4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <map/map_dpo.h>
22 #include <vppinfra/crc32.h>
23 #include <vnet/plugin/plugin.h>
24 #include <vpp/app/version.h>
30 * This code supports the following MAP modes:
32 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
33 * ea_bits_len + ip4_prefix > 32
34 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
35 * Algorithmic Full IPv4 address (ea_bits_len > 0):
36 * ea_bits_len + ip4_prefix = 32
37 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
38 * Algorithmic IPv4 prefix (ea_bits_len > 0):
39 * ea_bits_len + ip4_prefix < 32
40 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
42 * Independent Shared IPv4 address (ea_bits_len = 0):
45 * Rule IPv6 address = 128, Rule PSID Set
46 * Independent Full IPv4 address (ea_bits_len = 0):
48 * psid_length = 0, ip6_prefix = 128
49 * Independent IPv4 prefix (ea_bits_len = 0):
51 * psid_length = 0, ip6_prefix = 128
56 * This code supports MAP-T:
58 * With DMR prefix length equal to 96.
65 map_create_domain (ip4_address_t * ip4_prefix,
67 ip6_address_t * ip6_prefix,
69 ip6_address_t * ip6_src,
73 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
75 u8 suffix_len, suffix_shift;
76 map_main_t *mm = &map_main;
77 dpo_id_t dpo_v4 = DPO_INVALID;
78 dpo_id_t dpo_v6 = DPO_INVALID;
81 /* Sanity check on the src prefix length */
82 if (flags & MAP_DOMAIN_TRANSLATION)
84 if (ip6_src_len != 96)
86 clib_warning ("MAP-T only supports ip6_src_len = 96 for now.");
89 if ((flags & MAP_DOMAIN_RFC6052) && ip6_prefix_len != 96)
91 clib_warning ("RFC6052 translation only supports ip6_prefix_len = "
98 if (ip6_src_len != 128)
101 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
107 /* How many, and which bits to grab from the IPv4 DA */
108 if (ip4_prefix_len + ea_bits_len < 32)
110 if (!(flags & MAP_DOMAIN_TRANSLATION))
111 flags |= MAP_DOMAIN_PREFIX;
112 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
113 suffix_len = ea_bits_len;
118 suffix_len = 32 - ip4_prefix_len;
121 /* EA bits must be within the first 64 bits */
122 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
123 ip6_prefix_len + suffix_len + psid_length > 64))
126 ("Embedded Address bits must be within the first 64 bits of "
131 if (mm->is_ce && !(flags & MAP_DOMAIN_TRANSLATION))
133 clib_warning ("MAP-E CE is not supported yet");
137 /* Get domain index */
138 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
139 memset (d, 0, sizeof (*d));
140 *map_domain_index = d - mm->domains;
142 /* Init domain struct */
143 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
144 d->ip4_prefix_len = ip4_prefix_len;
145 d->ip6_prefix = *ip6_prefix;
146 d->ip6_prefix_len = ip6_prefix_len;
147 d->ip6_src = *ip6_src;
148 d->ip6_src_len = ip6_src_len;
149 d->ea_bits_len = ea_bits_len;
150 d->psid_offset = psid_offset;
151 d->psid_length = psid_length;
154 d->suffix_shift = suffix_shift;
155 d->suffix_mask = (1 << suffix_len) - 1;
157 d->psid_shift = 16 - psid_length - psid_offset;
158 d->psid_mask = (1 << d->psid_length) - 1;
159 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
161 /* MAP data-plane object */
162 if (d->flags & MAP_DOMAIN_TRANSLATION)
163 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
165 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
167 /* Create ip4 route */
169 ip4_address_t ip4_pfx;
177 ip4_pfx_len = d->ip4_prefix_len;
178 ip4_pfx = d->ip4_prefix;
181 .fp_proto = FIB_PROTOCOL_IP4,
182 .fp_len = ip4_pfx_len,
188 fib_table_entry_special_dpo_add (0, &pfx,
190 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
194 * construct a DPO to use the v6 domain
196 if (d->flags & MAP_DOMAIN_TRANSLATION)
197 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
199 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
202 * Multiple MAP domains may share same source IPv6 TEP. Which is just dandy.
203 * We are not tracking the sharing. So a v4 lookup to find the correct
204 * domain post decap/trnaslate is always done
206 * Create ip6 route. This is a reference counted add. If the prefix
207 * already exists and is MAP sourced, it is now MAP source n+1 times
208 * and will need to be removed n+1 times.
211 ip6_address_t ip6_pfx;
214 ip6_pfx_len = d->ip6_prefix_len;
215 ip6_pfx = d->ip6_prefix;
219 ip6_pfx_len = d->ip6_src_len;
220 ip6_pfx = d->ip6_src;
222 fib_prefix_t pfx6 = {
223 .fp_proto = FIB_PROTOCOL_IP6,
224 .fp_len = ip6_pfx_len,
225 .fp_addr.ip6 = ip6_pfx,
228 fib_table_entry_special_dpo_add (0, &pfx6,
230 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
233 /* Validate packet/byte counters */
234 map_domain_counter_lock (mm);
236 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
238 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
240 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
243 for (i = 0; i < vec_len (mm->domain_counters); i++)
245 vlib_validate_combined_counter (&mm->domain_counters[i],
247 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
249 map_domain_counter_unlock (mm);
258 map_delete_domain (u32 map_domain_index)
260 map_main_t *mm = &map_main;
263 if (pool_is_free_index (mm->domains, map_domain_index))
265 clib_warning ("MAP domain delete: domain does not exist: %d",
270 d = pool_elt_at_index (mm->domains, map_domain_index);
273 .fp_proto = FIB_PROTOCOL_IP4,
274 .fp_len = d->ip4_prefix_len,
276 .ip4 = d->ip4_prefix,
280 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
282 fib_prefix_t pfx6 = {
283 .fp_proto = FIB_PROTOCOL_IP6,
284 .fp_len = d->ip6_src_len,
290 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
294 clib_mem_free (d->rules);
296 pool_put (mm->domains, d);
302 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
306 map_main_t *mm = &map_main;
308 if (pool_is_free_index (mm->domains, map_domain_index))
310 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
313 d = pool_elt_at_index (mm->domains, map_domain_index);
315 /* Rules are only used in 1:1 independent case */
316 if (d->ea_bits_len > 0)
321 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
322 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
325 memset (d->rules, 0, l);
328 if (psid >= (0x1 << d->psid_length))
330 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
331 0x1 << d->psid_length);
337 d->rules[psid] = *tep;
341 memset (&d->rules[psid], 0, sizeof (ip6_address_t));
346 #ifdef MAP_SKIP_IP6_LOOKUP
348 * Pre-resolvd per-protocol global next-hops
350 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
353 map_pre_resolve_init (map_main_pre_resolved_t * pr)
355 pr->fei = FIB_NODE_INDEX_INVALID;
356 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
360 format_map_pre_resolve (u8 * s, va_list * ap)
362 map_main_pre_resolved_t *pr = va_arg (*ap, map_main_pre_resolved_t *);
364 if (FIB_NODE_INDEX_INVALID != pr->fei)
366 const fib_prefix_t *pfx;
368 pfx = fib_entry_get_prefix (pr->fei);
370 return (format (s, "%U (%u)",
371 format_ip46_address, &pfx->fp_addr, IP46_TYPE_ANY,
372 pr->dpo.dpoi_index));
376 return (format (s, "un-set"));
382 * Function definition to inform the FIB node that its last lock has gone.
385 map_last_lock_gone (fib_node_t * node)
388 * The MAP is a root of the graph. As such
389 * it never has children and thus is never locked.
394 static map_main_pre_resolved_t *
395 map_from_fib_node (fib_node_t * node)
397 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
398 return ((map_main_pre_resolved_t *)
400 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
404 map_stack (map_main_pre_resolved_t * pr)
408 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
410 dpo_copy (&pr->dpo, dpo);
414 * Function definition to backwalk a FIB node
416 static fib_node_back_walk_rc_t
417 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
419 map_stack (map_from_fib_node (node));
421 return (FIB_NODE_BACK_WALK_CONTINUE);
425 * Function definition to get a FIB node from its index
428 map_fib_node_get (fib_node_index_t index)
430 return (&pre_resolved[index].node);
434 * Virtual function table registered by MPLS GRE tunnels
435 * for participation in the FIB object graph.
437 const static fib_node_vft_t map_vft = {
438 .fnv_get = map_fib_node_get,
439 .fnv_last_lock = map_last_lock_gone,
440 .fnv_back_walk = map_back_walk,
444 map_fib_resolve (map_main_pre_resolved_t * pr,
445 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
453 pr->fei = fib_table_entry_special_add (0, // default fib
455 FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE);
456 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
461 map_fib_unresolve (map_main_pre_resolved_t * pr,
462 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
470 fib_entry_child_remove (pr->fei, pr->sibling);
472 fib_table_entry_special_remove (0, // default fib
473 &pfx, FIB_SOURCE_RR);
474 dpo_reset (&pr->dpo);
476 pr->fei = FIB_NODE_INDEX_INVALID;
477 pr->sibling = FIB_NODE_INDEX_INVALID;
481 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
483 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
485 ip46_address_t addr = {
489 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
490 FIB_PROTOCOL_IP6, 128, &addr);
492 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
493 FIB_PROTOCOL_IP6, 128, &addr);
495 if (ip4 && (ip4->as_u32 != 0))
497 ip46_address_t addr = {
501 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
502 FIB_PROTOCOL_IP4, 32, &addr);
504 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
505 FIB_PROTOCOL_IP4, 32, &addr);
510 static clib_error_t *
511 map_security_check_command_fn (vlib_main_t * vm,
512 unformat_input_t * input,
513 vlib_cli_command_t * cmd)
515 unformat_input_t _line_input, *line_input = &_line_input;
516 map_main_t *mm = &map_main;
517 clib_error_t *error = NULL;
519 /* Get a line of input. */
520 if (!unformat_user (input, unformat_line_input, line_input))
523 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
525 if (unformat (line_input, "off"))
526 mm->sec_check = false;
527 else if (unformat (line_input, "on"))
528 mm->sec_check = true;
531 error = clib_error_return (0, "unknown input `%U'",
532 format_unformat_error, line_input);
538 unformat_free (line_input);
543 static clib_error_t *
544 map_security_check_frag_command_fn (vlib_main_t * vm,
545 unformat_input_t * input,
546 vlib_cli_command_t * cmd)
548 unformat_input_t _line_input, *line_input = &_line_input;
549 map_main_t *mm = &map_main;
550 clib_error_t *error = NULL;
552 /* Get a line of input. */
553 if (!unformat_user (input, unformat_line_input, line_input))
556 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
558 if (unformat (line_input, "off"))
559 mm->sec_check_frag = false;
560 else if (unformat (line_input, "on"))
561 mm->sec_check_frag = true;
564 error = clib_error_return (0, "unknown input `%U'",
565 format_unformat_error, line_input);
571 unformat_free (line_input);
576 static clib_error_t *
577 map_add_domain_command_fn (vlib_main_t * vm,
578 unformat_input_t * input, vlib_cli_command_t * cmd)
580 unformat_input_t _line_input, *line_input = &_line_input;
581 ip4_address_t ip4_prefix;
582 ip6_address_t ip6_prefix;
583 ip6_address_t ip6_src;
584 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
586 /* Optional arguments */
587 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
591 clib_error_t *error = NULL;
593 /* Get a line of input. */
594 if (!unformat_user (input, unformat_line_input, line_input))
597 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
600 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
605 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
610 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
615 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
617 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
619 else if (unformat (line_input, "psid-offset %d", &psid_offset))
621 else if (unformat (line_input, "psid-len %d", &psid_length))
623 else if (unformat (line_input, "mtu %d", &mtu))
625 else if (unformat (line_input, "map-t"))
626 flags |= MAP_DOMAIN_TRANSLATION;
627 else if (unformat (line_input, "rfc6052"))
628 flags |= (MAP_DOMAIN_TRANSLATION | MAP_DOMAIN_RFC6052);
631 error = clib_error_return (0, "unknown input `%U'",
632 format_unformat_error, line_input);
639 error = clib_error_return (0, "mandatory argument(s) missing");
643 map_create_domain (&ip4_prefix, ip4_prefix_len,
644 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
645 ea_bits_len, psid_offset, psid_length, &map_domain_index,
649 unformat_free (line_input);
654 static clib_error_t *
655 map_del_domain_command_fn (vlib_main_t * vm,
656 unformat_input_t * input, vlib_cli_command_t * cmd)
658 unformat_input_t _line_input, *line_input = &_line_input;
660 u32 map_domain_index;
661 clib_error_t *error = NULL;
663 /* Get a line of input. */
664 if (!unformat_user (input, unformat_line_input, line_input))
667 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
669 if (unformat (line_input, "index %d", &map_domain_index))
673 error = clib_error_return (0, "unknown input `%U'",
674 format_unformat_error, line_input);
681 error = clib_error_return (0, "mandatory argument(s) missing");
685 map_delete_domain (map_domain_index);
688 unformat_free (line_input);
693 static clib_error_t *
694 map_add_rule_command_fn (vlib_main_t * vm,
695 unformat_input_t * input, vlib_cli_command_t * cmd)
697 unformat_input_t _line_input, *line_input = &_line_input;
700 u32 psid = 0, map_domain_index;
701 clib_error_t *error = NULL;
703 /* Get a line of input. */
704 if (!unformat_user (input, unformat_line_input, line_input))
707 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
709 if (unformat (line_input, "index %d", &map_domain_index))
711 else if (unformat (line_input, "psid %d", &psid))
714 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
718 error = clib_error_return (0, "unknown input `%U'",
719 format_unformat_error, line_input);
726 error = clib_error_return (0, "mandatory argument(s) missing");
730 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
732 error = clib_error_return (0, "Failing to add Mapping Rule");
737 unformat_free (line_input);
742 #if MAP_SKIP_IP6_LOOKUP
743 static clib_error_t *
744 map_pre_resolve_command_fn (vlib_main_t * vm,
745 unformat_input_t * input,
746 vlib_cli_command_t * cmd)
748 unformat_input_t _line_input, *line_input = &_line_input;
749 ip4_address_t ip4nh, *p_v4 = NULL;
750 ip6_address_t ip6nh, *p_v6 = NULL;
751 clib_error_t *error = NULL;
754 memset (&ip4nh, 0, sizeof (ip4nh));
755 memset (&ip6nh, 0, sizeof (ip6nh));
757 /* Get a line of input. */
758 if (!unformat_user (input, unformat_line_input, line_input))
761 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
763 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
766 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
768 else if (unformat (line_input, "del"))
772 error = clib_error_return (0, "unknown input `%U'",
773 format_unformat_error, line_input);
778 map_pre_resolve (p_v4, p_v6, is_del);
781 unformat_free (line_input);
787 static clib_error_t *
788 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
789 unformat_input_t * input,
790 vlib_cli_command_t * cmd)
792 unformat_input_t _line_input, *line_input = &_line_input;
793 ip4_address_t icmp_src_address;
794 map_main_t *mm = &map_main;
795 clib_error_t *error = NULL;
797 mm->icmp4_src_address.as_u32 = 0;
799 /* Get a line of input. */
800 if (!unformat_user (input, unformat_line_input, line_input))
803 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
806 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
807 mm->icmp4_src_address = icmp_src_address;
810 error = clib_error_return (0, "unknown input `%U'",
811 format_unformat_error, line_input);
817 unformat_free (line_input);
822 static clib_error_t *
823 map_icmp_unreachables_command_fn (vlib_main_t * vm,
824 unformat_input_t * input,
825 vlib_cli_command_t * cmd)
827 unformat_input_t _line_input, *line_input = &_line_input;
828 map_main_t *mm = &map_main;
830 clib_error_t *error = NULL;
832 /* Get a line of input. */
833 if (!unformat_user (input, unformat_line_input, line_input))
836 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
839 if (unformat (line_input, "on"))
840 mm->icmp6_enabled = true;
841 else if (unformat (line_input, "off"))
842 mm->icmp6_enabled = false;
845 error = clib_error_return (0, "unknown input `%U'",
846 format_unformat_error, line_input);
853 error = clib_error_return (0, "mandatory argument(s) missing");
856 unformat_free (line_input);
861 static clib_error_t *
862 map_fragment_command_fn (vlib_main_t * vm,
863 unformat_input_t * input, vlib_cli_command_t * cmd)
865 unformat_input_t _line_input, *line_input = &_line_input;
866 map_main_t *mm = &map_main;
867 clib_error_t *error = NULL;
869 /* Get a line of input. */
870 if (!unformat_user (input, unformat_line_input, line_input))
873 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
875 if (unformat (line_input, "inner"))
876 mm->frag_inner = true;
877 else if (unformat (line_input, "outer"))
878 mm->frag_inner = false;
881 error = clib_error_return (0, "unknown input `%U'",
882 format_unformat_error, line_input);
888 unformat_free (line_input);
893 static clib_error_t *
894 map_fragment_df_command_fn (vlib_main_t * vm,
895 unformat_input_t * input,
896 vlib_cli_command_t * cmd)
898 unformat_input_t _line_input, *line_input = &_line_input;
899 map_main_t *mm = &map_main;
900 clib_error_t *error = NULL;
902 /* Get a line of input. */
903 if (!unformat_user (input, unformat_line_input, line_input))
906 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
908 if (unformat (line_input, "on"))
909 mm->frag_ignore_df = true;
910 else if (unformat (line_input, "off"))
911 mm->frag_ignore_df = false;
914 error = clib_error_return (0, "unknown input `%U'",
915 format_unformat_error, line_input);
921 unformat_free (line_input);
926 static clib_error_t *
927 map_traffic_class_command_fn (vlib_main_t * vm,
928 unformat_input_t * input,
929 vlib_cli_command_t * cmd)
931 unformat_input_t _line_input, *line_input = &_line_input;
932 map_main_t *mm = &map_main;
934 clib_error_t *error = NULL;
938 /* Get a line of input. */
939 if (!unformat_user (input, unformat_line_input, line_input))
942 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
944 if (unformat (line_input, "copy"))
946 else if (unformat (line_input, "%x", &tc))
950 error = clib_error_return (0, "unknown input `%U'",
951 format_unformat_error, line_input);
957 unformat_free (line_input);
963 map_flags_to_string (u32 flags)
965 if (flags & MAP_DOMAIN_RFC6052)
967 if (flags & MAP_DOMAIN_PREFIX)
969 if (flags & MAP_DOMAIN_TRANSLATION)
975 format_map_domain (u8 * s, va_list * args)
977 map_domain_t *d = va_arg (*args, map_domain_t *);
978 bool counters = va_arg (*args, int);
979 map_main_t *mm = &map_main;
980 ip6_address_t ip6_prefix;
983 memset (&ip6_prefix, 0, sizeof (ip6_prefix));
985 ip6_prefix = d->ip6_prefix;
988 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea_bits_len %d "
989 "psid-offset %d psid-len %d mtu %d %s",
991 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
992 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
993 format_ip6_address, &d->ip6_src, d->ip6_src_len,
994 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
995 map_flags_to_string (d->flags));
999 map_domain_counter_lock (mm);
1001 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
1002 d - mm->domains, &v);
1003 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
1004 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
1005 d - mm->domains, &v);
1006 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
1007 map_domain_counter_unlock (mm);
1009 s = format (s, "\n");
1015 for (i = 0; i < (0x1 << d->psid_length); i++)
1018 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
1021 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
1029 format_map_ip4_reass (u8 * s, va_list * args)
1031 map_main_t *mm = &map_main;
1032 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
1033 map_ip4_reass_key_t *k = &r->key;
1034 f64 now = vlib_time_now (mm->vlib_main);
1035 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
1036 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1038 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
1039 format_ip4_address, &k->src.as_u8, format_ip4_address,
1040 &k->dst.as_u8, k->protocol,
1041 clib_net_to_host_u16 (k->fragment_id),
1042 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
1047 format_map_ip6_reass (u8 * s, va_list * args)
1049 map_main_t *mm = &map_main;
1050 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
1051 map_ip6_reass_key_t *k = &r->key;
1052 f64 now = vlib_time_now (mm->vlib_main);
1053 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
1054 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1056 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
1057 format_ip6_address, &k->src.as_u8, format_ip6_address,
1058 &k->dst.as_u8, k->protocol,
1059 clib_net_to_host_u32 (k->fragment_id), dt);
1063 static clib_error_t *
1064 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
1065 vlib_cli_command_t * cmd)
1067 unformat_input_t _line_input, *line_input = &_line_input;
1068 map_main_t *mm = &map_main;
1070 bool counters = false;
1071 u32 map_domain_index = ~0;
1072 clib_error_t *error = NULL;
1074 /* Get a line of input. */
1075 if (!unformat_user (input, unformat_line_input, line_input))
1078 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1080 if (unformat (line_input, "counters"))
1082 else if (unformat (line_input, "index %d", &map_domain_index))
1086 error = clib_error_return (0, "unknown input `%U'",
1087 format_unformat_error, line_input);
1092 if (pool_elts (mm->domains) == 0)
1093 vlib_cli_output (vm, "No MAP domains are configured...");
1095 if (map_domain_index == ~0)
1098 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
1103 if (pool_is_free_index (mm->domains, map_domain_index))
1105 error = clib_error_return (0, "MAP domain does not exists %d",
1110 d = pool_elt_at_index (mm->domains, map_domain_index);
1111 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1115 unformat_free (line_input);
1120 static clib_error_t *
1121 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1122 vlib_cli_command_t * cmd)
1124 map_main_t *mm = &map_main;
1125 map_ip4_reass_t *f4;
1126 map_ip6_reass_t *f6;
1129 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1132 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1138 map_error_counter_get (u32 node_index, map_error_t map_error)
1140 vlib_main_t *vm = vlib_get_main ();
1141 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1142 vlib_error_main_t *em = &vm->error_main;
1143 vlib_error_t e = error_node->errors[map_error];
1144 vlib_node_t *n = vlib_get_node (vm, node_index);
1147 ci = vlib_error_get_code (e);
1148 ASSERT (ci < n->n_errors);
1149 ci += n->error_heap_index;
1151 return (em->counters[ci]);
1154 static clib_error_t *
1155 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1156 vlib_cli_command_t * cmd)
1158 map_main_t *mm = &map_main;
1160 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1161 if (pool_elts (mm->domains) == 0)
1163 vlib_cli_output (vm, "No MAP domains are configured...");
1168 pool_foreach(d, mm->domains, ({
1170 rulecount+= 0x1 << d->psid_length;
1171 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1173 domains += sizeof(*d);
1178 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1179 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1180 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1181 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1183 #if MAP_SKIP_IP6_LOOKUP
1184 vlib_cli_output (vm,
1185 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1186 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1187 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1192 vlib_cli_output (vm, "MAP traffic-class: copy");
1194 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1196 vlib_cli_output (vm,
1197 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1198 mm->sec_check ? "enabled" : "disabled",
1199 mm->sec_check_frag ? "enabled" : "disabled");
1201 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1202 format_ip4_address, &mm->icmp4_src_address);
1203 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1204 mm->icmp6_enabled ? "enabled" : "disabled");
1205 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1206 mm->frag_inner ? "enabled" : "disabled");
1207 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1208 mm->frag_ignore_df ? "enabled" : "disabled");
1213 vlib_combined_counter_main_t *cm = mm->domain_counters;
1214 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1215 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1219 memset (total_pkts, 0, sizeof (total_pkts));
1220 memset (total_bytes, 0, sizeof (total_bytes));
1222 map_domain_counter_lock (mm);
1223 vec_foreach (cm, mm->domain_counters)
1225 which = cm - mm->domain_counters;
1227 for (i = 0; i < vlib_combined_counter_n_counters (cm); i++)
1229 vlib_get_combined_counter (cm, i, &v);
1230 total_pkts[which] += v.packets;
1231 total_bytes[which] += v.bytes;
1234 map_domain_counter_unlock (mm);
1236 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1237 total_pkts[MAP_DOMAIN_COUNTER_TX],
1238 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1239 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1240 total_pkts[MAP_DOMAIN_COUNTER_RX],
1241 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1243 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1244 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1249 static clib_error_t *
1250 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1251 vlib_cli_command_t * cmd)
1253 unformat_input_t _line_input, *line_input = &_line_input;
1255 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1257 u64 buffers = ~(0ull);
1258 u8 ip4 = 0, ip6 = 0;
1260 if (!unformat_user (input, unformat_line_input, line_input))
1263 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1265 if (unformat (line_input, "lifetime %u", &lifetime))
1267 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1269 else if (unformat (line_input, "pool-size %u", &pool_size))
1271 else if (unformat (line_input, "buffers %llu", &buffers))
1273 else if (unformat (line_input, "ip4"))
1275 else if (unformat (line_input, "ip6"))
1279 unformat_free (line_input);
1280 return clib_error_return (0, "invalid input");
1283 unformat_free (line_input);
1286 return clib_error_return (0, "must specify ip4 and/or ip6");
1290 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1291 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1292 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1293 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1294 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1295 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1296 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1297 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1298 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1299 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1300 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1301 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1302 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1307 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1308 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1309 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1310 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1311 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1312 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1313 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1314 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1315 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1316 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1317 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1318 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1319 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1324 u32 reass = 0, packets = 0;
1325 if (pool_size != ~0)
1327 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1329 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1333 vlib_cli_output (vm,
1334 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1338 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1340 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1342 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1346 vlib_cli_output (vm,
1347 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1353 if (map_ip4_reass_conf_lifetime (lifetime))
1354 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1356 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1358 if (buffers != ~(0ull))
1360 if (map_ip4_reass_conf_buffers (buffers))
1361 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1363 vlib_cli_output (vm, "Setting ip4-reass buffers");
1366 if (map_main.ip4_reass_conf_buffers >
1367 map_main.ip4_reass_conf_pool_size *
1368 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1370 vlib_cli_output (vm,
1371 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1377 u32 reass = 0, packets = 0;
1378 if (pool_size != ~0)
1380 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1382 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1386 vlib_cli_output (vm,
1387 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1391 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1393 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1395 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1399 vlib_cli_output (vm,
1400 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1406 if (map_ip6_reass_conf_lifetime (lifetime))
1407 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1409 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1411 if (buffers != ~(0ull))
1413 if (map_ip6_reass_conf_buffers (buffers))
1414 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1416 vlib_cli_output (vm, "Setting ip6-reass buffers");
1419 if (map_main.ip6_reass_conf_buffers >
1420 map_main.ip6_reass_conf_pool_size *
1421 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1423 vlib_cli_output (vm,
1424 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1433 * packet trace format function
1436 format_map_trace (u8 * s, va_list * args)
1438 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1439 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1440 map_trace_t *t = va_arg (*args, map_trace_t *);
1441 u32 map_domain_index = t->map_domain_index;
1445 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1446 clib_net_to_host_u16 (port));
1451 static_always_inline map_ip4_reass_t *
1452 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1454 map_main_t *mm = &map_main;
1455 u32 ri = mm->ip4_reass_hash_table[bucket];
1456 while (ri != MAP_REASS_INDEX_NONE)
1458 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1459 if (r->key.as_u64[0] == k->as_u64[0] &&
1460 r->key.as_u64[1] == k->as_u64[1] &&
1461 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1465 ri = r->bucket_next;
1470 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1473 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1475 map_main_t *mm = &map_main;
1476 map_ip4_reass_get_fragments (r, pi_to_drop);
1478 // Unlink in hash bucket
1479 map_ip4_reass_t *r2 = NULL;
1480 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1481 while (r2i != map_ip4_reass_pool_index (r))
1483 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1484 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1485 r2i = r2->bucket_next;
1489 r2->bucket_next = r->bucket_next;
1493 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1497 if (r->fifo_next == map_ip4_reass_pool_index (r))
1499 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1503 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1504 mm->ip4_reass_fifo_last = r->fifo_prev;
1505 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1507 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1511 pool_put (mm->ip4_reass_pool, r);
1512 mm->ip4_reass_allocated--;
1516 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1517 u8 protocol, u32 ** pi_to_drop)
1520 map_main_t *mm = &map_main;
1521 map_ip4_reass_key_t k = {.src.data_u32 = src,
1522 .dst.data_u32 = dst,
1523 .fragment_id = fragment_id,
1524 .protocol = protocol
1528 #ifdef clib_crc32c_uses_intrinsics
1529 h = clib_crc32c ((u8 *) k.as_u32, 16);
1531 u64 tmp = k.as_u32[0] ^ k.as_u32[1] ^ k.as_u32[2] ^ k.as_u32[3];
1532 h = clib_xxhash (tmp);
1534 h = h >> (32 - mm->ip4_reass_ht_log2len);
1536 f64 now = vlib_time_now (mm->vlib_main);
1538 //Cache garbage collection
1539 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1541 map_ip4_reass_t *last =
1542 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1543 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1544 map_ip4_reass_free (last, pi_to_drop);
1549 if ((r = map_ip4_reass_lookup (&k, h, now)))
1552 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1555 pool_get (mm->ip4_reass_pool, r);
1556 mm->ip4_reass_allocated++;
1558 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1559 r->fragments[i] = ~0;
1561 u32 ri = map_ip4_reass_pool_index (r);
1563 //Link in new bucket
1565 r->bucket_next = mm->ip4_reass_hash_table[h];
1566 mm->ip4_reass_hash_table[h] = ri;
1569 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1572 pool_elt_at_index (mm->ip4_reass_pool,
1573 mm->ip4_reass_fifo_last)->fifo_next;
1574 r->fifo_prev = mm->ip4_reass_fifo_last;
1575 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1576 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1580 r->fifo_next = r->fifo_prev = ri;
1581 mm->ip4_reass_fifo_last = ri;
1588 #ifdef MAP_IP4_REASS_COUNT_BYTES
1589 r->expected_total = 0xffff;
1597 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1599 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1603 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1604 if (r->fragments[i] == ~0)
1606 r->fragments[i] = pi;
1607 map_main.ip4_reass_buffered_counter++;
1613 static_always_inline map_ip6_reass_t *
1614 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1616 map_main_t *mm = &map_main;
1617 u32 ri = mm->ip6_reass_hash_table[bucket];
1618 while (ri != MAP_REASS_INDEX_NONE)
1620 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1621 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1622 r->key.as_u64[0] == k->as_u64[0] &&
1623 r->key.as_u64[1] == k->as_u64[1] &&
1624 r->key.as_u64[2] == k->as_u64[2] &&
1625 r->key.as_u64[3] == k->as_u64[3] &&
1626 r->key.as_u64[4] == k->as_u64[4])
1628 ri = r->bucket_next;
1633 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1636 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1638 map_main_t *mm = &map_main;
1640 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1641 if (r->fragments[i].pi != ~0)
1643 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1644 r->fragments[i].pi = ~0;
1645 map_main.ip6_reass_buffered_counter--;
1648 // Unlink in hash bucket
1649 map_ip6_reass_t *r2 = NULL;
1650 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1651 while (r2i != map_ip6_reass_pool_index (r))
1653 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1654 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1655 r2i = r2->bucket_next;
1659 r2->bucket_next = r->bucket_next;
1663 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1667 if (r->fifo_next == map_ip6_reass_pool_index (r))
1669 //Single element in the list, list is now empty
1670 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1674 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1675 mm->ip6_reass_fifo_last = r->fifo_prev;
1676 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1678 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1682 // Free from pool if necessary
1683 pool_put (mm->ip6_reass_pool, r);
1684 mm->ip6_reass_allocated--;
1688 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1689 u8 protocol, u32 ** pi_to_drop)
1692 map_main_t *mm = &map_main;
1693 map_ip6_reass_key_t k = {
1696 .fragment_id = fragment_id,
1697 .protocol = protocol
1703 #ifdef clib_crc32c_uses_intrinsics
1704 h = clib_crc32c ((u8 *) k.as_u32, 40);
1707 k.as_u64[0] ^ k.as_u64[1] ^ k.as_u64[2] ^ k.as_u64[3] ^ k.as_u64[4];
1708 h = clib_xxhash (tmp);
1711 h = h >> (32 - mm->ip6_reass_ht_log2len);
1713 f64 now = vlib_time_now (mm->vlib_main);
1715 //Cache garbage collection
1716 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1718 map_ip6_reass_t *last =
1719 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1720 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1721 map_ip6_reass_free (last, pi_to_drop);
1726 if ((r = map_ip6_reass_lookup (&k, h, now)))
1729 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1732 pool_get (mm->ip6_reass_pool, r);
1733 mm->ip6_reass_allocated++;
1734 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1736 r->fragments[i].pi = ~0;
1737 r->fragments[i].next_data_len = 0;
1738 r->fragments[i].next_data_offset = 0;
1741 u32 ri = map_ip6_reass_pool_index (r);
1743 //Link in new bucket
1745 r->bucket_next = mm->ip6_reass_hash_table[h];
1746 mm->ip6_reass_hash_table[h] = ri;
1749 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1752 pool_elt_at_index (mm->ip6_reass_pool,
1753 mm->ip6_reass_fifo_last)->fifo_next;
1754 r->fifo_prev = mm->ip6_reass_fifo_last;
1755 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1756 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1760 r->fifo_next = r->fifo_prev = ri;
1761 mm->ip6_reass_fifo_last = ri;
1767 r->ip4_header.ip_version_and_header_length = 0;
1768 #ifdef MAP_IP6_REASS_COUNT_BYTES
1769 r->expected_total = 0xffff;
1776 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1777 u16 data_offset, u16 next_data_offset,
1778 u8 * data_start, u16 data_len)
1780 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1781 u16 copied_len = (data_len > 20) ? 20 : data_len;
1783 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1786 //Lookup for fragments for the current buffer
1787 //and the one before that
1789 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1791 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1793 prev_f = &r->fragments[i]; // This is buffer for previous packet
1795 else if (r->fragments[i].next_data_offset == next_data_offset)
1797 f = &r->fragments[i]; // This is a buffer for the current packet
1799 else if (r->fragments[i].next_data_offset == 0)
1802 f = &r->fragments[i];
1803 else if (prev_f == NULL)
1804 prev_f = &r->fragments[i];
1808 if (!f || f->pi != ~0)
1816 clib_memcpy (prev_f->next_data, data_start, copied_len);
1817 prev_f->next_data_len = copied_len;
1818 prev_f->next_data_offset = data_offset;
1822 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1825 if (r->ip4_header.ip_version_and_header_length == 0)
1826 clib_memcpy (&r->ip4_header, data_start, sizeof (ip4_header_t));
1831 f->next_data_offset = next_data_offset;
1833 map_main.ip6_reass_buffered_counter++;
1839 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1841 map_main_t *mm = &map_main;
1844 if (dropped_packets)
1845 *dropped_packets = mm->ip4_reass_buffered_counter;
1847 *trashed_reass = mm->ip4_reass_allocated;
1848 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1850 u16 ri = mm->ip4_reass_fifo_last;
1853 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1854 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1855 if (r->fragments[i] != ~0)
1856 map_ip4_drop_pi (r->fragments[i]);
1859 pool_put (mm->ip4_reass_pool, r);
1861 while (ri != mm->ip4_reass_fifo_last);
1864 vec_free (mm->ip4_reass_hash_table);
1865 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1866 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1867 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1868 pool_free (mm->ip4_reass_pool);
1869 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1871 mm->ip4_reass_allocated = 0;
1872 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1873 mm->ip4_reass_buffered_counter = 0;
1877 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1879 u32 desired_size = (u32) (pool_size * ht_ratio);
1881 for (i = 1; i < 31; i++)
1882 if ((1 << i) >= desired_size)
1888 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1889 u32 * dropped_packets)
1891 map_main_t *mm = &map_main;
1892 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1895 map_ip4_reass_lock ();
1896 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1897 mm->ip4_reass_ht_log2len =
1898 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1899 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1900 map_ip4_reass_unlock ();
1905 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1906 u32 * dropped_packets)
1908 map_main_t *mm = &map_main;
1909 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1912 map_ip4_reass_lock ();
1913 mm->ip4_reass_conf_pool_size = pool_size;
1914 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1915 map_ip4_reass_unlock ();
1920 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1922 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1927 map_ip4_reass_conf_buffers (u32 buffers)
1929 map_main.ip4_reass_conf_buffers = buffers;
1934 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1936 map_main_t *mm = &map_main;
1937 if (dropped_packets)
1938 *dropped_packets = mm->ip6_reass_buffered_counter;
1940 *trashed_reass = mm->ip6_reass_allocated;
1942 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1944 u16 ri = mm->ip6_reass_fifo_last;
1947 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1948 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1949 if (r->fragments[i].pi != ~0)
1950 map_ip6_drop_pi (r->fragments[i].pi);
1953 pool_put (mm->ip6_reass_pool, r);
1955 while (ri != mm->ip6_reass_fifo_last);
1956 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1959 vec_free (mm->ip6_reass_hash_table);
1960 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1961 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1962 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1963 pool_free (mm->ip6_reass_pool);
1964 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1966 mm->ip6_reass_allocated = 0;
1967 mm->ip6_reass_buffered_counter = 0;
1971 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1972 u32 * dropped_packets)
1974 map_main_t *mm = &map_main;
1975 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1978 map_ip6_reass_lock ();
1979 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1980 mm->ip6_reass_ht_log2len =
1981 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1982 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1983 map_ip6_reass_unlock ();
1988 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1989 u32 * dropped_packets)
1991 map_main_t *mm = &map_main;
1992 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1995 map_ip6_reass_lock ();
1996 mm->ip6_reass_conf_pool_size = pool_size;
1997 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1998 map_ip6_reass_unlock ();
2003 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
2005 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
2010 map_ip6_reass_conf_buffers (u32 buffers)
2012 map_main.ip6_reass_conf_buffers = buffers;
2019 * Configure MAP reassembly behaviour
2022 * @cliexstart{map params reassembly}
2025 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
2026 .path = "map params reassembly",
2027 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
2028 "[pool-size <pool-size>] [buffers <buffers>] "
2029 "[ht-ratio <ht-ratio>]",
2030 .function = map_params_reass_command_fn,
2034 * Set or copy the IP TOS/Traffic Class field
2037 * @cliexstart{map params traffic-class}
2039 * This command is used to set the traffic-class field in translated
2040 * or encapsulated packets. If copy is specifed (the default) then the
2041 * traffic-class/TOS field is copied from the original packet to the
2042 * translated / encapsulating header.
2045 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
2046 .path = "map params traffic-class",
2047 .short_help = "map params traffic-class {0x0-0xff | copy}",
2048 .function = map_traffic_class_command_fn,
2052 * Bypass IP4/IP6 lookup
2055 * @cliexstart{map params pre-resolve}
2057 * Bypass a second FIB lookup of the translated or encapsulated
2058 * packet, and forward the packet directly to the specified
2059 * next-hop. This optimization trades forwarding flexibility for
2063 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
2064 .path = "map params pre-resolve",
2065 .short_help = " map params pre-resolve {ip4-nh <address>} "
2066 "| {ip6-nh <address>}",
2067 .function = map_pre_resolve_command_fn,
2071 * Enable or disable the MAP-E inbound security check
2074 * @cliexstart{map params security-check}
2076 * By default, a decapsulated packet's IPv4 source address will be
2077 * verified against the outer header's IPv6 source address. Disabling
2078 * this feature will allow IPv4 source address spoofing.
2081 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2082 .path = "map params security-check",
2083 .short_help = "map params security-check on|off",
2084 .function = map_security_check_command_fn,
2088 * Specifiy the IPv4 source address used for relayed ICMP error messages
2091 * @cliexstart{map params icmp source-address}
2093 * This command specifies which IPv4 source address (must be local to
2094 * the system), that is used for relayed received IPv6 ICMP error
2098 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2099 .path = "map params icmp source-address",
2100 .short_help = "map params icmp source-address <ip4-address>",
2101 .function = map_icmp_relay_source_address_command_fn,
2105 * Send IPv6 ICMP unreachables
2108 * @cliexstart{map params icmp6 unreachables}
2110 * Send IPv6 ICMP unreachable messages back if security check fails or
2111 * no MAP domain exists.
2114 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2115 .path = "map params icmp6 unreachables",
2116 .short_help = "map params icmp6 unreachables {on|off}",
2117 .function = map_icmp_unreachables_command_fn,
2121 * Configure MAP fragmentation behaviour
2124 * @cliexstart{map params fragment}
2127 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2128 .path = "map params fragment",
2129 .short_help = "map params fragment inner|outer",
2130 .function = map_fragment_command_fn,
2134 * Ignore the IPv4 Don't fragment bit
2137 * @cliexstart{map params fragment ignore-df}
2139 * Allows fragmentation of the IPv4 packet even if the DF bit is
2140 * set. The choice between inner or outer fragmentation of tunnel
2141 * packets is complicated. The benefit of inner fragmentation is that
2142 * the ultimate endpoint must reassemble, instead of the tunnel
2146 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
2147 .path = "map params fragment ignore-df",
2148 .short_help = "map params fragment ignore-df on|off",
2149 .function = map_fragment_df_command_fn,
2153 * Specifiy if the inbound security check should be done on fragments
2156 * @cliexstart{map params security-check fragments}
2158 * Typically the inbound on-decapsulation security check is only done
2159 * on the first packet. The packet that contains the L4
2160 * information. While a security check on every fragment is possible,
2161 * it has a cost. State must be created on the first fragment.
2164 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
2165 .path = "map params security-check fragments",
2166 .short_help = "map params security-check fragments on|off",
2167 .function = map_security_check_frag_command_fn,
2174 * @cliexstart{map add domain}
2177 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2178 .path = "map add domain",
2179 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2180 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2181 "[map-t] [map-ce] [mtu <mtu>]",
2182 .function = map_add_domain_command_fn,
2186 * Add MAP rule to a domain
2189 * @cliexstart{map add rule}
2192 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2193 .path = "map add rule",
2194 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2195 .function = map_add_rule_command_fn,
2202 * @cliexstart{map del domain}
2205 VLIB_CLI_COMMAND(map_del_command, static) = {
2206 .path = "map del domain",
2207 .short_help = "map del domain index <domain>",
2208 .function = map_del_domain_command_fn,
2215 * @cliexstart{show map domain}
2218 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2219 .path = "show map domain",
2220 .short_help = "show map domain index <n> [counters]",
2221 .function = show_map_domain_command_fn,
2225 * Show MAP statistics
2228 * @cliexstart{show map stats}
2231 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2232 .path = "show map stats",
2233 .short_help = "show map stats",
2234 .function = show_map_stats_command_fn,
2238 * Show MAP fragmentation information
2241 * @cliexstart{show map fragments}
2244 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2245 .path = "show map fragments",
2246 .short_help = "show map fragments",
2247 .function = show_map_fragments_command_fn,
2250 VLIB_PLUGIN_REGISTER() = {
2251 .version = VPP_BUILD_VER,
2252 .description = "Mapping of address and port (MAP)",
2257 static clib_error_t *
2258 map_config (vlib_main_t * vm, unformat_input_t * input)
2260 map_main_t *mm = &map_main;
2263 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2265 if (unformat (input, "customer edge"))
2268 return clib_error_return (0, "unknown input '%U'",
2269 format_unformat_error, input);
2277 VLIB_CONFIG_FUNCTION (map_config, "map");
2283 map_init (vlib_main_t * vm)
2285 map_main_t *mm = &map_main;
2286 clib_error_t *error = 0;
2287 mm->vnet_main = vnet_get_main ();
2290 #ifdef MAP_SKIP_IP6_LOOKUP
2291 fib_protocol_t proto;
2293 FOR_EACH_FIB_PROTOCOL (proto)
2295 map_pre_resolve_init (&pre_resolved[proto]);
2303 /* Inbound security check */
2304 mm->sec_check = true;
2305 mm->sec_check_frag = false;
2307 /* ICMP6 Type 1, Code 5 for security check failure */
2308 mm->icmp6_enabled = false;
2312 /* Inner or outer fragmentation */
2313 mm->frag_inner = false;
2314 mm->frag_ignore_df = false;
2316 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2317 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "rx";
2318 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "tx";
2320 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2321 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2323 /* IP4 virtual reassembly */
2324 mm->ip4_reass_hash_table = 0;
2325 mm->ip4_reass_pool = 0;
2326 mm->ip4_reass_lock =
2327 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2328 *mm->ip4_reass_lock = 0;
2329 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2330 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2331 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2332 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2333 mm->ip4_reass_ht_log2len =
2334 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2335 mm->ip4_reass_conf_pool_size);
2336 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2337 map_ip4_reass_reinit (NULL, NULL);
2339 /* IP6 virtual reassembly */
2340 mm->ip6_reass_hash_table = 0;
2341 mm->ip6_reass_pool = 0;
2342 mm->ip6_reass_lock =
2343 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2344 *mm->ip6_reass_lock = 0;
2345 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2346 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2347 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2348 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2349 mm->ip6_reass_ht_log2len =
2350 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2351 mm->ip6_reass_conf_pool_size);
2352 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2353 map_ip6_reass_reinit (NULL, NULL);
2355 #ifdef MAP_SKIP_IP6_LOOKUP
2356 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2358 map_dpo_module_init ();
2360 error = map_plugin_api_hookup (vm);
2365 VLIB_INIT_FUNCTION (map_init);
2368 * fd.io coding-style-patch-verification: ON
2371 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob