Gitiles
Code Review Sign In
gerrit.nordix.org / fdio / vpp / e22a7041626cf1ebee7534d84068d48e8671a6ab / . / src / vnet / ip / reass / ip6_sv_reass.c
blob: c7f64ca3338eef4e237bfd25bed7e6df122f7bf5 [file] [log] [blame]
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1/*
2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16/**
17 * @file
18 * @brief IPv6 Shallow Virtual Reassembly.
19 *
20 * This file contains the source code for IPv6 Shallow Virtual reassembly.
21 */
22
23#include <vppinfra/vec.h>
24#include <vnet/vnet.h>
25#include <vnet/ip/ip.h>
26#include <vnet/ip/ip6_to_ip4.h>
27#include <vppinfra/bihash_48_8.h>
28#include <vnet/ip/reass/ip6_sv_reass.h>
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]29#include <vnet/ip/ip6_inlines.h>
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]30
31#define MSEC_PER_SEC 1000
32#define IP6_SV_REASS_TIMEOUT_DEFAULT_MS 100
33#define IP6_SV_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS 10000 // 10 seconds default
34#define IP6_SV_REASS_MAX_REASSEMBLIES_DEFAULT 1024
35#define IP6_SV_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT 3
36#define IP6_SV_REASS_HT_LOAD_FACTOR (0.75)
37
38typedef enum
39{
40 IP6_SV_REASS_RC_OK,
41 IP6_SV_REASS_RC_TOO_MANY_FRAGMENTS,
42 IP6_SV_REASS_RC_INTERNAL_ERROR,
43 IP6_SV_REASS_RC_UNSUPP_IP_PROTO,
Klement Sekera755042d2021-12-01 10:14:38 +0000[diff] [blame]44 IP6_SV_REASS_RC_INVALID_FRAG_LEN,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]45} ip6_sv_reass_rc_t;
46
47typedef struct
48{
49 union
50 {
51 struct
52 {
53 ip6_address_t src;
54 ip6_address_t dst;
Klement Sekera5a58e7c2021-11-03 17:57:28 +0100[diff] [blame]55 u32 fib_index;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]56 u32 frag_id;
57 u8 unused[7];
58 u8 proto;
59 };
60 u64 as_u64[6];
61 };
62} ip6_sv_reass_key_t;
63
64typedef union
65{
66 struct
67 {
68 u32 reass_index;
69 u32 thread_index;
70 };
71 u64 as_u64;
72} ip6_sv_reass_val_t;
73
74typedef union
75{
76 struct
77 {
78 ip6_sv_reass_key_t k;
79 ip6_sv_reass_val_t v;
80 };
81 clib_bihash_kv_48_8_t kv;
82} ip6_sv_reass_kv_t;
83
84typedef struct
85{
86 // hash table key
87 ip6_sv_reass_key_t key;
88 // time when last packet was received
89 f64 last_heard;
90 // internal id of this reassembly
91 u64 id;
92 // trace operation counter
93 u32 trace_op_counter;
94 // buffer indexes of buffers in this reassembly in chronological order -
95 // including overlaps and duplicate fragments
96 u32 *cached_buffers;
97 // set to true when this reassembly is completed
98 bool is_complete;
99 // ip protocol
100 u8 ip_proto;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]101 u8 icmp_type_or_tcp_flags;
102 u32 tcp_ack_number;
103 u32 tcp_seq_number;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]104 // l4 src port
105 u16 l4_src_port;
106 // l4 dst port
107 u16 l4_dst_port;
108 // lru indexes
109 u32 lru_prev;
110 u32 lru_next;
111} ip6_sv_reass_t;
112
113typedef struct
114{
115 ip6_sv_reass_t *pool;
116 u32 reass_n;
117 u32 id_counter;
118 clib_spinlock_t lock;
119 // lru indexes
120 u32 lru_first;
121 u32 lru_last;
122} ip6_sv_reass_per_thread_t;
123
124typedef struct
125{
126 // IPv6 config
127 u32 timeout_ms;
128 f64 timeout;
129 u32 expire_walk_interval_ms;
130 // maximum number of fragments in one reassembly
131 u32 max_reass_len;
132 // maximum number of reassemblies
133 u32 max_reass_n;
134
135 // IPv6 runtime
136 clib_bihash_48_8_t hash;
137
138 // per-thread data
139 ip6_sv_reass_per_thread_t *per_thread_data;
140
141 // convenience
142 vlib_main_t *vlib_main;
143 vnet_main_t *vnet_main;
144
145 // node index of ip6-drop node
146 u32 ip6_drop_idx;
147 u32 ip6_icmp_error_idx;
148 u32 ip6_sv_reass_expire_node_idx;
149
150 /** Worker handoff */
151 u32 fq_index;
152 u32 fq_feature_index;
153
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]154 // reference count for enabling/disabling feature - per interface
155 u32 *feature_use_refcount_per_intf;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]156} ip6_sv_reass_main_t;
157
158extern ip6_sv_reass_main_t ip6_sv_reass_main;
159
160#ifndef CLIB_MARCH_VARIANT
161ip6_sv_reass_main_t ip6_sv_reass_main;
162#endif /* CLIB_MARCH_VARIANT */
163
164typedef enum
165{
166 IP6_SV_REASSEMBLY_NEXT_INPUT,
167 IP6_SV_REASSEMBLY_NEXT_DROP,
168 IP6_SV_REASSEMBLY_NEXT_ICMP_ERROR,
169 IP6_SV_REASSEMBLY_NEXT_HANDOFF,
170 IP6_SV_REASSEMBLY_N_NEXT,
171} ip6_sv_reass_next_t;
172
173typedef enum
174{
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]175 REASS_FRAGMENT_CACHE,
176 REASS_FINISH,
177 REASS_FRAGMENT_FORWARD,
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]178 REASS_PASSTHROUGH,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]179} ip6_sv_reass_trace_operation_e;
180
181typedef struct
182{
183 ip6_sv_reass_trace_operation_e action;
184 u32 reass_id;
185 u32 op_id;
186 u8 ip_proto;
187 u16 l4_src_port;
188 u16 l4_dst_port;
189} ip6_sv_reass_trace_t;
190
191static u8 *
192format_ip6_sv_reass_trace (u8 * s, va_list * args)
193{
194 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
195 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
196 ip6_sv_reass_trace_t *t = va_arg (*args, ip6_sv_reass_trace_t *);
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]197 if (REASS_PASSTHROUGH != t->action)
198 {
199 s = format (s, "reass id: %u, op id: %u ", t->reass_id, t->op_id);
200 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]201 switch (t->action)
202 {
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]203 case REASS_FRAGMENT_CACHE:
204 s = format (s, "[cached]");
205 break;
206 case REASS_FINISH:
207 s =
208 format (s, "[finish, ip proto=%u, src_port=%u, dst_port=%u]",
209 t->ip_proto, clib_net_to_host_u16 (t->l4_src_port),
210 clib_net_to_host_u16 (t->l4_dst_port));
211 break;
212 case REASS_FRAGMENT_FORWARD:
213 s =
214 format (s, "[forward, ip proto=%u, src_port=%u, dst_port=%u]",
215 t->ip_proto, clib_net_to_host_u16 (t->l4_src_port),
216 clib_net_to_host_u16 (t->l4_dst_port));
217 break;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]218 case REASS_PASSTHROUGH:
Klement Sekera7c3275e2021-12-07 09:49:53 +0000[diff] [blame]219 s = format (s, "[not fragmented or atomic fragment]");
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]220 break;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]221 }
222 return s;
223}
224
225static void
226ip6_sv_reass_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]227 ip6_sv_reass_t * reass, u32 bi,
228 ip6_sv_reass_trace_operation_e action,
229 u32 ip_proto, u16 l4_src_port, u16 l4_dst_port)
230{
231 vlib_buffer_t *b = vlib_get_buffer (vm, bi);
Klement Sekera53be16d2020-12-15 21:47:36 +0100[diff] [blame]232 if (pool_is_free_index
233 (vm->trace_main.trace_buffer_pool, vlib_buffer_get_trace_index (b)))
234 {
235 // this buffer's trace is gone
236 b->flags &= ~VLIB_BUFFER_IS_TRACED;
237 return;
238 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]239 ip6_sv_reass_trace_t *t = vlib_add_trace (vm, node, b, sizeof (t[0]));
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]240 if (reass)
241 {
242 t->reass_id = reass->id;
243 t->op_id = reass->trace_op_counter;
244 ++reass->trace_op_counter;
245 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]246 t->action = action;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]247 t->ip_proto = ip_proto;
248 t->l4_src_port = l4_src_port;
249 t->l4_dst_port = l4_dst_port;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]250#if 0
251 static u8 *s = NULL;
252 s = format (s, "%U", format_ip6_sv_reass_trace, NULL, NULL, t);
253 printf ("%.*s\n", vec_len (s), s);
254 fflush (stdout);
255 vec_reset_length (s);
256#endif
257}
258
259always_inline void
260ip6_sv_reass_free (vlib_main_t * vm, ip6_sv_reass_main_t * rm,
261 ip6_sv_reass_per_thread_t * rt, ip6_sv_reass_t * reass)
262{
263 clib_bihash_kv_48_8_t kv;
264 kv.key[0] = reass->key.as_u64[0];
265 kv.key[1] = reass->key.as_u64[1];
266 kv.key[2] = reass->key.as_u64[2];
267 kv.key[3] = reass->key.as_u64[3];
268 kv.key[4] = reass->key.as_u64[4];
269 kv.key[5] = reass->key.as_u64[5];
270 clib_bihash_add_del_48_8 (&rm->hash, &kv, 0);
271 vlib_buffer_free (vm, reass->cached_buffers,
272 vec_len (reass->cached_buffers));
273 vec_free (reass->cached_buffers);
274 reass->cached_buffers = NULL;
275 if (~0 != reass->lru_prev)
276 {
277 ip6_sv_reass_t *lru_prev =
278 pool_elt_at_index (rt->pool, reass->lru_prev);
279 lru_prev->lru_next = reass->lru_next;
280 }
281 if (~0 != reass->lru_next)
282 {
283 ip6_sv_reass_t *lru_next =
284 pool_elt_at_index (rt->pool, reass->lru_next);
285 lru_next->lru_prev = reass->lru_prev;
286 }
287 if (rt->lru_first == reass - rt->pool)
288 {
289 rt->lru_first = reass->lru_next;
290 }
291 if (rt->lru_last == reass - rt->pool)
292 {
293 rt->lru_last = reass->lru_prev;
294 }
295 pool_put (rt->pool, reass);
296 --rt->reass_n;
297}
298
299always_inline void
300ip6_sv_reass_init (ip6_sv_reass_t * reass)
301{
302 reass->cached_buffers = NULL;
303 reass->is_complete = false;
304}
305
306always_inline ip6_sv_reass_t *
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]307ip6_sv_reass_find_or_create (vlib_main_t *vm, ip6_sv_reass_main_t *rm,
308 ip6_sv_reass_per_thread_t *rt,
309 ip6_sv_reass_kv_t *kv, u8 *do_handoff)
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]310{
311 ip6_sv_reass_t *reass = NULL;
Tom Seidenberg5a7f2f12020-04-28 17:58:12 -0400[diff] [blame]312 f64 now = vlib_time_now (vm);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]313
Klement Sekera4ab6ad12021-12-17 12:47:51 +0000[diff] [blame]314again:
315
Klement Sekerac99c0252019-12-18 12:17:06 +0000[diff] [blame]316 if (!clib_bihash_search_48_8 (&rm->hash, &kv->kv, &kv->kv))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]317 {
318 if (vm->thread_index != kv->v.thread_index)
319 {
320 *do_handoff = 1;
321 return NULL;
322 }
323 reass = pool_elt_at_index (rt->pool, kv->v.reass_index);
324
325 if (now > reass->last_heard + rm->timeout)
326 {
327 ip6_sv_reass_free (vm, rm, rt, reass);
328 reass = NULL;
329 }
330 }
331
332 if (reass)
333 {
334 reass->last_heard = now;
335 return reass;
336 }
337
338 if (rt->reass_n >= rm->max_reass_n)
339 {
zhengdelunce533632020-05-22 15:42:28 +0800[diff] [blame]340 reass = pool_elt_at_index (rt->pool, rt->lru_first);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]341 ip6_sv_reass_free (vm, rm, rt, reass);
342 }
343
344 pool_get (rt->pool, reass);
345 clib_memset (reass, 0, sizeof (*reass));
346 reass->id = ((u64) vm->thread_index * 1000000000) + rt->id_counter;
347 ++rt->id_counter;
348 ip6_sv_reass_init (reass);
349 ++rt->reass_n;
350
351 reass->lru_prev = reass->lru_next = ~0;
352
353 if (~0 != rt->lru_last)
354 {
355 ip6_sv_reass_t *lru_last = pool_elt_at_index (rt->pool, rt->lru_last);
356 reass->lru_prev = rt->lru_last;
357 lru_last->lru_next = rt->lru_last = reass - rt->pool;
358 }
359
360 if (~0 == rt->lru_first)
361 {
362 rt->lru_first = rt->lru_last = reass - rt->pool;
363 }
364
Klement Sekerac99c0252019-12-18 12:17:06 +0000[diff] [blame]365 reass->key.as_u64[0] = kv->kv.key[0];
366 reass->key.as_u64[1] = kv->kv.key[1];
367 reass->key.as_u64[2] = kv->kv.key[2];
368 reass->key.as_u64[3] = kv->kv.key[3];
369 reass->key.as_u64[4] = kv->kv.key[4];
370 reass->key.as_u64[5] = kv->kv.key[5];
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]371 kv->v.reass_index = (reass - rt->pool);
372 kv->v.thread_index = vm->thread_index;
373 reass->last_heard = now;
374
Klement Sekera4ab6ad12021-12-17 12:47:51 +0000[diff] [blame]375 int rv = clib_bihash_add_del_48_8 (&rm->hash, &kv->kv, 2);
376 if (rv)
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]377 {
378 ip6_sv_reass_free (vm, rm, rt, reass);
379 reass = NULL;
Klement Sekera4ab6ad12021-12-17 12:47:51 +0000[diff] [blame]380 // if other worker created a context already work with the other copy
381 if (-2 == rv)
382 goto again;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]383 }
384
385 return reass;
386}
387
388always_inline ip6_sv_reass_rc_t
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]389ip6_sv_reass_update (vlib_main_t *vm, vlib_node_runtime_t *node,
390 ip6_sv_reass_main_t *rm, ip6_sv_reass_t *reass, u32 bi0,
391 ip6_frag_hdr_t *frag_hdr)
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]392{
393 vlib_buffer_t *fb = vlib_get_buffer (vm, bi0);
394 vnet_buffer_opaque_t *fvnb = vnet_buffer (fb);
395 fvnb->ip.reass.ip6_frag_hdr_offset =
396 (u8 *) frag_hdr - (u8 *) vlib_buffer_get_current (fb);
397 ip6_header_t *fip = vlib_buffer_get_current (fb);
398 if (fb->current_length < sizeof (*fip) ||
399 fvnb->ip.reass.ip6_frag_hdr_offset == 0 ||
400 fvnb->ip.reass.ip6_frag_hdr_offset >= fb->current_length)
401 {
402 return IP6_SV_REASS_RC_INTERNAL_ERROR;
403 }
404
405 u32 fragment_first = fvnb->ip.reass.fragment_first =
406 ip6_frag_hdr_offset_bytes (frag_hdr);
407 u32 fragment_length =
408 vlib_buffer_length_in_chain (vm, fb) -
409 (fvnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
Klement Sekera755042d2021-12-01 10:14:38 +0000[diff] [blame]410 if (0 == fragment_length)
411 {
412 return IP6_SV_REASS_RC_INVALID_FRAG_LEN;
413 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]414 u32 fragment_last = fvnb->ip.reass.fragment_last =
415 fragment_first + fragment_length - 1;
416 fvnb->ip.reass.range_first = fragment_first;
417 fvnb->ip.reass.range_last = fragment_last;
418 fvnb->ip.reass.next_range_bi = ~0;
419 if (0 == fragment_first)
420 {
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]421 if (!ip6_get_port
422 (vm, fb, fip, fb->current_length, &reass->ip_proto,
423 &reass->l4_src_port, &reass->l4_dst_port,
424 &reass->icmp_type_or_tcp_flags, &reass->tcp_ack_number,
425 &reass->tcp_seq_number))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]426 return IP6_SV_REASS_RC_UNSUPP_IP_PROTO;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]427
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]428 reass->is_complete = true;
429 vlib_buffer_t *b0 = vlib_get_buffer (vm, bi0);
430 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
431 {
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]432 ip6_sv_reass_add_trace (vm, node, reass, bi0, REASS_FINISH,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]433 reass->ip_proto, reass->l4_src_port,
434 reass->l4_dst_port);
435 }
436 }
437 vec_add1 (reass->cached_buffers, bi0);
438 if (!reass->is_complete)
439 {
440 if (PREDICT_FALSE (fb->flags & VLIB_BUFFER_IS_TRACED))
441 {
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]442 ip6_sv_reass_add_trace (vm, node, reass, bi0, REASS_FRAGMENT_CACHE,
443 reass->ip_proto, reass->l4_src_port,
444 reass->l4_dst_port);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]445 }
446 if (vec_len (reass->cached_buffers) > rm->max_reass_len)
447 {
448 return IP6_SV_REASS_RC_TOO_MANY_FRAGMENTS;
449 }
450 }
451 return IP6_SV_REASS_RC_OK;
452}
453
454always_inline bool
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]455ip6_sv_reass_verify_upper_layer_present (vlib_node_runtime_t *node,
456 vlib_buffer_t *b,
457 ip6_ext_hdr_chain_t *hc)
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]458{
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]459 int nh = hc->eh[hc->length - 1].protocol;
460 /* Checking to see if it's a terminating header */
461 if (ip6_ext_hdr (nh))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]462 {
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]463 icmp6_error_set_vnet_buffer (
464 b, ICMP6_parameter_problem,
465 ICMP6_parameter_problem_first_fragment_has_incomplete_header_chain, 0);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]466 b->error = node->errors[IP6_ERROR_REASS_MISSING_UPPER];
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]467 return false;
468 }
469 return true;
470}
471
472always_inline bool
473ip6_sv_reass_verify_fragment_multiple_8 (vlib_main_t * vm,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]474 vlib_buffer_t * b,
475 ip6_frag_hdr_t * frag_hdr)
476{
477 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
478 ip6_header_t *ip = vlib_buffer_get_current (b);
479 int more_fragments = ip6_frag_hdr_more (frag_hdr);
480 u32 fragment_length =
481 vlib_buffer_length_in_chain (vm, b) -
482 (vnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
483 if (more_fragments && 0 != fragment_length % 8)
484 {
485 icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
486 ICMP6_parameter_problem_erroneous_header_field,
487 (u8 *) & ip->payload_length - (u8 *) ip);
488 return false;
489 }
490 return true;
491}
492
493always_inline bool
494ip6_sv_reass_verify_packet_size_lt_64k (vlib_main_t * vm,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]495 vlib_buffer_t * b,
496 ip6_frag_hdr_t * frag_hdr)
497{
498 vnet_buffer_opaque_t *vnb = vnet_buffer (b);
499 u32 fragment_first = ip6_frag_hdr_offset_bytes (frag_hdr);
500 u32 fragment_length =
501 vlib_buffer_length_in_chain (vm, b) -
502 (vnb->ip.reass.ip6_frag_hdr_offset + sizeof (*frag_hdr));
503 if (fragment_first + fragment_length > 65535)
504 {
505 ip6_header_t *ip0 = vlib_buffer_get_current (b);
506 icmp6_error_set_vnet_buffer (b, ICMP6_parameter_problem,
507 ICMP6_parameter_problem_erroneous_header_field,
508 (u8 *) & frag_hdr->fragment_offset_and_more
509 - (u8 *) ip0);
510 return false;
511 }
512 return true;
513}
514
515always_inline uword
516ip6_sv_reassembly_inline (vlib_main_t * vm,
517 vlib_node_runtime_t * node,
518 vlib_frame_t * frame, bool is_feature)
519{
520 u32 *from = vlib_frame_vector_args (frame);
521 u32 n_left_from, n_left_to_next, *to_next, next_index;
522 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
523 ip6_sv_reass_per_thread_t *rt = &rm->per_thread_data[vm->thread_index];
524 clib_spinlock_lock (&rt->lock);
525
526 n_left_from = frame->n_vectors;
527 next_index = node->cached_next_index;
528
529 while (n_left_from > 0)
530 {
531 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
532
533 while (n_left_from > 0 && n_left_to_next > 0)
534 {
535 u32 bi0;
536 vlib_buffer_t *b0;
537 u32 next0 = IP6_SV_REASSEMBLY_NEXT_DROP;
538 u32 error0 = IP6_ERROR_NONE;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]539
540 bi0 = from[0];
541 b0 = vlib_get_buffer (vm, bi0);
542
543 ip6_header_t *ip0 = vlib_buffer_get_current (b0);
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]544 ip6_frag_hdr_t *frag_hdr;
545 ip6_ext_hdr_chain_t hdr_chain;
Klement Sekera7c3275e2021-12-07 09:49:53 +0000[diff] [blame]546 bool is_atomic_fragment = false;
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]547
548 int res = ip6_ext_header_walk (
549 b0, ip0, IP_PROTOCOL_IPV6_FRAGMENTATION, &hdr_chain);
Klement Sekera7c3275e2021-12-07 09:49:53 +0000[diff] [blame]550 if (res >= 0 &&
551 hdr_chain.eh[res].protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]552 {
Klement Sekera7c3275e2021-12-07 09:49:53 +0000[diff] [blame]553 frag_hdr =
554 ip6_ext_next_header_offset (ip0, hdr_chain.eh[res].offset);
555 is_atomic_fragment = (0 == ip6_frag_hdr_offset (frag_hdr) &&
556 !ip6_frag_hdr_more (frag_hdr));
557 }
558
559 if (res < 0 ||
560 hdr_chain.eh[res].protocol != IP_PROTOCOL_IPV6_FRAGMENTATION ||
561 is_atomic_fragment)
562 {
563 // this is a regular unfragmented packet or an atomic fragment
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]564 if (!ip6_get_port
565 (vm, b0, ip0, b0->current_length,
566 &(vnet_buffer (b0)->ip.reass.ip_proto),
567 &(vnet_buffer (b0)->ip.reass.l4_src_port),
568 &(vnet_buffer (b0)->ip.reass.l4_dst_port),
569 &(vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags),
570 &(vnet_buffer (b0)->ip.reass.tcp_ack_number),
571 &(vnet_buffer (b0)->ip.reass.tcp_seq_number)))
572 {
573 error0 = IP6_ERROR_REASS_UNSUPP_IP_PROTO;
Klement Sekera1766ddc2020-03-30 16:59:38 +0200[diff] [blame]574 b0->error = node->errors[error0];
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]575 next0 = IP6_SV_REASSEMBLY_NEXT_DROP;
576 goto packet_enqueue;
577 }
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]578 vnet_buffer (b0)->ip.reass.is_non_first_fragment = 0;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]579 next0 = IP6_SV_REASSEMBLY_NEXT_INPUT;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]580 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
581 {
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]582 ip6_sv_reass_add_trace (
583 vm, node, NULL, bi0, REASS_PASSTHROUGH,
584 vnet_buffer (b0)->ip.reass.ip_proto,
585 vnet_buffer (b0)->ip.reass.l4_src_port,
586 vnet_buffer (b0)->ip.reass.l4_dst_port);
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]587 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]588 goto packet_enqueue;
589 }
Klement Sekera7c3275e2021-12-07 09:49:53 +0000[diff] [blame]590
Klement Sekera38f7ccb2019-10-28 11:26:28 +0000[diff] [blame]591 vnet_buffer (b0)->ip.reass.ip6_frag_hdr_offset =
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]592 hdr_chain.eh[res].offset;
Klement Sekera7c3275e2021-12-07 09:49:53 +0000[diff] [blame]593
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]594 if (0 == ip6_frag_hdr_offset (frag_hdr))
595 {
596 // first fragment - verify upper-layer is present
Ole Troan03092c12021-11-23 15:55:39 +0100[diff] [blame]597 if (!ip6_sv_reass_verify_upper_layer_present (node, b0,
598 &hdr_chain))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]599 {
600 next0 = IP6_SV_REASSEMBLY_NEXT_ICMP_ERROR;
601 goto packet_enqueue;
602 }
603 }
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]604 if (!ip6_sv_reass_verify_fragment_multiple_8 (vm, b0, frag_hdr) ||
605 !ip6_sv_reass_verify_packet_size_lt_64k (vm, b0, frag_hdr))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]606 {
607 next0 = IP6_SV_REASSEMBLY_NEXT_ICMP_ERROR;
608 goto packet_enqueue;
609 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]610
611 ip6_sv_reass_kv_t kv;
612 u8 do_handoff = 0;
613
614 kv.k.as_u64[0] = ip0->src_address.as_u64[0];
615 kv.k.as_u64[1] = ip0->src_address.as_u64[1];
616 kv.k.as_u64[2] = ip0->dst_address.as_u64[0];
617 kv.k.as_u64[3] = ip0->dst_address.as_u64[1];
618 kv.k.as_u64[4] =
619 ((u64) vec_elt (ip6_main.fib_index_by_sw_if_index,
620 vnet_buffer (b0)->sw_if_index[VLIB_RX])) << 32 |
621 (u64) frag_hdr->identification;
622 kv.k.as_u64[5] = ip0->protocol;
623
624 ip6_sv_reass_t *reass =
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]625 ip6_sv_reass_find_or_create (vm, rm, rt, &kv, &do_handoff);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]626
627 if (PREDICT_FALSE (do_handoff))
628 {
629 next0 = IP6_SV_REASSEMBLY_NEXT_HANDOFF;
630 vnet_buffer (b0)->ip.reass.owner_thread_index =
631 kv.v.thread_index;
Klement Sekera364b20a2019-10-07 09:48:06 +0000[diff] [blame]632 goto packet_enqueue;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]633 }
634
635 if (!reass)
636 {
637 next0 = IP6_SV_REASSEMBLY_NEXT_DROP;
638 error0 = IP6_ERROR_REASS_LIMIT_REACHED;
Klement Sekera1766ddc2020-03-30 16:59:38 +0200[diff] [blame]639 b0->error = node->errors[error0];
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]640 goto packet_enqueue;
641 }
642
643 if (reass->is_complete)
644 {
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]645 vnet_buffer (b0)->ip.reass.is_non_first_fragment =
646 ! !ip6_frag_hdr_offset (frag_hdr);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]647 vnet_buffer (b0)->ip.reass.ip_proto = reass->ip_proto;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]648 vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags =
649 reass->icmp_type_or_tcp_flags;
650 vnet_buffer (b0)->ip.reass.tcp_ack_number =
651 reass->tcp_ack_number;
652 vnet_buffer (b0)->ip.reass.tcp_seq_number =
653 reass->tcp_seq_number;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]654 vnet_buffer (b0)->ip.reass.l4_src_port = reass->l4_src_port;
655 vnet_buffer (b0)->ip.reass.l4_dst_port = reass->l4_dst_port;
656 next0 = IP6_SV_REASSEMBLY_NEXT_INPUT;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]657 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
658 {
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]659 ip6_sv_reass_add_trace (
660 vm, node, reass, bi0, REASS_FRAGMENT_FORWARD,
661 reass->ip_proto, reass->l4_src_port, reass->l4_dst_port);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]662 }
663 goto packet_enqueue;
664 }
665
Klement Sekerad4ba0d12021-11-02 15:33:55 +0100[diff] [blame]666 u32 counter = ~0;
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]667 switch (ip6_sv_reass_update (vm, node, rm, reass, bi0, frag_hdr))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]668 {
669 case IP6_SV_REASS_RC_OK:
670 /* nothing to do here */
671 break;
672 case IP6_SV_REASS_RC_TOO_MANY_FRAGMENTS:
Klement Sekerad4ba0d12021-11-02 15:33:55 +0100[diff] [blame]673 counter = IP6_ERROR_REASS_FRAGMENT_CHAIN_TOO_LONG;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]674 break;
675 case IP6_SV_REASS_RC_UNSUPP_IP_PROTO:
Klement Sekerad4ba0d12021-11-02 15:33:55 +0100[diff] [blame]676 counter = IP6_ERROR_REASS_UNSUPP_IP_PROTO;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]677 break;
678 case IP6_SV_REASS_RC_INTERNAL_ERROR:
Klement Sekerad4ba0d12021-11-02 15:33:55 +0100[diff] [blame]679 counter = IP6_ERROR_REASS_INTERNAL_ERROR;
680 break;
Klement Sekera755042d2021-12-01 10:14:38 +0000[diff] [blame]681 case IP6_SV_REASS_RC_INVALID_FRAG_LEN:
682 counter = IP6_ERROR_REASS_INVALID_FRAG_LEN;
683 break;
Klement Sekerad4ba0d12021-11-02 15:33:55 +0100[diff] [blame]684 }
685 if (~0 != counter)
686 {
687 vlib_node_increment_counter (vm, node->node_index, counter, 1);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]688 ip6_sv_reass_free (vm, rm, rt, reass);
689 goto next_packet;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]690 }
691
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]692 if (reass->is_complete)
693 {
694 u32 idx;
695 vec_foreach_index (idx, reass->cached_buffers)
696 {
697 u32 bi0 = vec_elt (reass->cached_buffers, idx);
698 if (0 == n_left_to_next)
699 {
700 vlib_put_next_frame (vm, node, next_index,
701 n_left_to_next);
702 vlib_get_next_frame (vm, node, next_index, to_next,
703 n_left_to_next);
704 }
705 to_next[0] = bi0;
706 to_next += 1;
707 n_left_to_next -= 1;
708 b0 = vlib_get_buffer (vm, bi0);
709 if (is_feature)
710 {
711 vnet_feature_next (&next0, b0);
712 }
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]713 frag_hdr =
714 vlib_buffer_get_current (b0) +
715 vnet_buffer (b0)->ip.reass.ip6_frag_hdr_offset;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]716 vnet_buffer (b0)->ip.reass.is_non_first_fragment =
717 ! !ip6_frag_hdr_offset (frag_hdr);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]718 vnet_buffer (b0)->ip.reass.ip_proto = reass->ip_proto;
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]719 vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags =
720 reass->icmp_type_or_tcp_flags;
721 vnet_buffer (b0)->ip.reass.tcp_ack_number =
722 reass->tcp_ack_number;
723 vnet_buffer (b0)->ip.reass.tcp_seq_number =
724 reass->tcp_seq_number;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]725 vnet_buffer (b0)->ip.reass.l4_src_port = reass->l4_src_port;
726 vnet_buffer (b0)->ip.reass.l4_dst_port = reass->l4_dst_port;
727 if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
728 {
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]729 ip6_sv_reass_add_trace (
730 vm, node, reass, bi0, REASS_FRAGMENT_FORWARD,
731 reass->ip_proto, reass->l4_src_port, reass->l4_dst_port);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]732 }
733 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
734 to_next, n_left_to_next, bi0,
735 next0);
736 }
Damjan Marion8bea5892022-04-04 22:40:45 +0200[diff] [blame]737 vec_set_len (reass->cached_buffers,
738 0); // buffers are owned by frame now
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]739 }
740 goto next_packet;
741
742 packet_enqueue:
743 to_next[0] = bi0;
744 to_next += 1;
745 n_left_to_next -= 1;
746 if (is_feature && IP6_ERROR_NONE == error0)
747 {
748 b0 = vlib_get_buffer (vm, bi0);
749 vnet_feature_next (&next0, b0);
750 }
751 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
752 n_left_to_next, bi0, next0);
753
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]754 next_packet:
755 from += 1;
756 n_left_from -= 1;
757 }
758
759 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
760 }
761
762 clib_spinlock_unlock (&rt->lock);
763 return frame->n_vectors;
764}
765
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]766VLIB_NODE_FN (ip6_sv_reass_node) (vlib_main_t * vm,
767 vlib_node_runtime_t * node,
768 vlib_frame_t * frame)
769{
770 return ip6_sv_reassembly_inline (vm, node, frame, false /* is_feature */ );
771}
772
773/* *INDENT-OFF* */
774VLIB_REGISTER_NODE (ip6_sv_reass_node) = {
775 .name = "ip6-sv-reassembly",
776 .vector_size = sizeof (u32),
777 .format_trace = format_ip6_sv_reass_trace,
Neale Rannse22a7042022-08-09 03:03:29 +0000[diff] [blame^]778 .n_errors = IP6_N_ERROR,
779 .error_counters = ip6_error_counters,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]780 .n_next_nodes = IP6_SV_REASSEMBLY_N_NEXT,
781 .next_nodes =
782 {
783 [IP6_SV_REASSEMBLY_NEXT_INPUT] = "ip6-input",
784 [IP6_SV_REASSEMBLY_NEXT_DROP] = "ip6-drop",
785 [IP6_SV_REASSEMBLY_NEXT_ICMP_ERROR] = "ip6-icmp-error",
786 [IP6_SV_REASSEMBLY_NEXT_HANDOFF] = "ip6-sv-reassembly-handoff",
787 },
788};
789/* *INDENT-ON* */
790
791VLIB_NODE_FN (ip6_sv_reass_node_feature) (vlib_main_t * vm,
792 vlib_node_runtime_t * node,
793 vlib_frame_t * frame)
794{
795 return ip6_sv_reassembly_inline (vm, node, frame, true /* is_feature */ );
796}
797
798/* *INDENT-OFF* */
799VLIB_REGISTER_NODE (ip6_sv_reass_node_feature) = {
800 .name = "ip6-sv-reassembly-feature",
801 .vector_size = sizeof (u32),
802 .format_trace = format_ip6_sv_reass_trace,
Neale Rannse22a7042022-08-09 03:03:29 +0000[diff] [blame^]803 .n_errors = IP6_N_ERROR,
804 .error_counters = ip6_error_counters,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]805 .n_next_nodes = IP6_SV_REASSEMBLY_N_NEXT,
806 .next_nodes =
807 {
808 [IP6_SV_REASSEMBLY_NEXT_INPUT] = "ip6-input",
809 [IP6_SV_REASSEMBLY_NEXT_DROP] = "ip6-drop",
810 [IP6_SV_REASSEMBLY_NEXT_ICMP_ERROR] = "ip6-icmp-error",
811 [IP6_SV_REASSEMBLY_NEXT_HANDOFF] = "ip6-sv-reass-feature-hoff",
812 },
813};
814/* *INDENT-ON* */
815
816/* *INDENT-OFF* */
817VNET_FEATURE_INIT (ip6_sv_reassembly_feature) = {
818 .arc_name = "ip6-unicast",
819 .node_name = "ip6-sv-reassembly-feature",
820 .runs_before = VNET_FEATURES ("ip6-lookup"),
821 .runs_after = 0,
822};
823/* *INDENT-ON* */
824
825#ifndef CLIB_MARCH_VARIANT
826static u32
827ip6_sv_reass_get_nbuckets ()
828{
829 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
830 u32 nbuckets;
831 u8 i;
832
833 nbuckets = (u32) (rm->max_reass_n / IP6_SV_REASS_HT_LOAD_FACTOR);
834
835 for (i = 0; i < 31; i++)
836 if ((1 << i) >= nbuckets)
837 break;
838 nbuckets = 1 << i;
839
840 return nbuckets;
841}
842#endif /* CLIB_MARCH_VARIANT */
843
844typedef enum
845{
846 IP6_EVENT_CONFIG_CHANGED = 1,
847} ip6_sv_reass_event_t;
848
849#ifndef CLIB_MARCH_VARIANT
850typedef struct
851{
852 int failure;
853 clib_bihash_48_8_t *new_hash;
854} ip6_rehash_cb_ctx;
855
Neale Rannsf50bac12019-12-06 05:53:17 +0000[diff] [blame]856static int
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]857ip6_rehash_cb (clib_bihash_kv_48_8_t * kv, void *_ctx)
858{
859 ip6_rehash_cb_ctx *ctx = _ctx;
860 if (clib_bihash_add_del_48_8 (ctx->new_hash, kv, 1))
861 {
862 ctx->failure = 1;
863 }
Neale Rannsf50bac12019-12-06 05:53:17 +0000[diff] [blame]864 return (BIHASH_WALK_CONTINUE);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]865}
866
867static void
868ip6_sv_reass_set_params (u32 timeout_ms, u32 max_reassemblies,
869 u32 max_reassembly_length,
870 u32 expire_walk_interval_ms)
871{
872 ip6_sv_reass_main.timeout_ms = timeout_ms;
873 ip6_sv_reass_main.timeout = (f64) timeout_ms / (f64) MSEC_PER_SEC;
874 ip6_sv_reass_main.max_reass_n = max_reassemblies;
875 ip6_sv_reass_main.max_reass_len = max_reassembly_length;
876 ip6_sv_reass_main.expire_walk_interval_ms = expire_walk_interval_ms;
877}
878
879vnet_api_error_t
880ip6_sv_reass_set (u32 timeout_ms, u32 max_reassemblies,
881 u32 max_reassembly_length, u32 expire_walk_interval_ms)
882{
883 u32 old_nbuckets = ip6_sv_reass_get_nbuckets ();
884 ip6_sv_reass_set_params (timeout_ms, max_reassemblies,
885 max_reassembly_length, expire_walk_interval_ms);
886 vlib_process_signal_event (ip6_sv_reass_main.vlib_main,
887 ip6_sv_reass_main.ip6_sv_reass_expire_node_idx,
888 IP6_EVENT_CONFIG_CHANGED, 0);
889 u32 new_nbuckets = ip6_sv_reass_get_nbuckets ();
890 if (ip6_sv_reass_main.max_reass_n > 0 && new_nbuckets > old_nbuckets)
891 {
892 clib_bihash_48_8_t new_hash;
893 clib_memset (&new_hash, 0, sizeof (new_hash));
894 ip6_rehash_cb_ctx ctx;
895 ctx.failure = 0;
896 ctx.new_hash = &new_hash;
897 clib_bihash_init_48_8 (&new_hash, "ip6-sv-reass", new_nbuckets,
898 new_nbuckets * 1024);
899 clib_bihash_foreach_key_value_pair_48_8 (&ip6_sv_reass_main.hash,
900 ip6_rehash_cb, &ctx);
901 if (ctx.failure)
902 {
903 clib_bihash_free_48_8 (&new_hash);
904 return -1;
905 }
906 else
907 {
908 clib_bihash_free_48_8 (&ip6_sv_reass_main.hash);
909 clib_memcpy_fast (&ip6_sv_reass_main.hash, &new_hash,
910 sizeof (ip6_sv_reass_main.hash));
911 clib_bihash_copied (&ip6_sv_reass_main.hash, &new_hash);
912 }
913 }
914 return 0;
915}
916
917vnet_api_error_t
918ip6_sv_reass_get (u32 * timeout_ms, u32 * max_reassemblies,
919 u32 * max_reassembly_length, u32 * expire_walk_interval_ms)
920{
921 *timeout_ms = ip6_sv_reass_main.timeout_ms;
922 *max_reassemblies = ip6_sv_reass_main.max_reass_n;
923 *max_reassembly_length = ip6_sv_reass_main.max_reass_len;
924 *expire_walk_interval_ms = ip6_sv_reass_main.expire_walk_interval_ms;
925 return 0;
926}
927
928static clib_error_t *
929ip6_sv_reass_init_function (vlib_main_t * vm)
930{
931 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
932 clib_error_t *error = 0;
933 u32 nbuckets;
934 vlib_node_t *node;
935
936 rm->vlib_main = vm;
937 rm->vnet_main = vnet_get_main ();
938
939 vec_validate (rm->per_thread_data, vlib_num_workers ());
940 ip6_sv_reass_per_thread_t *rt;
941 vec_foreach (rt, rm->per_thread_data)
942 {
943 clib_spinlock_init (&rt->lock);
944 pool_alloc (rt->pool, rm->max_reass_n);
945 rt->lru_first = rt->lru_last = ~0;
946 }
947
948 node = vlib_get_node_by_name (vm, (u8 *) "ip6-sv-reassembly-expire-walk");
949 ASSERT (node);
950 rm->ip6_sv_reass_expire_node_idx = node->index;
951
952 ip6_sv_reass_set_params (IP6_SV_REASS_TIMEOUT_DEFAULT_MS,
953 IP6_SV_REASS_MAX_REASSEMBLIES_DEFAULT,
954 IP6_SV_REASS_MAX_REASSEMBLY_LENGTH_DEFAULT,
955 IP6_SV_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS);
956
957 nbuckets = ip6_sv_reass_get_nbuckets ();
958 clib_bihash_init_48_8 (&rm->hash, "ip6-sv-reass", nbuckets,
959 nbuckets * 1024);
960
961 node = vlib_get_node_by_name (vm, (u8 *) "ip6-drop");
962 ASSERT (node);
963 rm->ip6_drop_idx = node->index;
964 node = vlib_get_node_by_name (vm, (u8 *) "ip6-icmp-error");
965 ASSERT (node);
966 rm->ip6_icmp_error_idx = node->index;
967
968 if ((error = vlib_call_init_function (vm, ip_main_init)))
969 return error;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]970
971 rm->fq_index = vlib_frame_queue_main_init (ip6_sv_reass_node.index, 0);
972 rm->fq_feature_index =
973 vlib_frame_queue_main_init (ip6_sv_reass_node_feature.index, 0);
974
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]975 rm->feature_use_refcount_per_intf = NULL;
976
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]977 return error;
978}
979
980VLIB_INIT_FUNCTION (ip6_sv_reass_init_function);
981#endif /* CLIB_MARCH_VARIANT */
982
983static uword
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]984ip6_sv_reass_walk_expired (vlib_main_t *vm,
985 CLIB_UNUSED (vlib_node_runtime_t *node),
986 CLIB_UNUSED (vlib_frame_t *f))
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]987{
988 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
989 uword event_type, *event_data = 0;
990
991 while (true)
992 {
993 vlib_process_wait_for_event_or_clock (vm,
994 (f64) rm->expire_walk_interval_ms
995 / (f64) MSEC_PER_SEC);
996 event_type = vlib_process_get_events (vm, &event_data);
997
998 switch (event_type)
999 {
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]1000 case ~0:
1001 /* no events => timeout */
1002 /* fallthrough */
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1003 case IP6_EVENT_CONFIG_CHANGED:
Klement Sekera42cec0e2021-08-02 16:14:15 +0200[diff] [blame]1004 /* nothing to do here */
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1005 break;
1006 default:
1007 clib_warning ("BUG: event type 0x%wx", event_type);
1008 break;
1009 }
1010 f64 now = vlib_time_now (vm);
1011
1012 ip6_sv_reass_t *reass;
1013 int *pool_indexes_to_free = NULL;
1014
1015 uword thread_index = 0;
1016 int index;
1017 const uword nthreads = vlib_num_workers () + 1;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1018 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1019 {
1020 ip6_sv_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1021 clib_spinlock_lock (&rt->lock);
1022
1023 vec_reset_length (pool_indexes_to_free);
1024 /* *INDENT-OFF* */
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]1025 pool_foreach_index (index, rt->pool) {
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1026 reass = pool_elt_at_index (rt->pool, index);
1027 if (now > reass->last_heard + rm->timeout)
1028 {
1029 vec_add1 (pool_indexes_to_free, index);
1030 }
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]1031 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1032 /* *INDENT-ON* */
1033 int *i;
1034 /* *INDENT-OFF* */
1035 vec_foreach (i, pool_indexes_to_free)
1036 {
1037 ip6_sv_reass_t *reass = pool_elt_at_index (rt->pool, i[0]);
1038 ip6_sv_reass_free (vm, rm, rt, reass);
1039 }
1040 /* *INDENT-ON* */
1041
1042 clib_spinlock_unlock (&rt->lock);
1043 }
1044
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1045 vec_free (pool_indexes_to_free);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1046 if (event_data)
1047 {
Damjan Marion8bea5892022-04-04 22:40:45 +0200[diff] [blame]1048 vec_set_len (event_data, 0);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1049 }
1050 }
1051
1052 return 0;
1053}
1054
1055/* *INDENT-OFF* */
1056VLIB_REGISTER_NODE (ip6_sv_reass_expire_node) = {
Neale Rannse22a7042022-08-09 03:03:29 +0000[diff] [blame^]1057 .function = ip6_sv_reass_walk_expired,
1058 .format_trace = format_ip6_sv_reass_trace,
1059 .type = VLIB_NODE_TYPE_PROCESS,
1060 .name = "ip6-sv-reassembly-expire-walk",
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1061
Neale Rannse22a7042022-08-09 03:03:29 +0000[diff] [blame^]1062 .n_errors = IP6_N_ERROR,
1063 .error_counters = ip6_error_counters,
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1064};
1065/* *INDENT-ON* */
1066
1067static u8 *
1068format_ip6_sv_reass_key (u8 * s, va_list * args)
1069{
1070 ip6_sv_reass_key_t *key = va_arg (*args, ip6_sv_reass_key_t *);
Klement Sekera5a58e7c2021-11-03 17:57:28 +0100[diff] [blame]1071 s =
1072 format (s, "fib_index: %u, src: %U, dst: %U, frag_id: %u, proto: %u",
1073 key->fib_index, format_ip6_address, &key->src, format_ip6_address,
1074 &key->dst, clib_net_to_host_u16 (key->frag_id), key->proto);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1075 return s;
1076}
1077
1078static u8 *
1079format_ip6_sv_reass (u8 * s, va_list * args)
1080{
1081 vlib_main_t *vm = va_arg (*args, vlib_main_t *);
1082 ip6_sv_reass_t *reass = va_arg (*args, ip6_sv_reass_t *);
1083
1084 s = format (s, "ID: %lu, key: %U, trace_op_counter: %u\n",
1085 reass->id, format_ip6_sv_reass_key, &reass->key,
1086 reass->trace_op_counter);
1087 vlib_buffer_t *b;
1088 u32 *bip;
1089 u32 counter = 0;
1090 vec_foreach (bip, reass->cached_buffers)
1091 {
1092 u32 bi = *bip;
1093 do
1094 {
1095 b = vlib_get_buffer (vm, bi);
1096 s = format (s, " #%03u: bi: %u\n", counter, bi);
1097 ++counter;
1098 bi = b->next_buffer;
1099 }
1100 while (b->flags & VLIB_BUFFER_NEXT_PRESENT);
1101 }
1102 return s;
1103}
1104
1105static clib_error_t *
1106show_ip6_sv_reass (vlib_main_t * vm, unformat_input_t * input,
1107 CLIB_UNUSED (vlib_cli_command_t * lmd))
1108{
1109 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
1110
1111 vlib_cli_output (vm, "---------------------");
1112 vlib_cli_output (vm, "IP6 reassembly status");
1113 vlib_cli_output (vm, "---------------------");
1114 bool details = false;
1115 if (unformat (input, "details"))
1116 {
1117 details = true;
1118 }
1119
1120 u32 sum_reass_n = 0;
1121 u64 sum_buffers_n = 0;
1122 ip6_sv_reass_t *reass;
1123 uword thread_index;
1124 const uword nthreads = vlib_num_workers () + 1;
1125 for (thread_index = 0; thread_index < nthreads; ++thread_index)
1126 {
1127 ip6_sv_reass_per_thread_t *rt = &rm->per_thread_data[thread_index];
1128 clib_spinlock_lock (&rt->lock);
1129 if (details)
1130 {
1131 /* *INDENT-OFF* */
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]1132 pool_foreach (reass, rt->pool) {
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1133 vlib_cli_output (vm, "%U", format_ip6_sv_reass, vm, reass);
Damjan Marionb2c31b62020-12-13 21:47:40 +0100[diff] [blame]1134 }
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1135 /* *INDENT-ON* */
1136 }
1137 sum_reass_n += rt->reass_n;
1138 clib_spinlock_unlock (&rt->lock);
1139 }
1140 vlib_cli_output (vm, "---------------------");
1141 vlib_cli_output (vm, "Current IP6 reassemblies count: %lu\n",
1142 (long unsigned) sum_reass_n);
Vladimir Ratnikova877cf92019-12-21 06:27:52 -0500[diff] [blame]1143 vlib_cli_output (vm,
1144 "Maximum configured concurrent shallow virtual IP6 reassemblies per worker-thread: %lu\n",
1145 (long unsigned) rm->max_reass_n);
1146 vlib_cli_output (vm,
Anton Nikolaev74a4a702021-02-17 14:45:40 +0500[diff] [blame]1147 "Maximum configured amount of fragments per shallow "
1148 "virtual IP6 reassembly: %lu\n",
1149 (long unsigned) rm->max_reass_len);
1150 vlib_cli_output (vm,
Vladimir Ratnikova877cf92019-12-21 06:27:52 -0500[diff] [blame]1151 "Maximum configured shallow virtual IP6 reassembly timeout: %lums\n",
1152 (long unsigned) rm->timeout_ms);
1153 vlib_cli_output (vm,
1154 "Maximum configured shallow virtual IP6 reassembly expire walk interval: %lums\n",
1155 (long unsigned) rm->expire_walk_interval_ms);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1156 vlib_cli_output (vm, "Buffers in use: %lu\n",
1157 (long unsigned) sum_buffers_n);
1158 return 0;
1159}
1160
1161/* *INDENT-OFF* */
1162VLIB_CLI_COMMAND (show_ip6_sv_reassembly_cmd, static) = {
1163 .path = "show ip6-sv-reassembly",
1164 .short_help = "show ip6-sv-reassembly [details]",
1165 .function = show_ip6_sv_reass,
1166};
1167/* *INDENT-ON* */
1168
1169#ifndef CLIB_MARCH_VARIANT
1170vnet_api_error_t
1171ip6_sv_reass_enable_disable (u32 sw_if_index, u8 enable_disable)
1172{
Klement Sekeraf126e742019-10-10 09:46:06 +0000[diff] [blame]1173 return ip6_sv_reass_enable_disable_with_refcnt (sw_if_index,
1174 enable_disable);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1175}
1176#endif /* CLIB_MARCH_VARIANT */
1177
1178#define foreach_ip6_sv_reassembly_handoff_error \
1179_(CONGESTION_DROP, "congestion drop")
1180
1181
1182typedef enum
1183{
1184#define _(sym,str) IP6_SV_REASSEMBLY_HANDOFF_ERROR_##sym,
1185 foreach_ip6_sv_reassembly_handoff_error
1186#undef _
1187 IP6_SV_REASSEMBLY_HANDOFF_N_ERROR,
1188} ip6_sv_reassembly_handoff_error_t;
1189
1190static char *ip6_sv_reassembly_handoff_error_strings[] = {
1191#define _(sym,string) string,
1192 foreach_ip6_sv_reassembly_handoff_error
1193#undef _
1194};
1195
1196typedef struct
1197{
1198 u32 next_worker_index;
1199} ip6_sv_reassembly_handoff_trace_t;
1200
1201static u8 *
1202format_ip6_sv_reassembly_handoff_trace (u8 * s, va_list * args)
1203{
1204 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1205 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1206 ip6_sv_reassembly_handoff_trace_t *t =
1207 va_arg (*args, ip6_sv_reassembly_handoff_trace_t *);
1208
1209 s =
1210 format (s, "ip6-sv-reassembly-handoff: next-worker %d",
1211 t->next_worker_index);
1212
1213 return s;
1214}
1215
1216always_inline uword
1217ip6_sv_reassembly_handoff_inline (vlib_main_t * vm,
1218 vlib_node_runtime_t * node,
1219 vlib_frame_t * frame, bool is_feature)
1220{
1221 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
1222
1223 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
1224 u32 n_enq, n_left_from, *from;
1225 u16 thread_indices[VLIB_FRAME_SIZE], *ti;
1226 u32 fq_index;
1227
1228 from = vlib_frame_vector_args (frame);
1229 n_left_from = frame->n_vectors;
1230 vlib_get_buffers (vm, from, bufs, n_left_from);
1231
1232 b = bufs;
1233 ti = thread_indices;
1234
1235 fq_index = (is_feature) ? rm->fq_feature_index : rm->fq_index;
1236
1237 while (n_left_from > 0)
1238 {
1239 ti[0] = vnet_buffer (b[0])->ip.reass.owner_thread_index;
1240
1241 if (PREDICT_FALSE
1242 ((node->flags & VLIB_NODE_FLAG_TRACE)
1243 && (b[0]->flags & VLIB_BUFFER_IS_TRACED)))
1244 {
1245 ip6_sv_reassembly_handoff_trace_t *t =
1246 vlib_add_trace (vm, node, b[0], sizeof (*t));
1247 t->next_worker_index = ti[0];
1248 }
1249
1250 n_left_from -= 1;
1251 ti += 1;
1252 b += 1;
1253 }
Damjan Marion9e7a0b42021-05-14 14:50:01 +0200[diff] [blame]1254 n_enq = vlib_buffer_enqueue_to_thread (vm, node, fq_index, from,
1255 thread_indices, frame->n_vectors, 1);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1256
1257 if (n_enq < frame->n_vectors)
1258 vlib_node_increment_counter (vm, node->node_index,
1259 IP6_SV_REASSEMBLY_HANDOFF_ERROR_CONGESTION_DROP,
1260 frame->n_vectors - n_enq);
1261 return frame->n_vectors;
1262}
1263
1264VLIB_NODE_FN (ip6_sv_reassembly_handoff_node) (vlib_main_t * vm,
1265 vlib_node_runtime_t * node,
1266 vlib_frame_t * frame)
1267{
1268 return ip6_sv_reassembly_handoff_inline (vm, node, frame,
1269 false /* is_feature */ );
1270}
1271
1272/* *INDENT-OFF* */
1273VLIB_REGISTER_NODE (ip6_sv_reassembly_handoff_node) = {
1274 .name = "ip6-sv-reassembly-handoff",
1275 .vector_size = sizeof (u32),
1276 .n_errors = ARRAY_LEN(ip6_sv_reassembly_handoff_error_strings),
1277 .error_strings = ip6_sv_reassembly_handoff_error_strings,
1278 .format_trace = format_ip6_sv_reassembly_handoff_trace,
1279
1280 .n_next_nodes = 1,
1281
1282 .next_nodes = {
1283 [0] = "error-drop",
1284 },
1285};
1286
1287
1288VLIB_NODE_FN (ip6_sv_reassembly_feature_handoff_node) (vlib_main_t * vm,
1289 vlib_node_runtime_t * node, vlib_frame_t * frame)
1290{
1291 return ip6_sv_reassembly_handoff_inline (vm, node, frame, true /* is_feature */ );
1292}
1293
1294
1295/* *INDENT-OFF* */
1296VLIB_REGISTER_NODE (ip6_sv_reassembly_feature_handoff_node) = {
1297 .name = "ip6-sv-reass-feature-hoff",
1298 .vector_size = sizeof (u32),
1299 .n_errors = ARRAY_LEN(ip6_sv_reassembly_handoff_error_strings),
1300 .error_strings = ip6_sv_reassembly_handoff_error_strings,
1301 .format_trace = format_ip6_sv_reassembly_handoff_trace,
1302
1303 .n_next_nodes = 1,
1304
1305 .next_nodes = {
1306 [0] = "error-drop",
1307 },
1308};
1309/* *INDENT-ON* */
1310
1311#ifndef CLIB_MARCH_VARIANT
1312int
1313ip6_sv_reass_enable_disable_with_refcnt (u32 sw_if_index, int is_enable)
1314{
1315 ip6_sv_reass_main_t *rm = &ip6_sv_reass_main;
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]1316 vec_validate (rm->feature_use_refcount_per_intf, sw_if_index);
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1317 if (is_enable)
1318 {
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]1319 if (!rm->feature_use_refcount_per_intf[sw_if_index])
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1320 {
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]1321 ++rm->feature_use_refcount_per_intf[sw_if_index];
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1322 return vnet_feature_enable_disable ("ip6-unicast",
1323 "ip6-sv-reassembly-feature",
1324 sw_if_index, 1, 0, 0);
1325 }
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]1326 ++rm->feature_use_refcount_per_intf[sw_if_index];
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1327 }
1328 else
1329 {
Klement Sekera63c73532019-09-30 14:35:36 +0000[diff] [blame]1330 --rm->feature_use_refcount_per_intf[sw_if_index];
1331 if (!rm->feature_use_refcount_per_intf[sw_if_index])
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1332 return vnet_feature_enable_disable ("ip6-unicast",
1333 "ip6-sv-reassembly-feature",
1334 sw_if_index, 0, 0, 0);
1335 }
Klement Sekera407f5932019-12-11 13:06:27 +0000[diff] [blame]1336 return 0;
Klement Sekerade34c352019-06-25 11:19:22 +0000[diff] [blame]1337}
1338#endif
1339
1340/*
1341 * fd.io coding-style-patch-verification: ON
1342 *
1343 * Local Variables:
1344 * eval: (c-set-style "gnu")
1345 * End:
1346 */