2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/fib/fib_source.h>
17 #include <vnet/fib/fib_table.h>
18 #include <vnet/fib/fib_entry_track.h>
19 #include <vnet/dpo/load_balance.h>
20 #include <vnet/dpo/drop_dpo.h>
22 #include <cnat/cnat_translation.h>
23 #include <cnat/cnat_maglev.h>
24 #include <cnat/cnat_session.h>
25 #include <cnat/cnat_client.h>
27 cnat_translation_t *cnat_translation_pool;
28 clib_bihash_8_8_t cnat_translation_db;
29 addr_resolution_t *tr_resolutions;
30 cnat_if_addr_add_cb_t *cnat_if_addr_add_cbs;
32 static fib_node_type_t cnat_translation_fib_node_type;
34 vlib_combined_counter_main_t cnat_translation_counters = {
35 .name = "cnat-translation",
36 .stat_segment_name = "/net/cnat-translation",
40 cnat_translation_watch_addr (index_t cti, u64 opaque, cnat_endpoint_t * ep,
41 cnat_addr_resol_type_t type)
43 addr_resolution_t *ar;
45 if (INDEX_INVALID == ep->ce_sw_if_index)
48 pool_get (tr_resolutions, ar);
49 ar->af = ep->ce_ip.version;
50 ar->sw_if_index = ep->ce_sw_if_index;
57 cnat_resolve_ep_tuple (cnat_endpoint_tuple_t * path)
59 cnat_resolve_ep (&path->src_ep);
60 cnat_resolve_ep (&path->dst_ep);
64 cnat_translation_unwatch_addr (u32 cti, cnat_addr_resol_type_t type)
66 /* Delete tr resolution entries matching translation index */
67 addr_resolution_t *ar;
68 index_t *indexes = 0, *ari;
69 pool_foreach (ar, tr_resolutions)
71 if ((cti == INDEX_INVALID || ar->cti == cti) &&
72 (ar->type == type || CNAT_RESOLV_ADDR_ANY == type))
73 vec_add1 (indexes, ar - tr_resolutions);
75 vec_foreach (ari, indexes) pool_put_index (tr_resolutions, *ari);
81 cnat_tracker_release (cnat_ep_trk_t * trk)
83 /* We only track fully resolved endpoints */
84 if (!(trk->ct_flags & CNAT_TRK_ACTIVE))
86 fib_entry_untrack (trk->ct_fei, trk->ct_sibling);
90 cnat_tracker_track (index_t cti, cnat_ep_trk_t * trk)
93 /* We only track fully resolved endpoints */
94 if (trk->ct_ep[VLIB_TX].ce_flags & CNAT_EP_FLAG_RESOLVED &&
95 trk->ct_ep[VLIB_RX].ce_flags & CNAT_EP_FLAG_RESOLVED)
96 trk->ct_flags |= CNAT_TRK_ACTIVE;
99 trk->ct_flags &= ~CNAT_TRK_ACTIVE;
103 ip_address_to_fib_prefix (&trk->ct_ep[VLIB_TX].ce_ip, &pfx);
104 trk->ct_fei = fib_entry_track (CNAT_FIB_TABLE,
106 cnat_translation_fib_node_type,
107 cti, &trk->ct_sibling);
109 fib_entry_contribute_forwarding (trk->ct_fei,
110 fib_forw_chain_type_from_fib_proto
111 (pfx.fp_proto), &trk->ct_dpo);
115 format_cnat_lb_type (u8 *s, va_list *args)
117 cnat_lb_type_t lb_type = va_arg (*args, int);
118 if (CNAT_LB_DEFAULT == lb_type)
119 s = format (s, "default");
120 else if (CNAT_LB_MAGLEV == lb_type)
121 s = format (s, "maglev");
123 s = format (s, "unknown");
128 unformat_cnat_lb_type (unformat_input_t *input, va_list *args)
130 cnat_lb_type_t *a = va_arg (*args, cnat_lb_type_t *);
131 if (unformat (input, "default"))
132 *a = CNAT_LB_DEFAULT;
133 else if (unformat (input, "maglev"))
141 * Add a translation to the bihash
143 * @param cci the ID of the parent client (invalid if vip not resolved)
144 * @param vip the translation endpoint
145 * @param proto the translation proto
146 * @param cti the translation index to be used as value
149 cnat_add_translation_to_db (index_t cci, cnat_endpoint_t * vip,
150 ip_protocol_t proto, index_t cti)
152 clib_bihash_kv_8_8_t bkey;
154 if (INDEX_INVALID == cci)
156 key = proto << 8 | 0x80 | vip->ce_ip.version;
157 key = key << 16 | vip->ce_port;
158 key = key << 32 | (u32) vip->ce_sw_if_index;
163 key = key << 16 | vip->ce_port;
164 key = key << 32 | (u32) cci;
170 clib_bihash_add_del_8_8 (&cnat_translation_db, &bkey, 1);
174 * Remove a translation from the bihash
176 * @param cci the ID of the parent client
177 * @param vip the translation endpoint
178 * @param proto the translation proto
181 cnat_remove_translation_from_db (index_t cci, cnat_endpoint_t * vip,
184 clib_bihash_kv_8_8_t bkey;
186 if (INDEX_INVALID == cci)
188 key = proto << 8 | 0x80 | vip->ce_ip.version;
189 key = key << 16 | vip->ce_port;
190 key = key << 32 | (u32) vip->ce_sw_if_index;
195 key = key << 16 | vip->ce_port;
196 key = key << 32 | (u32) cci;
201 clib_bihash_add_del_8_8 (&cnat_translation_db, &bkey, 0);
207 cnat_translation_stack (cnat_translation_t * ct)
209 fib_protocol_t fproto;
215 fproto = ip_address_family_to_fib_proto (ct->ct_vip.ce_ip.version);
216 dproto = fib_proto_to_dpo (fproto);
218 vec_reset_length (ct->ct_active_paths);
220 vec_foreach (trk, ct->ct_paths)
221 if (trk->ct_flags & CNAT_TRK_ACTIVE)
222 vec_add1 (ct->ct_active_paths, *trk);
224 flow_hash_config_t fhc = IP_FLOW_HASH_DEFAULT;
227 lbi = load_balance_create (vec_len (ct->ct_active_paths),
228 fib_proto_to_dpo (fproto), fhc);
231 vec_foreach (trk, ct->ct_active_paths)
232 load_balance_set_bucket (lbi, ep_idx++, &trk->ct_dpo);
234 if (ep_idx > 0 && CNAT_LB_MAGLEV == ct->lb_type)
235 cnat_translation_init_maglev (ct);
237 dpo_set (&ct->ct_lb, DPO_LOAD_BALANCE, dproto, lbi);
238 dpo_stack (cnat_client_dpo, dproto, &ct->ct_lb, &ct->ct_lb);
239 ct->flags |= CNAT_TR_FLAG_STACKED;
243 cnat_translation_delete (u32 id)
245 cnat_translation_t *ct;
248 if (pool_is_free_index (cnat_translation_pool, id))
249 return (VNET_API_ERROR_NO_SUCH_ENTRY);
251 ct = pool_elt_at_index (cnat_translation_pool, id);
253 dpo_reset (&ct->ct_lb);
255 vec_foreach (trk, ct->ct_active_paths)
256 cnat_tracker_release (trk);
258 cnat_remove_translation_from_db (ct->ct_cci, &ct->ct_vip, ct->ct_proto);
259 cnat_client_translation_deleted (ct->ct_cci);
260 cnat_translation_unwatch_addr (id, CNAT_RESOLV_ADDR_ANY);
261 pool_put (cnat_translation_pool, ct);
267 cnat_translation_update (cnat_endpoint_t *vip, ip_protocol_t proto,
268 cnat_endpoint_tuple_t *paths, u8 flags,
269 cnat_lb_type_t lb_type, flow_hash_config_t fhc)
271 cnat_endpoint_tuple_t *path;
272 const cnat_client_t *cc;
273 cnat_translation_t *ct;
278 if (cnat_resolve_ep (vip))
280 /* vip only contains a sw_if_index for now */
281 ct = cnat_find_translation (vip->ce_sw_if_index, vip->ce_port, proto);
286 /* do we know of this ep's vip */
287 cci = cnat_client_add (&vip->ce_ip, flags);
288 cc = cnat_client_get (cci);
290 ct = cnat_find_translation (cc->parent_cci, vip->ce_port, proto);
295 pool_get_zero (cnat_translation_pool, ct);
297 clib_memcpy (&ct->ct_vip, vip, sizeof (*vip));
298 ct->ct_proto = proto;
300 ct->index = ct - cnat_translation_pool;
301 ct->lb_type = lb_type;
304 cnat_add_translation_to_db (cci, vip, proto, ct->index);
305 cnat_client_translation_added (cci);
307 vlib_validate_combined_counter (&cnat_translation_counters, ct->index);
308 vlib_zero_combined_counter (&cnat_translation_counters, ct->index);
312 cnat_translation_unwatch_addr (ct->index, CNAT_RESOLV_ADDR_ANY);
313 cnat_translation_watch_addr (ct->index, 0, vip,
314 CNAT_RESOLV_ADDR_TRANSLATION);
316 vec_foreach (trk, ct->ct_paths)
318 cnat_tracker_release (trk);
321 vec_reset_length (ct->ct_paths);
322 ct->flags &= ~CNAT_TR_FLAG_STACKED;
325 vec_foreach (path, paths)
327 cnat_resolve_ep_tuple (path);
328 cnat_translation_watch_addr (ct->index,
329 path_idx << 32 | VLIB_RX, &path->src_ep,
330 CNAT_RESOLV_ADDR_BACKEND);
331 cnat_translation_watch_addr (ct->index,
332 path_idx << 32 | VLIB_TX, &path->dst_ep,
333 CNAT_RESOLV_ADDR_BACKEND);
336 vec_add2 (ct->ct_paths, trk, 1);
338 clib_memcpy (&trk->ct_ep[VLIB_TX], &path->dst_ep,
339 sizeof (trk->ct_ep[VLIB_TX]));
340 clib_memcpy (&trk->ct_ep[VLIB_RX], &path->src_ep,
341 sizeof (trk->ct_ep[VLIB_RX]));
342 trk->ct_flags = path->ep_flags;
344 cnat_tracker_track (ct->index, trk);
347 cnat_translation_stack (ct);
353 cnat_translation_walk (cnat_translation_walk_cb_t cb, void *ctx)
357 pool_foreach_index (api, cnat_translation_pool)
365 format_cnat_ep_trk (u8 * s, va_list * args)
367 cnat_ep_trk_t *ck = va_arg (*args, cnat_ep_trk_t *);
368 u32 indent = va_arg (*args, u32);
370 s = format (s, "%U->%U", format_cnat_endpoint, &ck->ct_ep[VLIB_RX],
371 format_cnat_endpoint, &ck->ct_ep[VLIB_TX]);
372 s = format (s, "\n%Ufib-entry:%d", format_white_space, indent, ck->ct_fei);
373 s = format (s, "\n%U%U",
374 format_white_space, indent, format_dpo_id, &ck->ct_dpo, 6);
380 format_cnat_translation (u8 * s, va_list * args)
382 cnat_translation_t *ct = va_arg (*args, cnat_translation_t *);
383 cnat_main_t *cm = &cnat_main;
386 s = format (s, "[%d] ", ct->index);
387 s = format (s, "%U %U ", format_cnat_endpoint, &ct->ct_vip,
388 format_ip_protocol, ct->ct_proto);
389 s = format (s, "lb:%U ", format_cnat_lb_type, ct->lb_type);
391 if ((ct->fhc == 0) || (ct->fhc == IP_FLOW_HASH_DEFAULT))
392 s = format (s, "fhc:0x%x(default)", IP_FLOW_HASH_DEFAULT);
394 s = format (s, "fhc:0x%x", ct->fhc);
396 vec_foreach (ck, ct->ct_paths)
397 s = format (s, "\n%U", format_cnat_ep_trk, ck, 2);
399 /* If printing a trace, the LB object might be deleted */
400 if (!pool_is_free_index (load_balance_pool, ct->ct_lb.dpoi_index))
402 s = format (s, "\n via:");
403 s = format (s, "\n%U%U",
404 format_white_space, 2, format_dpo_id, &ct->ct_lb, 2);
408 if (CNAT_LB_MAGLEV == ct->lb_type)
410 s = format (s, "\nmaglev backends map");
411 uword *bitmap = NULL;
412 clib_bitmap_alloc (bitmap, cm->maglev_len);
413 vec_foreach (ck, ct->ct_paths)
415 clib_bitmap_zero (bitmap);
416 for (u32 i = 0; i < vec_len (ct->lb_maglev); i++)
417 if (ct->lb_maglev[i] == bid)
418 clib_bitmap_set (bitmap, i, 1);
419 s = format (s, "\n backend#%d: %U", bid, format_bitmap_hex, bitmap);
423 clib_bitmap_free (bitmap);
429 static clib_error_t *
430 cnat_translation_show (vlib_main_t * vm,
431 unformat_input_t * input, vlib_cli_command_t * cmd)
434 cnat_translation_t *ct;
438 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
440 if (unformat (input, "%d", &cti))
443 return (clib_error_return (0, "unknown input '%U'",
444 format_unformat_error, input));
447 if (INDEX_INVALID == cti)
449 pool_foreach_index (cti, cnat_translation_pool)
451 ct = pool_elt_at_index (cnat_translation_pool, cti);
452 vlib_cli_output(vm, "%U", format_cnat_translation, ct);
457 vlib_cli_output (vm, "Invalid policy ID:%d", cti);
464 cnat_translation_purge (void)
466 /* purge all the translations */
467 index_t tri, *trp, *trs = NULL;
469 pool_foreach_index (tri, cnat_translation_pool)
474 vec_foreach (trp, trs) cnat_translation_delete (*trp);
476 ASSERT (0 == pool_elts (cnat_translation_pool));
483 VLIB_CLI_COMMAND (cnat_translation_show_cmd_node, static) = {
484 .path = "show cnat translation",
485 .function = cnat_translation_show,
486 .short_help = "show cnat translation <VIP>",
491 cnat_translation_get_node (fib_node_index_t index)
493 cnat_translation_t *ct = cnat_translation_get (index);
494 return (&(ct->ct_node));
497 static cnat_translation_t *
498 cnat_translation_get_from_node (fib_node_t * node)
500 return ((cnat_translation_t *) (((char *) node) -
501 STRUCT_OFFSET_OF (cnat_translation_t,
506 cnat_translation_last_lock_gone (fib_node_t * node)
511 * A back walk has reached this ABF policy
513 static fib_node_back_walk_rc_t
514 cnat_translation_back_walk_notify (fib_node_t * node,
515 fib_node_back_walk_ctx_t * ctx)
518 * re-stack the fmask on the n-eos of the via
520 cnat_translation_t *ct = cnat_translation_get_from_node (node);
522 /* If we have more than FIB_PATH_LIST_POPULAR paths
523 * we might get called during path tracking
524 * (cnat_tracker_track) */
525 if (!(ct->flags & CNAT_TR_FLAG_STACKED))
526 return (FIB_NODE_BACK_WALK_CONTINUE);
528 cnat_translation_stack (ct);
530 return (FIB_NODE_BACK_WALK_CONTINUE);
534 * The translation's graph node virtual function table
536 static const fib_node_vft_t cnat_translation_vft = {
537 .fnv_get = cnat_translation_get_node,
538 .fnv_last_lock = cnat_translation_last_lock_gone,
539 .fnv_back_walk = cnat_translation_back_walk_notify,
542 static clib_error_t *
543 cnat_translation_cli_add_del (vlib_main_t * vm,
544 unformat_input_t * input,
545 vlib_cli_command_t * cmd)
547 u32 del_index = INDEX_INVALID;
548 ip_protocol_t proto = IP_PROTOCOL_TCP;
550 u8 flags = CNAT_FLAG_EXCLUSIVE;
551 cnat_endpoint_tuple_t tmp, *paths = NULL, *path;
552 unformat_input_t _line_input, *line_input = &_line_input;
554 cnat_lb_type_t lb_type;
556 /* Get a line of input. */
557 if (!unformat_user (input, unformat_line_input, line_input))
560 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
562 if (unformat (line_input, "add"))
563 del_index = INDEX_INVALID;
564 else if (unformat (line_input, "del %d", &del_index))
567 if (unformat (line_input, "proto %U", unformat_ip_protocol, &proto))
569 else if (unformat (line_input, "vip %U", unformat_cnat_ep, &vip))
570 flags = CNAT_FLAG_EXCLUSIVE;
571 else if (unformat (line_input, "real %U", unformat_cnat_ep, &vip))
573 else if (unformat (line_input, "to %U", unformat_cnat_ep_tuple, &tmp))
575 vec_add2 (paths, path, 1);
576 clib_memcpy (path, &tmp, sizeof (cnat_endpoint_tuple_t));
578 else if (unformat (line_input, "%U", unformat_cnat_lb_type, &lb_type))
582 e = clib_error_return (0, "unknown input '%U'",
583 format_unformat_error, line_input);
588 flow_hash_config_t fhc = 0;
589 if (INDEX_INVALID == del_index)
590 cnat_translation_update (&vip, proto, paths, flags, lb_type, fhc);
592 cnat_translation_delete (del_index);
596 unformat_free (line_input);
600 VLIB_CLI_COMMAND (cnat_translation_cli_add_del_command, static) =
602 .path = "cnat translation",
603 .short_help = "cnat translation [add|del] proto [TCP|UDP] [vip|real] [ip|sw_if_index [v6]] [port] [to [ip|sw_if_index [v6]] [port]->[ip|sw_if_index [v6]] [port]]",
604 .function = cnat_translation_cli_add_del,
608 cnat_if_addr_add_del_translation_cb (addr_resolution_t * ar,
609 ip_address_t * address, u8 is_del)
611 cnat_translation_t *ct;
612 ct = cnat_translation_get (ar->cti);
613 if (!is_del && ct->ct_vip.ce_flags & CNAT_EP_FLAG_RESOLVED)
616 cnat_remove_translation_from_db (ct->ct_cci, &ct->ct_vip, ct->ct_proto);
620 ct->ct_vip.ce_flags &= ~CNAT_EP_FLAG_RESOLVED;
621 ct->ct_cci = INDEX_INVALID;
622 cnat_client_translation_deleted (ct->ct_cci);
623 /* Are there remaining addresses ? */
624 if (0 == cnat_resolve_addr (ar->sw_if_index, ar->af, address))
630 ct->ct_cci = cnat_client_add (address, ct->flags);
631 cnat_client_translation_added (ct->ct_cci);
632 ip_address_copy (&ct->ct_vip.ce_ip, address);
633 ct->ct_vip.ce_flags |= CNAT_EP_FLAG_RESOLVED;
636 cnat_add_translation_to_db (ct->ct_cci, &ct->ct_vip, ct->ct_proto,
641 cnat_if_addr_add_del_backend_cb (addr_resolution_t * ar,
642 ip_address_t * address, u8 is_del)
644 cnat_translation_t *ct;
648 u8 direction = ar->opaque & 0xf;
649 u32 path_idx = ar->opaque >> 32;
651 ct = cnat_translation_get (ar->cti);
653 trk = &ct->ct_paths[path_idx];
654 ep = &trk->ct_ep[direction];
656 if (!is_del && ep->ce_flags & CNAT_EP_FLAG_RESOLVED)
659 ASSERT (ep->ce_sw_if_index == ar->sw_if_index);
663 ep->ce_flags &= ~CNAT_EP_FLAG_RESOLVED;
664 /* Are there remaining addresses ? */
665 if (0 == cnat_resolve_addr (ar->sw_if_index, ar->af, address))
671 ip_address_copy (&ep->ce_ip, address);
672 ep->ce_flags |= CNAT_EP_FLAG_RESOLVED;
675 ct->flags &= ~CNAT_TR_FLAG_STACKED;
676 cnat_tracker_track (ar->cti, trk);
678 cnat_translation_stack (ct);
679 ct->flags |= CNAT_TR_FLAG_STACKED;
683 cnat_if_addr_add_del_callback (u32 sw_if_index, ip_address_t * address,
686 addr_resolution_t *ar;
687 pool_foreach (ar, tr_resolutions)
689 if (ar->sw_if_index != sw_if_index)
691 if (ar->af != ip_addr_version (address))
693 cnat_if_addr_add_cbs[ar->type](ar, address, is_del);
698 cnat_ip6_if_addr_add_del_callback (struct ip6_main_t *im,
699 uword opaque, u32 sw_if_index,
700 ip6_address_t * address,
701 u32 address_length, u32 if_address_index,
705 ip_address_set (&addr, address, AF_IP6);
706 cnat_if_addr_add_del_callback (sw_if_index, &addr, is_del);
710 cnat_ip4_if_addr_add_del_callback (struct ip4_main_t *im,
711 uword opaque, u32 sw_if_index,
712 ip4_address_t * address,
713 u32 address_length, u32 if_address_index,
717 ip_address_set (&addr, address, AF_IP4);
718 cnat_if_addr_add_del_callback (sw_if_index, &addr, is_del);
722 cnat_translation_register_addr_add_cb (cnat_addr_resol_type_t typ,
723 cnat_if_addr_add_cb_t fn)
725 vec_validate (cnat_if_addr_add_cbs, CNAT_ADDR_N_RESOLUTIONS);
726 cnat_if_addr_add_cbs[typ] = fn;
729 static clib_error_t *
730 cnat_translation_init (vlib_main_t * vm)
732 ip4_main_t *i4m = &ip4_main;
733 ip6_main_t *i6m = &ip6_main;
734 cnat_main_t *cm = &cnat_main;
735 cnat_translation_fib_node_type =
736 fib_node_register_new_type ("cnat-translation", &cnat_translation_vft);
738 clib_bihash_init_8_8 (&cnat_translation_db, "CNat translation DB",
739 cm->translation_hash_buckets,
740 cm->translation_hash_memory);
742 ip4_add_del_interface_address_callback_t cb4 = { 0 };
743 cb4.function = cnat_ip4_if_addr_add_del_callback;
744 vec_add1 (i4m->add_del_interface_address_callbacks, cb4);
746 ip6_add_del_interface_address_callback_t cb6 = { 0 };
747 cb6.function = cnat_ip6_if_addr_add_del_callback;
748 vec_add1 (i6m->add_del_interface_address_callbacks, cb6);
750 cnat_translation_register_addr_add_cb (CNAT_RESOLV_ADDR_BACKEND,
751 cnat_if_addr_add_del_backend_cb);
752 cnat_translation_register_addr_add_cb (CNAT_RESOLV_ADDR_TRANSLATION,
753 cnat_if_addr_add_del_translation_cb);
758 VLIB_INIT_FUNCTION (cnat_translation_init);
761 * fd.io coding-style-patch-verification: ON
764 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob