2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief IPv4 to IPv6 translation
19 #ifndef __included_ip4_to_ip6_h__
20 #define __included_ip4_to_ip6_h__
22 #include <vnet/ip/ip.h>
26 * IPv4 to IPv6 set call back function type
28 typedef int (*ip4_to_ip6_set_fn_t) (ip4_header_t * ip4, ip6_header_t * ip6,
32 static u8 icmp_to_icmp6_updater_pointer_table[] =
40 #define frag_id_4to6(id) (id)
43 * @brief Get TCP/UDP port number or ICMP id from IPv4 packet.
45 * @param ip4 IPv4 header.
46 * @param sender 1 get sender port, 0 get receiver port.
48 * @returns Port number on success, 0 otherwise.
51 ip4_get_port (ip4_header_t * ip, u8 sender)
53 if (ip->ip_version_and_header_length != 0x45 ||
54 ip4_get_fragment_offset (ip))
57 if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
58 (ip->protocol == IP_PROTOCOL_UDP)))
60 udp_header_t *udp = (void *) (ip + 1);
61 return (sender) ? udp->src_port : udp->dst_port;
63 else if (ip->protocol == IP_PROTOCOL_ICMP)
65 icmp46_header_t *icmp = (void *) (ip + 1);
66 if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
68 return *((u16 *) (icmp + 1));
70 else if (clib_net_to_host_u16 (ip->length) >= 64)
72 ip = (ip4_header_t *) (icmp + 2);
73 if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
74 (ip->protocol == IP_PROTOCOL_UDP)))
76 udp_header_t *udp = (void *) (ip + 1);
77 return (sender) ? udp->dst_port : udp->src_port;
79 else if (ip->protocol == IP_PROTOCOL_ICMP)
81 icmp46_header_t *icmp = (void *) (ip + 1);
82 if (icmp->type == ICMP4_echo_request ||
83 icmp->type == ICMP4_echo_reply)
85 return *((u16 *) (icmp + 1));
94 * @brief Convert type and code value from ICMP4 to ICMP6.
96 * @param icmp ICMP header.
97 * @param inner_ip4 Inner IPv4 header if present, 0 otherwise.
99 * @returns 0 on success, non-zero value otherwise.
102 icmp_to_icmp6_header (icmp46_header_t * icmp, ip4_header_t ** inner_ip4)
107 case ICMP4_echo_reply:
108 icmp->type = ICMP6_echo_reply;
110 case ICMP4_echo_request:
111 icmp->type = ICMP6_echo_request;
113 case ICMP4_destination_unreachable:
114 *inner_ip4 = (ip4_header_t *) (((u8 *) icmp) + 8);
118 case ICMP4_destination_unreachable_destination_unreachable_net: //0
119 case ICMP4_destination_unreachable_destination_unreachable_host: //1
120 icmp->type = ICMP6_destination_unreachable;
121 icmp->code = ICMP6_destination_unreachable_no_route_to_destination;
123 case ICMP4_destination_unreachable_protocol_unreachable: //2
124 icmp->type = ICMP6_parameter_problem;
125 icmp->code = ICMP6_parameter_problem_unrecognized_next_header;
127 case ICMP4_destination_unreachable_port_unreachable: //3
128 icmp->type = ICMP6_destination_unreachable;
129 icmp->code = ICMP6_destination_unreachable_port_unreachable;
131 case ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set: //4
133 ICMP6_packet_too_big;
136 u32 advertised_mtu = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
138 advertised_mtu += 20;
140 advertised_mtu = 1000; //FIXME ! (RFC 1191 - plateau value)
142 //FIXME: = minimum(advertised MTU+20, MTU_of_IPv6_nexthop, (MTU_of_IPv4_nexthop)+20)
143 *((u32 *) (icmp + 1)) = clib_host_to_net_u32 (advertised_mtu);
147 case ICMP4_destination_unreachable_source_route_failed: //5
148 case ICMP4_destination_unreachable_destination_network_unknown: //6
149 case ICMP4_destination_unreachable_destination_host_unknown: //7
150 case ICMP4_destination_unreachable_source_host_isolated: //8
151 case ICMP4_destination_unreachable_network_unreachable_for_type_of_service: //11
152 case ICMP4_destination_unreachable_host_unreachable_for_type_of_service: //12
154 ICMP6_destination_unreachable;
155 icmp->code = ICMP6_destination_unreachable_no_route_to_destination;
157 case ICMP4_destination_unreachable_network_administratively_prohibited: //9
158 case ICMP4_destination_unreachable_host_administratively_prohibited: //10
159 case ICMP4_destination_unreachable_communication_administratively_prohibited: //13
160 case ICMP4_destination_unreachable_precedence_cutoff_in_effect: //15
161 icmp->type = ICMP6_destination_unreachable;
163 ICMP6_destination_unreachable_destination_administratively_prohibited;
165 case ICMP4_destination_unreachable_host_precedence_violation: //14
171 case ICMP4_time_exceeded: //11
172 *inner_ip4 = (ip4_header_t *) (((u8 *) icmp) + 8);
173 icmp->type = ICMP6_time_exceeded;
176 case ICMP4_parameter_problem:
177 *inner_ip4 = (ip4_header_t *) (((u8 *) icmp) + 8);
181 case ICMP4_parameter_problem_pointer_indicates_error:
182 case ICMP4_parameter_problem_bad_length:
183 icmp->type = ICMP6_parameter_problem;
184 icmp->code = ICMP6_parameter_problem_erroneous_header_field;
187 icmp_to_icmp6_updater_pointer_table[*((u8 *) (icmp + 1))];
191 *((u32 *) (icmp + 1)) = clib_host_to_net_u32 (ptr);
195 //All other codes cause error
201 //All other types cause error
209 * @brief Translate ICMP4 packet to ICMP6.
211 * @param p Buffer to translate.
212 * @param fn The function to translate outer header.
213 * @param ctx A context passed in the outer header translate function.
214 * @param inner_fn The function to translate inner header.
215 * @param inner_ctx A context passed in the inner header translate function.
217 * @returns 0 on success, non-zero value otherwise.
220 icmp_to_icmp6 (vlib_buffer_t * p, ip4_to_ip6_set_fn_t fn, void *ctx,
221 ip4_to_ip6_set_fn_t inner_fn, void *inner_ctx)
223 ip4_header_t *ip4, *inner_ip4;
224 ip6_header_t *ip6, *inner_ip6;
226 icmp46_header_t *icmp;
228 ip6_frag_hdr_t *inner_frag;
230 u32 inner_frag_offset;
232 u16 *inner_L4_checksum = 0;
235 ip4 = vlib_buffer_get_current (p);
236 ip_len = clib_net_to_host_u16 (ip4->length);
237 ASSERT (ip_len <= p->current_length);
239 icmp = (icmp46_header_t *) (ip4 + 1);
240 if (icmp_to_icmp6_header (icmp, &inner_ip4))
245 //We have 2 headers to translate.
246 //We need to make some room in the middle of the packet
247 if (PREDICT_FALSE (ip4_is_fragment (inner_ip4)))
249 //Here it starts getting really tricky
250 //We will add a fragmentation header in the inner packet
252 if (!ip4_is_first_fragment (inner_ip4))
254 //For now we do not handle unless it is the first fragment
255 //Ideally we should handle the case as we are in slow path already
259 vlib_buffer_advance (p,
260 -2 * (sizeof (*ip6) - sizeof (*ip4)) -
261 sizeof (*inner_frag));
262 ip6 = vlib_buffer_get_current (p);
263 clib_memcpy (u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4)), ip4,
266 (ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
267 icmp = (icmp46_header_t *) (ip4 + 1);
270 (ip6_header_t *) u8_ptr_add (inner_ip4,
271 sizeof (*ip4) - sizeof (*ip6) -
272 sizeof (*inner_frag));
274 (ip6_frag_hdr_t *) u8_ptr_add (inner_ip6, sizeof (*inner_ip6));
275 ip6->payload_length =
276 u16_net_add (ip4->length,
277 sizeof (*ip6) - 2 * sizeof (*ip4) +
278 sizeof (*inner_frag));
279 inner_frag_id = frag_id_4to6 (inner_ip4->fragment_id);
280 inner_frag_offset = ip4_get_fragment_offset (inner_ip4);
282 ! !(inner_ip4->flags_and_fragment_offset &
283 clib_net_to_host_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS));
287 vlib_buffer_advance (p, -2 * (sizeof (*ip6) - sizeof (*ip4)));
288 ip6 = vlib_buffer_get_current (p);
289 clib_memcpy (u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4)), ip4,
292 (ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
293 icmp = (icmp46_header_t *) u8_ptr_add (ip4, sizeof (*ip4));
295 (ip6_header_t *) u8_ptr_add (inner_ip4,
296 sizeof (*ip4) - sizeof (*ip6));
297 ip6->payload_length =
298 u16_net_add (ip4->length, sizeof (*ip6) - 2 * sizeof (*ip4));
302 if (PREDICT_TRUE (inner_ip4->protocol == IP_PROTOCOL_TCP))
304 inner_L4_checksum = &((tcp_header_t *) (inner_ip4 + 1))->checksum;
306 ip_csum_fold (ip_csum_sub_even
308 *((u64 *) (&inner_ip4->src_address))));
310 else if (PREDICT_TRUE (inner_ip4->protocol == IP_PROTOCOL_UDP))
312 inner_L4_checksum = &((udp_header_t *) (inner_ip4 + 1))->checksum;
313 if (*inner_L4_checksum)
315 ip_csum_fold (ip_csum_sub_even
317 *((u64 *) (&inner_ip4->src_address))));
319 else if (inner_ip4->protocol == IP_PROTOCOL_ICMP)
321 //We have an ICMP inside an ICMP
322 //It needs to be translated, but not for error ICMP messages
323 icmp46_header_t *inner_icmp = (icmp46_header_t *) (inner_ip4 + 1);
324 csum = inner_icmp->checksum;
325 //Only types ICMP4_echo_request and ICMP4_echo_reply are handled by icmp_to_icmp6_header
326 csum = ip_csum_sub_even (csum, *((u16 *) inner_icmp));
327 inner_icmp->type = (inner_icmp->type == ICMP4_echo_request) ?
328 ICMP6_echo_request : ICMP6_echo_reply;
329 csum = ip_csum_add_even (csum, *((u16 *) inner_icmp));
331 ip_csum_add_even (csum, clib_host_to_net_u16 (IP_PROTOCOL_ICMP6));
333 ip_csum_add_even (csum, inner_ip4->length - sizeof (*inner_ip4));
334 inner_icmp->checksum = ip_csum_fold (csum);
335 inner_L4_checksum = &inner_icmp->checksum;
336 inner_ip4->protocol = IP_PROTOCOL_ICMP6;
340 /* To shut up Coverity */
344 csum = *inner_L4_checksum; //Initial checksum of the inner L4 header
346 inner_ip6->ip_version_traffic_class_and_flow_label =
347 clib_host_to_net_u32 ((6 << 28) + (inner_ip4->tos << 20));
348 inner_ip6->payload_length =
349 u16_net_add (inner_ip4->length, -sizeof (*inner_ip4));
350 inner_ip6->hop_limit = inner_ip4->ttl;
351 inner_ip6->protocol = inner_ip4->protocol;
353 if ((rv = inner_fn (inner_ip4, inner_ip6, inner_ctx)) != 0)
356 if (PREDICT_FALSE (inner_frag != NULL))
358 inner_frag->next_hdr = inner_ip6->protocol;
359 inner_frag->identification = inner_frag_id;
361 inner_frag->fragment_offset_and_more =
362 ip6_frag_hdr_offset_and_more (inner_frag_offset, inner_frag_more);
363 inner_ip6->protocol = IP_PROTOCOL_IPV6_FRAGMENTATION;
364 inner_ip6->payload_length =
365 clib_host_to_net_u16 (clib_net_to_host_u16
366 (inner_ip6->payload_length) +
367 sizeof (*inner_frag));
370 /* UDP checksum is optional */
373 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[0]);
374 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[1]);
375 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[0]);
376 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[1]);
377 *inner_L4_checksum = ip_csum_fold (csum);
382 vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6));
383 ip6 = vlib_buffer_get_current (p);
384 ip6->payload_length =
385 clib_host_to_net_u16 (clib_net_to_host_u16 (ip4->length) -
389 //Translate outer IPv6
390 ip6->ip_version_traffic_class_and_flow_label =
391 clib_host_to_net_u32 ((6 << 28) + (ip4->tos << 20));
393 ip6->hop_limit = ip4->ttl;
394 ip6->protocol = IP_PROTOCOL_ICMP6;
396 if ((rv = fn (ip4, ip6, ctx)) != 0)
399 //Truncate when the packet exceeds the minimal IPv6 MTU
400 if (p->current_length > 1280)
402 ip6->payload_length = clib_host_to_net_u16 (1280 - sizeof (*ip6));
403 p->current_length = 1280; //Looks too simple to be correct...
406 //Recompute ICMP checksum
408 csum = ip_csum_with_carry (0, ip6->payload_length);
409 csum = ip_csum_with_carry (csum, clib_host_to_net_u16 (ip6->protocol));
410 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[0]);
411 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[1]);
412 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[0]);
413 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[1]);
415 ip_incremental_checksum (csum, icmp,
416 clib_net_to_host_u16 (ip6->payload_length));
417 icmp->checksum = ~ip_csum_fold (csum);
423 * @brief Translate IPv4 fragmented packet to IPv6.
425 * @param p Buffer to translate.
426 * @param fn The function to translate header.
427 * @param ctx A context passed in the header translate function.
429 * @returns 0 on success, non-zero value otherwise.
432 ip4_to_ip6_fragmented (vlib_buffer_t * p, ip4_to_ip6_set_fn_t fn, void *ctx)
436 ip6_frag_hdr_t *frag;
439 ip4 = vlib_buffer_get_current (p);
440 frag = (ip6_frag_hdr_t *) u8_ptr_add (ip4, sizeof (*ip4) - sizeof (*frag));
442 (ip6_header_t *) u8_ptr_add (ip4,
443 sizeof (*ip4) - sizeof (*frag) -
445 vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6) - sizeof (*frag));
447 //We know that the protocol was one of ICMP, TCP or UDP
448 //because the first fragment was found and cached
450 (ip4->protocol == IP_PROTOCOL_ICMP) ? IP_PROTOCOL_ICMP6 : ip4->protocol;
451 frag->identification = frag_id_4to6 (ip4->fragment_id);
453 frag->fragment_offset_and_more =
454 ip6_frag_hdr_offset_and_more (ip4_get_fragment_offset (ip4),
456 (ip4->flags_and_fragment_offset) &
457 IP4_HEADER_FLAG_MORE_FRAGMENTS);
459 ip6->ip_version_traffic_class_and_flow_label =
460 clib_host_to_net_u32 ((6 << 28) + (ip4->tos << 20));
461 ip6->payload_length =
462 clib_host_to_net_u16 (clib_net_to_host_u16 (ip4->length) -
463 sizeof (*ip4) + sizeof (*frag));
464 ip6->hop_limit = ip4->ttl;
465 ip6->protocol = IP_PROTOCOL_IPV6_FRAGMENTATION;
467 if ((rv = fn (ip4, ip6, ctx)) != 0)
474 * @brief Translate IPv4 UDP/TCP packet to IPv6.
476 * @param p Buffer to translate.
477 * @param fn The function to translate header.
478 * @param ctx A context passed in the header translate function.
480 * @returns 0 on success, non-zero value otherwise.
483 ip4_to_ip6_tcp_udp (vlib_buffer_t * p, ip4_to_ip6_set_fn_t fn, void *ctx)
489 ip6_frag_hdr_t *frag;
493 ip4 = vlib_buffer_get_current (p);
495 if (ip4->protocol == IP_PROTOCOL_UDP)
497 udp_header_t *udp = ip4_next_header (ip4);
498 checksum = &udp->checksum;
500 //UDP checksum is optional over IPv4 but mandatory for IPv6
501 //We do not check udp->length sanity but use our safe computed value instead
502 if (PREDICT_FALSE (!checksum))
504 u16 udp_len = clib_host_to_net_u16 (ip4->length) - sizeof (*ip4);
505 csum = ip_incremental_checksum (0, udp, udp_len);
506 csum = ip_csum_with_carry (csum, clib_host_to_net_u16 (udp_len));
508 ip_csum_with_carry (csum, clib_host_to_net_u16 (IP_PROTOCOL_UDP));
509 csum = ip_csum_with_carry (csum, *((u64 *) (&ip4->src_address)));
510 *checksum = ~ip_csum_fold (csum);
515 tcp_header_t *tcp = ip4_next_header (ip4);
516 checksum = &tcp->checksum;
519 csum = ip_csum_sub_even (*checksum, ip4->src_address.as_u32);
520 csum = ip_csum_sub_even (csum, ip4->dst_address.as_u32);
522 // Deal with fragmented packets
523 if (PREDICT_FALSE (ip4->flags_and_fragment_offset &
524 clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS)))
527 (ip6_header_t *) u8_ptr_add (ip4,
528 sizeof (*ip4) - sizeof (*ip6) -
531 (ip6_frag_hdr_t *) u8_ptr_add (ip4, sizeof (*ip4) - sizeof (*frag));
532 frag_id = frag_id_4to6 (ip4->fragment_id);
533 vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6) - sizeof (*frag));
537 ip6 = (ip6_header_t *) (((u8 *) ip4) + sizeof (*ip4) - sizeof (*ip6));
538 vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6));
542 ip6->ip_version_traffic_class_and_flow_label =
543 clib_host_to_net_u32 ((6 << 28) + (ip4->tos << 20));
544 ip6->payload_length = u16_net_add (ip4->length, -sizeof (*ip4));
545 ip6->hop_limit = ip4->ttl;
546 ip6->protocol = ip4->protocol;
548 if (PREDICT_FALSE (frag != NULL))
550 frag->next_hdr = ip6->protocol;
551 frag->identification = frag_id;
553 frag->fragment_offset_and_more = ip6_frag_hdr_offset_and_more (0, 1);
554 ip6->protocol = IP_PROTOCOL_IPV6_FRAGMENTATION;
555 ip6->payload_length = u16_net_add (ip6->payload_length, sizeof (*frag));
558 if ((rv = fn (ip4, ip6, ctx)) != 0)
561 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[0]);
562 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[1]);
563 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[0]);
564 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[1]);
565 *checksum = ip_csum_fold (csum);
570 #endif /* __included_ip4_to_ip6_h__ */
573 * fd.io coding-style-patch-verification: ON
576 * eval: (c-set-style "gnu")