2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/fib/fib_table.h>
17 #include <vnet/dpo/drop_dpo.h>
19 #include <cnat/cnat_client.h>
20 #include <cnat/cnat_translation.h>
22 cnat_client_t *cnat_client_pool;
24 cnat_client_db_t cnat_client_db;
26 dpo_type_t cnat_client_dpo;
28 static_always_inline u8
29 cnat_client_is_clone (cnat_client_t * cc)
31 return (FIB_NODE_INDEX_INVALID == cc->cc_fei);
35 cnat_client_db_remove (cnat_client_t * cc)
37 clib_bihash_kv_16_8_t bkey;
38 if (ip_addr_version (&cc->cc_ip) == AF_IP4)
40 bkey.key[0] = ip_addr_v4 (&cc->cc_ip).as_u32;
45 bkey.key[0] = ip_addr_v6 (&cc->cc_ip).as_u64[0];
46 bkey.key[1] = ip_addr_v6 (&cc->cc_ip).as_u64[1];
49 clib_bihash_add_del_16_8 (&cnat_client_db.cc_ip_id_hash, &bkey, 0 /* del */);
53 cnat_client_db_add (cnat_client_t *cc)
57 cci = cc - cnat_client_pool;
59 clib_bihash_kv_16_8_t bkey;
61 if (ip_addr_version (&cc->cc_ip) == AF_IP4)
63 bkey.key[0] = ip_addr_v4 (&cc->cc_ip).as_u32;
68 bkey.key[0] = ip_addr_v6 (&cc->cc_ip).as_u64[0];
69 bkey.key[1] = ip_addr_v6 (&cc->cc_ip).as_u64[1];
72 clib_bihash_add_del_16_8 (&cnat_client_db.cc_ip_id_hash, &bkey, 1 /* add */);
76 cnat_client_destroy (cnat_client_t * cc)
78 ASSERT (!cnat_client_is_clone (cc));
80 ASSERT (fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
81 fib_table_entry_delete_index (cc->cc_fei, cnat_fib_source);
83 cnat_client_db_remove (cc);
84 dpo_reset (&cc->cc_parent);
85 pool_put (cnat_client_pool, cc);
89 cnat_client_free_by_ip (ip46_address_t * ip, u8 af)
93 cnat_client_ip4_find (&ip->ip4) : cnat_client_ip6_find (&ip->ip6));
96 if (0 == cnat_client_uncnt_session (cc) && 0 == cc->tr_refcnt)
97 cnat_client_destroy (cc);
101 cnat_client_throttle_pool_process ()
103 /* This processes ips stored in the throttle pool
104 to update session refcounts
105 and should be called before cnat_client_free_by_ip */
107 ip_address_t *addr, *del_vec = NULL;
110 vec_reset_length (del_vec);
111 clib_spinlock_lock (&cnat_client_db.throttle_lock);
112 hash_foreach_mem (addr, refcnt, cnat_client_db.throttle_mem, {
113 cc = (AF_IP4 == addr->version ? cnat_client_ip4_find (&ip_addr_v4 (addr)) :
114 cnat_client_ip6_find (&ip_addr_v6 (addr)));
115 /* Client might not already be created */
118 cnat_client_t *ccp = cnat_client_get (cc->parent_cci);
119 clib_atomic_add_fetch (&ccp->session_refcnt, refcnt);
120 vec_add1 (del_vec, *addr);
123 vec_foreach (addr, del_vec)
124 hash_unset_mem_free (&cnat_client_db.throttle_mem, addr);
125 clib_spinlock_unlock (&cnat_client_db.throttle_lock);
129 cnat_client_translation_added (index_t cci)
132 if (INDEX_INVALID == cci)
135 cc = cnat_client_get (cci);
140 cnat_client_translation_deleted (index_t cci)
143 if (INDEX_INVALID == cci)
146 cc = cnat_client_get (cci);
149 if (0 == cc->tr_refcnt && 0 == cc->session_refcnt)
150 cnat_client_destroy (cc);
154 cnat_client_add (const ip_address_t * ip, u8 flags)
157 dpo_id_t tmp = DPO_INVALID;
158 fib_node_index_t fei;
164 /* check again if we need this client */
165 cc = (AF_IP4 == ip->version ?
166 cnat_client_ip4_find (&ip->ip.ip4) :
167 cnat_client_ip6_find (&ip->ip.ip6));
170 return (cc - cnat_client_pool);
173 pool_get_aligned (cnat_client_pool, cc, CLIB_CACHE_LINE_BYTES);
175 cci = cc - cnat_client_pool;
176 cc->parent_cci = cci;
179 cc->session_refcnt = 0;
181 ip_address_copy (&cc->cc_ip, ip);
182 cnat_client_db_add (cc);
184 ip_address_to_fib_prefix (&cc->cc_ip, &pfx);
186 dproto = fib_proto_to_dpo (pfx.fp_proto);
187 dpo_set (&tmp, cnat_client_dpo, dproto, cci);
188 dpo_stack (cnat_client_dpo, dproto, &cc->cc_parent, drop_dpo_get (dproto));
190 fib_flags = FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT;
191 fib_flags |= (flags & CNAT_FLAG_EXCLUSIVE) ?
192 FIB_ENTRY_FLAG_EXCLUSIVE : FIB_ENTRY_FLAG_INTERPOSE;
194 fei = fib_table_entry_special_dpo_add (CNAT_FIB_TABLE,
195 &pfx, cnat_fib_source, fib_flags,
198 cc = pool_elt_at_index (cnat_client_pool, cci);
205 cnat_client_learn (const ip_address_t *addr)
207 /* RPC call to add a client from the dataplane */
210 cci = cnat_client_add (addr, 0 /* flags */);
211 cc = pool_elt_at_index (cnat_client_pool, cci);
212 cnat_client_cnt_session (cc);
213 /* Process throttled calls if any */
214 cnat_client_throttle_pool_process ();
218 * Interpose a policy DPO
221 cnat_client_dpo_interpose (const dpo_id_t * original,
222 const dpo_id_t * parent, dpo_id_t * clone)
224 cnat_client_t *cc, *cc_clone;
226 pool_get_zero (cnat_client_pool, cc_clone);
227 cc = cnat_client_get (original->dpoi_index);
229 cc_clone->cc_fei = FIB_NODE_INDEX_INVALID;
230 cc_clone->parent_cci = cc->parent_cci;
231 cc_clone->flags = cc->flags;
232 ip_address_copy (&cc_clone->cc_ip, &cc->cc_ip);
234 /* stack the clone on the FIB provided parent */
235 dpo_stack (cnat_client_dpo, original->dpoi_proto, &cc_clone->cc_parent,
238 /* return the clone */
241 original->dpoi_proto, cc_clone - cnat_client_pool);
245 cnat_client_purge (void)
248 if ((rv = pool_elts (cnat_client_pool)))
249 clib_warning ("len(cnat_client_pool) isnt 0 but %d", rv);
251 if ((rv = hash_elts (cnat_client_db.throttle_mem)))
252 clib_warning ("len(throttle_mem) isnt 0 but %d", rv);
258 format_cnat_client (u8 * s, va_list * args)
260 index_t cci = va_arg (*args, index_t);
261 u32 indent = va_arg (*args, u32);
263 cnat_client_t *cc = pool_elt_at_index (cnat_client_pool, cci);
265 s = format (s, "[%d] cnat-client:[%U] tr:%d sess:%d", cci,
266 format_ip_address, &cc->cc_ip,
267 cc->tr_refcnt, cc->session_refcnt);
269 if (cc->flags & CNAT_FLAG_EXCLUSIVE)
270 s = format (s, " exclusive");
272 if (cnat_client_is_clone (cc))
273 s = format (s, "\n%Uclone of [%d]\n%U%U",
274 format_white_space, indent + 2, cc->parent_cci,
275 format_white_space, indent + 2,
276 format_dpo_id, &cc->cc_parent, indent + 4);
282 static clib_error_t *
283 cnat_client_show (vlib_main_t * vm,
284 unformat_input_t * input, vlib_cli_command_t * cmd)
290 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
292 if (unformat (input, "%d", &cci))
295 return (clib_error_return (0, "unknown input '%U'",
296 format_unformat_error, input));
299 if (INDEX_INVALID == cci)
301 pool_foreach_index (cci, cnat_client_pool)
302 vlib_cli_output(vm, "%U", format_cnat_client, cci, 0);
304 vlib_cli_output (vm, "%d clients", pool_elts (cnat_client_pool));
305 vlib_cli_output (vm, "%d timestamps", pool_elts (cnat_timestamps));
309 vlib_cli_output (vm, "Invalid policy ID:%d", cci);
315 VLIB_CLI_COMMAND (cnat_client_show_cmd_node, static) = {
316 .path = "show cnat client",
317 .function = cnat_client_show,
318 .short_help = "show cnat client",
322 const static char *const cnat_client_dpo_ip4_nodes[] = {
327 const static char *const cnat_client_dpo_ip6_nodes[] = {
332 const static char *const *const cnat_client_dpo_nodes[DPO_PROTO_NUM] = {
333 [DPO_PROTO_IP4] = cnat_client_dpo_ip4_nodes,
334 [DPO_PROTO_IP6] = cnat_client_dpo_ip6_nodes,
338 cnat_client_dpo_lock (dpo_id_t * dpo)
342 cc = cnat_client_get (dpo->dpoi_index);
348 cnat_client_dpo_unlock (dpo_id_t * dpo)
352 cc = cnat_client_get (dpo->dpoi_index);
356 if (0 == cc->cc_locks)
358 ASSERT (cnat_client_is_clone (cc));
359 dpo_reset (&cc->cc_parent);
360 pool_put (cnat_client_pool, cc);
365 format_cnat_client_dpo (u8 * s, va_list * ap)
367 index_t cci = va_arg (*ap, index_t);
368 u32 indent = va_arg (*ap, u32);
370 s = format (s, "%U", format_cnat_client, cci, indent);
375 const static dpo_vft_t cnat_client_dpo_vft = {
376 .dv_lock = cnat_client_dpo_lock,
377 .dv_unlock = cnat_client_dpo_unlock,
378 .dv_format = format_cnat_client_dpo,
379 .dv_mk_interpose = cnat_client_dpo_interpose,
382 static clib_error_t *
383 cnat_client_init (vlib_main_t * vm)
385 cnat_main_t *cm = &cnat_main;
386 cnat_client_dpo = dpo_register_new_type (&cnat_client_dpo_vft,
387 cnat_client_dpo_nodes);
389 clib_bihash_init_16_8 (&cnat_client_db.cc_ip_id_hash, "CNat client DB",
390 cm->client_hash_buckets, cm->client_hash_memory);
392 clib_spinlock_init (&cnat_client_db.throttle_lock);
393 cnat_client_db.throttle_mem =
394 hash_create_mem (0, sizeof (ip_address_t), sizeof (uword));
399 VLIB_INIT_FUNCTION (cnat_client_init);
402 * fd.io coding-style-patch-verification: ON
405 * eval: (c-set-style "gnu")