2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
19 #include <nat/nat64_db.h>
20 #include <nat/nat_ipfix_logging.h>
21 #include <nat/nat_inlines.h>
22 #include <nat/nat_syslog.h>
23 #include <vnet/fib/fib_table.h>
26 nat64_db_init (nat64_db_t * db, u32 bib_buckets, u32 bib_memory_size,
27 u32 st_buckets, u32 st_memory_size,
28 nat64_db_free_addr_port_function_t free_addr_port_cb)
30 clib_bihash_init_24_8 (&db->bib.in2out, "bib-in2out", bib_buckets,
33 clib_bihash_init_24_8 (&db->bib.out2in, "bib-out2in", bib_buckets,
36 clib_bihash_init_48_8 (&db->st.in2out, "st-in2out", st_buckets,
39 clib_bihash_init_48_8 (&db->st.out2in, "st-out2in", st_buckets,
42 db->free_addr_port_cb = free_addr_port_cb;
43 db->bib.limit = 10 * bib_buckets;
44 db->bib.bib_entries_num = 0;
45 db->st.limit = 10 * st_buckets;
46 db->st.st_entries_num = 0;
52 nat64_db_bib_entry_t *
53 nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr,
54 ip4_address_t * out_addr, u16 in_port,
55 u16 out_port, u32 fib_index, u8 proto,
58 nat64_db_bib_entry_t *bibe;
59 nat64_db_bib_entry_key_t bibe_key;
60 clib_bihash_kv_24_8_t kv;
63 if (db->bib.bib_entries_num >= db->bib.limit)
65 db->free_addr_port_cb (db, out_addr, out_port, proto);
66 nat_ipfix_logging_max_bibs (db->bib.limit);
70 /* create pool entry */
71 switch (ip_proto_to_snat_proto (proto))
74 #define _(N, i, n, s) \
75 case SNAT_PROTOCOL_##N: \
76 pool_get (db->bib._##n##_bib, bibe); \
77 kv.value = bibe - db->bib._##n##_bib; \
83 pool_get (db->bib._unk_proto_bib, bibe);
84 kv.value = bibe - db->bib._unk_proto_bib;
88 db->bib.bib_entries_num++;
90 clib_memset (bibe, 0, sizeof (*bibe));
91 bibe->in_addr.as_u64[0] = in_addr->as_u64[0];
92 bibe->in_addr.as_u64[1] = in_addr->as_u64[1];
93 bibe->in_port = in_port;
94 bibe->out_addr.as_u32 = out_addr->as_u32;
95 bibe->out_port = out_port;
96 bibe->fib_index = fib_index;
98 bibe->is_static = is_static;
100 /* create hash lookup */
101 bibe_key.addr.as_u64[0] = bibe->in_addr.as_u64[0];
102 bibe_key.addr.as_u64[1] = bibe->in_addr.as_u64[1];
103 bibe_key.fib_index = bibe->fib_index;
104 bibe_key.port = bibe->in_port;
105 bibe_key.proto = bibe->proto;
107 kv.key[0] = bibe_key.as_u64[0];
108 kv.key[1] = bibe_key.as_u64[1];
109 kv.key[2] = bibe_key.as_u64[2];
110 clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 1);
112 clib_memset (&bibe_key.addr, 0, sizeof (bibe_key.addr));
113 bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32;
114 bibe_key.fib_index = 0;
115 bibe_key.port = bibe->out_port;
116 kv.key[0] = bibe_key.as_u64[0];
117 kv.key[1] = bibe_key.as_u64[1];
118 kv.key[2] = bibe_key.as_u64[2];
119 clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 1);
121 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
122 nat_ipfix_logging_nat64_bib (in_addr, out_addr, proto, in_port, out_port,
123 fib->ft_table_id, 1);
128 nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe)
130 nat64_db_bib_entry_key_t bibe_key;
131 clib_bihash_kv_24_8_t kv;
132 nat64_db_bib_entry_t *bib;
133 u32 *ste_to_be_free = 0, *ste_index, bibe_index;
134 nat64_db_st_entry_t *st, *ste;
137 switch (ip_proto_to_snat_proto (bibe->proto))
140 #define _(N, i, n, s) \
141 case SNAT_PROTOCOL_##N: \
142 bib = db->bib._##n##_bib; \
143 st = db->st._##n##_st; \
145 foreach_snat_protocol
149 bib = db->bib._unk_proto_bib;
150 st = db->st._unk_proto_st;
154 db->bib.bib_entries_num--;
156 bibe_index = bibe - bib;
158 /* delete ST entries for static BIB entry */
161 pool_foreach (ste, st, (
163 if (ste->bibe_index == bibe_index)
164 vec_add1 (ste_to_be_free, ste - st);}
166 vec_foreach (ste_index, ste_to_be_free)
167 nat64_db_st_entry_free (db, pool_elt_at_index (st, ste_index[0]));
168 vec_free (ste_to_be_free);
171 /* delete hash lookup */
172 bibe_key.addr.as_u64[0] = bibe->in_addr.as_u64[0];
173 bibe_key.addr.as_u64[1] = bibe->in_addr.as_u64[1];
174 bibe_key.fib_index = bibe->fib_index;
175 bibe_key.port = bibe->in_port;
176 bibe_key.proto = bibe->proto;
178 kv.key[0] = bibe_key.as_u64[0];
179 kv.key[1] = bibe_key.as_u64[1];
180 kv.key[2] = bibe_key.as_u64[2];
181 clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 0);
183 clib_memset (&bibe_key.addr, 0, sizeof (bibe_key.addr));
184 bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32;
185 bibe_key.fib_index = 0;
186 bibe_key.port = bibe->out_port;
187 kv.key[0] = bibe_key.as_u64[0];
188 kv.key[1] = bibe_key.as_u64[1];
189 kv.key[2] = bibe_key.as_u64[2];
190 clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 0);
193 db->free_addr_port_cb (db, &bibe->out_addr, bibe->out_port, bibe->proto);
195 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
196 nat_ipfix_logging_nat64_bib (&bibe->in_addr, &bibe->out_addr, bibe->proto,
197 bibe->in_port, bibe->out_port,
198 fib->ft_table_id, 0);
200 /* delete from pool */
201 pool_put (bib, bibe);
205 nat64_db_bib_entry_t *
206 nat64_db_bib_entry_find (nat64_db_t * db, ip46_address_t * addr, u16 port,
207 u8 proto, u32 fib_index, u8 is_ip6)
209 nat64_db_bib_entry_t *bibe = 0;
210 nat64_db_bib_entry_key_t bibe_key;
211 clib_bihash_kv_24_8_t kv, value;
212 nat64_db_bib_entry_t *bib;
214 switch (ip_proto_to_snat_proto (proto))
217 #define _(N, i, n, s) \
218 case SNAT_PROTOCOL_##N: \
219 bib = db->bib._##n##_bib; \
221 foreach_snat_protocol
225 bib = db->bib._unk_proto_bib;
229 bibe_key.addr.as_u64[0] = addr->as_u64[0];
230 bibe_key.addr.as_u64[1] = addr->as_u64[1];
231 bibe_key.fib_index = fib_index;
232 bibe_key.port = port;
233 bibe_key.proto = proto;
236 kv.key[0] = bibe_key.as_u64[0];
237 kv.key[1] = bibe_key.as_u64[1];
238 kv.key[2] = bibe_key.as_u64[2];
240 if (!clib_bihash_search_24_8
241 (is_ip6 ? &db->bib.in2out : &db->bib.out2in, &kv, &value))
242 bibe = pool_elt_at_index (bib, value.value);
248 nat64_db_bib_walk (nat64_db_t * db, u8 proto,
249 nat64_db_bib_walk_fn_t fn, void *ctx)
251 nat64_db_bib_entry_t *bib, *bibe;
256 #define _(N, i, n, s) \
257 bib = db->bib._##n##_bib; \
258 pool_foreach (bibe, bib, ({ \
259 if (fn (bibe, ctx)) \
262 foreach_snat_protocol
264 bib = db->bib._unk_proto_bib;
265 pool_foreach (bibe, bib, ({
273 switch (ip_proto_to_snat_proto (proto))
276 #define _(N, i, n, s) \
277 case SNAT_PROTOCOL_##N: \
278 bib = db->bib._##n##_bib; \
280 foreach_snat_protocol
284 bib = db->bib._unk_proto_bib;
289 pool_foreach (bibe, bib,
298 nat64_db_bib_entry_t *
299 nat64_db_bib_entry_by_index (nat64_db_t * db, u8 proto, u32 bibe_index)
301 nat64_db_bib_entry_t *bib;
303 switch (ip_proto_to_snat_proto (proto))
306 #define _(N, i, n, s) \
307 case SNAT_PROTOCOL_##N: \
308 bib = db->bib._##n##_bib; \
310 foreach_snat_protocol
314 bib = db->bib._unk_proto_bib;
318 return pool_elt_at_index (bib, bibe_index);
322 nat64_db_st_walk (nat64_db_t * db, u8 proto,
323 nat64_db_st_walk_fn_t fn, void *ctx)
325 nat64_db_st_entry_t *st, *ste;
330 #define _(N, i, n, s) \
331 st = db->st._##n##_st; \
332 pool_foreach (ste, st, ({ \
336 foreach_snat_protocol
338 st = db->st._unk_proto_st;
339 pool_foreach (ste, st, ({
347 switch (ip_proto_to_snat_proto (proto))
350 #define _(N, i, n, s) \
351 case SNAT_PROTOCOL_##N: \
352 st = db->st._##n##_st; \
354 foreach_snat_protocol
358 st = db->st._unk_proto_st;
363 pool_foreach (ste, st,
372 nat64_db_st_entry_t *
373 nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe,
374 ip6_address_t * in_r_addr,
375 ip4_address_t * out_r_addr, u16 r_port)
377 nat64_db_st_entry_t *ste;
378 nat64_db_bib_entry_t *bib;
379 nat64_db_st_entry_key_t ste_key;
380 clib_bihash_kv_48_8_t kv;
383 if (db->st.st_entries_num >= db->st.limit)
385 nat_ipfix_logging_max_sessions (db->st.limit);
389 /* create pool entry */
390 switch (ip_proto_to_snat_proto (bibe->proto))
393 #define _(N, i, n, s) \
394 case SNAT_PROTOCOL_##N: \
395 pool_get (db->st._##n##_st, ste); \
396 kv.value = ste - db->st._##n##_st; \
397 bib = db->bib._##n##_bib; \
399 foreach_snat_protocol
403 pool_get (db->st._unk_proto_st, ste);
404 kv.value = ste - db->st._unk_proto_st;
405 bib = db->bib._unk_proto_bib;
409 db->st.st_entries_num++;
411 clib_memset (ste, 0, sizeof (*ste));
412 ste->in_r_addr.as_u64[0] = in_r_addr->as_u64[0];
413 ste->in_r_addr.as_u64[1] = in_r_addr->as_u64[1];
414 ste->out_r_addr.as_u32 = out_r_addr->as_u32;
415 ste->r_port = r_port;
416 ste->bibe_index = bibe - bib;
417 ste->proto = bibe->proto;
419 /* increment session number for BIB entry */
422 /* create hash lookup */
423 clib_memset (&ste_key, 0, sizeof (ste_key));
424 ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0];
425 ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1];
426 ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0];
427 ste_key.r_addr.as_u64[1] = ste->in_r_addr.as_u64[1];
428 ste_key.fib_index = bibe->fib_index;
429 ste_key.l_port = bibe->in_port;
430 ste_key.r_port = ste->r_port;
431 ste_key.proto = ste->proto;
432 kv.key[0] = ste_key.as_u64[0];
433 kv.key[1] = ste_key.as_u64[1];
434 kv.key[2] = ste_key.as_u64[2];
435 kv.key[3] = ste_key.as_u64[3];
436 kv.key[4] = ste_key.as_u64[4];
437 kv.key[5] = ste_key.as_u64[5];
438 clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 1);
440 clib_memset (&ste_key, 0, sizeof (ste_key));
441 ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32;
442 ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32;
443 ste_key.l_port = bibe->out_port;
444 ste_key.r_port = ste->r_port;
445 ste_key.proto = ste->proto;
446 kv.key[0] = ste_key.as_u64[0];
447 kv.key[1] = ste_key.as_u64[1];
448 kv.key[2] = ste_key.as_u64[2];
449 kv.key[3] = ste_key.as_u64[3];
450 kv.key[4] = ste_key.as_u64[4];
451 kv.key[5] = ste_key.as_u64[5];
452 clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 1);
454 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
455 nat_ipfix_logging_nat64_session (&bibe->in_addr, &bibe->out_addr,
456 bibe->proto, bibe->in_port, bibe->out_port,
457 &ste->in_r_addr, &ste->out_r_addr,
458 ste->r_port, ste->r_port, fib->ft_table_id,
460 nat_syslog_nat64_sadd (bibe->fib_index, &bibe->in_addr, bibe->in_port,
461 &bibe->out_addr, bibe->out_port, &ste->out_r_addr,
462 ste->r_port, bibe->proto);
467 nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste)
469 nat64_db_st_entry_t *st;
470 nat64_db_bib_entry_t *bib, *bibe;
471 nat64_db_st_entry_key_t ste_key;
472 clib_bihash_kv_48_8_t kv;
475 switch (ip_proto_to_snat_proto (ste->proto))
478 #define _(N, i, n, s) \
479 case SNAT_PROTOCOL_##N: \
480 st = db->st._##n##_st; \
481 bib = db->bib._##n##_bib; \
483 foreach_snat_protocol
487 st = db->st._unk_proto_st;
488 bib = db->bib._unk_proto_bib;
492 bibe = pool_elt_at_index (bib, ste->bibe_index);
494 db->st.st_entries_num--;
496 /* delete hash lookup */
497 clib_memset (&ste_key, 0, sizeof (ste_key));
498 ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0];
499 ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1];
500 ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0];
501 ste_key.r_addr.as_u64[1] = ste->in_r_addr.as_u64[1];
502 ste_key.fib_index = bibe->fib_index;
503 ste_key.l_port = bibe->in_port;
504 ste_key.r_port = ste->r_port;
505 ste_key.proto = ste->proto;
506 kv.key[0] = ste_key.as_u64[0];
507 kv.key[1] = ste_key.as_u64[1];
508 kv.key[2] = ste_key.as_u64[2];
509 kv.key[3] = ste_key.as_u64[3];
510 kv.key[4] = ste_key.as_u64[4];
511 kv.key[5] = ste_key.as_u64[5];
512 clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 0);
514 clib_memset (&ste_key, 0, sizeof (ste_key));
515 ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32;
516 ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32;
517 ste_key.l_port = bibe->out_port;
518 ste_key.r_port = ste->r_port;
519 ste_key.proto = ste->proto;
520 kv.key[0] = ste_key.as_u64[0];
521 kv.key[1] = ste_key.as_u64[1];
522 kv.key[2] = ste_key.as_u64[2];
523 kv.key[3] = ste_key.as_u64[3];
524 kv.key[4] = ste_key.as_u64[4];
525 kv.key[5] = ste_key.as_u64[5];
526 clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 0);
528 fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6);
529 nat_ipfix_logging_nat64_session (&bibe->in_addr, &bibe->out_addr,
530 bibe->proto, bibe->in_port, bibe->out_port,
531 &ste->in_r_addr, &ste->out_r_addr,
532 ste->r_port, ste->r_port, fib->ft_table_id,
534 nat_syslog_nat64_sdel (bibe->fib_index, &bibe->in_addr, bibe->in_port,
535 &bibe->out_addr, bibe->out_port, &ste->out_r_addr,
536 ste->r_port, bibe->proto);
538 /* delete from pool */
541 /* decrement session number for BIB entry */
544 /* delete BIB entry if last session and dynamic */
545 if (!bibe->is_static && !bibe->ses_num)
546 nat64_db_bib_entry_free (db, bibe);
549 nat64_db_st_entry_t *
550 nat64_db_st_entry_find (nat64_db_t * db, ip46_address_t * l_addr,
551 ip46_address_t * r_addr, u16 l_port, u16 r_port,
552 u8 proto, u32 fib_index, u8 is_ip6)
554 nat64_db_st_entry_t *ste = 0;
555 nat64_db_st_entry_t *st;
556 nat64_db_st_entry_key_t ste_key;
557 clib_bihash_kv_48_8_t kv, value;
559 switch (ip_proto_to_snat_proto (proto))
562 #define _(N, i, n, s) \
563 case SNAT_PROTOCOL_##N: \
564 st = db->st._##n##_st; \
566 foreach_snat_protocol
570 st = db->st._unk_proto_st;
574 clib_memset (&ste_key, 0, sizeof (ste_key));
575 ste_key.l_addr.as_u64[0] = l_addr->as_u64[0];
576 ste_key.l_addr.as_u64[1] = l_addr->as_u64[1];
577 ste_key.r_addr.as_u64[0] = r_addr->as_u64[0];
578 ste_key.r_addr.as_u64[1] = r_addr->as_u64[1];
579 ste_key.fib_index = fib_index;
580 ste_key.l_port = l_port;
581 ste_key.r_port = r_port;
582 ste_key.proto = proto;
583 kv.key[0] = ste_key.as_u64[0];
584 kv.key[1] = ste_key.as_u64[1];
585 kv.key[2] = ste_key.as_u64[2];
586 kv.key[3] = ste_key.as_u64[3];
587 kv.key[4] = ste_key.as_u64[4];
588 kv.key[5] = ste_key.as_u64[5];
590 if (!clib_bihash_search_48_8
591 (is_ip6 ? &db->st.in2out : &db->st.out2in, &kv, &value))
592 ste = pool_elt_at_index (st, value.value);
598 nat64_db_st_entry_get_index (nat64_db_t * db, nat64_db_st_entry_t * ste)
600 nat64_db_st_entry_t *st;
602 switch (ip_proto_to_snat_proto (ste->proto))
605 #define _(N, i, n, s) \
606 case SNAT_PROTOCOL_##N: \
607 st = db->st._##n##_st; \
609 foreach_snat_protocol
613 st = db->st._unk_proto_st;
620 nat64_db_st_entry_t *
621 nat64_db_st_entry_by_index (nat64_db_t * db, u8 proto, u32 ste_index)
623 nat64_db_st_entry_t *st;
625 switch (ip_proto_to_snat_proto (proto))
628 #define _(N, i, n, s) \
629 case SNAT_PROTOCOL_##N: \
630 st = db->st._##n##_st; \
632 foreach_snat_protocol
636 st = db->st._unk_proto_st;
640 return pool_elt_at_index (st, ste_index);
644 nad64_db_st_free_expired (nat64_db_t * db, u32 now)
646 u32 *ste_to_be_free = 0, *ste_index;
647 nat64_db_st_entry_t *st, *ste;
650 #define _(N, i, n, s) \
651 st = db->st._##n##_st; \
652 pool_foreach (ste, st, ({\
653 if (i == SNAT_PROTOCOL_TCP && !ste->tcp_state) \
655 if (ste->expire < now) \
656 vec_add1 (ste_to_be_free, ste - st); \
658 vec_foreach (ste_index, ste_to_be_free) \
659 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \
660 vec_free (ste_to_be_free); \
662 foreach_snat_protocol
664 st = db->st._unk_proto_st;
665 pool_foreach (ste, st, ({
666 if (ste->expire < now)
667 vec_add1 (ste_to_be_free, ste - st);
669 vec_foreach (ste_index, ste_to_be_free)
670 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0]));
671 vec_free (ste_to_be_free);
676 nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr)
678 u32 *ste_to_be_free = 0, *ste_index;
679 nat64_db_st_entry_t *st, *ste;
680 nat64_db_bib_entry_t *bibe;
684 #define _(N, i, n, s) \
685 st = db->st._##n##_st; \
686 pool_foreach (ste, st, ({ \
687 bibe = pool_elt_at_index (db->bib._##n##_bib, ste->bibe_index); \
688 if (bibe->out_addr.as_u32 == out_addr->as_u32) \
689 vec_add1 (ste_to_be_free, ste - st); \
691 vec_foreach (ste_index, ste_to_be_free) \
692 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \
693 vec_free (ste_to_be_free); \
695 foreach_snat_protocol
697 st = db->st._unk_proto_st;
698 pool_foreach (ste, st, ({
699 bibe = pool_elt_at_index (db->bib._unk_proto_bib, ste->bibe_index);
700 if (bibe->out_addr.as_u32 == out_addr->as_u32)
701 vec_add1 (ste_to_be_free, ste - st);
703 vec_foreach (ste_index, ste_to_be_free)
704 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0]));
705 vec_free (ste_to_be_free);
711 * fd.io coding-style-patch-verification: ON
714 * eval: (c-set-style "gnu")