2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT64 IPv6 to IPv4 translation (inside to outside network)
20 #include <nat/nat64.h>
21 #include <vnet/ip/ip6_to_ip4.h>
22 #include <vnet/fib/fib_table.h>
29 } nat64_in2out_trace_t;
32 format_nat64_in2out_trace (u8 * s, va_list * args)
34 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
35 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
36 nat64_in2out_trace_t *t = va_arg (*args, nat64_in2out_trace_t *);
39 tag = t->is_slow_path ? "NAT64-in2out-slowpath" : "NAT64-in2out";
42 format (s, "%s: sw_if_index %d, next index %d", tag, t->sw_if_index,
48 vlib_node_registration_t nat64_in2out_node;
49 vlib_node_registration_t nat64_in2out_slowpath_node;
51 #define foreach_nat64_in2out_error \
52 _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
53 _(IN2OUT_PACKETS, "good in2out packets processed") \
54 _(NO_TRANSLATION, "no translation") \
59 #define _(sym,str) NAT64_IN2OUT_ERROR_##sym,
60 foreach_nat64_in2out_error
63 } nat64_in2out_error_t;
65 static char *nat64_in2out_error_strings[] = {
66 #define _(sym,string) string,
67 foreach_nat64_in2out_error
73 NAT64_IN2OUT_NEXT_IP4_LOOKUP,
74 NAT64_IN2OUT_NEXT_IP6_LOOKUP,
75 NAT64_IN2OUT_NEXT_DROP,
76 NAT64_IN2OUT_NEXT_SLOWPATH,
78 } nat64_in2out_next_t;
80 typedef struct nat64_in2out_set_ctx_t_
84 } nat64_in2out_set_ctx_t;
87 * @brief Check whether is a hairpinning.
89 * If the destination IP address of the packet is an IPv4 address assigned to
90 * the NAT64 itself, then the packet is a hairpin packet.
92 * param dst_addr Destination address of the packet.
94 * @returns 1 if hairpinning, otherwise 0.
96 static_always_inline int
97 is_hairpinning (ip6_address_t * dst_addr)
99 nat64_main_t *nm = &nat64_main;
102 for (i = 0; i < vec_len (nm->addr_pool); i++)
104 if (nm->addr_pool[i].addr.as_u32 == dst_addr->as_u32[3])
112 nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
115 nat64_main_t *nm = &nat64_main;
116 nat64_in2out_set_ctx_t *ctx = arg;
117 nat64_db_bib_entry_t *bibe;
118 nat64_db_st_entry_t *ste;
119 ip46_address_t saddr, daddr;
120 u32 sw_if_index, fib_index;
121 udp_header_t *udp = ip6_next_header (ip6);
122 u8 proto = ip6->protocol;
123 u16 sport = udp->src_port;
124 u16 dport = udp->dst_port;
126 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
128 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
130 saddr.as_u64[0] = ip6->src_address.as_u64[0];
131 saddr.as_u64[1] = ip6->src_address.as_u64[1];
132 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
133 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
136 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, sport, dport, proto,
141 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
148 nat64_db_bib_entry_find (&nm->db, &saddr, sport, proto, fib_index, 1);
153 ip4_address_t out_addr;
154 if (nat64_alloc_out_addr_and_port
155 (fib_index, ip_proto_to_snat_proto (proto), &out_addr,
160 nat64_db_bib_entry_create (&nm->db, &ip6->src_address, &out_addr,
161 sport, clib_host_to_net_u16 (out_port),
162 fib_index, proto, 0);
167 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
169 nat64_db_st_entry_create (&nm->db, bibe, &ip6->dst_address,
175 nat64_session_reset_timeout (ste, ctx->vm);
177 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
178 udp->src_port = bibe->out_port;
180 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
182 if (proto == IP_PROTOCOL_TCP)
186 tcp_header_t *tcp = ip6_next_header (ip6);
188 checksum = &tcp->checksum;
189 csum = ip_csum_sub_even (*checksum, sport);
190 csum = ip_csum_add_even (csum, udp->src_port);
191 *checksum = ip_csum_fold (csum);
198 nat64_in2out_icmp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
200 nat64_main_t *nm = &nat64_main;
201 nat64_in2out_set_ctx_t *ctx = arg;
202 nat64_db_bib_entry_t *bibe;
203 nat64_db_st_entry_t *ste;
204 ip46_address_t saddr, daddr;
205 u32 sw_if_index, fib_index;
206 icmp46_header_t *icmp = ip6_next_header (ip6);
208 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
210 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
212 saddr.as_u64[0] = ip6->src_address.as_u64[0];
213 saddr.as_u64[1] = ip6->src_address.as_u64[1];
214 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
215 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
217 if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
219 u16 in_id = ((u16 *) (icmp))[2];
221 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, in_id, 0,
222 IP_PROTOCOL_ICMP, fib_index, 1);
227 nat64_db_bib_entry_by_index (&nm->db, IP_PROTOCOL_ICMP,
235 nat64_db_bib_entry_find (&nm->db, &saddr, in_id,
236 IP_PROTOCOL_ICMP, fib_index, 1);
241 ip4_address_t out_addr;
242 if (nat64_alloc_out_addr_and_port
243 (fib_index, SNAT_PROTOCOL_ICMP, &out_addr, &out_id))
247 nat64_db_bib_entry_create (&nm->db, &ip6->src_address,
249 clib_host_to_net_u16 (out_id),
250 fib_index, IP_PROTOCOL_ICMP, 0);
255 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
257 nat64_db_st_entry_create (&nm->db, bibe, &ip6->dst_address,
263 nat64_session_reset_timeout (ste, ctx->vm);
265 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
266 ((u16 *) (icmp))[2] = bibe->out_port;
268 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
272 if (!vec_len (nm->addr_pool))
275 ip4->src_address.as_u32 = nm->addr_pool[0].addr.as_u32;
276 nat64_extract_ip4 (&ip6->dst_address, &ip4->dst_address, fib_index);
283 nat64_in2out_inner_icmp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
286 nat64_main_t *nm = &nat64_main;
287 nat64_in2out_set_ctx_t *ctx = arg;
288 nat64_db_st_entry_t *ste;
289 nat64_db_bib_entry_t *bibe;
290 ip46_address_t saddr, daddr;
291 u32 sw_if_index, fib_index;
292 u8 proto = ip6->protocol;
294 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
296 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
298 saddr.as_u64[0] = ip6->src_address.as_u64[0];
299 saddr.as_u64[1] = ip6->src_address.as_u64[1];
300 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
301 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
303 if (proto == IP_PROTOCOL_ICMP6)
305 icmp46_header_t *icmp = ip6_next_header (ip6);
306 u16 in_id = ((u16 *) (icmp))[2];
307 proto = IP_PROTOCOL_ICMP;
310 (icmp->type == ICMP4_echo_request
311 || icmp->type == ICMP4_echo_reply))
315 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, in_id, 0, proto,
320 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
324 ip4->dst_address.as_u32 = bibe->out_addr.as_u32;
325 ((u16 *) (icmp))[2] = bibe->out_port;
326 ip4->src_address.as_u32 = ste->out_r_addr.as_u32;
330 udp_header_t *udp = ip6_next_header (ip6);
331 tcp_header_t *tcp = ip6_next_header (ip6);
335 u16 sport = udp->src_port;
336 u16 dport = udp->dst_port;
339 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, dport, sport, proto,
344 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
348 ip4->dst_address.as_u32 = bibe->out_addr.as_u32;
349 udp->dst_port = bibe->out_port;
350 ip4->src_address.as_u32 = ste->out_r_addr.as_u32;
352 if (proto == IP_PROTOCOL_TCP)
353 checksum = &tcp->checksum;
355 checksum = &udp->checksum;
356 csum = ip_csum_sub_even (*checksum, dport);
357 csum = ip_csum_add_even (csum, udp->dst_port);
358 *checksum = ip_csum_fold (csum);
364 typedef struct unk_proto_st_walk_ctx_t_
366 ip6_address_t src_addr;
367 ip6_address_t dst_addr;
368 ip4_address_t out_addr;
371 } unk_proto_st_walk_ctx_t;
374 unk_proto_st_walk (nat64_db_st_entry_t * ste, void *arg)
376 nat64_main_t *nm = &nat64_main;
377 unk_proto_st_walk_ctx_t *ctx = arg;
378 nat64_db_bib_entry_t *bibe;
379 ip46_address_t saddr, daddr;
381 if (ip46_address_is_equal (&ste->in_r_addr, &ctx->dst_addr))
384 nat64_db_bib_entry_by_index (&nm->db, ste->proto, ste->bibe_index);
388 if (ip46_address_is_equal (&bibe->in_addr, &ctx->src_addr)
389 && bibe->fib_index == ctx->fib_index)
391 memset (&saddr, 0, sizeof (saddr));
392 saddr.ip4.as_u32 = bibe->out_addr.as_u32;
393 memset (&daddr, 0, sizeof (daddr));
394 nat64_extract_ip4 (&ctx->dst_addr, &daddr.ip4, ctx->fib_index);
396 if (nat64_db_st_entry_find
397 (&nm->db, &daddr, &saddr, 0, 0, ctx->proto, ctx->fib_index, 0))
400 ctx->out_addr.as_u32 = bibe->out_addr.as_u32;
409 nat64_in2out_unk_proto_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
412 nat64_main_t *nm = &nat64_main;
413 nat64_in2out_set_ctx_t *ctx = arg;
414 nat64_db_bib_entry_t *bibe;
415 nat64_db_st_entry_t *ste;
416 ip46_address_t saddr, daddr, addr;
417 u32 sw_if_index, fib_index;
418 u8 proto = ip6->protocol;
421 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
423 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
425 saddr.as_u64[0] = ip6->src_address.as_u64[0];
426 saddr.as_u64[1] = ip6->src_address.as_u64[1];
427 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
428 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
431 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, 0, 0, proto, fib_index,
436 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
443 nat64_db_bib_entry_find (&nm->db, &saddr, 0, proto, fib_index, 1);
447 /* Choose same out address as for TCP/UDP session to same dst */
448 unk_proto_st_walk_ctx_t ctx = {
449 .src_addr.as_u64[0] = ip6->src_address.as_u64[0],
450 .src_addr.as_u64[1] = ip6->src_address.as_u64[1],
451 .dst_addr.as_u64[0] = ip6->dst_address.as_u64[0],
452 .dst_addr.as_u64[1] = ip6->dst_address.as_u64[1],
453 .out_addr.as_u32 = 0,
454 .fib_index = fib_index,
458 nat64_db_st_walk (&nm->db, IP_PROTOCOL_TCP, unk_proto_st_walk,
461 if (!ctx.out_addr.as_u32)
462 nat64_db_st_walk (&nm->db, IP_PROTOCOL_UDP, unk_proto_st_walk,
465 /* Verify if out address is not already in use for protocol */
466 memset (&addr, 0, sizeof (addr));
467 addr.ip4.as_u32 = ctx.out_addr.as_u32;
468 if (nat64_db_bib_entry_find (&nm->db, &addr, 0, proto, 0, 0))
469 ctx.out_addr.as_u32 = 0;
471 if (!ctx.out_addr.as_u32)
473 for (i = 0; i < vec_len (nm->addr_pool); i++)
475 addr.ip4.as_u32 = nm->addr_pool[i].addr.as_u32;
476 if (!nat64_db_bib_entry_find
477 (&nm->db, &addr, 0, proto, 0, 0))
482 if (!ctx.out_addr.as_u32)
486 nat64_db_bib_entry_create (&nm->db, &ip6->src_address,
487 &ctx.out_addr, 0, 0, fib_index, proto,
493 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
495 nat64_db_st_entry_create (&nm->db, bibe, &ip6->dst_address,
501 nat64_session_reset_timeout (ste, ctx->vm);
503 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
504 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
512 nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
515 nat64_main_t *nm = &nat64_main;
516 nat64_db_bib_entry_t *bibe;
517 nat64_db_st_entry_t *ste;
518 ip46_address_t saddr, daddr;
519 u32 sw_if_index, fib_index;
520 udp_header_t *udp = ip6_next_header (ip6);
521 tcp_header_t *tcp = ip6_next_header (ip6);
522 u8 proto = ip6->protocol;
523 u16 sport = udp->src_port;
524 u16 dport = udp->dst_port;
528 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
530 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
532 saddr.as_u64[0] = ip6->src_address.as_u64[0];
533 saddr.as_u64[1] = ip6->src_address.as_u64[1];
534 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
535 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
537 if (proto == IP_PROTOCOL_UDP)
538 checksum = &udp->checksum;
540 checksum = &tcp->checksum;
542 csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
543 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
544 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
545 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
546 csum = ip_csum_sub_even (csum, sport);
547 csum = ip_csum_sub_even (csum, dport);
550 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, sport, dport, proto,
555 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
562 nat64_db_bib_entry_find (&nm->db, &saddr, sport, proto, fib_index, 1);
567 ip4_address_t out_addr;
568 if (nat64_alloc_out_addr_and_port
569 (fib_index, ip_proto_to_snat_proto (proto), &out_addr,
574 nat64_db_bib_entry_create (&nm->db, &ip6->src_address, &out_addr,
575 sport, clib_host_to_net_u16 (out_port),
576 fib_index, proto, 0);
581 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
583 nat64_db_st_entry_create (&nm->db, bibe, &ip6->dst_address,
589 nat64_session_reset_timeout (ste, vm);
591 sport = udp->src_port = bibe->out_port;
592 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, fib_index);
594 memset (&saddr, 0, sizeof (saddr));
595 memset (&daddr, 0, sizeof (daddr));
596 saddr.ip4.as_u32 = bibe->out_addr.as_u32;
597 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
600 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, dport, sport, proto, 0,
605 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
611 bibe = nat64_db_bib_entry_find (&nm->db, &daddr, dport, proto, 0, 0);
617 nat64_db_st_entry_create (&nm->db, bibe, &ip6->src_address,
621 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
622 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
623 udp->dst_port = bibe->in_port;
625 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[0]);
626 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[1]);
627 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[0]);
628 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[1]);
629 csum = ip_csum_add_even (csum, udp->src_port);
630 csum = ip_csum_add_even (csum, udp->dst_port);
631 *checksum = ip_csum_fold (csum);
637 nat64_in2out_icmp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
640 nat64_main_t *nm = &nat64_main;
641 nat64_db_bib_entry_t *bibe;
642 nat64_db_st_entry_t *ste;
643 icmp46_header_t *icmp = ip6_next_header (ip6);
644 ip6_header_t *inner_ip6;
645 ip46_address_t saddr, daddr;
646 u32 sw_if_index, fib_index;
650 u16 *checksum, sport, dport;
653 if (icmp->type == ICMP6_echo_request || icmp->type == ICMP6_echo_reply)
656 inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
658 proto = inner_ip6->protocol;
660 if (proto == IP_PROTOCOL_ICMP6)
663 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
665 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
667 saddr.as_u64[0] = inner_ip6->src_address.as_u64[0];
668 saddr.as_u64[1] = inner_ip6->src_address.as_u64[1];
669 daddr.as_u64[0] = inner_ip6->dst_address.as_u64[0];
670 daddr.as_u64[1] = inner_ip6->dst_address.as_u64[1];
672 udp = ip6_next_header (inner_ip6);
673 tcp = ip6_next_header (inner_ip6);
675 sport = udp->src_port;
676 dport = udp->dst_port;
678 if (proto == IP_PROTOCOL_UDP)
679 checksum = &udp->checksum;
681 checksum = &tcp->checksum;
683 csum = ip_csum_sub_even (*checksum, inner_ip6->src_address.as_u64[0]);
684 csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[1]);
685 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[0]);
686 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[1]);
687 csum = ip_csum_sub_even (csum, sport);
688 csum = ip_csum_sub_even (csum, dport);
691 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, dport, sport, proto,
696 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
700 dport = udp->dst_port = bibe->out_port;
701 nat64_compose_ip6 (&inner_ip6->dst_address, &bibe->out_addr, fib_index);
703 memset (&saddr, 0, sizeof (saddr));
704 memset (&daddr, 0, sizeof (daddr));
705 saddr.ip4.as_u32 = ste->out_r_addr.as_u32;
706 daddr.ip4.as_u32 = bibe->out_addr.as_u32;
709 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, sport, dport, proto, 0,
714 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
718 inner_ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
719 inner_ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
720 udp->src_port = bibe->in_port;
722 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[0]);
723 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[1]);
724 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[0]);
725 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[1]);
726 csum = ip_csum_add_even (csum, udp->src_port);
727 csum = ip_csum_add_even (csum, udp->dst_port);
728 *checksum = ip_csum_fold (csum);
730 if (!vec_len (nm->addr_pool))
733 nat64_compose_ip6 (&ip6->src_address, &nm->addr_pool[0].addr, fib_index);
734 ip6->dst_address.as_u64[0] = inner_ip6->src_address.as_u64[0];
735 ip6->dst_address.as_u64[1] = inner_ip6->src_address.as_u64[1];
738 csum = ip_csum_with_carry (0, ip6->payload_length);
739 csum = ip_csum_with_carry (csum, clib_host_to_net_u16 (ip6->protocol));
740 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[0]);
741 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[1]);
742 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[0]);
743 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[1]);
745 ip_incremental_checksum (csum, icmp,
746 clib_net_to_host_u16 (ip6->payload_length));
747 icmp->checksum = ~ip_csum_fold (csum);
753 nat64_in2out_unk_proto_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
756 nat64_main_t *nm = &nat64_main;
757 nat64_db_bib_entry_t *bibe;
758 nat64_db_st_entry_t *ste;
759 ip46_address_t saddr, daddr, addr;
760 u32 sw_if_index, fib_index;
761 u8 proto = ip6->protocol;
764 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
766 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
768 saddr.as_u64[0] = ip6->src_address.as_u64[0];
769 saddr.as_u64[1] = ip6->src_address.as_u64[1];
770 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
771 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
774 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, 0, 0, proto, fib_index,
779 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
786 nat64_db_bib_entry_find (&nm->db, &saddr, 0, proto, fib_index, 1);
790 /* Choose same out address as for TCP/UDP session to same dst */
791 unk_proto_st_walk_ctx_t ctx = {
792 .src_addr.as_u64[0] = ip6->src_address.as_u64[0],
793 .src_addr.as_u64[1] = ip6->src_address.as_u64[1],
794 .dst_addr.as_u64[0] = ip6->dst_address.as_u64[0],
795 .dst_addr.as_u64[1] = ip6->dst_address.as_u64[1],
796 .out_addr.as_u32 = 0,
797 .fib_index = fib_index,
801 nat64_db_st_walk (&nm->db, IP_PROTOCOL_TCP, unk_proto_st_walk,
804 if (!ctx.out_addr.as_u32)
805 nat64_db_st_walk (&nm->db, IP_PROTOCOL_UDP, unk_proto_st_walk,
808 /* Verify if out address is not already in use for protocol */
809 memset (&addr, 0, sizeof (addr));
810 addr.ip4.as_u32 = ctx.out_addr.as_u32;
811 if (nat64_db_bib_entry_find (&nm->db, &addr, 0, proto, 0, 0))
812 ctx.out_addr.as_u32 = 0;
814 if (!ctx.out_addr.as_u32)
816 for (i = 0; i < vec_len (nm->addr_pool); i++)
818 addr.ip4.as_u32 = nm->addr_pool[i].addr.as_u32;
819 if (!nat64_db_bib_entry_find
820 (&nm->db, &addr, 0, proto, 0, 0))
825 if (!ctx.out_addr.as_u32)
829 nat64_db_bib_entry_create (&nm->db, &ip6->src_address,
830 &ctx.out_addr, 0, 0, fib_index, proto,
836 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
838 nat64_db_st_entry_create (&nm->db, bibe, &ip6->dst_address,
844 nat64_session_reset_timeout (ste, vm);
846 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, fib_index);
848 memset (&saddr, 0, sizeof (saddr));
849 memset (&daddr, 0, sizeof (daddr));
850 saddr.ip4.as_u32 = bibe->out_addr.as_u32;
851 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
853 ste = nat64_db_st_entry_find (&nm->db, &daddr, &saddr, 0, 0, proto, 0, 0);
857 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
863 bibe = nat64_db_bib_entry_find (&nm->db, &daddr, 0, proto, 0, 0);
869 nat64_db_st_entry_create (&nm->db, bibe, &ip6->src_address,
873 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
874 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
880 nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
881 vlib_frame_t * frame, u8 is_slow_path)
883 u32 n_left_from, *from, *to_next;
884 nat64_in2out_next_t next_index;
885 u32 pkts_processed = 0;
886 u32 stats_node_index;
889 is_slow_path ? nat64_in2out_slowpath_node.index : nat64_in2out_node.index;
891 from = vlib_frame_vector_args (frame);
892 n_left_from = frame->n_vectors;
893 next_index = node->cached_next_index;
895 while (n_left_from > 0)
899 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
901 while (n_left_from > 0 && n_left_to_next > 0)
907 u16 l4_offset0, frag_offset0;
910 nat64_in2out_set_ctx_t ctx0;
912 /* speculatively enqueue b0 to the current next frame */
920 b0 = vlib_get_buffer (vm, bi0);
921 ip60 = vlib_buffer_get_current (b0);
926 next0 = NAT64_IN2OUT_NEXT_IP4_LOOKUP;
930 (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
933 next0 = NAT64_IN2OUT_NEXT_DROP;
934 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
938 proto0 = ip_proto_to_snat_proto (l4_protocol0);
939 if (frag_offset0 != 0)
941 next0 = NAT64_IN2OUT_NEXT_DROP;
943 node->errors[NAT64_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
949 if (PREDICT_TRUE (proto0 == ~0))
951 if (is_hairpinning (&ip60->dst_address))
953 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
954 if (nat64_in2out_unk_proto_hairpinning (vm, b0, ip60))
956 next0 = NAT64_IN2OUT_NEXT_DROP;
958 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
963 if (ip6_to_ip4 (b0, nat64_in2out_unk_proto_set_cb, &ctx0))
965 next0 = NAT64_IN2OUT_NEXT_DROP;
967 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
975 if (PREDICT_FALSE (proto0 == ~0))
977 next0 = NAT64_IN2OUT_NEXT_SLOWPATH;
982 if (proto0 == SNAT_PROTOCOL_ICMP)
984 if (is_hairpinning (&ip60->dst_address))
986 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
987 if (nat64_in2out_icmp_hairpinning (vm, b0, ip60))
989 next0 = NAT64_IN2OUT_NEXT_DROP;
991 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
997 (b0, nat64_in2out_icmp_set_cb, &ctx0,
998 nat64_in2out_inner_icmp_set_cb, &ctx0))
1000 next0 = NAT64_IN2OUT_NEXT_DROP;
1001 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1005 else if (proto0 == SNAT_PROTOCOL_TCP || proto0 == SNAT_PROTOCOL_UDP)
1007 if (is_hairpinning (&ip60->dst_address))
1009 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1010 if (nat64_in2out_tcp_udp_hairpinning (vm, b0, ip60))
1012 next0 = NAT64_IN2OUT_NEXT_DROP;
1014 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1019 if (ip6_to_ip4_tcp_udp
1020 (b0, nat64_in2out_tcp_udp_set_cb, &ctx0, 0))
1022 next0 = NAT64_IN2OUT_NEXT_DROP;
1023 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1029 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1030 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1032 nat64_in2out_trace_t *t =
1033 vlib_add_trace (vm, node, b0, sizeof (*t));
1034 t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1035 t->next_index = next0;
1036 t->is_slow_path = is_slow_path;
1039 pkts_processed += next0 != NAT64_IN2OUT_NEXT_DROP;
1041 /* verify speculative enqueue, maybe switch current next frame */
1042 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1043 n_left_to_next, bi0, next0);
1045 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1047 vlib_node_increment_counter (vm, stats_node_index,
1048 NAT64_IN2OUT_ERROR_IN2OUT_PACKETS,
1050 return frame->n_vectors;
1054 nat64_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1055 vlib_frame_t * frame)
1057 return nat64_in2out_node_fn_inline (vm, node, frame, 0);
1061 VLIB_REGISTER_NODE (nat64_in2out_node) = {
1062 .function = nat64_in2out_node_fn,
1063 .name = "nat64-in2out",
1064 .vector_size = sizeof (u32),
1065 .format_trace = format_nat64_in2out_trace,
1066 .type = VLIB_NODE_TYPE_INTERNAL,
1067 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1068 .error_strings = nat64_in2out_error_strings,
1069 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1070 /* edit / add dispositions here */
1072 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1073 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1074 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1075 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1080 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_node, nat64_in2out_node_fn);
1083 nat64_in2out_slowpath_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1084 vlib_frame_t * frame)
1086 return nat64_in2out_node_fn_inline (vm, node, frame, 1);
1090 VLIB_REGISTER_NODE (nat64_in2out_slowpath_node) = {
1091 .function = nat64_in2out_slowpath_node_fn,
1092 .name = "nat64-in2out-slowpath",
1093 .vector_size = sizeof (u32),
1094 .format_trace = format_nat64_in2out_trace,
1095 .type = VLIB_NODE_TYPE_INTERNAL,
1096 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1097 .error_strings = nat64_in2out_error_strings,
1098 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1099 /* edit / add dispositions here */
1101 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1102 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1103 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1104 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1109 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_slowpath_node,
1110 nat64_in2out_slowpath_node_fn);
1113 * fd.io coding-style-patch-verification: ON
1116 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob