2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT64 IPv4 to IPv6 translation (otside to inside network)
20 #include <nat/nat64.h>
21 #include <nat/nat_reass.h>
22 #include <nat/nat_inlines.h>
23 #include <vnet/ip/ip4_to_ip6.h>
24 #include <vnet/fib/ip4_fib.h>
25 #include <vnet/udp/udp.h>
31 } nat64_out2in_trace_t;
34 format_nat64_out2in_trace (u8 * s, va_list * args)
36 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
37 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
38 nat64_out2in_trace_t *t = va_arg (*args, nat64_out2in_trace_t *);
41 format (s, "NAT64-out2in: sw_if_index %d, next index %d", t->sw_if_index,
52 } nat64_out2in_reass_trace_t;
55 format_nat64_out2in_reass_trace (u8 * s, va_list * args)
57 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
58 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
59 nat64_out2in_reass_trace_t *t =
60 va_arg (*args, nat64_out2in_reass_trace_t *);
63 format (s, "NAT64-out2in-reass: sw_if_index %d, next index %d, status %s",
64 t->sw_if_index, t->next_index,
65 t->cached ? "cached" : "translated");
70 vlib_node_registration_t nat64_out2in_node;
71 vlib_node_registration_t nat64_out2in_reass_node;
72 vlib_node_registration_t nat64_out2in_handoff_node;
74 #define foreach_nat64_out2in_error \
75 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \
76 _(OUT2IN_PACKETS, "Good out2in packets processed") \
77 _(NO_TRANSLATION, "No translation") \
78 _(UNKNOWN, "unknown") \
79 _(DROP_FRAGMENT, "Drop fragment") \
80 _(MAX_REASS, "Maximum reassemblies exceeded") \
81 _(MAX_FRAG, "Maximum fragments per reassembly exceeded")
86 #define _(sym,str) NAT64_OUT2IN_ERROR_##sym,
87 foreach_nat64_out2in_error
90 } nat64_out2in_error_t;
92 static char *nat64_out2in_error_strings[] = {
93 #define _(sym,string) string,
94 foreach_nat64_out2in_error
100 NAT64_OUT2IN_NEXT_IP6_LOOKUP,
101 NAT64_OUT2IN_NEXT_IP4_LOOKUP,
102 NAT64_OUT2IN_NEXT_DROP,
103 NAT64_OUT2IN_NEXT_REASS,
105 } nat64_out2in_next_t;
107 typedef struct nat64_out2in_set_ctx_t_
112 } nat64_out2in_set_ctx_t;
115 nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
118 nat64_main_t *nm = &nat64_main;
119 nat64_out2in_set_ctx_t *ctx = arg;
120 nat64_db_bib_entry_t *bibe;
121 nat64_db_st_entry_t *ste;
122 ip46_address_t saddr, daddr;
123 ip6_address_t ip6_saddr;
124 udp_header_t *udp = ip4_next_header (ip4);
125 tcp_header_t *tcp = ip4_next_header (ip4);
126 u8 proto = ip4->protocol;
127 u16 dport = udp->dst_port;
128 u16 sport = udp->src_port;
129 u32 sw_if_index, fib_index;
132 nat64_db_t *db = &nm->db[ctx->thread_index];
134 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
135 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
137 memset (&saddr, 0, sizeof (saddr));
138 saddr.ip4.as_u32 = ip4->src_address.as_u32;
139 memset (&daddr, 0, sizeof (daddr));
140 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
143 nat64_db_st_entry_find (db, &daddr, &saddr, dport, sport, proto,
147 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
153 bibe = nat64_db_bib_entry_find (db, &daddr, dport, proto, fib_index, 0);
158 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
160 nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, sport);
163 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
164 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
166 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
167 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
168 udp->dst_port = bibe->in_port;
170 if (proto == IP_PROTOCOL_UDP)
171 checksum = &udp->checksum;
174 checksum = &tcp->checksum;
175 nat64_tcp_session_set_state (ste, tcp, 0);
178 csum = ip_csum_sub_even (*checksum, dport);
179 csum = ip_csum_add_even (csum, udp->dst_port);
180 *checksum = ip_csum_fold (csum);
182 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
184 nat64_session_reset_timeout (ste, ctx->vm);
190 nat64_out2in_icmp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
192 nat64_main_t *nm = &nat64_main;
193 nat64_out2in_set_ctx_t *ctx = arg;
194 nat64_db_bib_entry_t *bibe;
195 nat64_db_st_entry_t *ste;
196 ip46_address_t saddr, daddr;
197 ip6_address_t ip6_saddr;
198 u32 sw_if_index, fib_index;
199 icmp46_header_t *icmp = ip4_next_header (ip4);
200 nat64_db_t *db = &nm->db[ctx->thread_index];
202 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
203 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
205 memset (&saddr, 0, sizeof (saddr));
206 saddr.ip4.as_u32 = ip4->src_address.as_u32;
207 memset (&daddr, 0, sizeof (daddr));
208 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
210 if (icmp->type == ICMP6_echo_request || icmp->type == ICMP6_echo_reply)
212 u16 out_id = ((u16 *) (icmp))[2];
214 nat64_db_st_entry_find (db, &daddr, &saddr, out_id, 0,
215 IP_PROTOCOL_ICMP, fib_index, 0);
220 nat64_db_bib_entry_by_index (db, IP_PROTOCOL_ICMP,
228 nat64_db_bib_entry_find (db, &daddr, out_id,
229 IP_PROTOCOL_ICMP, fib_index, 0);
233 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
235 nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, 0);
238 nat64_session_reset_timeout (ste, ctx->vm);
240 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
241 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
243 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
244 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
245 ((u16 *) (icmp))[2] = bibe->in_port;
247 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
251 ip6_header_t *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
253 nat64_compose_ip6 (&ip6->src_address, &ip4->src_address,
254 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX]);
255 ip6->dst_address.as_u64[0] = inner_ip6->src_address.as_u64[0];
256 ip6->dst_address.as_u64[1] = inner_ip6->src_address.as_u64[1];
263 nat64_out2in_inner_icmp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
266 nat64_main_t *nm = &nat64_main;
267 nat64_out2in_set_ctx_t *ctx = arg;
268 nat64_db_bib_entry_t *bibe;
269 nat64_db_st_entry_t *ste;
270 ip46_address_t saddr, daddr;
271 u32 sw_if_index, fib_index;
272 u8 proto = ip4->protocol;
273 nat64_db_t *db = &nm->db[ctx->thread_index];
275 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
277 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
279 memset (&saddr, 0, sizeof (saddr));
280 saddr.ip4.as_u32 = ip4->src_address.as_u32;
281 memset (&daddr, 0, sizeof (daddr));
282 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
284 if (proto == IP_PROTOCOL_ICMP6)
286 icmp46_header_t *icmp = ip4_next_header (ip4);
287 u16 out_id = ((u16 *) (icmp))[2];
288 proto = IP_PROTOCOL_ICMP;
291 (icmp->type == ICMP6_echo_request
292 || icmp->type == ICMP6_echo_reply))
296 nat64_db_st_entry_find (db, &saddr, &daddr, out_id, 0, proto,
301 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
305 ip6->dst_address.as_u64[0] = ste->in_r_addr.as_u64[0];
306 ip6->dst_address.as_u64[1] = ste->in_r_addr.as_u64[1];
307 ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
308 ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
309 ((u16 *) (icmp))[2] = bibe->in_port;
311 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
315 udp_header_t *udp = ip4_next_header (ip4);
316 tcp_header_t *tcp = ip4_next_header (ip4);
317 u16 dport = udp->dst_port;
318 u16 sport = udp->src_port;
323 nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
328 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
332 nat64_compose_ip6 (&ip6->dst_address, &daddr.ip4, bibe->fib_index);
333 ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
334 ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
335 udp->src_port = bibe->in_port;
337 if (proto == IP_PROTOCOL_UDP)
338 checksum = &udp->checksum;
340 checksum = &tcp->checksum;
343 csum = ip_csum_sub_even (*checksum, sport);
344 csum = ip_csum_add_even (csum, udp->src_port);
345 *checksum = ip_csum_fold (csum);
348 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
355 nat64_out2in_unk_proto_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
358 nat64_main_t *nm = &nat64_main;
359 nat64_out2in_set_ctx_t *ctx = arg;
360 nat64_db_bib_entry_t *bibe;
361 nat64_db_st_entry_t *ste;
362 ip46_address_t saddr, daddr;
363 ip6_address_t ip6_saddr;
364 u32 sw_if_index, fib_index;
365 u8 proto = ip4->protocol;
366 nat64_db_t *db = &nm->db[ctx->thread_index];
368 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
369 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
371 memset (&saddr, 0, sizeof (saddr));
372 saddr.ip4.as_u32 = ip4->src_address.as_u32;
373 memset (&daddr, 0, sizeof (daddr));
374 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
377 nat64_db_st_entry_find (db, &daddr, &saddr, 0, 0, proto, fib_index, 0);
380 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
386 bibe = nat64_db_bib_entry_find (db, &daddr, 0, proto, fib_index, 0);
391 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
392 ste = nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, 0);
395 nat64_session_reset_timeout (ste, ctx->vm);
397 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
398 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
400 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
401 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
403 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
409 nat64_out2in_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
410 vlib_frame_t * frame)
412 u32 n_left_from, *from, *to_next;
413 nat64_out2in_next_t next_index;
414 u32 pkts_processed = 0;
415 u32 thread_index = vm->thread_index;
417 from = vlib_frame_vector_args (frame);
418 n_left_from = frame->n_vectors;
419 next_index = node->cached_next_index;
420 while (n_left_from > 0)
424 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
426 while (n_left_from > 0 && n_left_to_next > 0)
433 nat64_out2in_set_ctx_t ctx0;
436 /* speculatively enqueue b0 to the current next frame */
444 b0 = vlib_get_buffer (vm, bi0);
445 ip40 = vlib_buffer_get_current (b0);
449 ctx0.thread_index = thread_index;
451 next0 = NAT64_OUT2IN_NEXT_IP6_LOOKUP;
453 proto0 = ip_proto_to_snat_proto (ip40->protocol);
455 if (PREDICT_FALSE (proto0 == ~0))
457 if (ip4_to_ip6 (b0, nat64_out2in_unk_proto_set_cb, &ctx0))
459 next0 = NAT64_OUT2IN_NEXT_DROP;
460 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
465 if (PREDICT_FALSE (ip4_is_fragment (ip40)))
467 next0 = NAT64_OUT2IN_NEXT_REASS;
471 if (proto0 == SNAT_PROTOCOL_ICMP)
474 (b0, nat64_out2in_icmp_set_cb, &ctx0,
475 nat64_out2in_inner_icmp_set_cb, &ctx0))
477 next0 = NAT64_OUT2IN_NEXT_DROP;
478 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
484 if (ip4_to_ip6_tcp_udp (b0, nat64_out2in_tcp_udp_set_cb, &ctx0))
486 udp0 = ip4_next_header (ip40);
488 * Send DHCP packets to the ipv4 stack, or we won't
489 * be able to use dhcp client on the outside interface
491 if ((proto0 == SNAT_PROTOCOL_UDP)
492 && (udp0->dst_port ==
493 clib_host_to_net_u16 (UDP_DST_PORT_dhcp_to_client)))
495 next0 = NAT64_OUT2IN_NEXT_IP4_LOOKUP;
498 next0 = NAT64_OUT2IN_NEXT_DROP;
499 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
505 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
506 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
508 nat64_out2in_trace_t *t =
509 vlib_add_trace (vm, node, b0, sizeof (*t));
510 t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
511 t->next_index = next0;
514 pkts_processed += next0 != NAT64_OUT2IN_NEXT_DROP;
516 /* verify speculative enqueue, maybe switch current next frame */
517 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
518 n_left_to_next, bi0, next0);
520 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
522 vlib_node_increment_counter (vm, nat64_out2in_node.index,
523 NAT64_OUT2IN_ERROR_OUT2IN_PACKETS,
525 return frame->n_vectors;
529 VLIB_REGISTER_NODE (nat64_out2in_node) = {
530 .function = nat64_out2in_node_fn,
531 .name = "nat64-out2in",
532 .vector_size = sizeof (u32),
533 .format_trace = format_nat64_out2in_trace,
534 .type = VLIB_NODE_TYPE_INTERNAL,
535 .n_errors = ARRAY_LEN (nat64_out2in_error_strings),
536 .error_strings = nat64_out2in_error_strings,
537 .n_next_nodes = NAT64_OUT2IN_N_NEXT,
538 /* edit / add dispositions here */
540 [NAT64_OUT2IN_NEXT_DROP] = "error-drop",
541 [NAT64_OUT2IN_NEXT_IP6_LOOKUP] = "ip6-lookup",
542 [NAT64_OUT2IN_NEXT_IP4_LOOKUP] = "ip4-lookup",
543 [NAT64_OUT2IN_NEXT_REASS] = "nat64-out2in-reass",
548 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_node, nat64_out2in_node_fn);
550 typedef struct nat64_out2in_frag_set_ctx_t_
558 } nat64_out2in_frag_set_ctx_t;
561 nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
563 nat64_main_t *nm = &nat64_main;
564 nat64_out2in_frag_set_ctx_t *ctx = arg;
565 nat64_db_st_entry_t *ste;
566 nat64_db_bib_entry_t *bibe;
567 udp_header_t *udp = ip4_next_header (ip4);
570 nat64_db_t *db = &nm->db[ctx->thread_index];
572 ste = nat64_db_st_entry_by_index (db, ctx->proto, ctx->sess_index);
576 bibe = nat64_db_bib_entry_by_index (db, ctx->proto, ste->bibe_index);
582 udp->dst_port = bibe->in_port;
584 if (ip4->protocol == IP_PROTOCOL_UDP)
586 checksum = &udp->checksum;
591 clib_host_to_net_u16 (ip4->length) - sizeof (*ip4);
592 csum = ip_incremental_checksum (0, udp, udp_len);
594 ip_csum_with_carry (csum, clib_host_to_net_u16 (udp_len));
596 ip_csum_with_carry (csum,
597 clib_host_to_net_u16 (IP_PROTOCOL_UDP));
598 csum = ip_csum_with_carry (csum, ste->in_r_addr.as_u64[0]);
599 csum = ip_csum_with_carry (csum, ste->in_r_addr.as_u64[1]);
600 csum = ip_csum_with_carry (csum, bibe->in_addr.as_u64[0]);
601 csum = ip_csum_with_carry (csum, bibe->in_addr.as_u64[1]);
602 *checksum = ~ip_csum_fold (csum);
606 csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
607 csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
608 csum = ip_csum_sub_even (csum, bibe->out_port);
609 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[0]);
610 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[1]);
611 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[0]);
612 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[1]);
613 csum = ip_csum_add_even (csum, bibe->in_port);
614 *checksum = ip_csum_fold (csum);
619 tcp_header_t *tcp = ip4_next_header (ip4);
620 nat64_tcp_session_set_state (ste, tcp, 0);
621 checksum = &tcp->checksum;
622 csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
623 csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
624 csum = ip_csum_sub_even (csum, bibe->out_port);
625 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[0]);
626 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[1]);
627 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[0]);
628 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[1]);
629 csum = ip_csum_add_even (csum, bibe->in_port);
630 *checksum = ip_csum_fold (csum);
635 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
636 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
638 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
639 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
641 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
643 nat64_session_reset_timeout (ste, ctx->vm);
649 nat64_out2in_reass_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
650 vlib_frame_t * frame)
652 u32 n_left_from, *from, *to_next;
653 nat64_out2in_next_t next_index;
654 u32 pkts_processed = 0;
655 u32 *fragments_to_drop = 0;
656 u32 *fragments_to_loopback = 0;
657 nat64_main_t *nm = &nat64_main;
658 u32 thread_index = vm->thread_index;
660 from = vlib_frame_vector_args (frame);
661 n_left_from = frame->n_vectors;
662 next_index = node->cached_next_index;
664 while (n_left_from > 0)
668 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
670 while (n_left_from > 0 && n_left_to_next > 0)
677 u32 sw_if_index0, fib_index0;
679 nat_reass_ip4_t *reass0;
680 ip46_address_t saddr0, daddr0;
681 nat64_db_st_entry_t *ste0;
682 nat64_db_bib_entry_t *bibe0;
683 ip6_address_t ip6_saddr0;
684 nat64_out2in_frag_set_ctx_t ctx0;
685 nat64_db_t *db = &nm->db[thread_index];
687 /* speculatively enqueue b0 to the current next frame */
695 b0 = vlib_get_buffer (vm, bi0);
696 next0 = NAT64_OUT2IN_NEXT_IP6_LOOKUP;
698 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
700 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
703 ctx0.thread_index = thread_index;
705 if (PREDICT_FALSE (nat_reass_is_drop_frag (1)))
707 next0 = NAT64_OUT2IN_NEXT_DROP;
708 b0->error = node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT];
712 ip40 = vlib_buffer_get_current (b0);
714 if (PREDICT_FALSE (!(ip40->protocol == IP_PROTOCOL_TCP
715 || ip40->protocol == IP_PROTOCOL_UDP)))
717 next0 = NAT64_OUT2IN_NEXT_DROP;
718 b0->error = node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT];
722 udp0 = ip4_next_header (ip40);
724 reass0 = nat_ip4_reass_find_or_create (ip40->src_address,
728 1, &fragments_to_drop);
730 if (PREDICT_FALSE (!reass0))
732 next0 = NAT64_OUT2IN_NEXT_DROP;
733 b0->error = node->errors[NAT64_OUT2IN_ERROR_MAX_REASS];
737 if (PREDICT_FALSE (ip4_is_first_fragment (ip40)))
741 memset (&saddr0, 0, sizeof (saddr0));
742 saddr0.ip4.as_u32 = ip40->src_address.as_u32;
743 memset (&daddr0, 0, sizeof (daddr0));
744 daddr0.ip4.as_u32 = ip40->dst_address.as_u32;
747 nat64_db_st_entry_find (db, &daddr0, &saddr0,
748 udp0->dst_port, udp0->src_port,
749 ip40->protocol, fib_index0, 0);
753 nat64_db_bib_entry_find (db, &daddr0, udp0->dst_port,
754 ip40->protocol, fib_index0, 0);
757 next0 = NAT64_OUT2IN_NEXT_DROP;
759 node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
763 nat64_compose_ip6 (&ip6_saddr0, &ip40->src_address,
766 nat64_db_st_entry_create (db, bibe0, &ip6_saddr0,
767 &saddr0.ip4, udp0->src_port);
771 next0 = NAT64_OUT2IN_NEXT_DROP;
773 node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
777 reass0->sess_index = nat64_db_st_entry_get_index (db, ste0);
778 reass0->thread_index = thread_index;
780 nat_ip4_reass_get_frags (reass0, &fragments_to_loopback);
786 if (PREDICT_FALSE (reass0->sess_index == (u32) ~ 0))
788 if (nat_ip4_reass_add_fragment (reass0, bi0))
790 b0->error = node->errors[NAT64_OUT2IN_ERROR_MAX_FRAG];
791 next0 = NAT64_OUT2IN_NEXT_DROP;
799 ctx0.sess_index = reass0->sess_index;
800 ctx0.proto = ip40->protocol;
804 if (ip4_to_ip6_fragmented (b0, nat64_out2in_frag_set_cb, &ctx0))
806 next0 = NAT64_OUT2IN_NEXT_DROP;
807 b0->error = node->errors[NAT64_OUT2IN_ERROR_UNKNOWN];
813 ((node->flags & VLIB_NODE_FLAG_TRACE)
814 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
816 nat64_out2in_reass_trace_t *t =
817 vlib_add_trace (vm, node, b0, sizeof (*t));
819 t->sw_if_index = sw_if_index0;
820 t->next_index = next0;
830 pkts_processed += next0 != NAT64_OUT2IN_NEXT_DROP;
832 /* verify speculative enqueue, maybe switch current next frame */
833 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
834 to_next, n_left_to_next,
838 if (n_left_from == 0 && vec_len (fragments_to_loopback))
840 from = vlib_frame_vector_args (frame);
841 u32 len = vec_len (fragments_to_loopback);
842 if (len <= VLIB_FRAME_SIZE)
844 clib_memcpy (from, fragments_to_loopback,
847 vec_reset_length (fragments_to_loopback);
852 fragments_to_loopback + (len -
854 sizeof (u32) * VLIB_FRAME_SIZE);
855 n_left_from = VLIB_FRAME_SIZE;
856 _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
861 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
864 vlib_node_increment_counter (vm, nat64_out2in_reass_node.index,
865 NAT64_OUT2IN_ERROR_OUT2IN_PACKETS,
868 nat_send_all_to_node (vm, fragments_to_drop, node,
869 &node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT],
870 NAT64_OUT2IN_NEXT_DROP);
872 vec_free (fragments_to_drop);
873 vec_free (fragments_to_loopback);
874 return frame->n_vectors;
878 VLIB_REGISTER_NODE (nat64_out2in_reass_node) = {
879 .function = nat64_out2in_reass_node_fn,
880 .name = "nat64-out2in-reass",
881 .vector_size = sizeof (u32),
882 .format_trace = format_nat64_out2in_reass_trace,
883 .type = VLIB_NODE_TYPE_INTERNAL,
884 .n_errors = ARRAY_LEN (nat64_out2in_error_strings),
885 .error_strings = nat64_out2in_error_strings,
886 .n_next_nodes = NAT64_OUT2IN_N_NEXT,
887 /* edit / add dispositions here */
889 [NAT64_OUT2IN_NEXT_DROP] = "error-drop",
890 [NAT64_OUT2IN_NEXT_IP6_LOOKUP] = "ip6-lookup",
891 [NAT64_OUT2IN_NEXT_IP4_LOOKUP] = "ip4-lookup",
892 [NAT64_OUT2IN_NEXT_REASS] = "nat64-out2in-reass",
897 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_reass_node,
898 nat64_out2in_reass_node_fn);
902 u32 next_worker_index;
904 } nat64_out2in_handoff_trace_t;
907 format_nat64_out2in_handoff_trace (u8 * s, va_list * args)
909 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
910 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
911 nat64_out2in_handoff_trace_t *t =
912 va_arg (*args, nat64_out2in_handoff_trace_t *);
915 m = t->do_handoff ? "next worker" : "same worker";
916 s = format (s, "NAT64-OUT2IN-HANDOFF: %s %d", m, t->next_worker_index);
922 nat64_out2in_handoff_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
923 vlib_frame_t * frame)
925 nat64_main_t *nm = &nat64_main;
926 vlib_thread_main_t *tm = vlib_get_thread_main ();
927 u32 n_left_from, *from, *to_next = 0, *to_next_drop = 0;
928 static __thread vlib_frame_queue_elt_t **handoff_queue_elt_by_worker_index;
929 static __thread vlib_frame_queue_t **congested_handoff_queue_by_worker_index
931 vlib_frame_queue_elt_t *hf = 0;
932 vlib_frame_queue_t *fq;
933 vlib_frame_t *f = 0, *d = 0;
935 u32 n_left_to_next_worker = 0, *to_next_worker = 0;
936 u32 next_worker_index = 0;
937 u32 current_worker_index = ~0;
938 u32 thread_index = vm->thread_index;
942 fq_index = nm->fq_out2in_index;
943 to_node_index = nat64_out2in_node.index;
945 if (PREDICT_FALSE (handoff_queue_elt_by_worker_index == 0))
947 vec_validate (handoff_queue_elt_by_worker_index, tm->n_vlib_mains - 1);
949 vec_validate_init_empty (congested_handoff_queue_by_worker_index,
950 tm->n_vlib_mains - 1,
951 (vlib_frame_queue_t *) (~0));
954 from = vlib_frame_vector_args (frame);
955 n_left_from = frame->n_vectors;
957 while (n_left_from > 0)
968 b0 = vlib_get_buffer (vm, bi0);
970 ip0 = vlib_buffer_get_current (b0);
972 next_worker_index = nat64_get_worker_out2in (ip0);
974 if (PREDICT_FALSE (next_worker_index != thread_index))
978 if (next_worker_index != current_worker_index)
981 is_vlib_frame_queue_congested (fq_index, next_worker_index,
983 congested_handoff_queue_by_worker_index);
987 /* if this is 1st frame */
990 d = vlib_get_frame_to_node (vm, nm->error_node_index);
991 to_next_drop = vlib_frame_vector_args (d);
994 to_next_drop[0] = bi0;
1001 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1004 vlib_get_worker_handoff_queue_elt (fq_index,
1006 handoff_queue_elt_by_worker_index);
1007 n_left_to_next_worker = VLIB_FRAME_SIZE - hf->n_vectors;
1008 to_next_worker = &hf->buffer_index[hf->n_vectors];
1009 current_worker_index = next_worker_index;
1012 ASSERT (to_next_worker != 0);
1014 /* enqueue to correct worker thread */
1015 to_next_worker[0] = bi0;
1017 n_left_to_next_worker--;
1019 if (n_left_to_next_worker == 0)
1021 hf->n_vectors = VLIB_FRAME_SIZE;
1022 vlib_put_frame_queue_elt (hf);
1023 current_worker_index = ~0;
1024 handoff_queue_elt_by_worker_index[next_worker_index] = 0;
1031 /* if this is 1st frame */
1034 f = vlib_get_frame_to_node (vm, to_node_index);
1035 to_next = vlib_frame_vector_args (f);
1045 ((node->flags & VLIB_NODE_FLAG_TRACE)
1046 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1048 nat64_out2in_handoff_trace_t *t =
1049 vlib_add_trace (vm, node, b0, sizeof (*t));
1050 t->next_worker_index = next_worker_index;
1051 t->do_handoff = do_handoff;
1056 vlib_put_frame_to_node (vm, to_node_index, f);
1059 vlib_put_frame_to_node (vm, nm->error_node_index, d);
1062 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1064 /* Ship frames to the worker nodes */
1065 for (i = 0; i < vec_len (handoff_queue_elt_by_worker_index); i++)
1067 if (handoff_queue_elt_by_worker_index[i])
1069 hf = handoff_queue_elt_by_worker_index[i];
1071 * It works better to let the handoff node
1072 * rate-adapt, always ship the handoff queue element.
1074 if (1 || hf->n_vectors == hf->last_n_vectors)
1076 vlib_put_frame_queue_elt (hf);
1077 handoff_queue_elt_by_worker_index[i] = 0;
1080 hf->last_n_vectors = hf->n_vectors;
1082 congested_handoff_queue_by_worker_index[i] =
1083 (vlib_frame_queue_t *) (~0);
1086 current_worker_index = ~0;
1087 return frame->n_vectors;
1091 VLIB_REGISTER_NODE (nat64_out2in_handoff_node) = {
1092 .function = nat64_out2in_handoff_node_fn,
1093 .name = "nat64-out2in-handoff",
1094 .vector_size = sizeof (u32),
1095 .format_trace = format_nat64_out2in_handoff_trace,
1096 .type = VLIB_NODE_TYPE_INTERNAL,
1106 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_handoff_node,
1107 nat64_out2in_handoff_node_fn);
1109 * fd.io coding-style-patch-verification: ON
1112 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob