4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <vnet/map/map_dpo.h>
26 #include <vppinfra/xxhash.h>
29 crc_u32 (u32 data, u32 value)
31 u64 tmp = ((u64) data << 32) | (u64) value;
32 return (u32) clib_xxhash (tmp);
37 * This code supports the following MAP modes:
39 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
40 * ea_bits_len + ip4_prefix > 32
41 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
42 * Algorithmic Full IPv4 address (ea_bits_len > 0):
43 * ea_bits_len + ip4_prefix = 32
44 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
45 * Algorithmic IPv4 prefix (ea_bits_len > 0):
46 * ea_bits_len + ip4_prefix < 32
47 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
49 * Independent Shared IPv4 address (ea_bits_len = 0):
52 * Rule IPv6 address = 128, Rule PSID Set
53 * Independent Full IPv4 address (ea_bits_len = 0):
55 * psid_length = 0, ip6_prefix = 128
56 * Independent IPv4 prefix (ea_bits_len = 0):
58 * psid_length = 0, ip6_prefix = 128
63 * This code supports MAP-T:
65 * With DMR prefix length equal to 96.
71 ip4_get_port (ip4_header_t * ip, map_dir_e dir, u16 buffer_len)
73 //TODO: use buffer length
74 if (ip->ip_version_and_header_length != 0x45 ||
75 ip4_get_fragment_offset (ip))
78 if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
79 (ip->protocol == IP_PROTOCOL_UDP)))
81 udp_header_t *udp = (void *) (ip + 1);
82 return (dir == MAP_SENDER) ? udp->src_port : udp->dst_port;
84 else if (ip->protocol == IP_PROTOCOL_ICMP)
86 icmp46_header_t *icmp = (void *) (ip + 1);
87 if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
89 return *((u16 *) (icmp + 1));
91 else if (clib_net_to_host_u16 (ip->length) >= 64)
93 ip = (ip4_header_t *) (icmp + 2);
94 if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
95 (ip->protocol == IP_PROTOCOL_UDP)))
97 udp_header_t *udp = (void *) (ip + 1);
98 return (dir == MAP_SENDER) ? udp->dst_port : udp->src_port;
100 else if (ip->protocol == IP_PROTOCOL_ICMP)
102 icmp46_header_t *icmp = (void *) (ip + 1);
103 if (icmp->type == ICMP4_echo_request ||
104 icmp->type == ICMP4_echo_reply)
106 return *((u16 *) (icmp + 1));
115 ip6_get_port (ip6_header_t * ip6, map_dir_e dir, u16 buffer_len)
122 if (ip6_parse (ip6, buffer_len, &l4_protocol, &l4_offset, &frag_offset))
125 //TODO: Use buffer length
128 ip6_frag_hdr_offset (((ip6_frag_hdr_t *)
129 u8_ptr_add (ip6, frag_offset))))
130 return -1; //Can't deal with non-first fragment for now
132 l4 = u8_ptr_add (ip6, l4_offset);
133 if (l4_protocol == IP_PROTOCOL_TCP || l4_protocol == IP_PROTOCOL_UDP)
136 MAP_SENDER) ? ((udp_header_t *) (l4))->src_port : ((udp_header_t
140 else if (l4_protocol == IP_PROTOCOL_ICMP6)
142 icmp46_header_t *icmp = (icmp46_header_t *) (l4);
143 if (icmp->type == ICMP6_echo_request)
145 return (dir == MAP_SENDER) ? ((u16 *) (icmp))[2] : -1;
147 else if (icmp->type == ICMP6_echo_reply)
149 return (dir == MAP_SENDER) ? -1 : ((u16 *) (icmp))[2];
157 map_create_domain (ip4_address_t * ip4_prefix,
159 ip6_address_t * ip6_prefix,
161 ip6_address_t * ip6_src,
165 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
167 u8 suffix_len, suffix_shift;
168 map_main_t *mm = &map_main;
169 dpo_id_t dpo_v4 = DPO_NULL;
170 dpo_id_t dpo_v6 = DPO_NULL;
171 fib_node_index_t fei;
174 /* Sanity check on the src prefix length */
175 if (flags & MAP_DOMAIN_TRANSLATION)
177 if (ip6_src_len != 96)
179 clib_warning ("MAP-T only supports ip6_src_len = 96 for now.");
185 if (ip6_src_len != 128)
188 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
194 /* How many, and which bits to grab from the IPv4 DA */
195 if (ip4_prefix_len + ea_bits_len < 32)
197 flags |= MAP_DOMAIN_PREFIX;
198 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
199 suffix_len = ea_bits_len;
204 suffix_len = 32 - ip4_prefix_len;
207 /* EA bits must be within the first 64 bits */
208 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
209 ip6_prefix_len + suffix_len + psid_length > 64))
212 ("Embedded Address bits must be within the first 64 bits of "
217 /* Get domain index */
218 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
219 memset (d, 0, sizeof (*d));
220 *map_domain_index = d - mm->domains;
222 /* Init domain struct */
223 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
224 d->ip4_prefix_len = ip4_prefix_len;
225 d->ip6_prefix = *ip6_prefix;
226 d->ip6_prefix_len = ip6_prefix_len;
227 d->ip6_src = *ip6_src;
228 d->ip6_src_len = ip6_src_len;
229 d->ea_bits_len = ea_bits_len;
230 d->psid_offset = psid_offset;
231 d->psid_length = psid_length;
234 d->suffix_shift = suffix_shift;
235 d->suffix_mask = (1 << suffix_len) - 1;
237 d->psid_shift = 16 - psid_length - psid_offset;
238 d->psid_mask = (1 << d->psid_length) - 1;
239 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
241 /* MAP data-plane object */
242 if (d->flags & MAP_DOMAIN_TRANSLATION)
243 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
245 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
247 /* Create ip4 route */
249 .fp_proto = FIB_PROTOCOL_IP4,
250 .fp_len = d->ip4_prefix_len,
252 .ip4 = d->ip4_prefix,
256 fib_table_entry_special_dpo_add (0, &pfx,
258 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
262 * Multiple MAP domains may share same source IPv6 TEP.
263 * In this case the route will exist and be MAP sourced.
264 * Find the adj (if any) already contributed and modify it
266 fib_prefix_t pfx6 = {
267 .fp_proto = FIB_PROTOCOL_IP6,
268 .fp_len = d->ip6_src_len,
274 fei = fib_table_lookup_exact_match (0, &pfx6);
276 if (FIB_NODE_INDEX_INVALID != fei)
278 dpo_id_t dpo = DPO_NULL;
280 if (fib_entry_get_dpo_for_source (fei, FIB_SOURCE_MAP, &dpo))
283 * modify the existing MAP to indicate it's shared
286 const dpo_id_t *md_dpo;
289 ASSERT (DPO_LOAD_BALANCE == dpo.dpoi_type);
291 md_dpo = load_balance_get_bucket (dpo.dpoi_index, 0);
292 md = map_dpo_get (md_dpo->dpoi_index);
295 dpo_copy (&dpo_v6, md_dpo);
302 if (d->flags & MAP_DOMAIN_TRANSLATION)
303 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
305 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
309 * Create ip6 route. This is a reference counted add. If the prefix
310 * already exists and is MAP sourced, it is now MAP source n+1 times
311 * and will need to be removed n+1 times.
313 fib_table_entry_special_dpo_add (0, &pfx6,
315 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
318 /* Validate packet/byte counters */
319 map_domain_counter_lock (mm);
321 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
323 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
325 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
328 for (i = 0; i < vec_len (mm->domain_counters); i++)
330 vlib_validate_combined_counter (&mm->domain_counters[i],
332 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
334 map_domain_counter_unlock (mm);
343 map_delete_domain (u32 map_domain_index)
345 map_main_t *mm = &map_main;
348 if (pool_is_free_index (mm->domains, map_domain_index))
350 clib_warning ("MAP domain delete: domain does not exist: %d",
355 d = pool_elt_at_index (mm->domains, map_domain_index);
358 .fp_proto = FIB_PROTOCOL_IP4,
359 .fp_len = d->ip4_prefix_len,
361 .ip4 = d->ip4_prefix,
365 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
367 fib_prefix_t pfx6 = {
368 .fp_proto = FIB_PROTOCOL_IP6,
369 .fp_len = d->ip6_src_len,
375 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
379 clib_mem_free (d->rules);
381 pool_put (mm->domains, d);
387 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
391 map_main_t *mm = &map_main;
393 if (pool_is_free_index (mm->domains, map_domain_index))
395 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
398 d = pool_elt_at_index (mm->domains, map_domain_index);
400 /* Rules are only used in 1:1 independent case */
401 if (d->ea_bits_len > 0)
406 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
407 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
410 memset (d->rules, 0, l);
413 if (psid >= (0x1 << d->psid_length))
415 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
416 0x1 << d->psid_length);
422 d->rules[psid] = *tep;
426 memset (&d->rules[psid], 0, sizeof (ip6_address_t));
431 #ifdef MAP_SKIP_IP6_LOOKUP
433 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6)
435 map_main_t *mm = &map_main;
436 ip6_main_t *im6 = &ip6_main;
438 if (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0)
441 mm->adj6_index = ip6_fib_table_fwding_lookup (im6, 0, ip6);
442 clib_warning ("FIB lookup results in: %u", mm->adj6_index);
444 if (ip4->as_u32 != 0)
447 mm->adj4_index = ip4_fib_table_lookup_lb (0, ip4);
448 clib_warning ("FIB lookup results in: %u", mm->adj4_index);
453 static clib_error_t *
454 map_security_check_command_fn (vlib_main_t * vm,
455 unformat_input_t * input,
456 vlib_cli_command_t * cmd)
458 unformat_input_t _line_input, *line_input = &_line_input;
459 map_main_t *mm = &map_main;
460 /* Get a line of input. */
461 if (!unformat_user (input, unformat_line_input, line_input))
464 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
466 if (unformat (line_input, "off"))
467 mm->sec_check = false;
468 else if (unformat (line_input, "on"))
469 mm->sec_check = true;
471 return clib_error_return (0, "unknown input `%U'",
472 format_unformat_error, input);
474 unformat_free (line_input);
478 static clib_error_t *
479 map_security_check_frag_command_fn (vlib_main_t * vm,
480 unformat_input_t * input,
481 vlib_cli_command_t * cmd)
483 unformat_input_t _line_input, *line_input = &_line_input;
484 map_main_t *mm = &map_main;
485 /* Get a line of input. */
486 if (!unformat_user (input, unformat_line_input, line_input))
489 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
491 if (unformat (line_input, "off"))
492 mm->sec_check_frag = false;
493 else if (unformat (line_input, "on"))
494 mm->sec_check_frag = true;
496 return clib_error_return (0, "unknown input `%U'",
497 format_unformat_error, input);
499 unformat_free (line_input);
503 static clib_error_t *
504 map_add_domain_command_fn (vlib_main_t * vm,
505 unformat_input_t * input, vlib_cli_command_t * cmd)
507 unformat_input_t _line_input, *line_input = &_line_input;
508 ip4_address_t ip4_prefix;
509 ip6_address_t ip6_prefix;
510 ip6_address_t ip6_src;
511 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
513 /* Optional arguments */
514 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
519 /* Get a line of input. */
520 if (!unformat_user (input, unformat_line_input, line_input))
523 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
526 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
531 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
536 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
541 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
543 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
545 else if (unformat (line_input, "psid-offset %d", &psid_offset))
547 else if (unformat (line_input, "psid-len %d", &psid_length))
549 else if (unformat (line_input, "mtu %d", &mtu))
551 else if (unformat (line_input, "map-t"))
552 flags |= MAP_DOMAIN_TRANSLATION;
554 return clib_error_return (0, "unknown input `%U'",
555 format_unformat_error, input);
557 unformat_free (line_input);
560 return clib_error_return (0, "mandatory argument(s) missing");
562 map_create_domain (&ip4_prefix, ip4_prefix_len,
563 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
564 ea_bits_len, psid_offset, psid_length, &map_domain_index,
570 static clib_error_t *
571 map_del_domain_command_fn (vlib_main_t * vm,
572 unformat_input_t * input, vlib_cli_command_t * cmd)
574 unformat_input_t _line_input, *line_input = &_line_input;
576 u32 map_domain_index;
578 /* Get a line of input. */
579 if (!unformat_user (input, unformat_line_input, line_input))
582 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
584 if (unformat (line_input, "index %d", &map_domain_index))
587 return clib_error_return (0, "unknown input `%U'",
588 format_unformat_error, input);
590 unformat_free (line_input);
593 return clib_error_return (0, "mandatory argument(s) missing");
595 map_delete_domain (map_domain_index);
600 static clib_error_t *
601 map_add_rule_command_fn (vlib_main_t * vm,
602 unformat_input_t * input, vlib_cli_command_t * cmd)
604 unformat_input_t _line_input, *line_input = &_line_input;
607 u32 psid = 0, map_domain_index;
609 /* Get a line of input. */
610 if (!unformat_user (input, unformat_line_input, line_input))
613 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
615 if (unformat (line_input, "index %d", &map_domain_index))
617 else if (unformat (line_input, "psid %d", &psid))
620 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
623 return clib_error_return (0, "unknown input `%U'",
624 format_unformat_error, input);
626 unformat_free (line_input);
629 return clib_error_return (0, "mandatory argument(s) missing");
631 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
633 return clib_error_return (0, "Failing to add Mapping Rule");
638 #if MAP_SKIP_IP6_LOOKUP
639 static clib_error_t *
640 map_pre_resolve_command_fn (vlib_main_t * vm,
641 unformat_input_t * input,
642 vlib_cli_command_t * cmd)
644 unformat_input_t _line_input, *line_input = &_line_input;
647 map_main_t *mm = &map_main;
649 memset (&ip4nh, 0, sizeof (ip4nh));
650 memset (&ip6nh, 0, sizeof (ip6nh));
652 /* Get a line of input. */
653 if (!unformat_user (input, unformat_line_input, line_input))
656 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
658 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
659 mm->preresolve_ip4 = ip4nh;
661 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
662 mm->preresolve_ip6 = ip6nh;
664 return clib_error_return (0, "unknown input `%U'",
665 format_unformat_error, input);
667 unformat_free (line_input);
669 map_pre_resolve (&ip4nh, &ip6nh);
675 static clib_error_t *
676 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
677 unformat_input_t * input,
678 vlib_cli_command_t * cmd)
680 unformat_input_t _line_input, *line_input = &_line_input;
681 ip4_address_t icmp_src_address;
682 map_main_t *mm = &map_main;
684 mm->icmp4_src_address.as_u32 = 0;
686 /* Get a line of input. */
687 if (!unformat_user (input, unformat_line_input, line_input))
690 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
693 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
694 mm->icmp4_src_address = icmp_src_address;
696 return clib_error_return (0, "unknown input `%U'",
697 format_unformat_error, input);
699 unformat_free (line_input);
704 static clib_error_t *
705 map_icmp_unreachables_command_fn (vlib_main_t * vm,
706 unformat_input_t * input,
707 vlib_cli_command_t * cmd)
709 unformat_input_t _line_input, *line_input = &_line_input;
710 map_main_t *mm = &map_main;
713 /* Get a line of input. */
714 if (!unformat_user (input, unformat_line_input, line_input))
717 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
720 if (unformat (line_input, "on"))
721 mm->icmp6_enabled = true;
722 else if (unformat (line_input, "off"))
723 mm->icmp6_enabled = false;
725 return clib_error_return (0, "unknown input `%U'",
726 format_unformat_error, input);
728 unformat_free (line_input);
732 return clib_error_return (0, "mandatory argument(s) missing");
737 static clib_error_t *
738 map_fragment_command_fn (vlib_main_t * vm,
739 unformat_input_t * input, vlib_cli_command_t * cmd)
741 unformat_input_t _line_input, *line_input = &_line_input;
742 map_main_t *mm = &map_main;
744 /* Get a line of input. */
745 if (!unformat_user (input, unformat_line_input, line_input))
748 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
750 if (unformat (line_input, "inner"))
751 mm->frag_inner = true;
752 else if (unformat (line_input, "outer"))
753 mm->frag_inner = false;
755 return clib_error_return (0, "unknown input `%U'",
756 format_unformat_error, input);
758 unformat_free (line_input);
763 static clib_error_t *
764 map_fragment_df_command_fn (vlib_main_t * vm,
765 unformat_input_t * input,
766 vlib_cli_command_t * cmd)
768 unformat_input_t _line_input, *line_input = &_line_input;
769 map_main_t *mm = &map_main;
771 /* Get a line of input. */
772 if (!unformat_user (input, unformat_line_input, line_input))
775 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
777 if (unformat (line_input, "on"))
778 mm->frag_ignore_df = true;
779 else if (unformat (line_input, "off"))
780 mm->frag_ignore_df = false;
782 return clib_error_return (0, "unknown input `%U'",
783 format_unformat_error, input);
785 unformat_free (line_input);
790 static clib_error_t *
791 map_traffic_class_command_fn (vlib_main_t * vm,
792 unformat_input_t * input,
793 vlib_cli_command_t * cmd)
795 unformat_input_t _line_input, *line_input = &_line_input;
796 map_main_t *mm = &map_main;
801 /* Get a line of input. */
802 if (!unformat_user (input, unformat_line_input, line_input))
805 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
807 if (unformat (line_input, "copy"))
809 else if (unformat (line_input, "%x", &tc))
812 return clib_error_return (0, "unknown input `%U'",
813 format_unformat_error, input);
815 unformat_free (line_input);
821 format_map_domain (u8 * s, va_list * args)
823 map_domain_t *d = va_arg (*args, map_domain_t *);
824 bool counters = va_arg (*args, int);
825 map_main_t *mm = &map_main;
826 ip6_address_t ip6_prefix;
829 memset (&ip6_prefix, 0, sizeof (ip6_prefix));
831 ip6_prefix = d->ip6_prefix;
834 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea_bits_len %d psid-offset %d psid-len %d mtu %d %s",
836 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
837 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
838 format_ip6_address, &d->ip6_src, d->ip6_src_len,
839 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
840 (d->flags & MAP_DOMAIN_TRANSLATION) ? "map-t" : "");
844 map_domain_counter_lock (mm);
846 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
847 d - mm->domains, &v);
848 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
849 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
850 d - mm->domains, &v);
851 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
852 map_domain_counter_unlock (mm);
854 s = format (s, "\n");
860 for (i = 0; i < (0x1 << d->psid_length); i++)
863 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
866 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
874 format_map_ip4_reass (u8 * s, va_list * args)
876 map_main_t *mm = &map_main;
877 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
878 map_ip4_reass_key_t *k = &r->key;
879 f64 now = vlib_time_now (mm->vlib_main);
880 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
881 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
883 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
884 format_ip4_address, &k->src.as_u8, format_ip4_address,
885 &k->dst.as_u8, k->protocol,
886 clib_net_to_host_u16 (k->fragment_id),
887 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
892 format_map_ip6_reass (u8 * s, va_list * args)
894 map_main_t *mm = &map_main;
895 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
896 map_ip6_reass_key_t *k = &r->key;
897 f64 now = vlib_time_now (mm->vlib_main);
898 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
899 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
901 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
902 format_ip6_address, &k->src.as_u8, format_ip6_address,
903 &k->dst.as_u8, k->protocol,
904 clib_net_to_host_u32 (k->fragment_id), dt);
908 static clib_error_t *
909 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
910 vlib_cli_command_t * cmd)
912 unformat_input_t _line_input, *line_input = &_line_input;
913 map_main_t *mm = &map_main;
915 bool counters = false;
916 u32 map_domain_index = ~0;
918 /* Get a line of input. */
919 if (!unformat_user (input, unformat_line_input, line_input))
922 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
924 if (unformat (line_input, "counters"))
926 else if (unformat (line_input, "index %d", &map_domain_index))
929 return clib_error_return (0, "unknown input `%U'",
930 format_unformat_error, input);
932 unformat_free (line_input);
934 if (pool_elts (mm->domains) == 0)
935 vlib_cli_output (vm, "No MAP domains are configured...");
937 if (map_domain_index == ~0)
940 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
945 if (pool_is_free_index (mm->domains, map_domain_index))
947 return clib_error_return (0, "MAP domain does not exists %d",
951 d = pool_elt_at_index (mm->domains, map_domain_index);
952 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
958 static clib_error_t *
959 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
960 vlib_cli_command_t * cmd)
962 map_main_t *mm = &map_main;
967 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
970 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
976 map_error_counter_get (u32 node_index, map_error_t map_error)
978 vlib_main_t *vm = vlib_get_main ();
979 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
980 vlib_error_main_t *em = &vm->error_main;
981 vlib_error_t e = error_node->errors[map_error];
982 vlib_node_t *n = vlib_get_node (vm, node_index);
985 ci = vlib_error_get_code (e);
986 ASSERT (ci < n->n_errors);
987 ci += n->error_heap_index;
989 return (em->counters[ci]);
992 static clib_error_t *
993 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
994 vlib_cli_command_t * cmd)
996 map_main_t *mm = &map_main;
998 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
999 if (pool_elts (mm->domains) == 0)
1000 vlib_cli_output (vm, "No MAP domains are configured...");
1003 pool_foreach(d, mm->domains, ({
1005 rulecount+= 0x1 << d->psid_length;
1006 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1008 domains += sizeof(*d);
1013 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1014 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1015 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1016 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1018 #if MAP_SKIP_IP6_LOOKUP
1019 vlib_cli_output (vm,
1020 "MAP pre-resolve: IP6 next-hop: %U (%u), IP4 next-hop: %U (%u)\n",
1021 format_ip6_address, &mm->preresolve_ip6, mm->adj6_index,
1022 format_ip4_address, &mm->preresolve_ip4, mm->adj4_index);
1026 vlib_cli_output (vm, "MAP traffic-class: copy");
1028 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1030 vlib_cli_output (vm,
1031 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1032 mm->sec_check ? "enabled" : "disabled",
1033 mm->sec_check_frag ? "enabled" : "disabled");
1035 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1036 format_ip4_address, &mm->icmp4_src_address);
1037 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1038 mm->icmp6_enabled ? "enabled" : "disabled");
1039 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1040 mm->frag_inner ? "enabled" : "disabled");
1041 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1042 mm->frag_ignore_df ? "enabled" : "disabled");
1047 vlib_combined_counter_main_t *cm = mm->domain_counters;
1048 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1049 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1053 memset (total_pkts, 0, sizeof (total_pkts));
1054 memset (total_bytes, 0, sizeof (total_bytes));
1056 map_domain_counter_lock (mm);
1057 vec_foreach (cm, mm->domain_counters)
1059 which = cm - mm->domain_counters;
1061 for (i = 0; i < vec_len (cm->maxi); i++)
1063 vlib_get_combined_counter (cm, i, &v);
1064 total_pkts[which] += v.packets;
1065 total_bytes[which] += v.bytes;
1068 map_domain_counter_unlock (mm);
1070 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1071 total_pkts[MAP_DOMAIN_COUNTER_TX],
1072 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1073 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1074 total_pkts[MAP_DOMAIN_COUNTER_RX],
1075 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1077 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1078 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1083 static clib_error_t *
1084 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1085 vlib_cli_command_t * cmd)
1087 unformat_input_t _line_input, *line_input = &_line_input;
1089 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1091 u64 buffers = ~(0ull);
1092 u8 ip4 = 0, ip6 = 0;
1094 if (!unformat_user (input, unformat_line_input, line_input))
1097 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1099 if (unformat (line_input, "lifetime %u", &lifetime))
1101 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1103 else if (unformat (line_input, "pool-size %u", &pool_size))
1105 else if (unformat (line_input, "buffers %llu", &buffers))
1107 else if (unformat (line_input, "ip4"))
1109 else if (unformat (line_input, "ip6"))
1113 unformat_free (line_input);
1114 return clib_error_return (0, "invalid input");
1117 unformat_free (line_input);
1120 return clib_error_return (0, "must specify ip4 and/or ip6");
1124 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1125 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1126 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1127 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1128 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1129 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1130 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1131 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1132 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1133 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1134 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1135 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1136 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1141 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1142 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1143 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1144 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1145 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1146 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1147 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1148 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1149 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1150 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1151 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1152 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1153 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1158 u32 reass = 0, packets = 0;
1159 if (pool_size != ~0)
1161 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1163 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1167 vlib_cli_output (vm,
1168 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1172 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1174 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1176 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1180 vlib_cli_output (vm,
1181 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1187 if (map_ip4_reass_conf_lifetime (lifetime))
1188 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1190 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1192 if (buffers != ~(0ull))
1194 if (map_ip4_reass_conf_buffers (buffers))
1195 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1197 vlib_cli_output (vm, "Setting ip4-reass buffers");
1200 if (map_main.ip4_reass_conf_buffers >
1201 map_main.ip4_reass_conf_pool_size *
1202 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1204 vlib_cli_output (vm,
1205 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1211 u32 reass = 0, packets = 0;
1212 if (pool_size != ~0)
1214 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1216 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1220 vlib_cli_output (vm,
1221 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1225 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1227 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1229 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1233 vlib_cli_output (vm,
1234 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1240 if (map_ip6_reass_conf_lifetime (lifetime))
1241 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1243 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1245 if (buffers != ~(0ull))
1247 if (map_ip6_reass_conf_buffers (buffers))
1248 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1250 vlib_cli_output (vm, "Setting ip6-reass buffers");
1253 if (map_main.ip6_reass_conf_buffers >
1254 map_main.ip6_reass_conf_pool_size *
1255 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1257 vlib_cli_output (vm,
1258 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1267 * packet trace format function
1270 format_map_trace (u8 * s, va_list * args)
1272 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1273 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1274 map_trace_t *t = va_arg (*args, map_trace_t *);
1275 u32 map_domain_index = t->map_domain_index;
1279 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1280 clib_net_to_host_u16 (port));
1285 static_always_inline map_ip4_reass_t *
1286 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1288 map_main_t *mm = &map_main;
1289 u32 ri = mm->ip4_reass_hash_table[bucket];
1290 while (ri != MAP_REASS_INDEX_NONE)
1292 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1293 if (r->key.as_u64[0] == k->as_u64[0] &&
1294 r->key.as_u64[1] == k->as_u64[1] &&
1295 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1299 ri = r->bucket_next;
1304 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1307 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1309 map_main_t *mm = &map_main;
1310 map_ip4_reass_get_fragments (r, pi_to_drop);
1312 // Unlink in hash bucket
1313 map_ip4_reass_t *r2 = NULL;
1314 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1315 while (r2i != map_ip4_reass_pool_index (r))
1317 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1318 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1319 r2i = r2->bucket_next;
1323 r2->bucket_next = r->bucket_next;
1327 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1331 if (r->fifo_next == map_ip4_reass_pool_index (r))
1333 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1337 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1338 mm->ip4_reass_fifo_last = r->fifo_prev;
1339 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1341 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1345 pool_put (mm->ip4_reass_pool, r);
1346 mm->ip4_reass_allocated--;
1350 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1351 u8 protocol, u32 ** pi_to_drop)
1354 map_main_t *mm = &map_main;
1355 map_ip4_reass_key_t k = {.src.data_u32 = src,
1356 .dst.data_u32 = dst,
1357 .fragment_id = fragment_id,
1358 .protocol = protocol
1362 h = crc_u32 (k.as_u32[0], h);
1363 h = crc_u32 (k.as_u32[1], h);
1364 h = crc_u32 (k.as_u32[2], h);
1365 h = crc_u32 (k.as_u32[3], h);
1366 h = h >> (32 - mm->ip4_reass_ht_log2len);
1368 f64 now = vlib_time_now (mm->vlib_main);
1370 //Cache garbage collection
1371 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1373 map_ip4_reass_t *last =
1374 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1375 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1376 map_ip4_reass_free (last, pi_to_drop);
1381 if ((r = map_ip4_reass_lookup (&k, h, now)))
1384 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1387 pool_get (mm->ip4_reass_pool, r);
1388 mm->ip4_reass_allocated++;
1390 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1391 r->fragments[i] = ~0;
1393 u32 ri = map_ip4_reass_pool_index (r);
1395 //Link in new bucket
1397 r->bucket_next = mm->ip4_reass_hash_table[h];
1398 mm->ip4_reass_hash_table[h] = ri;
1401 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1404 pool_elt_at_index (mm->ip4_reass_pool,
1405 mm->ip4_reass_fifo_last)->fifo_next;
1406 r->fifo_prev = mm->ip4_reass_fifo_last;
1407 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1408 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1412 r->fifo_next = r->fifo_prev = ri;
1413 mm->ip4_reass_fifo_last = ri;
1420 #ifdef MAP_IP4_REASS_COUNT_BYTES
1421 r->expected_total = 0xffff;
1429 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1431 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1435 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1436 if (r->fragments[i] == ~0)
1438 r->fragments[i] = pi;
1439 map_main.ip4_reass_buffered_counter++;
1445 static_always_inline map_ip6_reass_t *
1446 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1448 map_main_t *mm = &map_main;
1449 u32 ri = mm->ip6_reass_hash_table[bucket];
1450 while (ri != MAP_REASS_INDEX_NONE)
1452 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1453 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1454 r->key.as_u64[0] == k->as_u64[0] &&
1455 r->key.as_u64[1] == k->as_u64[1] &&
1456 r->key.as_u64[2] == k->as_u64[2] &&
1457 r->key.as_u64[3] == k->as_u64[3] &&
1458 r->key.as_u64[4] == k->as_u64[4])
1460 ri = r->bucket_next;
1465 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1468 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1470 map_main_t *mm = &map_main;
1472 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1473 if (r->fragments[i].pi != ~0)
1475 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1476 r->fragments[i].pi = ~0;
1477 map_main.ip6_reass_buffered_counter--;
1480 // Unlink in hash bucket
1481 map_ip6_reass_t *r2 = NULL;
1482 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1483 while (r2i != map_ip6_reass_pool_index (r))
1485 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1486 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1487 r2i = r2->bucket_next;
1491 r2->bucket_next = r->bucket_next;
1495 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1499 if (r->fifo_next == map_ip6_reass_pool_index (r))
1501 //Single element in the list, list is now empty
1502 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1506 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1507 mm->ip6_reass_fifo_last = r->fifo_prev;
1508 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1510 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1514 // Free from pool if necessary
1515 pool_put (mm->ip6_reass_pool, r);
1516 mm->ip6_reass_allocated--;
1520 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1521 u8 protocol, u32 ** pi_to_drop)
1524 map_main_t *mm = &map_main;
1525 map_ip6_reass_key_t k = {
1528 .fragment_id = fragment_id,
1529 .protocol = protocol
1534 for (i = 0; i < 10; i++)
1535 h = crc_u32 (k.as_u32[i], h);
1536 h = h >> (32 - mm->ip6_reass_ht_log2len);
1538 f64 now = vlib_time_now (mm->vlib_main);
1540 //Cache garbage collection
1541 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1543 map_ip6_reass_t *last =
1544 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1545 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1546 map_ip6_reass_free (last, pi_to_drop);
1551 if ((r = map_ip6_reass_lookup (&k, h, now)))
1554 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1557 pool_get (mm->ip6_reass_pool, r);
1558 mm->ip6_reass_allocated++;
1559 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1561 r->fragments[i].pi = ~0;
1562 r->fragments[i].next_data_len = 0;
1563 r->fragments[i].next_data_offset = 0;
1566 u32 ri = map_ip6_reass_pool_index (r);
1568 //Link in new bucket
1570 r->bucket_next = mm->ip6_reass_hash_table[h];
1571 mm->ip6_reass_hash_table[h] = ri;
1574 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1577 pool_elt_at_index (mm->ip6_reass_pool,
1578 mm->ip6_reass_fifo_last)->fifo_next;
1579 r->fifo_prev = mm->ip6_reass_fifo_last;
1580 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1581 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1585 r->fifo_next = r->fifo_prev = ri;
1586 mm->ip6_reass_fifo_last = ri;
1592 r->ip4_header.ip_version_and_header_length = 0;
1593 #ifdef MAP_IP6_REASS_COUNT_BYTES
1594 r->expected_total = 0xffff;
1601 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1602 u16 data_offset, u16 next_data_offset,
1603 u8 * data_start, u16 data_len)
1605 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1606 u16 copied_len = (data_len > 20) ? 20 : data_len;
1608 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1611 //Lookup for fragments for the current buffer
1612 //and the one before that
1614 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1616 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1618 prev_f = &r->fragments[i]; // This is buffer for previous packet
1620 else if (r->fragments[i].next_data_offset == next_data_offset)
1622 f = &r->fragments[i]; // This is a buffer for the current packet
1624 else if (r->fragments[i].next_data_offset == 0)
1627 f = &r->fragments[i];
1628 else if (prev_f == NULL)
1629 prev_f = &r->fragments[i];
1633 if (!f || f->pi != ~0)
1641 clib_memcpy (prev_f->next_data, data_start, copied_len);
1642 prev_f->next_data_len = copied_len;
1643 prev_f->next_data_offset = data_offset;
1647 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1650 if (r->ip4_header.ip_version_and_header_length == 0)
1651 clib_memcpy (&r->ip4_header, data_start, sizeof (ip4_header_t));
1656 f->next_data_offset = next_data_offset;
1658 map_main.ip6_reass_buffered_counter++;
1664 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1666 map_main_t *mm = &map_main;
1669 if (dropped_packets)
1670 *dropped_packets = mm->ip4_reass_buffered_counter;
1672 *trashed_reass = mm->ip4_reass_allocated;
1673 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1675 u16 ri = mm->ip4_reass_fifo_last;
1678 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1679 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1680 if (r->fragments[i] != ~0)
1681 map_ip4_drop_pi (r->fragments[i]);
1684 pool_put (mm->ip4_reass_pool, r);
1686 while (ri != mm->ip4_reass_fifo_last);
1689 vec_free (mm->ip4_reass_hash_table);
1690 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1691 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1692 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1693 pool_free (mm->ip4_reass_pool);
1694 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1696 mm->ip4_reass_allocated = 0;
1697 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1698 mm->ip4_reass_buffered_counter = 0;
1702 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1704 u32 desired_size = (u32) (pool_size * ht_ratio);
1706 for (i = 1; i < 31; i++)
1707 if ((1 << i) >= desired_size)
1713 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1714 u32 * dropped_packets)
1716 map_main_t *mm = &map_main;
1717 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1720 map_ip4_reass_lock ();
1721 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1722 mm->ip4_reass_ht_log2len =
1723 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1724 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1725 map_ip4_reass_unlock ();
1730 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1731 u32 * dropped_packets)
1733 map_main_t *mm = &map_main;
1734 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1737 map_ip4_reass_lock ();
1738 mm->ip4_reass_conf_pool_size = pool_size;
1739 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1740 map_ip4_reass_unlock ();
1745 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1747 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1752 map_ip4_reass_conf_buffers (u32 buffers)
1754 map_main.ip4_reass_conf_buffers = buffers;
1759 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1761 map_main_t *mm = &map_main;
1762 if (dropped_packets)
1763 *dropped_packets = mm->ip6_reass_buffered_counter;
1765 *trashed_reass = mm->ip6_reass_allocated;
1767 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1769 u16 ri = mm->ip6_reass_fifo_last;
1772 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1773 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1774 if (r->fragments[i].pi != ~0)
1775 map_ip6_drop_pi (r->fragments[i].pi);
1778 pool_put (mm->ip6_reass_pool, r);
1780 while (ri != mm->ip6_reass_fifo_last);
1781 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1784 vec_free (mm->ip6_reass_hash_table);
1785 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1786 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1787 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1788 pool_free (mm->ip6_reass_pool);
1789 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1791 mm->ip6_reass_allocated = 0;
1792 mm->ip6_reass_buffered_counter = 0;
1796 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1797 u32 * dropped_packets)
1799 map_main_t *mm = &map_main;
1800 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1803 map_ip6_reass_lock ();
1804 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1805 mm->ip6_reass_ht_log2len =
1806 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1807 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1808 map_ip6_reass_unlock ();
1813 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1814 u32 * dropped_packets)
1816 map_main_t *mm = &map_main;
1817 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1820 map_ip6_reass_lock ();
1821 mm->ip6_reass_conf_pool_size = pool_size;
1822 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1823 map_ip6_reass_unlock ();
1828 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
1830 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
1835 map_ip6_reass_conf_buffers (u32 buffers)
1837 map_main.ip6_reass_conf_buffers = buffers;
1844 * Configure MAP reassembly behaviour
1847 * @cliexstart{map params reassembly}
1850 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
1851 .path = "map params reassembly",
1852 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
1853 "[pool-size <pool-size>] [buffers <buffers>] "
1854 "[ht-ratio <ht-ratio>]",
1855 .function = map_params_reass_command_fn,
1859 * Set or copy the IP TOS/Traffic Class field
1862 * @cliexstart{map params traffic-class}
1864 * This command is used to set the traffic-class field in translated
1865 * or encapsulated packets. If copy is specifed (the default) then the
1866 * traffic-class/TOS field is copied from the original packet to the
1867 * translated / encapsulating header.
1870 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
1871 .path = "map params traffic-class",
1872 .short_help = "map params traffic-class {0x0-0xff | copy}",
1873 .function = map_traffic_class_command_fn,
1877 * Bypass IP4/IP6 lookup
1880 * @cliexstart{map params pre-resolve}
1882 * Bypass a second FIB lookup of the translated or encapsulated
1883 * packet, and forward the packet directly to the specified
1884 * next-hop. This optimization trades forwarding flexibility for
1888 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
1889 .path = "map params pre-resolve",
1890 .short_help = " map params pre-resolve {ip4-nh <address>} "
1891 "| {ip6-nh <address>}",
1892 .function = map_pre_resolve_command_fn,
1896 * Enable or disable the MAP-E inbound security check
1899 * @cliexstart{map params security-check}
1901 * By default, a decapsulated packet's IPv4 source address will be
1902 * verified against the outer header's IPv6 source address. Disabling
1903 * this feature will allow IPv4 source address spoofing.
1906 VLIB_CLI_COMMAND(map_security_check_command, static) = {
1907 .path = "map params security-check",
1908 .short_help = "map params security-check on|off",
1909 .function = map_security_check_command_fn,
1913 * Specifiy the IPv4 source address used for relayed ICMP error messages
1916 * @cliexstart{map params icmp source-address}
1918 * This command specifies which IPv4 source address (must be local to
1919 * the system), that is used for relayed received IPv6 ICMP error
1923 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
1924 .path = "map params icmp source-address",
1925 .short_help = "map params icmp source-address <ip4-address>",
1926 .function = map_icmp_relay_source_address_command_fn,
1930 * Send IPv6 ICMP unreachables
1933 * @cliexstart{map params icmp6 unreachables}
1935 * Send IPv6 ICMP unreachable messages back if security check fails or
1936 * no MAP domain exists.
1939 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
1940 .path = "map params icmp6 unreachables",
1941 .short_help = "map params icmp6 unreachables {on|off}",
1942 .function = map_icmp_unreachables_command_fn,
1946 * Configure MAP fragmentation behaviour
1949 * @cliexstart{map params fragment}
1952 VLIB_CLI_COMMAND(map_fragment_command, static) = {
1953 .path = "map params fragment",
1954 .short_help = "map params fragment inner|outer",
1955 .function = map_fragment_command_fn,
1959 * Ignore the IPv4 Don't fragment bit
1962 * @cliexstart{map params fragment ignore-df}
1964 * Allows fragmentation of the IPv4 packet even if the DF bit is
1965 * set. The choice between inner or outer fragmentation of tunnel
1966 * packets is complicated. The benefit of inner fragmentation is that
1967 * the ultimate endpoint must reassemble, instead of the tunnel
1971 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
1972 .path = "map params fragment ignore-df",
1973 .short_help = "map params fragment ignore-df on|off",
1974 .function = map_fragment_df_command_fn,
1978 * Specifiy if the inbound security check should be done on fragments
1981 * @cliexstart{map params security-check fragments}
1983 * Typically the inbound on-decapsulation security check is only done
1984 * on the first packet. The packet that contains the L4
1985 * information. While a security check on every fragment is possible,
1986 * it has a cost. State must be created on the first fragment.
1989 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
1990 .path = "map params security-check fragments",
1991 .short_help = "map params security-check fragments on|off",
1992 .function = map_security_check_frag_command_fn,
1999 * @cliexstart{map add domain}
2002 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2003 .path = "map add domain",
2004 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2005 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2006 "[map-t] [mtu <mtu>]",
2007 .function = map_add_domain_command_fn,
2011 * Add MAP rule to a domain
2014 * @cliexstart{map add rule}
2017 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2018 .path = "map add rule",
2019 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2020 .function = map_add_rule_command_fn,
2027 * @cliexstart{map del domain}
2030 VLIB_CLI_COMMAND(map_del_command, static) = {
2031 .path = "map del domain",
2032 .short_help = "map del domain index <domain>",
2033 .function = map_del_domain_command_fn,
2040 * @cliexstart{show map domain}
2043 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2044 .path = "show map domain",
2045 .short_help = "show map domain index <n> [counters]",
2046 .function = show_map_domain_command_fn,
2050 * Show MAP statistics
2053 * @cliexstart{show map stats}
2056 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2057 .path = "show map stats",
2058 .short_help = "show map stats",
2059 .function = show_map_stats_command_fn,
2063 * Show MAP fragmentation information
2066 * @cliexstart{show map fragments}
2069 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2070 .path = "show map fragments",
2071 .short_help = "show map fragments",
2072 .function = show_map_fragments_command_fn,
2080 map_init (vlib_main_t * vm)
2082 map_main_t *mm = &map_main;
2083 mm->vnet_main = vnet_get_main ();
2086 #ifdef MAP_SKIP_IP6_LOOKUP
2087 memset (&mm->preresolve_ip4, 0, sizeof (mm->preresolve_ip4));
2088 memset (&mm->preresolve_ip6, 0, sizeof (mm->preresolve_ip6));
2097 /* Inbound security check */
2098 mm->sec_check = true;
2099 mm->sec_check_frag = false;
2101 /* ICMP6 Type 1, Code 5 for security check failure */
2102 mm->icmp6_enabled = false;
2104 /* Inner or outer fragmentation */
2105 mm->frag_inner = false;
2106 mm->frag_ignore_df = false;
2108 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2109 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "rx";
2110 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "tx";
2112 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2113 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2115 /* IP4 virtual reassembly */
2116 mm->ip4_reass_hash_table = 0;
2117 mm->ip4_reass_pool = 0;
2118 mm->ip4_reass_lock =
2119 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2120 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2121 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2122 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2123 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2124 mm->ip4_reass_ht_log2len =
2125 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2126 mm->ip4_reass_conf_pool_size);
2127 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2128 map_ip4_reass_reinit (NULL, NULL);
2130 /* IP6 virtual reassembly */
2131 mm->ip6_reass_hash_table = 0;
2132 mm->ip6_reass_pool = 0;
2133 mm->ip6_reass_lock =
2134 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2135 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2136 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2137 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2138 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2139 mm->ip6_reass_ht_log2len =
2140 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2141 mm->ip6_reass_conf_pool_size);
2142 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2143 map_ip6_reass_reinit (NULL, NULL);
2145 map_dpo_module_init ();
2150 VLIB_INIT_FUNCTION (map_init);
2153 * fd.io coding-style-patch-verification: ON
2156 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob