4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <vppinfra/crc32.h>
22 #include <vnet/plugin/plugin.h>
23 #include <vpp/app/version.h>
29 * This code supports the following MAP modes:
31 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
32 * ea_bits_len + ip4_prefix > 32
33 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
34 * Algorithmic Full IPv4 address (ea_bits_len > 0):
35 * ea_bits_len + ip4_prefix = 32
36 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
37 * Algorithmic IPv4 prefix (ea_bits_len > 0):
38 * ea_bits_len + ip4_prefix < 32
39 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
41 * Independent Shared IPv4 address (ea_bits_len = 0):
44 * Rule IPv6 address = 128, Rule PSID Set
45 * Independent Full IPv4 address (ea_bits_len = 0):
47 * psid_length = 0, ip6_prefix = 128
48 * Independent IPv4 prefix (ea_bits_len = 0):
50 * psid_length = 0, ip6_prefix = 128
55 * This code supports MAP-T:
57 * With a DMR prefix length of 64 or 96 (RFC6052).
64 map_create_domain (ip4_address_t * ip4_prefix,
66 ip6_address_t * ip6_prefix,
68 ip6_address_t * ip6_src,
72 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
74 u8 suffix_len, suffix_shift;
75 map_main_t *mm = &map_main;
78 /* How many, and which bits to grab from the IPv4 DA */
79 if (ip4_prefix_len + ea_bits_len < 32)
81 flags |= MAP_DOMAIN_PREFIX;
82 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
83 suffix_len = ea_bits_len;
88 suffix_len = 32 - ip4_prefix_len;
91 /* EA bits must be within the first 64 bits */
92 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
93 ip6_prefix_len + suffix_len + psid_length > 64))
96 ("Embedded Address bits must be within the first 64 bits of "
101 /* Get domain index */
102 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
103 clib_memset (d, 0, sizeof (*d));
104 *map_domain_index = d - mm->domains;
106 /* Init domain struct */
107 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
108 d->ip4_prefix_len = ip4_prefix_len;
109 d->ip6_prefix = *ip6_prefix;
110 d->ip6_prefix_len = ip6_prefix_len;
111 d->ip6_src = *ip6_src;
112 d->ip6_src_len = ip6_src_len;
113 d->ea_bits_len = ea_bits_len;
114 d->psid_offset = psid_offset;
115 d->psid_length = psid_length;
118 d->suffix_shift = suffix_shift;
119 d->suffix_mask = (1 << suffix_len) - 1;
121 d->psid_shift = 16 - psid_length - psid_offset;
122 d->psid_mask = (1 << d->psid_length) - 1;
123 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
125 /* MAP longest match lookup table (input feature / FIB) */
126 mm->ip4_prefix_tbl->add (mm->ip4_prefix_tbl, &d->ip4_prefix,
127 d->ip4_prefix_len, *map_domain_index);
129 /* Really needed? Or always use FIB? */
130 mm->ip6_src_prefix_tbl->add (mm->ip6_src_prefix_tbl, &d->ip6_src,
131 d->ip6_src_len, *map_domain_index);
133 /* Validate packet/byte counters */
134 map_domain_counter_lock (mm);
136 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
138 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
140 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
143 for (i = 0; i < vec_len (mm->domain_counters); i++)
145 vlib_validate_combined_counter (&mm->domain_counters[i],
147 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
149 map_domain_counter_unlock (mm);
158 map_delete_domain (u32 map_domain_index)
160 map_main_t *mm = &map_main;
163 if (pool_is_free_index (mm->domains, map_domain_index))
165 clib_warning ("MAP domain delete: domain does not exist: %d",
170 d = pool_elt_at_index (mm->domains, map_domain_index);
171 mm->ip4_prefix_tbl->delete (mm->ip4_prefix_tbl, &d->ip4_prefix,
173 mm->ip6_src_prefix_tbl->delete (mm->ip6_src_prefix_tbl, &d->ip6_src,
178 clib_mem_free (d->rules);
180 pool_put (mm->domains, d);
186 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
190 map_main_t *mm = &map_main;
192 if (pool_is_free_index (mm->domains, map_domain_index))
194 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
197 d = pool_elt_at_index (mm->domains, map_domain_index);
199 /* Rules are only used in 1:1 independent case */
200 if (d->ea_bits_len > 0)
205 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
206 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
209 clib_memset (d->rules, 0, l);
212 if (psid >= (0x1 << d->psid_length))
214 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
215 0x1 << d->psid_length);
221 d->rules[psid] = *tep;
225 clib_memset (&d->rules[psid], 0, sizeof (ip6_address_t));
230 #ifdef MAP_SKIP_IP6_LOOKUP
232 * Pre-resolvd per-protocol global next-hops
234 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
237 map_pre_resolve_init (map_main_pre_resolved_t * pr)
239 pr->fei = FIB_NODE_INDEX_INVALID;
240 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
244 format_map_pre_resolve (u8 * s, va_list * ap)
246 map_main_pre_resolved_t *pr = va_arg (*ap, map_main_pre_resolved_t *);
248 if (FIB_NODE_INDEX_INVALID != pr->fei)
250 const fib_prefix_t *pfx;
252 pfx = fib_entry_get_prefix (pr->fei);
254 return (format (s, "%U (%u)",
255 format_ip46_address, &pfx->fp_addr, IP46_TYPE_ANY,
256 pr->dpo.dpoi_index));
260 return (format (s, "un-set"));
266 * Function definition to inform the FIB node that its last lock has gone.
269 map_last_lock_gone (fib_node_t * node)
272 * The MAP is a root of the graph. As such
273 * it never has children and thus is never locked.
278 static map_main_pre_resolved_t *
279 map_from_fib_node (fib_node_t * node)
281 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
282 return ((map_main_pre_resolved_t *)
284 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
288 map_stack (map_main_pre_resolved_t * pr)
292 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
294 dpo_copy (&pr->dpo, dpo);
298 * Function definition to backwalk a FIB node
300 static fib_node_back_walk_rc_t
301 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
303 map_stack (map_from_fib_node (node));
305 return (FIB_NODE_BACK_WALK_CONTINUE);
309 * Function definition to get a FIB node from its index
312 map_fib_node_get (fib_node_index_t index)
314 return (&pre_resolved[index].node);
318 * Virtual function table registered by MPLS GRE tunnels
319 * for participation in the FIB object graph.
321 const static fib_node_vft_t map_vft = {
322 .fnv_get = map_fib_node_get,
323 .fnv_last_lock = map_last_lock_gone,
324 .fnv_back_walk = map_back_walk,
328 map_fib_resolve (map_main_pre_resolved_t * pr,
329 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
337 pr->fei = fib_table_entry_special_add (0, // default fib
339 FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE);
340 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
345 map_fib_unresolve (map_main_pre_resolved_t * pr,
346 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
354 fib_entry_child_remove (pr->fei, pr->sibling);
356 fib_table_entry_special_remove (0, // default fib
357 &pfx, FIB_SOURCE_RR);
358 dpo_reset (&pr->dpo);
360 pr->fei = FIB_NODE_INDEX_INVALID;
361 pr->sibling = FIB_NODE_INDEX_INVALID;
365 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, bool is_del)
367 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
369 ip46_address_t addr = {
373 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
374 FIB_PROTOCOL_IP6, 128, &addr);
376 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
377 FIB_PROTOCOL_IP6, 128, &addr);
379 if (ip4 && (ip4->as_u32 != 0))
381 ip46_address_t addr = {
385 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
386 FIB_PROTOCOL_IP4, 32, &addr);
388 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
389 FIB_PROTOCOL_IP4, 32, &addr);
394 static clib_error_t *
395 map_security_check_command_fn (vlib_main_t * vm,
396 unformat_input_t * input,
397 vlib_cli_command_t * cmd)
399 unformat_input_t _line_input, *line_input = &_line_input;
400 clib_error_t *error = NULL;
402 bool check_frag = false;
403 bool saw_enable = false;
404 bool saw_frag = false;
406 /* Get a line of input. */
407 if (!unformat_user (input, unformat_line_input, line_input))
410 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
412 if (unformat (line_input, "enable"))
417 else if (unformat (line_input, "disable"))
422 else if (unformat (line_input, "fragments on"))
427 else if (unformat (line_input, "fragments off"))
434 error = clib_error_return (0, "unknown input `%U'",
435 format_unformat_error, line_input);
442 error = clib_error_return (0,
443 "Must specify enable 'enable' or 'disable'");
449 error = clib_error_return (0, "Must specify fragments 'on' or 'off'");
453 map_param_set_security_check (enable, check_frag);
456 unformat_free (line_input);
462 static clib_error_t *
463 map_add_domain_command_fn (vlib_main_t * vm,
464 unformat_input_t * input, vlib_cli_command_t * cmd)
466 unformat_input_t _line_input, *line_input = &_line_input;
467 ip4_address_t ip4_prefix;
468 ip6_address_t ip6_prefix;
469 ip6_address_t ip6_src;
470 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
472 /* Optional arguments */
473 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
477 clib_error_t *error = NULL;
479 /* Get a line of input. */
480 if (!unformat_user (input, unformat_line_input, line_input))
483 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
486 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
491 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
496 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
501 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
503 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
505 else if (unformat (line_input, "psid-offset %d", &psid_offset))
507 else if (unformat (line_input, "psid-len %d", &psid_length))
509 else if (unformat (line_input, "mtu %d", &mtu))
513 error = clib_error_return (0, "unknown input `%U'",
514 format_unformat_error, line_input);
521 error = clib_error_return (0, "mandatory argument(s) missing");
525 map_create_domain (&ip4_prefix, ip4_prefix_len,
526 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
527 ea_bits_len, psid_offset, psid_length, &map_domain_index,
531 unformat_free (line_input);
536 static clib_error_t *
537 map_del_domain_command_fn (vlib_main_t * vm,
538 unformat_input_t * input, vlib_cli_command_t * cmd)
540 unformat_input_t _line_input, *line_input = &_line_input;
542 u32 map_domain_index;
543 clib_error_t *error = NULL;
545 /* Get a line of input. */
546 if (!unformat_user (input, unformat_line_input, line_input))
549 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
551 if (unformat (line_input, "index %d", &map_domain_index))
555 error = clib_error_return (0, "unknown input `%U'",
556 format_unformat_error, line_input);
563 error = clib_error_return (0, "mandatory argument(s) missing");
567 map_delete_domain (map_domain_index);
570 unformat_free (line_input);
575 static clib_error_t *
576 map_add_rule_command_fn (vlib_main_t * vm,
577 unformat_input_t * input, vlib_cli_command_t * cmd)
579 unformat_input_t _line_input, *line_input = &_line_input;
582 u32 psid = 0, map_domain_index;
583 clib_error_t *error = NULL;
585 /* Get a line of input. */
586 if (!unformat_user (input, unformat_line_input, line_input))
589 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
591 if (unformat (line_input, "index %d", &map_domain_index))
593 else if (unformat (line_input, "psid %d", &psid))
596 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
600 error = clib_error_return (0, "unknown input `%U'",
601 format_unformat_error, line_input);
608 error = clib_error_return (0, "mandatory argument(s) missing");
612 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
614 error = clib_error_return (0, "Failing to add Mapping Rule");
619 unformat_free (line_input);
624 #if MAP_SKIP_IP6_LOOKUP
625 static clib_error_t *
626 map_pre_resolve_command_fn (vlib_main_t * vm,
627 unformat_input_t * input,
628 vlib_cli_command_t * cmd)
630 unformat_input_t _line_input, *line_input = &_line_input;
631 ip4_address_t ip4nh, *p_v4 = NULL;
632 ip6_address_t ip6nh, *p_v6 = NULL;
633 clib_error_t *error = NULL;
636 clib_memset (&ip4nh, 0, sizeof (ip4nh));
637 clib_memset (&ip6nh, 0, sizeof (ip6nh));
639 /* Get a line of input. */
640 if (!unformat_user (input, unformat_line_input, line_input))
643 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
645 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
648 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
650 else if (unformat (line_input, "del"))
654 error = clib_error_return (0, "unknown input `%U'",
655 format_unformat_error, line_input);
660 map_pre_resolve (p_v4, p_v6, is_del);
663 unformat_free (line_input);
669 static clib_error_t *
670 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
671 unformat_input_t * input,
672 vlib_cli_command_t * cmd)
674 unformat_input_t _line_input, *line_input = &_line_input;
675 ip4_address_t icmp_src_address;
676 ip4_address_t *p_icmp_addr = 0;
677 map_main_t *mm = &map_main;
678 clib_error_t *error = NULL;
680 mm->icmp4_src_address.as_u32 = 0;
682 /* Get a line of input. */
683 if (!unformat_user (input, unformat_line_input, line_input))
686 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
689 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
691 mm->icmp4_src_address = icmp_src_address;
692 p_icmp_addr = &icmp_src_address;
696 error = clib_error_return (0, "unknown input `%U'",
697 format_unformat_error, line_input);
702 map_param_set_icmp (p_icmp_addr);
705 unformat_free (line_input);
710 static clib_error_t *
711 map_icmp_unreachables_command_fn (vlib_main_t * vm,
712 unformat_input_t * input,
713 vlib_cli_command_t * cmd)
715 unformat_input_t _line_input, *line_input = &_line_input;
717 clib_error_t *error = NULL;
718 bool enabled = false;
720 /* Get a line of input. */
721 if (!unformat_user (input, unformat_line_input, line_input))
724 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
727 if (unformat (line_input, "on"))
729 else if (unformat (line_input, "off"))
733 error = clib_error_return (0, "unknown input `%U'",
734 format_unformat_error, line_input);
741 error = clib_error_return (0, "mandatory argument(s) missing");
744 map_param_set_icmp6 (enabled);
747 unformat_free (line_input);
753 static clib_error_t *
754 map_fragment_command_fn (vlib_main_t * vm,
755 unformat_input_t * input, vlib_cli_command_t * cmd)
757 unformat_input_t _line_input, *line_input = &_line_input;
758 clib_error_t *error = NULL;
759 bool frag_inner = false;
760 bool frag_ignore_df = false;
761 bool saw_in_out = false;
764 /* Get a line of input. */
765 if (!unformat_user (input, unformat_line_input, line_input))
768 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
770 if (unformat (line_input, "inner"))
775 else if (unformat (line_input, "outer"))
780 else if (unformat (line_input, "ignore-df"))
782 frag_ignore_df = true;
785 else if (unformat (line_input, "honor-df"))
787 frag_ignore_df = false;
792 error = clib_error_return (0, "unknown input `%U'",
793 format_unformat_error, line_input);
800 error = clib_error_return (0, "Must specify 'inner' or 'outer'");
806 error = clib_error_return (0, "Must specify 'ignore-df' or 'honor-df'");
810 map_param_set_fragmentation (frag_inner, frag_ignore_df);
813 unformat_free (line_input);
818 static clib_error_t *
819 map_traffic_class_command_fn (vlib_main_t * vm,
820 unformat_input_t * input,
821 vlib_cli_command_t * cmd)
823 unformat_input_t _line_input, *line_input = &_line_input;
825 clib_error_t *error = NULL;
826 bool tc_copy = false;
829 /* Get a line of input. */
830 if (!unformat_user (input, unformat_line_input, line_input))
833 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
835 if (unformat (line_input, "copy"))
837 else if (unformat (line_input, "%x", &tc))
841 error = clib_error_return (0, "unknown input `%U'",
842 format_unformat_error, line_input);
847 map_param_set_traffic_class (tc_copy, tc);
850 unformat_free (line_input);
856 map_flags_to_string (u32 flags)
858 if (flags & MAP_DOMAIN_PREFIX)
864 format_map_domain (u8 * s, va_list * args)
866 map_domain_t *d = va_arg (*args, map_domain_t *);
867 bool counters = va_arg (*args, int);
868 map_main_t *mm = &map_main;
869 ip6_address_t ip6_prefix;
872 clib_memset (&ip6_prefix, 0, sizeof (ip6_prefix));
874 ip6_prefix = d->ip6_prefix;
877 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea-bits-len %d "
878 "psid-offset %d psid-len %d mtu %d %s",
880 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
881 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
882 format_ip6_address, &d->ip6_src, d->ip6_src_len,
883 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
884 map_flags_to_string (d->flags));
888 map_domain_counter_lock (mm);
890 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
891 d - mm->domains, &v);
892 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
893 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
894 d - mm->domains, &v);
895 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
896 map_domain_counter_unlock (mm);
898 s = format (s, "\n");
904 for (i = 0; i < (0x1 << d->psid_length); i++)
907 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
910 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
918 format_map_ip4_reass (u8 * s, va_list * args)
920 map_main_t *mm = &map_main;
921 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
922 map_ip4_reass_key_t *k = &r->key;
923 f64 now = vlib_time_now (mm->vlib_main);
924 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
925 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
927 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
928 format_ip4_address, &k->src.as_u8, format_ip4_address,
929 &k->dst.as_u8, k->protocol,
930 clib_net_to_host_u16 (k->fragment_id),
931 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
936 format_map_ip6_reass (u8 * s, va_list * args)
938 map_main_t *mm = &map_main;
939 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
940 map_ip6_reass_key_t *k = &r->key;
941 f64 now = vlib_time_now (mm->vlib_main);
942 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
943 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
945 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
946 format_ip6_address, &k->src.as_u8, format_ip6_address,
947 &k->dst.as_u8, k->protocol,
948 clib_net_to_host_u32 (k->fragment_id), dt);
952 static clib_error_t *
953 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
954 vlib_cli_command_t * cmd)
956 unformat_input_t _line_input, *line_input = &_line_input;
957 map_main_t *mm = &map_main;
959 bool counters = false;
960 u32 map_domain_index = ~0;
961 clib_error_t *error = NULL;
963 /* Get a line of input. */
964 if (!unformat_user (input, unformat_line_input, line_input))
967 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
969 if (unformat (line_input, "counters"))
971 else if (unformat (line_input, "index %d", &map_domain_index))
975 error = clib_error_return (0, "unknown input `%U'",
976 format_unformat_error, line_input);
981 if (pool_elts (mm->domains) == 0)
982 vlib_cli_output (vm, "No MAP domains are configured...");
984 if (map_domain_index == ~0)
987 pool_foreach(d, mm->domains,
988 ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
993 if (pool_is_free_index (mm->domains, map_domain_index))
995 error = clib_error_return (0, "MAP domain does not exists %d",
1000 d = pool_elt_at_index (mm->domains, map_domain_index);
1001 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1005 unformat_free (line_input);
1010 static clib_error_t *
1011 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1012 vlib_cli_command_t * cmd)
1014 map_main_t *mm = &map_main;
1015 map_ip4_reass_t *f4;
1016 map_ip6_reass_t *f6;
1019 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1022 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1028 map_error_counter_get (u32 node_index, map_error_t map_error)
1030 vlib_main_t *vm = vlib_get_main ();
1031 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1032 vlib_error_main_t *em = &vm->error_main;
1033 vlib_error_t e = error_node->errors[map_error];
1034 vlib_node_t *n = vlib_get_node (vm, node_index);
1037 ci = vlib_error_get_code (e);
1038 ASSERT (ci < n->n_errors);
1039 ci += n->error_heap_index;
1041 return (em->counters[ci]);
1044 static clib_error_t *
1045 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1046 vlib_cli_command_t * cmd)
1048 map_main_t *mm = &map_main;
1050 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1051 if (pool_elts (mm->domains) == 0)
1053 vlib_cli_output (vm, "No MAP domains are configured...");
1058 pool_foreach(d, mm->domains, ({
1060 rulecount+= 0x1 << d->psid_length;
1061 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1063 domains += sizeof(*d);
1068 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1069 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1070 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1071 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1073 #if MAP_SKIP_IP6_LOOKUP
1074 vlib_cli_output (vm,
1075 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1076 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1077 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1082 vlib_cli_output (vm, "MAP traffic-class: copy");
1084 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1087 vlib_cli_output (vm, "MAP TCP MSS clamping: %u", mm->tcp_mss);
1089 vlib_cli_output (vm,
1090 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1091 mm->sec_check ? "enabled" : "disabled",
1092 mm->sec_check_frag ? "enabled" : "disabled");
1094 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1095 format_ip4_address, &mm->icmp4_src_address);
1096 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1097 mm->icmp6_enabled ? "enabled" : "disabled");
1098 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1099 mm->frag_inner ? "enabled" : "disabled");
1100 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1101 mm->frag_ignore_df ? "enabled" : "disabled");
1106 vlib_combined_counter_main_t *cm = mm->domain_counters;
1107 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1108 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1112 clib_memset (total_pkts, 0, sizeof (total_pkts));
1113 clib_memset (total_bytes, 0, sizeof (total_bytes));
1115 map_domain_counter_lock (mm);
1116 vec_foreach (cm, mm->domain_counters)
1118 which = cm - mm->domain_counters;
1120 for (i = 0; i < vlib_combined_counter_n_counters (cm); i++)
1122 vlib_get_combined_counter (cm, i, &v);
1123 total_pkts[which] += v.packets;
1124 total_bytes[which] += v.bytes;
1127 map_domain_counter_unlock (mm);
1129 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1130 total_pkts[MAP_DOMAIN_COUNTER_TX],
1131 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1132 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1133 total_pkts[MAP_DOMAIN_COUNTER_RX],
1134 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1136 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1137 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1142 static clib_error_t *
1143 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1144 vlib_cli_command_t * cmd)
1146 unformat_input_t _line_input, *line_input = &_line_input;
1148 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1150 u64 buffers = ~(0ull);
1151 u8 ip4 = 0, ip6 = 0;
1153 if (!unformat_user (input, unformat_line_input, line_input))
1156 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1158 if (unformat (line_input, "lifetime %u", &lifetime))
1160 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1162 else if (unformat (line_input, "pool-size %u", &pool_size))
1164 else if (unformat (line_input, "buffers %llu", &buffers))
1166 else if (unformat (line_input, "ip4"))
1168 else if (unformat (line_input, "ip6"))
1172 unformat_free (line_input);
1173 return clib_error_return (0, "invalid input");
1176 unformat_free (line_input);
1179 return clib_error_return (0, "must specify ip4 and/or ip6");
1183 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1184 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1185 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1186 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1187 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1188 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1189 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1190 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1191 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1192 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1193 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1194 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1195 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1200 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1201 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1202 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1203 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1204 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1205 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1206 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1207 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1208 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1209 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1210 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1211 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1212 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1216 u32 reass = 0, packets = 0;
1217 rv = map_param_set_reassembly (!ip4, lifetime, pool_size, buffers, ht_ratio,
1223 vlib_cli_output (vm,
1224 "Note: destroyed-reassembly=%u , dropped-fragments=%u",
1228 case MAP_ERR_BAD_POOL_SIZE:
1229 return clib_error_return (0, "Could not set reass pool-size");
1231 case MAP_ERR_BAD_HT_RATIO:
1232 return clib_error_return (0, "Could not set reass ht-log2len");
1234 case MAP_ERR_BAD_LIFETIME:
1235 return clib_error_return (0, "Could not set ip6-reass lifetime");
1237 case MAP_ERR_BAD_BUFFERS:
1238 return clib_error_return (0, "Could not set ip6-reass buffers");
1240 case MAP_ERR_BAD_BUFFERS_TOO_LARGE:
1241 return clib_error_return (0,
1242 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1249 static clib_error_t *
1250 map_if_command_fn (vlib_main_t * vm,
1251 unformat_input_t * input, vlib_cli_command_t * cmd)
1253 unformat_input_t _line_input, *line_input = &_line_input;
1254 clib_error_t *error = NULL;
1255 bool is_enable = true, is_translation = false;
1256 vnet_main_t *vnm = vnet_get_main ();
1257 u32 sw_if_index = ~0;
1259 /* Get a line of input. */
1260 if (!unformat_user (input, unformat_line_input, line_input))
1263 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1266 (line_input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index))
1268 else if (unformat (line_input, "del"))
1270 else if (unformat (line_input, "map-t"))
1271 is_translation = true;
1274 error = clib_error_return (0, "unknown input `%U'",
1275 format_unformat_error, line_input);
1281 unformat_free (line_input);
1283 if (sw_if_index == ~0)
1285 error = clib_error_return (0, "unknown interface");
1289 int rv = map_if_enable_disable (is_enable, sw_if_index, is_translation);
1292 error = clib_error_return (0, "failure enabling MAP on interface");
1300 * packet trace format function
1303 format_map_trace (u8 * s, va_list * args)
1305 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1306 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1307 map_trace_t *t = va_arg (*args, map_trace_t *);
1308 u32 map_domain_index = t->map_domain_index;
1312 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1313 clib_net_to_host_u16 (port));
1318 static_always_inline map_ip4_reass_t *
1319 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1321 map_main_t *mm = &map_main;
1322 u32 ri = mm->ip4_reass_hash_table[bucket];
1323 while (ri != MAP_REASS_INDEX_NONE)
1325 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1326 if (r->key.as_u64[0] == k->as_u64[0] &&
1327 r->key.as_u64[1] == k->as_u64[1] &&
1328 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1332 ri = r->bucket_next;
1337 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1340 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1342 map_main_t *mm = &map_main;
1343 map_ip4_reass_get_fragments (r, pi_to_drop);
1345 // Unlink in hash bucket
1346 map_ip4_reass_t *r2 = NULL;
1347 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1348 while (r2i != map_ip4_reass_pool_index (r))
1350 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1351 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1352 r2i = r2->bucket_next;
1356 r2->bucket_next = r->bucket_next;
1360 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1364 if (r->fifo_next == map_ip4_reass_pool_index (r))
1366 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1370 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1371 mm->ip4_reass_fifo_last = r->fifo_prev;
1372 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1374 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1378 pool_put (mm->ip4_reass_pool, r);
1379 mm->ip4_reass_allocated--;
1383 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1384 u8 protocol, u32 ** pi_to_drop)
1387 map_main_t *mm = &map_main;
1388 map_ip4_reass_key_t k = {.src.data_u32 = src,
1389 .dst.data_u32 = dst,
1390 .fragment_id = fragment_id,
1391 .protocol = protocol
1395 #ifdef clib_crc32c_uses_intrinsics
1396 h = clib_crc32c ((u8 *) k.as_u32, 16);
1398 u64 tmp = k.as_u32[0] ^ k.as_u32[1] ^ k.as_u32[2] ^ k.as_u32[3];
1399 h = clib_xxhash (tmp);
1401 h = h >> (32 - mm->ip4_reass_ht_log2len);
1403 f64 now = vlib_time_now (mm->vlib_main);
1405 //Cache garbage collection
1406 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1408 map_ip4_reass_t *last =
1409 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1410 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1411 map_ip4_reass_free (last, pi_to_drop);
1416 if ((r = map_ip4_reass_lookup (&k, h, now)))
1419 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1422 pool_get (mm->ip4_reass_pool, r);
1423 mm->ip4_reass_allocated++;
1425 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1426 r->fragments[i] = ~0;
1428 u32 ri = map_ip4_reass_pool_index (r);
1430 //Link in new bucket
1432 r->bucket_next = mm->ip4_reass_hash_table[h];
1433 mm->ip4_reass_hash_table[h] = ri;
1436 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1439 pool_elt_at_index (mm->ip4_reass_pool,
1440 mm->ip4_reass_fifo_last)->fifo_next;
1441 r->fifo_prev = mm->ip4_reass_fifo_last;
1442 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1443 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1447 r->fifo_next = r->fifo_prev = ri;
1448 mm->ip4_reass_fifo_last = ri;
1455 #ifdef MAP_IP4_REASS_COUNT_BYTES
1456 r->expected_total = 0xffff;
1464 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1466 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1470 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1471 if (r->fragments[i] == ~0)
1473 r->fragments[i] = pi;
1474 map_main.ip4_reass_buffered_counter++;
1480 static_always_inline map_ip6_reass_t *
1481 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1483 map_main_t *mm = &map_main;
1484 u32 ri = mm->ip6_reass_hash_table[bucket];
1485 while (ri != MAP_REASS_INDEX_NONE)
1487 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1488 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1489 r->key.as_u64[0] == k->as_u64[0] &&
1490 r->key.as_u64[1] == k->as_u64[1] &&
1491 r->key.as_u64[2] == k->as_u64[2] &&
1492 r->key.as_u64[3] == k->as_u64[3] &&
1493 r->key.as_u64[4] == k->as_u64[4])
1495 ri = r->bucket_next;
1500 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1503 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1505 map_main_t *mm = &map_main;
1507 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1508 if (r->fragments[i].pi != ~0)
1510 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1511 r->fragments[i].pi = ~0;
1512 map_main.ip6_reass_buffered_counter--;
1515 // Unlink in hash bucket
1516 map_ip6_reass_t *r2 = NULL;
1517 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1518 while (r2i != map_ip6_reass_pool_index (r))
1520 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1521 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1522 r2i = r2->bucket_next;
1526 r2->bucket_next = r->bucket_next;
1530 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1534 if (r->fifo_next == map_ip6_reass_pool_index (r))
1536 //Single element in the list, list is now empty
1537 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1541 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1542 mm->ip6_reass_fifo_last = r->fifo_prev;
1543 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1545 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1549 // Free from pool if necessary
1550 pool_put (mm->ip6_reass_pool, r);
1551 mm->ip6_reass_allocated--;
1555 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1556 u8 protocol, u32 ** pi_to_drop)
1559 map_main_t *mm = &map_main;
1560 map_ip6_reass_key_t k = {
1563 .fragment_id = fragment_id,
1564 .protocol = protocol
1570 #ifdef clib_crc32c_uses_intrinsics
1571 h = clib_crc32c ((u8 *) k.as_u32, 40);
1574 k.as_u64[0] ^ k.as_u64[1] ^ k.as_u64[2] ^ k.as_u64[3] ^ k.as_u64[4];
1575 h = clib_xxhash (tmp);
1578 h = h >> (32 - mm->ip6_reass_ht_log2len);
1580 f64 now = vlib_time_now (mm->vlib_main);
1582 //Cache garbage collection
1583 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1585 map_ip6_reass_t *last =
1586 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1587 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1588 map_ip6_reass_free (last, pi_to_drop);
1593 if ((r = map_ip6_reass_lookup (&k, h, now)))
1596 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1599 pool_get (mm->ip6_reass_pool, r);
1600 mm->ip6_reass_allocated++;
1601 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1603 r->fragments[i].pi = ~0;
1604 r->fragments[i].next_data_len = 0;
1605 r->fragments[i].next_data_offset = 0;
1608 u32 ri = map_ip6_reass_pool_index (r);
1610 //Link in new bucket
1612 r->bucket_next = mm->ip6_reass_hash_table[h];
1613 mm->ip6_reass_hash_table[h] = ri;
1616 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1619 pool_elt_at_index (mm->ip6_reass_pool,
1620 mm->ip6_reass_fifo_last)->fifo_next;
1621 r->fifo_prev = mm->ip6_reass_fifo_last;
1622 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1623 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1627 r->fifo_next = r->fifo_prev = ri;
1628 mm->ip6_reass_fifo_last = ri;
1634 r->ip4_header.ip_version_and_header_length = 0;
1635 #ifdef MAP_IP6_REASS_COUNT_BYTES
1636 r->expected_total = 0xffff;
1643 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1644 u16 data_offset, u16 next_data_offset,
1645 u8 * data_start, u16 data_len)
1647 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1648 u16 copied_len = (data_len > 20) ? 20 : data_len;
1650 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1653 //Lookup for fragments for the current buffer
1654 //and the one before that
1656 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1658 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1660 prev_f = &r->fragments[i]; // This is buffer for previous packet
1662 else if (r->fragments[i].next_data_offset == next_data_offset)
1664 f = &r->fragments[i]; // This is a buffer for the current packet
1666 else if (r->fragments[i].next_data_offset == 0)
1669 f = &r->fragments[i];
1670 else if (prev_f == NULL)
1671 prev_f = &r->fragments[i];
1675 if (!f || f->pi != ~0)
1683 clib_memcpy_fast (prev_f->next_data, data_start, copied_len);
1684 prev_f->next_data_len = copied_len;
1685 prev_f->next_data_offset = data_offset;
1689 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1692 if (r->ip4_header.ip_version_and_header_length == 0)
1693 clib_memcpy_fast (&r->ip4_header, data_start, sizeof (ip4_header_t));
1698 f->next_data_offset = next_data_offset;
1700 map_main.ip6_reass_buffered_counter++;
1706 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1708 map_main_t *mm = &map_main;
1711 if (dropped_packets)
1712 *dropped_packets = mm->ip4_reass_buffered_counter;
1714 *trashed_reass = mm->ip4_reass_allocated;
1715 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1717 u16 ri = mm->ip4_reass_fifo_last;
1720 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1721 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1722 if (r->fragments[i] != ~0)
1723 map_ip4_drop_pi (r->fragments[i]);
1726 pool_put (mm->ip4_reass_pool, r);
1728 while (ri != mm->ip4_reass_fifo_last);
1731 vec_free (mm->ip4_reass_hash_table);
1732 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1733 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1734 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1735 pool_free (mm->ip4_reass_pool);
1736 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1738 mm->ip4_reass_allocated = 0;
1739 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1740 mm->ip4_reass_buffered_counter = 0;
1744 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1746 u32 desired_size = (u32) (pool_size * ht_ratio);
1748 for (i = 1; i < 31; i++)
1749 if ((1 << i) >= desired_size)
1755 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1756 u32 * dropped_packets)
1758 map_main_t *mm = &map_main;
1759 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1762 map_ip4_reass_lock ();
1763 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1764 mm->ip4_reass_ht_log2len =
1765 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1766 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1767 map_ip4_reass_unlock ();
1772 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1773 u32 * dropped_packets)
1775 map_main_t *mm = &map_main;
1776 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1779 map_ip4_reass_lock ();
1780 mm->ip4_reass_conf_pool_size = pool_size;
1781 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1782 map_ip4_reass_unlock ();
1787 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1789 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1794 map_ip4_reass_conf_buffers (u32 buffers)
1796 map_main.ip4_reass_conf_buffers = buffers;
1801 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1803 map_main_t *mm = &map_main;
1804 if (dropped_packets)
1805 *dropped_packets = mm->ip6_reass_buffered_counter;
1807 *trashed_reass = mm->ip6_reass_allocated;
1809 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1811 u16 ri = mm->ip6_reass_fifo_last;
1814 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1815 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1816 if (r->fragments[i].pi != ~0)
1817 map_ip6_drop_pi (r->fragments[i].pi);
1820 pool_put (mm->ip6_reass_pool, r);
1822 while (ri != mm->ip6_reass_fifo_last);
1823 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1826 vec_free (mm->ip6_reass_hash_table);
1827 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1828 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1829 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1830 pool_free (mm->ip6_reass_pool);
1831 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1833 mm->ip6_reass_allocated = 0;
1834 mm->ip6_reass_buffered_counter = 0;
1838 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1839 u32 * dropped_packets)
1841 map_main_t *mm = &map_main;
1842 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1845 map_ip6_reass_lock ();
1846 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1847 mm->ip6_reass_ht_log2len =
1848 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1849 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1850 map_ip6_reass_unlock ();
1855 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1856 u32 * dropped_packets)
1858 map_main_t *mm = &map_main;
1859 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1862 map_ip6_reass_lock ();
1863 mm->ip6_reass_conf_pool_size = pool_size;
1864 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1865 map_ip6_reass_unlock ();
1870 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
1872 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
1877 map_ip6_reass_conf_buffers (u32 buffers)
1879 map_main.ip6_reass_conf_buffers = buffers;
1883 static clib_error_t *
1884 map_tcp_mss_command_fn (vlib_main_t * vm,
1885 unformat_input_t * input, vlib_cli_command_t * cmd)
1887 unformat_input_t _line_input, *line_input = &_line_input;
1888 clib_error_t *error = NULL;
1891 /* Get a line of input. */
1892 if (!unformat_user (input, unformat_line_input, line_input))
1895 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1897 if (unformat (line_input, "%u", &tcp_mss))
1901 error = clib_error_return (0, "unknown input `%U'",
1902 format_unformat_error, line_input);
1907 if (tcp_mss >= (0x1 << 16))
1909 error = clib_error_return (0, "invalid value `%u'", tcp_mss);
1913 map_param_set_tcp (tcp_mss);
1916 unformat_free (line_input);
1925 * Configure MAP reassembly behaviour
1928 * @cliexstart{map params reassembly}
1931 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
1932 .path = "map params reassembly",
1933 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
1934 "[pool-size <pool-size>] [buffers <buffers>] "
1935 "[ht-ratio <ht-ratio>]",
1936 .function = map_params_reass_command_fn,
1940 * Set or copy the IP TOS/Traffic Class field
1943 * @cliexstart{map params traffic-class}
1945 * This command is used to set the traffic-class field in translated
1946 * or encapsulated packets. If copy is specifed (the default) then the
1947 * traffic-class/TOS field is copied from the original packet to the
1948 * translated / encapsulating header.
1951 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
1952 .path = "map params traffic-class",
1953 .short_help = "map params traffic-class {0x0-0xff | copy}",
1954 .function = map_traffic_class_command_fn,
1961 * @cliexstart{map params tcp-mss}
1963 * This command is used to set the TCP MSS in translated
1964 * or encapsulated packets.
1967 VLIB_CLI_COMMAND(map_tcp_mss_command, static) = {
1968 .path = "map params tcp-mss",
1969 .short_help = "map params tcp-mss <value>",
1970 .function = map_tcp_mss_command_fn,
1974 * Bypass IP4/IP6 lookup
1977 * @cliexstart{map params pre-resolve}
1979 * Bypass a second FIB lookup of the translated or encapsulated
1980 * packet, and forward the packet directly to the specified
1981 * next-hop. This optimization trades forwarding flexibility for
1985 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
1986 .path = "map params pre-resolve",
1987 .short_help = " map params pre-resolve {ip4-nh <address>} "
1988 "| {ip6-nh <address>}",
1989 .function = map_pre_resolve_command_fn,
1993 * Enable or disable the MAP-E inbound security check
1994 * Specifiy if the inbound security check should be done on fragments
1997 * @cliexstart{map params security-check}
1999 * By default, a decapsulated packet's IPv4 source address will be
2000 * verified against the outer header's IPv6 source address. Disabling
2001 * this feature will allow IPv4 source address spoofing.
2003 * Typically the inbound on-decapsulation security check is only done
2004 * on the first packet. The packet that contains the L4
2005 * information. While a security check on every fragment is possible,
2006 * it has a cost. State must be created on the first fragment.
2009 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2010 .path = "map params security-check",
2011 .short_help = "map params security-check enable|disable fragments on|off",
2012 .function = map_security_check_command_fn,
2017 * Specifiy the IPv4 source address used for relayed ICMP error messages
2020 * @cliexstart{map params icmp source-address}
2022 * This command specifies which IPv4 source address (must be local to
2023 * the system), that is used for relayed received IPv6 ICMP error
2027 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2028 .path = "map params icmp source-address",
2029 .short_help = "map params icmp source-address <ip4-address>",
2030 .function = map_icmp_relay_source_address_command_fn,
2034 * Send IPv6 ICMP unreachables
2037 * @cliexstart{map params icmp6 unreachables}
2039 * Send IPv6 ICMP unreachable messages back if security check fails or
2040 * no MAP domain exists.
2043 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2044 .path = "map params icmp6 unreachables",
2045 .short_help = "map params icmp6 unreachables {on|off}",
2046 .function = map_icmp_unreachables_command_fn,
2050 * Configure MAP fragmentation behaviour
2053 * @cliexstart{map params fragment}
2055 * Allows fragmentation of the IPv4 packet even if the DF bit is
2056 * set. The choice between inner or outer fragmentation of tunnel
2057 * packets is complicated. The benefit of inner fragmentation is that
2058 * the ultimate endpoint must reassemble, instead of the tunnel
2062 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2063 .path = "map params fragment",
2064 .short_help = "map params fragment inner|outer ignore-df|honor-df",
2065 .function = map_fragment_command_fn,
2073 * @cliexstart{map add domain}
2076 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2077 .path = "map add domain",
2078 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2079 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2080 "[map-t] [mtu <mtu>]",
2081 .function = map_add_domain_command_fn,
2085 * Add MAP rule to a domain
2088 * @cliexstart{map add rule}
2091 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2092 .path = "map add rule",
2093 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2094 .function = map_add_rule_command_fn,
2101 * @cliexstart{map del domain}
2104 VLIB_CLI_COMMAND(map_del_command, static) = {
2105 .path = "map del domain",
2106 .short_help = "map del domain index <domain>",
2107 .function = map_del_domain_command_fn,
2114 * @cliexstart{show map domain}
2117 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2118 .path = "show map domain",
2119 .short_help = "show map domain index <n> [counters]",
2120 .function = show_map_domain_command_fn,
2124 * Show MAP statistics
2127 * @cliexstart{show map stats}
2130 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2131 .path = "show map stats",
2132 .short_help = "show map stats",
2133 .function = show_map_stats_command_fn,
2137 * Show MAP fragmentation information
2140 * @cliexstart{show map fragments}
2143 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2144 .path = "show map fragments",
2145 .short_help = "show map fragments",
2146 .function = show_map_fragments_command_fn,
2150 * Enable MAP processing on interface (input feature)
2153 VLIB_CLI_COMMAND(map_if_command, static) = {
2154 .path = "map interface",
2155 .short_help = "map interface <interface-name> [map-t] [del]",
2156 .function = map_if_command_fn,
2159 VLIB_PLUGIN_REGISTER() = {
2160 .version = VPP_BUILD_VER,
2161 .description = "Mapping of address and port (MAP)",
2170 map_init (vlib_main_t * vm)
2172 map_main_t *mm = &map_main;
2173 clib_error_t *error = 0;
2175 memset (mm, 0, sizeof (*mm));
2177 mm->vnet_main = vnet_get_main ();
2180 #ifdef MAP_SKIP_IP6_LOOKUP
2181 fib_protocol_t proto;
2183 FOR_EACH_FIB_PROTOCOL (proto)
2185 map_pre_resolve_init (&pre_resolved[proto]);
2193 /* Inbound security check */
2194 mm->sec_check = true;
2195 mm->sec_check_frag = false;
2197 /* ICMP6 Type 1, Code 5 for security check failure */
2198 mm->icmp6_enabled = false;
2200 /* Inner or outer fragmentation */
2201 mm->frag_inner = false;
2202 mm->frag_ignore_df = false;
2204 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2205 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "/map/rx";
2206 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "/map/tx";
2208 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2209 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2210 mm->icmp_relayed.stat_segment_name = "/map/icmp-relayed";
2212 /* IP4 virtual reassembly */
2213 mm->ip4_reass_hash_table = 0;
2214 mm->ip4_reass_pool = 0;
2215 mm->ip4_reass_lock =
2216 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2217 *mm->ip4_reass_lock = 0;
2218 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2219 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2220 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2221 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2222 mm->ip4_reass_ht_log2len =
2223 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2224 mm->ip4_reass_conf_pool_size);
2225 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2226 map_ip4_reass_reinit (NULL, NULL);
2228 /* IP6 virtual reassembly */
2229 mm->ip6_reass_hash_table = 0;
2230 mm->ip6_reass_pool = 0;
2231 mm->ip6_reass_lock =
2232 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2233 *mm->ip6_reass_lock = 0;
2234 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2235 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2236 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2237 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2238 mm->ip6_reass_ht_log2len =
2239 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2240 mm->ip6_reass_conf_pool_size);
2241 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2242 map_ip6_reass_reinit (NULL, NULL);
2244 #ifdef MAP_SKIP_IP6_LOOKUP
2245 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2248 /* Create empty domain that's used in case of error */
2250 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
2251 memset (d, 0, sizeof (*d));
2252 d->ip6_src_len = 64;
2254 /* LPM lookup tables */
2255 mm->ip4_prefix_tbl = lpm_table_init (LPM_TYPE_KEY32);
2256 mm->ip6_prefix_tbl = lpm_table_init (LPM_TYPE_KEY128);
2257 mm->ip6_src_prefix_tbl = lpm_table_init (LPM_TYPE_KEY128);
2259 error = map_plugin_api_hookup (vm);
2264 VLIB_INIT_FUNCTION (map_init);
2267 * fd.io coding-style-patch-verification: ON
2270 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob