4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <map/map_dpo.h>
22 #include <vppinfra/crc32.h>
23 #include <vnet/plugin/plugin.h>
24 #include <vpp/app/version.h>
30 * This code supports the following MAP modes:
32 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
33 * ea_bits_len + ip4_prefix > 32
34 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
35 * Algorithmic Full IPv4 address (ea_bits_len > 0):
36 * ea_bits_len + ip4_prefix = 32
37 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
38 * Algorithmic IPv4 prefix (ea_bits_len > 0):
39 * ea_bits_len + ip4_prefix < 32
40 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
42 * Independent Shared IPv4 address (ea_bits_len = 0):
45 * Rule IPv6 address = 128, Rule PSID Set
46 * Independent Full IPv4 address (ea_bits_len = 0):
48 * psid_length = 0, ip6_prefix = 128
49 * Independent IPv4 prefix (ea_bits_len = 0):
51 * psid_length = 0, ip6_prefix = 128
56 * This code supports MAP-T:
58 * With a DMR prefix length of 64 or 96 (RFC6052).
65 map_create_domain (ip4_address_t * ip4_prefix,
67 ip6_address_t * ip6_prefix,
69 ip6_address_t * ip6_src,
73 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
75 u8 suffix_len, suffix_shift;
76 map_main_t *mm = &map_main;
77 dpo_id_t dpo_v4 = DPO_INVALID;
78 dpo_id_t dpo_v6 = DPO_INVALID;
81 /* Sanity check on the src prefix length */
82 if (flags & MAP_DOMAIN_TRANSLATION)
84 if (ip6_src_len != 96 && ip6_src_len != 64)
86 clib_warning ("MAP-T only supports prefix lengths of 64 and 96.");
92 if (ip6_src_len != 128)
95 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
101 /* How many, and which bits to grab from the IPv4 DA */
102 if (ip4_prefix_len + ea_bits_len < 32)
104 flags |= MAP_DOMAIN_PREFIX;
105 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
106 suffix_len = ea_bits_len;
111 suffix_len = 32 - ip4_prefix_len;
114 /* EA bits must be within the first 64 bits */
115 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
116 ip6_prefix_len + suffix_len + psid_length > 64))
119 ("Embedded Address bits must be within the first 64 bits of "
124 /* Get domain index */
125 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
126 clib_memset (d, 0, sizeof (*d));
127 *map_domain_index = d - mm->domains;
129 /* Init domain struct */
130 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
131 d->ip4_prefix_len = ip4_prefix_len;
132 d->ip6_prefix = *ip6_prefix;
133 d->ip6_prefix_len = ip6_prefix_len;
134 d->ip6_src = *ip6_src;
135 d->ip6_src_len = ip6_src_len;
136 d->ea_bits_len = ea_bits_len;
137 d->psid_offset = psid_offset;
138 d->psid_length = psid_length;
141 d->suffix_shift = suffix_shift;
142 d->suffix_mask = (1 << suffix_len) - 1;
144 d->psid_shift = 16 - psid_length - psid_offset;
145 d->psid_mask = (1 << d->psid_length) - 1;
146 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
148 /* MAP data-plane object */
149 if (d->flags & MAP_DOMAIN_TRANSLATION)
150 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
152 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
154 /* Create ip4 route */
156 .fp_proto = FIB_PROTOCOL_IP4,
157 .fp_len = d->ip4_prefix_len,
159 .ip4 = d->ip4_prefix,
163 fib_table_entry_special_dpo_add (0, &pfx,
165 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
169 * construct a DPO to use the v6 domain
171 if (d->flags & MAP_DOMAIN_TRANSLATION)
172 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
174 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
177 * Multiple MAP domains may share same source IPv6 TEP. Which is just dandy.
178 * We are not tracking the sharing. So a v4 lookup to find the correct
179 * domain post decap/trnaslate is always done
181 * Create ip6 route. This is a reference counted add. If the prefix
182 * already exists and is MAP sourced, it is now MAP source n+1 times
183 * and will need to be removed n+1 times.
185 fib_prefix_t pfx6 = {
186 .fp_proto = FIB_PROTOCOL_IP6,
187 .fp_len = d->ip6_src_len,
188 .fp_addr.ip6 = d->ip6_src,
191 fib_table_entry_special_dpo_add (0, &pfx6,
193 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
196 /* Validate packet/byte counters */
197 map_domain_counter_lock (mm);
199 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
201 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
203 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
206 for (i = 0; i < vec_len (mm->domain_counters); i++)
208 vlib_validate_combined_counter (&mm->domain_counters[i],
210 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
212 map_domain_counter_unlock (mm);
221 map_delete_domain (u32 map_domain_index)
223 map_main_t *mm = &map_main;
226 if (pool_is_free_index (mm->domains, map_domain_index))
228 clib_warning ("MAP domain delete: domain does not exist: %d",
233 d = pool_elt_at_index (mm->domains, map_domain_index);
236 .fp_proto = FIB_PROTOCOL_IP4,
237 .fp_len = d->ip4_prefix_len,
239 .ip4 = d->ip4_prefix,
243 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
245 fib_prefix_t pfx6 = {
246 .fp_proto = FIB_PROTOCOL_IP6,
247 .fp_len = d->ip6_src_len,
253 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
257 clib_mem_free (d->rules);
259 pool_put (mm->domains, d);
265 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
269 map_main_t *mm = &map_main;
271 if (pool_is_free_index (mm->domains, map_domain_index))
273 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
276 d = pool_elt_at_index (mm->domains, map_domain_index);
278 /* Rules are only used in 1:1 independent case */
279 if (d->ea_bits_len > 0)
284 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
285 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
288 clib_memset (d->rules, 0, l);
291 if (psid >= (0x1 << d->psid_length))
293 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
294 0x1 << d->psid_length);
300 d->rules[psid] = *tep;
304 clib_memset (&d->rules[psid], 0, sizeof (ip6_address_t));
309 #ifdef MAP_SKIP_IP6_LOOKUP
311 * Pre-resolvd per-protocol global next-hops
313 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
316 map_pre_resolve_init (map_main_pre_resolved_t * pr)
318 pr->fei = FIB_NODE_INDEX_INVALID;
319 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
323 format_map_pre_resolve (u8 * s, va_list * ap)
325 map_main_pre_resolved_t *pr = va_arg (*ap, map_main_pre_resolved_t *);
327 if (FIB_NODE_INDEX_INVALID != pr->fei)
329 const fib_prefix_t *pfx;
331 pfx = fib_entry_get_prefix (pr->fei);
333 return (format (s, "%U (%u)",
334 format_ip46_address, &pfx->fp_addr, IP46_TYPE_ANY,
335 pr->dpo.dpoi_index));
339 return (format (s, "un-set"));
345 * Function definition to inform the FIB node that its last lock has gone.
348 map_last_lock_gone (fib_node_t * node)
351 * The MAP is a root of the graph. As such
352 * it never has children and thus is never locked.
357 static map_main_pre_resolved_t *
358 map_from_fib_node (fib_node_t * node)
360 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
361 return ((map_main_pre_resolved_t *)
363 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
367 map_stack (map_main_pre_resolved_t * pr)
371 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
373 dpo_copy (&pr->dpo, dpo);
377 * Function definition to backwalk a FIB node
379 static fib_node_back_walk_rc_t
380 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
382 map_stack (map_from_fib_node (node));
384 return (FIB_NODE_BACK_WALK_CONTINUE);
388 * Function definition to get a FIB node from its index
391 map_fib_node_get (fib_node_index_t index)
393 return (&pre_resolved[index].node);
397 * Virtual function table registered by MPLS GRE tunnels
398 * for participation in the FIB object graph.
400 const static fib_node_vft_t map_vft = {
401 .fnv_get = map_fib_node_get,
402 .fnv_last_lock = map_last_lock_gone,
403 .fnv_back_walk = map_back_walk,
407 map_fib_resolve (map_main_pre_resolved_t * pr,
408 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
416 pr->fei = fib_table_entry_special_add (0, // default fib
418 FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE);
419 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
424 map_fib_unresolve (map_main_pre_resolved_t * pr,
425 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
433 fib_entry_child_remove (pr->fei, pr->sibling);
435 fib_table_entry_special_remove (0, // default fib
436 &pfx, FIB_SOURCE_RR);
437 dpo_reset (&pr->dpo);
439 pr->fei = FIB_NODE_INDEX_INVALID;
440 pr->sibling = FIB_NODE_INDEX_INVALID;
444 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
446 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
448 ip46_address_t addr = {
452 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
453 FIB_PROTOCOL_IP6, 128, &addr);
455 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
456 FIB_PROTOCOL_IP6, 128, &addr);
458 if (ip4 && (ip4->as_u32 != 0))
460 ip46_address_t addr = {
464 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
465 FIB_PROTOCOL_IP4, 32, &addr);
467 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
468 FIB_PROTOCOL_IP4, 32, &addr);
473 static clib_error_t *
474 map_security_check_command_fn (vlib_main_t * vm,
475 unformat_input_t * input,
476 vlib_cli_command_t * cmd)
478 unformat_input_t _line_input, *line_input = &_line_input;
479 map_main_t *mm = &map_main;
480 clib_error_t *error = NULL;
482 /* Get a line of input. */
483 if (!unformat_user (input, unformat_line_input, line_input))
486 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
488 if (unformat (line_input, "off"))
489 mm->sec_check = false;
490 else if (unformat (line_input, "on"))
491 mm->sec_check = true;
494 error = clib_error_return (0, "unknown input `%U'",
495 format_unformat_error, line_input);
501 unformat_free (line_input);
506 static clib_error_t *
507 map_security_check_frag_command_fn (vlib_main_t * vm,
508 unformat_input_t * input,
509 vlib_cli_command_t * cmd)
511 unformat_input_t _line_input, *line_input = &_line_input;
512 map_main_t *mm = &map_main;
513 clib_error_t *error = NULL;
515 /* Get a line of input. */
516 if (!unformat_user (input, unformat_line_input, line_input))
519 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
521 if (unformat (line_input, "off"))
522 mm->sec_check_frag = false;
523 else if (unformat (line_input, "on"))
524 mm->sec_check_frag = true;
527 error = clib_error_return (0, "unknown input `%U'",
528 format_unformat_error, line_input);
534 unformat_free (line_input);
539 static clib_error_t *
540 map_add_domain_command_fn (vlib_main_t * vm,
541 unformat_input_t * input, vlib_cli_command_t * cmd)
543 unformat_input_t _line_input, *line_input = &_line_input;
544 ip4_address_t ip4_prefix;
545 ip6_address_t ip6_prefix;
546 ip6_address_t ip6_src;
547 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
549 /* Optional arguments */
550 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
554 clib_error_t *error = NULL;
556 /* Get a line of input. */
557 if (!unformat_user (input, unformat_line_input, line_input))
560 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
563 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
568 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
573 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
578 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
580 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
582 else if (unformat (line_input, "psid-offset %d", &psid_offset))
584 else if (unformat (line_input, "psid-len %d", &psid_length))
586 else if (unformat (line_input, "mtu %d", &mtu))
588 else if (unformat (line_input, "map-t"))
589 flags |= MAP_DOMAIN_TRANSLATION;
590 else if (unformat (line_input, "rfc6052"))
591 flags |= (MAP_DOMAIN_TRANSLATION | MAP_DOMAIN_RFC6052);
594 error = clib_error_return (0, "unknown input `%U'",
595 format_unformat_error, line_input);
602 error = clib_error_return (0, "mandatory argument(s) missing");
606 map_create_domain (&ip4_prefix, ip4_prefix_len,
607 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
608 ea_bits_len, psid_offset, psid_length, &map_domain_index,
612 unformat_free (line_input);
617 static clib_error_t *
618 map_del_domain_command_fn (vlib_main_t * vm,
619 unformat_input_t * input, vlib_cli_command_t * cmd)
621 unformat_input_t _line_input, *line_input = &_line_input;
623 u32 map_domain_index;
624 clib_error_t *error = NULL;
626 /* Get a line of input. */
627 if (!unformat_user (input, unformat_line_input, line_input))
630 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
632 if (unformat (line_input, "index %d", &map_domain_index))
636 error = clib_error_return (0, "unknown input `%U'",
637 format_unformat_error, line_input);
644 error = clib_error_return (0, "mandatory argument(s) missing");
648 map_delete_domain (map_domain_index);
651 unformat_free (line_input);
656 static clib_error_t *
657 map_add_rule_command_fn (vlib_main_t * vm,
658 unformat_input_t * input, vlib_cli_command_t * cmd)
660 unformat_input_t _line_input, *line_input = &_line_input;
663 u32 psid = 0, map_domain_index;
664 clib_error_t *error = NULL;
666 /* Get a line of input. */
667 if (!unformat_user (input, unformat_line_input, line_input))
670 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
672 if (unformat (line_input, "index %d", &map_domain_index))
674 else if (unformat (line_input, "psid %d", &psid))
677 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
681 error = clib_error_return (0, "unknown input `%U'",
682 format_unformat_error, line_input);
689 error = clib_error_return (0, "mandatory argument(s) missing");
693 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
695 error = clib_error_return (0, "Failing to add Mapping Rule");
700 unformat_free (line_input);
705 #if MAP_SKIP_IP6_LOOKUP
706 static clib_error_t *
707 map_pre_resolve_command_fn (vlib_main_t * vm,
708 unformat_input_t * input,
709 vlib_cli_command_t * cmd)
711 unformat_input_t _line_input, *line_input = &_line_input;
712 ip4_address_t ip4nh, *p_v4 = NULL;
713 ip6_address_t ip6nh, *p_v6 = NULL;
714 clib_error_t *error = NULL;
717 clib_memset (&ip4nh, 0, sizeof (ip4nh));
718 clib_memset (&ip6nh, 0, sizeof (ip6nh));
720 /* Get a line of input. */
721 if (!unformat_user (input, unformat_line_input, line_input))
724 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
726 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
729 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
731 else if (unformat (line_input, "del"))
735 error = clib_error_return (0, "unknown input `%U'",
736 format_unformat_error, line_input);
741 map_pre_resolve (p_v4, p_v6, is_del);
744 unformat_free (line_input);
750 static clib_error_t *
751 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
752 unformat_input_t * input,
753 vlib_cli_command_t * cmd)
755 unformat_input_t _line_input, *line_input = &_line_input;
756 ip4_address_t icmp_src_address;
757 map_main_t *mm = &map_main;
758 clib_error_t *error = NULL;
760 mm->icmp4_src_address.as_u32 = 0;
762 /* Get a line of input. */
763 if (!unformat_user (input, unformat_line_input, line_input))
766 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
769 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
770 mm->icmp4_src_address = icmp_src_address;
773 error = clib_error_return (0, "unknown input `%U'",
774 format_unformat_error, line_input);
780 unformat_free (line_input);
785 static clib_error_t *
786 map_icmp_unreachables_command_fn (vlib_main_t * vm,
787 unformat_input_t * input,
788 vlib_cli_command_t * cmd)
790 unformat_input_t _line_input, *line_input = &_line_input;
791 map_main_t *mm = &map_main;
793 clib_error_t *error = NULL;
795 /* Get a line of input. */
796 if (!unformat_user (input, unformat_line_input, line_input))
799 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
802 if (unformat (line_input, "on"))
803 mm->icmp6_enabled = true;
804 else if (unformat (line_input, "off"))
805 mm->icmp6_enabled = false;
808 error = clib_error_return (0, "unknown input `%U'",
809 format_unformat_error, line_input);
816 error = clib_error_return (0, "mandatory argument(s) missing");
819 unformat_free (line_input);
824 static clib_error_t *
825 map_fragment_command_fn (vlib_main_t * vm,
826 unformat_input_t * input, vlib_cli_command_t * cmd)
828 unformat_input_t _line_input, *line_input = &_line_input;
829 map_main_t *mm = &map_main;
830 clib_error_t *error = NULL;
832 /* Get a line of input. */
833 if (!unformat_user (input, unformat_line_input, line_input))
836 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
838 if (unformat (line_input, "inner"))
839 mm->frag_inner = true;
840 else if (unformat (line_input, "outer"))
841 mm->frag_inner = false;
844 error = clib_error_return (0, "unknown input `%U'",
845 format_unformat_error, line_input);
851 unformat_free (line_input);
856 static clib_error_t *
857 map_fragment_df_command_fn (vlib_main_t * vm,
858 unformat_input_t * input,
859 vlib_cli_command_t * cmd)
861 unformat_input_t _line_input, *line_input = &_line_input;
862 map_main_t *mm = &map_main;
863 clib_error_t *error = NULL;
865 /* Get a line of input. */
866 if (!unformat_user (input, unformat_line_input, line_input))
869 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
871 if (unformat (line_input, "on"))
872 mm->frag_ignore_df = true;
873 else if (unformat (line_input, "off"))
874 mm->frag_ignore_df = false;
877 error = clib_error_return (0, "unknown input `%U'",
878 format_unformat_error, line_input);
884 unformat_free (line_input);
889 static clib_error_t *
890 map_traffic_class_command_fn (vlib_main_t * vm,
891 unformat_input_t * input,
892 vlib_cli_command_t * cmd)
894 unformat_input_t _line_input, *line_input = &_line_input;
895 map_main_t *mm = &map_main;
897 clib_error_t *error = NULL;
901 /* Get a line of input. */
902 if (!unformat_user (input, unformat_line_input, line_input))
905 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
907 if (unformat (line_input, "copy"))
909 else if (unformat (line_input, "%x", &tc))
913 error = clib_error_return (0, "unknown input `%U'",
914 format_unformat_error, line_input);
920 unformat_free (line_input);
926 map_flags_to_string (u32 flags)
928 if (flags & MAP_DOMAIN_RFC6052)
930 if (flags & MAP_DOMAIN_PREFIX)
932 if (flags & MAP_DOMAIN_TRANSLATION)
938 format_map_domain (u8 * s, va_list * args)
940 map_domain_t *d = va_arg (*args, map_domain_t *);
941 bool counters = va_arg (*args, int);
942 map_main_t *mm = &map_main;
943 ip6_address_t ip6_prefix;
946 clib_memset (&ip6_prefix, 0, sizeof (ip6_prefix));
948 ip6_prefix = d->ip6_prefix;
951 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea-bits-len %d "
952 "psid-offset %d psid-len %d mtu %d %s",
954 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
955 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
956 format_ip6_address, &d->ip6_src, d->ip6_src_len,
957 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
958 map_flags_to_string (d->flags));
962 map_domain_counter_lock (mm);
964 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
965 d - mm->domains, &v);
966 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
967 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
968 d - mm->domains, &v);
969 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
970 map_domain_counter_unlock (mm);
972 s = format (s, "\n");
978 for (i = 0; i < (0x1 << d->psid_length); i++)
981 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
984 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
992 format_map_ip4_reass (u8 * s, va_list * args)
994 map_main_t *mm = &map_main;
995 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
996 map_ip4_reass_key_t *k = &r->key;
997 f64 now = vlib_time_now (mm->vlib_main);
998 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
999 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1001 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
1002 format_ip4_address, &k->src.as_u8, format_ip4_address,
1003 &k->dst.as_u8, k->protocol,
1004 clib_net_to_host_u16 (k->fragment_id),
1005 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
1010 format_map_ip6_reass (u8 * s, va_list * args)
1012 map_main_t *mm = &map_main;
1013 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
1014 map_ip6_reass_key_t *k = &r->key;
1015 f64 now = vlib_time_now (mm->vlib_main);
1016 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
1017 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1019 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
1020 format_ip6_address, &k->src.as_u8, format_ip6_address,
1021 &k->dst.as_u8, k->protocol,
1022 clib_net_to_host_u32 (k->fragment_id), dt);
1026 static clib_error_t *
1027 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
1028 vlib_cli_command_t * cmd)
1030 unformat_input_t _line_input, *line_input = &_line_input;
1031 map_main_t *mm = &map_main;
1033 bool counters = false;
1034 u32 map_domain_index = ~0;
1035 clib_error_t *error = NULL;
1037 /* Get a line of input. */
1038 if (!unformat_user (input, unformat_line_input, line_input))
1041 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1043 if (unformat (line_input, "counters"))
1045 else if (unformat (line_input, "index %d", &map_domain_index))
1049 error = clib_error_return (0, "unknown input `%U'",
1050 format_unformat_error, line_input);
1055 if (pool_elts (mm->domains) == 0)
1056 vlib_cli_output (vm, "No MAP domains are configured...");
1058 if (map_domain_index == ~0)
1061 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
1066 if (pool_is_free_index (mm->domains, map_domain_index))
1068 error = clib_error_return (0, "MAP domain does not exists %d",
1073 d = pool_elt_at_index (mm->domains, map_domain_index);
1074 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1078 unformat_free (line_input);
1083 static clib_error_t *
1084 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1085 vlib_cli_command_t * cmd)
1087 map_main_t *mm = &map_main;
1088 map_ip4_reass_t *f4;
1089 map_ip6_reass_t *f6;
1092 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1095 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1101 map_error_counter_get (u32 node_index, map_error_t map_error)
1103 vlib_main_t *vm = vlib_get_main ();
1104 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1105 vlib_error_main_t *em = &vm->error_main;
1106 vlib_error_t e = error_node->errors[map_error];
1107 vlib_node_t *n = vlib_get_node (vm, node_index);
1110 ci = vlib_error_get_code (e);
1111 ASSERT (ci < n->n_errors);
1112 ci += n->error_heap_index;
1114 return (em->counters[ci]);
1117 static clib_error_t *
1118 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1119 vlib_cli_command_t * cmd)
1121 map_main_t *mm = &map_main;
1123 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1124 if (pool_elts (mm->domains) == 0)
1126 vlib_cli_output (vm, "No MAP domains are configured...");
1131 pool_foreach(d, mm->domains, ({
1133 rulecount+= 0x1 << d->psid_length;
1134 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1136 domains += sizeof(*d);
1141 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1142 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1143 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1144 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1146 #if MAP_SKIP_IP6_LOOKUP
1147 vlib_cli_output (vm,
1148 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1149 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1150 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1155 vlib_cli_output (vm, "MAP traffic-class: copy");
1157 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1159 vlib_cli_output (vm,
1160 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1161 mm->sec_check ? "enabled" : "disabled",
1162 mm->sec_check_frag ? "enabled" : "disabled");
1164 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1165 format_ip4_address, &mm->icmp4_src_address);
1166 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1167 mm->icmp6_enabled ? "enabled" : "disabled");
1168 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1169 mm->frag_inner ? "enabled" : "disabled");
1170 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1171 mm->frag_ignore_df ? "enabled" : "disabled");
1176 vlib_combined_counter_main_t *cm = mm->domain_counters;
1177 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1178 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1182 clib_memset (total_pkts, 0, sizeof (total_pkts));
1183 clib_memset (total_bytes, 0, sizeof (total_bytes));
1185 map_domain_counter_lock (mm);
1186 vec_foreach (cm, mm->domain_counters)
1188 which = cm - mm->domain_counters;
1190 for (i = 0; i < vlib_combined_counter_n_counters (cm); i++)
1192 vlib_get_combined_counter (cm, i, &v);
1193 total_pkts[which] += v.packets;
1194 total_bytes[which] += v.bytes;
1197 map_domain_counter_unlock (mm);
1199 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1200 total_pkts[MAP_DOMAIN_COUNTER_TX],
1201 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1202 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1203 total_pkts[MAP_DOMAIN_COUNTER_RX],
1204 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1206 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1207 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1212 static clib_error_t *
1213 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1214 vlib_cli_command_t * cmd)
1216 unformat_input_t _line_input, *line_input = &_line_input;
1218 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1220 u64 buffers = ~(0ull);
1221 u8 ip4 = 0, ip6 = 0;
1223 if (!unformat_user (input, unformat_line_input, line_input))
1226 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1228 if (unformat (line_input, "lifetime %u", &lifetime))
1230 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1232 else if (unformat (line_input, "pool-size %u", &pool_size))
1234 else if (unformat (line_input, "buffers %llu", &buffers))
1236 else if (unformat (line_input, "ip4"))
1238 else if (unformat (line_input, "ip6"))
1242 unformat_free (line_input);
1243 return clib_error_return (0, "invalid input");
1246 unformat_free (line_input);
1249 return clib_error_return (0, "must specify ip4 and/or ip6");
1253 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1254 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1255 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1256 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1257 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1258 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1259 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1260 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1261 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1262 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1263 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1264 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1265 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1270 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1271 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1272 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1273 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1274 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1275 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1276 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1277 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1278 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1279 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1280 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1281 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1282 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1287 u32 reass = 0, packets = 0;
1288 if (pool_size != ~0)
1290 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1292 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1296 vlib_cli_output (vm,
1297 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1301 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1303 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1305 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1309 vlib_cli_output (vm,
1310 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1316 if (map_ip4_reass_conf_lifetime (lifetime))
1317 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1319 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1321 if (buffers != ~(0ull))
1323 if (map_ip4_reass_conf_buffers (buffers))
1324 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1326 vlib_cli_output (vm, "Setting ip4-reass buffers");
1329 if (map_main.ip4_reass_conf_buffers >
1330 map_main.ip4_reass_conf_pool_size *
1331 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1333 vlib_cli_output (vm,
1334 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1340 u32 reass = 0, packets = 0;
1341 if (pool_size != ~0)
1343 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1345 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1349 vlib_cli_output (vm,
1350 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1354 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1356 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1358 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1362 vlib_cli_output (vm,
1363 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1369 if (map_ip6_reass_conf_lifetime (lifetime))
1370 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1372 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1374 if (buffers != ~(0ull))
1376 if (map_ip6_reass_conf_buffers (buffers))
1377 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1379 vlib_cli_output (vm, "Setting ip6-reass buffers");
1382 if (map_main.ip6_reass_conf_buffers >
1383 map_main.ip6_reass_conf_pool_size *
1384 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1386 vlib_cli_output (vm,
1387 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1396 * packet trace format function
1399 format_map_trace (u8 * s, va_list * args)
1401 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1402 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1403 map_trace_t *t = va_arg (*args, map_trace_t *);
1404 u32 map_domain_index = t->map_domain_index;
1408 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1409 clib_net_to_host_u16 (port));
1414 static_always_inline map_ip4_reass_t *
1415 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1417 map_main_t *mm = &map_main;
1418 u32 ri = mm->ip4_reass_hash_table[bucket];
1419 while (ri != MAP_REASS_INDEX_NONE)
1421 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1422 if (r->key.as_u64[0] == k->as_u64[0] &&
1423 r->key.as_u64[1] == k->as_u64[1] &&
1424 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1428 ri = r->bucket_next;
1433 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1436 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1438 map_main_t *mm = &map_main;
1439 map_ip4_reass_get_fragments (r, pi_to_drop);
1441 // Unlink in hash bucket
1442 map_ip4_reass_t *r2 = NULL;
1443 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1444 while (r2i != map_ip4_reass_pool_index (r))
1446 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1447 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1448 r2i = r2->bucket_next;
1452 r2->bucket_next = r->bucket_next;
1456 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1460 if (r->fifo_next == map_ip4_reass_pool_index (r))
1462 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1466 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1467 mm->ip4_reass_fifo_last = r->fifo_prev;
1468 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1470 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1474 pool_put (mm->ip4_reass_pool, r);
1475 mm->ip4_reass_allocated--;
1479 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1480 u8 protocol, u32 ** pi_to_drop)
1483 map_main_t *mm = &map_main;
1484 map_ip4_reass_key_t k = {.src.data_u32 = src,
1485 .dst.data_u32 = dst,
1486 .fragment_id = fragment_id,
1487 .protocol = protocol
1491 #ifdef clib_crc32c_uses_intrinsics
1492 h = clib_crc32c ((u8 *) k.as_u32, 16);
1494 u64 tmp = k.as_u32[0] ^ k.as_u32[1] ^ k.as_u32[2] ^ k.as_u32[3];
1495 h = clib_xxhash (tmp);
1497 h = h >> (32 - mm->ip4_reass_ht_log2len);
1499 f64 now = vlib_time_now (mm->vlib_main);
1501 //Cache garbage collection
1502 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1504 map_ip4_reass_t *last =
1505 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1506 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1507 map_ip4_reass_free (last, pi_to_drop);
1512 if ((r = map_ip4_reass_lookup (&k, h, now)))
1515 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1518 pool_get (mm->ip4_reass_pool, r);
1519 mm->ip4_reass_allocated++;
1521 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1522 r->fragments[i] = ~0;
1524 u32 ri = map_ip4_reass_pool_index (r);
1526 //Link in new bucket
1528 r->bucket_next = mm->ip4_reass_hash_table[h];
1529 mm->ip4_reass_hash_table[h] = ri;
1532 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1535 pool_elt_at_index (mm->ip4_reass_pool,
1536 mm->ip4_reass_fifo_last)->fifo_next;
1537 r->fifo_prev = mm->ip4_reass_fifo_last;
1538 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1539 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1543 r->fifo_next = r->fifo_prev = ri;
1544 mm->ip4_reass_fifo_last = ri;
1551 #ifdef MAP_IP4_REASS_COUNT_BYTES
1552 r->expected_total = 0xffff;
1560 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1562 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1566 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1567 if (r->fragments[i] == ~0)
1569 r->fragments[i] = pi;
1570 map_main.ip4_reass_buffered_counter++;
1576 static_always_inline map_ip6_reass_t *
1577 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1579 map_main_t *mm = &map_main;
1580 u32 ri = mm->ip6_reass_hash_table[bucket];
1581 while (ri != MAP_REASS_INDEX_NONE)
1583 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1584 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1585 r->key.as_u64[0] == k->as_u64[0] &&
1586 r->key.as_u64[1] == k->as_u64[1] &&
1587 r->key.as_u64[2] == k->as_u64[2] &&
1588 r->key.as_u64[3] == k->as_u64[3] &&
1589 r->key.as_u64[4] == k->as_u64[4])
1591 ri = r->bucket_next;
1596 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1599 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1601 map_main_t *mm = &map_main;
1603 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1604 if (r->fragments[i].pi != ~0)
1606 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1607 r->fragments[i].pi = ~0;
1608 map_main.ip6_reass_buffered_counter--;
1611 // Unlink in hash bucket
1612 map_ip6_reass_t *r2 = NULL;
1613 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1614 while (r2i != map_ip6_reass_pool_index (r))
1616 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1617 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1618 r2i = r2->bucket_next;
1622 r2->bucket_next = r->bucket_next;
1626 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1630 if (r->fifo_next == map_ip6_reass_pool_index (r))
1632 //Single element in the list, list is now empty
1633 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1637 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1638 mm->ip6_reass_fifo_last = r->fifo_prev;
1639 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1641 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1645 // Free from pool if necessary
1646 pool_put (mm->ip6_reass_pool, r);
1647 mm->ip6_reass_allocated--;
1651 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1652 u8 protocol, u32 ** pi_to_drop)
1655 map_main_t *mm = &map_main;
1656 map_ip6_reass_key_t k = {
1659 .fragment_id = fragment_id,
1660 .protocol = protocol
1666 #ifdef clib_crc32c_uses_intrinsics
1667 h = clib_crc32c ((u8 *) k.as_u32, 40);
1670 k.as_u64[0] ^ k.as_u64[1] ^ k.as_u64[2] ^ k.as_u64[3] ^ k.as_u64[4];
1671 h = clib_xxhash (tmp);
1674 h = h >> (32 - mm->ip6_reass_ht_log2len);
1676 f64 now = vlib_time_now (mm->vlib_main);
1678 //Cache garbage collection
1679 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1681 map_ip6_reass_t *last =
1682 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1683 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1684 map_ip6_reass_free (last, pi_to_drop);
1689 if ((r = map_ip6_reass_lookup (&k, h, now)))
1692 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1695 pool_get (mm->ip6_reass_pool, r);
1696 mm->ip6_reass_allocated++;
1697 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1699 r->fragments[i].pi = ~0;
1700 r->fragments[i].next_data_len = 0;
1701 r->fragments[i].next_data_offset = 0;
1704 u32 ri = map_ip6_reass_pool_index (r);
1706 //Link in new bucket
1708 r->bucket_next = mm->ip6_reass_hash_table[h];
1709 mm->ip6_reass_hash_table[h] = ri;
1712 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1715 pool_elt_at_index (mm->ip6_reass_pool,
1716 mm->ip6_reass_fifo_last)->fifo_next;
1717 r->fifo_prev = mm->ip6_reass_fifo_last;
1718 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1719 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1723 r->fifo_next = r->fifo_prev = ri;
1724 mm->ip6_reass_fifo_last = ri;
1730 r->ip4_header.ip_version_and_header_length = 0;
1731 #ifdef MAP_IP6_REASS_COUNT_BYTES
1732 r->expected_total = 0xffff;
1739 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1740 u16 data_offset, u16 next_data_offset,
1741 u8 * data_start, u16 data_len)
1743 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1744 u16 copied_len = (data_len > 20) ? 20 : data_len;
1746 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1749 //Lookup for fragments for the current buffer
1750 //and the one before that
1752 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1754 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1756 prev_f = &r->fragments[i]; // This is buffer for previous packet
1758 else if (r->fragments[i].next_data_offset == next_data_offset)
1760 f = &r->fragments[i]; // This is a buffer for the current packet
1762 else if (r->fragments[i].next_data_offset == 0)
1765 f = &r->fragments[i];
1766 else if (prev_f == NULL)
1767 prev_f = &r->fragments[i];
1771 if (!f || f->pi != ~0)
1779 clib_memcpy_fast (prev_f->next_data, data_start, copied_len);
1780 prev_f->next_data_len = copied_len;
1781 prev_f->next_data_offset = data_offset;
1785 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1788 if (r->ip4_header.ip_version_and_header_length == 0)
1789 clib_memcpy_fast (&r->ip4_header, data_start, sizeof (ip4_header_t));
1794 f->next_data_offset = next_data_offset;
1796 map_main.ip6_reass_buffered_counter++;
1802 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1804 map_main_t *mm = &map_main;
1807 if (dropped_packets)
1808 *dropped_packets = mm->ip4_reass_buffered_counter;
1810 *trashed_reass = mm->ip4_reass_allocated;
1811 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1813 u16 ri = mm->ip4_reass_fifo_last;
1816 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1817 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1818 if (r->fragments[i] != ~0)
1819 map_ip4_drop_pi (r->fragments[i]);
1822 pool_put (mm->ip4_reass_pool, r);
1824 while (ri != mm->ip4_reass_fifo_last);
1827 vec_free (mm->ip4_reass_hash_table);
1828 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1829 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1830 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1831 pool_free (mm->ip4_reass_pool);
1832 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1834 mm->ip4_reass_allocated = 0;
1835 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1836 mm->ip4_reass_buffered_counter = 0;
1840 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1842 u32 desired_size = (u32) (pool_size * ht_ratio);
1844 for (i = 1; i < 31; i++)
1845 if ((1 << i) >= desired_size)
1851 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1852 u32 * dropped_packets)
1854 map_main_t *mm = &map_main;
1855 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1858 map_ip4_reass_lock ();
1859 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1860 mm->ip4_reass_ht_log2len =
1861 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1862 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1863 map_ip4_reass_unlock ();
1868 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1869 u32 * dropped_packets)
1871 map_main_t *mm = &map_main;
1872 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1875 map_ip4_reass_lock ();
1876 mm->ip4_reass_conf_pool_size = pool_size;
1877 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1878 map_ip4_reass_unlock ();
1883 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1885 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1890 map_ip4_reass_conf_buffers (u32 buffers)
1892 map_main.ip4_reass_conf_buffers = buffers;
1897 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1899 map_main_t *mm = &map_main;
1900 if (dropped_packets)
1901 *dropped_packets = mm->ip6_reass_buffered_counter;
1903 *trashed_reass = mm->ip6_reass_allocated;
1905 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1907 u16 ri = mm->ip6_reass_fifo_last;
1910 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1911 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1912 if (r->fragments[i].pi != ~0)
1913 map_ip6_drop_pi (r->fragments[i].pi);
1916 pool_put (mm->ip6_reass_pool, r);
1918 while (ri != mm->ip6_reass_fifo_last);
1919 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1922 vec_free (mm->ip6_reass_hash_table);
1923 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1924 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1925 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1926 pool_free (mm->ip6_reass_pool);
1927 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1929 mm->ip6_reass_allocated = 0;
1930 mm->ip6_reass_buffered_counter = 0;
1934 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1935 u32 * dropped_packets)
1937 map_main_t *mm = &map_main;
1938 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1941 map_ip6_reass_lock ();
1942 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1943 mm->ip6_reass_ht_log2len =
1944 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1945 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1946 map_ip6_reass_unlock ();
1951 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1952 u32 * dropped_packets)
1954 map_main_t *mm = &map_main;
1955 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1958 map_ip6_reass_lock ();
1959 mm->ip6_reass_conf_pool_size = pool_size;
1960 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1961 map_ip6_reass_unlock ();
1966 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
1968 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
1973 map_ip6_reass_conf_buffers (u32 buffers)
1975 map_main.ip6_reass_conf_buffers = buffers;
1982 * Configure MAP reassembly behaviour
1985 * @cliexstart{map params reassembly}
1988 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
1989 .path = "map params reassembly",
1990 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
1991 "[pool-size <pool-size>] [buffers <buffers>] "
1992 "[ht-ratio <ht-ratio>]",
1993 .function = map_params_reass_command_fn,
1997 * Set or copy the IP TOS/Traffic Class field
2000 * @cliexstart{map params traffic-class}
2002 * This command is used to set the traffic-class field in translated
2003 * or encapsulated packets. If copy is specifed (the default) then the
2004 * traffic-class/TOS field is copied from the original packet to the
2005 * translated / encapsulating header.
2008 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
2009 .path = "map params traffic-class",
2010 .short_help = "map params traffic-class {0x0-0xff | copy}",
2011 .function = map_traffic_class_command_fn,
2015 * Bypass IP4/IP6 lookup
2018 * @cliexstart{map params pre-resolve}
2020 * Bypass a second FIB lookup of the translated or encapsulated
2021 * packet, and forward the packet directly to the specified
2022 * next-hop. This optimization trades forwarding flexibility for
2026 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
2027 .path = "map params pre-resolve",
2028 .short_help = " map params pre-resolve {ip4-nh <address>} "
2029 "| {ip6-nh <address>}",
2030 .function = map_pre_resolve_command_fn,
2034 * Enable or disable the MAP-E inbound security check
2037 * @cliexstart{map params security-check}
2039 * By default, a decapsulated packet's IPv4 source address will be
2040 * verified against the outer header's IPv6 source address. Disabling
2041 * this feature will allow IPv4 source address spoofing.
2044 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2045 .path = "map params security-check",
2046 .short_help = "map params security-check on|off",
2047 .function = map_security_check_command_fn,
2051 * Specifiy the IPv4 source address used for relayed ICMP error messages
2054 * @cliexstart{map params icmp source-address}
2056 * This command specifies which IPv4 source address (must be local to
2057 * the system), that is used for relayed received IPv6 ICMP error
2061 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2062 .path = "map params icmp source-address",
2063 .short_help = "map params icmp source-address <ip4-address>",
2064 .function = map_icmp_relay_source_address_command_fn,
2068 * Send IPv6 ICMP unreachables
2071 * @cliexstart{map params icmp6 unreachables}
2073 * Send IPv6 ICMP unreachable messages back if security check fails or
2074 * no MAP domain exists.
2077 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2078 .path = "map params icmp6 unreachables",
2079 .short_help = "map params icmp6 unreachables {on|off}",
2080 .function = map_icmp_unreachables_command_fn,
2084 * Configure MAP fragmentation behaviour
2087 * @cliexstart{map params fragment}
2090 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2091 .path = "map params fragment",
2092 .short_help = "map params fragment inner|outer",
2093 .function = map_fragment_command_fn,
2097 * Ignore the IPv4 Don't fragment bit
2100 * @cliexstart{map params fragment ignore-df}
2102 * Allows fragmentation of the IPv4 packet even if the DF bit is
2103 * set. The choice between inner or outer fragmentation of tunnel
2104 * packets is complicated. The benefit of inner fragmentation is that
2105 * the ultimate endpoint must reassemble, instead of the tunnel
2109 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
2110 .path = "map params fragment ignore-df",
2111 .short_help = "map params fragment ignore-df on|off",
2112 .function = map_fragment_df_command_fn,
2116 * Specifiy if the inbound security check should be done on fragments
2119 * @cliexstart{map params security-check fragments}
2121 * Typically the inbound on-decapsulation security check is only done
2122 * on the first packet. The packet that contains the L4
2123 * information. While a security check on every fragment is possible,
2124 * it has a cost. State must be created on the first fragment.
2127 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
2128 .path = "map params security-check fragments",
2129 .short_help = "map params security-check fragments on|off",
2130 .function = map_security_check_frag_command_fn,
2137 * @cliexstart{map add domain}
2140 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2141 .path = "map add domain",
2142 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2143 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2144 "[map-t] [mtu <mtu>]",
2145 .function = map_add_domain_command_fn,
2149 * Add MAP rule to a domain
2152 * @cliexstart{map add rule}
2155 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2156 .path = "map add rule",
2157 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2158 .function = map_add_rule_command_fn,
2165 * @cliexstart{map del domain}
2168 VLIB_CLI_COMMAND(map_del_command, static) = {
2169 .path = "map del domain",
2170 .short_help = "map del domain index <domain>",
2171 .function = map_del_domain_command_fn,
2178 * @cliexstart{show map domain}
2181 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2182 .path = "show map domain",
2183 .short_help = "show map domain index <n> [counters]",
2184 .function = show_map_domain_command_fn,
2188 * Show MAP statistics
2191 * @cliexstart{show map stats}
2194 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2195 .path = "show map stats",
2196 .short_help = "show map stats",
2197 .function = show_map_stats_command_fn,
2201 * Show MAP fragmentation information
2204 * @cliexstart{show map fragments}
2207 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2208 .path = "show map fragments",
2209 .short_help = "show map fragments",
2210 .function = show_map_fragments_command_fn,
2213 VLIB_PLUGIN_REGISTER() = {
2214 .version = VPP_BUILD_VER,
2215 .description = "Mapping of address and port (MAP)",
2224 map_init (vlib_main_t * vm)
2226 map_main_t *mm = &map_main;
2227 clib_error_t *error = 0;
2228 mm->vnet_main = vnet_get_main ();
2231 #ifdef MAP_SKIP_IP6_LOOKUP
2232 fib_protocol_t proto;
2234 FOR_EACH_FIB_PROTOCOL (proto)
2236 map_pre_resolve_init (&pre_resolved[proto]);
2244 /* Inbound security check */
2245 mm->sec_check = true;
2246 mm->sec_check_frag = false;
2248 /* ICMP6 Type 1, Code 5 for security check failure */
2249 mm->icmp6_enabled = false;
2251 /* Inner or outer fragmentation */
2252 mm->frag_inner = false;
2253 mm->frag_ignore_df = false;
2255 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2256 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "/map/rx";
2257 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "/map/tx";
2259 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2260 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2262 /* IP4 virtual reassembly */
2263 mm->ip4_reass_hash_table = 0;
2264 mm->ip4_reass_pool = 0;
2265 mm->ip4_reass_lock =
2266 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2267 *mm->ip4_reass_lock = 0;
2268 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2269 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2270 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2271 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2272 mm->ip4_reass_ht_log2len =
2273 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2274 mm->ip4_reass_conf_pool_size);
2275 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2276 map_ip4_reass_reinit (NULL, NULL);
2278 /* IP6 virtual reassembly */
2279 mm->ip6_reass_hash_table = 0;
2280 mm->ip6_reass_pool = 0;
2281 mm->ip6_reass_lock =
2282 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2283 *mm->ip6_reass_lock = 0;
2284 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2285 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2286 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2287 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2288 mm->ip6_reass_ht_log2len =
2289 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2290 mm->ip6_reass_conf_pool_size);
2291 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2292 map_ip6_reass_reinit (NULL, NULL);
2294 #ifdef MAP_SKIP_IP6_LOOKUP
2295 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2297 map_dpo_module_init ();
2299 error = map_plugin_api_hookup (vm);
2304 VLIB_INIT_FUNCTION (map_init);
2307 * fd.io coding-style-patch-verification: ON
2310 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob