blob: a378dc5268ad4fcf428fa47ae48c108209145d1c [file] [log] [blame]
/*
* Copyright (c) 2015 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* ip/ip4_forward.c: IP v4 forwarding
*
* Copyright (c) 2008 Eliot Dresselhaus
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip_frag.h>
#include <vnet/ethernet/ethernet.h> /* for ethernet_header_t */
#include <vnet/ethernet/arp_packet.h> /* for ethernet_arp_header_t */
#include <vnet/srp/srp.h> /* for srp_hw_interface_class */
#include <vnet/api_errno.h> /* for API error numbers */
#include <vnet/fib/fib_table.h> /* for FIB table and entry creation */
#include <vnet/fib/fib_entry.h> /* for FIB table and entry creation */
#include <vnet/fib/fib_urpf_list.h> /* for FIB uRPF check */
#include <vnet/fib/ip4_fib.h>
#include <vnet/mfib/ip4_mfib.h>
#include <vnet/dpo/load_balance.h>
#include <vnet/dpo/load_balance_map.h>
#include <vnet/dpo/receive_dpo.h>
#include <vnet/dpo/classify_dpo.h>
#include <vnet/mfib/mfib_table.h> /* for mFIB table and entry creation */
#include <vnet/adj/adj_dp.h>
#include <vnet/pg/pg.h>
#include <vnet/ip/ip4_forward.h>
#include <vnet/interface_output.h>
#include <vnet/classify/vnet_classify.h>
#include <vnet/ip/reass/ip4_full_reass.h>
/** @brief IPv4 lookup node.
@node ip4-lookup
This is the main IPv4 lookup dispatch node.
@param vm vlib_main_t corresponding to the current thread
@param node vlib_node_runtime_t
@param frame vlib_frame_t whose contents should be dispatched
@par Graph mechanics: buffer metadata, next index usage
@em Uses:
- <code>vnet_buffer(b)->sw_if_index[VLIB_RX]</code>
- Indicates the @c sw_if_index value of the interface that the
packet was received on.
- <code>vnet_buffer(b)->sw_if_index[VLIB_TX]</code>
- When the value is @c ~0 then the node performs a longest prefix
match (LPM) for the packet destination address in the FIB attached
to the receive interface.
- Otherwise perform LPM for the packet destination address in the
indicated FIB. In this case <code>[VLIB_TX]</code> is a FIB index
value (0, 1, ...) and not a VRF id.
@em Sets:
- <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
- The lookup result adjacency index.
<em>Next Index:</em>
- Dispatches the packet to the node index found in
ip_adjacency_t @c adj->lookup_next_index
(where @c adj is the lookup result adjacency).
*/
VLIB_NODE_FN (ip4_lookup_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
return ip4_lookup_inline (vm, node, frame);
}
static u8 *format_ip4_lookup_trace (u8 * s, va_list * args);
VLIB_REGISTER_NODE (ip4_lookup_node) =
{
.name = "ip4-lookup",
.vector_size = sizeof (u32),
.format_trace = format_ip4_lookup_trace,
.n_next_nodes = IP_LOOKUP_N_NEXT,
.next_nodes = IP4_LOOKUP_NEXT_NODES,
};
VLIB_NODE_FN (ip4_load_balance_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
vlib_combined_counter_main_t *cm = &load_balance_main.lbm_via_counters;
u32 n_left, *from;
u32 thread_index = vm->thread_index;
vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
u16 nexts[VLIB_FRAME_SIZE], *next;
from = vlib_frame_vector_args (frame);
n_left = frame->n_vectors;
next = nexts;
vlib_get_buffers (vm, from, bufs, n_left);
while (n_left >= 4)
{
const load_balance_t *lb0, *lb1;
const ip4_header_t *ip0, *ip1;
u32 lbi0, hc0, lbi1, hc1;
const dpo_id_t *dpo0, *dpo1;
/* Prefetch next iteration. */
{
vlib_prefetch_buffer_header (b[2], LOAD);
vlib_prefetch_buffer_header (b[3], LOAD);
CLIB_PREFETCH (b[2]->data, sizeof (ip0[0]), LOAD);
CLIB_PREFETCH (b[3]->data, sizeof (ip0[0]), LOAD);
}
ip0 = vlib_buffer_get_current (b[0]);
ip1 = vlib_buffer_get_current (b[1]);
lbi0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
lbi1 = vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
lb0 = load_balance_get (lbi0);
lb1 = load_balance_get (lbi1);
/*
* this node is for via FIBs we can re-use the hash value from the
* to node if present.
* We don't want to use the same hash value at each level in the recursion
* graph as that would lead to polarisation
*/
hc0 = hc1 = 0;
if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
{
if (PREDICT_TRUE (vnet_buffer (b[0])->ip.flow_hash))
{
hc0 = vnet_buffer (b[0])->ip.flow_hash =
vnet_buffer (b[0])->ip.flow_hash >> 1;
}
else
{
hc0 = vnet_buffer (b[0])->ip.flow_hash =
ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
}
dpo0 = load_balance_get_fwd_bucket
(lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
}
else
{
dpo0 = load_balance_get_bucket_i (lb0, 0);
}
if (PREDICT_FALSE (lb1->lb_n_buckets > 1))
{
if (PREDICT_TRUE (vnet_buffer (b[1])->ip.flow_hash))
{
hc1 = vnet_buffer (b[1])->ip.flow_hash =
vnet_buffer (b[1])->ip.flow_hash >> 1;
}
else
{
hc1 = vnet_buffer (b[1])->ip.flow_hash =
ip4_compute_flow_hash (ip1, lb1->lb_hash_config);
}
dpo1 = load_balance_get_fwd_bucket
(lb1, (hc1 & (lb1->lb_n_buckets_minus_1)));
}
else
{
dpo1 = load_balance_get_bucket_i (lb1, 0);
}
next[0] = dpo0->dpoi_next_node;
next[1] = dpo1->dpoi_next_node;
vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = dpo1->dpoi_index;
vlib_increment_combined_counter
(cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, b[0]));
vlib_increment_combined_counter
(cm, thread_index, lbi1, 1, vlib_buffer_length_in_chain (vm, b[1]));
b += 2;
next += 2;
n_left -= 2;
}
while (n_left > 0)
{
const load_balance_t *lb0;
const ip4_header_t *ip0;
const dpo_id_t *dpo0;
u32 lbi0, hc0;
ip0 = vlib_buffer_get_current (b[0]);
lbi0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
lb0 = load_balance_get (lbi0);
hc0 = 0;
if (PREDICT_FALSE (lb0->lb_n_buckets > 1))
{
if (PREDICT_TRUE (vnet_buffer (b[0])->ip.flow_hash))
{
hc0 = vnet_buffer (b[0])->ip.flow_hash =
vnet_buffer (b[0])->ip.flow_hash >> 1;
}
else
{
hc0 = vnet_buffer (b[0])->ip.flow_hash =
ip4_compute_flow_hash (ip0, lb0->lb_hash_config);
}
dpo0 = load_balance_get_fwd_bucket
(lb0, (hc0 & (lb0->lb_n_buckets_minus_1)));
}
else
{
dpo0 = load_balance_get_bucket_i (lb0, 0);
}
next[0] = dpo0->dpoi_next_node;
vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = dpo0->dpoi_index;
vlib_increment_combined_counter
(cm, thread_index, lbi0, 1, vlib_buffer_length_in_chain (vm, b[0]));
b += 1;
next += 1;
n_left -= 1;
}
vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
return frame->n_vectors;
}
VLIB_REGISTER_NODE (ip4_load_balance_node) =
{
.name = "ip4-load-balance",
.vector_size = sizeof (u32),
.sibling_of = "ip4-lookup",
.format_trace = format_ip4_lookup_trace,
};
#ifndef CLIB_MARCH_VARIANT
/* get first interface address */
ip4_address_t *
ip4_interface_first_address (ip4_main_t * im, u32 sw_if_index,
ip_interface_address_t ** result_ia)
{
ip_lookup_main_t *lm = &im->lookup_main;
ip_interface_address_t *ia = 0;
ip4_address_t *result = 0;
foreach_ip_interface_address
(lm, ia, sw_if_index,
1 /* honor unnumbered */ ,
({
ip4_address_t * a =
ip_interface_address_get_address (lm, ia);
result = a;
break;
}));
if (result_ia)
*result_ia = result ? ia : 0;
return result;
}
#endif
static void
ip4_add_subnet_bcast_route (u32 fib_index,
fib_prefix_t *pfx,
u32 sw_if_index)
{
vnet_sw_interface_flags_t iflags;
iflags = vnet_sw_interface_get_flags(vnet_get_main(), sw_if_index);
fib_table_entry_special_remove(fib_index,
pfx,
FIB_SOURCE_INTERFACE);
if (iflags & VNET_SW_INTERFACE_FLAG_DIRECTED_BCAST)
{
fib_table_entry_update_one_path (fib_index, pfx,
FIB_SOURCE_INTERFACE,
FIB_ENTRY_FLAG_NONE,
DPO_PROTO_IP4,
/* No next-hop address */
&ADJ_BCAST_ADDR,
sw_if_index,
// invalid FIB index
~0,
1,
// no out-label stack
NULL,
FIB_ROUTE_PATH_FLAG_NONE);
}
else
{
fib_table_entry_special_add(fib_index,
pfx,
FIB_SOURCE_INTERFACE,
(FIB_ENTRY_FLAG_DROP |
FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
}
}
static void
ip4_add_interface_prefix_routes (ip4_main_t *im,
u32 sw_if_index,
u32 fib_index,
ip_interface_address_t * a)
{
ip_lookup_main_t *lm = &im->lookup_main;
ip_interface_prefix_t *if_prefix;
ip4_address_t *address = ip_interface_address_get_address (lm, a);
ip_interface_prefix_key_t key = {
.prefix = {
.fp_len = a->address_length,
.fp_proto = FIB_PROTOCOL_IP4,
.fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[a->address_length],
},
.sw_if_index = sw_if_index,
};
fib_prefix_t pfx_special = {
.fp_proto = FIB_PROTOCOL_IP4,
};
/* If prefix already set on interface, just increment ref count & return */
if_prefix = ip_get_interface_prefix (lm, &key);
if (if_prefix)
{
if_prefix->ref_count += 1;
return;
}
/* New prefix - allocate a pool entry, initialize it, add to the hash */
pool_get (lm->if_prefix_pool, if_prefix);
if_prefix->ref_count = 1;
if_prefix->src_ia_index = a - lm->if_address_pool;
clib_memcpy (&if_prefix->key, &key, sizeof (key));
mhash_set (&lm->prefix_to_if_prefix_index, &key,
if_prefix - lm->if_prefix_pool, 0 /* old value */);
pfx_special.fp_len = a->address_length;
pfx_special.fp_addr.ip4.as_u32 = address->as_u32;
/* set the glean route for the prefix */
fib_table_entry_update_one_path (fib_index, &pfx_special,
FIB_SOURCE_INTERFACE,
(FIB_ENTRY_FLAG_CONNECTED |
FIB_ENTRY_FLAG_ATTACHED),
DPO_PROTO_IP4,
/* No next-hop address */
NULL,
sw_if_index,
/* invalid FIB index */
~0,
1,
/* no out-label stack */
NULL,
FIB_ROUTE_PATH_FLAG_NONE);
/* length <= 30 - add glean, drop first address, maybe drop bcast address */
if (a->address_length <= 30)
{
/* set a drop route for the base address of the prefix */
pfx_special.fp_len = 32;
pfx_special.fp_addr.ip4.as_u32 =
address->as_u32 & im->fib_masks[a->address_length];
if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
fib_table_entry_special_add (fib_index, &pfx_special,
FIB_SOURCE_INTERFACE,
(FIB_ENTRY_FLAG_DROP |
FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT));
/* set a route for the broadcast address of the prefix */
pfx_special.fp_len = 32;
pfx_special.fp_addr.ip4.as_u32 =
address->as_u32 | ~im->fib_masks[a->address_length];
if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
ip4_add_subnet_bcast_route (fib_index, &pfx_special, sw_if_index);
}
/* length == 31 - add an attached route for the other address */
else if (a->address_length == 31)
{
pfx_special.fp_len = 32;
pfx_special.fp_addr.ip4.as_u32 =
address->as_u32 ^ clib_host_to_net_u32(1);
fib_table_entry_update_one_path (fib_index, &pfx_special,
FIB_SOURCE_INTERFACE,
(FIB_ENTRY_FLAG_ATTACHED),
DPO_PROTO_IP4,
&pfx_special.fp_addr,
sw_if_index,
/* invalid FIB index */
~0,
1,
NULL,
FIB_ROUTE_PATH_FLAG_NONE);
}
}
static void
ip4_add_interface_routes (u32 sw_if_index,
ip4_main_t * im, u32 fib_index,
ip_interface_address_t * a)
{
ip_lookup_main_t *lm = &im->lookup_main;
ip4_address_t *address = ip_interface_address_get_address (lm, a);
fib_prefix_t pfx = {
.fp_len = 32,
.fp_proto = FIB_PROTOCOL_IP4,
.fp_addr.ip4 = *address,
};
/* set special routes for the prefix if needed */
ip4_add_interface_prefix_routes (im, sw_if_index, fib_index, a);
if (sw_if_index < vec_len (lm->classify_table_index_by_sw_if_index))
{
u32 classify_table_index =
lm->classify_table_index_by_sw_if_index[sw_if_index];
if (classify_table_index != (u32) ~ 0)
{
dpo_id_t dpo = DPO_INVALID;
dpo_set (&dpo,
DPO_CLASSIFY,
DPO_PROTO_IP4,
classify_dpo_create (DPO_PROTO_IP4, classify_table_index));
fib_table_entry_special_dpo_add (fib_index,
&pfx,
FIB_SOURCE_CLASSIFY,
FIB_ENTRY_FLAG_NONE, &dpo);
dpo_reset (&dpo);
}
}
fib_table_entry_update_one_path (fib_index, &pfx,
FIB_SOURCE_INTERFACE,
(FIB_ENTRY_FLAG_CONNECTED |
FIB_ENTRY_FLAG_LOCAL),
DPO_PROTO_IP4,
&pfx.fp_addr,
sw_if_index,
// invalid FIB index
~0,
1, NULL,
FIB_ROUTE_PATH_FLAG_NONE);
}
static void
ip4_del_interface_prefix_routes (ip4_main_t * im,
u32 sw_if_index,
u32 fib_index,
ip4_address_t * address,
u32 address_length)
{
ip_lookup_main_t *lm = &im->lookup_main;
ip_interface_prefix_t *if_prefix;
ip_interface_prefix_key_t key = {
.prefix = {
.fp_len = address_length,
.fp_proto = FIB_PROTOCOL_IP4,
.fp_addr.ip4.as_u32 = address->as_u32 & im->fib_masks[address_length],
},
.sw_if_index = sw_if_index,
};
fib_prefix_t pfx_special = {
.fp_len = 32,
.fp_proto = FIB_PROTOCOL_IP4,
};
if_prefix = ip_get_interface_prefix (lm, &key);
if (!if_prefix)
{
clib_warning ("Prefix not found while deleting %U",
format_ip4_address_and_length, address, address_length);
return;
}
if_prefix->ref_count -= 1;
/*
* Routes need to be adjusted if deleting last intf addr in prefix
*
* We're done now otherwise
*/
if (if_prefix->ref_count > 0)
return;
/* length <= 30, delete glean route, first address, last address */
if (address_length <= 30)
{
/* Less work to do in FIB if we remove the covered /32s first */
/* first address in prefix */
pfx_special.fp_addr.ip4.as_u32 =
address->as_u32 & im->fib_masks[address_length];
pfx_special.fp_len = 32;
if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
fib_table_entry_special_remove (fib_index,
&pfx_special,
FIB_SOURCE_INTERFACE);
/* prefix broadcast address */
pfx_special.fp_addr.ip4.as_u32 =
address->as_u32 | ~im->fib_masks[address_length];
pfx_special.fp_len = 32;
if (pfx_special.fp_addr.ip4.as_u32 != address->as_u32)
fib_table_entry_special_remove (fib_index,
&pfx_special,
FIB_SOURCE_INTERFACE);
}
else if (address_length == 31)
{
/* length == 31, delete attached route for the other address */
pfx_special.fp_addr.ip4.as_u32 =
address->as_u32 ^ clib_host_to_net_u32(1);
fib_table_entry_delete (fib_index, &pfx_special, FIB_SOURCE_INTERFACE);
}
/* remove glean route for prefix */
pfx_special.fp_addr.ip4 = *address;
pfx_special.fp_len = address_length;
fib_table_entry_delete (fib_index, &pfx_special, FIB_SOURCE_INTERFACE);
mhash_unset (&lm->prefix_to_if_prefix_index, &key, 0 /* old_value */);
pool_put (lm->if_prefix_pool, if_prefix);
}
static void
ip4_del_interface_routes (u32 sw_if_index,
ip4_main_t * im,
u32 fib_index,
ip4_address_t * address, u32 address_length)
{
fib_prefix_t pfx = {
.fp_len = 32,
.fp_proto = FIB_PROTOCOL_IP4,
.fp_addr.ip4 = *address,
};
fib_table_entry_delete (fib_index, &pfx, FIB_SOURCE_INTERFACE);
ip4_del_interface_prefix_routes (im, sw_if_index, fib_index,
address, address_length);
}
#ifndef CLIB_MARCH_VARIANT
void
ip4_sw_interface_enable_disable (u32 sw_if_index, u32 is_enable)
{
ip4_main_t *im = &ip4_main;
vnet_main_t *vnm = vnet_get_main ();
vnet_hw_interface_t *hi = vnet_get_sup_hw_interface (vnm, sw_if_index);
vec_validate_init_empty (im->ip_enabled_by_sw_if_index, sw_if_index, 0);
/*
* enable/disable only on the 1<->0 transition
*/
if (is_enable)
{
if (1 != ++im->ip_enabled_by_sw_if_index[sw_if_index])
return;
}
else
{
ASSERT (im->ip_enabled_by_sw_if_index[sw_if_index] > 0);
if (0 != --im->ip_enabled_by_sw_if_index[sw_if_index])
return;
}
vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
!is_enable, 0, 0);
vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
sw_if_index, !is_enable, 0, 0);
if (is_enable)
hi->l3_if_count++;
else if (hi->l3_if_count)
hi->l3_if_count--;
{
ip4_enable_disable_interface_callback_t *cb;
vec_foreach (cb, im->enable_disable_interface_callbacks)
cb->function (im, cb->function_opaque, sw_if_index, is_enable);
}
}
static clib_error_t *
ip4_add_del_interface_address_internal (vlib_main_t * vm,
u32 sw_if_index,
ip4_address_t * address,
u32 address_length, u32 is_del)
{
vnet_main_t *vnm = vnet_get_main ();
ip4_main_t *im = &ip4_main;
ip_lookup_main_t *lm = &im->lookup_main;
clib_error_t *error = 0;
u32 if_address_index;
ip4_address_fib_t ip4_af, *addr_fib = 0;
error = vnet_sw_interface_supports_addressing (vnm, sw_if_index);
if (error)
{
vnm->api_errno = VNET_API_ERROR_UNSUPPORTED;
return error;
}
ip4_addr_fib_init (&ip4_af, address,
vec_elt (im->fib_index_by_sw_if_index, sw_if_index));
vec_add1 (addr_fib, ip4_af);
/*
* there is no support for adj-fib handling in the presence of overlapping
* subnets on interfaces. Easy fix - disallow overlapping subnets, like
* most routers do.
*/
if (!is_del)
{
/* When adding an address check that it does not conflict
with an existing address on any interface in this table. */
ip_interface_address_t *ia;
vnet_sw_interface_t *sif;
pool_foreach (sif, vnm->interface_main.sw_interfaces)
{
if (im->fib_index_by_sw_if_index[sw_if_index] ==
im->fib_index_by_sw_if_index[sif->sw_if_index])
{
foreach_ip_interface_address
(&im->lookup_main, ia, sif->sw_if_index,
0 /* honor unnumbered */ ,
({
ip4_address_t * x =
ip_interface_address_get_address
(&im->lookup_main, ia);
if (ip4_destination_matches_route
(im, address, x, ia->address_length) ||
ip4_destination_matches_route (im,
x,
address,
address_length))
{
/* an intf may have >1 addr from the same prefix */
if ((sw_if_index == sif->sw_if_index) &&
(ia->address_length == address_length) &&
(x->as_u32 != address->as_u32))
continue;
if (ia->flags & IP_INTERFACE_ADDRESS_FLAG_STALE)
/* if the address we're comparing against is stale
* then the CP has not added this one back yet, maybe
* it never will, so we have to assume it won't and
* ignore it. if it does add it back, then it will fail
* because this one is now present */
continue;
/* error if the length or intf was different */
vnm->api_errno = VNET_API_ERROR_ADDRESS_IN_USE;
error = clib_error_create
("failed to add %U on %U which conflicts with %U for interface %U",
format_ip4_address_and_length, address,
address_length,
format_vnet_sw_if_index_name, vnm,
sw_if_index,
format_ip4_address_and_length, x,
ia->address_length,
format_vnet_sw_if_index_name, vnm,
sif->sw_if_index);
goto done;
}
}));
}
}
}
if_address_index = ip_interface_address_find (lm, addr_fib, address_length);
if (is_del)
{
if (~0 == if_address_index)
{
vnm->api_errno = VNET_API_ERROR_ADDRESS_NOT_FOUND_FOR_INTERFACE;
error = clib_error_create ("%U not found for interface %U",
lm->format_address_and_length,
addr_fib, address_length,
format_vnet_sw_if_index_name, vnm,
sw_if_index);
goto done;
}
error = ip_interface_address_del (lm, vnm, if_address_index, addr_fib,
address_length, sw_if_index);
if (error)
goto done;
}
else
{
if (~0 != if_address_index)
{
ip_interface_address_t *ia;
ia = pool_elt_at_index (lm->if_address_pool, if_address_index);
if (ia->flags & IP_INTERFACE_ADDRESS_FLAG_STALE)
{
if (ia->sw_if_index == sw_if_index)
{
/* re-adding an address during the replace action.
* consdier this the update. clear the flag and
* we're done */
ia->flags &= ~IP_INTERFACE_ADDRESS_FLAG_STALE;
goto done;
}
else
{
/* The prefix is moving from one interface to another.
* delete the stale and add the new */
ip4_add_del_interface_address_internal (vm,
ia->sw_if_index,
address,
address_length, 1);
ia = NULL;
error = ip_interface_address_add (lm, sw_if_index,
addr_fib, address_length,
&if_address_index);
}
}
else
{
vnm->api_errno = VNET_API_ERROR_DUPLICATE_IF_ADDRESS;
error = clib_error_create
("Prefix %U already found on interface %U",
lm->format_address_and_length, addr_fib, address_length,
format_vnet_sw_if_index_name, vnm, ia->sw_if_index);
}
}
else
error = ip_interface_address_add (lm, sw_if_index,
addr_fib, address_length,
&if_address_index);
}
if (error)
goto done;
ip4_sw_interface_enable_disable (sw_if_index, !is_del);
ip4_mfib_interface_enable_disable (sw_if_index, !is_del);
/* intf addr routes are added/deleted on admin up/down */
if (vnet_sw_interface_is_admin_up (vnm, sw_if_index))
{
if (is_del)
ip4_del_interface_routes (sw_if_index,
im, ip4_af.fib_index, address,
address_length);
else
ip4_add_interface_routes (sw_if_index,
im, ip4_af.fib_index,
pool_elt_at_index
(lm->if_address_pool, if_address_index));
}
ip4_add_del_interface_address_callback_t *cb;
vec_foreach (cb, im->add_del_interface_address_callbacks)
cb->function (im, cb->function_opaque, sw_if_index,
address, address_length, if_address_index, is_del);
done:
vec_free (addr_fib);
return error;
}
clib_error_t *
ip4_add_del_interface_address (vlib_main_t * vm,
u32 sw_if_index,
ip4_address_t * address,
u32 address_length, u32 is_del)
{
return ip4_add_del_interface_address_internal
(vm, sw_if_index, address, address_length, is_del);
}
void
ip4_directed_broadcast (u32 sw_if_index, u8 enable)
{
ip_interface_address_t *ia;
ip4_main_t *im;
im = &ip4_main;
/*
* when directed broadcast is enabled, the subnet braodcast route will forward
* packets using an adjacency with a broadcast MAC. otherwise it drops
*/
foreach_ip_interface_address(&im->lookup_main, ia,
sw_if_index, 0,
({
if (ia->address_length <= 30)
{
ip4_address_t *ipa;
ipa = ip_interface_address_get_address (&im->lookup_main, ia);
fib_prefix_t pfx = {
.fp_len = 32,
.fp_proto = FIB_PROTOCOL_IP4,
.fp_addr = {
.ip4.as_u32 = (ipa->as_u32 | ~im->fib_masks[ia->address_length]),
},
};
ip4_add_subnet_bcast_route
(fib_table_get_index_for_sw_if_index(FIB_PROTOCOL_IP4,
sw_if_index),
&pfx, sw_if_index);
}
}));
}
#endif
static clib_error_t *
ip4_sw_interface_admin_up_down (vnet_main_t * vnm, u32 sw_if_index, u32 flags)
{
ip4_main_t *im = &ip4_main;
ip_interface_address_t *ia;
ip4_address_t *a;
u32 is_admin_up, fib_index;
vec_validate_init_empty (im->
lookup_main.if_address_pool_index_by_sw_if_index,
sw_if_index, ~0);
is_admin_up = (flags & VNET_SW_INTERFACE_FLAG_ADMIN_UP) != 0;
fib_index = vec_elt (im->fib_index_by_sw_if_index, sw_if_index);
foreach_ip_interface_address (&im->lookup_main, ia, sw_if_index,
0 /* honor unnumbered */,
({
a = ip_interface_address_get_address (&im->lookup_main, ia);
if (is_admin_up)
ip4_add_interface_routes (sw_if_index,
im, fib_index,
ia);
else
ip4_del_interface_routes (sw_if_index,
im, fib_index,
a, ia->address_length);
}));
return 0;
}
VNET_SW_INTERFACE_ADMIN_UP_DOWN_FUNCTION (ip4_sw_interface_admin_up_down);
/* Built-in ip4 unicast rx feature path definition */
VNET_FEATURE_ARC_INIT (ip4_unicast, static) =
{
.arc_name = "ip4-unicast",
.start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
.last_in_arc = "ip4-lookup",
.arc_index_ptr = &ip4_main.lookup_main.ucast_feature_arc_index,
};
VNET_FEATURE_INIT (ip4_flow_classify, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-flow-classify",
.runs_before = VNET_FEATURES ("ip4-inacl"),
};
VNET_FEATURE_INIT (ip4_inacl, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-inacl",
.runs_before = VNET_FEATURES ("ip4-policer-classify"),
};
VNET_FEATURE_INIT (ip4_source_and_port_range_check_rx, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-source-and-port-range-check-rx",
.runs_before = VNET_FEATURES ("ip4-policer-classify"),
};
VNET_FEATURE_INIT (ip4_policer_classify, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-policer-classify",
.runs_before = VNET_FEATURES ("ipsec4-input-feature"),
};
VNET_FEATURE_INIT (ip4_ipsec, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ipsec4-input-feature",
.runs_before = VNET_FEATURES ("vpath-input-ip4"),
};
VNET_FEATURE_INIT (ip4_vpath, static) =
{
.arc_name = "ip4-unicast",
.node_name = "vpath-input-ip4",
.runs_before = VNET_FEATURES ("ip4-vxlan-bypass"),
};
VNET_FEATURE_INIT (ip4_vxlan_bypass, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-vxlan-bypass",
.runs_before = VNET_FEATURES ("ip4-lookup"),
};
VNET_FEATURE_INIT (ip4_not_enabled, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-not-enabled",
.runs_before = VNET_FEATURES ("ip4-lookup"),
};
VNET_FEATURE_INIT (ip4_lookup, static) =
{
.arc_name = "ip4-unicast",
.node_name = "ip4-lookup",
.runs_before = 0, /* not before any other features */
};
/* Built-in ip4 multicast rx feature path definition */
VNET_FEATURE_ARC_INIT (ip4_multicast, static) =
{
.arc_name = "ip4-multicast",
.start_nodes = VNET_FEATURES ("ip4-input", "ip4-input-no-checksum"),
.last_in_arc = "ip4-mfib-forward-lookup",
.arc_index_ptr = &ip4_main.lookup_main.mcast_feature_arc_index,
};
VNET_FEATURE_INIT (ip4_vpath_mc, static) =
{
.arc_name = "ip4-multicast",
.node_name = "vpath-input-ip4",
.runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
};
VNET_FEATURE_INIT (ip4_mc_not_enabled, static) =
{
.arc_name = "ip4-multicast",
.node_name = "ip4-not-enabled",
.runs_before = VNET_FEATURES ("ip4-mfib-forward-lookup"),
};
VNET_FEATURE_INIT (ip4_lookup_mc, static) =
{
.arc_name = "ip4-multicast",
.node_name = "ip4-mfib-forward-lookup",
.runs_before = 0, /* last feature */
};
/* Source and port-range check ip4 tx feature path definition */
VNET_FEATURE_ARC_INIT (ip4_output, static) =
{
.arc_name = "ip4-output",
.start_nodes = VNET_FEATURES ("ip4-rewrite", "ip4-midchain", "ip4-dvr-dpo"),
.last_in_arc = "interface-output",
.arc_index_ptr = &ip4_main.lookup_main.output_feature_arc_index,
};
VNET_FEATURE_INIT (ip4_source_and_port_range_check_tx, static) =
{
.arc_name = "ip4-output",
.node_name = "ip4-source-and-port-range-check-tx",
.runs_before = VNET_FEATURES ("ip4-outacl"),
};
VNET_FEATURE_INIT (ip4_outacl, static) =
{
.arc_name = "ip4-output",
.node_name = "ip4-outacl",
.runs_before = VNET_FEATURES ("ipsec4-output-feature"),
};
VNET_FEATURE_INIT (ip4_ipsec_output, static) =
{
.arc_name = "ip4-output",
.node_name = "ipsec4-output-feature",
.runs_before = VNET_FEATURES ("interface-output"),
};
/* Built-in ip4 tx feature path definition */
VNET_FEATURE_INIT (ip4_interface_output, static) =
{
.arc_name = "ip4-output",
.node_name = "interface-output",
.runs_before = 0, /* not before any other features */
};
static clib_error_t *
ip4_sw_interface_add_del (vnet_main_t * vnm, u32 sw_if_index, u32 is_add)
{
ip4_main_t *im = &ip4_main;
vec_validate_init_empty (im->fib_index_by_sw_if_index, sw_if_index, ~0);
vec_validate_init_empty (im->mfib_index_by_sw_if_index, sw_if_index, ~0);
if (is_add)
{
/* Fill in lookup tables with default table (0). */
im->fib_index_by_sw_if_index[sw_if_index] = 0;
im->mfib_index_by_sw_if_index[sw_if_index] = 0;
}
else
{
ip4_main_t *im4 = &ip4_main;
ip_lookup_main_t *lm4 = &im4->lookup_main;
ip_interface_address_t *ia = 0;
ip4_address_t *address;
vlib_main_t *vm = vlib_get_main ();
vnet_sw_interface_update_unnumbered (sw_if_index, ~0, 0);
foreach_ip_interface_address (lm4, ia, sw_if_index, 0,
({
address = ip_interface_address_get_address (lm4, ia);
ip4_add_del_interface_address(vm, sw_if_index, address, ia->address_length, 1);
}));
ip4_mfib_interface_enable_disable (sw_if_index, 0);
if (0 != im4->fib_index_by_sw_if_index[sw_if_index])
fib_table_bind (FIB_PROTOCOL_IP4, sw_if_index, 0);
if (0 != im4->mfib_index_by_sw_if_index[sw_if_index])
mfib_table_bind (FIB_PROTOCOL_IP4, sw_if_index, 0);
/* Erase the lookup tables just in case */
im4->fib_index_by_sw_if_index[sw_if_index] = ~0;
im4->mfib_index_by_sw_if_index[sw_if_index] = ~0;
}
vnet_feature_enable_disable ("ip4-unicast", "ip4-not-enabled", sw_if_index,
is_add, 0, 0);
vnet_feature_enable_disable ("ip4-multicast", "ip4-not-enabled",
sw_if_index, is_add, 0, 0);
return /* no error */ 0;
}
VNET_SW_INTERFACE_ADD_DEL_FUNCTION (ip4_sw_interface_add_del);
/* Global IP4 main. */
#ifndef CLIB_MARCH_VARIANT
ip4_main_t ip4_main;
#endif /* CLIB_MARCH_VARIANT */
static clib_error_t *
ip4_lookup_init (vlib_main_t * vm)
{
ip4_main_t *im = &ip4_main;
clib_error_t *error;
uword i;
if ((error = vlib_call_init_function (vm, vnet_feature_init)))
return error;
if ((error = vlib_call_init_function (vm, ip4_mtrie_module_init)))
return (error);
if ((error = vlib_call_init_function (vm, fib_module_init)))
return error;
if ((error = vlib_call_init_function (vm, mfib_module_init)))
return error;
for (i = 0; i < ARRAY_LEN (im->fib_masks); i++)
{
u32 m;
if (i < 32)
m = pow2_mask (i) << (32 - i);
else
m = ~0;
im->fib_masks[i] = clib_host_to_net_u32 (m);
}
ip_lookup_init (&im->lookup_main, /* is_ip6 */ 0);
/* Create FIB with index 0 and table id of 0. */
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
FIB_SOURCE_DEFAULT_ROUTE);
mfib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, 0,
MFIB_SOURCE_DEFAULT_ROUTE);
{
pg_node_t *pn;
pn = pg_get_node (ip4_lookup_node.index);
pn->unformat_edit = unformat_pg_ip4_header;
}
{
ethernet_arp_header_t h;
clib_memset (&h, 0, sizeof (h));
#define _16(f,v) h.f = clib_host_to_net_u16 (v);
#define _8(f,v) h.f = v;
_16 (l2_type, ETHERNET_ARP_HARDWARE_TYPE_ethernet);
_16 (l3_type, ETHERNET_TYPE_IP4);
_8 (n_l2_address_bytes, 6);
_8 (n_l3_address_bytes, 4);
_16 (opcode, ETHERNET_ARP_OPCODE_request);
#undef _16
#undef _8
vlib_packet_template_init (vm, &im->ip4_arp_request_packet_template,
/* data */ &h,
sizeof (h),
/* alloc chunk size */ 8,
"ip4 arp");
}
return error;
}
VLIB_INIT_FUNCTION (ip4_lookup_init);
typedef struct
{
/* Adjacency taken. */
u32 dpo_index;
u32 flow_hash;
u32 fib_index;
/* Packet data, possibly *after* rewrite. */
u8 packet_data[64 - 1 * sizeof (u32)];
}
ip4_forward_next_trace_t;
#ifndef CLIB_MARCH_VARIANT
u8 *
format_ip4_forward_next_trace (u8 * s, va_list * args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
u32 indent = format_get_indent (s);
s = format (s, "%Ufib:%d adj:%d flow:0x%08x", format_white_space, indent,
t->fib_index, t->dpo_index, t->flow_hash);
s = format (s, "\n%U%U", format_white_space, indent, format_ip4_header,
t->packet_data, sizeof (t->packet_data));
return s;
}
#endif
static u8 *
format_ip4_lookup_trace (u8 * s, va_list * args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
u32 indent = format_get_indent (s);
s = format (s, "fib %d dpo-idx %d flow hash: 0x%08x",
t->fib_index, t->dpo_index, t->flow_hash);
s = format (s, "\n%U%U",
format_white_space, indent,
format_ip4_header, t->packet_data, sizeof (t->packet_data));
return s;
}
static u8 *
format_ip4_rewrite_trace (u8 * s, va_list * args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
ip4_forward_next_trace_t *t = va_arg (*args, ip4_forward_next_trace_t *);
u32 indent = format_get_indent (s);
s = format (s, "tx_sw_if_index %d dpo-idx %d : %U flow hash: 0x%08x",
t->fib_index, t->dpo_index, format_ip_adjacency,
t->dpo_index, FORMAT_IP_ADJACENCY_NONE, t->flow_hash);
s = format (s, "\n%U%U",
format_white_space, indent,
format_ip_adjacency_packet_data,
t->packet_data, sizeof (t->packet_data));
return s;
}
#ifndef CLIB_MARCH_VARIANT
/* Common trace function for all ip4-forward next nodes. */
void
ip4_forward_next_trace (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame, vlib_rx_or_tx_t which_adj_index)
{
u32 *from, n_left;
ip4_main_t *im = &ip4_main;
n_left = frame->n_vectors;
from = vlib_frame_vector_args (frame);
while (n_left >= 4)
{
u32 bi0, bi1;
vlib_buffer_t *b0, *b1;
ip4_forward_next_trace_t *t0, *t1;
/* Prefetch next iteration. */
vlib_prefetch_buffer_with_index (vm, from[2], LOAD);
vlib_prefetch_buffer_with_index (vm, from[3], LOAD);
bi0 = from[0];
bi1 = from[1];
b0 = vlib_get_buffer (vm, bi0);
b1 = vlib_get_buffer (vm, bi1);
if (b0->flags & VLIB_BUFFER_IS_TRACED)
{
t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
t0->fib_index =
(vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
(u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
vec_elt (im->fib_index_by_sw_if_index,
vnet_buffer (b0)->sw_if_index[VLIB_RX]);
clib_memcpy_fast (t0->packet_data,
vlib_buffer_get_current (b0),
sizeof (t0->packet_data));
}
if (b1->flags & VLIB_BUFFER_IS_TRACED)
{
t1 = vlib_add_trace (vm, node, b1, sizeof (t1[0]));
t1->dpo_index = vnet_buffer (b1)->ip.adj_index[which_adj_index];
t1->flow_hash = vnet_buffer (b1)->ip.flow_hash;
t1->fib_index =
(vnet_buffer (b1)->sw_if_index[VLIB_TX] !=
(u32) ~ 0) ? vnet_buffer (b1)->sw_if_index[VLIB_TX] :
vec_elt (im->fib_index_by_sw_if_index,
vnet_buffer (b1)->sw_if_index[VLIB_RX]);
clib_memcpy_fast (t1->packet_data, vlib_buffer_get_current (b1),
sizeof (t1->packet_data));
}
from += 2;
n_left -= 2;
}
while (n_left >= 1)
{
u32 bi0;
vlib_buffer_t *b0;
ip4_forward_next_trace_t *t0;
bi0 = from[0];
b0 = vlib_get_buffer (vm, bi0);
if (b0->flags & VLIB_BUFFER_IS_TRACED)
{
t0 = vlib_add_trace (vm, node, b0, sizeof (t0[0]));
t0->dpo_index = vnet_buffer (b0)->ip.adj_index[which_adj_index];
t0->flow_hash = vnet_buffer (b0)->ip.flow_hash;
t0->fib_index =
(vnet_buffer (b0)->sw_if_index[VLIB_TX] !=
(u32) ~ 0) ? vnet_buffer (b0)->sw_if_index[VLIB_TX] :
vec_elt (im->fib_index_by_sw_if_index,
vnet_buffer (b0)->sw_if_index[VLIB_RX]);
clib_memcpy_fast (t0->packet_data, vlib_buffer_get_current (b0),
sizeof (t0->packet_data));
}
from += 1;
n_left -= 1;
}
}
/* Compute TCP/UDP/ICMP4 checksum in software. */
u16
ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
ip4_header_t * ip0)
{
ip_csum_t sum0;
u32 ip_header_length, payload_length_host_byte_order;
/* Initialize checksum with ip header. */
ip_header_length = ip4_header_bytes (ip0);
payload_length_host_byte_order =
clib_net_to_host_u16 (ip0->length) - ip_header_length;
sum0 =
clib_host_to_net_u32 (payload_length_host_byte_order +
(ip0->protocol << 16));
if (BITS (uword) == 32)
{
sum0 =
ip_csum_with_carry (sum0,
clib_mem_unaligned (&ip0->src_address, u32));
sum0 =
ip_csum_with_carry (sum0,
clib_mem_unaligned (&ip0->dst_address, u32));
}
else
sum0 =
ip_csum_with_carry (sum0, clib_mem_unaligned (&ip0->src_address, u64));
return ip_calculate_l4_checksum (vm, p0, sum0,
payload_length_host_byte_order, (u8 *) ip0,
ip_header_length, NULL);
}
u32
ip4_tcp_udp_validate_checksum (vlib_main_t * vm, vlib_buffer_t * p0)
{
ip4_header_t *ip0 = vlib_buffer_get_current (p0);
udp_header_t *udp0;
u16 sum16;
ASSERT (ip0->protocol == IP_PROTOCOL_TCP
|| ip0->protocol == IP_PROTOCOL_UDP);
udp0 = (void *) (ip0 + 1);
if (ip0->protocol == IP_PROTOCOL_UDP && udp0->checksum == 0)
{
p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
| VNET_BUFFER_F_L4_CHECKSUM_CORRECT);
return p0->flags;
}
sum16 = ip4_tcp_udp_compute_checksum (vm, p0, ip0);
p0->flags |= (VNET_BUFFER_F_L4_CHECKSUM_COMPUTED
| ((sum16 == 0) << VNET_BUFFER_F_LOG2_L4_CHECKSUM_CORRECT));
return p0->flags;
}
#endif
VNET_FEATURE_ARC_INIT (ip4_local) = {
.arc_name = "ip4-local",
.start_nodes = VNET_FEATURES ("ip4-local", "ip4-receive"),
.last_in_arc = "ip4-local-end-of-arc",
};
static inline void
ip4_local_l4_csum_validate (vlib_main_t * vm, vlib_buffer_t * p,
ip4_header_t * ip, u8 is_udp, u8 * error,
u8 * good_tcp_udp)
{
u32 flags0;
flags0 = ip4_tcp_udp_validate_checksum (vm, p);
*good_tcp_udp = (flags0 & VNET_BUFFER_F_L4_CHECKSUM_CORRECT) != 0;
if (is_udp)
{
udp_header_t *udp;
u32 ip_len, udp_len;
i32 len_diff;
udp = ip4_next_header (ip);
/* Verify UDP length. */
ip_len = clib_net_to_host_u16 (ip->length);
udp_len = clib_net_to_host_u16 (udp->length);
len_diff = ip_len - udp_len;
*good_tcp_udp &= len_diff >= 0;
*error = len_diff < 0 ? IP4_ERROR_UDP_LENGTH : *error;
}
}
#define ip4_local_csum_is_offloaded(_b) \
((_b->flags & VNET_BUFFER_F_OFFLOAD) && \
(vnet_buffer (_b)->oflags & \
(VNET_BUFFER_OFFLOAD_F_TCP_CKSUM | VNET_BUFFER_OFFLOAD_F_UDP_CKSUM)))
#define ip4_local_need_csum_check(is_tcp_udp, _b) \
(is_tcp_udp && !(_b->flags & VNET_BUFFER_F_L4_CHECKSUM_COMPUTED \
|| ip4_local_csum_is_offloaded (_b)))
#define ip4_local_csum_is_valid(_b) \
(_b->flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT \
|| (ip4_local_csum_is_offloaded (_b))) != 0
static inline void
ip4_local_check_l4_csum (vlib_main_t * vm, vlib_buffer_t * b,
ip4_header_t * ih, u8 * error)
{
u8 is_udp, is_tcp_udp, good_tcp_udp;
is_udp = ih->protocol == IP_PROTOCOL_UDP;
is_tcp_udp = is_udp || ih->protocol == IP_PROTOCOL_TCP;
if (PREDICT_FALSE (ip4_local_need_csum_check (is_tcp_udp, b)))
ip4_local_l4_csum_validate (vm, b, ih, is_udp, error, &good_tcp_udp);
else
good_tcp_udp = ip4_local_csum_is_valid (b);
ASSERT (IP4_ERROR_TCP_CHECKSUM + 1 == IP4_ERROR_UDP_CHECKSUM);
*error = (is_tcp_udp && !good_tcp_udp
? IP4_ERROR_TCP_CHECKSUM + is_udp : *error);
}
static inline void
ip4_local_check_l4_csum_x2 (vlib_main_t * vm, vlib_buffer_t ** b,
ip4_header_t ** ih, u8 * error)
{
u8 is_udp[2], is_tcp_udp[2], good_tcp_udp[2];
is_udp[0] = ih[0]->protocol == IP_PROTOCOL_UDP;
is_udp[1] = ih[1]->protocol == IP_PROTOCOL_UDP;
is_tcp_udp[0] = is_udp[0] || ih[0]->protocol == IP_PROTOCOL_TCP;
is_tcp_udp[1] = is_udp[1] || ih[1]->protocol == IP_PROTOCOL_TCP;
good_tcp_udp[0] = ip4_local_csum_is_valid (b[0]);
good_tcp_udp[1] = ip4_local_csum_is_valid (b[1]);
if (PREDICT_FALSE (ip4_local_need_csum_check (is_tcp_udp[0], b[0])
|| ip4_local_need_csum_check (is_tcp_udp[1], b[1])))
{
if (is_tcp_udp[0] && !ip4_local_csum_is_offloaded (b[0]))
ip4_local_l4_csum_validate (vm, b[0], ih[0], is_udp[0], &error[0],
&good_tcp_udp[0]);
if (is_tcp_udp[1] && !ip4_local_csum_is_offloaded (b[1]))
ip4_local_l4_csum_validate (vm, b[1], ih[1], is_udp[1], &error[1],
&good_tcp_udp[1]);
}
error[0] = (is_tcp_udp[0] && !good_tcp_udp[0] ?
IP4_ERROR_TCP_CHECKSUM + is_udp[0] : error[0]);
error[1] = (is_tcp_udp[1] && !good_tcp_udp[1] ?
IP4_ERROR_TCP_CHECKSUM + is_udp[1] : error[1]);
}
static inline void
ip4_local_set_next_and_error (vlib_node_runtime_t * error_node,
vlib_buffer_t * b, u16 * next, u8 error,
u8 head_of_feature_arc)
{
u8 arc_index = vnet_feat_arc_ip4_local.feature_arc_index;
u32 next_index;
*next = error != IP4_ERROR_UNKNOWN_PROTOCOL ? IP_LOCAL_NEXT_DROP : *next;
b->error = error ? error_node->errors[error] : 0;
if (head_of_feature_arc)
{
next_index = *next;
if (PREDICT_TRUE (error == (u8) IP4_ERROR_UNKNOWN_PROTOCOL))
{
vnet_feature_arc_start (
arc_index, vnet_buffer (b)->ip.rx_sw_if_index, &next_index, b);
*next = next_index;
}
}
}
typedef struct
{
/* The src and fib-index together determine if packet n is the same as n-1 */
ip4_address_t src;
u32 fib_index;
u32 lbi;
u8 error;
u8 first;
} ip4_local_last_check_t;
static inline void
ip4_local_check_src (vlib_buffer_t *b, ip4_header_t *ip0,
ip4_local_last_check_t *last_check, u8 *error0,
int is_receive_dpo)
{
const dpo_id_t *dpo0;
load_balance_t *lb0;
u32 lbi0;
vnet_buffer (b)->ip.fib_index =
vnet_buffer (b)->sw_if_index[VLIB_TX] != ~0 ?
vnet_buffer (b)->sw_if_index[VLIB_TX] : vnet_buffer (b)->ip.fib_index;
vnet_buffer (b)->ip.rx_sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
if (is_receive_dpo)
{
receive_dpo_t *rd;
rd = receive_dpo_get (vnet_buffer (b)->ip.adj_index[VLIB_TX]);
if (rd->rd_sw_if_index != ~0)
vnet_buffer (b)->ip.rx_sw_if_index = rd->rd_sw_if_index;
}
/*
* vnet_buffer()->ip.adj_index[VLIB_RX] will be set to the index of the
* adjacency for the destination address (the local interface address).
* vnet_buffer()->ip.adj_index[VLIB_TX] will be set to the index of the
* adjacency for the source address (the remote sender's address)
*/
if (PREDICT_TRUE ((last_check->src.as_u32 != ip0->src_address.as_u32)) ||
(last_check->fib_index != vnet_buffer (b)->ip.fib_index) ||
last_check->first)
{
lbi0 = ip4_fib_forwarding_lookup (vnet_buffer (b)->ip.fib_index,
&ip0->src_address);
vnet_buffer (b)->ip.adj_index[VLIB_RX] =
vnet_buffer (b)->ip.adj_index[VLIB_TX];
vnet_buffer (b)->ip.adj_index[VLIB_TX] = lbi0;
lb0 = load_balance_get (lbi0);
dpo0 = load_balance_get_bucket_i (lb0, 0);
/*
* Must have a route to source otherwise we drop the packet.
* ip4 broadcasts are accepted, e.g. to make dhcp client work
*
* The checks are:
* - the source is a recieve => it's from us => bogus, do this
* first since it sets a different error code.
* - uRPF check for any route to source - accept if passes.
* - allow packets destined to the broadcast address from unknown sources
*/
*error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
&& dpo0->dpoi_type == DPO_RECEIVE) ?
IP4_ERROR_SPOOFED_LOCAL_PACKETS : *error0);
*error0 = ((*error0 == IP4_ERROR_UNKNOWN_PROTOCOL
&& !fib_urpf_check_size (lb0->lb_urpf)
&& ip0->dst_address.as_u32 != 0xFFFFFFFF) ?
IP4_ERROR_SRC_LOOKUP_MISS : *error0);
last_check->src.as_u32 = ip0->src_address.as_u32;
last_check->lbi = lbi0;
last_check->error = *error0;
last_check->first = 0;
last_check->fib_index = vnet_buffer (b)->ip.fib_index;
}
else
{
vnet_buffer (b)->ip.adj_index[VLIB_RX] =
vnet_buffer (b)->ip.adj_index[VLIB_TX];
vnet_buffer (b)->ip.adj_index[VLIB_TX] = last_check->lbi;
*error0 = last_check->error;
}
}
static inline void
ip4_local_check_src_x2 (vlib_buffer_t **b, ip4_header_t **ip,
ip4_local_last_check_t *last_check, u8 *error,
int is_receive_dpo)
{
const dpo_id_t *dpo[2];
load_balance_t *lb[2];
u32 not_last_hit;
u32 lbi[2];
not_last_hit = last_check->first;
not_last_hit |= ip[0]->src_address.as_u32 ^ last_check->src.as_u32;
not_last_hit |= ip[1]->src_address.as_u32 ^ last_check->src.as_u32;
vnet_buffer (b[0])->ip.fib_index =
vnet_buffer (b[0])->sw_if_index[VLIB_TX] != ~0 ?
vnet_buffer (b[0])->sw_if_index[VLIB_TX] :
vnet_buffer (b[0])->ip.fib_index;
vnet_buffer (b[1])->ip.fib_index =
vnet_buffer (b[1])->sw_if_index[VLIB_TX] != ~0 ?
vnet_buffer (b[1])->sw_if_index[VLIB_TX] :
vnet_buffer (b[1])->ip.fib_index;
not_last_hit |= vnet_buffer (b[0])->ip.fib_index ^ last_check->fib_index;
not_last_hit |= vnet_buffer (b[1])->ip.fib_index ^ last_check->fib_index;
vnet_buffer (b[0])->ip.rx_sw_if_index =
vnet_buffer (b[0])->sw_if_index[VLIB_RX];
vnet_buffer (b[1])->ip.rx_sw_if_index =
vnet_buffer (b[1])->sw_if_index[VLIB_RX];
if (is_receive_dpo)
{
const receive_dpo_t *rd0, *rd1;
rd0 = receive_dpo_get (vnet_buffer (b[0])->ip.adj_index[VLIB_TX]);
rd1 = receive_dpo_get (vnet_buffer (b[1])->ip.adj_index[VLIB_TX]);
if (rd0->rd_sw_if_index != ~0)
vnet_buffer (b[0])->ip.rx_sw_if_index = rd0->rd_sw_if_index;
if (rd1->rd_sw_if_index != ~0)
vnet_buffer (b[1])->ip.rx_sw_if_index = rd1->rd_sw_if_index;
}
/*
* vnet_buffer()->ip.adj_index[VLIB_RX] will be set to the index of the
* adjacency for the destination address (the local interface address).
* vnet_buffer()->ip.adj_index[VLIB_TX] will be set to the index of the
* adjacency for the source address (the remote sender's address)
*/
if (PREDICT_TRUE (not_last_hit))
{
ip4_fib_forwarding_lookup_x2 (
vnet_buffer (b[0])->ip.fib_index, vnet_buffer (b[1])->ip.fib_index,
&ip[0]->src_address, &ip[1]->src_address, &lbi[0], &lbi[1]);
vnet_buffer (b[0])->ip.adj_index[VLIB_RX] =
vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = lbi[0];
vnet_buffer (b[1])->ip.adj_index[VLIB_RX] =
vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = lbi[1];
lb[0] = load_balance_get (lbi[0]);
lb[1] = load_balance_get (lbi[1]);
dpo[0] = load_balance_get_bucket_i (lb[0], 0);
dpo[1] = load_balance_get_bucket_i (lb[1], 0);
error[0] = ((error[0] == IP4_ERROR_UNKNOWN_PROTOCOL &&
dpo[0]->dpoi_type == DPO_RECEIVE) ?
IP4_ERROR_SPOOFED_LOCAL_PACKETS : error[0]);
error[0] = ((error[0] == IP4_ERROR_UNKNOWN_PROTOCOL &&
!fib_urpf_check_size (lb[0]->lb_urpf) &&
ip[0]->dst_address.as_u32 != 0xFFFFFFFF)
? IP4_ERROR_SRC_LOOKUP_MISS : error[0]);
error[1] = ((error[1] == IP4_ERROR_UNKNOWN_PROTOCOL &&
dpo[1]->dpoi_type == DPO_RECEIVE) ?
IP4_ERROR_SPOOFED_LOCAL_PACKETS : error[1]);
error[1] = ((error[1] == IP4_ERROR_UNKNOWN_PROTOCOL &&
!fib_urpf_check_size (lb[1]->lb_urpf) &&
ip[1]->dst_address.as_u32 != 0xFFFFFFFF)
? IP4_ERROR_SRC_LOOKUP_MISS : error[1]);
last_check->src.as_u32 = ip[1]->src_address.as_u32;
last_check->lbi = lbi[1];
last_check->error = error[1];
last_check->first = 0;
last_check->fib_index = vnet_buffer (b[1])->ip.fib_index;
}
else
{
vnet_buffer (b[0])->ip.adj_index[VLIB_RX] =
vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
vnet_buffer (b[0])->ip.adj_index[VLIB_TX] = last_check->lbi;
vnet_buffer (b[1])->ip.adj_index[VLIB_RX] =
vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
vnet_buffer (b[1])->ip.adj_index[VLIB_TX] = last_check->lbi;
error[0] = last_check->error;
error[1] = last_check->error;
}
}
enum ip_local_packet_type_e
{
IP_LOCAL_PACKET_TYPE_L4,
IP_LOCAL_PACKET_TYPE_NAT,
IP_LOCAL_PACKET_TYPE_FRAG,
};
/**
* Determine packet type and next node.
*
* The expectation is that all packets that are not L4 will skip
* checksums and source checks.
*/
always_inline u8
ip4_local_classify (vlib_buffer_t * b, ip4_header_t * ip, u16 * next)
{
ip_lookup_main_t *lm = &ip4_main.lookup_main;
if (PREDICT_FALSE (ip4_is_fragment (ip)))
{
*next = IP_LOCAL_NEXT_REASSEMBLY;
return IP_LOCAL_PACKET_TYPE_FRAG;
}
if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_IS_NATED))
{
*next = lm->local_next_by_ip_protocol[ip->protocol];
return IP_LOCAL_PACKET_TYPE_NAT;
}
*next = lm->local_next_by_ip_protocol[ip->protocol];
return IP_LOCAL_PACKET_TYPE_L4;
}
static inline uword
ip4_local_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
vlib_frame_t *frame, int head_of_feature_arc,
int is_receive_dpo)
{
u32 *from, n_left_from;
vlib_node_runtime_t *error_node =
vlib_node_get_runtime (vm, ip4_local_node.index);
u16 nexts[VLIB_FRAME_SIZE], *next;
vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
ip4_header_t *ip[2];
u8 error[2], pt[2];
ip4_local_last_check_t last_check = {
/*
* 0.0.0.0 can appear as the source address of an IP packet,
* as can any other address, hence the need to use the 'first'
* member to make sure the .lbi is initialised for the first
* packet.
*/
.src = { .as_u32 = 0 },
.lbi = ~0,
.error = IP4_ERROR_UNKNOWN_PROTOCOL,
.first = 1,
.fib_index = 0,
};
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
vlib_get_buffers (vm, from, bufs, n_left_from);
b = bufs;
next = nexts;
while (n_left_from >= 6)
{
u8 not_batch = 0;
/* Prefetch next iteration. */
{
vlib_prefetch_buffer_header (b[4], LOAD);
vlib_prefetch_buffer_header (b[5], LOAD);
clib_prefetch_load (b[4]->data);
clib_prefetch_load (b[5]->data);
}
error[0] = error[1] = IP4_ERROR_UNKNOWN_PROTOCOL;
ip[0] = vlib_buffer_get_current (b[0]);
ip[1] = vlib_buffer_get_current (b[1]);
vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
vnet_buffer (b[1])->l3_hdr_offset = b[1]->current_data;
pt[0] = ip4_local_classify (b[0], ip[0], &next[0]);
pt[1] = ip4_local_classify (b[1], ip[1], &next[1]);
not_batch = pt[0] ^ pt[1];
if (head_of_feature_arc == 0 || (pt[0] && not_batch == 0))
goto skip_checks;
if (PREDICT_TRUE (not_batch == 0))
{
ip4_local_check_l4_csum_x2 (vm, b, ip, error);
ip4_local_check_src_x2 (b, ip, &last_check, error, is_receive_dpo);
}
else
{
if (!pt[0])
{
ip4_local_check_l4_csum (vm, b[0], ip[0], &error[0]);
ip4_local_check_src (b[0], ip[0], &last_check, &error[0],
is_receive_dpo);
}
if (!pt[1])
{
ip4_local_check_l4_csum (vm, b[1], ip[1], &error[1]);
ip4_local_check_src (b[1], ip[1], &last_check, &error[1],
is_receive_dpo);
}
}
skip_checks:
ip4_local_set_next_and_error (error_node, b[0], &next[0], error[0],
head_of_feature_arc);
ip4_local_set_next_and_error (error_node, b[1], &next[1], error[1],
head_of_feature_arc);
b += 2;
next += 2;
n_left_from -= 2;
}
while (n_left_from > 0)
{
error[0] = IP4_ERROR_UNKNOWN_PROTOCOL;
ip[0] = vlib_buffer_get_current (b[0]);
vnet_buffer (b[0])->l3_hdr_offset = b[0]->current_data;
pt[0] = ip4_local_classify (b[0], ip[0], &next[0]);
if (head_of_feature_arc == 0 || pt[0])
goto skip_check;
ip4_local_check_l4_csum (vm, b[0], ip[0], &error[0]);
ip4_local_check_src (b[0], ip[0], &last_check, &error[0],
is_receive_dpo);
skip_check:
ip4_local_set_next_and_error (error_node, b[0], &next[0], error[0],
head_of_feature_arc);
b += 1;
next += 1;
n_left_from -= 1;
}
vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
return frame->n_vectors;
}
VLIB_NODE_FN (ip4_local_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
return ip4_local_inline (vm, node, frame, 1 /* head of feature arc */,
0 /* is_receive_dpo */);
}
VLIB_REGISTER_NODE (ip4_local_node) =
{
.name = "ip4-local",
.vector_size = sizeof (u32),
.format_trace = format_ip4_forward_next_trace,
.n_errors = IP4_N_ERROR,
.error_counters = ip4_error_counters,
.n_next_nodes = IP_LOCAL_N_NEXT,
.next_nodes =
{
[IP_LOCAL_NEXT_DROP] = "ip4-drop",
[IP_LOCAL_NEXT_PUNT] = "ip4-punt",
[IP_LOCAL_NEXT_UDP_LOOKUP] = "ip4-udp-lookup",
[IP_LOCAL_NEXT_ICMP] = "ip4-icmp-input",
[IP_LOCAL_NEXT_REASSEMBLY] = "ip4-local-full-reassembly",
},
};
VLIB_NODE_FN (ip4_receive_local_node)
(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
{
return ip4_local_inline (vm, node, frame, 1 /* head of feature arc */,
1 /* is_receive_dpo */);
}
VLIB_REGISTER_NODE (ip4_receive_local_node) = {
.name = "ip4-receive",
.vector_size = sizeof (u32),
.format_trace = format_ip4_forward_next_trace,
.sibling_of = "ip4-local"
};
VLIB_NODE_FN (ip4_local_end_of_arc_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
return ip4_local_inline (vm, node, frame, 0 /* head of feature arc */,
0 /* is_receive_dpo */);
}
VLIB_REGISTER_NODE (ip4_local_end_of_arc_node) = {
.name = "ip4-local-end-of-arc",
.vector_size = sizeof (u32),
.format_trace = format_ip4_forward_next_trace,
.sibling_of = "ip4-local",
};
VNET_FEATURE_INIT (ip4_local_end_of_arc, static) = {
.arc_name = "ip4-local",
.node_name = "ip4-local-end-of-arc",
.runs_before = 0, /* not before any other features */
};
#ifndef CLIB_MARCH_VARIANT
void
ip4_register_protocol (u32 protocol, u32 node_index)
{
vlib_main_t *vm = vlib_get_main ();
ip4_main_t *im = &ip4_main;
ip_lookup_main_t *lm = &im->lookup_main;
ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
lm->local_next_by_ip_protocol[protocol] =
vlib_node_add_next (vm, ip4_local_node.index, node_index);
}
void
ip4_unregister_protocol (u32 protocol)
{
ip4_main_t *im = &ip4_main;
ip_lookup_main_t *lm = &im->lookup_main;
ASSERT (protocol < ARRAY_LEN (lm->local_next_by_ip_protocol));
lm->local_next_by_ip_protocol[protocol] = IP_LOCAL_NEXT_PUNT;
}
#endif
static clib_error_t *
show_ip_local_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
ip4_main_t *im = &ip4_main;
ip_lookup_main_t *lm = &im->lookup_main;
int i;
vlib_cli_output (vm, "Protocols handled by ip4_local");
for (i = 0; i < ARRAY_LEN (lm->local_next_by_ip_protocol); i++)
{
if (lm->local_next_by_ip_protocol[i] != IP_LOCAL_NEXT_PUNT)
{
u32 node_index = vlib_get_node (vm,
ip4_local_node.index)->
next_nodes[lm->local_next_by_ip_protocol[i]];
vlib_cli_output (vm, "%U: %U", format_ip_protocol, i,
format_vlib_node_name, vm, node_index);
}
}
return 0;
}
/*?
* Display the set of protocols handled by the local IPv4 stack.
*
* @cliexpar
* Example of how to display local protocol table:
* @cliexstart{show ip local}
* Protocols handled by ip4_local
* 1
* 17
* 47
* @cliexend
?*/
VLIB_CLI_COMMAND (show_ip_local, static) =
{
.path = "show ip local",
.function = show_ip_local_command_fn,
.short_help = "show ip local",
};
typedef enum
{
IP4_REWRITE_NEXT_DROP,
IP4_REWRITE_NEXT_ICMP_ERROR,
IP4_REWRITE_NEXT_FRAGMENT,
IP4_REWRITE_N_NEXT /* Last */
} ip4_rewrite_next_t;
/**
* This bits of an IPv4 address to mask to construct a multicast
* MAC address
*/
#if CLIB_ARCH_IS_BIG_ENDIAN
#define IP4_MCAST_ADDR_MASK 0x007fffff
#else
#define IP4_MCAST_ADDR_MASK 0xffff7f00
#endif
always_inline void
ip4_mtu_check (vlib_buffer_t * b, u16 packet_len,
u16 adj_packet_bytes, bool df, u16 * next,
u8 is_midchain, u32 * error)
{
if (packet_len > adj_packet_bytes)
{
*error = IP4_ERROR_MTU_EXCEEDED;
if (df)
{
icmp4_error_set_vnet_buffer
(b, ICMP4_destination_unreachable,
ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set,
adj_packet_bytes);
*next = IP4_REWRITE_NEXT_ICMP_ERROR;
}
else
{
/* IP fragmentation */
ip_frag_set_vnet_buffer (b, adj_packet_bytes,
(is_midchain ?
IP_FRAG_NEXT_IP_REWRITE_MIDCHAIN :
IP_FRAG_NEXT_IP_REWRITE), 0);
*next = IP4_REWRITE_NEXT_FRAGMENT;
}
}
}
/* increment TTL & update checksum.
Works either endian, so no need for byte swap. */
static_always_inline void
ip4_ttl_inc (vlib_buffer_t * b, ip4_header_t * ip)
{
i32 ttl;
u32 checksum;
if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED))
return;
ttl = ip->ttl;
checksum = ip->checksum - clib_host_to_net_u16 (0x0100);
checksum += checksum >= 0xffff;
ip->checksum = checksum;
ttl += 1;
ip->ttl = ttl;
ASSERT (ip4_header_checksum_is_valid (ip) ||
(vnet_buffer (b)->oflags & VNET_BUFFER_OFFLOAD_F_IP_CKSUM) ||
(vnet_buffer (b)->oflags & VNET_BUFFER_OFFLOAD_F_OUTER_IP_CKSUM));
}
/* Decrement TTL & update checksum.
Works either endian, so no need for byte swap. */
static_always_inline void
ip4_ttl_and_checksum_check (vlib_buffer_t * b, ip4_header_t * ip, u16 * next,
u32 * error)
{
i32 ttl;
u32 checksum;
if (PREDICT_FALSE (b->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED))
return;
ttl = ip->ttl;
/* Input node should have reject packets with ttl 0. */
ASSERT (ip->ttl > 0);
checksum = ip->checksum + clib_host_to_net_u16 (0x0100);
checksum += checksum >= 0xffff;
ip->checksum = checksum;
ttl -= 1;
ip->ttl = ttl;
/*
* If the ttl drops below 1 when forwarding, generate
* an ICMP response.
*/
if (PREDICT_FALSE (ttl <= 0))
{
*error = IP4_ERROR_TIME_EXPIRED;
vnet_buffer (b)->sw_if_index[VLIB_TX] = (u32) ~ 0;
icmp4_error_set_vnet_buffer (b, ICMP4_time_exceeded,
ICMP4_time_exceeded_ttl_exceeded_in_transit,
0);
*next = IP4_REWRITE_NEXT_ICMP_ERROR;
}
/* Verify checksum. */
ASSERT (ip4_header_checksum_is_valid (ip) ||
(vnet_buffer (b)->oflags & VNET_BUFFER_OFFLOAD_F_IP_CKSUM) ||
(vnet_buffer (b)->oflags & VNET_BUFFER_OFFLOAD_F_OUTER_IP_CKSUM));
}
always_inline uword
ip4_rewrite_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
vlib_frame_t *frame, int do_counters, int is_midchain,
int is_mcast)
{
ip_lookup_main_t *lm = &ip4_main.lookup_main;
u32 *from = vlib_frame_vector_args (frame);
vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
u16 nexts[VLIB_FRAME_SIZE], *next;
u32 n_left_from;
vlib_node_runtime_t *error_node =
vlib_node_get_runtime (vm, ip4_input_node.index);
n_left_from = frame->n_vectors;
u32 thread_index = vm->thread_index;
vlib_get_buffers (vm, from, bufs, n_left_from);
clib_memset_u16 (nexts, IP4_REWRITE_NEXT_DROP, n_left_from);
#if (CLIB_N_PREFETCHES >= 8)
if (n_left_from >= 6)
{
int i;
for (i = 2; i < 6; i++)
vlib_prefetch_buffer_header (bufs[i], LOAD);
}
next = nexts;
b = bufs;
while (n_left_from >= 8)
{
const ip_adjacency_t *adj0, *adj1;
ip4_header_t *ip0, *ip1;
u32 rw_len0, error0, adj_index0;
u32 rw_len1, error1, adj_index1;
u32 tx_sw_if_index0, tx_sw_if_index1;
u8 *p;
if (is_midchain)
{
vlib_prefetch_buffer_header (b[6], LOAD);
vlib_prefetch_buffer_header (b[7], LOAD);
}
adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
adj_index1 = vnet_buffer (b[1])->ip.adj_index[VLIB_TX];
/*
* pre-fetch the per-adjacency counters
*/
if (do_counters)
{
vlib_prefetch_combined_counter (&adjacency_counters,
thread_index, adj_index0);
vlib_prefetch_combined_counter (&adjacency_counters,
thread_index, adj_index1);
}
ip0 = vlib_buffer_get_current (b[0]);
ip1 = vlib_buffer_get_current (b[1]);
error0 = error1 = IP4_ERROR_NONE;
ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
ip4_ttl_and_checksum_check (b[1], ip1, next + 1, &error1);
/* Rewrite packet header and updates lengths. */
adj0 = adj_get (adj_index0);
adj1 = adj_get (adj_index1);
/* Worth pipelining. No guarantee that adj0,1 are hot... */
rw_len0 = adj0[0].rewrite_header.data_bytes;
rw_len1 = adj1[0].rewrite_header.data_bytes;
vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
vnet_buffer (b[1])->ip.save_rewrite_length = rw_len1;
p = vlib_buffer_get_current (b[2]);
clib_prefetch_store (p - CLIB_CACHE_LINE_BYTES);
clib_prefetch_load (p);
p = vlib_buffer_get_current (b[3]);
clib_prefetch_store (p - CLIB_CACHE_LINE_BYTES);
clib_prefetch_load (p);
/* Check MTU of outgoing interface. */
u16 ip0_len = clib_net_to_host_u16 (ip0->length);
u16 ip1_len = clib_net_to_host_u16 (ip1->length);
if (b[0]->flags & VNET_BUFFER_F_GSO)
ip0_len = gso_mtu_sz (b[0]);
if (b[1]->flags & VNET_BUFFER_F_GSO)
ip1_len = gso_mtu_sz (b[1]);
ip4_mtu_check (b[0], ip0_len,
adj0[0].rewrite_header.max_l3_packet_bytes,
ip0->flags_and_fragment_offset &
clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
next + 0, is_midchain, &error0);
ip4_mtu_check (b[1], ip1_len,
adj1[0].rewrite_header.max_l3_packet_bytes,
ip1->flags_and_fragment_offset &
clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
next + 1, is_midchain, &error1);
if (is_mcast)
{
error0 = ((adj0[0].rewrite_header.sw_if_index ==
vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
IP4_ERROR_SAME_INTERFACE : error0);
error1 = ((adj1[0].rewrite_header.sw_if_index ==
vnet_buffer (b[1])->sw_if_index[VLIB_RX]) ?
IP4_ERROR_SAME_INTERFACE : error1);
}
/* Don't adjust the buffer for ttl issue; icmp-error node wants
* to see the IP header */
if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
{
u32 next_index = adj0[0].rewrite_header.next_index;
vlib_buffer_advance (b[0], -(word) rw_len0);
tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
if (PREDICT_FALSE
(adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
vnet_feature_arc_start_w_cfg_index (lm->output_feature_arc_index,
tx_sw_if_index0,
&next_index, b[0],
adj0->ia_cfg_index);
next[0] = next_index;
}
else
{
b[0]->error = error_node->errors[error0];
if (error0 == IP4_ERROR_MTU_EXCEEDED)
ip4_ttl_inc (b[0], ip0);
}
if (PREDICT_TRUE (error1 == IP4_ERROR_NONE))
{
u32 next_index = adj1[0].rewrite_header.next_index;
vlib_buffer_advance (b[1], -(word) rw_len1);
tx_sw_if_index1 = adj1[0].rewrite_header.sw_if_index;
vnet_buffer (b[1])->sw_if_index[VLIB_TX] = tx_sw_if_index1;
if (PREDICT_FALSE
(adj1[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
vnet_feature_arc_start_w_cfg_index (lm->output_feature_arc_index,
tx_sw_if_index1,
&next_index, b[1],
adj1->ia_cfg_index);
next[1] = next_index;
}
else
{
b[1]->error = error_node->errors[error1];
if (error1 == IP4_ERROR_MTU_EXCEEDED)
ip4_ttl_inc (b[1], ip1);
}
if (is_midchain)
/* Guess we are only writing on ipv4 header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip0, ip1, sizeof (ip4_header_t));
else
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_two_headers (adj0[0], adj1[0],
ip0, ip1, sizeof (ethernet_header_t));
if (do_counters)
{
if (error0 == IP4_ERROR_NONE)
vlib_increment_combined_counter
(&adjacency_counters,
thread_index,
adj_index0, 1,
vlib_buffer_length_in_chain (vm, b[0]) + rw_len0);
if (error1 == IP4_ERROR_NONE)
vlib_increment_combined_counter
(&adjacency_counters,
thread_index,
adj_index1, 1,
vlib_buffer_length_in_chain (vm, b[1]) + rw_len1);
}
if (is_midchain)
{
if (error0 == IP4_ERROR_NONE)
adj_midchain_fixup (vm, adj0, b[0], VNET_LINK_IP4);
if (error1 == IP4_ERROR_NONE)
adj_midchain_fixup (vm, adj1, b[1], VNET_LINK_IP4);
}
if (is_mcast)
{
/* copy bytes from the IP address into the MAC rewrite */
if (error0 == IP4_ERROR_NONE)
vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
adj0->rewrite_header.dst_mcast_offset,
&ip0->dst_address.as_u32, (u8 *) ip0);
if (error1 == IP4_ERROR_NONE)
vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
adj1->rewrite_header.dst_mcast_offset,
&ip1->dst_address.as_u32, (u8 *) ip1);
}
next += 2;
b += 2;
n_left_from -= 2;
}
#elif (CLIB_N_PREFETCHES >= 4)
next = nexts;
b = bufs;
while (n_left_from >= 1)
{
ip_adjacency_t *adj0;
ip4_header_t *ip0;
u32 rw_len0, error0, adj_index0;
u32 tx_sw_if_index0;
u8 *p;
/* Prefetch next iteration */
if (PREDICT_TRUE (n_left_from >= 4))
{
ip_adjacency_t *adj2;
u32 adj_index2;
vlib_prefetch_buffer_header (b[3], LOAD);
vlib_prefetch_buffer_data (b[2], LOAD);
/* Prefetch adj->rewrite_header */
adj_index2 = vnet_buffer (b[2])->ip.adj_index[VLIB_TX];
adj2 = adj_get (adj_index2);
p = (u8 *) adj2;
CLIB_PREFETCH (p + CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES,
LOAD);
}
adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
/*
* Prefetch the per-adjacency counters
*/
if (do_counters)
{
vlib_prefetch_combined_counter (&adjacency_counters,
thread_index, adj_index0);
}
ip0 = vlib_buffer_get_current (b[0]);
error0 = IP4_ERROR_NONE;
ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
/* Rewrite packet header and updates lengths. */
adj0 = adj_get (adj_index0);
/* Rewrite header was prefetched. */
rw_len0 = adj0[0].rewrite_header.data_bytes;
vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
/* Check MTU of outgoing interface. */
u16 ip0_len = clib_net_to_host_u16 (ip0->length);
if (b[0]->flags & VNET_BUFFER_F_GSO)
ip0_len = gso_mtu_sz (b[0]);
ip4_mtu_check (b[0], ip0_len,
adj0[0].rewrite_header.max_l3_packet_bytes,
ip0->flags_and_fragment_offset &
clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
next + 0, is_midchain, &error0);
if (is_mcast)
{
error0 = ((adj0[0].rewrite_header.sw_if_index ==
vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
IP4_ERROR_SAME_INTERFACE : error0);
}
/* Don't adjust the buffer for ttl issue; icmp-error node wants
* to see the IP header */
if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
{
u32 next_index = adj0[0].rewrite_header.next_index;
vlib_buffer_advance (b[0], -(word) rw_len0);
tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
if (PREDICT_FALSE
(adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
vnet_feature_arc_start_w_cfg_index (lm->output_feature_arc_index,
tx_sw_if_index0,
&next_index, b[0],
adj0->ia_cfg_index);
next[0] = next_index;
if (is_midchain)
{
/* Guess we are only writing on ipv4 header. */
vnet_rewrite_one_header (adj0[0], ip0, sizeof (ip4_header_t));
}
else
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_one_header (adj0[0], ip0,
sizeof (ethernet_header_t));
/*
* Bump the per-adjacency counters
*/
if (do_counters)
vlib_increment_combined_counter
(&adjacency_counters,
thread_index,
adj_index0, 1, vlib_buffer_length_in_chain (vm,
b[0]) + rw_len0);
if (is_midchain)
adj_midchain_fixup (vm, adj0, b[0], VNET_LINK_IP4);
if (is_mcast)
/* copy bytes from the IP address into the MAC rewrite */
vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
adj0->rewrite_header.dst_mcast_offset,
&ip0->dst_address.as_u32, (u8 *) ip0);
}
else
{
b[0]->error = error_node->errors[error0];
if (error0 == IP4_ERROR_MTU_EXCEEDED)
ip4_ttl_inc (b[0], ip0);
}
next += 1;
b += 1;
n_left_from -= 1;
}
#endif
while (n_left_from > 0)
{
ip_adjacency_t *adj0;
ip4_header_t *ip0;
u32 rw_len0, adj_index0, error0;
u32 tx_sw_if_index0;
adj_index0 = vnet_buffer (b[0])->ip.adj_index[VLIB_TX];
adj0 = adj_get (adj_index0);
if (do_counters)
vlib_prefetch_combined_counter (&adjacency_counters,
thread_index, adj_index0);
ip0 = vlib_buffer_get_current (b[0]);
error0 = IP4_ERROR_NONE;
ip4_ttl_and_checksum_check (b[0], ip0, next + 0, &error0);
/* Update packet buffer attributes/set output interface. */
rw_len0 = adj0[0].rewrite_header.data_bytes;
vnet_buffer (b[0])->ip.save_rewrite_length = rw_len0;
/* Check MTU of outgoing interface. */
u16 ip0_len = clib_net_to_host_u16 (ip0->length);
if (b[0]->flags & VNET_BUFFER_F_GSO)
ip0_len = gso_mtu_sz (b[0]);
ip4_mtu_check (b[0], ip0_len,
adj0[0].rewrite_header.max_l3_packet_bytes,
ip0->flags_and_fragment_offset &
clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT),
next + 0, is_midchain, &error0);
if (is_mcast)
{
error0 = ((adj0[0].rewrite_header.sw_if_index ==
vnet_buffer (b[0])->sw_if_index[VLIB_RX]) ?
IP4_ERROR_SAME_INTERFACE : error0);
}
/* Don't adjust the buffer for ttl issue; icmp-error node wants
* to see the IP header */
if (PREDICT_TRUE (error0 == IP4_ERROR_NONE))
{
u32 next_index = adj0[0].rewrite_header.next_index;
vlib_buffer_advance (b[0], -(word) rw_len0);
tx_sw_if_index0 = adj0[0].rewrite_header.sw_if_index;
vnet_buffer (b[0])->sw_if_index[VLIB_TX] = tx_sw_if_index0;
if (PREDICT_FALSE
(adj0[0].rewrite_header.flags & VNET_REWRITE_HAS_FEATURES))
vnet_feature_arc_start_w_cfg_index (lm->output_feature_arc_index,
tx_sw_if_index0,
&next_index, b[0],
adj0->ia_cfg_index);
next[0] = next_index;
if (is_midchain)
{
/* Guess we are only writing on ipv4 header. */
vnet_rewrite_one_header (adj0[0], ip0, sizeof (ip4_header_t));
}
else
/* Guess we are only writing on simple Ethernet header. */
vnet_rewrite_one_header (adj0[0], ip0,
sizeof (ethernet_header_t));
if (do_counters)
vlib_increment_combined_counter
(&adjacency_counters,
thread_index, adj_index0, 1,
vlib_buffer_length_in_chain (vm, b[0]) + rw_len0);
if (is_midchain)
adj_midchain_fixup (vm, adj0, b[0], VNET_LINK_IP4);
if (is_mcast)
/* copy bytes from the IP address into the MAC rewrite */
vnet_ip_mcast_fixup_header (IP4_MCAST_ADDR_MASK,
adj0->rewrite_header.dst_mcast_offset,
&ip0->dst_address.as_u32, (u8 *) ip0);
}
else
{
b[0]->error = error_node->errors[error0];
/* undo the TTL decrement - we'll be back to do it again */
if (error0 == IP4_ERROR_MTU_EXCEEDED)
ip4_ttl_inc (b[0], ip0);
}
next += 1;
b += 1;
n_left_from -= 1;
}
/* Need to do trace after rewrites to pick up new packet data. */
if (node->flags & VLIB_NODE_FLAG_TRACE)
ip4_forward_next_trace (vm, node, frame, VLIB_TX);
vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
return frame->n_vectors;
}
/** @brief IPv4 rewrite node.
@node ip4-rewrite
This is the IPv4 transit-rewrite node: decrement TTL, fix the ipv4
header checksum, fetch the ip adjacency, check the outbound mtu,
apply the adjacency rewrite, and send pkts to the adjacency
rewrite header's rewrite_next_index.
@param vm vlib_main_t corresponding to the current thread
@param node vlib_node_runtime_t
@param frame vlib_frame_t whose contents should be dispatched
@par Graph mechanics: buffer metadata, next index usage
@em Uses:
- <code>vnet_buffer(b)->ip.adj_index[VLIB_TX]</code>
- the rewrite adjacency index
- <code>adj->lookup_next_index</code>
- Must be IP_LOOKUP_NEXT_REWRITE or IP_LOOKUP_NEXT_ARP, otherwise
the packet will be dropped.
- <code>adj->rewrite_header</code>
- Rewrite string length, rewrite string, next_index
@em Sets:
- <code>b->current_data, b->current_length</code>
- Updated net of applying the rewrite string
<em>Next Indices:</em>
- <code> adj->rewrite_header.next_index </code>
or @c ip4-drop
*/
VLIB_NODE_FN (ip4_rewrite_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
if (adj_are_counters_enabled ())
return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
else
return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
}
VLIB_NODE_FN (ip4_rewrite_bcast_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
if (adj_are_counters_enabled ())
return ip4_rewrite_inline (vm, node, frame, 1, 0, 0);
else
return ip4_rewrite_inline (vm, node, frame, 0, 0, 0);
}
VLIB_NODE_FN (ip4_midchain_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
if (adj_are_counters_enabled ())
return ip4_rewrite_inline (vm, node, frame, 1, 1, 0);
else
return ip4_rewrite_inline (vm, node, frame, 0, 1, 0);
}
VLIB_NODE_FN (ip4_rewrite_mcast_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
if (adj_are_counters_enabled ())
return ip4_rewrite_inline (vm, node, frame, 1, 0, 1);
else
return ip4_rewrite_inline (vm, node, frame, 0, 0, 1);
}
VLIB_NODE_FN (ip4_mcast_midchain_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
if (adj_are_counters_enabled ())
return ip4_rewrite_inline (vm, node, frame, 1, 1, 1);
else
return ip4_rewrite_inline (vm, node, frame, 0, 1, 1);
}
VLIB_REGISTER_NODE (ip4_rewrite_node) = {
.name = "ip4-rewrite",
.vector_size = sizeof (u32),
.format_trace = format_ip4_rewrite_trace,
.n_next_nodes = IP4_REWRITE_N_NEXT,
.next_nodes = {
[IP4_REWRITE_NEXT_DROP] = "ip4-drop",
[IP4_REWRITE_NEXT_ICMP_ERROR] = "ip4-icmp-error",
[IP4_REWRITE_NEXT_FRAGMENT] = "ip4-frag",
},
};
VLIB_REGISTER_NODE (ip4_rewrite_bcast_node) = {
.name = "ip4-rewrite-bcast",
.vector_size = sizeof (u32),
.format_trace = format_ip4_rewrite_trace,
.sibling_of = "ip4-rewrite",
};
VLIB_REGISTER_NODE (ip4_rewrite_mcast_node) = {
.name = "ip4-rewrite-mcast",
.vector_size = sizeof (u32),
.format_trace = format_ip4_rewrite_trace,
.sibling_of = "ip4-rewrite",
};
VLIB_REGISTER_NODE (ip4_mcast_midchain_node) = {
.name = "ip4-mcast-midchain",
.vector_size = sizeof (u32),
.format_trace = format_ip4_rewrite_trace,
.sibling_of = "ip4-rewrite",
};
VLIB_REGISTER_NODE (ip4_midchain_node) = {
.name = "ip4-midchain",
.vector_size = sizeof (u32),
.format_trace = format_ip4_rewrite_trace,
.sibling_of = "ip4-rewrite",
};
static clib_error_t *
set_ip_flow_hash_command_fn (vlib_main_t * vm,
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
int matched = 0;
u32 table_id = 0;
u32 flow_hash_config = 0;
int rv;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (input, "table %d", &table_id))
matched = 1;
#define _(a, b, v) \
else if (unformat (input, #a)) \
{ \
flow_hash_config |= v; \
matched = 1; \
}
foreach_flow_hash_bit
#undef _
else
break;
}
if (matched == 0)
return clib_error_return (0, "unknown input `%U'",
format_unformat_error, input);
rv = ip_flow_hash_set (AF_IP4, table_id, flow_hash_config);
switch (rv)
{
case 0:
break;
case VNET_API_ERROR_NO_SUCH_FIB:
return clib_error_return (0, "no such FIB table %d", table_id);
default:
clib_warning ("BUG: illegal flow hash config 0x%x", flow_hash_config);
break;
}
return 0;
}
/*?
* Configure the set of IPv4 fields used by the flow hash.
*
* @cliexpar
* Example of how to set the flow hash on a given table:
* @cliexcmd{set ip flow-hash table 7 dst sport dport proto}
* Example of display the configured flow hash:
* @cliexstart{show ip fib}
* ipv4-VRF:0, fib_index 0, flow hash: src dst sport dport proto
* 0.0.0.0/0
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:0 buckets:1 uRPF:0 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 0.0.0.0/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:1 buckets:1 uRPF:1 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 224.0.0.0/8
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:3 buckets:1 uRPF:3 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 6.0.1.2/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:30 buckets:1 uRPF:29 to:[0:0]]
* [0] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
* 7.0.0.1/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:31 buckets:4 uRPF:30 to:[0:0]]
* [0] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
* [1] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
* [2] [@3]: arp-ipv4: via 6.0.0.2 af_packet0
* [3] [@3]: arp-ipv4: via 6.0.0.1 af_packet0
* 240.0.0.0/8
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:2 buckets:1 uRPF:2 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 255.255.255.255/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:4 buckets:1 uRPF:4 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* ipv4-VRF:7, fib_index 1, flow hash: dst sport dport proto
* 0.0.0.0/0
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:12 buckets:1 uRPF:11 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 0.0.0.0/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:13 buckets:1 uRPF:12 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 172.16.1.0/24
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:17 buckets:1 uRPF:16 to:[0:0]]
* [0] [@4]: ipv4-glean: af_packet0
* 172.16.1.1/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:18 buckets:1 uRPF:17 to:[1:84]]
* [0] [@2]: dpo-receive: 172.16.1.1 on af_packet0
* 172.16.1.2/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:21 buckets:1 uRPF:20 to:[0:0]]
* [0] [@5]: ipv4 via 172.16.1.2 af_packet0: IP4: 02:fe:9e:70:7a:2b -> 26:a5:f6:9c:3a:36
* 172.16.2.0/24
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:19 buckets:1 uRPF:18 to:[0:0]]
* [0] [@4]: ipv4-glean: af_packet1
* 172.16.2.1/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:20 buckets:1 uRPF:19 to:[0:0]]
* [0] [@2]: dpo-receive: 172.16.2.1 on af_packet1
* 224.0.0.0/8
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:15 buckets:1 uRPF:14 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 240.0.0.0/8
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:14 buckets:1 uRPF:13 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* 255.255.255.255/32
* unicast-ip4-chain
* [@0]: dpo-load-balance: [index:16 buckets:1 uRPF:15 to:[0:0]]
* [0] [@0]: dpo-drop ip6
* @cliexend
?*/
VLIB_CLI_COMMAND (set_ip_flow_hash_command, static) = {
.path = "set ip flow-hash",
.short_help = "set ip flow-hash table <table-id> [src] [dst] [sport] "
"[dport] [proto] [reverse] [gtpv1teid]",
.function = set_ip_flow_hash_command_fn,
};
#ifndef CLIB_MARCH_VARIANT
int
vnet_set_ip4_classify_intfc (vlib_main_t * vm, u32 sw_if_index,
u32 table_index)
{
vnet_main_t *vnm = vnet_get_main ();
vnet_interface_main_t *im = &vnm->interface_main;
ip4_main_t *ipm = &ip4_main;
ip_lookup_main_t *lm = &ipm->lookup_main;
vnet_classify_main_t *cm = &vnet_classify_main;
ip4_address_t *if_addr;
if (pool_is_free_index (im->sw_interfaces, sw_if_index))
return VNET_API_ERROR_NO_MATCHING_INTERFACE;
if (table_index != ~0 && pool_is_free_index (cm->tables, table_index))
return VNET_API_ERROR_NO_SUCH_ENTRY;
vec_validate (lm->classify_table_index_by_sw_if_index, sw_if_index);
lm->classify_table_index_by_sw_if_index[sw_if_index] = table_index;
if_addr = ip4_interface_first_address (ipm, sw_if_index, NULL);
if (NULL != if_addr)
{
fib_prefix_t pfx = {
.fp_len = 32,
.fp_proto = FIB_PROTOCOL_IP4,
.fp_addr.ip4 = *if_addr,
};
u32 fib_index;
fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
sw_if_index);
if (table_index != (u32) ~ 0)
{
dpo_id_t dpo = DPO_INVALID;
dpo_set (&dpo,
DPO_CLASSIFY,
DPO_PROTO_IP4,
classify_dpo_create (DPO_PROTO_IP4, table_index));
fib_table_entry_special_dpo_add (fib_index,
&pfx,
FIB_SOURCE_CLASSIFY,
FIB_ENTRY_FLAG_NONE, &dpo);
dpo_reset (&dpo);
}
else
{
fib_table_entry_special_remove (fib_index,
&pfx, FIB_SOURCE_CLASSIFY);
}
}
return 0;
}
#endif
static clib_error_t *
set_ip_classify_command_fn (vlib_main_t * vm,
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
u32 table_index = ~0;
int table_index_set = 0;
u32 sw_if_index = ~0;
int rv;
while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (input, "table-index %d", &table_index))
table_index_set = 1;
else if (unformat (input, "intfc %U", unformat_vnet_sw_interface,
vnet_get_main (), &sw_if_index))
;
else
break;
}
if (table_index_set == 0)
return clib_error_return (0, "classify table-index must be specified");
if (sw_if_index == ~0)
return clib_error_return (0, "interface / subif must be specified");
rv = vnet_set_ip4_classify_intfc (vm, sw_if_index, table_index);
switch (rv)
{
case 0:
break;
case VNET_API_ERROR_NO_MATCHING_INTERFACE:
return clib_error_return (0, "No such interface");
case VNET_API_ERROR_NO_SUCH_ENTRY:
return clib_error_return (0, "No such classifier table");
}
return 0;
}
/*?
* Assign a classification table to an interface. The classification
* table is created using the '<em>classify table</em>' and '<em>classify session</em>'
* commands. Once the table is create, use this command to filter packets
* on an interface.
*
* @cliexpar
* Example of how to assign a classification table to an interface:
* @cliexcmd{set ip classify intfc GigabitEthernet2/0/0 table-index 1}
?*/
VLIB_CLI_COMMAND (set_ip_classify_command, static) =
{
.path = "set ip classify",
.short_help =
"set ip classify intfc <interface> table-index <classify-idx>",
.function = set_ip_classify_command_fn,
};
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/