2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
19 #include <nat/nat64_db.h>
20 #include <nat/nat_ipfix_logging.h>
21 #include <vnet/fib/fib_table.h>
24 nat64_db_init (nat64_db_t * db, u32 bib_buckets, u32 bib_memory_size,
25 u32 st_buckets, u32 st_memory_size,
26 nat64_db_free_addr_port_function_t free_addr_port_cb)
28 clib_bihash_init_24_8 (&db->bib.in2out, "bib-in2out", bib_buckets,
31 clib_bihash_init_24_8 (&db->bib.out2in, "bib-out2in", bib_buckets,
34 clib_bihash_init_48_8 (&db->st.in2out, "st-in2out", st_buckets,
37 clib_bihash_init_48_8 (&db->st.out2in, "st-out2in", st_buckets,
40 db->free_addr_port_cb = free_addr_port_cb;
41 db->bib.limit = 10 * bib_buckets;
42 db->bib.bib_entries_num = 0;
43 db->st.limit = 10 * st_buckets;
44 db->st.st_entries_num = 0;
50 nat64_db_bib_entry_t *
51 nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr,
52 ip4_address_t * out_addr, u16 in_port,
53 u16 out_port, u32 fib_index, u8 proto,
56 nat64_db_bib_entry_t *bibe;
57 nat64_db_bib_entry_key_t bibe_key;
58 clib_bihash_kv_24_8_t kv;
61 if (db->bib.bib_entries_num >= db->bib.limit)
63 db->free_addr_port_cb (db, out_addr, out_port, proto);
64 nat_ipfix_logging_max_bibs (db->bib.limit);
68 /* create pool entry */
69 switch (ip_proto_to_snat_proto (proto))
72 #define _(N, i, n, s) \
73 case SNAT_PROTOCOL_##N: \
74 pool_get (db->bib._##n##_bib, bibe); \
75 kv.value = bibe - db->bib._##n##_bib; \
81 pool_get (db->bib._unk_proto_bib, bibe);
82 kv.value = bibe - db->bib._unk_proto_bib;
86 db->bib.bib_entries_num++;
88 memset (bibe, 0, sizeof (*bibe));
89 bibe->in_addr.as_u64[0] = in_addr->as_u64[0];
90 bibe->in_addr.as_u64[1] = in_addr->as_u64[1];
91 bibe->in_port = in_port;
92 bibe->out_addr.as_u32 = out_addr->as_u32;
93 bibe->out_port = out_port;
94 bibe->fib_index = fib_index;
96 bibe->is_static = is_static;
98 /* create hash lookup */
99 bibe_key.addr.as_u64[0] = bibe->in_addr.as_u64[0];
100 bibe_key.addr.as_u64[1] = bibe->in_addr.as_u64[1];
101 bibe_key.fib_index = bibe->fib_index;
102 bibe_key.port = bibe->in_port;
103 bibe_key.proto = bibe->proto;
105 kv.key[0] = bibe_key.as_u64[0];
106 kv.key[1] = bibe_key.as_u64[1];
107 kv.key[2] = bibe_key.as_u64[2];
108 clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 1);
110 memset (&bibe_key.addr, 0, sizeof (bibe_key.addr));
111 bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32;
112 bibe_key.fib_index = 0;
113 bibe_key.port = bibe->out_port;
114 kv.key[0] = bibe_key.as_u64[0];
115 kv.key[1] = bibe_key.as_u64[1];
116 kv.key[2] = bibe_key.as_u64[2];
117 clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 1);
119 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
120 nat_ipfix_logging_nat64_bib (in_addr, out_addr, proto, in_port, out_port,
121 fib->ft_table_id, 1);
126 nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe)
128 nat64_db_bib_entry_key_t bibe_key;
129 clib_bihash_kv_24_8_t kv;
130 nat64_db_bib_entry_t *bib;
131 u32 *ste_to_be_free = 0, *ste_index, bibe_index;
132 nat64_db_st_entry_t *st, *ste;
135 switch (ip_proto_to_snat_proto (bibe->proto))
138 #define _(N, i, n, s) \
139 case SNAT_PROTOCOL_##N: \
140 bib = db->bib._##n##_bib; \
141 st = db->st._##n##_st; \
143 foreach_snat_protocol
147 bib = db->bib._unk_proto_bib;
148 st = db->st._unk_proto_st;
152 db->bib.bib_entries_num--;
154 bibe_index = bibe - bib;
156 /* delete ST entries for static BIB entry */
159 pool_foreach (ste, st, (
161 if (ste->bibe_index == bibe_index)
162 vec_add1 (ste_to_be_free, ste - st);}
164 vec_foreach (ste_index, ste_to_be_free)
165 nat64_db_st_entry_free (db, pool_elt_at_index (st, ste_index[0]));
166 vec_free (ste_to_be_free);
169 /* delete hash lookup */
170 bibe_key.addr.as_u64[0] = bibe->in_addr.as_u64[0];
171 bibe_key.addr.as_u64[1] = bibe->in_addr.as_u64[1];
172 bibe_key.fib_index = bibe->fib_index;
173 bibe_key.port = bibe->in_port;
174 bibe_key.proto = bibe->proto;
176 kv.key[0] = bibe_key.as_u64[0];
177 kv.key[1] = bibe_key.as_u64[1];
178 kv.key[2] = bibe_key.as_u64[2];
179 clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 0);
181 memset (&bibe_key.addr, 0, sizeof (bibe_key.addr));
182 bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32;
183 bibe_key.fib_index = 0;
184 bibe_key.port = bibe->out_port;
185 kv.key[0] = bibe_key.as_u64[0];
186 kv.key[1] = bibe_key.as_u64[1];
187 kv.key[2] = bibe_key.as_u64[2];
188 clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 0);
191 db->free_addr_port_cb (db, &bibe->out_addr, bibe->out_port, bibe->proto);
193 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
194 nat_ipfix_logging_nat64_bib (&bibe->in_addr, &bibe->out_addr, bibe->proto,
195 bibe->in_port, bibe->out_port,
196 fib->ft_table_id, 0);
198 /* delete from pool */
199 pool_put (bib, bibe);
203 nat64_db_bib_entry_t *
204 nat64_db_bib_entry_find (nat64_db_t * db, ip46_address_t * addr, u16 port,
205 u8 proto, u32 fib_index, u8 is_ip6)
207 nat64_db_bib_entry_t *bibe = 0;
208 nat64_db_bib_entry_key_t bibe_key;
209 clib_bihash_kv_24_8_t kv, value;
210 nat64_db_bib_entry_t *bib;
212 switch (ip_proto_to_snat_proto (proto))
215 #define _(N, i, n, s) \
216 case SNAT_PROTOCOL_##N: \
217 bib = db->bib._##n##_bib; \
219 foreach_snat_protocol
223 bib = db->bib._unk_proto_bib;
227 bibe_key.addr.as_u64[0] = addr->as_u64[0];
228 bibe_key.addr.as_u64[1] = addr->as_u64[1];
229 bibe_key.fib_index = fib_index;
230 bibe_key.port = port;
231 bibe_key.proto = proto;
234 kv.key[0] = bibe_key.as_u64[0];
235 kv.key[1] = bibe_key.as_u64[1];
236 kv.key[2] = bibe_key.as_u64[2];
238 if (!clib_bihash_search_24_8
239 (is_ip6 ? &db->bib.in2out : &db->bib.out2in, &kv, &value))
240 bibe = pool_elt_at_index (bib, value.value);
246 nat64_db_bib_walk (nat64_db_t * db, u8 proto,
247 nat64_db_bib_walk_fn_t fn, void *ctx)
249 nat64_db_bib_entry_t *bib, *bibe;
254 #define _(N, i, n, s) \
255 bib = db->bib._##n##_bib; \
256 pool_foreach (bibe, bib, ({ \
257 if (fn (bibe, ctx)) \
260 foreach_snat_protocol
262 bib = db->bib._unk_proto_bib;
263 pool_foreach (bibe, bib, ({
271 switch (ip_proto_to_snat_proto (proto))
274 #define _(N, i, n, s) \
275 case SNAT_PROTOCOL_##N: \
276 bib = db->bib._##n##_bib; \
278 foreach_snat_protocol
282 bib = db->bib._unk_proto_bib;
287 pool_foreach (bibe, bib,
296 nat64_db_bib_entry_t *
297 nat64_db_bib_entry_by_index (nat64_db_t * db, u8 proto, u32 bibe_index)
299 nat64_db_bib_entry_t *bib;
301 switch (ip_proto_to_snat_proto (proto))
304 #define _(N, i, n, s) \
305 case SNAT_PROTOCOL_##N: \
306 bib = db->bib._##n##_bib; \
308 foreach_snat_protocol
312 bib = db->bib._unk_proto_bib;
316 return pool_elt_at_index (bib, bibe_index);
320 nat64_db_st_walk (nat64_db_t * db, u8 proto,
321 nat64_db_st_walk_fn_t fn, void *ctx)
323 nat64_db_st_entry_t *st, *ste;
328 #define _(N, i, n, s) \
329 st = db->st._##n##_st; \
330 pool_foreach (ste, st, ({ \
334 foreach_snat_protocol
336 st = db->st._unk_proto_st;
337 pool_foreach (ste, st, ({
345 switch (ip_proto_to_snat_proto (proto))
348 #define _(N, i, n, s) \
349 case SNAT_PROTOCOL_##N: \
350 st = db->st._##n##_st; \
352 foreach_snat_protocol
356 st = db->st._unk_proto_st;
361 pool_foreach (ste, st,
370 nat64_db_st_entry_t *
371 nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe,
372 ip6_address_t * in_r_addr,
373 ip4_address_t * out_r_addr, u16 r_port)
375 nat64_db_st_entry_t *ste;
376 nat64_db_bib_entry_t *bib;
377 nat64_db_st_entry_key_t ste_key;
378 clib_bihash_kv_48_8_t kv;
381 if (db->st.st_entries_num >= db->st.limit)
383 nat_ipfix_logging_max_sessions (db->st.limit);
387 /* create pool entry */
388 switch (ip_proto_to_snat_proto (bibe->proto))
391 #define _(N, i, n, s) \
392 case SNAT_PROTOCOL_##N: \
393 pool_get (db->st._##n##_st, ste); \
394 kv.value = ste - db->st._##n##_st; \
395 bib = db->bib._##n##_bib; \
397 foreach_snat_protocol
401 pool_get (db->st._unk_proto_st, ste);
402 kv.value = ste - db->st._unk_proto_st;
403 bib = db->bib._unk_proto_bib;
407 db->st.st_entries_num++;
409 memset (ste, 0, sizeof (*ste));
410 ste->in_r_addr.as_u64[0] = in_r_addr->as_u64[0];
411 ste->in_r_addr.as_u64[1] = in_r_addr->as_u64[1];
412 ste->out_r_addr.as_u32 = out_r_addr->as_u32;
413 ste->r_port = r_port;
414 ste->bibe_index = bibe - bib;
415 ste->proto = bibe->proto;
417 /* increment session number for BIB entry */
420 /* create hash lookup */
421 memset (&ste_key, 0, sizeof (ste_key));
422 ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0];
423 ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1];
424 ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0];
425 ste_key.r_addr.as_u64[1] = ste->in_r_addr.as_u64[1];
426 ste_key.fib_index = bibe->fib_index;
427 ste_key.l_port = bibe->in_port;
428 ste_key.r_port = ste->r_port;
429 ste_key.proto = ste->proto;
430 kv.key[0] = ste_key.as_u64[0];
431 kv.key[1] = ste_key.as_u64[1];
432 kv.key[2] = ste_key.as_u64[2];
433 kv.key[3] = ste_key.as_u64[3];
434 kv.key[4] = ste_key.as_u64[4];
435 kv.key[5] = ste_key.as_u64[5];
436 clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 1);
438 memset (&ste_key, 0, sizeof (ste_key));
439 ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32;
440 ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32;
441 ste_key.l_port = bibe->out_port;
442 ste_key.r_port = ste->r_port;
443 ste_key.proto = ste->proto;
444 kv.key[0] = ste_key.as_u64[0];
445 kv.key[1] = ste_key.as_u64[1];
446 kv.key[2] = ste_key.as_u64[2];
447 kv.key[3] = ste_key.as_u64[3];
448 kv.key[4] = ste_key.as_u64[4];
449 kv.key[5] = ste_key.as_u64[5];
450 clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 1);
452 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
453 nat_ipfix_logging_nat64_session (&bibe->in_addr, &bibe->out_addr,
454 bibe->proto, bibe->in_port, bibe->out_port,
455 &ste->in_r_addr, &ste->out_r_addr,
456 ste->r_port, ste->r_port, fib->ft_table_id,
463 nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste)
465 nat64_db_st_entry_t *st;
466 nat64_db_bib_entry_t *bib, *bibe;
467 nat64_db_st_entry_key_t ste_key;
468 clib_bihash_kv_48_8_t kv;
471 switch (ip_proto_to_snat_proto (ste->proto))
474 #define _(N, i, n, s) \
475 case SNAT_PROTOCOL_##N: \
476 st = db->st._##n##_st; \
477 bib = db->bib._##n##_bib; \
479 foreach_snat_protocol
483 st = db->st._unk_proto_st;
484 bib = db->bib._unk_proto_bib;
488 bibe = pool_elt_at_index (bib, ste->bibe_index);
490 db->st.st_entries_num--;
492 /* delete hash lookup */
493 memset (&ste_key, 0, sizeof (ste_key));
494 ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0];
495 ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1];
496 ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0];
497 ste_key.r_addr.as_u64[1] = ste->in_r_addr.as_u64[1];
498 ste_key.fib_index = bibe->fib_index;
499 ste_key.l_port = bibe->in_port;
500 ste_key.r_port = ste->r_port;
501 ste_key.proto = ste->proto;
502 kv.key[0] = ste_key.as_u64[0];
503 kv.key[1] = ste_key.as_u64[1];
504 kv.key[2] = ste_key.as_u64[2];
505 kv.key[3] = ste_key.as_u64[3];
506 kv.key[4] = ste_key.as_u64[4];
507 kv.key[5] = ste_key.as_u64[5];
508 clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 0);
510 memset (&ste_key, 0, sizeof (ste_key));
511 ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32;
512 ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32;
513 ste_key.l_port = bibe->out_port;
514 ste_key.r_port = ste->r_port;
515 ste_key.proto = ste->proto;
516 kv.key[0] = ste_key.as_u64[0];
517 kv.key[1] = ste_key.as_u64[1];
518 kv.key[2] = ste_key.as_u64[2];
519 kv.key[3] = ste_key.as_u64[3];
520 kv.key[4] = ste_key.as_u64[4];
521 kv.key[5] = ste_key.as_u64[5];
522 clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 0);
524 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
525 nat_ipfix_logging_nat64_session (&bibe->in_addr, &bibe->out_addr,
526 bibe->proto, bibe->in_port, bibe->out_port,
527 &ste->in_r_addr, &ste->out_r_addr,
528 ste->r_port, ste->r_port, fib->ft_table_id,
531 /* delete from pool */
534 /* decrement session number for BIB entry */
537 /* delete BIB entry if last session and dynamic */
538 if (!bibe->is_static && !bibe->ses_num)
539 nat64_db_bib_entry_free (db, bibe);
542 nat64_db_st_entry_t *
543 nat64_db_st_entry_find (nat64_db_t * db, ip46_address_t * l_addr,
544 ip46_address_t * r_addr, u16 l_port, u16 r_port,
545 u8 proto, u32 fib_index, u8 is_ip6)
547 nat64_db_st_entry_t *ste = 0;
548 nat64_db_st_entry_t *st;
549 nat64_db_st_entry_key_t ste_key;
550 clib_bihash_kv_48_8_t kv, value;
552 switch (ip_proto_to_snat_proto (proto))
555 #define _(N, i, n, s) \
556 case SNAT_PROTOCOL_##N: \
557 st = db->st._##n##_st; \
559 foreach_snat_protocol
563 st = db->st._unk_proto_st;
567 memset (&ste_key, 0, sizeof (ste_key));
568 ste_key.l_addr.as_u64[0] = l_addr->as_u64[0];
569 ste_key.l_addr.as_u64[1] = l_addr->as_u64[1];
570 ste_key.r_addr.as_u64[0] = r_addr->as_u64[0];
571 ste_key.r_addr.as_u64[1] = r_addr->as_u64[1];
572 ste_key.fib_index = fib_index;
573 ste_key.l_port = l_port;
574 ste_key.r_port = r_port;
575 ste_key.proto = proto;
576 kv.key[0] = ste_key.as_u64[0];
577 kv.key[1] = ste_key.as_u64[1];
578 kv.key[2] = ste_key.as_u64[2];
579 kv.key[3] = ste_key.as_u64[3];
580 kv.key[4] = ste_key.as_u64[4];
581 kv.key[5] = ste_key.as_u64[5];
583 if (!clib_bihash_search_48_8
584 (is_ip6 ? &db->st.in2out : &db->st.out2in, &kv, &value))
585 ste = pool_elt_at_index (st, value.value);
591 nat64_db_st_entry_get_index (nat64_db_t * db, nat64_db_st_entry_t * ste)
593 nat64_db_st_entry_t *st;
595 switch (ip_proto_to_snat_proto (ste->proto))
598 #define _(N, i, n, s) \
599 case SNAT_PROTOCOL_##N: \
600 st = db->st._##n##_st; \
602 foreach_snat_protocol
606 st = db->st._unk_proto_st;
613 nat64_db_st_entry_t *
614 nat64_db_st_entry_by_index (nat64_db_t * db, u8 proto, u32 ste_index)
616 nat64_db_st_entry_t *st;
618 switch (ip_proto_to_snat_proto (proto))
621 #define _(N, i, n, s) \
622 case SNAT_PROTOCOL_##N: \
623 st = db->st._##n##_st; \
625 foreach_snat_protocol
629 st = db->st._unk_proto_st;
633 return pool_elt_at_index (st, ste_index);
637 nad64_db_st_free_expired (nat64_db_t * db, u32 now)
639 u32 *ste_to_be_free = 0, *ste_index;
640 nat64_db_st_entry_t *st, *ste;
643 #define _(N, i, n, s) \
644 st = db->st._##n##_st; \
645 pool_foreach (ste, st, ({\
646 if (i == SNAT_PROTOCOL_TCP && !ste->tcp_state) \
648 if (ste->expire < now) \
649 vec_add1 (ste_to_be_free, ste - st); \
651 vec_foreach (ste_index, ste_to_be_free) \
652 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \
653 vec_free (ste_to_be_free); \
655 foreach_snat_protocol
657 st = db->st._unk_proto_st;
658 pool_foreach (ste, st, ({
659 if (ste->expire < now)
660 vec_add1 (ste_to_be_free, ste - st);
662 vec_foreach (ste_index, ste_to_be_free)
663 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0]));
664 vec_free (ste_to_be_free);
669 nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr)
671 u32 *ste_to_be_free = 0, *ste_index;
672 nat64_db_st_entry_t *st, *ste;
673 nat64_db_bib_entry_t *bibe;
677 #define _(N, i, n, s) \
678 st = db->st._##n##_st; \
679 pool_foreach (ste, st, ({ \
680 bibe = pool_elt_at_index (db->bib._##n##_bib, ste->bibe_index); \
681 if (bibe->out_addr.as_u32 == out_addr->as_u32) \
682 vec_add1 (ste_to_be_free, ste - st); \
684 vec_foreach (ste_index, ste_to_be_free) \
685 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \
686 vec_free (ste_to_be_free); \
688 foreach_snat_protocol
690 st = db->st._unk_proto_st;
691 pool_foreach (ste, st, ({
692 bibe = pool_elt_at_index (db->bib._unk_proto_bib, ste->bibe_index);
693 if (bibe->out_addr.as_u32 == out_addr->as_u32)
694 vec_add1 (ste_to_be_free, ste - st);
696 vec_foreach (ste_index, ste_to_be_free)
697 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0]));
698 vec_free (ste_to_be_free);
704 * fd.io coding-style-patch-verification: ON
707 * eval: (c-set-style "gnu")