2 * decap.c: vxlan tunnel decap packet processing
4 * Copyright (c) 2013 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vlib/vlib.h>
19 #include <vnet/pg/pg.h>
20 #include <vnet/vxlan/vxlan.h>
22 vlib_node_registration_t vxlan4_input_node;
23 vlib_node_registration_t vxlan6_input_node;
32 static u8 * format_vxlan_rx_trace (u8 * s, va_list * args)
34 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
35 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
36 vxlan_rx_trace_t * t = va_arg (*args, vxlan_rx_trace_t *);
38 if (t->tunnel_index != ~0)
40 s = format (s, "VXLAN decap from vxlan_tunnel%d vni %d next %d error %d",
41 t->tunnel_index, t->vni, t->next_index, t->error);
45 s = format (s, "VXLAN decap error - tunnel for vni %d does not exist",
52 validate_vxlan_fib (vlib_buffer_t *b, vxlan_tunnel_t *t, u32 is_ip4)
54 u32 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
56 u32 * fib_index_by_sw_if_index = is_ip4 ?
57 ip4_main.fib_index_by_sw_if_index : ip6_main.fib_index_by_sw_if_index;
58 u32 tx_sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_TX];
59 u32 fib_index = (tx_sw_if_index == (u32) ~ 0) ?
60 vec_elt (fib_index_by_sw_if_index, sw_if_index) : tx_sw_if_index;
62 return (fib_index == t->encap_fib_index);
67 vxlan4_tunnel_key_t key4;
73 vxlan6_tunnel_key_t key6;
77 always_inline vxlan_tunnel_t *
78 vxlan4_find_tunnel (vxlan_main_t * vxm, last_tunnel_cache4 * cache,
79 ip4_header_t * ip4_0, vxlan_header_t * vxlan0,
80 vxlan_tunnel_t ** stats_t0)
82 /* Make sure VXLAN tunnel exist according to packet SIP and VNI */
83 vxlan4_tunnel_key_t key4_0 = {
84 .src = ip4_0->src_address.as_u32,
85 .vni = vxlan0->vni_reserved,
88 if (PREDICT_FALSE (key4_0.as_u64 != cache->key4.as_u64))
90 uword * p = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64);
91 if (PREDICT_FALSE (p == 0))
95 cache->tunnel_index = p[0];
97 vxlan_tunnel_t * t0 = pool_elt_at_index (vxm->tunnels, cache->tunnel_index);
99 /* Validate VXLAN tunnel SIP against packet DIP */
100 if (PREDICT_TRUE (ip4_0->dst_address.as_u32 == t0->src.ip4.as_u32))
105 if (PREDICT_TRUE (!ip4_address_is_multicast (&ip4_0->dst_address)))
108 key4_0.src = ip4_0->dst_address.as_u32;
109 /* Make sure mcast VXLAN tunnel exist by packet DIP and VNI */
110 uword * p = hash_get (vxm->vxlan4_tunnel_by_key, key4_0.as_u64);
111 if (PREDICT_FALSE (p == NULL))
113 *stats_t0 = pool_elt_at_index (vxm->tunnels, p[0]);
119 always_inline vxlan_tunnel_t *
120 vxlan6_find_tunnel (vxlan_main_t * vxm, last_tunnel_cache6 * cache,
121 ip6_header_t * ip6_0, vxlan_header_t * vxlan0,
122 vxlan_tunnel_t ** stats_t0)
124 /* Make sure VXLAN tunnel exist according to packet SIP and VNI */
125 vxlan6_tunnel_key_t key6_0 = {
126 .src = ip6_0->src_address,
127 .vni = vxlan0->vni_reserved,
130 if (PREDICT_FALSE (memcmp(&key6_0, &cache->key6, sizeof key6_0) != 0))
132 uword * p = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6_0);
133 if (PREDICT_FALSE (p == NULL))
136 cache->key6 = key6_0;
137 cache->tunnel_index = p[0];
139 vxlan_tunnel_t * t0 = pool_elt_at_index (vxm->tunnels, cache->tunnel_index);
141 /* Validate VXLAN tunnel SIP against packet DIP */
142 if (PREDICT_TRUE (ip6_address_is_equal (&ip6_0->dst_address, &t0->src.ip6)))
147 if (PREDICT_TRUE (!ip6_address_is_multicast (&ip6_0->dst_address)))
150 key6_0.src = ip6_0->dst_address;
151 /* Make sure mcast VXLAN tunnel exist by packet DIP and VNI */
152 uword * p = hash_get_mem (vxm->vxlan6_tunnel_by_key, &key6_0);
153 if (PREDICT_FALSE (p == NULL))
155 *stats_t0 = pool_elt_at_index (vxm->tunnels, p[0]);
162 vxlan_input (vlib_main_t * vm,
163 vlib_node_runtime_t * node,
164 vlib_frame_t * from_frame,
167 vxlan_main_t * vxm = &vxlan_main;
168 vnet_main_t * vnm = vxm->vnet_main;
169 vnet_interface_main_t * im = &vnm->interface_main;
170 vlib_combined_counter_main_t * rx_counter = im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_RX;
171 vlib_combined_counter_main_t * drop_counter = im->combined_sw_if_counters + VNET_INTERFACE_COUNTER_DROP;
172 last_tunnel_cache4 last4 = { .tunnel_index = ~0 };
173 last_tunnel_cache6 last6 = { .tunnel_index = ~0 };
174 u32 pkts_decapsulated = 0;
175 u32 thread_index = vlib_get_thread_index();
178 last4.key4.as_u64 = ~0;
180 memset (&last6.key6, 0xff, sizeof last6.key6);
182 u32 next_index = node->cached_next_index;
184 u32 * from = vlib_frame_vector_args (from_frame);
185 u32 n_left_from = from_frame->n_vectors;
187 while (n_left_from > 0)
189 u32 * to_next, n_left_to_next;
190 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
192 while (n_left_from >= 4 && n_left_to_next >= 2)
194 /* Prefetch next iteration. */
196 vlib_buffer_t * p2, * p3;
198 p2 = vlib_get_buffer (vm, from[2]);
199 p3 = vlib_get_buffer (vm, from[3]);
201 vlib_prefetch_buffer_header (p2, LOAD);
202 vlib_prefetch_buffer_header (p3, LOAD);
204 CLIB_PREFETCH (p2->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
205 CLIB_PREFETCH (p3->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
208 u32 bi0 = to_next[0] = from[0];
209 u32 bi1 = to_next[1] = from[1];
215 vlib_buffer_t * b0, * b1;
216 b0 = vlib_get_buffer (vm, bi0);
217 b1 = vlib_get_buffer (vm, bi1);
219 /* udp leaves current_data pointing at the vxlan header */
220 void * cur0 = vlib_buffer_get_current (b0);
221 void * cur1 = vlib_buffer_get_current (b1);
222 vxlan_header_t * vxlan0 = cur0;
223 vxlan_header_t * vxlan1 = cur1;
225 ip4_header_t * ip4_0, * ip4_1;
226 ip6_header_t * ip6_0, * ip6_1;
228 ip4_0 = cur0 - sizeof(udp_header_t) - sizeof(ip4_header_t);
229 ip4_1 = cur1 - sizeof(udp_header_t) - sizeof(ip4_header_t);
231 ip6_0 = cur0 - sizeof(udp_header_t) - sizeof(ip6_header_t);
232 ip6_1 = cur1 - sizeof(udp_header_t) - sizeof(ip6_header_t);
236 vlib_buffer_advance (b0, sizeof *vxlan0);
237 vlib_buffer_advance (b1, sizeof *vxlan1);
239 vxlan_tunnel_t * t0, * stats_t0;
240 vxlan_tunnel_t * t1, * stats_t1;
243 t0 = vxlan4_find_tunnel (vxm, &last4, ip4_0, vxlan0, &stats_t0);
244 t1 = vxlan4_find_tunnel (vxm, &last4, ip4_1, vxlan1, &stats_t1);
248 t0 = vxlan6_find_tunnel (vxm, &last6, ip6_0, vxlan0, &stats_t0);
249 t1 = vxlan6_find_tunnel (vxm, &last6, ip6_1, vxlan1, &stats_t1);
252 u32 len0 = vlib_buffer_length_in_chain (vm, b0);
253 u32 len1 = vlib_buffer_length_in_chain (vm, b1);
256 u8 error0 = 0, error1 = 0;
257 /* Validate VXLAN tunnel encap-fib index agaist packet */
258 if (PREDICT_FALSE (t0 == 0 || validate_vxlan_fib (b0, t0, is_ip4) == 0 ||
259 vxlan0->flags != VXLAN_FLAGS_I))
261 next0 = VXLAN_INPUT_NEXT_DROP;
263 if (t0 != 0 && vxlan0->flags != VXLAN_FLAGS_I)
265 error0 = VXLAN_ERROR_BAD_FLAGS;
266 vlib_increment_combined_counter
267 (drop_counter, thread_index, stats_t0->sw_if_index, 1, len0);
270 error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
271 b0->error = node->errors[error0];
275 next0 = t0->decap_next_index;
277 /* Required to make the l2 tag push / pop code work on l2 subifs */
278 if (PREDICT_TRUE(next0 == VXLAN_INPUT_NEXT_L2_INPUT))
279 vnet_update_l2_len (b0);
281 /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
282 vnet_buffer(b0)->sw_if_index[VLIB_RX] = t0->sw_if_index;
283 vlib_increment_combined_counter
284 (rx_counter, thread_index, stats_t0->sw_if_index, 1, len0);
288 /* Validate VXLAN tunnel encap-fib index agaist packet */
289 if (PREDICT_FALSE (t1 == 0 || validate_vxlan_fib (b1, t1, is_ip4) == 0 ||
290 vxlan1->flags != VXLAN_FLAGS_I))
292 next1 = VXLAN_INPUT_NEXT_DROP;
294 if (t1 != 0 && vxlan1->flags != VXLAN_FLAGS_I)
296 error1 = VXLAN_ERROR_BAD_FLAGS;
297 vlib_increment_combined_counter
298 (drop_counter, thread_index, stats_t1->sw_if_index, 1, len1);
301 error1 = VXLAN_ERROR_NO_SUCH_TUNNEL;
302 b1->error = node->errors[error1];
306 next1 = t1->decap_next_index;
308 /* Required to make the l2 tag push / pop code work on l2 subifs */
309 if (PREDICT_TRUE(next1 == VXLAN_INPUT_NEXT_L2_INPUT))
310 vnet_update_l2_len (b1);
312 /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
313 vnet_buffer(b1)->sw_if_index[VLIB_RX] = t1->sw_if_index;
316 vlib_increment_combined_counter
317 (rx_counter, thread_index, stats_t1->sw_if_index, 1, len1);
320 if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED))
322 vxlan_rx_trace_t *tr = vlib_add_trace (vm, node, b0, sizeof (*tr));
323 tr->next_index = next0;
325 tr->tunnel_index = t0 == 0 ? ~0 : t0 - vxm->tunnels;
326 tr->vni = vnet_get_vni (vxlan0);
328 if (PREDICT_FALSE(b1->flags & VLIB_BUFFER_IS_TRACED))
330 vxlan_rx_trace_t *tr = vlib_add_trace (vm, node, b1, sizeof (*tr));
331 tr->next_index = next1;
333 tr->tunnel_index = t1 == 0 ? ~0 : t1 - vxm->tunnels;
334 tr->vni = vnet_get_vni (vxlan1);
337 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
338 to_next, n_left_to_next,
339 bi0, bi1, next0, next1);
342 while (n_left_from > 0 && n_left_to_next > 0)
344 u32 bi0 = to_next[0] = from[0];
350 vlib_buffer_t * b0 = vlib_get_buffer (vm, bi0);
352 /* udp leaves current_data pointing at the vxlan header */
353 void * cur0 = vlib_buffer_get_current (b0);
354 vxlan_header_t * vxlan0 = cur0;
355 ip4_header_t * ip4_0;
356 ip6_header_t * ip6_0;
358 ip4_0 = cur0 -sizeof(udp_header_t) - sizeof(ip4_header_t);
360 ip6_0 = cur0 -sizeof(udp_header_t) - sizeof(ip6_header_t);
362 /* pop (ip, udp, vxlan) */
363 vlib_buffer_advance (b0, sizeof(*vxlan0));
365 vxlan_tunnel_t * t0, * stats_t0;
367 t0 = vxlan4_find_tunnel (vxm, &last4, ip4_0, vxlan0, &stats_t0);
369 t0 = vxlan6_find_tunnel (vxm, &last6, ip6_0, vxlan0, &stats_t0);
371 uword len0 = vlib_buffer_length_in_chain (vm, b0);
375 /* Validate VXLAN tunnel encap-fib index agaist packet */
376 if (PREDICT_FALSE (t0 == 0 || validate_vxlan_fib (b0, t0, is_ip4) == 0 ||
377 vxlan0->flags != VXLAN_FLAGS_I))
379 next0 = VXLAN_INPUT_NEXT_DROP;
381 if (t0 != 0 && vxlan0->flags != VXLAN_FLAGS_I)
383 error0 = VXLAN_ERROR_BAD_FLAGS;
384 vlib_increment_combined_counter
385 (drop_counter, thread_index, stats_t0->sw_if_index, 1, len0);
388 error0 = VXLAN_ERROR_NO_SUCH_TUNNEL;
389 b0->error = node->errors[error0];
393 next0 = t0->decap_next_index;
395 /* Required to make the l2 tag push / pop code work on l2 subifs */
396 if (PREDICT_TRUE(next0 == VXLAN_INPUT_NEXT_L2_INPUT))
397 vnet_update_l2_len (b0);
399 /* Set packet input sw_if_index to unicast VXLAN tunnel for learning */
400 vnet_buffer(b0)->sw_if_index[VLIB_RX] = t0->sw_if_index;
403 vlib_increment_combined_counter
404 (rx_counter, thread_index, stats_t0->sw_if_index, 1, len0);
407 if (PREDICT_FALSE(b0->flags & VLIB_BUFFER_IS_TRACED))
410 = vlib_add_trace (vm, node, b0, sizeof (*tr));
411 tr->next_index = next0;
413 tr->tunnel_index = t0 == 0 ? ~0 : t0 - vxm->tunnels;
414 tr->vni = vnet_get_vni (vxlan0);
416 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
417 to_next, n_left_to_next,
421 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
423 /* Do we still need this now that tunnel tx stats is kept? */
424 u32 node_idx = is_ip4 ? vxlan4_input_node.index : vxlan6_input_node.index;
425 vlib_node_increment_counter (vm, node_idx, VXLAN_ERROR_DECAPSULATED,
428 return from_frame->n_vectors;
432 vxlan4_input (vlib_main_t * vm,
433 vlib_node_runtime_t * node,
434 vlib_frame_t * from_frame)
436 return vxlan_input(vm, node, from_frame, /* is_ip4 */ 1);
440 vxlan6_input (vlib_main_t * vm,
441 vlib_node_runtime_t * node,
442 vlib_frame_t * from_frame)
444 return vxlan_input(vm, node, from_frame, /* is_ip4 */ 0);
447 static char * vxlan_error_strings[] = {
448 #define vxlan_error(n,s) s,
449 #include <vnet/vxlan/vxlan_error.def>
454 VLIB_REGISTER_NODE (vxlan4_input_node) = {
455 .function = vxlan4_input,
456 .name = "vxlan4-input",
457 /* Takes a vector of packets. */
458 .vector_size = sizeof (u32),
460 .n_errors = VXLAN_N_ERROR,
461 .error_strings = vxlan_error_strings,
463 .n_next_nodes = VXLAN_INPUT_N_NEXT,
465 #define _(s,n) [VXLAN_INPUT_NEXT_##s] = n,
466 foreach_vxlan_input_next
470 //temp .format_buffer = format_vxlan_header,
471 .format_trace = format_vxlan_rx_trace,
472 // $$$$ .unformat_buffer = unformat_vxlan_header,
475 VLIB_NODE_FUNCTION_MULTIARCH (vxlan4_input_node, vxlan4_input)
477 VLIB_REGISTER_NODE (vxlan6_input_node) = {
478 .function = vxlan6_input,
479 .name = "vxlan6-input",
480 /* Takes a vector of packets. */
481 .vector_size = sizeof (u32),
483 .n_errors = VXLAN_N_ERROR,
484 .error_strings = vxlan_error_strings,
486 .n_next_nodes = VXLAN_INPUT_N_NEXT,
488 #define _(s,n) [VXLAN_INPUT_NEXT_##s] = n,
489 foreach_vxlan_input_next
493 //temp .format_buffer = format_vxlan_header,
494 .format_trace = format_vxlan_rx_trace,
495 // $$$$ .unformat_buffer = unformat_vxlan_header,
498 VLIB_NODE_FUNCTION_MULTIARCH (vxlan6_input_node, vxlan6_input)
502 IP_VXLAN_BYPASS_NEXT_DROP,
503 IP_VXLAN_BYPASS_NEXT_VXLAN,
504 IP_VXLAN_BYPASS_N_NEXT,
505 } ip_vxan_bypass_next_t;
508 ip_vxlan_bypass_inline (vlib_main_t * vm,
509 vlib_node_runtime_t * node,
510 vlib_frame_t * frame,
513 vxlan_main_t * vxm = &vxlan_main;
514 u32 * from, * to_next, n_left_from, n_left_to_next, next_index;
515 vlib_node_runtime_t * error_node = vlib_node_get_runtime (vm, ip4_input_node.index);
516 ip4_address_t addr4; /* last IPv4 address matching a local VTEP address */
517 ip6_address_t addr6; /* last IPv6 address matching a local VTEP address */
519 from = vlib_frame_vector_args (frame);
520 n_left_from = frame->n_vectors;
521 next_index = node->cached_next_index;
523 if (node->flags & VLIB_NODE_FLAG_TRACE)
524 ip4_forward_next_trace (vm, node, frame, VLIB_TX);
526 if (is_ip4) addr4.data_u32 = ~0;
527 else ip6_address_set_zero (&addr6);
529 while (n_left_from > 0)
531 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
533 while (n_left_from >= 4 && n_left_to_next >= 2)
535 vlib_buffer_t * b0, * b1;
536 ip4_header_t * ip40, * ip41;
537 ip6_header_t * ip60, * ip61;
538 udp_header_t * udp0, * udp1;
539 u32 bi0, ip_len0, udp_len0, flags0, next0;
540 u32 bi1, ip_len1, udp_len1, flags1, next1;
541 i32 len_diff0, len_diff1;
542 u8 error0, good_udp0, proto0;
543 u8 error1, good_udp1, proto1;
545 /* Prefetch next iteration. */
547 vlib_buffer_t * p2, * p3;
549 p2 = vlib_get_buffer (vm, from[2]);
550 p3 = vlib_get_buffer (vm, from[3]);
552 vlib_prefetch_buffer_header (p2, LOAD);
553 vlib_prefetch_buffer_header (p3, LOAD);
555 CLIB_PREFETCH (p2->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
556 CLIB_PREFETCH (p3->data, 2*CLIB_CACHE_LINE_BYTES, LOAD);
559 bi0 = to_next[0] = from[0];
560 bi1 = to_next[1] = from[1];
566 b0 = vlib_get_buffer (vm, bi0);
567 b1 = vlib_get_buffer (vm, bi1);
570 ip40 = vlib_buffer_get_current (b0);
571 ip41 = vlib_buffer_get_current (b1);
575 ip60 = vlib_buffer_get_current (b0);
576 ip61 = vlib_buffer_get_current (b1);
579 /* Setup packet for next IP feature */
580 vnet_feature_next(vnet_buffer(b0)->sw_if_index[VLIB_RX], &next0, b0);
581 vnet_feature_next(vnet_buffer(b1)->sw_if_index[VLIB_RX], &next1, b1);
585 /* Treat IP frag packets as "experimental" protocol for now
586 until support of IP frag reassembly is implemented */
587 proto0 = ip4_is_fragment(ip40) ? 0xfe : ip40->protocol;
588 proto1 = ip4_is_fragment(ip41) ? 0xfe : ip41->protocol;
592 proto0 = ip60->protocol;
593 proto1 = ip61->protocol;
596 /* Process packet 0 */
597 if (proto0 != IP_PROTOCOL_UDP)
598 goto exit0; /* not UDP packet */
601 udp0 = ip4_next_header (ip40);
603 udp0 = ip6_next_header (ip60);
605 if (udp0->dst_port != clib_host_to_net_u16 (UDP_DST_PORT_vxlan))
606 goto exit0; /* not VXLAN packet */
608 /* Validate DIP against VTEPs*/
611 if (addr4.as_u32 != ip40->dst_address.as_u32)
613 if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
614 goto exit0; /* no local VTEP for VXLAN packet */
615 addr4 = ip40->dst_address;
620 if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
622 if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
623 goto exit0; /* no local VTEP for VXLAN packet */
624 addr6 = ip60->dst_address;
629 good_udp0 = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
631 /* Don't verify UDP checksum for packets with explicit zero checksum. */
632 good_udp0 |= udp0->checksum == 0;
634 /* Verify UDP length */
636 ip_len0 = clib_net_to_host_u16 (ip40->length);
638 ip_len0 = clib_net_to_host_u16 (ip60->payload_length);
639 udp_len0 = clib_net_to_host_u16 (udp0->length);
640 len_diff0 = ip_len0 - udp_len0;
642 /* Verify UDP checksum */
643 if (PREDICT_FALSE (!good_udp0))
645 if ((flags0 & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED) == 0)
648 flags0 = ip4_tcp_udp_validate_checksum (vm, b0);
650 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, b0);
652 (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
658 error0 = good_udp0 ? 0 : IP4_ERROR_UDP_CHECKSUM;
659 error0 = (len_diff0 >= 0) ? error0 : IP4_ERROR_UDP_LENGTH;
663 error0 = good_udp0 ? 0 : IP6_ERROR_UDP_CHECKSUM;
664 error0 = (len_diff0 >= 0) ? error0 : IP6_ERROR_UDP_LENGTH;
668 IP_VXLAN_BYPASS_NEXT_DROP : IP_VXLAN_BYPASS_NEXT_VXLAN;
669 b0->error = error0 ? error_node->errors[error0] : 0;
671 /* vxlan-input node expect current at VXLAN header */
673 vlib_buffer_advance (b0, sizeof(ip4_header_t)+sizeof(udp_header_t));
675 vlib_buffer_advance (b0, sizeof(ip6_header_t)+sizeof(udp_header_t));
678 /* Process packet 1 */
679 if (proto1 != IP_PROTOCOL_UDP)
680 goto exit1; /* not UDP packet */
683 udp1 = ip4_next_header (ip41);
685 udp1 = ip6_next_header (ip61);
687 if (udp1->dst_port != clib_host_to_net_u16 (UDP_DST_PORT_vxlan))
688 goto exit1; /* not VXLAN packet */
690 /* Validate DIP against VTEPs*/
693 if (addr4.as_u32 != ip41->dst_address.as_u32)
695 if (!hash_get (vxm->vtep4, ip41->dst_address.as_u32))
696 goto exit1; /* no local VTEP for VXLAN packet */
697 addr4 = ip41->dst_address;
702 if (!ip6_address_is_equal (&addr6, &ip61->dst_address))
704 if (!hash_get_mem (vxm->vtep6, &ip61->dst_address))
705 goto exit1; /* no local VTEP for VXLAN packet */
706 addr6 = ip61->dst_address;
711 good_udp1 = (flags1 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
713 /* Don't verify UDP checksum for packets with explicit zero checksum. */
714 good_udp1 |= udp1->checksum == 0;
716 /* Verify UDP length */
718 ip_len1 = clib_net_to_host_u16 (ip41->length);
720 ip_len1 = clib_net_to_host_u16 (ip61->payload_length);
721 udp_len1 = clib_net_to_host_u16 (udp1->length);
722 len_diff1 = ip_len1 - udp_len1;
724 /* Verify UDP checksum */
725 if (PREDICT_FALSE (!good_udp1))
727 if ((flags1 & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED) == 0)
730 flags1 = ip4_tcp_udp_validate_checksum (vm, b1);
732 flags1 = ip6_tcp_udp_icmp_validate_checksum (vm, b1);
734 (flags1 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
740 error1 = good_udp1 ? 0 : IP4_ERROR_UDP_CHECKSUM;
741 error1 = (len_diff1 >= 0) ? error1 : IP4_ERROR_UDP_LENGTH;
745 error1 = good_udp1 ? 0 : IP6_ERROR_UDP_CHECKSUM;
746 error1 = (len_diff1 >= 0) ? error1 : IP6_ERROR_UDP_LENGTH;
750 IP_VXLAN_BYPASS_NEXT_DROP : IP_VXLAN_BYPASS_NEXT_VXLAN;
751 b1->error = error1 ? error_node->errors[error1] : 0;
753 /* vxlan-input node expect current at VXLAN header */
755 vlib_buffer_advance (b1, sizeof(ip4_header_t)+sizeof(udp_header_t));
757 vlib_buffer_advance (b1, sizeof(ip6_header_t)+sizeof(udp_header_t));
760 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
761 to_next, n_left_to_next,
762 bi0, bi1, next0, next1);
765 while (n_left_from > 0 && n_left_to_next > 0)
771 u32 bi0, ip_len0, udp_len0, flags0, next0;
773 u8 error0, good_udp0, proto0;
775 bi0 = to_next[0] = from[0];
781 b0 = vlib_get_buffer (vm, bi0);
783 ip40 = vlib_buffer_get_current (b0);
785 ip60 = vlib_buffer_get_current (b0);
787 /* Setup packet for next IP feature */
788 vnet_feature_next(vnet_buffer(b0)->sw_if_index[VLIB_RX], &next0, b0);
791 /* Treat IP4 frag packets as "experimental" protocol for now
792 until support of IP frag reassembly is implemented */
793 proto0 = ip4_is_fragment(ip40) ? 0xfe : ip40->protocol;
795 proto0 = ip60->protocol;
797 if (proto0 != IP_PROTOCOL_UDP)
798 goto exit; /* not UDP packet */
801 udp0 = ip4_next_header (ip40);
803 udp0 = ip6_next_header (ip60);
805 if (udp0->dst_port != clib_host_to_net_u16 (UDP_DST_PORT_vxlan))
806 goto exit; /* not VXLAN packet */
808 /* Validate DIP against VTEPs*/
811 if (addr4.as_u32 != ip40->dst_address.as_u32)
813 if (!hash_get (vxm->vtep4, ip40->dst_address.as_u32))
814 goto exit; /* no local VTEP for VXLAN packet */
815 addr4 = ip40->dst_address;
820 if (!ip6_address_is_equal (&addr6, &ip60->dst_address))
822 if (!hash_get_mem (vxm->vtep6, &ip60->dst_address))
823 goto exit; /* no local VTEP for VXLAN packet */
824 addr6 = ip60->dst_address;
829 good_udp0 = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
831 /* Don't verify UDP checksum for packets with explicit zero checksum. */
832 good_udp0 |= udp0->checksum == 0;
834 /* Verify UDP length */
836 ip_len0 = clib_net_to_host_u16 (ip40->length);
838 ip_len0 = clib_net_to_host_u16 (ip60->payload_length);
839 udp_len0 = clib_net_to_host_u16 (udp0->length);
840 len_diff0 = ip_len0 - udp_len0;
842 /* Verify UDP checksum */
843 if (PREDICT_FALSE (!good_udp0))
845 if ((flags0 & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED) == 0)
848 flags0 = ip4_tcp_udp_validate_checksum (vm, b0);
850 flags0 = ip6_tcp_udp_icmp_validate_checksum (vm, b0);
852 (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
858 error0 = good_udp0 ? 0 : IP4_ERROR_UDP_CHECKSUM;
859 error0 = (len_diff0 >= 0) ? error0 : IP4_ERROR_UDP_LENGTH;
863 error0 = good_udp0 ? 0 : IP6_ERROR_UDP_CHECKSUM;
864 error0 = (len_diff0 >= 0) ? error0 : IP6_ERROR_UDP_LENGTH;
868 IP_VXLAN_BYPASS_NEXT_DROP : IP_VXLAN_BYPASS_NEXT_VXLAN;
869 b0->error = error0 ? error_node->errors[error0] : 0;
871 /* vxlan-input node expect current at VXLAN header */
873 vlib_buffer_advance (b0, sizeof(ip4_header_t)+sizeof(udp_header_t));
875 vlib_buffer_advance (b0, sizeof(ip6_header_t)+sizeof(udp_header_t));
878 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
879 to_next, n_left_to_next,
883 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
886 return frame->n_vectors;
890 ip4_vxlan_bypass (vlib_main_t * vm,
891 vlib_node_runtime_t * node,
892 vlib_frame_t * frame)
894 return ip_vxlan_bypass_inline (vm, node, frame, /* is_ip4 */ 1);
897 VLIB_REGISTER_NODE (ip4_vxlan_bypass_node) = {
898 .function = ip4_vxlan_bypass,
899 .name = "ip4-vxlan-bypass",
900 .vector_size = sizeof (u32),
902 .n_next_nodes = IP_VXLAN_BYPASS_N_NEXT,
904 [IP_VXLAN_BYPASS_NEXT_DROP] = "error-drop",
905 [IP_VXLAN_BYPASS_NEXT_VXLAN] = "vxlan4-input",
908 .format_buffer = format_ip4_header,
909 .format_trace = format_ip4_forward_next_trace,
912 VLIB_NODE_FUNCTION_MULTIARCH (ip4_vxlan_bypass_node,ip4_vxlan_bypass)
914 /* Dummy init function to get us linked in. */
915 clib_error_t * ip4_vxlan_bypass_init (vlib_main_t * vm)
918 VLIB_INIT_FUNCTION (ip4_vxlan_bypass_init);
921 ip6_vxlan_bypass (vlib_main_t * vm,
922 vlib_node_runtime_t * node,
923 vlib_frame_t * frame)
925 return ip_vxlan_bypass_inline (vm, node, frame, /* is_ip4 */ 0);
928 VLIB_REGISTER_NODE (ip6_vxlan_bypass_node) = {
929 .function = ip6_vxlan_bypass,
930 .name = "ip6-vxlan-bypass",
931 .vector_size = sizeof (u32),
933 .n_next_nodes = IP_VXLAN_BYPASS_N_NEXT,
935 [IP_VXLAN_BYPASS_NEXT_DROP] = "error-drop",
936 [IP_VXLAN_BYPASS_NEXT_VXLAN] = "vxlan6-input",
939 .format_buffer = format_ip6_header,
940 .format_trace = format_ip6_forward_next_trace,
943 VLIB_NODE_FUNCTION_MULTIARCH (ip6_vxlan_bypass_node,ip6_vxlan_bypass)
945 /* Dummy init function to get us linked in. */
946 clib_error_t * ip6_vxlan_bypass_init (vlib_main_t * vm)
949 VLIB_INIT_FUNCTION (ip6_vxlan_bypass_init);
Code Review / vpp.git / blob