aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ip
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ip')
-rw-r--r--src/vnet/ip/ip4_input.c2
-rw-r--r--src/vnet/ip/ip4_input.h22
-rw-r--r--src/vnet/ip/ip4_options.c144
-rw-r--r--src/vnet/ip/ip4_packet.h2
4 files changed, 156 insertions, 14 deletions
diff --git a/src/vnet/ip/ip4_input.c b/src/vnet/ip/ip4_input.c
index b476f95ab8b..1ecd43b7139 100644
--- a/src/vnet/ip/ip4_input.c
+++ b/src/vnet/ip/ip4_input.c
@@ -324,6 +324,7 @@ VLIB_REGISTER_NODE (ip4_input_node) = {
.next_nodes = {
[IP4_INPUT_NEXT_DROP] = "error-drop",
[IP4_INPUT_NEXT_PUNT] = "error-punt",
+ [IP4_INPUT_NEXT_OPTIONS] = "ip4-options",
[IP4_INPUT_NEXT_LOOKUP] = "ip4-lookup",
[IP4_INPUT_NEXT_LOOKUP_MULTICAST] = "ip4-mfib-forward-lookup",
[IP4_INPUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
@@ -342,6 +343,7 @@ VLIB_REGISTER_NODE (ip4_input_no_checksum_node) = {
.next_nodes = {
[IP4_INPUT_NEXT_DROP] = "error-drop",
[IP4_INPUT_NEXT_PUNT] = "error-punt",
+ [IP4_INPUT_NEXT_OPTIONS] = "ip4-options",
[IP4_INPUT_NEXT_LOOKUP] = "ip4-lookup",
[IP4_INPUT_NEXT_LOOKUP_MULTICAST] = "ip4-mfib-forward-lookup",
[IP4_INPUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h
index 889b423d700..880896e6430 100644
--- a/src/vnet/ip/ip4_input.h
+++ b/src/vnet/ip/ip4_input.h
@@ -49,6 +49,7 @@ typedef enum
{
IP4_INPUT_NEXT_DROP,
IP4_INPUT_NEXT_PUNT,
+ IP4_INPUT_NEXT_OPTIONS,
IP4_INPUT_NEXT_LOOKUP,
IP4_INPUT_NEXT_LOOKUP_MULTICAST,
IP4_INPUT_NEXT_ICMP_ERROR,
@@ -153,7 +154,7 @@ ip4_input_check_x4 (vlib_main_t * vm,
}
else
next[0] = error0 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p[0]->error = error_node->errors[error0];
}
if (PREDICT_FALSE (error1 != IP4_ERROR_NONE))
@@ -167,7 +168,7 @@ ip4_input_check_x4 (vlib_main_t * vm,
}
else
next[1] = error1 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p[1]->error = error_node->errors[error1];
}
if (PREDICT_FALSE (error2 != IP4_ERROR_NONE))
@@ -181,7 +182,7 @@ ip4_input_check_x4 (vlib_main_t * vm,
}
else
next[2] = error2 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p[2]->error = error_node->errors[error2];
}
if (PREDICT_FALSE (error3 != IP4_ERROR_NONE))
@@ -195,7 +196,7 @@ ip4_input_check_x4 (vlib_main_t * vm,
}
else
next[3] = error3 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p[3]->error = error_node->errors[error3];
}
}
@@ -256,7 +257,7 @@ ip4_input_check_x2 (vlib_main_t * vm,
}
else
*next0 = error0 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p0->error = error_node->errors[error0];
}
if (PREDICT_FALSE (error1 != IP4_ERROR_NONE))
@@ -270,10 +271,9 @@ ip4_input_check_x2 (vlib_main_t * vm,
}
else
*next1 = error1 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p1->error = error_node->errors[error1];
}
-
}
always_inline void
@@ -290,11 +290,6 @@ ip4_input_check_x1 (vlib_main_t * vm,
check_ver_opt_csum (ip0, &error0, verify_checksum);
- /* Punt packets with options or wrong version. */
- if (PREDICT_FALSE (ip0->ip_version_and_header_length != 0x45))
- error0 = (ip0->ip_version_and_header_length & 0xf) != 5 ?
- IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
-
/* Drop fragmentation offset 1 packets. */
error0 = ip4_get_fragment_offset (ip0) == 1 ?
IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;
@@ -322,10 +317,9 @@ ip4_input_check_x1 (vlib_main_t * vm,
}
else
*next0 = error0 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS;
p0->error = error_node->errors[error0];
}
-
}
/*
diff --git a/src/vnet/ip/ip4_options.c b/src/vnet/ip/ip4_options.c
new file mode 100644
index 00000000000..c008b9bde8c
--- /dev/null
+++ b/src/vnet/ip/ip4_options.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 2018 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @brief Handle IPv4 header options in the data-path
+ */
+
+#include <vnet/ip/ip.h>
+
+typedef enum ip4_options_next_t_
+{
+ IP4_OPTIONS_NEXT_PUNT,
+ IP4_OPTIONS_NEXT_LOCAL,
+ IP4_OPTIONS_N_NEXT,
+} ip4_options_next_t;
+
+typedef struct ip4_options_trace_t_
+{
+ u8 option[4];
+} ip4_options_trace_t;
+
+VLIB_NODE_FN (ip4_options_node) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
+{
+ uword n_left_from, n_left_to_next, next_index;
+ u32 *from, *to_next;
+
+ from = vlib_frame_vector_args (frame);
+ n_left_from = frame->n_vectors;
+ next_index = 0;
+
+ while (n_left_from > 0)
+ {
+ vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
+
+ /*
+ * IP options packets, when properly used, are very low rate,
+ * so this code is not dual-looped for extra performance.
+ */
+ while (n_left_from > 0 && n_left_to_next > 0)
+ {
+ ip4_options_next_t next;
+ ip4_header_t *ip4;
+ vlib_buffer_t *b;
+ u8 *options;
+ u32 bi;
+
+ bi = from[0];
+ from += 1;
+ n_left_from -= 1;
+ to_next[0] = bi;
+ to_next += 1;
+ n_left_to_next -= 1;
+
+ b = vlib_get_buffer (vm, bi);
+ ip4 = vlib_buffer_get_current (b);
+ next = IP4_OPTIONS_NEXT_PUNT;
+
+ options = (u8 *) (ip4 + 1);
+
+ /*
+ * mask out the copy flag to leave the option type
+ */
+ switch (options[0] & 0x7f)
+ {
+ case IP4_ROUTER_ALERT_OPTION:
+ /*
+ * if it's an IGMP packet, pass up the local stack
+ */
+ if (IP_PROTOCOL_IGMP == ip4->protocol)
+ {
+ next = IP4_OPTIONS_NEXT_LOCAL;
+ }
+ break;
+ default:
+ break;
+ }
+
+ if (b->flags & VLIB_BUFFER_IS_TRACED)
+ {
+ ip4_options_trace_t *t =
+ vlib_add_trace (vm, node, b, sizeof (*t));
+
+ clib_memcpy (t->option, options, 4);
+ }
+ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
+ n_left_to_next, bi, next);
+
+ }
+
+ vlib_put_next_frame (vm, node, next_index, n_left_to_next);
+ }
+ return frame->n_vectors;
+}
+
+u8 *
+format_ip4_options_trace (u8 * s, va_list * args)
+{
+ CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
+ CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
+ ip4_options_trace_t *t = va_arg (*args, ip4_options_trace_t *);
+ u32 indent = format_get_indent (s);
+
+ s = format (s, "%Uoption:[0x%x,0x%x,0x%x,0x%x]",
+ format_white_space, indent,
+ t->option[0], t->option[1], t->option[2], t->option[3]);
+ return s;
+}
+
+/* *INDENT-OFF* */
+VLIB_REGISTER_NODE (ip4_options_node) = {
+ .name = "ip4-options",
+ .vector_size = sizeof (u32),
+
+ .n_next_nodes = IP4_OPTIONS_N_NEXT,
+ .next_nodes = {
+ [IP4_OPTIONS_NEXT_PUNT] = "ip4-punt",
+ [IP4_OPTIONS_NEXT_LOCAL] = "ip4-local",
+ },
+ .format_buffer = format_ip4_header,
+ .format_trace = format_ip4_options_trace,
+};
+/* *INDENT-ON* */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
diff --git a/src/vnet/ip/ip4_packet.h b/src/vnet/ip/ip4_packet.h
index 2f0c75e4924..c41a8021d96 100644
--- a/src/vnet/ip/ip4_packet.h
+++ b/src/vnet/ip/ip4_packet.h
@@ -193,6 +193,8 @@ typedef union
#define IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS \
((4 << 4) | (sizeof (ip4_header_t) / sizeof (u32)))
+#define IP4_ROUTER_ALERT_OPTION 20
+
always_inline int
ip4_get_fragment_offset (ip4_header_t * i)
{