2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT64 IPv6 to IPv4 translation (inside to outside network)
20 #include <nat/nat64.h>
21 #include <nat/nat_reass.h>
22 #include <vnet/ip/ip6_to_ip4.h>
23 #include <vnet/fib/fib_table.h>
30 } nat64_in2out_trace_t;
33 format_nat64_in2out_trace (u8 * s, va_list * args)
35 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
36 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
37 nat64_in2out_trace_t *t = va_arg (*args, nat64_in2out_trace_t *);
40 tag = t->is_slow_path ? "NAT64-in2out-slowpath" : "NAT64-in2out";
43 format (s, "%s: sw_if_index %d, next index %d", tag, t->sw_if_index,
54 } nat64_in2out_reass_trace_t;
57 format_nat64_in2out_reass_trace (u8 * s, va_list * args)
59 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
60 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
61 nat64_in2out_reass_trace_t *t =
62 va_arg (*args, nat64_in2out_reass_trace_t *);
65 format (s, "NAT64-in2out-reass: sw_if_index %d, next index %d, status %s",
66 t->sw_if_index, t->next_index,
67 t->cached ? "cached" : "translated");
72 vlib_node_registration_t nat64_in2out_node;
73 vlib_node_registration_t nat64_in2out_slowpath_node;
74 vlib_node_registration_t nat64_in2out_reass_node;
75 vlib_node_registration_t nat64_in2out_handoff_node;
77 #define foreach_nat64_in2out_error \
78 _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
79 _(IN2OUT_PACKETS, "good in2out packets processed") \
80 _(NO_TRANSLATION, "no translation") \
81 _(UNKNOWN, "unknown") \
82 _(DROP_FRAGMENT, "Drop fragment") \
83 _(MAX_REASS, "Maximum reassemblies exceeded") \
84 _(MAX_FRAG, "Maximum fragments per reassembly exceeded")
89 #define _(sym,str) NAT64_IN2OUT_ERROR_##sym,
90 foreach_nat64_in2out_error
93 } nat64_in2out_error_t;
95 static char *nat64_in2out_error_strings[] = {
96 #define _(sym,string) string,
97 foreach_nat64_in2out_error
103 NAT64_IN2OUT_NEXT_IP4_LOOKUP,
104 NAT64_IN2OUT_NEXT_IP6_LOOKUP,
105 NAT64_IN2OUT_NEXT_DROP,
106 NAT64_IN2OUT_NEXT_SLOWPATH,
107 NAT64_IN2OUT_NEXT_REASS,
109 } nat64_in2out_next_t;
111 typedef struct nat64_in2out_set_ctx_t_
116 } nat64_in2out_set_ctx_t;
119 * @brief Check whether is a hairpinning.
121 * If the destination IP address of the packet is an IPv4 address assigned to
122 * the NAT64 itself, then the packet is a hairpin packet.
124 * param dst_addr Destination address of the packet.
126 * @returns 1 if hairpinning, otherwise 0.
128 static_always_inline int
129 is_hairpinning (ip6_address_t * dst_addr)
131 nat64_main_t *nm = &nat64_main;
134 for (i = 0; i < vec_len (nm->addr_pool); i++)
136 if (nm->addr_pool[i].addr.as_u32 == dst_addr->as_u32[3])
144 nat64_in2out_tcp_udp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
147 nat64_main_t *nm = &nat64_main;
148 nat64_in2out_set_ctx_t *ctx = arg;
149 nat64_db_bib_entry_t *bibe;
150 nat64_db_st_entry_t *ste;
151 ip46_address_t saddr, daddr;
152 u32 sw_if_index, fib_index;
153 udp_header_t *udp = ip6_next_header (ip6);
154 u8 proto = ip6->protocol;
155 u16 sport = udp->src_port;
156 u16 dport = udp->dst_port;
157 nat64_db_t *db = &nm->db[ctx->thread_index];
159 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
161 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
163 saddr.as_u64[0] = ip6->src_address.as_u64[0];
164 saddr.as_u64[1] = ip6->src_address.as_u64[1];
165 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
166 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
169 nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
174 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
180 bibe = nat64_db_bib_entry_find (db, &saddr, sport, proto, fib_index, 1);
185 ip4_address_t out_addr;
186 if (nat64_alloc_out_addr_and_port
187 (fib_index, ip_proto_to_snat_proto (proto), &out_addr,
188 &out_port, ctx->thread_index))
192 nat64_db_bib_entry_create (db, &ip6->src_address, &out_addr,
193 sport, out_port, fib_index, proto, 0);
198 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
200 nat64_db_st_entry_create (db, bibe, &ip6->dst_address,
206 nat64_session_reset_timeout (ste, ctx->vm);
208 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
209 udp->src_port = bibe->out_port;
211 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
213 if (proto == IP_PROTOCOL_TCP)
217 tcp_header_t *tcp = ip6_next_header (ip6);
219 checksum = &tcp->checksum;
220 csum = ip_csum_sub_even (*checksum, sport);
221 csum = ip_csum_add_even (csum, udp->src_port);
222 *checksum = ip_csum_fold (csum);
229 nat64_in2out_icmp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
231 nat64_main_t *nm = &nat64_main;
232 nat64_in2out_set_ctx_t *ctx = arg;
233 nat64_db_bib_entry_t *bibe;
234 nat64_db_st_entry_t *ste;
235 ip46_address_t saddr, daddr;
236 u32 sw_if_index, fib_index;
237 icmp46_header_t *icmp = ip6_next_header (ip6);
238 nat64_db_t *db = &nm->db[ctx->thread_index];
240 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
242 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
244 saddr.as_u64[0] = ip6->src_address.as_u64[0];
245 saddr.as_u64[1] = ip6->src_address.as_u64[1];
246 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
247 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
249 if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
251 u16 in_id = ((u16 *) (icmp))[2];
253 nat64_db_st_entry_find (db, &saddr, &daddr, in_id, 0,
254 IP_PROTOCOL_ICMP, fib_index, 1);
259 nat64_db_bib_entry_by_index (db, IP_PROTOCOL_ICMP,
267 nat64_db_bib_entry_find (db, &saddr, in_id,
268 IP_PROTOCOL_ICMP, fib_index, 1);
273 ip4_address_t out_addr;
274 if (nat64_alloc_out_addr_and_port
275 (fib_index, SNAT_PROTOCOL_ICMP, &out_addr, &out_id,
280 nat64_db_bib_entry_create (db, &ip6->src_address,
281 &out_addr, in_id, out_id,
282 fib_index, IP_PROTOCOL_ICMP, 0);
287 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
289 nat64_db_st_entry_create (db, bibe, &ip6->dst_address,
295 nat64_session_reset_timeout (ste, ctx->vm);
297 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
298 ((u16 *) (icmp))[2] = bibe->out_port;
300 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
304 if (!vec_len (nm->addr_pool))
307 ip4->src_address.as_u32 = nm->addr_pool[0].addr.as_u32;
308 nat64_extract_ip4 (&ip6->dst_address, &ip4->dst_address, fib_index);
315 nat64_in2out_inner_icmp_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
318 nat64_main_t *nm = &nat64_main;
319 nat64_in2out_set_ctx_t *ctx = arg;
320 nat64_db_st_entry_t *ste;
321 nat64_db_bib_entry_t *bibe;
322 ip46_address_t saddr, daddr;
323 u32 sw_if_index, fib_index;
324 u8 proto = ip6->protocol;
325 nat64_db_t *db = &nm->db[ctx->thread_index];
327 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
329 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
331 saddr.as_u64[0] = ip6->src_address.as_u64[0];
332 saddr.as_u64[1] = ip6->src_address.as_u64[1];
333 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
334 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
336 if (proto == IP_PROTOCOL_ICMP6)
338 icmp46_header_t *icmp = ip6_next_header (ip6);
339 u16 in_id = ((u16 *) (icmp))[2];
340 proto = IP_PROTOCOL_ICMP;
343 (icmp->type == ICMP4_echo_request
344 || icmp->type == ICMP4_echo_reply))
348 nat64_db_st_entry_find (db, &daddr, &saddr, in_id, 0, proto,
353 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
357 ip4->dst_address.as_u32 = bibe->out_addr.as_u32;
358 ((u16 *) (icmp))[2] = bibe->out_port;
359 ip4->src_address.as_u32 = ste->out_r_addr.as_u32;
363 udp_header_t *udp = ip6_next_header (ip6);
364 tcp_header_t *tcp = ip6_next_header (ip6);
368 u16 sport = udp->src_port;
369 u16 dport = udp->dst_port;
372 nat64_db_st_entry_find (db, &daddr, &saddr, dport, sport, proto,
377 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
381 ip4->dst_address.as_u32 = bibe->out_addr.as_u32;
382 udp->dst_port = bibe->out_port;
383 ip4->src_address.as_u32 = ste->out_r_addr.as_u32;
385 if (proto == IP_PROTOCOL_TCP)
386 checksum = &tcp->checksum;
388 checksum = &udp->checksum;
389 csum = ip_csum_sub_even (*checksum, dport);
390 csum = ip_csum_add_even (csum, udp->dst_port);
391 *checksum = ip_csum_fold (csum);
397 typedef struct unk_proto_st_walk_ctx_t_
399 ip6_address_t src_addr;
400 ip6_address_t dst_addr;
401 ip4_address_t out_addr;
405 } unk_proto_st_walk_ctx_t;
408 unk_proto_st_walk (nat64_db_st_entry_t * ste, void *arg)
410 nat64_main_t *nm = &nat64_main;
411 unk_proto_st_walk_ctx_t *ctx = arg;
412 nat64_db_bib_entry_t *bibe;
413 ip46_address_t saddr, daddr;
414 nat64_db_t *db = &nm->db[ctx->thread_index];
416 if (ip46_address_is_equal (&ste->in_r_addr, &ctx->dst_addr))
418 bibe = nat64_db_bib_entry_by_index (db, ste->proto, ste->bibe_index);
422 if (ip46_address_is_equal (&bibe->in_addr, &ctx->src_addr)
423 && bibe->fib_index == ctx->fib_index)
425 memset (&saddr, 0, sizeof (saddr));
426 saddr.ip4.as_u32 = bibe->out_addr.as_u32;
427 memset (&daddr, 0, sizeof (daddr));
428 nat64_extract_ip4 (&ctx->dst_addr, &daddr.ip4, ctx->fib_index);
430 if (nat64_db_st_entry_find
431 (db, &daddr, &saddr, 0, 0, ctx->proto, ctx->fib_index, 0))
434 ctx->out_addr.as_u32 = bibe->out_addr.as_u32;
443 nat64_in2out_unk_proto_set_cb (ip6_header_t * ip6, ip4_header_t * ip4,
446 nat64_main_t *nm = &nat64_main;
447 nat64_in2out_set_ctx_t *s_ctx = arg;
448 nat64_db_bib_entry_t *bibe;
449 nat64_db_st_entry_t *ste;
450 ip46_address_t saddr, daddr, addr;
451 u32 sw_if_index, fib_index;
452 u8 proto = ip6->protocol;
454 nat64_db_t *db = &nm->db[s_ctx->thread_index];
456 sw_if_index = vnet_buffer (s_ctx->b)->sw_if_index[VLIB_RX];
458 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
460 saddr.as_u64[0] = ip6->src_address.as_u64[0];
461 saddr.as_u64[1] = ip6->src_address.as_u64[1];
462 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
463 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
466 nat64_db_st_entry_find (db, &saddr, &daddr, 0, 0, proto, fib_index, 1);
470 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
476 bibe = nat64_db_bib_entry_find (db, &saddr, 0, proto, fib_index, 1);
480 /* Choose same out address as for TCP/UDP session to same dst */
481 unk_proto_st_walk_ctx_t ctx = {
482 .src_addr.as_u64[0] = ip6->src_address.as_u64[0],
483 .src_addr.as_u64[1] = ip6->src_address.as_u64[1],
484 .dst_addr.as_u64[0] = ip6->dst_address.as_u64[0],
485 .dst_addr.as_u64[1] = ip6->dst_address.as_u64[1],
486 .out_addr.as_u32 = 0,
487 .fib_index = fib_index,
489 .thread_index = s_ctx->thread_index,
492 nat64_db_st_walk (db, IP_PROTOCOL_TCP, unk_proto_st_walk, &ctx);
494 if (!ctx.out_addr.as_u32)
495 nat64_db_st_walk (db, IP_PROTOCOL_UDP, unk_proto_st_walk, &ctx);
497 /* Verify if out address is not already in use for protocol */
498 memset (&addr, 0, sizeof (addr));
499 addr.ip4.as_u32 = ctx.out_addr.as_u32;
500 if (nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
501 ctx.out_addr.as_u32 = 0;
503 if (!ctx.out_addr.as_u32)
505 for (i = 0; i < vec_len (nm->addr_pool); i++)
507 addr.ip4.as_u32 = nm->addr_pool[i].addr.as_u32;
508 if (!nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
513 if (!ctx.out_addr.as_u32)
517 nat64_db_bib_entry_create (db, &ip6->src_address,
518 &ctx.out_addr, 0, 0, fib_index, proto,
524 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
526 nat64_db_st_entry_create (db, bibe, &ip6->dst_address, &daddr.ip4, 0);
531 nat64_session_reset_timeout (ste, s_ctx->vm);
533 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
534 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
542 nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
543 ip6_header_t * ip6, u32 thread_index)
545 nat64_main_t *nm = &nat64_main;
546 nat64_db_bib_entry_t *bibe;
547 nat64_db_st_entry_t *ste;
548 ip46_address_t saddr, daddr;
549 u32 sw_if_index, fib_index;
550 udp_header_t *udp = ip6_next_header (ip6);
551 tcp_header_t *tcp = ip6_next_header (ip6);
552 u8 proto = ip6->protocol;
553 u16 sport = udp->src_port;
554 u16 dport = udp->dst_port;
557 nat64_db_t *db = &nm->db[thread_index];
559 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
561 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
563 saddr.as_u64[0] = ip6->src_address.as_u64[0];
564 saddr.as_u64[1] = ip6->src_address.as_u64[1];
565 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
566 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
568 if (proto == IP_PROTOCOL_UDP)
569 checksum = &udp->checksum;
571 checksum = &tcp->checksum;
573 csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
574 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
575 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
576 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
577 csum = ip_csum_sub_even (csum, sport);
578 csum = ip_csum_sub_even (csum, dport);
581 nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
586 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
592 bibe = nat64_db_bib_entry_find (db, &saddr, sport, proto, fib_index, 1);
597 ip4_address_t out_addr;
598 if (nat64_alloc_out_addr_and_port
599 (fib_index, ip_proto_to_snat_proto (proto), &out_addr,
600 &out_port, thread_index))
604 nat64_db_bib_entry_create (db, &ip6->src_address, &out_addr,
605 sport, out_port, fib_index, proto, 0);
610 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
612 nat64_db_st_entry_create (db, bibe, &ip6->dst_address,
618 nat64_session_reset_timeout (ste, vm);
620 sport = udp->src_port = bibe->out_port;
621 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, fib_index);
623 memset (&daddr, 0, sizeof (daddr));
624 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
628 vec_foreach (db, nm->db)
630 bibe = nat64_db_bib_entry_find (db, &daddr, dport, proto, 0, 0);
640 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
641 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
642 udp->dst_port = bibe->in_port;
644 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[0]);
645 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[1]);
646 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[0]);
647 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[1]);
648 csum = ip_csum_add_even (csum, udp->src_port);
649 csum = ip_csum_add_even (csum, udp->dst_port);
650 *checksum = ip_csum_fold (csum);
656 nat64_in2out_icmp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
657 ip6_header_t * ip6, u32 thread_index)
659 nat64_main_t *nm = &nat64_main;
660 nat64_db_bib_entry_t *bibe;
661 nat64_db_st_entry_t *ste;
662 icmp46_header_t *icmp = ip6_next_header (ip6);
663 ip6_header_t *inner_ip6;
664 ip46_address_t saddr, daddr;
665 u32 sw_if_index, fib_index;
669 u16 *checksum, sport, dport;
671 nat64_db_t *db = &nm->db[thread_index];
673 if (icmp->type == ICMP6_echo_request || icmp->type == ICMP6_echo_reply)
676 inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
678 proto = inner_ip6->protocol;
680 if (proto == IP_PROTOCOL_ICMP6)
683 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
685 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
687 saddr.as_u64[0] = inner_ip6->src_address.as_u64[0];
688 saddr.as_u64[1] = inner_ip6->src_address.as_u64[1];
689 daddr.as_u64[0] = inner_ip6->dst_address.as_u64[0];
690 daddr.as_u64[1] = inner_ip6->dst_address.as_u64[1];
692 udp = ip6_next_header (inner_ip6);
693 tcp = ip6_next_header (inner_ip6);
695 sport = udp->src_port;
696 dport = udp->dst_port;
698 if (proto == IP_PROTOCOL_UDP)
699 checksum = &udp->checksum;
701 checksum = &tcp->checksum;
703 csum = ip_csum_sub_even (*checksum, inner_ip6->src_address.as_u64[0]);
704 csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[1]);
705 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[0]);
706 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[1]);
707 csum = ip_csum_sub_even (csum, sport);
708 csum = ip_csum_sub_even (csum, dport);
711 nat64_db_st_entry_find (db, &daddr, &saddr, dport, sport, proto,
716 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
720 dport = udp->dst_port = bibe->out_port;
721 nat64_compose_ip6 (&inner_ip6->dst_address, &bibe->out_addr, fib_index);
723 memset (&saddr, 0, sizeof (saddr));
724 memset (&daddr, 0, sizeof (daddr));
725 saddr.ip4.as_u32 = ste->out_r_addr.as_u32;
726 daddr.ip4.as_u32 = bibe->out_addr.as_u32;
730 vec_foreach (db, nm->db)
732 ste = nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
743 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
747 inner_ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
748 inner_ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
749 udp->src_port = bibe->in_port;
751 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[0]);
752 csum = ip_csum_add_even (csum, inner_ip6->src_address.as_u64[1]);
753 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[0]);
754 csum = ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[1]);
755 csum = ip_csum_add_even (csum, udp->src_port);
756 csum = ip_csum_add_even (csum, udp->dst_port);
757 *checksum = ip_csum_fold (csum);
759 if (!vec_len (nm->addr_pool))
762 nat64_compose_ip6 (&ip6->src_address, &nm->addr_pool[0].addr, fib_index);
763 ip6->dst_address.as_u64[0] = inner_ip6->src_address.as_u64[0];
764 ip6->dst_address.as_u64[1] = inner_ip6->src_address.as_u64[1];
767 csum = ip_csum_with_carry (0, ip6->payload_length);
768 csum = ip_csum_with_carry (csum, clib_host_to_net_u16 (ip6->protocol));
769 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[0]);
770 csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[1]);
771 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[0]);
772 csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[1]);
774 ip_incremental_checksum (csum, icmp,
775 clib_net_to_host_u16 (ip6->payload_length));
776 icmp->checksum = ~ip_csum_fold (csum);
782 nat64_in2out_unk_proto_hairpinning (vlib_main_t * vm, vlib_buffer_t * b,
783 ip6_header_t * ip6, u32 thread_index)
785 nat64_main_t *nm = &nat64_main;
786 nat64_db_bib_entry_t *bibe;
787 nat64_db_st_entry_t *ste;
788 ip46_address_t saddr, daddr, addr;
789 u32 sw_if_index, fib_index;
790 u8 proto = ip6->protocol;
792 nat64_db_t *db = &nm->db[thread_index];
794 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
796 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
798 saddr.as_u64[0] = ip6->src_address.as_u64[0];
799 saddr.as_u64[1] = ip6->src_address.as_u64[1];
800 daddr.as_u64[0] = ip6->dst_address.as_u64[0];
801 daddr.as_u64[1] = ip6->dst_address.as_u64[1];
804 nat64_db_st_entry_find (db, &saddr, &daddr, 0, 0, proto, fib_index, 1);
808 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
814 bibe = nat64_db_bib_entry_find (db, &saddr, 0, proto, fib_index, 1);
818 /* Choose same out address as for TCP/UDP session to same dst */
819 unk_proto_st_walk_ctx_t ctx = {
820 .src_addr.as_u64[0] = ip6->src_address.as_u64[0],
821 .src_addr.as_u64[1] = ip6->src_address.as_u64[1],
822 .dst_addr.as_u64[0] = ip6->dst_address.as_u64[0],
823 .dst_addr.as_u64[1] = ip6->dst_address.as_u64[1],
824 .out_addr.as_u32 = 0,
825 .fib_index = fib_index,
827 .thread_index = thread_index,
830 nat64_db_st_walk (db, IP_PROTOCOL_TCP, unk_proto_st_walk, &ctx);
832 if (!ctx.out_addr.as_u32)
833 nat64_db_st_walk (db, IP_PROTOCOL_UDP, unk_proto_st_walk, &ctx);
835 /* Verify if out address is not already in use for protocol */
836 memset (&addr, 0, sizeof (addr));
837 addr.ip4.as_u32 = ctx.out_addr.as_u32;
838 if (nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
839 ctx.out_addr.as_u32 = 0;
841 if (!ctx.out_addr.as_u32)
843 for (i = 0; i < vec_len (nm->addr_pool); i++)
845 addr.ip4.as_u32 = nm->addr_pool[i].addr.as_u32;
846 if (!nat64_db_bib_entry_find (db, &addr, 0, proto, 0, 0))
851 if (!ctx.out_addr.as_u32)
855 nat64_db_bib_entry_create (db, &ip6->src_address,
856 &ctx.out_addr, 0, 0, fib_index, proto,
862 nat64_extract_ip4 (&ip6->dst_address, &daddr.ip4, fib_index);
864 nat64_db_st_entry_create (db, bibe, &ip6->dst_address, &daddr.ip4, 0);
869 nat64_session_reset_timeout (ste, vm);
871 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, fib_index);
873 memset (&daddr, 0, sizeof (daddr));
874 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
878 vec_foreach (db, nm->db)
880 bibe = nat64_db_bib_entry_find (db, &daddr, 0, proto, 0, 0);
890 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
891 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
897 nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
898 vlib_frame_t * frame, u8 is_slow_path)
900 u32 n_left_from, *from, *to_next;
901 nat64_in2out_next_t next_index;
902 u32 pkts_processed = 0;
903 u32 stats_node_index;
904 u32 thread_index = vlib_get_thread_index ();
907 is_slow_path ? nat64_in2out_slowpath_node.index : nat64_in2out_node.index;
909 from = vlib_frame_vector_args (frame);
910 n_left_from = frame->n_vectors;
911 next_index = node->cached_next_index;
913 while (n_left_from > 0)
917 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
919 while (n_left_from > 0 && n_left_to_next > 0)
925 u16 l4_offset0, frag_offset0;
928 nat64_in2out_set_ctx_t ctx0;
930 /* speculatively enqueue b0 to the current next frame */
938 b0 = vlib_get_buffer (vm, bi0);
939 ip60 = vlib_buffer_get_current (b0);
943 ctx0.thread_index = thread_index;
945 next0 = NAT64_IN2OUT_NEXT_IP4_LOOKUP;
949 (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
952 next0 = NAT64_IN2OUT_NEXT_DROP;
953 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
957 proto0 = ip_proto_to_snat_proto (l4_protocol0);
961 if (PREDICT_TRUE (proto0 == ~0))
963 if (is_hairpinning (&ip60->dst_address))
965 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
966 if (nat64_in2out_unk_proto_hairpinning
967 (vm, b0, ip60, thread_index))
969 next0 = NAT64_IN2OUT_NEXT_DROP;
971 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
976 if (ip6_to_ip4 (b0, nat64_in2out_unk_proto_set_cb, &ctx0))
978 next0 = NAT64_IN2OUT_NEXT_DROP;
980 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
988 if (PREDICT_FALSE (proto0 == ~0))
990 next0 = NAT64_IN2OUT_NEXT_SLOWPATH;
996 (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION))
998 next0 = NAT64_IN2OUT_NEXT_REASS;
1002 if (proto0 == SNAT_PROTOCOL_ICMP)
1004 if (is_hairpinning (&ip60->dst_address))
1006 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1007 if (nat64_in2out_icmp_hairpinning
1008 (vm, b0, ip60, thread_index))
1010 next0 = NAT64_IN2OUT_NEXT_DROP;
1012 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1018 (b0, nat64_in2out_icmp_set_cb, &ctx0,
1019 nat64_in2out_inner_icmp_set_cb, &ctx0))
1021 next0 = NAT64_IN2OUT_NEXT_DROP;
1022 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1026 else if (proto0 == SNAT_PROTOCOL_TCP || proto0 == SNAT_PROTOCOL_UDP)
1028 if (is_hairpinning (&ip60->dst_address))
1030 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1031 if (nat64_in2out_tcp_udp_hairpinning
1032 (vm, b0, ip60, thread_index))
1034 next0 = NAT64_IN2OUT_NEXT_DROP;
1036 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1041 if (ip6_to_ip4_tcp_udp
1042 (b0, nat64_in2out_tcp_udp_set_cb, &ctx0, 0))
1044 next0 = NAT64_IN2OUT_NEXT_DROP;
1045 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1051 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1052 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1054 nat64_in2out_trace_t *t =
1055 vlib_add_trace (vm, node, b0, sizeof (*t));
1056 t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1057 t->next_index = next0;
1058 t->is_slow_path = is_slow_path;
1061 pkts_processed += next0 != NAT64_IN2OUT_NEXT_DROP;
1063 /* verify speculative enqueue, maybe switch current next frame */
1064 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1065 n_left_to_next, bi0, next0);
1067 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1069 vlib_node_increment_counter (vm, stats_node_index,
1070 NAT64_IN2OUT_ERROR_IN2OUT_PACKETS,
1072 return frame->n_vectors;
1076 nat64_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1077 vlib_frame_t * frame)
1079 return nat64_in2out_node_fn_inline (vm, node, frame, 0);
1083 VLIB_REGISTER_NODE (nat64_in2out_node) = {
1084 .function = nat64_in2out_node_fn,
1085 .name = "nat64-in2out",
1086 .vector_size = sizeof (u32),
1087 .format_trace = format_nat64_in2out_trace,
1088 .type = VLIB_NODE_TYPE_INTERNAL,
1089 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1090 .error_strings = nat64_in2out_error_strings,
1091 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1092 /* edit / add dispositions here */
1094 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1095 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1096 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1097 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1098 [NAT64_IN2OUT_NEXT_REASS] = "nat64-in2out-reass",
1103 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_node, nat64_in2out_node_fn);
1106 nat64_in2out_slowpath_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1107 vlib_frame_t * frame)
1109 return nat64_in2out_node_fn_inline (vm, node, frame, 1);
1113 VLIB_REGISTER_NODE (nat64_in2out_slowpath_node) = {
1114 .function = nat64_in2out_slowpath_node_fn,
1115 .name = "nat64-in2out-slowpath",
1116 .vector_size = sizeof (u32),
1117 .format_trace = format_nat64_in2out_trace,
1118 .type = VLIB_NODE_TYPE_INTERNAL,
1119 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1120 .error_strings = nat64_in2out_error_strings,
1121 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1122 /* edit / add dispositions here */
1124 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1125 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1126 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1127 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1128 [NAT64_IN2OUT_NEXT_REASS] = "nat64-in2out-reass",
1133 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_slowpath_node,
1134 nat64_in2out_slowpath_node_fn);
1136 typedef struct nat64_in2out_frag_set_ctx_t_
1144 } nat64_in2out_frag_set_ctx_t;
1147 nat64_in2out_frag_set_cb (ip6_header_t * ip6, ip4_header_t * ip4, void *arg)
1149 nat64_main_t *nm = &nat64_main;
1150 nat64_in2out_frag_set_ctx_t *ctx = arg;
1151 nat64_db_st_entry_t *ste;
1152 nat64_db_bib_entry_t *bibe;
1154 nat64_db_t *db = &nm->db[ctx->thread_index];
1156 ste = nat64_db_st_entry_by_index (db, ctx->proto, ctx->sess_index);
1160 bibe = nat64_db_bib_entry_by_index (db, ctx->proto, ste->bibe_index);
1164 nat64_session_reset_timeout (ste, ctx->vm);
1166 if (ctx->first_frag)
1168 udp = (udp_header_t *) u8_ptr_add (ip6, ctx->l4_offset);
1170 if (ctx->proto == IP_PROTOCOL_TCP)
1174 tcp_header_t *tcp = (tcp_header_t *) udp;
1176 checksum = &tcp->checksum;
1177 csum = ip_csum_sub_even (*checksum, tcp->src_port);
1178 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[0]);
1179 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
1180 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
1181 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
1182 csum = ip_csum_add_even (csum, bibe->out_port);
1183 csum = ip_csum_add_even (csum, bibe->out_addr.as_u32);
1184 csum = ip_csum_add_even (csum, ste->out_r_addr.as_u32);
1185 *checksum = ip_csum_fold (csum);
1188 udp->src_port = bibe->out_port;
1191 ip4->src_address.as_u32 = bibe->out_addr.as_u32;
1192 ip4->dst_address.as_u32 = ste->out_r_addr.as_u32;
1198 nat64_in2out_frag_hairpinning (vlib_buffer_t * b, ip6_header_t * ip6,
1199 nat64_in2out_frag_set_ctx_t * ctx)
1201 nat64_main_t *nm = &nat64_main;
1202 nat64_db_st_entry_t *ste;
1203 nat64_db_bib_entry_t *bibe;
1204 udp_header_t *udp = (udp_header_t *) u8_ptr_add (ip6, ctx->l4_offset);
1205 tcp_header_t *tcp = (tcp_header_t *) udp;
1206 u16 sport = udp->src_port;
1207 u16 dport = udp->dst_port;
1210 ip46_address_t daddr;
1211 nat64_db_t *db = &nm->db[ctx->thread_index];
1213 if (ctx->first_frag)
1215 if (ctx->proto == IP_PROTOCOL_UDP)
1216 checksum = &udp->checksum;
1218 checksum = &tcp->checksum;
1220 csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
1221 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
1222 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
1223 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
1224 csum = ip_csum_sub_even (csum, sport);
1225 csum = ip_csum_sub_even (csum, dport);
1228 ste = nat64_db_st_entry_by_index (db, ctx->proto, ctx->sess_index);
1232 bibe = nat64_db_bib_entry_by_index (db, ctx->proto, ste->bibe_index);
1236 nat64_session_reset_timeout (ste, ctx->vm);
1238 sport = bibe->out_port;
1239 dport = ste->r_port;
1241 nat64_compose_ip6 (&ip6->src_address, &bibe->out_addr, bibe->fib_index);
1243 memset (&daddr, 0, sizeof (daddr));
1244 daddr.ip4.as_u32 = ste->out_r_addr.as_u32;
1248 vec_foreach (db, nm->db)
1250 bibe = nat64_db_bib_entry_find (db, &daddr, dport, ctx->proto, 0, 0);
1260 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
1261 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
1263 if (ctx->first_frag)
1265 udp->dst_port = bibe->in_port;
1266 udp->src_port = sport;
1267 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[0]);
1268 csum = ip_csum_add_even (csum, ip6->src_address.as_u64[1]);
1269 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[0]);
1270 csum = ip_csum_add_even (csum, ip6->dst_address.as_u64[1]);
1271 csum = ip_csum_add_even (csum, udp->src_port);
1272 csum = ip_csum_add_even (csum, udp->dst_port);
1273 *checksum = ip_csum_fold (csum);
1280 nat64_in2out_reass_node_fn (vlib_main_t * vm,
1281 vlib_node_runtime_t * node, vlib_frame_t * frame)
1283 u32 n_left_from, *from, *to_next;
1284 nat64_in2out_next_t next_index;
1285 u32 pkts_processed = 0;
1286 u32 *fragments_to_drop = 0;
1287 u32 *fragments_to_loopback = 0;
1288 nat64_main_t *nm = &nat64_main;
1289 u32 thread_index = vlib_get_thread_index ();
1291 from = vlib_frame_vector_args (frame);
1292 n_left_from = frame->n_vectors;
1293 next_index = node->cached_next_index;
1295 while (n_left_from > 0)
1299 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1301 while (n_left_from > 0 && n_left_to_next > 0)
1308 u16 l4_offset0, frag_offset0;
1310 nat_reass_ip6_t *reass0;
1311 ip6_frag_hdr_t *frag0;
1312 nat64_db_bib_entry_t *bibe0;
1313 nat64_db_st_entry_t *ste0;
1315 snat_protocol_t proto0;
1316 u32 sw_if_index0, fib_index0;
1317 ip46_address_t saddr0, daddr0;
1318 nat64_in2out_frag_set_ctx_t ctx0;
1319 nat64_db_t *db = &nm->db[thread_index];
1321 /* speculatively enqueue b0 to the current next frame */
1327 n_left_to_next -= 1;
1329 b0 = vlib_get_buffer (vm, bi0);
1330 next0 = NAT64_IN2OUT_NEXT_IP4_LOOKUP;
1332 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1334 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6,
1337 ctx0.thread_index = thread_index;
1339 if (PREDICT_FALSE (nat_reass_is_drop_frag (1)))
1341 next0 = NAT64_IN2OUT_NEXT_DROP;
1342 b0->error = node->errors[NAT64_IN2OUT_ERROR_DROP_FRAGMENT];
1346 ip60 = (ip6_header_t *) vlib_buffer_get_current (b0);
1350 (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
1353 next0 = NAT64_IN2OUT_NEXT_DROP;
1354 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
1359 (!(l4_protocol0 == IP_PROTOCOL_TCP
1360 || l4_protocol0 == IP_PROTOCOL_UDP)))
1362 next0 = NAT64_IN2OUT_NEXT_DROP;
1363 b0->error = node->errors[NAT64_IN2OUT_ERROR_DROP_FRAGMENT];
1367 udp0 = (udp_header_t *) u8_ptr_add (ip60, l4_offset0);
1368 frag0 = (ip6_frag_hdr_t *) u8_ptr_add (ip60, frag_offset0);
1369 proto0 = ip_proto_to_snat_proto (l4_protocol0);
1371 reass0 = nat_ip6_reass_find_or_create (ip60->src_address,
1373 frag0->identification,
1375 1, &fragments_to_drop);
1377 if (PREDICT_FALSE (!reass0))
1379 next0 = NAT64_IN2OUT_NEXT_DROP;
1380 b0->error = node->errors[NAT64_IN2OUT_ERROR_MAX_REASS];
1384 if (PREDICT_TRUE (ip6_frag_hdr_offset (frag0)))
1386 ctx0.first_frag = 0;
1387 if (PREDICT_FALSE (reass0->sess_index == (u32) ~ 0))
1389 if (nat_ip6_reass_add_fragment (reass0, bi0))
1391 b0->error = node->errors[NAT64_IN2OUT_ERROR_MAX_FRAG];
1392 next0 = NAT64_IN2OUT_NEXT_DROP;
1401 ctx0.first_frag = 1;
1403 saddr0.as_u64[0] = ip60->src_address.as_u64[0];
1404 saddr0.as_u64[1] = ip60->src_address.as_u64[1];
1405 daddr0.as_u64[0] = ip60->dst_address.as_u64[0];
1406 daddr0.as_u64[1] = ip60->dst_address.as_u64[1];
1409 nat64_db_st_entry_find (db, &saddr0, &daddr0,
1410 udp0->src_port, udp0->dst_port,
1411 l4_protocol0, fib_index0, 1);
1415 nat64_db_bib_entry_find (db, &saddr0, udp0->src_port,
1416 l4_protocol0, fib_index0, 1);
1420 ip4_address_t out_addr0;
1421 if (nat64_alloc_out_addr_and_port
1422 (fib_index0, proto0, &out_addr0, &out_port0,
1425 next0 = NAT64_IN2OUT_NEXT_DROP;
1427 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1432 nat64_db_bib_entry_create (db,
1434 &out_addr0, udp0->src_port,
1435 out_port0, fib_index0,
1439 next0 = NAT64_IN2OUT_NEXT_DROP;
1441 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1445 nat64_extract_ip4 (&ip60->dst_address, &daddr0.ip4,
1448 nat64_db_st_entry_create (db, bibe0,
1449 &ip60->dst_address, &daddr0.ip4,
1453 next0 = NAT64_IN2OUT_NEXT_DROP;
1455 node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1459 reass0->sess_index = nat64_db_st_entry_get_index (db, ste0);
1461 nat_ip6_reass_get_frags (reass0, &fragments_to_loopback);
1464 ctx0.sess_index = reass0->sess_index;
1465 ctx0.proto = l4_protocol0;
1467 ctx0.l4_offset = l4_offset0;
1469 if (PREDICT_FALSE (is_hairpinning (&ip60->dst_address)))
1471 next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
1472 if (nat64_in2out_frag_hairpinning (b0, ip60, &ctx0))
1474 next0 = NAT64_IN2OUT_NEXT_DROP;
1475 b0->error = node->errors[NAT64_IN2OUT_ERROR_NO_TRANSLATION];
1481 if (ip6_to_ip4_fragmented (b0, nat64_in2out_frag_set_cb, &ctx0))
1483 next0 = NAT64_IN2OUT_NEXT_DROP;
1484 b0->error = node->errors[NAT64_IN2OUT_ERROR_UNKNOWN];
1491 ((node->flags & VLIB_NODE_FLAG_TRACE)
1492 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1494 nat64_in2out_reass_trace_t *t =
1495 vlib_add_trace (vm, node, b0, sizeof (*t));
1496 t->cached = cached0;
1497 t->sw_if_index = sw_if_index0;
1498 t->next_index = next0;
1508 pkts_processed += next0 != NAT64_IN2OUT_NEXT_DROP;
1510 /* verify speculative enqueue, maybe switch current next frame */
1511 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1512 to_next, n_left_to_next,
1516 if (n_left_from == 0 && vec_len (fragments_to_loopback))
1518 from = vlib_frame_vector_args (frame);
1519 u32 len = vec_len (fragments_to_loopback);
1520 if (len <= VLIB_FRAME_SIZE)
1522 clib_memcpy (from, fragments_to_loopback,
1523 sizeof (u32) * len);
1525 vec_reset_length (fragments_to_loopback);
1530 fragments_to_loopback + (len -
1532 sizeof (u32) * VLIB_FRAME_SIZE);
1533 n_left_from = VLIB_FRAME_SIZE;
1534 _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
1539 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1542 vlib_node_increment_counter (vm, nat64_in2out_reass_node.index,
1543 NAT64_IN2OUT_ERROR_IN2OUT_PACKETS,
1546 nat_send_all_to_node (vm, fragments_to_drop, node,
1547 &node->errors[NAT64_IN2OUT_ERROR_DROP_FRAGMENT],
1548 NAT64_IN2OUT_NEXT_DROP);
1550 vec_free (fragments_to_drop);
1551 vec_free (fragments_to_loopback);
1552 return frame->n_vectors;
1556 VLIB_REGISTER_NODE (nat64_in2out_reass_node) = {
1557 .function = nat64_in2out_reass_node_fn,
1558 .name = "nat64-in2out-reass",
1559 .vector_size = sizeof (u32),
1560 .format_trace = format_nat64_in2out_reass_trace,
1561 .type = VLIB_NODE_TYPE_INTERNAL,
1562 .n_errors = ARRAY_LEN (nat64_in2out_error_strings),
1563 .error_strings = nat64_in2out_error_strings,
1564 .n_next_nodes = NAT64_IN2OUT_N_NEXT,
1565 /* edit / add dispositions here */
1567 [NAT64_IN2OUT_NEXT_DROP] = "error-drop",
1568 [NAT64_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
1569 [NAT64_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
1570 [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath",
1571 [NAT64_IN2OUT_NEXT_REASS] = "nat64-in2out-reass",
1576 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_reass_node,
1577 nat64_in2out_reass_node_fn);
1581 u32 next_worker_index;
1583 } nat64_in2out_handoff_trace_t;
1586 format_nat64_in2out_handoff_trace (u8 * s, va_list * args)
1588 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1589 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1590 nat64_in2out_handoff_trace_t *t =
1591 va_arg (*args, nat64_in2out_handoff_trace_t *);
1594 m = t->do_handoff ? "next worker" : "same worker";
1595 s = format (s, "NAT64-IN2OUT-HANDOFF: %s %d", m, t->next_worker_index);
1601 nat64_in2out_handoff_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1602 vlib_frame_t * frame)
1604 nat64_main_t *nm = &nat64_main;
1605 vlib_thread_main_t *tm = vlib_get_thread_main ();
1606 u32 n_left_from, *from, *to_next = 0, *to_next_drop = 0;
1607 static __thread vlib_frame_queue_elt_t **handoff_queue_elt_by_worker_index;
1608 static __thread vlib_frame_queue_t **congested_handoff_queue_by_worker_index
1610 vlib_frame_queue_elt_t *hf = 0;
1611 vlib_frame_queue_t *fq;
1612 vlib_frame_t *f = 0, *d = 0;
1614 u32 n_left_to_next_worker = 0, *to_next_worker = 0;
1615 u32 next_worker_index = 0;
1616 u32 current_worker_index = ~0;
1617 u32 thread_index = vlib_get_thread_index ();
1621 fq_index = nm->fq_in2out_index;
1622 to_node_index = nat64_in2out_node.index;
1624 if (PREDICT_FALSE (handoff_queue_elt_by_worker_index == 0))
1626 vec_validate (handoff_queue_elt_by_worker_index, tm->n_vlib_mains - 1);
1628 vec_validate_init_empty (congested_handoff_queue_by_worker_index,
1629 tm->n_vlib_mains - 1,
1630 (vlib_frame_queue_t *) (~0));
1633 from = vlib_frame_vector_args (frame);
1634 n_left_from = frame->n_vectors;
1636 while (n_left_from > 0)
1647 b0 = vlib_get_buffer (vm, bi0);
1649 ip0 = vlib_buffer_get_current (b0);
1651 next_worker_index = nat64_get_worker_in2out (&ip0->src_address);
1653 if (PREDICT_FALSE (next_worker_index != thread_index))
1657 if (next_worker_index != current_worker_index)
1660 is_vlib_frame_queue_congested (fq_index, next_worker_index,
1662 congested_handoff_queue_by_worker_index);
1666 /* if this is 1st frame */
1669 d = vlib_get_frame_to_node (vm, nm->error_node_index);
1670 to_next_drop = vlib_frame_vector_args (d);
1673 to_next_drop[0] = bi0;
1680 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1683 vlib_get_worker_handoff_queue_elt (fq_index,
1685 handoff_queue_elt_by_worker_index);
1686 n_left_to_next_worker = VLIB_FRAME_SIZE - hf->n_vectors;
1687 to_next_worker = &hf->buffer_index[hf->n_vectors];
1688 current_worker_index = next_worker_index;
1691 ASSERT (to_next_worker != 0);
1693 /* enqueue to correct worker thread */
1694 to_next_worker[0] = bi0;
1696 n_left_to_next_worker--;
1698 if (n_left_to_next_worker == 0)
1700 hf->n_vectors = VLIB_FRAME_SIZE;
1701 vlib_put_frame_queue_elt (hf);
1702 current_worker_index = ~0;
1703 handoff_queue_elt_by_worker_index[next_worker_index] = 0;
1710 /* if this is 1st frame */
1713 f = vlib_get_frame_to_node (vm, to_node_index);
1714 to_next = vlib_frame_vector_args (f);
1724 ((node->flags & VLIB_NODE_FLAG_TRACE)
1725 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1727 nat64_in2out_handoff_trace_t *t =
1728 vlib_add_trace (vm, node, b0, sizeof (*t));
1729 t->next_worker_index = next_worker_index;
1730 t->do_handoff = do_handoff;
1735 vlib_put_frame_to_node (vm, to_node_index, f);
1738 vlib_put_frame_to_node (vm, nm->error_node_index, d);
1741 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1743 /* Ship frames to the worker nodes */
1744 for (i = 0; i < vec_len (handoff_queue_elt_by_worker_index); i++)
1746 if (handoff_queue_elt_by_worker_index[i])
1748 hf = handoff_queue_elt_by_worker_index[i];
1750 * It works better to let the handoff node
1751 * rate-adapt, always ship the handoff queue element.
1753 if (1 || hf->n_vectors == hf->last_n_vectors)
1755 vlib_put_frame_queue_elt (hf);
1756 handoff_queue_elt_by_worker_index[i] = 0;
1759 hf->last_n_vectors = hf->n_vectors;
1761 congested_handoff_queue_by_worker_index[i] =
1762 (vlib_frame_queue_t *) (~0);
1765 current_worker_index = ~0;
1766 return frame->n_vectors;
1770 VLIB_REGISTER_NODE (nat64_in2out_handoff_node) = {
1771 .function = nat64_in2out_handoff_node_fn,
1772 .name = "nat64-in2out-handoff",
1773 .vector_size = sizeof (u32),
1774 .format_trace = format_nat64_in2out_handoff_trace,
1775 .type = VLIB_NODE_TYPE_INTERNAL,
1785 VLIB_NODE_FUNCTION_MULTIARCH (nat64_in2out_handoff_node,
1786 nat64_in2out_handoff_node_fn);
1789 * fd.io coding-style-patch-verification: ON
1792 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob