2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/fib/fib_table.h>
17 #include <vnet/dpo/drop_dpo.h>
19 #include <cnat/cnat_client.h>
20 #include <cnat/cnat_translation.h>
22 cnat_client_t *cnat_client_pool;
24 cnat_client_db_t cnat_client_db;
26 dpo_type_t cnat_client_dpo;
28 static_always_inline u8
29 cnat_client_is_clone (cnat_client_t * cc)
31 return (FIB_NODE_INDEX_INVALID == cc->cc_fei);
35 cnat_client_db_remove (cnat_client_t * cc)
37 if (ip_addr_version (&cc->cc_ip) == AF_IP4)
38 hash_unset (cnat_client_db.crd_cip4, ip_addr_v4 (&cc->cc_ip).as_u32);
40 hash_unset_mem_free (&cnat_client_db.crd_cip6, &ip_addr_v6 (&cc->cc_ip));
44 cnat_client_destroy (cnat_client_t * cc)
46 ASSERT (!cnat_client_is_clone (cc));
47 if (!(cc->flags & CNAT_FLAG_EXCLUSIVE))
49 ASSERT (fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
50 fib_table_entry_delete_index (cc->cc_fei, cnat_fib_source);
51 ASSERT (!fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
53 cnat_client_db_remove (cc);
54 dpo_reset (&cc->cc_parent);
55 pool_put (cnat_client_pool, cc);
59 cnat_client_free_by_ip (ip46_address_t * ip, u8 af)
63 cnat_client_ip4_find (&ip->ip4) : cnat_client_ip6_find (&ip->ip6));
64 /* This can happen if the translation gets deleted
68 if ((0 == cnat_client_uncnt_session (cc))
69 && (cc->flags & CNAT_FLAG_EXPIRES))
70 cnat_client_destroy (cc);
74 cnat_client_throttle_pool_process ()
76 /* This processes ips stored in the throttle pool
77 to update session refcounts
78 and should be called before cnat_client_free_by_ip */
79 vlib_thread_main_t *tm = vlib_get_thread_main ();
82 u32 *del_vec = NULL, *ai;
84 nthreads = tm->n_threads + 1;
85 for (int i = 0; i < nthreads; i++)
87 vec_reset_length (del_vec);
88 clib_spinlock_lock (&cnat_client_db.throttle_pool_lock[i]);
90 pool_foreach(addr, cnat_client_db.throttle_pool[i], ({
91 cc = (AF_IP4 == addr->version ?
92 cnat_client_ip4_find (&ip_addr_v4(addr)) :
93 cnat_client_ip6_find (&ip_addr_v6(addr)));
94 /* Client might not already be created */
97 cnat_client_cnt_session (cc);
98 vec_add1(del_vec, addr - cnat_client_db.throttle_pool[i]);
102 vec_foreach (ai, del_vec)
105 addr = pool_elt_at_index (cnat_client_db.throttle_pool[i], *ai);
106 pool_put (cnat_client_db.throttle_pool[i], addr);
108 clib_spinlock_unlock (&cnat_client_db.throttle_pool_lock[i]);
113 cnat_client_translation_added (index_t cci)
116 cc = cnat_client_get (cci);
117 ASSERT (!(cc->flags & CNAT_FLAG_EXPIRES));
122 cnat_client_translation_deleted (index_t cci)
126 cc = cnat_client_get (cci);
127 ASSERT (!(cc->flags & CNAT_FLAG_EXPIRES));
130 if (0 == cc->tr_refcnt)
131 cnat_client_destroy (cc);
135 cnat_client_db_add (cnat_client_t * cc)
139 cci = cc - cnat_client_pool;
141 if (ip_addr_version (&cc->cc_ip) == AF_IP4)
142 hash_set (cnat_client_db.crd_cip4, ip_addr_v4 (&cc->cc_ip).as_u32, cci);
144 hash_set_mem_alloc (&cnat_client_db.crd_cip6,
145 &ip_addr_v6 (&cc->cc_ip), cci);
150 cnat_client_add (const ip_address_t * ip, u8 flags)
153 dpo_id_t tmp = DPO_INVALID;
154 fib_node_index_t fei;
160 /* check again if we need this client */
161 cc = (AF_IP4 == ip->version ?
162 cnat_client_ip4_find (&ip->ip.ip4) :
163 cnat_client_ip6_find (&ip->ip.ip6));
166 return (cc - cnat_client_pool);
169 pool_get_aligned (cnat_client_pool, cc, CLIB_CACHE_LINE_BYTES);
171 cci = cc - cnat_client_pool;
172 cc->parent_cci = cci;
175 ip_address_copy (&cc->cc_ip, ip);
176 cnat_client_db_add (cc);
178 ip_address_to_fib_prefix (&cc->cc_ip, &pfx);
180 dproto = fib_proto_to_dpo (pfx.fp_proto);
181 dpo_set (&tmp, cnat_client_dpo, dproto, cci);
182 dpo_stack (cnat_client_dpo, dproto, &cc->cc_parent, drop_dpo_get (dproto));
184 fib_flags = FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT;
185 fib_flags |= (flags & CNAT_FLAG_EXCLUSIVE) ?
186 FIB_ENTRY_FLAG_EXCLUSIVE : FIB_ENTRY_FLAG_INTERPOSE;
188 fei = fib_table_entry_special_dpo_add (CNAT_FIB_TABLE,
189 &pfx, cnat_fib_source, fib_flags,
192 cc = pool_elt_at_index (cnat_client_pool, cci);
199 cnat_client_learn (const cnat_learn_arg_t * l)
201 /* RPC call to add a client from the dataplane */
204 cci = cnat_client_add (&l->addr, CNAT_FLAG_EXPIRES);
205 cc = pool_elt_at_index (cnat_client_pool, cci);
206 cnat_client_cnt_session (cc);
207 /* Process throttled calls if any */
208 cnat_client_throttle_pool_process ();
212 * Interpose a policy DPO
215 cnat_client_dpo_interpose (const dpo_id_t * original,
216 const dpo_id_t * parent, dpo_id_t * clone)
218 cnat_client_t *cc, *cc_clone;
220 pool_get_zero (cnat_client_pool, cc_clone);
221 cc = cnat_client_get (original->dpoi_index);
223 cc_clone->cc_fei = FIB_NODE_INDEX_INVALID;
224 cc_clone->parent_cci = cc->parent_cci;
225 cc_clone->flags = cc->flags;
226 ip_address_copy (&cc_clone->cc_ip, &cc->cc_ip);
228 /* stack the clone on the FIB provided parent */
229 dpo_stack (cnat_client_dpo, original->dpoi_proto, &cc_clone->cc_parent,
232 /* return the clone */
235 original->dpoi_proto, cc_clone - cnat_client_pool);
239 cnat_client_purge (void)
241 ASSERT (0 == hash_elts (cnat_client_db.crd_cip6));
242 ASSERT (0 == hash_elts (cnat_client_db.crd_cip4));
243 ASSERT (0 == pool_elts (cnat_client_pool));
248 format_cnat_client (u8 * s, va_list * args)
250 index_t cci = va_arg (*args, index_t);
251 u32 indent = va_arg (*args, u32);
253 cnat_client_t *cc = pool_elt_at_index (cnat_client_pool, cci);
255 s = format (s, "[%d] cnat-client:[%U] tr:%d sess:%d", cci,
256 format_ip_address, &cc->cc_ip,
257 cc->tr_refcnt, cc->session_refcnt);
258 if (cc->flags & CNAT_FLAG_EXPIRES)
259 s = format (s, " expires");
261 if (cc->flags & CNAT_FLAG_EXCLUSIVE)
262 s = format (s, " exclusive");
264 if (cnat_client_is_clone (cc))
265 s = format (s, "\n%Uclone of [%d]\n%U%U",
266 format_white_space, indent + 2, cc->parent_cci,
267 format_white_space, indent + 2,
268 format_dpo_id, &cc->cc_parent, indent + 4);
274 static clib_error_t *
275 cnat_client_show (vlib_main_t * vm,
276 unformat_input_t * input, vlib_cli_command_t * cmd)
282 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
284 if (unformat (input, "%d", &cci))
287 return (clib_error_return (0, "unknown input '%U'",
288 format_unformat_error, input));
291 if (INDEX_INVALID == cci)
294 pool_foreach_index(cci, cnat_client_pool, ({
295 vlib_cli_output(vm, "%U", format_cnat_client, cci, 0);
299 vlib_cli_output (vm, "%d clients", pool_elts (cnat_client_pool));
300 vlib_cli_output (vm, "%d timestamps", pool_elts (cnat_timestamps));
304 vlib_cli_output (vm, "Invalid policy ID:%d", cci);
311 VLIB_CLI_COMMAND (cnat_client_show_cmd_node, static) = {
312 .path = "show cnat client",
313 .function = cnat_client_show,
314 .short_help = "show cnat client",
319 const static char *const cnat_client_dpo_ip4_nodes[] = {
324 const static char *const cnat_client_dpo_ip6_nodes[] = {
329 const static char *const *const cnat_client_dpo_nodes[DPO_PROTO_NUM] = {
330 [DPO_PROTO_IP4] = cnat_client_dpo_ip4_nodes,
331 [DPO_PROTO_IP6] = cnat_client_dpo_ip6_nodes,
335 cnat_client_dpo_lock (dpo_id_t * dpo)
339 cc = cnat_client_get (dpo->dpoi_index);
345 cnat_client_dpo_unlock (dpo_id_t * dpo)
349 cc = cnat_client_get (dpo->dpoi_index);
353 if (0 == cc->cc_locks)
355 ASSERT (cnat_client_is_clone (cc));
356 pool_put (cnat_client_pool, cc);
361 format_cnat_client_dpo (u8 * s, va_list * ap)
363 index_t cci = va_arg (*ap, index_t);
364 u32 indent = va_arg (*ap, u32);
366 s = format (s, "%U", format_cnat_client, cci, indent);
371 const static dpo_vft_t cnat_client_dpo_vft = {
372 .dv_lock = cnat_client_dpo_lock,
373 .dv_unlock = cnat_client_dpo_unlock,
374 .dv_format = format_cnat_client_dpo,
375 .dv_mk_interpose = cnat_client_dpo_interpose,
378 static clib_error_t *
379 cnat_client_init (vlib_main_t * vm)
381 vlib_thread_main_t *tm = vlib_get_thread_main ();
382 int nthreads = tm->n_threads + 1;
384 cnat_client_dpo = dpo_register_new_type (&cnat_client_dpo_vft,
385 cnat_client_dpo_nodes);
387 cnat_client_db.crd_cip6 = hash_create_mem (0,
388 sizeof (ip6_address_t),
391 vec_validate (cnat_client_db.throttle_pool, nthreads);
392 vec_validate (cnat_client_db.throttle_pool_lock, nthreads);
393 for (i = 0; i < nthreads; i++)
394 clib_spinlock_init (&cnat_client_db.throttle_pool_lock[i]);
399 VLIB_INIT_FUNCTION (cnat_client_init);
402 * fd.io coding-style-patch-verification: ON
405 * eval: (c-set-style "gnu")