2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 #include <vnet/ip/ip_frag.h>
18 #include <vnet/ip/ip4_to_ip6.h>
20 #define IP4_MAP_T_DUAL_LOOP 1
24 IP4_MAPT_NEXT_MAPT_TCP_UDP,
25 IP4_MAPT_NEXT_MAPT_ICMP,
26 IP4_MAPT_NEXT_MAPT_FRAGMENTED,
33 IP4_MAPT_ICMP_NEXT_IP6_LOOKUP,
34 IP4_MAPT_ICMP_NEXT_IP6_FRAG,
35 IP4_MAPT_ICMP_NEXT_DROP,
37 } ip4_mapt_icmp_next_t;
41 IP4_MAPT_TCP_UDP_NEXT_IP6_LOOKUP,
42 IP4_MAPT_TCP_UDP_NEXT_IP6_FRAG,
43 IP4_MAPT_TCP_UDP_NEXT_DROP,
44 IP4_MAPT_TCP_UDP_N_NEXT
45 } ip4_mapt_tcp_udp_next_t;
49 IP4_MAPT_FRAGMENTED_NEXT_IP6_LOOKUP,
50 IP4_MAPT_FRAGMENTED_NEXT_IP6_FRAG,
51 IP4_MAPT_FRAGMENTED_NEXT_DROP,
52 IP4_MAPT_FRAGMENTED_N_NEXT
53 } ip4_mapt_fragmented_next_t;
55 //This is used to pass information within the buffer data.
56 //Buffer structure being too small to contain big structures like this.
58 typedef CLIB_PACKED (struct {
61 //IPv6 header + Fragmentation header will be here
62 //sizeof(ip6) + sizeof(ip_frag) - sizeof(ip4)
64 }) ip4_mapt_pseudo_header_t;
68 static_always_inline int
69 ip4_map_fragment_cache (ip4_header_t * ip4, u16 port)
72 map_ip4_reass_lock ();
74 map_ip4_reass_get (ip4->src_address.as_u32, ip4->dst_address.as_u32,
77 IP_PROTOCOL_ICMP) ? IP_PROTOCOL_ICMP6 : ip4->protocol,
82 map_ip4_reass_unlock ();
86 static_always_inline i32
87 ip4_map_fragment_get_port (ip4_header_t * ip4)
90 map_ip4_reass_lock ();
92 map_ip4_reass_get (ip4->src_address.as_u32, ip4->dst_address.as_u32,
95 IP_PROTOCOL_ICMP) ? IP_PROTOCOL_ICMP6 : ip4->protocol,
97 i32 ret = r ? r->port : -1;
98 map_ip4_reass_unlock ();
106 } icmp_to_icmp6_ctx_t;
109 ip4_to_ip6_set_icmp_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
111 icmp_to_icmp6_ctx_t *ctx = arg;
112 map_main_t *mm = &map_main;
116 ip6->src_address.as_u64[0] =
117 map_get_pfx_net (ctx->d, ip4->src_address.as_u32, ctx->id);
118 ip6->src_address.as_u64[1] =
119 map_get_sfx_net (ctx->d, ip4->src_address.as_u32, ctx->id);
120 ip4_map_t_embedded_address (ctx->d, &ip6->dst_address,
125 ip4_map_t_embedded_address (ctx->d, &ip6->src_address,
127 ip6->dst_address.as_u64[0] =
128 map_get_pfx_net (ctx->d, ip4->dst_address.as_u32, ctx->id);
129 ip6->dst_address.as_u64[1] =
130 map_get_sfx_net (ctx->d, ip4->dst_address.as_u32, ctx->id);
137 ip4_to_ip6_set_inner_icmp_cb (ip4_header_t * ip4, ip6_header_t * ip6,
140 icmp_to_icmp6_ctx_t *ctx = arg;
141 map_main_t *mm = &map_main;
145 //Note that the destination address is within the domain
146 //while the source address is the one outside the domain
147 ip4_map_t_embedded_address (ctx->d, &ip6->src_address,
149 ip6->dst_address.as_u64[0] =
150 map_get_pfx_net (ctx->d, ip4->dst_address.as_u32, ctx->id);
151 ip6->dst_address.as_u64[1] =
152 map_get_sfx_net (ctx->d, ip4->dst_address.as_u32, ctx->id);
156 //Note that the source address is within the domain
157 //while the destination address is the one outside the domain
158 ip4_map_t_embedded_address (ctx->d, &ip6->dst_address,
160 ip6->src_address.as_u64[0] =
161 map_get_pfx_net (ctx->d, ip4->src_address.as_u32, ctx->id);
162 ip6->src_address.as_u64[1] =
163 map_get_sfx_net (ctx->d, ip4->src_address.as_u32, ctx->id);
170 ip4_map_t_icmp (vlib_main_t * vm,
171 vlib_node_runtime_t * node, vlib_frame_t * frame)
173 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
174 vlib_node_runtime_t *error_node =
175 vlib_node_get_runtime (vm, ip4_map_t_icmp_node.index);
176 from = vlib_frame_vector_args (frame);
177 n_left_from = frame->n_vectors;
178 next_index = node->cached_next_index;
179 vlib_combined_counter_main_t *cm = map_main.domain_counters;
180 u32 thread_index = vm->thread_index;
182 while (n_left_from > 0)
184 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
186 while (n_left_from > 0 && n_left_to_next > 0)
190 ip4_mapt_icmp_next_t next0;
194 icmp_to_icmp6_ctx_t ctx0;
196 icmp46_header_t *icmp0;
198 next0 = IP4_MAPT_ICMP_NEXT_IP6_LOOKUP;
199 pi0 = to_next[0] = from[0];
204 error0 = MAP_ERROR_NONE;
206 p0 = vlib_get_buffer (vm, pi0);
207 vlib_buffer_advance (p0, sizeof (ip4_mapt_pseudo_header_t)); //The pseudo-header is not used
209 clib_net_to_host_u16 (((ip4_header_t *)
210 vlib_buffer_get_current (p0))->length);
212 pool_elt_at_index (map_main.domains,
213 vnet_buffer (p0)->map_t.map_domain_index);
215 ip40 = vlib_buffer_get_current (p0);
216 icmp0 = (icmp46_header_t *) (ip40 + 1);
218 ctx0.id = ip4_get_port (ip40, icmp0->type == ICMP6_echo_request);
222 // In case of 1:1 mapping, we don't care about the port
223 if (!(d0->ea_bits_len == 0 && d0->rules))
225 error0 = MAP_ERROR_ICMP;
231 (p0, ip4_to_ip6_set_icmp_cb, &ctx0,
232 ip4_to_ip6_set_inner_icmp_cb, &ctx0))
234 error0 = MAP_ERROR_ICMP;
238 if (vnet_buffer (p0)->map_t.mtu < p0->current_length)
240 vnet_buffer (p0)->ip_frag.mtu = vnet_buffer (p0)->map_t.mtu;
241 vnet_buffer (p0)->ip_frag.next_index = IP6_FRAG_NEXT_IP6_LOOKUP;
242 next0 = IP4_MAPT_ICMP_NEXT_IP6_FRAG;
245 if (PREDICT_TRUE (error0 == MAP_ERROR_NONE))
247 vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_TX,
250 map_t.map_domain_index, 1,
255 next0 = IP4_MAPT_ICMP_NEXT_DROP;
257 p0->error = error_node->errors[error0];
258 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
259 to_next, n_left_to_next, pi0,
262 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
264 return frame->n_vectors;
268 ip4_to_ip6_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *ctx)
270 ip4_mapt_pseudo_header_t *pheader = ctx;
272 ip6->dst_address.as_u64[0] = pheader->daddr.as_u64[0];
273 ip6->dst_address.as_u64[1] = pheader->daddr.as_u64[1];
274 ip6->src_address.as_u64[0] = pheader->saddr.as_u64[0];
275 ip6->src_address.as_u64[1] = pheader->saddr.as_u64[1];
281 ip4_map_t_fragmented (vlib_main_t * vm,
282 vlib_node_runtime_t * node, vlib_frame_t * frame)
284 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
285 from = vlib_frame_vector_args (frame);
286 n_left_from = frame->n_vectors;
287 next_index = node->cached_next_index;
288 vlib_node_runtime_t *error_node =
289 vlib_node_get_runtime (vm, ip4_map_t_fragmented_node.index);
291 while (n_left_from > 0)
293 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
295 while (n_left_from > 0 && n_left_to_next > 0)
299 ip4_mapt_pseudo_header_t *pheader0;
300 ip4_mapt_fragmented_next_t next0;
302 next0 = IP4_MAPT_FRAGMENTED_NEXT_IP6_LOOKUP;
303 pi0 = to_next[0] = from[0];
309 p0 = vlib_get_buffer (vm, pi0);
311 //Accessing pseudo header
312 pheader0 = vlib_buffer_get_current (p0);
313 vlib_buffer_advance (p0, sizeof (*pheader0));
315 if (ip4_to_ip6_fragmented (p0, ip4_to_ip6_set_cb, pheader0))
317 p0->error = error_node->errors[MAP_ERROR_FRAGMENT_DROPPED];
318 next0 = IP4_MAPT_FRAGMENTED_NEXT_DROP;
322 if (vnet_buffer (p0)->map_t.mtu < p0->current_length)
324 vnet_buffer (p0)->ip_frag.mtu = vnet_buffer (p0)->map_t.mtu;
325 vnet_buffer (p0)->ip_frag.next_index =
326 IP6_FRAG_NEXT_IP6_LOOKUP;
327 next0 = IP4_MAPT_FRAGMENTED_NEXT_IP6_FRAG;
331 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
332 to_next, n_left_to_next, pi0,
335 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
337 return frame->n_vectors;
341 ip4_map_t_tcp_udp (vlib_main_t * vm,
342 vlib_node_runtime_t * node, vlib_frame_t * frame)
344 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
345 from = vlib_frame_vector_args (frame);
346 n_left_from = frame->n_vectors;
347 next_index = node->cached_next_index;
348 vlib_node_runtime_t *error_node =
349 vlib_node_get_runtime (vm, ip4_map_t_tcp_udp_node.index);
352 while (n_left_from > 0)
354 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
356 #ifdef IP4_MAP_T_DUAL_LOOP
357 while (n_left_from >= 4 && n_left_to_next >= 2)
360 vlib_buffer_t *p0, *p1;
361 ip4_mapt_pseudo_header_t *pheader0, *pheader1;
362 ip4_mapt_tcp_udp_next_t next0, next1;
364 pi0 = to_next[0] = from[0];
365 pi1 = to_next[1] = from[1];
371 next0 = IP4_MAPT_TCP_UDP_NEXT_IP6_LOOKUP;
372 next1 = IP4_MAPT_TCP_UDP_NEXT_IP6_LOOKUP;
373 p0 = vlib_get_buffer (vm, pi0);
374 p1 = vlib_get_buffer (vm, pi1);
376 //Accessing pseudo header
377 pheader0 = vlib_buffer_get_current (p0);
378 pheader1 = vlib_buffer_get_current (p1);
379 vlib_buffer_advance (p0, sizeof (*pheader0));
380 vlib_buffer_advance (p1, sizeof (*pheader1));
382 if (ip4_to_ip6_tcp_udp (p0, ip4_to_ip6_set_cb, pheader0))
384 p0->error = error_node->errors[MAP_ERROR_UNKNOWN];
385 next0 = IP4_MAPT_TCP_UDP_NEXT_DROP;
389 if (vnet_buffer (p0)->map_t.mtu < p0->current_length)
391 //Send to fragmentation node if necessary
392 vnet_buffer (p0)->ip_frag.mtu = vnet_buffer (p0)->map_t.mtu;
393 vnet_buffer (p0)->ip_frag.next_index =
394 IP6_FRAG_NEXT_IP6_LOOKUP;
395 next0 = IP4_MAPT_TCP_UDP_NEXT_IP6_FRAG;
399 if (ip4_to_ip6_tcp_udp (p1, ip4_to_ip6_set_cb, pheader1))
401 p1->error = error_node->errors[MAP_ERROR_UNKNOWN];
402 next1 = IP4_MAPT_TCP_UDP_NEXT_DROP;
406 if (vnet_buffer (p1)->map_t.mtu < p1->current_length)
408 //Send to fragmentation node if necessary
409 vnet_buffer (p1)->ip_frag.mtu = vnet_buffer (p1)->map_t.mtu;
410 vnet_buffer (p1)->ip_frag.next_index =
411 IP6_FRAG_NEXT_IP6_LOOKUP;
412 next1 = IP4_MAPT_TCP_UDP_NEXT_IP6_FRAG;
416 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
417 to_next, n_left_to_next, pi0, pi1,
422 while (n_left_from > 0 && n_left_to_next > 0)
426 ip4_mapt_pseudo_header_t *pheader0;
427 ip4_mapt_tcp_udp_next_t next0;
429 pi0 = to_next[0] = from[0];
435 next0 = IP4_MAPT_TCP_UDP_NEXT_IP6_LOOKUP;
436 p0 = vlib_get_buffer (vm, pi0);
438 //Accessing pseudo header
439 pheader0 = vlib_buffer_get_current (p0);
440 vlib_buffer_advance (p0, sizeof (*pheader0));
442 if (ip4_to_ip6_tcp_udp (p0, ip4_to_ip6_set_cb, pheader0))
444 p0->error = error_node->errors[MAP_ERROR_UNKNOWN];
445 next0 = IP4_MAPT_TCP_UDP_NEXT_DROP;
449 if (vnet_buffer (p0)->map_t.mtu < p0->current_length)
451 //Send to fragmentation node if necessary
452 vnet_buffer (p0)->ip_frag.mtu = vnet_buffer (p0)->map_t.mtu;
453 vnet_buffer (p0)->ip_frag.next_index =
454 IP6_FRAG_NEXT_IP6_LOOKUP;
455 next0 = IP4_MAPT_TCP_UDP_NEXT_IP6_FRAG;
458 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
459 to_next, n_left_to_next, pi0,
462 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
465 return frame->n_vectors;
468 static_always_inline void
469 ip4_map_t_classify (vlib_buffer_t * p0, map_domain_t * d0,
470 ip4_header_t * ip40, u16 ip4_len0, i32 * dst_port0,
471 u8 * error0, ip4_mapt_next_t * next0)
473 map_main_t *mm = &map_main;
481 if (PREDICT_FALSE (ip4_get_fragment_offset (ip40)))
483 *next0 = IP4_MAPT_NEXT_MAPT_FRAGMENTED;
484 if (d0->ea_bits_len == 0 && d0->rules)
490 *dst_port0 = ip4_map_fragment_get_port (ip40);
491 *error0 = (*dst_port0 == -1) ? MAP_ERROR_FRAGMENT_MEMORY : *error0;
494 else if (PREDICT_TRUE (ip40->protocol == IP_PROTOCOL_TCP))
496 vnet_buffer (p0)->map_t.checksum_offset = 36;
497 *next0 = IP4_MAPT_NEXT_MAPT_TCP_UDP;
498 *error0 = ip4_len0 < 40 ? MAP_ERROR_MALFORMED : *error0;
500 (i32) * ((u16 *) u8_ptr_add (ip40, sizeof (*ip40) + port_offset));
502 else if (PREDICT_TRUE (ip40->protocol == IP_PROTOCOL_UDP))
504 vnet_buffer (p0)->map_t.checksum_offset = 26;
505 *next0 = IP4_MAPT_NEXT_MAPT_TCP_UDP;
506 *error0 = ip4_len0 < 28 ? MAP_ERROR_MALFORMED : *error0;
508 (i32) * ((u16 *) u8_ptr_add (ip40, sizeof (*ip40) + port_offset));
510 else if (ip40->protocol == IP_PROTOCOL_ICMP)
512 *next0 = IP4_MAPT_NEXT_MAPT_ICMP;
513 if (d0->ea_bits_len == 0 && d0->rules)
515 else if (((icmp46_header_t *) u8_ptr_add (ip40, sizeof (*ip40)))->code
517 || ((icmp46_header_t *)
519 sizeof (*ip40)))->code == ICMP4_echo_request)
520 *dst_port0 = (i32) * ((u16 *) u8_ptr_add (ip40, sizeof (*ip40) + 6));
524 *error0 = MAP_ERROR_BAD_PROTOCOL;
529 ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
531 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
532 vlib_node_runtime_t *error_node =
533 vlib_node_get_runtime (vm, ip4_map_t_node.index);
534 from = vlib_frame_vector_args (frame);
535 n_left_from = frame->n_vectors;
536 next_index = node->cached_next_index;
537 map_main_t *mm = &map_main;
538 vlib_combined_counter_main_t *cm = map_main.domain_counters;
539 u32 thread_index = vm->thread_index;
541 while (n_left_from > 0)
543 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
545 #ifdef IP4_MAP_T_DUAL_LOOP
546 while (n_left_from >= 4 && n_left_to_next >= 2)
549 vlib_buffer_t *p0, *p1;
550 ip4_header_t *ip40, *ip41;
551 map_domain_t *d0, *d1;
552 ip4_mapt_next_t next0 = 0, next1 = 0;
553 u16 ip4_len0, ip4_len1;
555 i32 map_port0, map_port1;
556 ip4_mapt_pseudo_header_t *pheader0, *pheader1;
558 pi0 = to_next[0] = from[0];
559 pi1 = to_next[1] = from[1];
564 error0 = MAP_ERROR_NONE;
565 error1 = MAP_ERROR_NONE;
567 p0 = vlib_get_buffer (vm, pi0);
568 p1 = vlib_get_buffer (vm, pi1);
569 ip40 = vlib_buffer_get_current (p0);
570 ip41 = vlib_buffer_get_current (p1);
571 ip4_len0 = clib_host_to_net_u16 (ip40->length);
572 ip4_len1 = clib_host_to_net_u16 (ip41->length);
574 if (PREDICT_FALSE (p0->current_length < ip4_len0 ||
575 ip40->ip_version_and_header_length != 0x45))
577 error0 = MAP_ERROR_UNKNOWN;
578 next0 = IP4_MAPT_NEXT_DROP;
581 if (PREDICT_FALSE (p1->current_length < ip4_len1 ||
582 ip41->ip_version_and_header_length != 0x45))
584 error1 = MAP_ERROR_UNKNOWN;
585 next1 = IP4_MAPT_NEXT_DROP;
588 vnet_buffer (p0)->map_t.map_domain_index =
589 vnet_buffer (p0)->ip.adj_index[VLIB_TX];
590 d0 = ip4_map_get_domain (vnet_buffer (p0)->map_t.map_domain_index);
591 vnet_buffer (p1)->map_t.map_domain_index =
592 vnet_buffer (p1)->ip.adj_index[VLIB_TX];
593 d1 = ip4_map_get_domain (vnet_buffer (p1)->map_t.map_domain_index);
595 vnet_buffer (p0)->map_t.mtu = d0->mtu ? d0->mtu : ~0;
596 vnet_buffer (p1)->map_t.mtu = d1->mtu ? d1->mtu : ~0;
601 ip4_map_t_classify (p0, d0, ip40, ip4_len0, &map_port0, &error0,
603 ip4_map_t_classify (p1, d1, ip41, ip4_len1, &map_port1, &error1,
606 //Add MAP-T pseudo header in front of the packet
607 vlib_buffer_advance (p0, -sizeof (*pheader0));
608 vlib_buffer_advance (p1, -sizeof (*pheader1));
609 pheader0 = vlib_buffer_get_current (p0);
610 pheader1 = vlib_buffer_get_current (p1);
612 //Save addresses within the packet
615 ip4_map_t_embedded_address (d0, &pheader0->daddr,
617 ip4_map_t_embedded_address (d1, &pheader1->daddr,
619 pheader0->saddr.as_u64[0] =
620 map_get_pfx_net (d0, ip40->src_address.as_u32,
622 pheader0->saddr.as_u64[1] =
623 map_get_sfx_net (d0, ip40->src_address.as_u32,
625 pheader1->saddr.as_u64[0] =
626 map_get_pfx_net (d1, ip41->src_address.as_u32,
628 pheader1->saddr.as_u64[1] =
629 map_get_sfx_net (d1, ip41->src_address.as_u32,
634 ip4_map_t_embedded_address (d0, &pheader0->saddr,
636 ip4_map_t_embedded_address (d1, &pheader1->saddr,
638 pheader0->daddr.as_u64[0] =
639 map_get_pfx_net (d0, ip40->dst_address.as_u32,
641 pheader0->daddr.as_u64[1] =
642 map_get_sfx_net (d0, ip40->dst_address.as_u32,
644 pheader1->daddr.as_u64[0] =
645 map_get_pfx_net (d1, ip41->dst_address.as_u32,
647 pheader1->daddr.as_u64[1] =
648 map_get_sfx_net (d1, ip41->dst_address.as_u32,
653 (ip4_is_first_fragment (ip40) && (map_port0 != -1)
654 && (d0->ea_bits_len != 0 || !d0->rules)
655 && ip4_map_fragment_cache (ip40, map_port0)))
657 error0 = MAP_ERROR_FRAGMENT_MEMORY;
661 (ip4_is_first_fragment (ip41) && (map_port1 != -1)
662 && (d1->ea_bits_len != 0 || !d1->rules)
663 && ip4_map_fragment_cache (ip41, map_port1)))
665 error1 = MAP_ERROR_FRAGMENT_MEMORY;
669 (error0 == MAP_ERROR_NONE && next0 != IP4_MAPT_NEXT_MAPT_ICMP))
671 vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_TX,
674 map_t.map_domain_index, 1,
680 (error1 == MAP_ERROR_NONE && next1 != IP4_MAPT_NEXT_MAPT_ICMP))
682 vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_TX,
685 map_t.map_domain_index, 1,
690 next0 = (error0 != MAP_ERROR_NONE) ? IP4_MAPT_NEXT_DROP : next0;
691 next1 = (error1 != MAP_ERROR_NONE) ? IP4_MAPT_NEXT_DROP : next1;
692 p0->error = error_node->errors[error0];
693 p1->error = error_node->errors[error1];
694 vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
695 n_left_to_next, pi0, pi1, next0,
700 while (n_left_from > 0 && n_left_to_next > 0)
706 ip4_mapt_next_t next0;
710 ip4_mapt_pseudo_header_t *pheader0;
712 pi0 = to_next[0] = from[0];
717 error0 = MAP_ERROR_NONE;
719 p0 = vlib_get_buffer (vm, pi0);
720 ip40 = vlib_buffer_get_current (p0);
721 ip4_len0 = clib_host_to_net_u16 (ip40->length);
722 if (PREDICT_FALSE (p0->current_length < ip4_len0 ||
723 ip40->ip_version_and_header_length != 0x45))
725 error0 = MAP_ERROR_UNKNOWN;
726 next0 = IP4_MAPT_NEXT_DROP;
729 vnet_buffer (p0)->map_t.map_domain_index =
730 vnet_buffer (p0)->ip.adj_index[VLIB_TX];
731 d0 = ip4_map_get_domain (vnet_buffer (p0)->map_t.map_domain_index);
733 vnet_buffer (p0)->map_t.mtu = d0->mtu ? d0->mtu : ~0;
736 ip4_map_t_classify (p0, d0, ip40, ip4_len0, &map_port0, &error0,
739 /* Verify that port is not among the well-known ports */
740 if ((d0->psid_length > 0 && d0->psid_offset > 0)
741 && (clib_net_to_host_u16 (map_port0) <
742 (0x1 << (16 - d0->psid_offset))))
744 error0 = MAP_ERROR_SEC_CHECK;
747 //Add MAP-T pseudo header in front of the packet
748 vlib_buffer_advance (p0, -sizeof (*pheader0));
749 pheader0 = vlib_buffer_get_current (p0);
751 //Save addresses within the packet
754 ip4_map_t_embedded_address (d0, &pheader0->daddr,
756 pheader0->saddr.as_u64[0] =
757 map_get_pfx_net (d0, ip40->src_address.as_u32,
759 pheader0->saddr.as_u64[1] =
760 map_get_sfx_net (d0, ip40->src_address.as_u32,
765 ip4_map_t_embedded_address (d0, &pheader0->saddr,
767 pheader0->daddr.as_u64[0] =
768 map_get_pfx_net (d0, ip40->dst_address.as_u32,
770 pheader0->daddr.as_u64[1] =
771 map_get_sfx_net (d0, ip40->dst_address.as_u32,
775 //It is important to cache at this stage because the result might be necessary
776 //for packets within the same vector.
777 //Actually, this approach even provides some limited out-of-order fragments support
779 (ip4_is_first_fragment (ip40) && (map_port0 != -1)
780 && (d0->ea_bits_len != 0 || !d0->rules)
781 && ip4_map_fragment_cache (ip40, map_port0)))
783 error0 = MAP_ERROR_UNKNOWN;
787 (error0 == MAP_ERROR_NONE && next0 != IP4_MAPT_NEXT_MAPT_ICMP))
789 vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_TX,
792 map_t.map_domain_index, 1,
797 next0 = (error0 != MAP_ERROR_NONE) ? IP4_MAPT_NEXT_DROP : next0;
798 p0->error = error_node->errors[error0];
799 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
800 to_next, n_left_to_next, pi0,
803 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
805 return frame->n_vectors;
808 static char *map_t_error_strings[] = {
809 #define _(sym,string) string,
815 VLIB_REGISTER_NODE(ip4_map_t_fragmented_node) = {
816 .function = ip4_map_t_fragmented,
817 .name = "ip4-map-t-fragmented",
818 .vector_size = sizeof(u32),
819 .format_trace = format_map_trace,
820 .type = VLIB_NODE_TYPE_INTERNAL,
822 .n_errors = MAP_N_ERROR,
823 .error_strings = map_t_error_strings,
825 .n_next_nodes = IP4_MAPT_FRAGMENTED_N_NEXT,
827 [IP4_MAPT_FRAGMENTED_NEXT_IP6_LOOKUP] = "ip6-lookup",
828 [IP4_MAPT_FRAGMENTED_NEXT_IP6_FRAG] = IP6_FRAG_NODE_NAME,
829 [IP4_MAPT_FRAGMENTED_NEXT_DROP] = "error-drop",
835 VLIB_REGISTER_NODE(ip4_map_t_icmp_node) = {
836 .function = ip4_map_t_icmp,
837 .name = "ip4-map-t-icmp",
838 .vector_size = sizeof(u32),
839 .format_trace = format_map_trace,
840 .type = VLIB_NODE_TYPE_INTERNAL,
842 .n_errors = MAP_N_ERROR,
843 .error_strings = map_t_error_strings,
845 .n_next_nodes = IP4_MAPT_ICMP_N_NEXT,
847 [IP4_MAPT_ICMP_NEXT_IP6_LOOKUP] = "ip6-lookup",
848 [IP4_MAPT_ICMP_NEXT_IP6_FRAG] = IP6_FRAG_NODE_NAME,
849 [IP4_MAPT_ICMP_NEXT_DROP] = "error-drop",
855 VLIB_REGISTER_NODE(ip4_map_t_tcp_udp_node) = {
856 .function = ip4_map_t_tcp_udp,
857 .name = "ip4-map-t-tcp-udp",
858 .vector_size = sizeof(u32),
859 .format_trace = format_map_trace,
860 .type = VLIB_NODE_TYPE_INTERNAL,
862 .n_errors = MAP_N_ERROR,
863 .error_strings = map_t_error_strings,
865 .n_next_nodes = IP4_MAPT_TCP_UDP_N_NEXT,
867 [IP4_MAPT_TCP_UDP_NEXT_IP6_LOOKUP] = "ip6-lookup",
868 [IP4_MAPT_TCP_UDP_NEXT_IP6_FRAG] = IP6_FRAG_NODE_NAME,
869 [IP4_MAPT_TCP_UDP_NEXT_DROP] = "error-drop",
875 VLIB_REGISTER_NODE(ip4_map_t_node) = {
876 .function = ip4_map_t,
878 .vector_size = sizeof(u32),
879 .format_trace = format_map_trace,
880 .type = VLIB_NODE_TYPE_INTERNAL,
882 .n_errors = MAP_N_ERROR,
883 .error_strings = map_t_error_strings,
885 .n_next_nodes = IP4_MAPT_N_NEXT,
887 [IP4_MAPT_NEXT_MAPT_TCP_UDP] = "ip4-map-t-tcp-udp",
888 [IP4_MAPT_NEXT_MAPT_ICMP] = "ip4-map-t-icmp",
889 [IP4_MAPT_NEXT_MAPT_FRAGMENTED] = "ip4-map-t-fragmented",
890 [IP4_MAPT_NEXT_DROP] = "error-drop",
896 * fd.io coding-style-patch-verification: ON
899 * eval: (c-set-style "gnu")