2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT64 IPv6 to IPv4 translation (inside to outside network)
20 #include <nat/nat64.h>
21 #include <nat/nat_reass.h>
22 #include <vnet/ip/ip6_to_ip4.h>
23 #include <vnet/fib/fib_table.h>
30 } nat64_in2out_trace_t;
33 format_nat64_in2out_trace (u8 * s, va_list * args)
35 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
36 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
37 nat64_in2out_trace_t *t = va_arg (*args, nat64_in2out_trace_t *);
40 tag = t->is_slow_path ? "NAT64-in2out-slowpath" : "NAT64-in2out";
43 format (s, "%s: sw_if_index %d, next index %d", tag, t->sw_if_index,
54 } nat64_in2out_reass_trace_t;
57 format_nat64_in2out_reass_trace (u8 * s, va_list * args)
59 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
60 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
61 nat64_in2out_reass_trace_t *t =
62 va_arg (*args, nat64_in2out_reass_trace_t *);
65 format (s, "NAT64-in2out-reass: sw_if_index %d, next index %d, status %s",
66 t->sw_if_index, t->next_index,
67 t->cached ? "cached" : "translated");
72 vlib_node_registration_t nat64_in2out_node;
73 vlib_node_registration_t nat64_in2out_slowpath_node;
74 vlib_node_registration_t nat64_in2out_reass_node;
75 vlib_node_registration_t nat64_in2out_handoff_node;
77 #define foreach_nat64_in2out_error \
78 _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
79 _(IN2OUT_PACKETS, "good in2out packets processed") \
80 _(NO_TRANSLATION, "no translation") \
81 _(UNKNOWN, "unknown") \
82 _(DROP_FRAGMENT, "Drop fragment") \
83 _(MAX_REASS, "Maximum reassemblies exceeded") \
84 _(MAX_FRAG, "Maximum fragments per reassembly exceeded")
89 #define _(sym,str) NAT64_IN2OUT_ERROR_##sym,
90 foreach_nat64_in2out_error
93 } nat64_in2out_error_t;
95 static char *nat64_in2out_error_strings[] = {
96 #define _(sym,string) string,
97 foreach_nat64_in2out_error
103 NAT64_IN2OUT_NEXT_IP4_LOOKUP,
104 NAT64_IN2OUT_NEXT_IP6_LOOKUP,
105 NAT64_IN2OUT_NEXT_DROP,
106 NAT64_IN2OUT_NEXT_SLOWPATH,
107 NAT64_IN2OUT_NEXT_REASS,
109 } nat64_in2out_next_t;
111 typedef struct nat64_in2out_set_ctx_t_
116 } nat64_in2out_set_ctx_t;
119 * @brief Check whether is a hairpinning.
121 * If the destination IP address of the packet is an IPv4 address assigned to
122 * the NAT64 itself, then the packet is a hairpin packet.
124 * param dst_addr Destination address of the packet.
126 * @returns 1 if hairpinning, otherwise 0.
128 static_always_inline int
129 is_hairpinning (ip6_address_t * dst_addr)
131 nat64_main_t *nm = &nat64_main;
134 for (i = 0; i < vec_len (nm->addr_pool); i++)
136 if (nm->addr_pool[i].addr.as_u32 == dst_addr->as_u32[3])
144 nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
147 nat64_main_t *nm = &nat64_main;
148 nat64_in2out_set_ctx_t *ctx = arg;
149 nat64_db_bib_entry_t *bibe;
150 nat64_db_st_entry_t *ste;
151 ip46_address_t saddr, daddr;
152 u32 sw_if_index, fib_index;
153 udp_header_t *udp = ip6_next_header (ip6);
154 u8 proto = ip6->protocol;
155 u16 sport = udp->src_port;
156 u16 dport = udp->dst_port;
157 nat64_db_t *db = &nm->db[ctx->thread_index];
159 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
161 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
163 saddr.as_u64[0] = ip6->src_address.as_u64[0];
164 saddr.as_u64[1] = ip6->src_address.as_u64[1];
165 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
166 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
169 nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
174 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
180 bibe = nat64_db_bib_entry_find (db, &saddr, sport, proto, fib_index, 1);
185 ip4_address_t out_addr;
186 if (nat64_alloc_out_addr_and_port
187 (fib_index, ip_proto_to_snat_proto (proto), &out_addr,
188 &out_port, ctx->thread_index))
192 nat64_db_bib_entry_create (db, &ip6->src_address, &out_addr,
193 sport, clib_host_to_net_u16 (out_port),
194 fib_index, proto, 0);
199 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
201 nat64_db_st_entry_create (db, bibe, &ip6->dst_address,
207 nat64_session_reset_timeout (ste, ctx->vm);
209 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
210 udp->src_port = bibe->out_port;
212 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
214 if (proto == IP_PROTOCOL_TCP)
218 tcp_header_t *tcp = ip6_next_header (ip6);
220 checksum = &tcp->checksum;
221 csum = ip_csum_sub_even (*checksum, sport);
222 csum = ip_csum_add_even (csum, udp->src_port);
223 *checksum = ip_csum_fold (csum);
230 nat64_in2out_icmp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
232 nat64_main_t *nm = &nat64_main;
233 nat64_in2out_set_ctx_t *ctx = arg;
234 nat64_db_bib_entry_t *bibe;
235 nat64_db_st_entry_t *ste;
236 ip46_address_t saddr, daddr;
237 u32 sw_if_index, fib_index;
238 icmp46_header_t *icmp = ip6_next_header (ip6);
239 nat64_db_t *db = &nm->db[ctx->thread_index];
241 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
243 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
245 saddr.as_u64[0] = ip6->src_address.as_u64[0];
246 saddr.as_u64[1] = ip6->src_address.as_u64[1];
247 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
248 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
250 if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
252 u16 in_id = ((u16 *) (icmp))[2];
254 nat64_db_st_entry_find (db, &saddr, &daddr, in_id, 0,
255 IP_PROTOCOL_ICMP, fib_index, 1);
260 nat64_db_bib_entry_by_index (db, IP_PROTOCOL_ICMP,
268 nat64_db_bib_entry_find (db, &saddr, in_id,
269 IP_PROTOCOL_ICMP, fib_index, 1);
274 ip4_address_t out_addr;
275 if (nat64_alloc_out_addr_and_port
276 (fib_index, SNAT_PROTOCOL_ICMP, &out_addr, &out_id,
281 nat64_db_bib_entry_create (db, &ip6->src_address,
283 clib_host_to_net_u16 (out_id),
284 fib_index, IP_PROTOCOL_ICMP, 0);
289 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
291 nat64_db_st_entry_create (db, bibe, &ip6->dst_address,
297 nat64_session_reset_timeout (ste, ctx->vm);
299 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
300 ((u16 *) (icmp))[2] = bibe->out_port;
302 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
306 if (!vec_len (nm->addr_pool))
309 ip4->src_address.as_u32 = nm->addr_pool[0].addr.as_u32;
310 nat64_extract_ip4 (&ip6->dst_address, &ip4->dst_address, fib_index);
317 nat64_in2out_inner_icmp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
320 nat64_main_t *nm = &nat64_main;
321 nat64_in2out_set_ctx_t *ctx = arg;
322 nat64_db_st_entry_t *ste;
323 nat64_db_bib_entry_t *bibe;
324 ip46_address_t saddr, daddr;
325 u32 sw_if_index, fib_index;
326 u8 proto = ip6->protocol;
327 nat64_db_t *db = &nm->db[ctx->thread_index];
329 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
331 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
333 saddr.as_u64[0] = ip6->src_address.as_u64[0];
334 saddr.as_u64[1] = ip6->src_address.as_u64[1];
335 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
336 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
338 if (proto == IP_PROTOCOL_ICMP6)
340 icmp46_header_t *icmp = ip6_next_header (ip6);
341 u16 in_id = ((u16 *) (icmp))[2];
342 proto = IP_PROTOCOL_ICMP;
345 (icmp->type == ICMP4_echo_request
346 || icmp->type == ICMP4_echo_reply))
350 nat64_db_st_entry_find (db, &daddr, &saddr, in_id, 0, proto,
355 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
359 ip4->dst_address.as_u32 = bibe->out_addr.as_u32;
360 ((u16 *) (icmp))[2] = bibe->out_port;
361 ip4->src_address.as_u32 = ste->out_r_addr.as_u32;
365 udp_header_t *udp = ip6_next_header (ip6);
366 tcp_header_t *tcp = ip6_next_header (ip6);
370 u16 sport = udp->src_port;
371 u16 dport = udp->dst_port;
374 nat64_db_st_entry_find (db, &daddr, &saddr, dport, sport, proto,
379 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
383 ip4->dst_address.as_u32 = bibe->out_addr.as_u32;
384 udp->dst_port = bibe->out_port;
385 ip4->src_address.as_u32 = ste->out_r_addr.as_u32;
387 if (proto == IP_PROTOCOL_TCP)
388 checksum = &tcp->checksum;
390 checksum = &udp->checksum;
391 csum = ip_csum_sub_even (*checksum, dport);
392 csum = ip_csum_add_even (csum, udp->dst_port);
393 *checksum = ip_csum_fold (csum);
399 typedef struct unk_proto_st_walk_ctx_t_
401 ip6_address_t src_addr;
402 ip6_address_t dst_addr;
403 ip4_address_t out_addr;
407 } unk_proto_st_walk_ctx_t;
410 unk_proto_st_walk (nat64_db_st_entry_t * ste, void *arg)
412 nat64_main_t *nm = &nat64_main;
413 unk_proto_st_walk_ctx_t *ctx = arg;
414 nat64_db_bib_entry_t *bibe;
415 ip46_address_t saddr, daddr;
416 nat64_db_t *db = &nm->db[ctx->thread_index];
418 if (ip46_address_is_equal (&ste->in_r_addr, &ctx->dst_addr))
420 bibe = nat64_db_bib_entry_by_index (db, ste->proto, ste->bibe_index);
424 if (ip46_address_is_equal (&bibe->in_addr, &ctx->src_addr)
425 && bibe->fib_index == ctx->fib_index)
427 memset (&saddr, 0, sizeof (saddr));
428 saddr.ip4.as_u32 = bibe->out_addr.as_u32;
429 memset (&daddr, 0, sizeof (daddr));
430 nat64_extract_ip4 (&ctx->dst_addr, &daddr.ip4, ctx->fib_index);
432 if (nat64_db_st_entry_find
433 (db, &daddr, &saddr, 0, 0, ctx->proto, ctx->fib_index, 0))
436 ctx->out_addr.as_u32 = bibe->out_addr.as_u32;
445 nat64_in2out_unk_proto_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
448 nat64_main_t *nm = &nat64_main;
449 nat64_in2out_set_ctx_t *s_ctx = arg;
450 nat64_db_bib_entry_t *bibe;
451 nat64_db_st_entry_t *ste;
452 ip46_address_t saddr, daddr, addr;
453 u32 sw_if_index, fib_index;
454 u8 proto = ip6->protocol;
456 nat64_db_t *db = &nm->db[s_ctx->thread_index];
458 sw_if_index = vnet_buffer (s_ctx->b)->sw_if_index[VLIB_RX];
460 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
462 saddr.as_u64[0] = ip6->src_address.as_u64[0];
463 saddr.as_u64[1] = ip6->src_address.as_u64[1];
464 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
465 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
468 nat64_db_st_entry_find (db, &saddr, &daddr, 0, 0, proto, fib_index, 1);
472 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
478 bibe = nat64_db_bib_entry_find (db, &saddr, 0, proto, fib_index, 1);
482 /* Choose same out address as for TCP/UDP session to same dst */
483 unk_proto_st_walk_ctx_t ctx = {
484 .src_addr.as_u64[0] = ip6->src_address.as_u64[0],
485 .src_addr.as_u64[1] = ip6->src_address.as_u64[1],
486 .dst_addr.as_u64[0] = ip6->dst_address.as_u64[0],
487 .dst_addr.as_u64[1] = ip6->dst_address.as_u64[1],
488 .out_addr.as_u32 = 0,
489 .fib_index = fib_index,
491 .thread_index = s_ctx->thread_index,
494 nat64_db_st_walk (db, IP_PROTOCOL_TCP, unk_proto_st_walk, &ctx);
496 if (!ctx.out_addr.as_u32)
497 nat64_db_st_walk (db, IP_PROTOCOL_UDP, unk_proto_st_walk, &ctx);
499 /* Verify if out address is not already in use for protocol */
500 memset (&addr, 0, sizeof (addr));
501 addr.ip4.as_u32 = ctx.out_addr.as_u32;
502 if (nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
503 ctx.out_addr.as_u32 = 0;
505 if (!ctx.out_addr.as_u32)
507 for (i = 0; i < vec_len (nm->addr_pool); i++)
509 addr.ip4.as_u32 = nm->addr_pool[i].addr.as_u32;
510 if (!nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
515 if (!ctx.out_addr.as_u32)
519 nat64_db_bib_entry_create (db, &ip6->src_address,
520 &ctx.out_addr, 0, 0, fib_index, proto,
526 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
528 nat64_db_st_entry_create (db, bibe, &ip6->dst_address, &daddr.ip4, 0);
533 nat64_session_reset_timeout (ste, s_ctx->vm);
535 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
536 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
544 nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
545 ip6_header_t * ip6, u32 thread_index)
547 nat64_main_t *nm = &nat64_main;
548 nat64_db_bib_entry_t *bibe;
549 nat64_db_st_entry_t *ste;
550 ip46_address_t saddr, daddr;
551 u32 sw_if_index, fib_index;
552 udp_header_t *udp = ip6_next_header (ip6);
553 tcp_header_t *tcp = ip6_next_header (ip6);
554 u8 proto = ip6->protocol;
555 u16 sport = udp->src_port;
556 u16 dport = udp->dst_port;
559 nat64_db_t *db = &nm->db[thread_index];
561 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
563 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
565 saddr.as_u64[0] = ip6->src_address.as_u64[0];
566 saddr.as_u64[1] = ip6->src_address.as_u64[1];
567 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
568 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
570 if (proto == IP_PROTOCOL_UDP)
571 checksum = &udp->checksum;
573 checksum = &tcp->checksum;
575 csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
576 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
577 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
578 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
579 csum = ip_csum_sub_even (csum, sport);
580 csum = ip_csum_sub_even (csum, dport);
583 nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
588 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
594 bibe = nat64_db_bib_entry_find (db, &saddr, sport, proto, fib_index, 1);
599 ip4_address_t out_addr;
600 if (nat64_alloc_out_addr_and_port
601 (fib_index, ip_proto_to_snat_proto (proto), &out_addr,
602 &out_port, thread_index))
606 nat64_db_bib_entry_create (db, &ip6->src_address, &out_addr,
607 sport, clib_host_to_net_u16 (out_port),
608 fib_index, proto, 0);
613 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
615 nat64_db_st_entry_create (db, bibe, &ip6->dst_address,
621 nat64_session_reset_timeout (ste, vm);
623 sport = udp->src_port = bibe->out_port;
624 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, fib_index);
626 memset (&daddr, 0, sizeof (daddr));
627 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
631 vec_foreach (db, nm->db)
633 bibe = nat64_db_bib_entry_find (db, &daddr, dport, proto, 0, 0);
643 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
644 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
645 udp->dst_port = bibe->in_port;
647 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[0]);
648 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[1]);
649 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[0]);
650 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[1]);
651 csum = ip_csum_add_even (csum, udp->src_port);
652 csum = ip_csum_add_even (csum, udp->dst_port);
653 *checksum = ip_csum_fold (csum);
659 nat64_in2out_icmp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
660 ip6_header_t * ip6, u32 thread_index)
662 nat64_main_t *nm = &nat64_main;
663 nat64_db_bib_entry_t *bibe;
664 nat64_db_st_entry_t *ste;
665 icmp46_header_t *icmp = ip6_next_header (ip6);
666 ip6_header_t *inner_ip6;
667 ip46_address_t saddr, daddr;
668 u32 sw_if_index, fib_index;
672 u16 *checksum, sport, dport;
674 nat64_db_t *db = &nm->db[thread_index];
676 if (icmp->type == ICMP6_echo_request || icmp->type == ICMP6_echo_reply)
679 inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
681 proto = inner_ip6->protocol;
683 if (proto == IP_PROTOCOL_ICMP6)
686 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
688 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
690 saddr.as_u64[0] = inner_ip6->src_address.as_u64[0];
691 saddr.as_u64[1] = inner_ip6->src_address.as_u64[1];
692 daddr.as_u64[0] = inner_ip6->dst_address.as_u64[0];
693 daddr.as_u64[1] = inner_ip6->dst_address.as_u64[1];
695 udp = ip6_next_header (inner_ip6);
696 tcp = ip6_next_header (inner_ip6);
698 sport = udp->src_port;
699 dport = udp->dst_port;
701 if (proto == IP_PROTOCOL_UDP)
702 checksum = &udp->checksum;
704 checksum = &tcp->checksum;
706 csum = ip_csum_sub_even (*checksum, inner_ip6->src_address.as_u64[0]);
707 csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[1]);
708 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[0]);
709 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[1]);
710 csum = ip_csum_sub_even (csum, sport);
711 csum = ip_csum_sub_even (csum, dport);
714 nat64_db_st_entry_find (db, &daddr, &saddr, dport, sport, proto,
719 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
723 dport = udp->dst_port = bibe->out_port;
724 nat64_compose_ip6 (&inner_ip6->dst_address, &bibe->out_addr, fib_index);
726 memset (&saddr, 0, sizeof (saddr));
727 memset (&daddr, 0, sizeof (daddr));
728 saddr.ip4.as_u32 = ste->out_r_addr.as_u32;
729 daddr.ip4.as_u32 = bibe->out_addr.as_u32;
733 vec_foreach (db, nm->db)
735 ste = nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
746 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
750 inner_ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
751 inner_ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
752 udp->src_port = bibe->in_port;
754 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[0]);
755 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[1]);
756 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[0]);
757 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[1]);
758 csum = ip_csum_add_even (csum, udp->src_port);
759 csum = ip_csum_add_even (csum, udp->dst_port);
760 *checksum = ip_csum_fold (csum);
762 if (!vec_len (nm->addr_pool))
765 nat64_compose_ip6 (&ip6->src_address, &nm->addr_pool[0].addr, fib_index);
766 ip6->dst_address.as_u64[0] = inner_ip6->src_address.as_u64[0];
767 ip6->dst_address.as_u64[1] = inner_ip6->src_address.as_u64[1];
770 csum = ip_csum_with_carry (0, ip6->payload_length);
771 csum = ip_csum_with_carry (csum, clib_host_to_net_u16 (ip6->protocol));
772 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[0]);
773 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[1]);
774 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[0]);
775 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[1]);
777 ip_incremental_checksum (csum, icmp,
778 clib_net_to_host_u16 (ip6->payload_length));
779 icmp->checksum = ~ip_csum_fold (csum);
785 nat64_in2out_unk_proto_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
786 ip6_header_t * ip6, u32 thread_index)
788 nat64_main_t *nm = &nat64_main;
789 nat64_db_bib_entry_t *bibe;
790 nat64_db_st_entry_t *ste;
791 ip46_address_t saddr, daddr, addr;
792 u32 sw_if_index, fib_index;
793 u8 proto = ip6->protocol;
795 nat64_db_t *db = &nm->db[thread_index];
797 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
799 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
801 saddr.as_u64[0] = ip6->src_address.as_u64[0];
802 saddr.as_u64[1] = ip6->src_address.as_u64[1];
803 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
804 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
807 nat64_db_st_entry_find (db, &saddr, &daddr, 0, 0, proto, fib_index, 1);
811 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
817 bibe = nat64_db_bib_entry_find (db, &saddr, 0, proto, fib_index, 1);
821 /* Choose same out address as for TCP/UDP session to same dst */
822 unk_proto_st_walk_ctx_t ctx = {
823 .src_addr.as_u64[0] = ip6->src_address.as_u64[0],
824 .src_addr.as_u64[1] = ip6->src_address.as_u64[1],
825 .dst_addr.as_u64[0] = ip6->dst_address.as_u64[0],
826 .dst_addr.as_u64[1] = ip6->dst_address.as_u64[1],
827 .out_addr.as_u32 = 0,
828 .fib_index = fib_index,
830 .thread_index = thread_index,
833 nat64_db_st_walk (db, IP_PROTOCOL_TCP, unk_proto_st_walk, &ctx);
835 if (!ctx.out_addr.as_u32)
836 nat64_db_st_walk (db, IP_PROTOCOL_UDP, unk_proto_st_walk, &ctx);
838 /* Verify if out address is not already in use for protocol */
839 memset (&addr, 0, sizeof (addr));
840 addr.ip4.as_u32 = ctx.out_addr.as_u32;
841 if (nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
842 ctx.out_addr.as_u32 = 0;
844 if (!ctx.out_addr.as_u32)
846 for (i = 0; i < vec_len (nm->addr_pool); i++)
848 addr.ip4.as_u32 = nm->addr_pool[i].addr.as_u32;
849 if (!nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
854 if (!ctx.out_addr.as_u32)
858 nat64_db_bib_entry_create (db, &ip6->src_address,
859 &ctx.out_addr, 0, 0, fib_index, proto,
865 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
867 nat64_db_st_entry_create (db, bibe, &ip6->dst_address, &daddr.ip4, 0);
872 nat64_session_reset_timeout (ste, vm);
874 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, fib_index);
876 memset (&daddr, 0, sizeof (daddr));
877 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
881 vec_foreach (db, nm->db)
883 bibe = nat64_db_bib_entry_find (db, &daddr, 0, proto, 0, 0);
893 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
894 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
900 nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
901 vlib_frame_t * frame, u8 is_slow_path)
903 u32 n_left_from, *from, *to_next;
904 nat64_in2out_next_t next_index;
905 u32 pkts_processed = 0;
906 u32 stats_node_index;
907 u32 thread_index = vlib_get_thread_index ();
910 is_slow_path ? nat64_in2out_slowpath_node.index : nat64_in2out_node.index;
912 from = vlib_frame_vector_args (frame);
913 n_left_from = frame->n_vectors;
914 next_index = node->cached_next_index;
916 while (n_left_from > 0)
920 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
922 while (n_left_from > 0 && n_left_to_next > 0)
928 u16 l4_offset0, frag_offset0;
931 nat64_in2out_set_ctx_t ctx0;
933 /* speculatively enqueue b0 to the current next frame */
941 b0 = vlib_get_buffer (vm, bi0);
942 ip60 = vlib_buffer_get_current (b0);
946 ctx0.thread_index = thread_index;
948 next0 = NAT64_IN2OUT_NEXT_IP4_LOOKUP;
952 (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
955 next0 = NAT64_IN2OUT_NEXT_DROP;
956 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
960 proto0 = ip_proto_to_snat_proto (l4_protocol0);
964 if (PREDICT_TRUE (proto0 == ~0))
966 if (is_hairpinning (&ip60->dst_address))
968 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
969 if (nat64_in2out_unk_proto_hairpinning
970 (vm, b0, ip60, thread_index))
972 next0 = NAT64_IN2OUT_NEXT_DROP;
974 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
979 if (ip6_to_ip4 (b0, nat64_in2out_unk_proto_set_cb, &ctx0))
981 next0 = NAT64_IN2OUT_NEXT_DROP;
983 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
991 if (PREDICT_FALSE (proto0 == ~0))
993 next0 = NAT64_IN2OUT_NEXT_SLOWPATH;
999 (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION))
1001 next0 = NAT64_IN2OUT_NEXT_REASS;
1005 if (proto0 == SNAT_PROTOCOL_ICMP)
1007 if (is_hairpinning (&ip60->dst_address))
1009 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1010 if (nat64_in2out_icmp_hairpinning
1011 (vm, b0, ip60, thread_index))
1013 next0 = NAT64_IN2OUT_NEXT_DROP;
1015 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1021 (b0, nat64_in2out_icmp_set_cb, &ctx0,
1022 nat64_in2out_inner_icmp_set_cb, &ctx0))
1024 next0 = NAT64_IN2OUT_NEXT_DROP;
1025 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1029 else if (proto0 == SNAT_PROTOCOL_TCP || proto0 == SNAT_PROTOCOL_UDP)
1031 if (is_hairpinning (&ip60->dst_address))
1033 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1034 if (nat64_in2out_tcp_udp_hairpinning
1035 (vm, b0, ip60, thread_index))
1037 next0 = NAT64_IN2OUT_NEXT_DROP;
1039 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1044 if (ip6_to_ip4_tcp_udp
1045 (b0, nat64_in2out_tcp_udp_set_cb, &ctx0, 0))
1047 next0 = NAT64_IN2OUT_NEXT_DROP;
1048 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1054 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1055 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1057 nat64_in2out_trace_t *t =
1058 vlib_add_trace (vm, node, b0, sizeof (*t));
1059 t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1060 t->next_index = next0;
1061 t->is_slow_path = is_slow_path;
1064 pkts_processed += next0 != NAT64_IN2OUT_NEXT_DROP;
1066 /* verify speculative enqueue, maybe switch current next frame */
1067 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1068 n_left_to_next, bi0, next0);
1070 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1072 vlib_node_increment_counter (vm, stats_node_index,
1073 NAT64_IN2OUT_ERROR_IN2OUT_PACKETS,
1075 return frame->n_vectors;
1079 nat64_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1080 vlib_frame_t * frame)
1082 return nat64_in2out_node_fn_inline (vm, node, frame, 0);
1086 VLIB_REGISTER_NODE (nat64_in2out_node) = {
1087 .function = nat64_in2out_node_fn,
1088 .name = "nat64-in2out",
1089 .vector_size = sizeof (u32),
1090 .format_trace = format_nat64_in2out_trace,
1091 .type = VLIB_NODE_TYPE_INTERNAL,
1092 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1093 .error_strings = nat64_in2out_error_strings,
1094 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1095 /* edit / add dispositions here */
1097 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1098 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1099 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1100 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1101 [NAT64_IN2OUT_NEXT_REASS] = "nat64-in2out-reass",
1106 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_node, nat64_in2out_node_fn);
1109 nat64_in2out_slowpath_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1110 vlib_frame_t * frame)
1112 return nat64_in2out_node_fn_inline (vm, node, frame, 1);
1116 VLIB_REGISTER_NODE (nat64_in2out_slowpath_node) = {
1117 .function = nat64_in2out_slowpath_node_fn,
1118 .name = "nat64-in2out-slowpath",
1119 .vector_size = sizeof (u32),
1120 .format_trace = format_nat64_in2out_trace,
1121 .type = VLIB_NODE_TYPE_INTERNAL,
1122 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1123 .error_strings = nat64_in2out_error_strings,
1124 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1125 /* edit / add dispositions here */
1127 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1128 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1129 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1130 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1131 [NAT64_IN2OUT_NEXT_REASS] = "nat64-in2out-reass",
1136 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_slowpath_node,
1137 nat64_in2out_slowpath_node_fn);
1139 typedef struct nat64_in2out_frag_set_ctx_t_
1147 } nat64_in2out_frag_set_ctx_t;
1150 nat64_in2out_frag_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
1152 nat64_main_t *nm = &nat64_main;
1153 nat64_in2out_frag_set_ctx_t *ctx = arg;
1154 nat64_db_st_entry_t *ste;
1155 nat64_db_bib_entry_t *bibe;
1157 nat64_db_t *db = &nm->db[ctx->thread_index];
1159 ste = nat64_db_st_entry_by_index (db, ctx->proto, ctx->sess_index);
1163 bibe = nat64_db_bib_entry_by_index (db, ctx->proto, ste->bibe_index);
1167 nat64_session_reset_timeout (ste, ctx->vm);
1169 if (ctx->first_frag)
1171 udp = (udp_header_t *) u8_ptr_add (ip6, ctx->l4_offset);
1173 if (ctx->proto == IP_PROTOCOL_TCP)
1177 tcp_header_t *tcp = (tcp_header_t *) udp;
1179 checksum = &tcp->checksum;
1180 csum = ip_csum_sub_even (*checksum, tcp->src_port);
1181 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[0]);
1182 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
1183 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
1184 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
1185 csum = ip_csum_add_even (csum, bibe->out_port);
1186 csum = ip_csum_add_even (csum, bibe->out_addr.as_u32);
1187 csum = ip_csum_add_even (csum, ste->out_r_addr.as_u32);
1188 *checksum = ip_csum_fold (csum);
1191 udp->src_port = bibe->out_port;
1194 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
1195 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
1201 nat64_in2out_frag_hairpinning (vlib_buffer_t * b, ip6_header_t * ip6,
1202 nat64_in2out_frag_set_ctx_t * ctx)
1204 nat64_main_t *nm = &nat64_main;
1205 nat64_db_st_entry_t *ste;
1206 nat64_db_bib_entry_t *bibe;
1207 udp_header_t *udp = (udp_header_t *) u8_ptr_add (ip6, ctx->l4_offset);
1208 tcp_header_t *tcp = (tcp_header_t *) udp;
1209 u16 sport = udp->src_port;
1210 u16 dport = udp->dst_port;
1213 ip46_address_t daddr;
1214 nat64_db_t *db = &nm->db[ctx->thread_index];
1216 if (ctx->first_frag)
1218 if (ctx->proto == IP_PROTOCOL_UDP)
1219 checksum = &udp->checksum;
1221 checksum = &tcp->checksum;
1223 csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
1224 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
1225 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
1226 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
1227 csum = ip_csum_sub_even (csum, sport);
1228 csum = ip_csum_sub_even (csum, dport);
1231 ste = nat64_db_st_entry_by_index (db, ctx->proto, ctx->sess_index);
1235 bibe = nat64_db_bib_entry_by_index (db, ctx->proto, ste->bibe_index);
1239 nat64_session_reset_timeout (ste, ctx->vm);
1241 sport = bibe->out_port;
1242 dport = ste->r_port;
1244 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, bibe->fib_index);
1246 memset (&daddr, 0, sizeof (daddr));
1247 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
1251 vec_foreach (db, nm->db)
1253 bibe = nat64_db_bib_entry_find (db, &daddr, dport, ctx->proto, 0, 0);
1263 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
1264 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
1266 if (ctx->first_frag)
1268 udp->dst_port = bibe->in_port;
1269 udp->src_port = sport;
1270 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[0]);
1271 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[1]);
1272 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[0]);
1273 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[1]);
1274 csum = ip_csum_add_even (csum, udp->src_port);
1275 csum = ip_csum_add_even (csum, udp->dst_port);
1276 *checksum = ip_csum_fold (csum);
1283 nat64_in2out_reass_node_fn (vlib_main_t * vm,
1284 vlib_node_runtime_t * node, vlib_frame_t * frame)
1286 u32 n_left_from, *from, *to_next;
1287 nat64_in2out_next_t next_index;
1288 u32 pkts_processed = 0;
1289 u32 *fragments_to_drop = 0;
1290 u32 *fragments_to_loopback = 0;
1291 nat64_main_t *nm = &nat64_main;
1292 u32 thread_index = vlib_get_thread_index ();
1294 from = vlib_frame_vector_args (frame);
1295 n_left_from = frame->n_vectors;
1296 next_index = node->cached_next_index;
1298 while (n_left_from > 0)
1302 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1304 while (n_left_from > 0 && n_left_to_next > 0)
1311 u16 l4_offset0, frag_offset0;
1313 nat_reass_ip6_t *reass0;
1314 ip6_frag_hdr_t *frag0;
1315 nat64_db_bib_entry_t *bibe0;
1316 nat64_db_st_entry_t *ste0;
1318 snat_protocol_t proto0;
1319 u32 sw_if_index0, fib_index0;
1320 ip46_address_t saddr0, daddr0;
1321 nat64_in2out_frag_set_ctx_t ctx0;
1322 nat64_db_t *db = &nm->db[thread_index];
1324 /* speculatively enqueue b0 to the current next frame */
1330 n_left_to_next -= 1;
1332 b0 = vlib_get_buffer (vm, bi0);
1333 next0 = NAT64_IN2OUT_NEXT_IP4_LOOKUP;
1335 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1337 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6,
1340 ctx0.thread_index = thread_index;
1342 if (PREDICT_FALSE (nat_reass_is_drop_frag (1)))
1344 next0 = NAT64_IN2OUT_NEXT_DROP;
1345 b0->error = node->errors[NAT64_IN2OUT_ERROR_DROP_FRAGMENT];
1349 ip60 = (ip6_header_t *) vlib_buffer_get_current (b0);
1353 (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
1356 next0 = NAT64_IN2OUT_NEXT_DROP;
1357 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
1362 (!(l4_protocol0 == IP_PROTOCOL_TCP
1363 || l4_protocol0 == IP_PROTOCOL_UDP)))
1365 next0 = NAT64_IN2OUT_NEXT_DROP;
1366 b0->error = node->errors[NAT64_IN2OUT_ERROR_DROP_FRAGMENT];
1370 udp0 = (udp_header_t *) u8_ptr_add (ip60, l4_offset0);
1371 frag0 = (ip6_frag_hdr_t *) u8_ptr_add (ip60, frag_offset0);
1372 proto0 = ip_proto_to_snat_proto (l4_protocol0);
1374 reass0 = nat_ip6_reass_find_or_create (ip60->src_address,
1376 frag0->identification,
1378 1, &fragments_to_drop);
1380 if (PREDICT_FALSE (!reass0))
1382 next0 = NAT64_IN2OUT_NEXT_DROP;
1383 b0->error = node->errors[NAT64_IN2OUT_ERROR_MAX_REASS];
1387 if (PREDICT_TRUE (ip6_frag_hdr_offset (frag0)))
1389 ctx0.first_frag = 0;
1390 if (PREDICT_FALSE (reass0->sess_index == (u32) ~ 0))
1392 if (nat_ip6_reass_add_fragment (reass0, bi0))
1394 b0->error = node->errors[NAT64_IN2OUT_ERROR_MAX_FRAG];
1395 next0 = NAT64_IN2OUT_NEXT_DROP;
1404 ctx0.first_frag = 1;
1406 saddr0.as_u64[0] = ip60->src_address.as_u64[0];
1407 saddr0.as_u64[1] = ip60->src_address.as_u64[1];
1408 daddr0.as_u64[0] = ip60->dst_address.as_u64[0];
1409 daddr0.as_u64[1] = ip60->dst_address.as_u64[1];
1412 nat64_db_st_entry_find (db, &saddr0, &daddr0,
1413 udp0->src_port, udp0->dst_port,
1414 l4_protocol0, fib_index0, 1);
1418 nat64_db_bib_entry_find (db, &saddr0, udp0->src_port,
1419 l4_protocol0, fib_index0, 1);
1423 ip4_address_t out_addr0;
1424 if (nat64_alloc_out_addr_and_port
1425 (fib_index0, proto0, &out_addr0, &out_port0,
1428 next0 = NAT64_IN2OUT_NEXT_DROP;
1430 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1435 nat64_db_bib_entry_create (db,
1437 &out_addr0, udp0->src_port,
1438 clib_host_to_net_u16
1439 (out_port0), fib_index0,
1443 next0 = NAT64_IN2OUT_NEXT_DROP;
1445 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1449 nat64_extract_ip4 (&ip60->dst_address, &daddr0.ip4,
1452 nat64_db_st_entry_create (db, bibe0,
1453 &ip60->dst_address, &daddr0.ip4,
1457 next0 = NAT64_IN2OUT_NEXT_DROP;
1459 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1463 reass0->sess_index = nat64_db_st_entry_get_index (db, ste0);
1465 nat_ip6_reass_get_frags (reass0, &fragments_to_loopback);
1468 ctx0.sess_index = reass0->sess_index;
1469 ctx0.proto = l4_protocol0;
1471 ctx0.l4_offset = l4_offset0;
1473 if (PREDICT_FALSE (is_hairpinning (&ip60->dst_address)))
1475 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1476 if (nat64_in2out_frag_hairpinning (b0, ip60, &ctx0))
1478 next0 = NAT64_IN2OUT_NEXT_DROP;
1479 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1485 if (ip6_to_ip4_fragmented (b0, nat64_in2out_frag_set_cb, &ctx0))
1487 next0 = NAT64_IN2OUT_NEXT_DROP;
1488 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
1495 ((node->flags & VLIB_NODE_FLAG_TRACE)
1496 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1498 nat64_in2out_reass_trace_t *t =
1499 vlib_add_trace (vm, node, b0, sizeof (*t));
1500 t->cached = cached0;
1501 t->sw_if_index = sw_if_index0;
1502 t->next_index = next0;
1512 pkts_processed += next0 != NAT64_IN2OUT_NEXT_DROP;
1514 /* verify speculative enqueue, maybe switch current next frame */
1515 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1516 to_next, n_left_to_next,
1520 if (n_left_from == 0 && vec_len (fragments_to_loopback))
1522 from = vlib_frame_vector_args (frame);
1523 u32 len = vec_len (fragments_to_loopback);
1524 if (len <= VLIB_FRAME_SIZE)
1526 clib_memcpy (from, fragments_to_loopback,
1527 sizeof (u32) * len);
1529 vec_reset_length (fragments_to_loopback);
1534 fragments_to_loopback + (len -
1536 sizeof (u32) * VLIB_FRAME_SIZE);
1537 n_left_from = VLIB_FRAME_SIZE;
1538 _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
1543 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1546 vlib_node_increment_counter (vm, nat64_in2out_reass_node.index,
1547 NAT64_IN2OUT_ERROR_IN2OUT_PACKETS,
1550 nat_send_all_to_node (vm, fragments_to_drop, node,
1551 &node->errors[NAT64_IN2OUT_ERROR_DROP_FRAGMENT],
1552 NAT64_IN2OUT_NEXT_DROP);
1554 vec_free (fragments_to_drop);
1555 vec_free (fragments_to_loopback);
1556 return frame->n_vectors;
1560 VLIB_REGISTER_NODE (nat64_in2out_reass_node) = {
1561 .function = nat64_in2out_reass_node_fn,
1562 .name = "nat64-in2out-reass",
1563 .vector_size = sizeof (u32),
1564 .format_trace = format_nat64_in2out_reass_trace,
1565 .type = VLIB_NODE_TYPE_INTERNAL,
1566 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1567 .error_strings = nat64_in2out_error_strings,
1568 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1569 /* edit / add dispositions here */
1571 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1572 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1573 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1574 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1575 [NAT64_IN2OUT_NEXT_REASS] = "nat64-in2out-reass",
1580 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_reass_node,
1581 nat64_in2out_reass_node_fn);
1585 u32 next_worker_index;
1587 } nat64_in2out_handoff_trace_t;
1590 format_nat64_in2out_handoff_trace (u8 * s, va_list * args)
1592 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1593 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1594 nat64_in2out_handoff_trace_t *t =
1595 va_arg (*args, nat64_in2out_handoff_trace_t *);
1598 m = t->do_handoff ? "next worker" : "same worker";
1599 s = format (s, "NAT64-IN2OUT-HANDOFF: %s %d", m, t->next_worker_index);
1605 nat64_in2out_handoff_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1606 vlib_frame_t * frame)
1608 nat64_main_t *nm = &nat64_main;
1609 vlib_thread_main_t *tm = vlib_get_thread_main ();
1610 u32 n_left_from, *from, *to_next = 0, *to_next_drop = 0;
1611 static __thread vlib_frame_queue_elt_t **handoff_queue_elt_by_worker_index;
1612 static __thread vlib_frame_queue_t **congested_handoff_queue_by_worker_index
1614 vlib_frame_queue_elt_t *hf = 0;
1615 vlib_frame_queue_t *fq;
1616 vlib_frame_t *f = 0, *d = 0;
1618 u32 n_left_to_next_worker = 0, *to_next_worker = 0;
1619 u32 next_worker_index = 0;
1620 u32 current_worker_index = ~0;
1621 u32 thread_index = vlib_get_thread_index ();
1625 fq_index = nm->fq_in2out_index;
1626 to_node_index = nat64_in2out_node.index;
1628 if (PREDICT_FALSE (handoff_queue_elt_by_worker_index == 0))
1630 vec_validate (handoff_queue_elt_by_worker_index, tm->n_vlib_mains - 1);
1632 vec_validate_init_empty (congested_handoff_queue_by_worker_index,
1633 tm->n_vlib_mains - 1,
1634 (vlib_frame_queue_t *) (~0));
1637 from = vlib_frame_vector_args (frame);
1638 n_left_from = frame->n_vectors;
1640 while (n_left_from > 0)
1651 b0 = vlib_get_buffer (vm, bi0);
1653 ip0 = vlib_buffer_get_current (b0);
1655 next_worker_index = nat64_get_worker_in2out (&ip0->src_address);
1657 if (PREDICT_FALSE (next_worker_index != thread_index))
1661 if (next_worker_index != current_worker_index)
1664 is_vlib_frame_queue_congested (fq_index, next_worker_index,
1666 congested_handoff_queue_by_worker_index);
1670 /* if this is 1st frame */
1673 d = vlib_get_frame_to_node (vm, nm->error_node_index);
1674 to_next_drop = vlib_frame_vector_args (d);
1677 to_next_drop[0] = bi0;
1684 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1687 vlib_get_worker_handoff_queue_elt (fq_index,
1689 handoff_queue_elt_by_worker_index);
1690 n_left_to_next_worker = VLIB_FRAME_SIZE - hf->n_vectors;
1691 to_next_worker = &hf->buffer_index[hf->n_vectors];
1692 current_worker_index = next_worker_index;
1695 /* enqueue to correct worker thread */
1696 to_next_worker[0] = bi0;
1698 n_left_to_next_worker--;
1700 if (n_left_to_next_worker == 0)
1702 hf->n_vectors = VLIB_FRAME_SIZE;
1703 vlib_put_frame_queue_elt (hf);
1704 current_worker_index = ~0;
1705 handoff_queue_elt_by_worker_index[next_worker_index] = 0;
1712 /* if this is 1st frame */
1715 f = vlib_get_frame_to_node (vm, to_node_index);
1716 to_next = vlib_frame_vector_args (f);
1726 ((node->flags & VLIB_NODE_FLAG_TRACE)
1727 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1729 nat64_in2out_handoff_trace_t *t =
1730 vlib_add_trace (vm, node, b0, sizeof (*t));
1731 t->next_worker_index = next_worker_index;
1732 t->do_handoff = do_handoff;
1737 vlib_put_frame_to_node (vm, to_node_index, f);
1740 vlib_put_frame_to_node (vm, nm->error_node_index, d);
1743 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1745 /* Ship frames to the worker nodes */
1746 for (i = 0; i < vec_len (handoff_queue_elt_by_worker_index); i++)
1748 if (handoff_queue_elt_by_worker_index[i])
1750 hf = handoff_queue_elt_by_worker_index[i];
1752 * It works better to let the handoff node
1753 * rate-adapt, always ship the handoff queue element.
1755 if (1 || hf->n_vectors == hf->last_n_vectors)
1757 vlib_put_frame_queue_elt (hf);
1758 handoff_queue_elt_by_worker_index[i] = 0;
1761 hf->last_n_vectors = hf->n_vectors;
1763 congested_handoff_queue_by_worker_index[i] =
1764 (vlib_frame_queue_t *) (~0);
1767 current_worker_index = ~0;
1768 return frame->n_vectors;
1772 VLIB_REGISTER_NODE (nat64_in2out_handoff_node) = {
1773 .function = nat64_in2out_handoff_node_fn,
1774 .name = "nat64-in2out-handoff",
1775 .vector_size = sizeof (u32),
1776 .format_trace = format_nat64_in2out_handoff_trace,
1777 .type = VLIB_NODE_TYPE_INTERNAL,
1787 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_handoff_node,
1788 nat64_in2out_handoff_node_fn);
1791 * fd.io coding-style-patch-verification: ON
1794 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob