diff options
-rw-r--r-- | vnet/Makefile.am | 1 | ||||
-rw-r--r-- | vnet/vnet/ip/icmp4.c | 258 | ||||
-rw-r--r-- | vnet/vnet/ip/icmp4.h | 48 | ||||
-rw-r--r-- | vnet/vnet/ip/ip.h | 1 | ||||
-rw-r--r-- | vnet/vnet/ip/ip4_input.c | 39 |
5 files changed, 204 insertions, 143 deletions
diff --git a/vnet/Makefile.am b/vnet/Makefile.am index 1bde1e8082c..a0c20e9eb37 100644 --- a/vnet/Makefile.am +++ b/vnet/Makefile.am @@ -252,6 +252,7 @@ libvnet_la_SOURCES += \ nobase_include_HEADERS += \ vnet/ip/format.h \ vnet/ip/icmp46_packet.h \ + vnet/ip/icmp4.h \ vnet/ip/icmp6.h \ vnet/ip/igmp_packet.h \ vnet/ip/ip.h \ diff --git a/vnet/vnet/ip/icmp4.c b/vnet/vnet/ip/icmp4.c index 4ee8f15df1f..abad5bd9efc 100644 --- a/vnet/vnet/ip/icmp4.c +++ b/vnet/vnet/ip/icmp4.c @@ -41,6 +41,13 @@ #include <vnet/ip/ip.h> #include <vnet/pg/pg.h> + +static char * icmp_error_strings[] = { +#define _(f,s) s, + foreach_icmp4_error +#undef _ +}; + static u8 * format_ip4_icmp_type_and_code (u8 * s, va_list * args) { icmp4_type_t type = va_arg (*args, int); @@ -96,10 +103,6 @@ static u8 * format_ip4_icmp_header (u8 * s, va_list * args) return s; } -typedef struct { - u8 packet_data[64]; -} icmp_input_trace_t; - static u8 * format_icmp_input_trace (u8 * s, va_list * va) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*va, vlib_main_t *); @@ -114,20 +117,6 @@ static u8 * format_icmp_input_trace (u8 * s, va_list * va) } typedef enum { - ICMP4_ERROR_UNKNOWN_TYPE, - ICMP4_ERROR_ECHO_REPLIES_SENT, - ICMP4_ERROR_TTL_EXPIRE_RESP_SENT, - ICMP4_ERROR_TTL_EXPIRE_RESP_DROP, -} icmp_error_t; - -static char * icmp_error_strings[] = { - [ICMP4_ERROR_UNKNOWN_TYPE] = "unknown type", - [ICMP4_ERROR_ECHO_REPLIES_SENT] = "echo replies sent", - [ICMP4_ERROR_TTL_EXPIRE_RESP_SENT] = "TTL time exceeded response sent", - [ICMP4_ERROR_TTL_EXPIRE_RESP_DROP] = "TTL time exceeded response dropped", -}; - -typedef enum { ICMP_INPUT_NEXT_ERROR, ICMP_INPUT_N_NEXT, } icmp_input_next_t; @@ -418,19 +407,42 @@ VLIB_REGISTER_NODE (ip4_icmp_echo_request_node,static) = { }; typedef enum { - ICMP4_TTL_EXPIRE_NEXT_DROP, - ICMP4_TTL_EXPIRE_NEXT_LOOKUP, - ICMP4_TTL_EXPIRE_N_NEXT, -} icmp_ttl_expire_next_t; + IP4_ICMP_ERROR_NEXT_DROP, + IP4_ICMP_ERROR_NEXT_LOOKUP, + IP4_ICMP_ERROR_N_NEXT, +} ip4_icmp_error_next_t; + +void +icmp4_error_set_vnet_buffer (vlib_buffer_t *b, u8 type, u8 code, u32 data) +{ + vnet_buffer(b)->ip.icmp.type = type; + vnet_buffer(b)->ip.icmp.code = code; + vnet_buffer(b)->ip.icmp.data = data; +} + +static u8 +icmp4_icmp_type_to_error (u8 type) +{ + switch (type) { + case ICMP4_destination_unreachable: + return ICMP4_ERROR_DEST_UNREACH_SENT; + case ICMP4_time_exceeded: + return ICMP4_ERROR_TTL_EXPIRE_SENT; + case ICMP4_parameter_problem: + return ICMP4_ERROR_PARAM_PROBLEM_SENT; + default: + return ICMP4_ERROR_DROP; + } +} static uword -ip4_icmp_ttl_expire (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +ip4_icmp_error (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) { u32 * from, * to_next; uword n_left_from, n_left_to_next; - icmp_ttl_expire_next_t next_index; + ip4_icmp_error_next_t next_index; ip4_main_t *im = &ip4_main; ip_lookup_main_t * lm = &im->lookup_main; @@ -442,117 +454,113 @@ ip4_icmp_ttl_expire (vlib_main_t * vm, vlib_trace_frame_buffers_only (vm, node, from, frame->n_vectors, /* stride */ 1, sizeof (icmp_input_trace_t)); - while (n_left_from > 0) - { - vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next); - - while (n_left_from > 0 && n_left_to_next > 0) - { - u32 pi0 = from[0]; - u32 next0 = ICMP4_TTL_EXPIRE_NEXT_LOOKUP; - u8 error0 = ICMP4_ERROR_TTL_EXPIRE_RESP_SENT; - u32 len0, new_len0; - vlib_buffer_t * p0; - ip4_header_t * ip0, * out_ip0; - icmp46_header_t * icmp0; - ip_csum_t sum; - u32 sw_if_index0, if_add_index0; - - /* Speculatively enqueue p0 to the current next frame */ - to_next[0] = pi0; - from += 1; - to_next += 1; - n_left_from -= 1; - n_left_to_next -= 1; - - p0 = vlib_get_buffer(vm, pi0); - ip0 = vlib_buffer_get_current(p0); - len0 = vlib_buffer_length_in_chain (vm, p0); - sw_if_index0 = vnet_buffer(p0)->sw_if_index[VLIB_RX]; - - /* Cut payload to just IP header plus first 8 bytes */ - new_len0 = (ip0->ip_version_and_header_length &0xf)*4 + 8; - if (len0 > new_len0) - { - p0->current_length = new_len0; /* should fit in 1st buffer */ - if (PREDICT_FALSE(p0->total_length_not_including_first_buffer)) - { /* clear current_length of all other buffers in chain */ - vlib_buffer_t *b = p0; - p0->total_length_not_including_first_buffer = 0; - while (b->flags & VLIB_BUFFER_NEXT_PRESENT) - { - b = vlib_get_buffer (vm, b->next_buffer); - b->current_length = 0; - } - } - } + while (n_left_from > 0) { + vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next); - /* Add IP header and ICMP header including a 4 byte unused field */ - vlib_buffer_advance(p0, - -sizeof(ip4_header_t)-sizeof(icmp46_header_t)-4); - out_ip0 = vlib_buffer_get_current(p0); - icmp0 = (icmp46_header_t *) &out_ip0[1]; - - /* Fill ip header fields */ - out_ip0->ip_version_and_header_length = 0x45; - out_ip0->tos = 0; - out_ip0->length = clib_host_to_net_u16(p0->current_length); - out_ip0->fragment_id = 0; - out_ip0->ttl = 0xff; - out_ip0->protocol = IP_PROTOCOL_ICMP; - out_ip0->dst_address = ip0->src_address; - if_add_index0 = - lm->if_address_pool_index_by_sw_if_index[sw_if_index0]; - if (PREDICT_TRUE(if_add_index0 != ~0)) - { - ip_interface_address_t *if_add = - pool_elt_at_index(lm->if_address_pool, if_add_index0); - ip4_address_t *if_ip = - ip_interface_address_get_address(lm, if_add); - out_ip0->src_address = *if_ip; - vlib_error_count (vm, node->node_index, error0, 1); - } - else /* interface has no IP4 address - should not happen */ - { - next0 = ICMP4_TTL_EXPIRE_NEXT_DROP; - error0 = ICMP4_ERROR_TTL_EXPIRE_RESP_DROP; - } - out_ip0->checksum = ip4_header_checksum(out_ip0); - - /* Fill icmp header fields */ - icmp0->type = ICMP4_time_exceeded; - icmp0->code = ICMP4_time_exceeded_ttl_exceeded_in_transit; - icmp0->checksum = 0; - sum = ip_incremental_checksum( - 0, icmp0, p0->current_length - sizeof(ip4_header_t)); - icmp0->checksum = ~ip_csum_fold(sum); - - /* Update error status */ - p0->error = node->errors[error0]; - - /* Verify speculative enqueue, maybe switch current next frame */ - vlib_validate_buffer_enqueue_x1(vm, node, next_index, - to_next, n_left_to_next, - pi0, next0); - } - vlib_put_next_frame(vm, node, next_index, n_left_to_next); + while (n_left_from > 0 && n_left_to_next > 0) { + u32 pi0 = from[0]; + u32 next0 = IP4_ICMP_ERROR_NEXT_LOOKUP; + u8 error0 = ICMP4_ERROR_NONE; + vlib_buffer_t * p0; + ip4_header_t * ip0, * out_ip0; + icmp46_header_t * icmp0; + u32 sw_if_index0, if_add_index0; + ip_csum_t sum; + + /* Speculatively enqueue p0 to the current next frame */ + to_next[0] = pi0; + from += 1; + to_next += 1; + n_left_from -= 1; + n_left_to_next -= 1; + + p0 = vlib_get_buffer(vm, pi0); + ip0 = vlib_buffer_get_current(p0); + sw_if_index0 = vnet_buffer(p0)->sw_if_index[VLIB_RX]; + + /* + * RFC1812 says to keep as much of the original packet as + * possible within the minimum MTU (576). We cheat "a little" + * here by keeping whatever fits in the first buffer, to be more + * efficient + */ + if (PREDICT_FALSE(p0->total_length_not_including_first_buffer)) { + /* clear current_length of all other buffers in chain */ + vlib_buffer_t *b = p0; + p0->total_length_not_including_first_buffer = 0; + while (b->flags & VLIB_BUFFER_NEXT_PRESENT) { + b = vlib_get_buffer (vm, b->next_buffer); + b->current_length = 0; + } + } + p0->current_length = p0->current_length > 576 ? 576 : p0->current_length; + + /* Add IP header and ICMPv4 header including a 4 byte data field */ + vlib_buffer_advance(p0, + -sizeof(ip4_header_t)-sizeof(icmp46_header_t)-4); + out_ip0 = vlib_buffer_get_current(p0); + icmp0 = (icmp46_header_t *) &out_ip0[1]; + + /* Fill ip header fields */ + out_ip0->ip_version_and_header_length = 0x45; + out_ip0->tos = 0; + out_ip0->length = clib_host_to_net_u16(p0->current_length); + out_ip0->fragment_id = 0; + out_ip0->flags_and_fragment_offset = 0; + out_ip0->ttl = 0xff; + out_ip0->protocol = IP_PROTOCOL_ICMP; + out_ip0->dst_address = ip0->src_address; + if_add_index0 = + lm->if_address_pool_index_by_sw_if_index[sw_if_index0]; + if (PREDICT_TRUE(if_add_index0 != ~0)) { + ip_interface_address_t *if_add = + pool_elt_at_index(lm->if_address_pool, if_add_index0); + ip4_address_t *if_ip = + ip_interface_address_get_address(lm, if_add); + out_ip0->src_address = *if_ip; + } else { + /* interface has no IP4 address - should not happen */ + next0 = IP4_ICMP_ERROR_NEXT_DROP; + error0 = ICMP4_ERROR_DROP; + } + out_ip0->checksum = ip4_header_checksum(out_ip0); + + /* Fill icmp header fields */ + icmp0->type = vnet_buffer(p0)->ip.icmp.type; + icmp0->code = vnet_buffer(p0)->ip.icmp.code; + *((u32 *)(icmp0 + 1)) = clib_host_to_net_u32(vnet_buffer(p0)->ip.icmp.data); + icmp0->checksum = 0; + sum = ip_incremental_checksum(0, icmp0, p0->current_length - sizeof(ip4_header_t)); + icmp0->checksum = ~ip_csum_fold(sum); + + /* Update error status */ + if (error0 == ICMP4_ERROR_NONE) + error0 = icmp4_icmp_type_to_error(icmp0->type); + vlib_error_count(vm, node->node_index, error0, 1); + + /* Verify speculative enqueue, maybe switch current next frame */ + vlib_validate_buffer_enqueue_x1(vm, node, next_index, + to_next, n_left_to_next, + pi0, next0); } + vlib_put_next_frame(vm, node, next_index, n_left_to_next); + } return frame->n_vectors; } -VLIB_REGISTER_NODE (ip4_icmp_ttl_expire_node) = { - .function = ip4_icmp_ttl_expire, - .name = "ip4-icmp-ttl-expire", +VLIB_REGISTER_NODE (ip4_icmp_error_node) = { + .function = ip4_icmp_error, + .name = "ip4-icmp-error", .vector_size = sizeof (u32), .n_errors = ARRAY_LEN (icmp_error_strings), .error_strings = icmp_error_strings, - .n_next_nodes = ICMP4_TTL_EXPIRE_N_NEXT, + .n_next_nodes = IP4_ICMP_ERROR_N_NEXT, .next_nodes = { - [ICMP4_TTL_EXPIRE_NEXT_DROP] = "error-drop", - [ICMP4_TTL_EXPIRE_NEXT_LOOKUP] = "ip4-lookup", + [IP4_ICMP_ERROR_NEXT_DROP] = "error-drop", + [IP4_ICMP_ERROR_NEXT_LOOKUP] = "ip4-lookup", }, .format_trace = format_icmp_input_trace, diff --git a/vnet/vnet/ip/icmp4.h b/vnet/vnet/ip/icmp4.h new file mode 100644 index 00000000000..f99bf2dafc3 --- /dev/null +++ b/vnet/vnet/ip/icmp4.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2015 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef included_vnet_icmp4_h +#define included_vnet_icmp4_h + +#define foreach_icmp4_error \ + _ (NONE, "valid packets") \ + _ (UNKNOWN_TYPE, "unknown type") \ + _ (INVALID_CODE_FOR_TYPE, "invalid code for type") \ + _ (INVALID_HOP_LIMIT_FOR_TYPE, "hop_limit != 255") \ + _ (LENGTH_TOO_SMALL_FOR_TYPE, "payload length too small for type") \ + _ (OPTIONS_WITH_ODD_LENGTH, \ + "total option length not multiple of 8 bytes") \ + _ (OPTION_WITH_ZERO_LENGTH, "option has zero length") \ + _ (ECHO_REPLIES_SENT, "echo replies sent") \ + _ (DST_LOOKUP_MISS, "icmp6 dst address lookup misses") \ + _ (DEST_UNREACH_SENT, "destination unreachable response sent") \ + _ (TTL_EXPIRE_SENT, "hop limit exceeded response sent") \ + _ (PARAM_PROBLEM_SENT, "parameter Pproblem response sent") \ + _ (DROP, "error message dropped") + +typedef enum { +#define _(f,s) ICMP4_ERROR_##f, + foreach_icmp4_error +#undef _ +} icmp4_error_t; + +typedef struct { + u8 packet_data[64]; +} icmp_input_trace_t; + +format_function_t format_icmp4_input_trace; +void ip4_icmp_register_type (vlib_main_t * vm, icmp4_type_t type, u32 node_index); +void icmp4_error_set_vnet_buffer (vlib_buffer_t *b, u8 type, u8 code, u32 data); + +#endif /* included_vnet_icmp4_h */ diff --git a/vnet/vnet/ip/ip.h b/vnet/vnet/ip/ip.h index e47512a960d..a0b4ea6d5cb 100644 --- a/vnet/vnet/ip/ip.h +++ b/vnet/vnet/ip/ip.h @@ -56,6 +56,7 @@ #include <vnet/ip/ip4.h> #include <vnet/ip/ip4_error.h> #include <vnet/ip/ip4_packet.h> +#include <vnet/ip/icmp4.h> #include <vnet/ip/ip6.h> #include <vnet/ip/ip6_packet.h> diff --git a/vnet/vnet/ip/ip4_input.c b/vnet/vnet/ip/ip4_input.c index 68edc0fa918..f31df0f6eb9 100644 --- a/vnet/vnet/ip/ip4_input.c +++ b/vnet/vnet/ip/ip4_input.c @@ -64,7 +64,7 @@ typedef enum { IP4_INPUT_NEXT_PUNT, IP4_INPUT_NEXT_LOOKUP, IP4_INPUT_NEXT_LOOKUP_MULTICAST, - IP4_INPUT_NEXT_TTL_EXPIRE, + IP4_INPUT_NEXT_ICMP_ERROR, IP4_INPUT_N_NEXT, } ip4_input_next_t; @@ -220,19 +220,21 @@ ip4_input_inline (vlib_main_t * vm, if (PREDICT_FALSE(error0 != IP4_ERROR_NONE)) { - next0 = (error0 != IP4_ERROR_OPTIONS - ? (error0 == IP4_ERROR_TIME_EXPIRED - ? IP4_INPUT_NEXT_TTL_EXPIRE - : IP4_INPUT_NEXT_DROP) - : IP4_INPUT_NEXT_PUNT); + if (error0 == IP4_ERROR_TIME_EXPIRED) { + icmp4_error_set_vnet_buffer(p0, ICMP4_time_exceeded, + ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); + next0 = IP4_INPUT_NEXT_ICMP_ERROR; + } else + next0 = error0 != IP4_ERROR_OPTIONS ? IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; } if (PREDICT_FALSE(error1 != IP4_ERROR_NONE)) { - next1 = (error1 != IP4_ERROR_OPTIONS - ? (error1 == IP4_ERROR_TIME_EXPIRED - ? IP4_INPUT_NEXT_TTL_EXPIRE - : IP4_INPUT_NEXT_DROP) - : IP4_INPUT_NEXT_PUNT); + if (error1 == IP4_ERROR_TIME_EXPIRED) { + icmp4_error_set_vnet_buffer(p1, ICMP4_time_exceeded, + ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); + next1 = IP4_INPUT_NEXT_ICMP_ERROR; + } else + next1 = error1 != IP4_ERROR_OPTIONS ? IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; } vlib_validate_buffer_enqueue_x2 (vm, node, next_index, @@ -307,11 +309,12 @@ ip4_input_inline (vlib_main_t * vm, p0->error = error_node->errors[error0]; if (PREDICT_FALSE(error0 != IP4_ERROR_NONE)) { - next0 = (error0 != IP4_ERROR_OPTIONS - ? (error0 == IP4_ERROR_TIME_EXPIRED - ? IP4_INPUT_NEXT_TTL_EXPIRE - : IP4_INPUT_NEXT_DROP) - : IP4_INPUT_NEXT_PUNT); + if (error0 == IP4_ERROR_TIME_EXPIRED) { + icmp4_error_set_vnet_buffer(p0, ICMP4_time_exceeded, + ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); + next0 = IP4_INPUT_NEXT_ICMP_ERROR; + } else + next0 = error0 != IP4_ERROR_OPTIONS ? IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; } vlib_validate_buffer_enqueue_x1 (vm, node, next_index, @@ -361,7 +364,7 @@ VLIB_REGISTER_NODE (ip4_input_node) = { [IP4_INPUT_NEXT_PUNT] = "error-punt", [IP4_INPUT_NEXT_LOOKUP] = "ip4-lookup", [IP4_INPUT_NEXT_LOOKUP_MULTICAST] = "ip4-lookup-multicast", - [IP4_INPUT_NEXT_TTL_EXPIRE] = "ip4-icmp-ttl-expire", + [IP4_INPUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, .format_buffer = format_ip4_header, @@ -379,7 +382,7 @@ VLIB_REGISTER_NODE (ip4_input_no_checksum_node,static) = { [IP4_INPUT_NEXT_PUNT] = "error-punt", [IP4_INPUT_NEXT_LOOKUP] = "ip4-lookup", [IP4_INPUT_NEXT_LOOKUP_MULTICAST] = "ip4-lookup-multicast", - [IP4_INPUT_NEXT_TTL_EXPIRE] = "ip4-icmp-ttl-expire", + [IP4_INPUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, .format_buffer = format_ip4_header, |