Line data Source code
1 : /*
2 : * Copyright (c) 2017 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : /*
16 : * ip/ip6_input.c: IP v6 input node
17 : *
18 : * Copyright (c) 2008 Eliot Dresselhaus
19 : *
20 : * Permission is hereby granted, free of charge, to any person obtaining
21 : * a copy of this software and associated documentation files (the
22 : * "Software"), to deal in the Software without restriction, including
23 : * without limitation the rights to use, copy, modify, merge, publish,
24 : * distribute, sublicense, and/or sell copies of the Software, and to
25 : * permit persons to whom the Software is furnished to do so, subject to
26 : * the following conditions:
27 : *
28 : * The above copyright notice and this permission notice shall be
29 : * included in all copies or substantial portions of the Software.
30 : *
31 : * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
32 : * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
33 : * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
34 : * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
35 : * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
36 : * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
37 : * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
38 : */
39 :
40 : #ifndef included_ip6_input_h
41 : #define included_ip6_input_h
42 :
43 : #include <vnet/ip/ip.h>
44 : #include <vnet/ip/icmp6.h>
45 :
46 : typedef enum
47 : {
48 : IP6_INPUT_NEXT_DROP,
49 : IP6_INPUT_NEXT_LOOKUP,
50 : IP6_INPUT_NEXT_LOOKUP_MULTICAST,
51 : IP6_INPUT_NEXT_ICMP_ERROR,
52 : IP6_INPUT_N_NEXT,
53 : } ip6_input_next_t;
54 :
55 : always_inline void
56 4765838 : ip6_input_check_x2 (vlib_main_t * vm,
57 : vlib_node_runtime_t * error_node,
58 : vlib_buffer_t * p0, vlib_buffer_t * p1,
59 : ip6_header_t * ip0, ip6_header_t * ip1,
60 : u32 * next0, u32 * next1)
61 : {
62 : u8 error0, error1;
63 :
64 4765838 : error0 = error1 = IP6_ERROR_NONE;
65 :
66 : /* Version != 6? Drop it. */
67 4765838 : error0 =
68 4765838 : (clib_net_to_host_u32
69 4765838 : (ip0->ip_version_traffic_class_and_flow_label) >> 28) !=
70 : 6 ? IP6_ERROR_VERSION : error0;
71 4765838 : error1 =
72 4765838 : (clib_net_to_host_u32
73 4765838 : (ip1->ip_version_traffic_class_and_flow_label) >> 28) !=
74 : 6 ? IP6_ERROR_VERSION : error1;
75 :
76 : /* hop limit < 1? Drop it. for link-local broadcast packets,
77 : * like dhcpv6 packets from client has hop-limit 1, which should not
78 : * be dropped.
79 : */
80 4765838 : error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0;
81 4765838 : error1 = ip1->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error1;
82 :
83 : /* L2 length must be at least minimal IP header. */
84 4765838 : error0 =
85 4765838 : p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0;
86 4765838 : error1 =
87 4765838 : p1->current_length < sizeof (ip1[0]) ? IP6_ERROR_TOO_SHORT : error1;
88 :
89 4765838 : if (PREDICT_FALSE (error0 != IP6_ERROR_NONE))
90 : {
91 319 : if (error0 == IP6_ERROR_TIME_EXPIRED)
92 : {
93 127 : icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
94 : ICMP6_time_exceeded_ttl_exceeded_in_transit,
95 : 0);
96 127 : *next0 = IP6_INPUT_NEXT_ICMP_ERROR;
97 : }
98 : else
99 : {
100 192 : *next0 = IP6_INPUT_NEXT_DROP;
101 : }
102 : }
103 4765838 : if (PREDICT_FALSE (error1 != IP6_ERROR_NONE))
104 : {
105 319 : if (error1 == IP6_ERROR_TIME_EXPIRED)
106 : {
107 127 : icmp6_error_set_vnet_buffer (p1, ICMP6_time_exceeded,
108 : ICMP6_time_exceeded_ttl_exceeded_in_transit,
109 : 0);
110 127 : *next1 = IP6_INPUT_NEXT_ICMP_ERROR;
111 : }
112 : else
113 : {
114 192 : *next1 = IP6_INPUT_NEXT_DROP;
115 : }
116 : }
117 4765838 : }
118 :
119 : always_inline void
120 514564 : ip6_input_check_x1 (vlib_main_t * vm,
121 : vlib_node_runtime_t * error_node,
122 : vlib_buffer_t * p0, ip6_header_t * ip0, u32 * next0)
123 : {
124 : u8 error0;
125 :
126 514564 : error0 = IP6_ERROR_NONE;
127 :
128 : /* Version != 6? Drop it. */
129 514564 : error0 =
130 514564 : (clib_net_to_host_u32
131 514564 : (ip0->ip_version_traffic_class_and_flow_label) >> 28) !=
132 : 6 ? IP6_ERROR_VERSION : error0;
133 :
134 : /* hop limit < 1? Drop it. for link-local broadcast packets,
135 : * like dhcpv6 packets from client has hop-limit 1, which should not
136 : * be dropped.
137 : */
138 514564 : error0 = ip0->hop_limit < 1 ? IP6_ERROR_TIME_EXPIRED : error0;
139 :
140 : /* L2 length must be at least minimal IP header. */
141 514564 : error0 =
142 514564 : p0->current_length < sizeof (ip0[0]) ? IP6_ERROR_TOO_SHORT : error0;
143 :
144 514564 : if (PREDICT_FALSE (error0 != IP6_ERROR_NONE))
145 : {
146 22 : if (error0 == IP6_ERROR_TIME_EXPIRED)
147 : {
148 4 : icmp6_error_set_vnet_buffer (p0, ICMP6_time_exceeded,
149 : ICMP6_time_exceeded_ttl_exceeded_in_transit,
150 : 0);
151 4 : *next0 = IP6_INPUT_NEXT_ICMP_ERROR;
152 : }
153 : else
154 : {
155 18 : *next0 = IP6_INPUT_NEXT_DROP;
156 : }
157 : }
158 514564 : }
159 :
160 : #endif
161 :
162 : /*
163 : * fd.io coding-style-patch-verification: ON
164 : *
165 : * Local Variables:
166 : * eval: (c-set-style "gnu")
167 : * End:
168 : */
|
