#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vlib/vlib.h>
+#include <vnet/fib/fib_types.h>
+#include <vnet/fib/ip4_fib.h>
+#include <vnet/adj/adj.h>
+#include <vnet/map/map_dpo.h>
+#include <vnet/dpo/load_balance.h>
#define MAP_SKIP_IP6_LOOKUP 1
-typedef enum {
+typedef enum
+{
MAP_SENDER,
MAP_RECEIVER
} map_dir_e;
-int map_create_domain(ip4_address_t *ip4_prefix, u8 ip4_prefix_len,
- ip6_address_t *ip6_prefix, u8 ip6_prefix_len,
- ip6_address_t *ip6_src, u8 ip6_src_len,
- u8 ea_bits_len, u8 psid_offset, u8 psid_length,
- u32 *map_domain_index, u16 mtu, u8 flags);
-int map_delete_domain(u32 map_domain_index);
-int map_add_del_psid(u32 map_domain_index, u16 psid, ip6_address_t *tep, u8 is_add);
-u8 *format_map_trace(u8 *s, va_list *args);
-i32 ip4_get_port(ip4_header_t *ip, map_dir_e dir, u16 buffer_len);
-i32 ip6_get_port(ip6_header_t *ip6, map_dir_e dir, u16 buffer_len);
-u16 ip4_map_get_port (ip4_header_t *ip, map_dir_e dir);
-
-typedef enum __attribute__ ((__packed__)) {
- MAP_DOMAIN_PREFIX = 1 << 0,
- MAP_DOMAIN_TRANSLATION = 1 << 1, // The domain uses MAP-T
+int map_create_domain (ip4_address_t * ip4_prefix, u8 ip4_prefix_len,
+ ip6_address_t * ip6_prefix, u8 ip6_prefix_len,
+ ip6_address_t * ip6_src, u8 ip6_src_len,
+ u8 ea_bits_len, u8 psid_offset, u8 psid_length,
+ u32 * map_domain_index, u16 mtu, u8 flags);
+int map_delete_domain (u32 map_domain_index);
+int map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
+ u8 is_add);
+u8 *format_map_trace (u8 * s, va_list * args);
+i32 ip4_get_port (ip4_header_t * ip, map_dir_e dir, u16 buffer_len);
+i32 ip6_get_port (ip6_header_t * ip6, map_dir_e dir, u16 buffer_len);
+u16 ip4_map_get_port (ip4_header_t * ip, map_dir_e dir);
+
+typedef enum __attribute__ ((__packed__))
+{
+ MAP_DOMAIN_PREFIX = 1 << 0, MAP_DOMAIN_TRANSLATION = 1 << 1, // The domain uses MAP-T
} map_domain_flags_e;
/**
* In case no structure can be allocated, the fragment is dropped.
*/
-#define MAP_IP4_REASS_LIFETIME_DEFAULT (100) /* ms */
+#define MAP_IP4_REASS_LIFETIME_DEFAULT (100) /* ms */
#define MAP_IP4_REASS_HT_RATIO_DEFAULT (1.0)
-#define MAP_IP4_REASS_POOL_SIZE_DEFAULT 1024 // Number of reassembly structures
+#define MAP_IP4_REASS_POOL_SIZE_DEFAULT 1024 // Number of reassembly structures
#define MAP_IP4_REASS_BUFFERS_DEFAULT 2048
-#define MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY 5 // Number of fragment per reassembly
+#define MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY 5 // Number of fragment per reassembly
-#define MAP_IP6_REASS_LIFETIME_DEFAULT (100) /* ms */
+#define MAP_IP6_REASS_LIFETIME_DEFAULT (100) /* ms */
#define MAP_IP6_REASS_HT_RATIO_DEFAULT (1.0)
-#define MAP_IP6_REASS_POOL_SIZE_DEFAULT 1024 // Number of reassembly structures
+#define MAP_IP6_REASS_POOL_SIZE_DEFAULT 1024 // Number of reassembly structures
#define MAP_IP6_REASS_BUFFERS_DEFAULT 2048
#define MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY 5
* This structure _MUST_ be no larger than a single cache line (64 bytes).
* If more space is needed make a union of ip6_prefix and *rules, those are mutually exclusive.
*/
-typedef struct {
+typedef struct
+{
ip6_address_t ip6_src;
ip6_address_t ip6_prefix;
ip6_address_t *rules;
u8 ip4_prefix_len;
} map_domain_t;
+STATIC_ASSERT ((sizeof (map_domain_t) <= CLIB_CACHE_LINE_BYTES),
+ "MAP domain fits in one cacheline");
+
#define MAP_REASS_INDEX_NONE ((u16)0xffff)
/*
* Hash key, padded out to 16 bytes for fast compare
*/
+/* *INDENT-OFF* */
typedef union {
CLIB_PACKED (struct {
ip4_address_t src;
u64 as_u64[2];
u32 as_u32[4];
} map_ip4_reass_key_t;
+/* *INDENT-ON* */
-typedef struct {
+typedef struct
+{
map_ip4_reass_key_t key;
f64 ts;
#ifdef MAP_IP4_REASS_COUNT_BYTES
/*
* MAP domain counters
*/
-typedef enum {
+typedef enum
+{
/* Simple counters */
MAP_DOMAIN_IPV4_FRAGMENT = 0,
/* Combined counters */
/*
* main_main_t
*/
+/* *INDENT-OFF* */
typedef union {
CLIB_PACKED (struct {
ip6_address_t src;
u64 as_u64[5];
u32 as_u32[10];
} map_ip6_reass_key_t;
+/* *INDENT-OFF* */
typedef struct {
u32 pi; //Cached packet or ~0
vlib_combined_counter_main_t *domain_counters;
volatile u32 *counter_lock;
- /* Global counters */
- vlib_simple_counter_main_t icmp_relayed;
-
#ifdef MAP_SKIP_IP6_LOOKUP
/* pre-presolve */
u32 adj6_index, adj4_index;
/* Traffic class: zero, copy (~0) or fixed value */
u8 tc;
bool tc_copy;
- bool sec_check;
- bool sec_check_frag;
- bool icmp6_enabled;
+
+ bool sec_check; /* Inbound security check */
+ bool sec_check_frag; /* Inbound security check for (subsequent) fragments */
+ bool icmp6_enabled; /* Send destination unreachable for security check failure */
/* ICMPv6 -> ICMPv4 relay parameters */
ip4_address_t icmp4_src_address;
+ vlib_simple_counter_main_t icmp_relayed;
/* convenience */
vlib_main_t *vlib_main;
/*
* IPv4 encap and decap reassembly
*/
- //Conf
+ /* Configuration */
f32 ip4_reass_conf_ht_ratio; //Size of ht is 2^ceil(log2(ratio*pool_size))
u16 ip4_reass_conf_pool_size; //Max number of allocated reass structures
u16 ip4_reass_conf_lifetime_ms; //Time a reassembly struct is considered valid in ms
u32 ip4_reass_conf_buffers; //Maximum number of buffers used by ip4 reassembly
- //Runtime
+ /* Runtime */
map_ip4_reass_t *ip4_reass_pool;
u8 ip4_reass_ht_log2len; //Hash table size is 2^log2len
u16 ip4_reass_allocated;
u16 ip4_reass_fifo_last;
volatile u32 *ip4_reass_lock;
- //Counters
+ /* Counters */
u32 ip4_reass_buffered_counter;
+ bool frag_inner; /* Inner or outer fragmentation */
+ bool frag_ignore_df; /* Fragment (outer) packet even if DF is set */
+
/*
* IPv6 decap reassembly
*/
- //Conf
+ /* Configuration */
f32 ip6_reass_conf_ht_ratio; //Size of ht is 2^ceil(log2(ratio*pool_size))
u16 ip6_reass_conf_pool_size; //Max number of allocated reass structures
u16 ip6_reass_conf_lifetime_ms; //Time a reassembly struct is considered valid in ms
u32 ip6_reass_conf_buffers; //Maximum number of buffers used by ip6 reassembly
- //Runtime
+ /* Runtime */
map_ip6_reass_t *ip6_reass_pool;
u8 ip6_reass_ht_log2len; //Hash table size is 2^log2len
u16 ip6_reass_allocated;
u16 ip6_reass_fifo_last;
volatile u32 *ip6_reass_lock;
- //Counters
+ /* Counters */
u32 ip6_reass_buffered_counter;
} map_main_t;
/*
- * TODO: Remove SEC_CHECK / TRANSLATED_4TO6 / TRANSLATED_6TO4
+ * MAP Error counters/messages
*/
#define foreach_map_error \
/* Must be first. */ \
_(NONE, "valid MAP packets") \
_(BAD_PROTOCOL, "bad protocol") \
- _(WRONG_ICMP_TYPE, "wrong icmp type") \
_(SEC_CHECK, "security check failed") \
_(ENCAP_SEC_CHECK, "encap security check failed") \
_(DECAP_SEC_CHECK, "decap security check failed") \
_(FRAGMENT_MALFORMED, "fragment has unexpected format")\
_(FRAGMENT_DROPPED, "dropped cached fragment") \
_(MALFORMED, "malformed packet") \
- _(IP4_ERROR_TIME_EXPIRED, "time expired")
+ _(DF_SET, "can't fragment, DF set")
typedef enum {
#define _(sym,str) MAP_ERROR_##sym,
map_main_t map_main;
-vlib_node_registration_t ip4_map_node;
-vlib_node_registration_t ip6_map_node;
+extern vlib_node_registration_t ip4_map_node;
+extern vlib_node_registration_t ip6_map_node;
-vlib_node_registration_t ip4_map_t_node;
-vlib_node_registration_t ip4_map_t_fragmented_node;
-vlib_node_registration_t ip4_map_t_tcp_udp_node;
-vlib_node_registration_t ip4_map_t_icmp_node;
+extern vlib_node_registration_t ip4_map_t_node;
+extern vlib_node_registration_t ip4_map_t_fragmented_node;
+extern vlib_node_registration_t ip4_map_t_tcp_udp_node;
+extern vlib_node_registration_t ip4_map_t_icmp_node;
-vlib_node_registration_t ip6_map_t_node;
-vlib_node_registration_t ip6_map_t_fragmented_node;
-vlib_node_registration_t ip6_map_t_tcp_udp_node;
-vlib_node_registration_t ip6_map_t_icmp_node;
+extern vlib_node_registration_t ip6_map_t_node;
+extern vlib_node_registration_t ip6_map_t_fragmented_node;
+extern vlib_node_registration_t ip6_map_t_tcp_udp_node;
+extern vlib_node_registration_t ip6_map_t_icmp_node;
/*
* map_get_pfx
/* IPv4 prefix */
if (d->flags & MAP_DOMAIN_PREFIX)
- return (u64) (addr & ~d->suffix_mask) << 16;
+ return (u64) (addr & (0xFFFFFFFF << d->suffix_shift)) << 16;
/* Shared or full IPv4 address */
return ((u64) addr << 16) | psid;
* Get the MAP domain from an IPv4 lookup adjacency.
*/
static_always_inline map_domain_t *
-ip4_map_get_domain (u32 adj_index, u32 *map_domain_index)
+ip4_map_get_domain (u32 mdi,
+ u32 *map_domain_index)
{
map_main_t *mm = &map_main;
- ip_lookup_main_t *lm = &ip4_main.lookup_main;
- ip_adjacency_t *adj = ip_get_adjacency(lm, adj_index);
- ASSERT(adj);
- uword *p = (uword *)adj->rewrite_data;
- ASSERT(p);
- *map_domain_index = p[0];
- return pool_elt_at_index(mm->domains, p[0]);
+ map_dpo_t *md;
+
+ md = map_dpo_get(mdi);
+
+ ASSERT(md);
+ *map_domain_index = md->md_domain;
+ return pool_elt_at_index(mm->domains, *map_domain_index);
}
/*
* The IPv4 address is used otherwise.
*/
static_always_inline map_domain_t *
-ip6_map_get_domain (u32 adj_index, ip4_address_t *addr,
+ip6_map_get_domain (u32 mdi, ip4_address_t *addr,
u32 *map_domain_index, u8 *error)
{
map_main_t *mm = &map_main;
- ip4_main_t *im4 = &ip4_main;
- ip_lookup_main_t *lm4 = &ip4_main.lookup_main;
+ map_dpo_t *md;
/*
* Disable direct MAP domain lookup on decap, until the security check is updated to verify IPv4 SA.
* (That's done implicitly when MAP domain is looked up in the IPv4 FIB)
*/
#ifdef MAP_NONSHARED_DOMAIN_ENABLED
- ip_lookup_main_t *lm6 = &ip6_main.lookup_main;
- ip_adjacency_t *adj = ip_get_adjacency(lm6, adj_index);
- ASSERT(adj);
- uword *p = (uword *)adj->rewrite_data;
- ASSERT(p);
- *map_domain_index = p[0];
- if (p[0] != ~0)
- return pool_elt_at_index(mm->domains, p[0]);
-#endif
+ md = map_dpo_get(mdi);
- u32 ai = ip4_fib_lookup_with_table(im4, 0, addr, 0);
- ip_adjacency_t *adj4 = ip_get_adjacency (lm4, ai);
- if (PREDICT_TRUE(adj4->lookup_next_index == IP_LOOKUP_NEXT_MAP ||
- adj4->lookup_next_index == IP_LOOKUP_NEXT_MAP_T)) {
- uword *p = (uword *)adj4->rewrite_data;
- *map_domain_index = p[0];
+ ASSERT(md);
+ *map_domain_index = md->md_domain;
+ if (*map_domain_index != ~0)
return pool_elt_at_index(mm->domains, *map_domain_index);
- }
+#endif
+
+ u32 lbi = ip4_fib_forwarding_lookup(0, addr);
+ const dpo_id_t *dpo = load_balance_get_bucket(lbi, 0);
+ if (PREDICT_TRUE(dpo->dpoi_type == map_dpo_type ||
+ dpo->dpoi_type == map_t_dpo_type))
+ {
+ md = map_dpo_get(dpo->dpoi_index);
+ *map_domain_index = md->md_domain;
+ return pool_elt_at_index(mm->domains, *map_domain_index);
+ }
*error = MAP_ERROR_NO_DOMAIN;
return NULL;
}
vlib_put_next_frame(vm, node, next_index, n_left_to_next);
}
}
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */