2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
19 #include <nat/nat64_db.h>
22 nat64_db_init (nat64_db_t * db)
24 u32 bib_buckets = 1024;
25 u32 bib_memory_size = 128 << 20;
26 u32 st_buckets = 2048;
27 u32 st_memory_size = 256 << 20;
29 clib_bihash_init_24_8 (&db->bib.in2out, "bib-in2out", bib_buckets,
32 clib_bihash_init_24_8 (&db->bib.out2in, "bib-out2in", bib_buckets,
35 clib_bihash_init_48_8 (&db->st.in2out, "st-in2out", st_buckets,
38 clib_bihash_init_48_8 (&db->st.out2in, "st-out2in", st_buckets,
44 nat64_db_bib_entry_t *
45 nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr,
46 ip4_address_t * out_addr, u16 in_port,
47 u16 out_port, u32 fib_index, u8 proto,
50 nat64_db_bib_entry_t *bibe;
51 nat64_db_bib_entry_key_t bibe_key;
52 clib_bihash_kv_24_8_t kv;
54 /* create pool entry */
55 switch (ip_proto_to_snat_proto (proto))
58 #define _(N, i, n, s) \
59 case SNAT_PROTOCOL_##N: \
60 pool_get (db->bib._##n##_bib, bibe); \
61 kv.value = bibe - db->bib._##n##_bib; \
67 pool_get (db->bib._unk_proto_bib, bibe);
68 kv.value = bibe - db->bib._unk_proto_bib;
71 memset (bibe, 0, sizeof (*bibe));
72 bibe->in_addr.as_u64[0] = in_addr->as_u64[0];
73 bibe->in_addr.as_u64[1] = in_addr->as_u64[1];
74 bibe->in_port = in_port;
75 bibe->out_addr.as_u32 = out_addr->as_u32;
76 bibe->out_port = out_port;
77 bibe->fib_index = fib_index;
79 bibe->is_static = is_static;
81 /* create hash lookup */
82 bibe_key.addr.as_u64[0] = bibe->in_addr.as_u64[0];
83 bibe_key.addr.as_u64[1] = bibe->in_addr.as_u64[1];
84 bibe_key.fib_index = bibe->fib_index;
85 bibe_key.port = bibe->in_port;
86 bibe_key.proto = bibe->proto;
88 kv.key[0] = bibe_key.as_u64[0];
89 kv.key[1] = bibe_key.as_u64[1];
90 kv.key[2] = bibe_key.as_u64[2];
91 clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 1);
93 memset (&bibe_key.addr, 0, sizeof (bibe_key.addr));
94 bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32;
95 bibe_key.fib_index = 0;
96 bibe_key.port = bibe->out_port;
97 kv.key[0] = bibe_key.as_u64[0];
98 kv.key[1] = bibe_key.as_u64[1];
99 kv.key[2] = bibe_key.as_u64[2];
100 clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 1);
106 nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe)
108 nat64_db_bib_entry_key_t bibe_key;
109 clib_bihash_kv_24_8_t kv;
110 nat64_db_bib_entry_t *bib;
111 u32 *ste_to_be_free = 0, *ste_index, bibe_index;
112 nat64_db_st_entry_t *st, *ste;
114 switch (ip_proto_to_snat_proto (bibe->proto))
117 #define _(N, i, n, s) \
118 case SNAT_PROTOCOL_##N: \
119 bib = db->bib._##n##_bib; \
120 st = db->st._##n##_st; \
122 foreach_snat_protocol
126 bib = db->bib._unk_proto_bib;
127 st = db->st._unk_proto_st;
131 bibe_index = bibe - bib;
133 /* delete ST entries for static BIB entry */
136 pool_foreach (ste, st, (
138 if (ste->bibe_index == bibe_index)
139 vec_add1 (ste_to_be_free, ste - st);}
141 vec_foreach (ste_index, ste_to_be_free)
142 nat64_db_st_entry_free (db, pool_elt_at_index (st, ste_index[0]));
143 vec_free (ste_to_be_free);
146 /* delete hash lookup */
147 bibe_key.addr.as_u64[0] = bibe->in_addr.as_u64[0];
148 bibe_key.addr.as_u64[1] = bibe->in_addr.as_u64[1];
149 bibe_key.fib_index = bibe->fib_index;
150 bibe_key.port = bibe->in_port;
151 bibe_key.proto = bibe->proto;
153 kv.key[0] = bibe_key.as_u64[0];
154 kv.key[1] = bibe_key.as_u64[1];
155 kv.key[2] = bibe_key.as_u64[2];
156 clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 0);
158 memset (&bibe_key.addr, 0, sizeof (bibe_key.addr));
159 bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32;
160 bibe_key.fib_index = 0;
161 bibe_key.port = bibe->out_port;
162 kv.key[0] = bibe_key.as_u64[0];
163 kv.key[1] = bibe_key.as_u64[1];
164 kv.key[2] = bibe_key.as_u64[2];
165 clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 0);
167 /* delete from pool */
168 pool_put (bib, bibe);
172 nat64_db_bib_entry_t *
173 nat64_db_bib_entry_find (nat64_db_t * db, ip46_address_t * addr, u16 port,
174 u8 proto, u32 fib_index, u8 is_ip6)
176 nat64_db_bib_entry_t *bibe = 0;
177 nat64_db_bib_entry_key_t bibe_key;
178 clib_bihash_kv_24_8_t kv, value;
179 nat64_db_bib_entry_t *bib;
181 switch (ip_proto_to_snat_proto (proto))
184 #define _(N, i, n, s) \
185 case SNAT_PROTOCOL_##N: \
186 bib = db->bib._##n##_bib; \
188 foreach_snat_protocol
192 bib = db->bib._unk_proto_bib;
196 bibe_key.addr.as_u64[0] = addr->as_u64[0];
197 bibe_key.addr.as_u64[1] = addr->as_u64[1];
198 bibe_key.fib_index = fib_index;
199 bibe_key.port = port;
200 bibe_key.proto = proto;
203 kv.key[0] = bibe_key.as_u64[0];
204 kv.key[1] = bibe_key.as_u64[1];
205 kv.key[2] = bibe_key.as_u64[2];
207 if (!clib_bihash_search_24_8
208 (is_ip6 ? &db->bib.in2out : &db->bib.out2in, &kv, &value))
209 bibe = pool_elt_at_index (bib, value.value);
215 nat64_db_bib_walk (nat64_db_t * db, u8 proto,
216 nat64_db_bib_walk_fn_t fn, void *ctx)
218 nat64_db_bib_entry_t *bib, *bibe;
223 #define _(N, i, n, s) \
224 bib = db->bib._##n##_bib; \
225 pool_foreach (bibe, bib, ({ \
226 if (fn (bibe, ctx)) \
229 foreach_snat_protocol
231 bib = db->bib._unk_proto_bib;
232 pool_foreach (bibe, bib, ({
240 switch (ip_proto_to_snat_proto (proto))
243 #define _(N, i, n, s) \
244 case SNAT_PROTOCOL_##N: \
245 bib = db->bib._##n##_bib; \
247 foreach_snat_protocol
251 bib = db->bib._unk_proto_bib;
256 pool_foreach (bibe, bib,
265 nat64_db_bib_entry_t *
266 nat64_db_bib_entry_by_index (nat64_db_t * db, u8 proto, u32 bibe_index)
268 nat64_db_bib_entry_t *bib;
270 switch (ip_proto_to_snat_proto (proto))
273 #define _(N, i, n, s) \
274 case SNAT_PROTOCOL_##N: \
275 bib = db->bib._##n##_bib; \
277 foreach_snat_protocol
281 bib = db->bib._unk_proto_bib;
285 return pool_elt_at_index (bib, bibe_index);
289 nat64_db_st_walk (nat64_db_t * db, u8 proto,
290 nat64_db_st_walk_fn_t fn, void *ctx)
292 nat64_db_st_entry_t *st, *ste;
297 #define _(N, i, n, s) \
298 st = db->st._##n##_st; \
299 pool_foreach (ste, st, ({ \
303 foreach_snat_protocol
305 st = db->st._unk_proto_st;
306 pool_foreach (ste, st, ({
314 switch (ip_proto_to_snat_proto (proto))
317 #define _(N, i, n, s) \
318 case SNAT_PROTOCOL_##N: \
319 st = db->st._##n##_st; \
321 foreach_snat_protocol
325 st = db->st._unk_proto_st;
330 pool_foreach (ste, st,
339 nat64_db_st_entry_t *
340 nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe,
341 ip6_address_t * in_r_addr,
342 ip4_address_t * out_r_addr, u16 r_port)
344 nat64_db_st_entry_t *ste;
345 nat64_db_bib_entry_t *bib;
346 nat64_db_st_entry_key_t ste_key;
347 clib_bihash_kv_48_8_t kv;
349 /* create pool entry */
350 switch (ip_proto_to_snat_proto (bibe->proto))
353 #define _(N, i, n, s) \
354 case SNAT_PROTOCOL_##N: \
355 pool_get (db->st._##n##_st, ste); \
356 kv.value = ste - db->st._##n##_st; \
357 bib = db->bib._##n##_bib; \
359 foreach_snat_protocol
363 pool_get (db->st._unk_proto_st, ste);
364 kv.value = ste - db->st._unk_proto_st;
365 bib = db->bib._unk_proto_bib;
368 memset (ste, 0, sizeof (*ste));
369 ste->in_r_addr.as_u64[0] = in_r_addr->as_u64[0];
370 ste->in_r_addr.as_u64[1] = in_r_addr->as_u64[1];
371 ste->out_r_addr.as_u32 = out_r_addr->as_u32;
372 ste->r_port = r_port;
373 ste->bibe_index = bibe - bib;
374 ste->proto = bibe->proto;
376 /* increment session number for BIB entry */
379 /* create hash lookup */
380 memset (&ste_key, 0, sizeof (ste_key));
381 ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0];
382 ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1];
383 ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0];
384 ste_key.r_addr.as_u64[1] = ste->in_r_addr.as_u64[1];
385 ste_key.fib_index = bibe->fib_index;
386 ste_key.l_port = bibe->in_port;
387 ste_key.r_port = ste->r_port;
388 ste_key.proto = ste->proto;
389 kv.key[0] = ste_key.as_u64[0];
390 kv.key[1] = ste_key.as_u64[1];
391 kv.key[2] = ste_key.as_u64[2];
392 kv.key[3] = ste_key.as_u64[3];
393 kv.key[4] = ste_key.as_u64[4];
394 kv.key[5] = ste_key.as_u64[5];
395 clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 1);
397 memset (&ste_key, 0, sizeof (ste_key));
398 ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32;
399 ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32;
400 ste_key.l_port = bibe->out_port;
401 ste_key.r_port = ste->r_port;
402 ste_key.proto = ste->proto;
403 kv.key[0] = ste_key.as_u64[0];
404 kv.key[1] = ste_key.as_u64[1];
405 kv.key[2] = ste_key.as_u64[2];
406 kv.key[3] = ste_key.as_u64[3];
407 kv.key[4] = ste_key.as_u64[4];
408 kv.key[5] = ste_key.as_u64[5];
409 clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 1);
415 nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste)
417 nat64_db_st_entry_t *st;
418 nat64_db_bib_entry_t *bib, *bibe;
419 nat64_db_st_entry_key_t ste_key;
420 clib_bihash_kv_48_8_t kv;
422 switch (ip_proto_to_snat_proto (ste->proto))
425 #define _(N, i, n, s) \
426 case SNAT_PROTOCOL_##N: \
427 st = db->st._##n##_st; \
428 bib = db->bib._##n##_bib; \
430 foreach_snat_protocol
434 st = db->st._unk_proto_st;
435 bib = db->bib._unk_proto_bib;
439 bibe = pool_elt_at_index (bib, ste->bibe_index);
441 /* delete hash lookup */
442 memset (&ste_key, 0, sizeof (ste_key));
443 ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0];
444 ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1];
445 ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0];
446 ste_key.r_addr.as_u64[1] = ste->in_r_addr.as_u64[1];
447 ste_key.fib_index = bibe->fib_index;
448 ste_key.l_port = bibe->in_port;
449 ste_key.r_port = ste->r_port;
450 ste_key.proto = ste->proto;
451 kv.key[0] = ste_key.as_u64[0];
452 kv.key[1] = ste_key.as_u64[1];
453 kv.key[2] = ste_key.as_u64[2];
454 kv.key[3] = ste_key.as_u64[3];
455 kv.key[4] = ste_key.as_u64[4];
456 kv.key[5] = ste_key.as_u64[5];
457 clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 0);
459 memset (&ste_key, 0, sizeof (ste_key));
460 ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32;
461 ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32;
462 ste_key.l_port = bibe->out_port;
463 ste_key.r_port = ste->r_port;
464 ste_key.proto = ste->proto;
465 kv.key[0] = ste_key.as_u64[0];
466 kv.key[1] = ste_key.as_u64[1];
467 kv.key[2] = ste_key.as_u64[2];
468 kv.key[3] = ste_key.as_u64[3];
469 kv.key[4] = ste_key.as_u64[4];
470 kv.key[5] = ste_key.as_u64[5];
471 clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 0);
473 /* delete from pool */
476 /* decrement session number for BIB entry */
479 /* delete BIB entry if last session and dynamic */
480 if (!bibe->is_static && !bibe->ses_num)
481 nat64_db_bib_entry_free (db, bibe);
484 nat64_db_st_entry_t *
485 nat64_db_st_entry_find (nat64_db_t * db, ip46_address_t * l_addr,
486 ip46_address_t * r_addr, u16 l_port, u16 r_port,
487 u8 proto, u32 fib_index, u8 is_ip6)
489 nat64_db_st_entry_t *ste = 0;
490 nat64_db_st_entry_t *st;
491 nat64_db_st_entry_key_t ste_key;
492 clib_bihash_kv_48_8_t kv, value;
494 switch (ip_proto_to_snat_proto (proto))
497 #define _(N, i, n, s) \
498 case SNAT_PROTOCOL_##N: \
499 st = db->st._##n##_st; \
501 foreach_snat_protocol
505 st = db->st._unk_proto_st;
509 memset (&ste_key, 0, sizeof (ste_key));
510 ste_key.l_addr.as_u64[0] = l_addr->as_u64[0];
511 ste_key.l_addr.as_u64[1] = l_addr->as_u64[1];
512 ste_key.r_addr.as_u64[0] = r_addr->as_u64[0];
513 ste_key.r_addr.as_u64[1] = r_addr->as_u64[1];
514 ste_key.fib_index = fib_index;
515 ste_key.l_port = l_port;
516 ste_key.r_port = r_port;
517 ste_key.proto = proto;
518 kv.key[0] = ste_key.as_u64[0];
519 kv.key[1] = ste_key.as_u64[1];
520 kv.key[2] = ste_key.as_u64[2];
521 kv.key[3] = ste_key.as_u64[3];
522 kv.key[4] = ste_key.as_u64[4];
523 kv.key[5] = ste_key.as_u64[5];
525 if (!clib_bihash_search_48_8
526 (is_ip6 ? &db->st.in2out : &db->st.out2in, &kv, &value))
527 ste = pool_elt_at_index (st, value.value);
533 nad64_db_st_free_expired (nat64_db_t * db, u32 now)
535 u32 *ste_to_be_free = 0, *ste_index;
536 nat64_db_st_entry_t *st, *ste;
539 #define _(N, i, n, s) \
540 st = db->st._##n##_st; \
541 pool_foreach (ste, st, ({\
542 if (i == SNAT_PROTOCOL_TCP && !ste->tcp_state) \
544 if (ste->expire < now) \
545 vec_add1 (ste_to_be_free, ste - st); \
547 vec_foreach (ste_index, ste_to_be_free) \
548 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \
549 vec_free (ste_to_be_free); \
551 foreach_snat_protocol
553 st = db->st._unk_proto_st;
554 pool_foreach (ste, st, ({
555 if (ste->expire < now)
556 vec_add1 (ste_to_be_free, ste - st);
558 vec_foreach (ste_index, ste_to_be_free)
559 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0]));
560 vec_free (ste_to_be_free);
565 nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr)
567 u32 *ste_to_be_free = 0, *ste_index;
568 nat64_db_st_entry_t *st, *ste;
569 nat64_db_bib_entry_t *bibe;
572 #define _(N, i, n, s) \
573 st = db->st._##n##_st; \
574 pool_foreach (ste, st, ({ \
575 bibe = pool_elt_at_index (db->bib._##n##_bib, ste->bibe_index); \
576 if (bibe->out_addr.as_u32 == out_addr->as_u32) \
577 vec_add1 (ste_to_be_free, ste - st); \
579 vec_foreach (ste_index, ste_to_be_free) \
580 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \
581 vec_free (ste_to_be_free); \
583 foreach_snat_protocol
585 st = db->st._unk_proto_st;
586 pool_foreach (ste, st, ({
587 bibe = pool_elt_at_index (db->bib._unk_proto_bib, ste->bibe_index);
588 if (bibe->out_addr.as_u32 == out_addr->as_u32)
589 vec_add1 (ste_to_be_free, ste - st);
591 vec_foreach (ste_index, ste_to_be_free)
592 nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0]));
593 vec_free (ste_to_be_free);
598 * fd.io coding-style-patch-verification: ON
601 * eval: (c-set-style "gnu")