000 for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
3002 if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
3005 u32 node_index = vlib_get_node (vm,
3006 ip6_local_node.index)->
3007 next_nodes[lm->local_next_by_ip_protocol[i]];
3008 vlib_cli_output (vm, "%d: %U", i, format_vlib_node_name, vm,
3018 * Display the set of protocols handled by the local IPv6 stack.
3021 * Example of how to display local protocol table:
3022 * @cliexstart{show ip6 local}
3023 * Protocols handled by ip6_local
3031 VLIB_CLI_COMMAND (show_ip6_local, static) =
3033 .path = "show ip6 local",
3034 .function = show_ip6_local_command_fn,
3035 .short_help = "show ip6 local",
3039 #ifndef CLIB_MARCH_VARIANT
3041 vnet_set_ip6_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
3044 vnet_main_t *vnm = vnet_get_main ();
3045 vnet_interface_main_t *im = &vnm->interface_main;
3046 ip6_main_t *ipm = &ip6_main;
3047 ip_lookup_main_t *lm = &ipm->lookup_main;
3048 vnet_classify_main_t *cm = &vnet_classify_main;
3049 ip6_address_t *if_addr;
3051 if (pool_is_free_index (im->sw_interfaces, sw_if_index))
3052 return VNET_API_ERROR_NO_MATCHING_INTERFACE;
3054 if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
3055 return VNET_API_ERROR_NO_SUCH_ENTRY;
3057 vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
3058 lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
3060 if_addr = ip6_interface_first_address (ipm, sw_if_index);
3062 if (NULL != if_addr)
3064 fib_prefix_t pfx = {
3066 .fp_proto = FIB_PROTOCOL_IP6,
3067 .fp_addr.ip6 = *if_addr,
3071 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
3075 if (table_index != (u32) ~ 0)
3077 dpo_id_t dpo = DPO_INVALID;
3082 classify_dpo_create (DPO_PROTO_IP6, table_index));
3084 fib_table_entry_special_dpo_add (fib_index,
3086 FIB_SOURCE_CLASSIFY,
3087 FIB_ENTRY_FLAG_NONE, &dpo);
3092 fib_table_entry_special_remove (fib_index,
3093 &pfx, FIB_SOURCE_CLASSIFY);
3101 static clib_error_t *
3102 set_ip6_classify_command_fn (vlib_main_t * vm,
3103 unformat_input_t * input,
3104 vlib_cli_command_t * cmd)
3106 u32 table_index = ~0;
3107 int table_index_set = 0;
3108 u32 sw_if_index = ~0;
3111 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3113 if (unformat (input, "table-index %d", &table_index))
3114 table_index_set = 1;
3115 else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
3116 vnet_get_main (), &sw_if_index))
3122 if (table_index_set == 0)
3123 return clib_error_return (0, "classify table-index must be specified");
3125 if (sw_if_index == ~0)
3126 return clib_error_return (0, "interface / subif must be specified");
3128 rv = vnet_set_ip6_classify_intfc (vm, sw_if_index, table_index);
3135 case VNET_API_ERROR_NO_MATCHING_INTERFACE:
3136 return clib_error_return (0, "No such interface");
3138 case VNET_API_ERROR_NO_SUCH_ENTRY:
3139 return clib_error_return (0, "No such classifier table");
3145 * Assign a classification table to an interface. The classification
3146 * table is created using the '<em>classify table</em>' and '<em>classify session</em>'
3147 * commands. Once the table is create, use this command to filter packets
3151 * Example of how to assign a classification table to an interface:
3152 * @cliexcmd{set ip6 classify intfc GigabitEthernet2/0/0 table-index 1}
3155 VLIB_CLI_COMMAND (set_ip6_classify_command, static) =
3157 .path = "set ip6 classify",
3159 "set ip6 classify intfc <interface> table-index <classify-idx>",
3160 .function = set_ip6_classify_command_fn,
3164 static clib_error_t *
3165 ip6_config (vlib_main_t * vm, unformat_input_t * input)
3167 ip6_main_t *im = &ip6_main;
3172 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
3174 if (unformat (input, "hash-buckets %d", &tmp))
3176 else if (unformat (input, "heap-size %U",
3177 unformat_memory_size, &heapsize))
3180 return clib_error_return (0, "unknown input '%U'",
3181 format_unformat_error, input);
3184 im->lookup_table_nbuckets = nbuckets;
3185 im->lookup_table_size = heapsize;
3190 VLIB_EARLY_CONFIG_FUNCTION (ip6_config, "ip6");
3193 * fd.io coding-style-patch-verification: ON
3196 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob