2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/fib/fib_table.h>
17 #include <vnet/dpo/drop_dpo.h>
19 #include <cnat/cnat_client.h>
20 #include <cnat/cnat_translation.h>
22 cnat_client_t *cnat_client_pool;
24 cnat_client_db_t cnat_client_db;
26 dpo_type_t cnat_client_dpo;
28 static_always_inline u8
29 cnat_client_is_clone (cnat_client_t * cc)
31 return (FIB_NODE_INDEX_INVALID == cc->cc_fei);
35 cnat_client_db_remove (cnat_client_t * cc)
37 if (ip_addr_version (&cc->cc_ip) == AF_IP4)
38 hash_unset (cnat_client_db.crd_cip4, ip_addr_v4 (&cc->cc_ip).as_u32);
40 hash_unset_mem_free (&cnat_client_db.crd_cip6, &ip_addr_v6 (&cc->cc_ip));
44 cnat_client_destroy (cnat_client_t * cc)
46 ASSERT (!cnat_client_is_clone (cc));
47 if (!(cc->flags & CNAT_FLAG_EXCLUSIVE))
49 ASSERT (fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
50 fib_table_entry_delete_index (cc->cc_fei, cnat_fib_source);
51 ASSERT (!fib_entry_is_sourced (cc->cc_fei, cnat_fib_source));
53 cnat_client_db_remove (cc);
54 dpo_reset (&cc->cc_parent);
55 pool_put (cnat_client_pool, cc);
59 cnat_client_free_by_ip (ip46_address_t * ip, u8 af)
63 cnat_client_ip4_find (&ip->ip4) : cnat_client_ip6_find (&ip->ip6));
66 if ((0 == cnat_client_uncnt_session (cc))
67 && (cc->flags & CNAT_FLAG_EXPIRES) && (0 == cc->tr_refcnt))
68 cnat_client_destroy (cc);
72 cnat_client_throttle_pool_process ()
74 /* This processes ips stored in the throttle pool
75 to update session refcounts
76 and should be called before cnat_client_free_by_ip */
77 vlib_thread_main_t *tm = vlib_get_thread_main ();
80 u32 *del_vec = NULL, *ai;
82 nthreads = tm->n_threads + 1;
83 for (int i = 0; i < nthreads; i++)
85 vec_reset_length (del_vec);
86 clib_spinlock_lock (&cnat_client_db.throttle_pool_lock[i]);
88 pool_foreach(addr, cnat_client_db.throttle_pool[i], ({
89 cc = (AF_IP4 == addr->version ?
90 cnat_client_ip4_find (&ip_addr_v4(addr)) :
91 cnat_client_ip6_find (&ip_addr_v6(addr)));
92 /* Client might not already be created */
95 cnat_client_cnt_session (cc);
96 vec_add1(del_vec, addr - cnat_client_db.throttle_pool[i]);
100 vec_foreach (ai, del_vec)
102 addr = pool_elt_at_index (cnat_client_db.throttle_pool[i], *ai);
103 pool_put (cnat_client_db.throttle_pool[i], addr);
105 clib_spinlock_unlock (&cnat_client_db.throttle_pool_lock[i]);
110 cnat_client_translation_added (index_t cci)
113 cc = cnat_client_get (cci);
114 ASSERT (!(cc->flags & CNAT_FLAG_EXPIRES));
119 cnat_client_translation_deleted (index_t cci)
123 cc = cnat_client_get (cci);
124 ASSERT (!(cc->flags & CNAT_FLAG_EXPIRES));
127 if (0 == cc->tr_refcnt && 0 == cc->session_refcnt)
128 cnat_client_destroy (cc);
132 cnat_client_db_add (cnat_client_t * cc)
136 cci = cc - cnat_client_pool;
138 if (ip_addr_version (&cc->cc_ip) == AF_IP4)
139 hash_set (cnat_client_db.crd_cip4, ip_addr_v4 (&cc->cc_ip).as_u32, cci);
141 hash_set_mem_alloc (&cnat_client_db.crd_cip6,
142 &ip_addr_v6 (&cc->cc_ip), cci);
147 cnat_client_add (const ip_address_t * ip, u8 flags)
150 dpo_id_t tmp = DPO_INVALID;
151 fib_node_index_t fei;
157 /* check again if we need this client */
158 cc = (AF_IP4 == ip->version ?
159 cnat_client_ip4_find (&ip->ip.ip4) :
160 cnat_client_ip6_find (&ip->ip.ip6));
163 return (cc - cnat_client_pool);
166 pool_get_aligned (cnat_client_pool, cc, CLIB_CACHE_LINE_BYTES);
168 cci = cc - cnat_client_pool;
169 cc->parent_cci = cci;
172 cc->session_refcnt = 0;
174 ip_address_copy (&cc->cc_ip, ip);
175 cnat_client_db_add (cc);
177 ip_address_to_fib_prefix (&cc->cc_ip, &pfx);
179 dproto = fib_proto_to_dpo (pfx.fp_proto);
180 dpo_set (&tmp, cnat_client_dpo, dproto, cci);
181 dpo_stack (cnat_client_dpo, dproto, &cc->cc_parent, drop_dpo_get (dproto));
183 fib_flags = FIB_ENTRY_FLAG_LOOSE_URPF_EXEMPT;
184 fib_flags |= (flags & CNAT_FLAG_EXCLUSIVE) ?
185 FIB_ENTRY_FLAG_EXCLUSIVE : FIB_ENTRY_FLAG_INTERPOSE;
187 fei = fib_table_entry_special_dpo_add (CNAT_FIB_TABLE,
188 &pfx, cnat_fib_source, fib_flags,
191 cc = pool_elt_at_index (cnat_client_pool, cci);
198 cnat_client_learn (const cnat_learn_arg_t * l)
200 /* RPC call to add a client from the dataplane */
203 cci = cnat_client_add (&l->addr, CNAT_FLAG_EXPIRES);
204 cc = pool_elt_at_index (cnat_client_pool, cci);
205 cnat_client_cnt_session (cc);
206 /* Process throttled calls if any */
207 cnat_client_throttle_pool_process ();
211 * Interpose a policy DPO
214 cnat_client_dpo_interpose (const dpo_id_t * original,
215 const dpo_id_t * parent, dpo_id_t * clone)
217 cnat_client_t *cc, *cc_clone;
219 pool_get_zero (cnat_client_pool, cc_clone);
220 cc = cnat_client_get (original->dpoi_index);
222 cc_clone->cc_fei = FIB_NODE_INDEX_INVALID;
223 cc_clone->parent_cci = cc->parent_cci;
224 cc_clone->flags = cc->flags;
225 ip_address_copy (&cc_clone->cc_ip, &cc->cc_ip);
227 /* stack the clone on the FIB provided parent */
228 dpo_stack (cnat_client_dpo, original->dpoi_proto, &cc_clone->cc_parent,
231 /* return the clone */
234 original->dpoi_proto, cc_clone - cnat_client_pool);
238 cnat_client_purge (void)
240 vlib_thread_main_t *tm = vlib_get_thread_main ();
242 nthreads = tm->n_threads + 1;
243 ASSERT (0 == hash_elts (cnat_client_db.crd_cip6));
244 ASSERT (0 == hash_elts (cnat_client_db.crd_cip4));
245 ASSERT (0 == pool_elts (cnat_client_pool));
246 for (int i = 0; i < nthreads; i++)
248 ASSERT (0 == pool_elts (cnat_client_db.throttle_pool[i]));
254 format_cnat_client (u8 * s, va_list * args)
256 index_t cci = va_arg (*args, index_t);
257 u32 indent = va_arg (*args, u32);
259 cnat_client_t *cc = pool_elt_at_index (cnat_client_pool, cci);
261 s = format (s, "[%d] cnat-client:[%U] tr:%d sess:%d", cci,
262 format_ip_address, &cc->cc_ip,
263 cc->tr_refcnt, cc->session_refcnt);
264 if (cc->flags & CNAT_FLAG_EXPIRES)
265 s = format (s, " expires");
267 if (cc->flags & CNAT_FLAG_EXCLUSIVE)
268 s = format (s, " exclusive");
270 if (cnat_client_is_clone (cc))
271 s = format (s, "\n%Uclone of [%d]\n%U%U",
272 format_white_space, indent + 2, cc->parent_cci,
273 format_white_space, indent + 2,
274 format_dpo_id, &cc->cc_parent, indent + 4);
280 static clib_error_t *
281 cnat_client_show (vlib_main_t * vm,
282 unformat_input_t * input, vlib_cli_command_t * cmd)
288 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
290 if (unformat (input, "%d", &cci))
293 return (clib_error_return (0, "unknown input '%U'",
294 format_unformat_error, input));
297 if (INDEX_INVALID == cci)
300 pool_foreach_index(cci, cnat_client_pool, ({
301 vlib_cli_output(vm, "%U", format_cnat_client, cci, 0);
305 vlib_cli_output (vm, "%d clients", pool_elts (cnat_client_pool));
306 vlib_cli_output (vm, "%d timestamps", pool_elts (cnat_timestamps));
310 vlib_cli_output (vm, "Invalid policy ID:%d", cci);
317 VLIB_CLI_COMMAND (cnat_client_show_cmd_node, static) = {
318 .path = "show cnat client",
319 .function = cnat_client_show,
320 .short_help = "show cnat client",
325 const static char *const cnat_client_dpo_ip4_nodes[] = {
330 const static char *const cnat_client_dpo_ip6_nodes[] = {
335 const static char *const *const cnat_client_dpo_nodes[DPO_PROTO_NUM] = {
336 [DPO_PROTO_IP4] = cnat_client_dpo_ip4_nodes,
337 [DPO_PROTO_IP6] = cnat_client_dpo_ip6_nodes,
341 cnat_client_dpo_lock (dpo_id_t * dpo)
345 cc = cnat_client_get (dpo->dpoi_index);
351 cnat_client_dpo_unlock (dpo_id_t * dpo)
355 cc = cnat_client_get (dpo->dpoi_index);
359 if (0 == cc->cc_locks)
361 ASSERT (cnat_client_is_clone (cc));
362 pool_put (cnat_client_pool, cc);
367 format_cnat_client_dpo (u8 * s, va_list * ap)
369 index_t cci = va_arg (*ap, index_t);
370 u32 indent = va_arg (*ap, u32);
372 s = format (s, "%U", format_cnat_client, cci, indent);
377 const static dpo_vft_t cnat_client_dpo_vft = {
378 .dv_lock = cnat_client_dpo_lock,
379 .dv_unlock = cnat_client_dpo_unlock,
380 .dv_format = format_cnat_client_dpo,
381 .dv_mk_interpose = cnat_client_dpo_interpose,
384 static clib_error_t *
385 cnat_client_init (vlib_main_t * vm)
387 vlib_thread_main_t *tm = vlib_get_thread_main ();
388 int nthreads = tm->n_threads + 1;
390 cnat_client_dpo = dpo_register_new_type (&cnat_client_dpo_vft,
391 cnat_client_dpo_nodes);
393 cnat_client_db.crd_cip6 = hash_create_mem (0,
394 sizeof (ip6_address_t),
397 vec_validate (cnat_client_db.throttle_pool, nthreads);
398 vec_validate (cnat_client_db.throttle_pool_lock, nthreads);
399 for (i = 0; i < nthreads; i++)
400 clib_spinlock_init (&cnat_client_db.throttle_pool_lock[i]);
405 VLIB_INIT_FUNCTION (cnat_client_init);
408 * fd.io coding-style-patch-verification: ON
411 * eval: (c-set-style "gnu")