diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet.am | 1 | ||||
-rw-r--r-- | src/vnet/ip/ip4_input.c | 2 | ||||
-rw-r--r-- | src/vnet/ip/ip4_input.h | 22 | ||||
-rw-r--r-- | src/vnet/ip/ip4_options.c | 144 | ||||
-rw-r--r-- | src/vnet/ip/ip4_packet.h | 2 |
5 files changed, 157 insertions, 14 deletions
diff --git a/src/vnet.am b/src/vnet.am index 78eb481bc05..0a9cb5ffee4 100644 --- a/src/vnet.am +++ b/src/vnet.am @@ -354,6 +354,7 @@ libvnet_la_SOURCES += \ vnet/ip/ip4_forward.c \ vnet/ip/ip4_punt_drop.c \ vnet/ip/ip4_input.c \ + vnet/ip/ip4_options.c \ vnet/ip/ip4_mtrie.c \ vnet/ip/ip4_pg.c \ vnet/ip/ip4_source_and_port_range_check.c \ diff --git a/src/vnet/ip/ip4_input.c b/src/vnet/ip/ip4_input.c index b476f95ab8b..1ecd43b7139 100644 --- a/src/vnet/ip/ip4_input.c +++ b/src/vnet/ip/ip4_input.c @@ -324,6 +324,7 @@ VLIB_REGISTER_NODE (ip4_input_node) = { .next_nodes = { [IP4_INPUT_NEXT_DROP] = "error-drop", [IP4_INPUT_NEXT_PUNT] = "error-punt", + [IP4_INPUT_NEXT_OPTIONS] = "ip4-options", [IP4_INPUT_NEXT_LOOKUP] = "ip4-lookup", [IP4_INPUT_NEXT_LOOKUP_MULTICAST] = "ip4-mfib-forward-lookup", [IP4_INPUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", @@ -342,6 +343,7 @@ VLIB_REGISTER_NODE (ip4_input_no_checksum_node) = { .next_nodes = { [IP4_INPUT_NEXT_DROP] = "error-drop", [IP4_INPUT_NEXT_PUNT] = "error-punt", + [IP4_INPUT_NEXT_OPTIONS] = "ip4-options", [IP4_INPUT_NEXT_LOOKUP] = "ip4-lookup", [IP4_INPUT_NEXT_LOOKUP_MULTICAST] = "ip4-mfib-forward-lookup", [IP4_INPUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h index 889b423d700..880896e6430 100644 --- a/src/vnet/ip/ip4_input.h +++ b/src/vnet/ip/ip4_input.h @@ -49,6 +49,7 @@ typedef enum { IP4_INPUT_NEXT_DROP, IP4_INPUT_NEXT_PUNT, + IP4_INPUT_NEXT_OPTIONS, IP4_INPUT_NEXT_LOOKUP, IP4_INPUT_NEXT_LOOKUP_MULTICAST, IP4_INPUT_NEXT_ICMP_ERROR, @@ -153,7 +154,7 @@ ip4_input_check_x4 (vlib_main_t * vm, } else next[0] = error0 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p[0]->error = error_node->errors[error0]; } if (PREDICT_FALSE (error1 != IP4_ERROR_NONE)) @@ -167,7 +168,7 @@ ip4_input_check_x4 (vlib_main_t * vm, } else next[1] = error1 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p[1]->error = error_node->errors[error1]; } if (PREDICT_FALSE (error2 != IP4_ERROR_NONE)) @@ -181,7 +182,7 @@ ip4_input_check_x4 (vlib_main_t * vm, } else next[2] = error2 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p[2]->error = error_node->errors[error2]; } if (PREDICT_FALSE (error3 != IP4_ERROR_NONE)) @@ -195,7 +196,7 @@ ip4_input_check_x4 (vlib_main_t * vm, } else next[3] = error3 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p[3]->error = error_node->errors[error3]; } } @@ -256,7 +257,7 @@ ip4_input_check_x2 (vlib_main_t * vm, } else *next0 = error0 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p0->error = error_node->errors[error0]; } if (PREDICT_FALSE (error1 != IP4_ERROR_NONE)) @@ -270,10 +271,9 @@ ip4_input_check_x2 (vlib_main_t * vm, } else *next1 = error1 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p1->error = error_node->errors[error1]; } - } always_inline void @@ -290,11 +290,6 @@ ip4_input_check_x1 (vlib_main_t * vm, check_ver_opt_csum (ip0, &error0, verify_checksum); - /* Punt packets with options or wrong version. */ - if (PREDICT_FALSE (ip0->ip_version_and_header_length != 0x45)) - error0 = (ip0->ip_version_and_header_length & 0xf) != 5 ? - IP4_ERROR_OPTIONS : IP4_ERROR_VERSION; - /* Drop fragmentation offset 1 packets. */ error0 = ip4_get_fragment_offset (ip0) == 1 ? IP4_ERROR_FRAGMENT_OFFSET_ONE : error0; @@ -322,10 +317,9 @@ ip4_input_check_x1 (vlib_main_t * vm, } else *next0 = error0 != IP4_ERROR_OPTIONS ? - IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_PUNT; + IP4_INPUT_NEXT_DROP : IP4_INPUT_NEXT_OPTIONS; p0->error = error_node->errors[error0]; } - } /* diff --git a/src/vnet/ip/ip4_options.c b/src/vnet/ip/ip4_options.c new file mode 100644 index 00000000000..c008b9bde8c --- /dev/null +++ b/src/vnet/ip/ip4_options.c @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @brief Handle IPv4 header options in the data-path + */ + +#include <vnet/ip/ip.h> + +typedef enum ip4_options_next_t_ +{ + IP4_OPTIONS_NEXT_PUNT, + IP4_OPTIONS_NEXT_LOCAL, + IP4_OPTIONS_N_NEXT, +} ip4_options_next_t; + +typedef struct ip4_options_trace_t_ +{ + u8 option[4]; +} ip4_options_trace_t; + +VLIB_NODE_FN (ip4_options_node) (vlib_main_t * vm, + vlib_node_runtime_t * node, + vlib_frame_t * frame) +{ + uword n_left_from, n_left_to_next, next_index; + u32 *from, *to_next; + + from = vlib_frame_vector_args (frame); + n_left_from = frame->n_vectors; + next_index = 0; + + while (n_left_from > 0) + { + vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next); + + /* + * IP options packets, when properly used, are very low rate, + * so this code is not dual-looped for extra performance. + */ + while (n_left_from > 0 && n_left_to_next > 0) + { + ip4_options_next_t next; + ip4_header_t *ip4; + vlib_buffer_t *b; + u8 *options; + u32 bi; + + bi = from[0]; + from += 1; + n_left_from -= 1; + to_next[0] = bi; + to_next += 1; + n_left_to_next -= 1; + + b = vlib_get_buffer (vm, bi); + ip4 = vlib_buffer_get_current (b); + next = IP4_OPTIONS_NEXT_PUNT; + + options = (u8 *) (ip4 + 1); + + /* + * mask out the copy flag to leave the option type + */ + switch (options[0] & 0x7f) + { + case IP4_ROUTER_ALERT_OPTION: + /* + * if it's an IGMP packet, pass up the local stack + */ + if (IP_PROTOCOL_IGMP == ip4->protocol) + { + next = IP4_OPTIONS_NEXT_LOCAL; + } + break; + default: + break; + } + + if (b->flags & VLIB_BUFFER_IS_TRACED) + { + ip4_options_trace_t *t = + vlib_add_trace (vm, node, b, sizeof (*t)); + + clib_memcpy (t->option, options, 4); + } + vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, + n_left_to_next, bi, next); + + } + + vlib_put_next_frame (vm, node, next_index, n_left_to_next); + } + return frame->n_vectors; +} + +u8 * +format_ip4_options_trace (u8 * s, va_list * args) +{ + CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); + CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); + ip4_options_trace_t *t = va_arg (*args, ip4_options_trace_t *); + u32 indent = format_get_indent (s); + + s = format (s, "%Uoption:[0x%x,0x%x,0x%x,0x%x]", + format_white_space, indent, + t->option[0], t->option[1], t->option[2], t->option[3]); + return s; +} + +/* *INDENT-OFF* */ +VLIB_REGISTER_NODE (ip4_options_node) = { + .name = "ip4-options", + .vector_size = sizeof (u32), + + .n_next_nodes = IP4_OPTIONS_N_NEXT, + .next_nodes = { + [IP4_OPTIONS_NEXT_PUNT] = "ip4-punt", + [IP4_OPTIONS_NEXT_LOCAL] = "ip4-local", + }, + .format_buffer = format_ip4_header, + .format_trace = format_ip4_options_trace, +}; +/* *INDENT-ON* */ + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/vnet/ip/ip4_packet.h b/src/vnet/ip/ip4_packet.h index 2f0c75e4924..c41a8021d96 100644 --- a/src/vnet/ip/ip4_packet.h +++ b/src/vnet/ip/ip4_packet.h @@ -193,6 +193,8 @@ typedef union #define IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS \ ((4 << 4) | (sizeof (ip4_header_t) / sizeof (u32))) +#define IP4_ROUTER_ALERT_OPTION 20 + always_inline int ip4_get_fragment_offset (ip4_header_t * i) { |