27 #define foreach_ipsec_gre_input_next \ 28 _(PUNT, "error-punt") \ 29 _(DROP, "error-drop") \ 30 _(L2_INPUT, "l2-input") 33 #define _(s,n) IPSEC_GRE_INPUT_NEXT_##s, 52 s =
format (s,
"GRE: tunnel %d len %d src %U dst %U",
92 u32 n_left_from, next_index, * from, * to_next;
93 u64 cached_tunnel_key = (
u64) ~0;
94 u32 cached_tunnel_sw_if_index = 0, tunnel_sw_if_index;
95 u32 tun_src0, tun_dst0;
96 u32 tun_src1, tun_dst1;
103 while (n_left_from > 0)
108 to_next, n_left_to_next);
110 while (n_left_from >= 4 && n_left_to_next >= 2)
115 u16 version0, version1, protocol0, protocol1;
162 protocol0 = clib_net_to_host_u16 (h0->
protocol);
163 protocol1 = clib_net_to_host_u16 (h1->
protocol);
166 next0 = IPSEC_GRE_INPUT_NEXT_L2_INPUT;
172 b0->
error = node->
errors[IPSEC_GRE_ERROR_UNKNOWN_PROTOCOL];
173 next0 = IPSEC_GRE_INPUT_NEXT_DROP;
177 next1 = IPSEC_GRE_INPUT_NEXT_L2_INPUT;
183 b1->
error = node->
errors[IPSEC_GRE_ERROR_UNKNOWN_PROTOCOL];
184 next1 = IPSEC_GRE_INPUT_NEXT_DROP;
192 b0->
error = verr0 ? node->
errors[IPSEC_GRE_ERROR_UNSUPPORTED_VERSION]
194 next0 = verr0 ? IPSEC_GRE_INPUT_NEXT_DROP : next0;
195 b1->
error = verr1 ? node->
errors[IPSEC_GRE_ERROR_UNSUPPORTED_VERSION]
197 next1 = verr1 ? IPSEC_GRE_INPUT_NEXT_DROP : next1;
200 if (
PREDICT_TRUE(next0 == IPSEC_GRE_INPUT_NEXT_L2_INPUT))
202 u64 key = ((
u64)(tun_dst0) << 32) | (
u64)(tun_src0);
204 if (cached_tunnel_key != key)
213 next0 = IPSEC_GRE_INPUT_NEXT_DROP;
214 b0->
error = node->
errors[IPSEC_GRE_ERROR_NO_SUCH_TUNNEL];
221 cached_tunnel_sw_if_index = tunnel_sw_if_index;
225 tunnel_sw_if_index = cached_tunnel_sw_if_index;
232 if (
PREDICT_TRUE(next1 == IPSEC_GRE_INPUT_NEXT_L2_INPUT))
234 u64 key = ((
u64)(tun_dst1) << 32) | (
u64)(tun_src1);
236 if (cached_tunnel_key != key)
245 next1 = IPSEC_GRE_INPUT_NEXT_DROP;
246 b1->
error = node->
errors[IPSEC_GRE_ERROR_NO_SUCH_TUNNEL];
253 cached_tunnel_sw_if_index = tunnel_sw_if_index;
257 tunnel_sw_if_index = cached_tunnel_sw_if_index;
287 to_next, n_left_to_next,
288 bi0, bi1, next0, next1);
291 while (n_left_from > 0 && n_left_to_next > 0)
297 u16 version0, protocol0;
300 u32 tun_src0, tun_dst0;
319 protocol0 = clib_net_to_host_u16 (h0->
protocol);
322 next0 = IPSEC_GRE_INPUT_NEXT_L2_INPUT;
328 b0->
error = node->
errors[IPSEC_GRE_ERROR_UNKNOWN_PROTOCOL];
329 next0 = IPSEC_GRE_INPUT_NEXT_DROP;
334 b0->
error = verr0 ? node->
errors[IPSEC_GRE_ERROR_UNSUPPORTED_VERSION]
336 next0 = verr0 ? IPSEC_GRE_INPUT_NEXT_DROP : next0;
341 u64 key = ((
u64)(tun_dst0) << 32) | (
u64)(tun_src0);
343 if (cached_tunnel_key != key)
352 next0 = IPSEC_GRE_INPUT_NEXT_DROP;
353 b0->
error = node->
errors[IPSEC_GRE_ERROR_NO_SUCH_TUNNEL];
360 cached_tunnel_sw_if_index = tunnel_sw_if_index;
364 tunnel_sw_if_index = cached_tunnel_sw_if_index;
383 to_next, n_left_to_next,
390 IPSEC_GRE_ERROR_PKTS_DECAP, from_frame->
n_vectors);
395 #define ipsec_gre_error(n,s) s, 397 #undef ipsec_gre_error 402 .name =
"ipsec-gre-input",
404 .vector_size =
sizeof (
u32),
411 #define _(s,n) [IPSEC_GRE_INPUT_NEXT_##s] = n,
vlib_node_registration_t ipsec_gre_input_node
(constructor) VLIB_REGISTER_NODE (ipsec_gre_input_node)
L2-GRE over IPSec packet processing.
static vnet_hw_interface_t * vnet_get_hw_interface(vnet_main_t *vnm, u32 hw_if_index)
vlib_error_t * errors
Vector of errors for this node.
static clib_error_t * ipsec_gre_init(vlib_main_t *vm)
u8 * format_ipsec_gre_rx_trace(u8 *s, va_list *args)
ipsec_gre_tunnel_t * tunnels
pool of tunnel instances
static uword ipsec_gre_input(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame)
L2-GRE over IPSec input node.
#define foreach_ipsec_gre_input_next
#define VLIB_INIT_FUNCTION(x)
ipsec_gre_main_t ipsec_gre_main
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
#define vlib_call_init_function(vm, x)
#define VLIB_NODE_FUNCTION_MULTIARCH(node, fn)
uword * tunnel_by_key
hash mapping src/dst addr pair to tunnel
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static clib_error_t * ipsec_gre_input_init(vlib_main_t *vm)
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
vlib_error_t error
Error code for buffers to be enqueued to error handler.
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
#define VLIB_REGISTER_NODE(x,...)
L2-GRE over IPSec errors.
#define CLIB_PREFETCH(addr, size, type)
#define clib_warning(format, args...)
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
IPSec-GRE tunnel parameters.
static char * ipsec_gre_error_strings[]
#define clib_error_report(e)
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
vnet_main_t * vnet_main
convenience
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.