2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT66 implementation
20 #include <vpp/app/version.h>
21 #include <vnet/plugin/plugin.h>
22 #include <nat/nat66/nat66.h>
23 #include <vnet/fib/fib_table.h>
24 #include <vnet/ip/reass/ip6_sv_reass.h>
26 nat66_main_t nat66_main;
27 fib_source_t nat_fib_src_hi;
31 /* Hook up input features */
32 VNET_FEATURE_INIT (nat66_in2out, static) = {
33 .arc_name = "ip6-unicast",
34 .node_name = "nat66-in2out",
35 .runs_before = VNET_FEATURES ("ip6-lookup"),
36 .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
38 VNET_FEATURE_INIT (nat66_out2in, static) = {
39 .arc_name = "ip6-unicast",
40 .node_name = "nat66-out2in",
41 .runs_before = VNET_FEATURES ("ip6-lookup"),
42 .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
47 clib_error_t *nat66_plugin_api_hookup (vlib_main_t * vm);
49 nat66_init (vlib_main_t * vm)
51 nat66_main_t *nm = &nat66_main;
53 u32 static_mapping_buckets = 1024;
54 uword static_mapping_memory_size = 64 << 20;
56 node = vlib_get_node_by_name (vm, (u8 *) "nat66-in2out");
57 nm->in2out_node_index = node->index;
59 node = vlib_get_node_by_name (vm, (u8 *) "nat66-out2in");
60 nm->out2in_node_index = node->index;
62 clib_bihash_init_24_8 (&nm->sm_l, "nat66-static-map-by-local",
63 static_mapping_buckets, static_mapping_memory_size);
64 clib_bihash_init_24_8 (&nm->sm_e, "nat66-static-map-by-external",
65 static_mapping_buckets, static_mapping_memory_size);
67 nm->session_counters.name = "session counters";
69 nat_fib_src_hi = fib_source_allocate ("nat66-hi",
70 FIB_SOURCE_PRIORITY_HI,
71 FIB_SOURCE_BH_SIMPLE);
73 nm->in2out_packets.name = "in2out";
74 nm->in2out_packets.stat_segment_name = "/nat64/in2out";
75 nm->out2in_packets.name = "out2in";
76 nm->out2in_packets.stat_segment_name = "/nat64/out2in";
77 return nat66_plugin_api_hookup (vm);
81 nat66_validate_counters (nat66_main_t * nm, u32 sw_if_index)
83 vlib_validate_simple_counter (&nm->in2out_packets, sw_if_index);
84 vlib_zero_simple_counter (&nm->in2out_packets, sw_if_index);
85 vlib_validate_simple_counter (&nm->out2in_packets, sw_if_index);
86 vlib_zero_simple_counter (&nm->out2in_packets, sw_if_index);
90 nat66_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add)
92 nat66_main_t *nm = &nat66_main;
93 nat66_interface_t *interface = 0, *i;
94 const char *feature_name;
97 pool_foreach (i, nm->interfaces,
99 if (i->sw_if_index == sw_if_index)
110 return VNET_API_ERROR_VALUE_EXIST;
112 pool_get (nm->interfaces, interface);
113 interface->sw_if_index = sw_if_index;
115 is_inside ? NAT66_INTERFACE_FLAG_IS_INSIDE :
116 NAT66_INTERFACE_FLAG_IS_OUTSIDE;
117 nat66_validate_counters (nm, sw_if_index);
122 return VNET_API_ERROR_NO_SUCH_ENTRY;
124 pool_put (nm->interfaces, interface);
127 feature_name = is_inside ? "nat66-in2out" : "nat66-out2in";
128 int rv = ip6_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add);
131 return vnet_feature_enable_disable ("ip6-unicast", feature_name,
132 sw_if_index, is_add, 0, 0);
136 nat66_interfaces_walk (nat66_interface_walk_fn_t fn, void *ctx)
138 nat66_main_t *nm = &nat66_main;
139 nat66_interface_t *i = 0;
142 pool_foreach (i, nm->interfaces,
150 nat66_static_mapping_t *
151 nat66_static_mapping_get (ip6_address_t * addr, u32 fib_index, u8 is_local)
153 nat66_main_t *nm = &nat66_main;
154 nat66_static_mapping_t *sm = 0;
155 nat66_sm_key_t sm_key;
156 clib_bihash_kv_24_8_t kv, value;
158 sm_key.addr.as_u64[0] = addr->as_u64[0];
159 sm_key.addr.as_u64[1] = addr->as_u64[1];
160 sm_key.fib_index = fib_index;
163 kv.key[0] = sm_key.as_u64[0];
164 kv.key[1] = sm_key.as_u64[1];
165 kv.key[2] = sm_key.as_u64[2];
167 if (!clib_bihash_search_24_8
168 (is_local ? &nm->sm_l : &nm->sm_e, &kv, &value))
169 sm = pool_elt_at_index (nm->sm, value.value);
175 nat66_static_mapping_add_del (ip6_address_t * l_addr, ip6_address_t * e_addr,
176 u32 vrf_id, u8 is_add)
178 nat66_main_t *nm = &nat66_main;
180 nat66_static_mapping_t *sm = 0;
181 nat66_sm_key_t sm_key;
182 clib_bihash_kv_24_8_t kv, value;
183 u32 fib_index = fib_table_find (FIB_PROTOCOL_IP6, vrf_id);
185 sm_key.addr.as_u64[0] = l_addr->as_u64[0];
186 sm_key.addr.as_u64[1] = l_addr->as_u64[1];
187 sm_key.fib_index = fib_index;
189 kv.key[0] = sm_key.as_u64[0];
190 kv.key[1] = sm_key.as_u64[1];
191 kv.key[2] = sm_key.as_u64[2];
193 if (!clib_bihash_search_24_8 (&nm->sm_l, &kv, &value))
194 sm = pool_elt_at_index (nm->sm, value.value);
199 return VNET_API_ERROR_VALUE_EXIST;
201 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
203 pool_get (nm->sm, sm);
204 clib_memset (sm, 0, sizeof (*sm));
205 sm->l_addr.as_u64[0] = l_addr->as_u64[0];
206 sm->l_addr.as_u64[1] = l_addr->as_u64[1];
207 sm->e_addr.as_u64[0] = e_addr->as_u64[0];
208 sm->e_addr.as_u64[1] = e_addr->as_u64[1];
209 sm->fib_index = fib_index;
211 sm_key.fib_index = fib_index;
212 kv.key[0] = sm_key.as_u64[0];
213 kv.key[1] = sm_key.as_u64[1];
214 kv.key[2] = sm_key.as_u64[2];
215 kv.value = sm - nm->sm;
216 if (clib_bihash_add_del_24_8 (&nm->sm_l, &kv, 1))
217 nat66_elog_warn ("nat66-static-map-by-local add key failed");
218 sm_key.addr.as_u64[0] = e_addr->as_u64[0];
219 sm_key.addr.as_u64[1] = e_addr->as_u64[1];
220 sm_key.fib_index = 0;
221 kv.key[0] = sm_key.as_u64[0];
222 kv.key[1] = sm_key.as_u64[1];
223 kv.key[2] = sm_key.as_u64[2];
224 if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 1))
225 nat66_elog_warn ("nat66-static-map-by-external add key failed");
227 vlib_validate_combined_counter (&nm->session_counters, kv.value);
228 vlib_zero_combined_counter (&nm->session_counters, kv.value);
233 return VNET_API_ERROR_NO_SUCH_ENTRY;
235 kv.value = sm - nm->sm;
236 if (clib_bihash_add_del_24_8 (&nm->sm_l, &kv, 0))
237 nat66_elog_warn ("nat66-static-map-by-local delete key failed");
238 sm_key.addr.as_u64[0] = e_addr->as_u64[0];
239 sm_key.addr.as_u64[1] = e_addr->as_u64[1];
240 sm_key.fib_index = 0;
241 kv.key[0] = sm_key.as_u64[0];
242 kv.key[1] = sm_key.as_u64[1];
243 kv.key[2] = sm_key.as_u64[2];
244 if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 0))
245 nat66_elog_warn ("nat66-static-map-by-external delete key failed");
246 fib_table_unlock (sm->fib_index, FIB_PROTOCOL_IP6, nat_fib_src_hi);
247 pool_put (nm->sm, sm);
254 nat66_static_mappings_walk (nat66_static_mapping_walk_fn_t fn, void *ctx)
256 nat66_main_t *nm = &nat66_main;
257 nat66_static_mapping_t *sm = 0;
260 pool_foreach (sm, nm->sm,
271 nat66_main_t *nm = &nat66_main;
272 u32 outside_ip6_vrf_id = 0;
274 nm->outside_vrf_id = outside_ip6_vrf_id;
275 nm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
282 VLIB_PLUGIN_REGISTER () =
284 .version = VPP_BUILD_VER,
285 .description = "NAT66",
288 VLIB_INIT_FUNCTION (nat66_init);
293 * fd.io coding-style-patch-verification: ON
296 * eval: (c-set-style "gnu")