aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/dpo/mpls_disposition.c74
-rw-r--r--src/vnet/ip/ip4_input.c163
-rw-r--r--src/vnet/ip/ip4_input.h223
-rw-r--r--src/vnet/ip/ip6_input.c113
-rw-r--r--src/vnet/ip/ip6_input.h169
5 files changed, 465 insertions, 277 deletions
diff --git a/src/vnet/dpo/mpls_disposition.c b/src/vnet/dpo/mpls_disposition.c
index 5dc33fcfdbd..77429de4116 100644
--- a/src/vnet/dpo/mpls_disposition.c
+++ b/src/vnet/dpo/mpls_disposition.c
@@ -13,7 +13,8 @@
* limitations under the License.
*/
-#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4_input.h>
+#include <vnet/ip/ip6_input.h>
#include <vnet/dpo/mpls_disposition.h>
#include <vnet/mpls/mpls.h>
@@ -115,6 +116,9 @@ typedef struct mpls_label_disposition_trace_t_
index_t mdd;
} mpls_label_disposition_trace_t;
+extern vlib_node_registration_t ip4_mpls_label_disposition_node;
+extern vlib_node_registration_t ip6_mpls_label_disposition_node;
+
always_inline uword
mpls_label_disposition_inline (vlib_main_t * vm,
vlib_node_runtime_t * node,
@@ -123,6 +127,12 @@ mpls_label_disposition_inline (vlib_main_t * vm,
u8 payload_is_ip6)
{
u32 n_left_from, next_index, * from, * to_next;
+ vlib_node_runtime_t *error_node;
+
+ if (payload_is_ip4)
+ error_node = vlib_node_get_runtime (vm, ip4_mpls_label_disposition_node.index);
+ else
+ error_node = vlib_node_get_runtime (vm, ip6_mpls_label_disposition_node.index);
from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;
@@ -173,21 +183,39 @@ mpls_label_disposition_inline (vlib_main_t * vm,
mdd0 = mpls_disp_dpo_get(mddi0);
mdd1 = mpls_disp_dpo_get(mddi1);
+ next0 = mdd0->mdd_dpo.dpoi_next_node;
+ next1 = mdd1->mdd_dpo.dpoi_next_node;
+
if (payload_is_ip4)
{
+ ip4_header_t *ip0, *ip1;
+
+ ip0 = vlib_buffer_get_current (b0);
+ ip1 = vlib_buffer_get_current (b1);
+
/*
- * decrement the TTL on ingress to the LSP
+ * IPv4 input checks on the exposed IP header
+ * including checksum
*/
+ ip4_input_check_x2 (vm, error_node,
+ b0, b1, ip0, ip1,
+ &next0, &next1, 1);
}
else if (payload_is_ip6)
{
+ ip6_header_t *ip0, *ip1;
+
+ ip0 = vlib_buffer_get_current (b0);
+ ip1 = vlib_buffer_get_current (b1);
+
/*
- * decrement the TTL on ingress to the LSP
+ * IPv6 input checks on the exposed IP header
*/
+ ip6_input_check_x2 (vm, error_node,
+ b0, b1, ip0, ip1,
+ &next0, &next1);
}
-
- next0 = mdd0->mdd_dpo.dpoi_next_node;
- next1 = mdd1->mdd_dpo.dpoi_next_node;
+
vnet_buffer(b0)->ip.adj_index[VLIB_TX] = mdd0->mdd_dpo.dpoi_index;
vnet_buffer(b1)->ip.adj_index[VLIB_TX] = mdd1->mdd_dpo.dpoi_index;
vnet_buffer(b0)->ip.rpf_id = mdd0->mdd_rpf_id;
@@ -231,24 +259,32 @@ mpls_label_disposition_inline (vlib_main_t * vm,
/* dst lookup was done by ip4 lookup */
mddi0 = vnet_buffer(b0)->ip.adj_index[VLIB_TX];
mdd0 = mpls_disp_dpo_get(mddi0);
+ next0 = mdd0->mdd_dpo.dpoi_next_node;
if (payload_is_ip4)
{
+ ip4_header_t *ip0;
+
+ ip0 = vlib_buffer_get_current (b0);
+
/*
- * decrement the TTL on ingress to the LSP
+ * IPv4 input checks on the exposed IP header
+ * including checksum
*/
+ ip4_input_check_x1 (vm, error_node, b0, ip0, &next0, 1);
}
else if (payload_is_ip6)
{
+ ip6_header_t *ip0;
+
+ ip0 = vlib_buffer_get_current (b0);
+
/*
- * decrement the TTL on ingress to the LSP
+ * IPv6 input checks on the exposed IP header
*/
- }
- else
- {
+ ip6_input_check_x1 (vm, error_node, b0, ip0, &next0);
}
- next0 = mdd0->mdd_dpo.dpoi_next_node;
vnet_buffer(b0)->ip.adj_index[VLIB_TX] = mdd0->mdd_dpo.dpoi_index;
vnet_buffer(b0)->ip.rpf_id = mdd0->mdd_rpf_id;
@@ -294,10 +330,9 @@ VLIB_REGISTER_NODE (ip4_mpls_label_disposition_node) = {
.vector_size = sizeof (u32),
.format_trace = format_mpls_label_disposition_trace,
- .n_next_nodes = 1,
- .next_nodes = {
- [0] = "ip4-drop",
- }
+ .sibling_of = "ip4-input",
+ .n_errors = IP4_N_ERROR,
+ .error_strings = ip4_error_strings,
};
VLIB_NODE_FUNCTION_MULTIARCH (ip4_mpls_label_disposition_node,
ip4_mpls_label_disposition)
@@ -316,10 +351,9 @@ VLIB_REGISTER_NODE (ip6_mpls_label_disposition_node) = {
.vector_size = sizeof (u32),
.format_trace = format_mpls_label_disposition_trace,
- .n_next_nodes = 1,
- .next_nodes = {
- [0] = "ip6-drop",
- }
+ .sibling_of = "ip6-input",
+ .n_errors = IP6_N_ERROR,
+ .error_strings = ip6_error_strings,
};
VLIB_NODE_FUNCTION_MULTIARCH (ip6_mpls_label_disposition_node,
ip6_mpls_label_disposition)
diff --git a/src/vnet/ip/ip4_input.c b/src/vnet/ip/ip4_input.c
index 3b08f4b0089..121f40f473d 100644
--- a/src/vnet/ip/ip4_input.c
+++ b/src/vnet/ip/ip4_input.c
@@ -37,7 +37,7 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4_input.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/ppp/ppp.h>
#include <vnet/hdlc/hdlc.h>
@@ -60,16 +60,6 @@ format_ip4_input_trace (u8 * s, va_list * va)
return s;
}
-typedef enum
-{
- IP4_INPUT_NEXT_DROP,
- IP4_INPUT_NEXT_PUNT,
- IP4_INPUT_NEXT_LOOKUP,
- IP4_INPUT_NEXT_LOOKUP_MULTICAST,
- IP4_INPUT_NEXT_ICMP_ERROR,
- IP4_INPUT_N_NEXT,
-} ip4_input_next_t;
-
/* Validate IP v4 packets and pass them either to forwarding code
or drop/punt exception packets. */
always_inline uword
@@ -109,10 +99,9 @@ ip4_input_inline (vlib_main_t * vm,
{
vlib_buffer_t *p0, *p1;
ip4_header_t *ip0, *ip1;
- u32 sw_if_index0, pi0, ip_len0, cur_len0, next0;
- u32 sw_if_index1, pi1, ip_len1, cur_len1, next1;
- i32 len_diff0, len_diff1;
- u8 error0, error1, arc0, arc1;
+ u32 sw_if_index0, pi0, next0;
+ u32 sw_if_index1, pi1, next1;
+ u8 arc0, arc1;
/* Prefetch next iteration. */
{
@@ -144,8 +133,6 @@ ip4_input_inline (vlib_main_t * vm,
sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
sw_if_index1 = vnet_buffer (p1)->sw_if_index[VLIB_RX];
- error0 = error1 = IP4_ERROR_NONE;
-
if (PREDICT_FALSE (ip4_address_is_multicast (&ip0->dst_address)))
{
arc0 = lm->mcast_feature_arc_index;
@@ -155,8 +142,6 @@ ip4_input_inline (vlib_main_t * vm,
{
arc0 = lm->ucast_feature_arc_index;
next0 = IP4_INPUT_NEXT_LOOKUP;
- if (PREDICT_FALSE (ip0->ttl < 1))
- error0 = IP4_ERROR_TIME_EXPIRED;
}
if (PREDICT_FALSE (ip4_address_is_multicast (&ip1->dst_address)))
@@ -168,8 +153,6 @@ ip4_input_inline (vlib_main_t * vm,
{
arc1 = lm->ucast_feature_arc_index;
next1 = IP4_INPUT_NEXT_LOOKUP;
- if (PREDICT_FALSE (ip1->ttl < 1))
- error1 = IP4_ERROR_TIME_EXPIRED;
}
vnet_buffer (p0)->ip.adj_index[VLIB_RX] = ~0;
@@ -180,82 +163,9 @@ ip4_input_inline (vlib_main_t * vm,
vlib_increment_simple_counter (cm, thread_index, sw_if_index0, 1);
vlib_increment_simple_counter (cm, thread_index, sw_if_index1, 1);
-
- /* Punt packets with options or wrong version. */
- if (PREDICT_FALSE (ip0->ip_version_and_header_length != 0x45))
- error0 = (ip0->ip_version_and_header_length & 0xf) != 5 ?
- IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
-
- if (PREDICT_FALSE (ip1->ip_version_and_header_length != 0x45))
- error1 = (ip1->ip_version_and_header_length & 0xf) != 5 ?
- IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
-
- /* Verify header checksum. */
- if (verify_checksum)
- {
- ip_csum_t sum0, sum1;
-
- ip4_partial_header_checksum_x1 (ip0, sum0);
- ip4_partial_header_checksum_x1 (ip1, sum1);
-
- error0 = 0xffff != ip_csum_fold (sum0) ?
- IP4_ERROR_BAD_CHECKSUM : error0;
- error1 = 0xffff != ip_csum_fold (sum1) ?
- IP4_ERROR_BAD_CHECKSUM : error1;
- }
-
- /* Drop fragmentation offset 1 packets. */
- error0 = ip4_get_fragment_offset (ip0) == 1 ?
- IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;
- error1 = ip4_get_fragment_offset (ip1) == 1 ?
- IP4_ERROR_FRAGMENT_OFFSET_ONE : error1;
-
- /* Verify lengths. */
- ip_len0 = clib_net_to_host_u16 (ip0->length);
- ip_len1 = clib_net_to_host_u16 (ip1->length);
-
- /* IP length must be at least minimal IP header. */
- error0 = ip_len0 < sizeof (ip0[0]) ? IP4_ERROR_TOO_SHORT : error0;
- error1 = ip_len1 < sizeof (ip1[0]) ? IP4_ERROR_TOO_SHORT : error1;
-
- cur_len0 = vlib_buffer_length_in_chain (vm, p0);
- cur_len1 = vlib_buffer_length_in_chain (vm, p1);
-
- len_diff0 = cur_len0 - ip_len0;
- len_diff1 = cur_len1 - ip_len1;
-
- error0 = len_diff0 < 0 ? IP4_ERROR_BAD_LENGTH : error0;
- error1 = len_diff1 < 0 ? IP4_ERROR_BAD_LENGTH : error1;
-
- p0->error = error_node->errors[error0];
- p1->error = error_node->errors[error1];
-
- if (PREDICT_FALSE (error0 != IP4_ERROR_NONE))
- {
- if (error0 == IP4_ERROR_TIME_EXPIRED)
- {
- icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
- ICMP4_time_exceeded_ttl_exceeded_in_transit,
- 0);
- next0 = IP4_INPUT_NEXT_ICMP_ERROR;
- }
- else
- next0 = error0 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
- }
- if (PREDICT_FALSE (error1 != IP4_ERROR_NONE))
- {
- if (error1 == IP4_ERROR_TIME_EXPIRED)
- {
- icmp4_error_set_vnet_buffer (p1, ICMP4_time_exceeded,
- ICMP4_time_exceeded_ttl_exceeded_in_transit,
- 0);
- next1 = IP4_INPUT_NEXT_ICMP_ERROR;
- }
- else
- next1 = error1 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
- }
+ ip4_input_check_x2 (vm, error_node,
+ p0, p1, ip0, ip1,
+ &next0, &next1, verify_checksum);
vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
to_next, n_left_to_next,
@@ -265,9 +175,8 @@ ip4_input_inline (vlib_main_t * vm,
{
vlib_buffer_t *p0;
ip4_header_t *ip0;
- u32 sw_if_index0, pi0, ip_len0, cur_len0, next0;
- i32 len_diff0;
- u8 error0, arc0;
+ u32 sw_if_index0, pi0, next0;
+ u8 arc0;
pi0 = from[0];
to_next[0] = pi0;
@@ -281,8 +190,6 @@ ip4_input_inline (vlib_main_t * vm,
sw_if_index0 = vnet_buffer (p0)->sw_if_index[VLIB_RX];
- error0 = IP4_ERROR_NONE;
-
if (PREDICT_FALSE (ip4_address_is_multicast (&ip0->dst_address)))
{
arc0 = lm->mcast_feature_arc_index;
@@ -292,60 +199,14 @@ ip4_input_inline (vlib_main_t * vm,
{
arc0 = lm->ucast_feature_arc_index;
next0 = IP4_INPUT_NEXT_LOOKUP;
- if (PREDICT_FALSE (ip0->ttl < 1))
- error0 = IP4_ERROR_TIME_EXPIRED;
}
vnet_buffer (p0)->ip.adj_index[VLIB_RX] = ~0;
vnet_feature_arc_start (arc0, sw_if_index0, &next0, p0);
vlib_increment_simple_counter (cm, thread_index, sw_if_index0, 1);
-
- /* Punt packets with options or wrong version. */
- if (PREDICT_FALSE (ip0->ip_version_and_header_length != 0x45))
- error0 = (ip0->ip_version_and_header_length & 0xf) != 5 ?
- IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
-
- /* Verify header checksum. */
- if (verify_checksum)
- {
- ip_csum_t sum0;
-
- ip4_partial_header_checksum_x1 (ip0, sum0);
- error0 =
- 0xffff !=
- ip_csum_fold (sum0) ? IP4_ERROR_BAD_CHECKSUM : error0;
- }
-
- /* Drop fragmentation offset 1 packets. */
- error0 =
- ip4_get_fragment_offset (ip0) ==
- 1 ? IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;
-
- /* Verify lengths. */
- ip_len0 = clib_net_to_host_u16 (ip0->length);
-
- /* IP length must be at least minimal IP header. */
- error0 = ip_len0 < sizeof (ip0[0]) ? IP4_ERROR_TOO_SHORT : error0;
-
- cur_len0 = vlib_buffer_length_in_chain (vm, p0);
- len_diff0 = cur_len0 - ip_len0;
- error0 = len_diff0 < 0 ? IP4_ERROR_BAD_LENGTH : error0;
-
- p0->error = error_node->errors[error0];
- if (PREDICT_FALSE (error0 != IP4_ERROR_NONE))
- {
- if (error0 == IP4_ERROR_TIME_EXPIRED)
- {
- icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
- ICMP4_time_exceeded_ttl_exceeded_in_transit,
- 0);
- next0 = IP4_INPUT_NEXT_ICMP_ERROR;
- }
- else
- next0 = error0 != IP4_ERROR_OPTIONS ?
- IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
- }
+ ip4_input_check_x1 (vm, error_node, p0, ip0, &next0,
+ verify_checksum);
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next,
@@ -406,7 +267,7 @@ ip4_input_no_checksum (vlib_main_t * vm,
return ip4_input_inline (vm, node, frame, /* verify_checksum */ 0);
}
-static char *ip4_error_strings[] = {
+char *ip4_error_strings[] = {
#define _(sym,string) string,
foreach_ip4_error
#undef _
diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h
new file mode 100644
index 00000000000..75306a34db3
--- /dev/null
+++ b/src/vnet/ip/ip4_input.h
@@ -0,0 +1,223 @@
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * ip/ip4_input.c: IP v4 input node
+ *
+ * Copyright (c) 2008 Eliot Dresselhaus
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef included_ip_input_h
+#define included_ip_input_h
+
+#include <vnet/ip/ip.h>
+#include <vnet/ethernet/ethernet.h>
+
+extern char *ip4_error_strings[];
+
+typedef enum
+{
+ IP4_INPUT_NEXT_DROP,
+ IP4_INPUT_NEXT_PUNT,
+ IP4_INPUT_NEXT_LOOKUP,
+ IP4_INPUT_NEXT_LOOKUP_MULTICAST,
+ IP4_INPUT_NEXT_ICMP_ERROR,
+ IP4_INPUT_N_NEXT,
+} ip4_input_next_t;
+
+always_inline void
+ip4_input_check_x2 (vlib_main_t * vm,
+ vlib_node_runtime_t * error_node,
+ vlib_buffer_t * p0, vlib_buffer_t * p1,
+ ip4_header_t * ip0, ip4_header_t * ip1,
+ u32 * next0, u32 * next1, int verify_checksum)
+{
+ u8 error0, error1;
+ u32 ip_len0, cur_len0;
+ u32 ip_len1, cur_len1;
+ i32 len_diff0, len_diff1;
+
+ error0 = error1 = IP4_ERROR_NONE;
+
+ /* Punt packets with options or wrong version. */
+ if (PREDICT_FALSE (ip0->ip_version_and_header_length != 0x45))
+ error0 = (ip0->ip_version_and_header_length & 0xf) != 5 ?
+ IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
+
+ if (PREDICT_FALSE (ip1->ip_version_and_header_length != 0x45))
+ error1 = (ip1->ip_version_and_header_length & 0xf) != 5 ?
+ IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
+
+ if (PREDICT_FALSE (ip0->ttl < 1))
+ error0 = IP4_ERROR_TIME_EXPIRED;
+ if (PREDICT_FALSE (ip1->ttl < 1))
+ error1 = IP4_ERROR_TIME_EXPIRED;
+
+ /* Verify header checksum. */
+ if (verify_checksum)
+ {
+ ip_csum_t sum0, sum1;
+
+ ip4_partial_header_checksum_x1 (ip0, sum0);
+ ip4_partial_header_checksum_x1 (ip1, sum1);
+
+ error0 = 0xffff != ip_csum_fold (sum0) ?
+ IP4_ERROR_BAD_CHECKSUM : error0;
+ error1 = 0xffff != ip_csum_fold (sum1) ?
+ IP4_ERROR_BAD_CHECKSUM : error1;
+ }
+
+ /* Drop fragmentation offset 1 packets. */
+ error0 = ip4_get_fragment_offset (ip0) == 1 ?
+ IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;
+ error1 = ip4_get_fragment_offset (ip1) == 1 ?
+ IP4_ERROR_FRAGMENT_OFFSET_ONE : error1;
+
+ /* Verify lengths. */
+ ip_len0 = clib_net_to_host_u16 (ip0->length);
+ ip_len1 = clib_net_to_host_u16 (ip1->length);
+
+ /* IP length must be at least minimal IP header. */
+ error0 = ip_len0 < sizeof (ip0[0]) ? IP4_ERROR_TOO_SHORT : error0;
+ error1 = ip_len1 < sizeof (ip1[0]) ? IP4_ERROR_TOO_SHORT : error1;
+
+ cur_len0 = vlib_buffer_length_in_chain (vm, p0);
+ cur_len1 = vlib_buffer_length_in_chain (vm, p1);
+
+ len_diff0 = cur_len0 - ip_len0;
+ len_diff1 = cur_len1 - ip_len1;
+
+ error0 = len_diff0 < 0 ? IP4_ERROR_BAD_LENGTH : error0;
+ error1 = len_diff1 < 0 ? IP4_ERROR_BAD_LENGTH : error1;
+
+ if (PREDICT_FALSE (error0 != IP4_ERROR_NONE))
+ {
+ if (error0 == IP4_ERROR_TIME_EXPIRED)
+ {
+ icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ *next0 = IP4_INPUT_NEXT_ICMP_ERROR;
+ }
+ else
+ *next0 = error0 != IP4_ERROR_OPTIONS ?
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ }
+ if (PREDICT_FALSE (error1 != IP4_ERROR_NONE))
+ {
+ if (error1 == IP4_ERROR_TIME_EXPIRED)
+ {
+ icmp4_error_set_vnet_buffer (p1, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ *next1 = IP4_INPUT_NEXT_ICMP_ERROR;
+ }
+ else
+ *next1 = error1 != IP4_ERROR_OPTIONS ?
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ }
+
+ p0->error = error_node->errors[error0];
+ p1->error = error_node->errors[error1];
+}
+
+always_inline void
+ip4_input_check_x1 (vlib_main_t * vm,
+ vlib_node_runtime_t * error_node,
+ vlib_buffer_t * p0,
+ ip4_header_t * ip0, u32 * next0, int verify_checksum)
+{
+ u32 ip_len0, cur_len0;
+ i32 len_diff0;
+ u8 error0;
+
+ error0 = IP4_ERROR_NONE;
+
+ /* Punt packets with options or wrong version. */
+ if (PREDICT_FALSE (ip0->ip_version_and_header_length != 0x45))
+ error0 = (ip0->ip_version_and_header_length & 0xf) != 5 ?
+ IP4_ERROR_OPTIONS : IP4_ERROR_VERSION;
+
+ /* Verify header checksum. */
+ if (verify_checksum)
+ {
+ ip_csum_t sum0;
+
+ ip4_partial_header_checksum_x1 (ip0, sum0);
+
+ error0 = 0xffff != ip_csum_fold (sum0) ?
+ IP4_ERROR_BAD_CHECKSUM : error0;
+ }
+
+ /* Drop fragmentation offset 1 packets. */
+ error0 = ip4_get_fragment_offset (ip0) == 1 ?
+ IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;
+
+ /* Verify lengths. */
+ ip_len0 = clib_net_to_host_u16 (ip0->length);
+
+ /* IP length must be at least minimal IP header. */
+ error0 = ip_len0 < sizeof (ip0[0]) ? IP4_ERROR_TOO_SHORT : error0;
+
+ cur_len0 = vlib_buffer_length_in_chain (vm, p0);
+
+ len_diff0 = cur_len0 - ip_len0;
+
+ error0 = len_diff0 < 0 ? IP4_ERROR_BAD_LENGTH : error0;
+
+ if (PREDICT_FALSE (error0 != IP4_ERROR_NONE))
+ {
+ if (error0 == IP4_ERROR_TIME_EXPIRED)
+ {
+ icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ *next0 = IP4_INPUT_NEXT_ICMP_ERROR;
+ }
+ else
+ *next0 = error0 != IP4_ERROR_OPTIONS ?
+ IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT;
+ }
+
+ p0->error = error_node->errors[error0];
+}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */
+
+#endif
diff --git a/src/vnet/ip/ip6_input.c b/src/vnet/ip/ip6_input.c
index ffdc4727660..3b38d347e6e 100644
--- a/src/vnet/ip/ip6_input.c
+++ b/src/vnet/ip/ip6_input.c
@@ -37,7 +37,7 @@
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
-#include <vnet/ip/ip.h>
+#include <vnet/ip/ip6_input.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/ppp/ppp.h>
#include <vnet/hdlc/hdlc.h>
@@ -60,15 +60,6 @@ format_ip6_input_trace (u8 * s, va_list * va)
return s;
}
-typedef enum
-{
- IP6_INPUT_NEXT_DROP,
- IP6_INPUT_NEXT_LOOKUP,
- IP6_INPUT_NEXT_LOOKUP_MULTICAST,
- IP6_INPUT_NEXT_ICMP_ERROR,
- IP6_INPUT_N_NEXT,
-} ip6_input_next_t;
-
/* Validate IP v6 packets and pass them either to forwarding code
or drop exception packets. */
static uword
@@ -108,7 +99,7 @@ ip6_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
ip6_header_t *ip0, *ip1;
u32 pi0, sw_if_index0, next0 = 0;
u32 pi1, sw_if_index1, next1 = 0;
- u8 error0, error1, arc0, arc1;
+ u8 arc0, arc1;
/* Prefetch next iteration. */
{
@@ -173,65 +164,8 @@ ip6_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
vlib_increment_simple_counter (cm, thread_index, sw_if_index0, 1);
vlib_increment_simple_counter (cm, thread_index, sw_if_index1, 1);
-
- error0 = error1 = IP6_ERROR_NONE;
-
- /* Version != 6? Drop it. */
- error0 =
- (clib_net_to_host_u32
- (ip0->ip_version_traffic_class_and_flow_label) >> 28) !=
- 6 ? IP6_ERROR_VERSION : error0;
- error1 =
- (clib_net_to_host_u32
- (ip1->ip_version_traffic_class_and_flow_label) >> 28) !=
- 6 ? IP6_ERROR_VERSION : error1;
-
- /* hop limit < 1? Drop it. for link-local broadcast packets,
- * like dhcpv6 packets from client has hop-limit 1, which should not
- * be dropped.
- */
- error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0;
- error1 = ip1->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error1;
-
- /* L2 length must be at least minimal IP header. */
- error0 =
- p0->current_length <
- sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0;
- error1 =
- p1->current_length <
- sizeof (ip1[0]) ? IP6_ERROR_TOO_SHORT : error1;
-
- if (PREDICT_FALSE (error0 != IP6_ERROR_NONE))
- {
- if (error0 == IP6_ERROR_TIME_EXPIRED)
- {
- icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
- ICMP6_time_exceeded_ttl_exceeded_in_transit,
- 0);
- next0 = IP6_INPUT_NEXT_ICMP_ERROR;
- }
- else
- {
- next0 = IP6_INPUT_NEXT_DROP;
- }
- }
- if (PREDICT_FALSE (error1 != IP6_ERROR_NONE))
- {
- if (error1 == IP6_ERROR_TIME_EXPIRED)
- {
- icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
- ICMP6_time_exceeded_ttl_exceeded_in_transit,
- 0);
- next1 = IP6_INPUT_NEXT_ICMP_ERROR;
- }
- else
- {
- next1 = IP6_INPUT_NEXT_DROP;
- }
- }
-
- p0->error = error_node->errors[error0];
- p1->error = error_node->errors[error1];
+ ip6_input_check_x2 (vm, error_node,
+ p0, p1, ip0, ip1, &next0, &next1);
vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
to_next, n_left_to_next,
@@ -243,7 +177,7 @@ ip6_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
vlib_buffer_t *p0;
ip6_header_t *ip0;
u32 pi0, sw_if_index0, next0 = 0;
- u8 error0, arc0;
+ u8 arc0;
pi0 = from[0];
to_next[0] = pi0;
@@ -271,40 +205,7 @@ ip6_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
vnet_feature_arc_start (arc0, sw_if_index0, &next0, p0);
vlib_increment_simple_counter (cm, thread_index, sw_if_index0, 1);
- error0 = IP6_ERROR_NONE;
-
- /* Version != 6? Drop it. */
- error0 =
- (clib_net_to_host_u32
- (ip0->ip_version_traffic_class_and_flow_label) >> 28) !=
- 6 ? IP6_ERROR_VERSION : error0;
-
- /* hop limit < 1? Drop it. for link-local broadcast packets,
- * like dhcpv6 packets from client has hop-limit 1, which should not
- * be dropped.
- */
- error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0;
-
- /* L2 length must be at least minimal IP header. */
- error0 =
- p0->current_length <
- sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0;
-
- if (PREDICT_FALSE (error0 != IP6_ERROR_NONE))
- {
- if (error0 == IP6_ERROR_TIME_EXPIRED)
- {
- icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
- ICMP6_time_exceeded_ttl_exceeded_in_transit,
- 0);
- next0 = IP6_INPUT_NEXT_ICMP_ERROR;
- }
- else
- {
- next0 = IP6_INPUT_NEXT_DROP;
- }
- }
- p0->error = error_node->errors[error0];
+ ip6_input_check_x1 (vm, error_node, p0, ip0, &next0);
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next,
@@ -317,7 +218,7 @@ ip6_input (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
return frame->n_vectors;
}
-static char *ip6_error_strings[] = {
+char *ip6_error_strings[] = {
#define _(sym,string) string,
foreach_ip6_error
#undef _
diff --git a/src/vnet/ip/ip6_input.h b/src/vnet/ip/ip6_input.h
new file mode 100644
index 00000000000..4c0d78459b1
--- /dev/null
+++ b/src/vnet/ip/ip6_input.h
@@ -0,0 +1,169 @@
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * ip/ip6_input.c: IP v6 input node
+ *
+ * Copyright (c) 2008 Eliot Dresselhaus
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef included_ip6_input_h
+#define included_ip6_input_h
+
+#include <vnet/ip/ip.h>
+
+extern char *ip6_error_strings[];
+
+typedef enum
+{
+ IP6_INPUT_NEXT_DROP,
+ IP6_INPUT_NEXT_LOOKUP,
+ IP6_INPUT_NEXT_LOOKUP_MULTICAST,
+ IP6_INPUT_NEXT_ICMP_ERROR,
+ IP6_INPUT_N_NEXT,
+} ip6_input_next_t;
+
+always_inline void
+ip6_input_check_x2 (vlib_main_t * vm,
+ vlib_node_runtime_t * error_node,
+ vlib_buffer_t * p0, vlib_buffer_t * p1,
+ ip6_header_t * ip0, ip6_header_t * ip1,
+ u32 * next0, u32 * next1)
+{
+ u8 error0, error1;
+
+ error0 = error1 = IP6_ERROR_NONE;
+
+ /* Version != 6? Drop it. */
+ error0 =
+ (clib_net_to_host_u32
+ (ip0->ip_version_traffic_class_and_flow_label) >> 28) !=
+ 6 ? IP6_ERROR_VERSION : error0;
+ error1 =
+ (clib_net_to_host_u32
+ (ip1->ip_version_traffic_class_and_flow_label) >> 28) !=
+ 6 ? IP6_ERROR_VERSION : error1;
+
+ /* hop limit < 1? Drop it. for link-local broadcast packets,
+ * like dhcpv6 packets from client has hop-limit 1, which should not
+ * be dropped.
+ */
+ error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0;
+ error1 = ip1->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error1;
+
+ /* L2 length must be at least minimal IP header. */
+ error0 =
+ p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0;
+ error1 =
+ p1->current_length < sizeof (ip1[0]) ? IP6_ERROR_TOO_SHORT : error1;
+
+ if (PREDICT_FALSE (error0 != IP6_ERROR_NONE))
+ {
+ if (error0 == IP6_ERROR_TIME_EXPIRED)
+ {
+ icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ *next0 = IP6_INPUT_NEXT_ICMP_ERROR;
+ }
+ else
+ {
+ *next0 = IP6_INPUT_NEXT_DROP;
+ }
+ }
+ if (PREDICT_FALSE (error1 != IP6_ERROR_NONE))
+ {
+ if (error1 == IP6_ERROR_TIME_EXPIRED)
+ {
+ icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ *next1 = IP6_INPUT_NEXT_ICMP_ERROR;
+ }
+ else
+ {
+ *next1 = IP6_INPUT_NEXT_DROP;
+ }
+ }
+}
+
+always_inline void
+ip6_input_check_x1 (vlib_main_t * vm,
+ vlib_node_runtime_t * error_node,
+ vlib_buffer_t * p0, ip6_header_t * ip0, u32 * next0)
+{
+ u8 error0;
+
+ error0 = IP6_ERROR_NONE;
+
+ /* Version != 6? Drop it. */
+ error0 =
+ (clib_net_to_host_u32
+ (ip0->ip_version_traffic_class_and_flow_label) >> 28) !=
+ 6 ? IP6_ERROR_VERSION : error0;
+
+ /* hop limit < 1? Drop it. for link-local broadcast packets,
+ * like dhcpv6 packets from client has hop-limit 1, which should not
+ * be dropped.
+ */
+ error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0;
+
+ /* L2 length must be at least minimal IP header. */
+ error0 =
+ p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0;
+
+ if (PREDICT_FALSE (error0 != IP6_ERROR_NONE))
+ {
+ if (error0 == IP6_ERROR_TIME_EXPIRED)
+ {
+ icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
+ ICMP6_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ *next0 = IP6_INPUT_NEXT_ICMP_ERROR;
+ }
+ else
+ {
+ *next0 = IP6_INPUT_NEXT_DROP;
+ }
+ }
+}
+
+#endif
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */