2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT64 IPv4 to IPv6 translation (otside to inside network)
20 #include <nat/nat64.h>
21 #include <nat/nat_reass.h>
22 #include <vnet/ip/ip4_to_ip6.h>
23 #include <vnet/fib/ip4_fib.h>
29 } nat64_out2in_trace_t;
32 format_nat64_out2in_trace (u8 * s, va_list * args)
34 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
35 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
36 nat64_out2in_trace_t *t = va_arg (*args, nat64_out2in_trace_t *);
39 format (s, "NAT64-out2in: sw_if_index %d, next index %d", t->sw_if_index,
50 } nat64_out2in_reass_trace_t;
53 format_nat64_out2in_reass_trace (u8 * s, va_list * args)
55 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
56 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
57 nat64_out2in_reass_trace_t *t =
58 va_arg (*args, nat64_out2in_reass_trace_t *);
61 format (s, "NAT64-out2in-reass: sw_if_index %d, next index %d, status %s",
62 t->sw_if_index, t->next_index,
63 t->cached ? "cached" : "translated");
68 vlib_node_registration_t nat64_out2in_node;
69 vlib_node_registration_t nat64_out2in_reass_node;
71 #define foreach_nat64_out2in_error \
72 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \
73 _(OUT2IN_PACKETS, "Good out2in packets processed") \
74 _(NO_TRANSLATION, "No translation") \
75 _(UNKNOWN, "unknown") \
76 _(DROP_FRAGMENT, "Drop fragment") \
77 _(MAX_REASS, "Maximum reassemblies exceeded") \
78 _(MAX_FRAG, "Maximum fragments per reassembly exceeded")
83 #define _(sym,str) NAT64_OUT2IN_ERROR_##sym,
84 foreach_nat64_out2in_error
87 } nat64_out2in_error_t;
89 static char *nat64_out2in_error_strings[] = {
90 #define _(sym,string) string,
91 foreach_nat64_out2in_error
97 NAT64_OUT2IN_NEXT_LOOKUP,
98 NAT64_OUT2IN_NEXT_DROP,
99 NAT64_OUT2IN_NEXT_REASS,
101 } nat64_out2in_next_t;
103 typedef struct nat64_out2in_set_ctx_t_
107 } nat64_out2in_set_ctx_t;
110 nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
113 nat64_main_t *nm = &nat64_main;
114 nat64_out2in_set_ctx_t *ctx = arg;
115 nat64_db_bib_entry_t *bibe;
116 nat64_db_st_entry_t *ste;
117 ip46_address_t saddr, daddr;
118 ip6_address_t ip6_saddr;
119 udp_header_t *udp = ip4_next_header (ip4);
120 tcp_header_t *tcp = ip4_next_header (ip4);
121 u8 proto = ip4->protocol;
122 u16 dport = udp->dst_port;
123 u16 sport = udp->src_port;
124 u32 sw_if_index, fib_index;
128 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
129 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
131 memset (&saddr, 0, sizeof (saddr));
132 saddr.ip4.as_u32 = ip4->src_address.as_u32;
133 memset (&daddr, 0, sizeof (daddr));
134 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
137 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, dport, sport, proto,
141 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
148 nat64_db_bib_entry_find (&nm->db, &daddr, dport, proto, fib_index, 0);
153 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
155 nat64_db_st_entry_create (&nm->db, bibe, &ip6_saddr, &saddr.ip4,
159 nat64_session_reset_timeout (ste, ctx->vm);
161 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
162 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
164 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
165 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
166 udp->dst_port = bibe->in_port;
168 if (proto == IP_PROTOCOL_UDP)
169 checksum = &udp->checksum;
171 checksum = &tcp->checksum;
172 csum = ip_csum_sub_even (*checksum, dport);
173 csum = ip_csum_add_even (csum, udp->dst_port);
174 *checksum = ip_csum_fold (csum);
176 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
182 nat64_out2in_icmp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
184 nat64_main_t *nm = &nat64_main;
185 nat64_out2in_set_ctx_t *ctx = arg;
186 nat64_db_bib_entry_t *bibe;
187 nat64_db_st_entry_t *ste;
188 ip46_address_t saddr, daddr;
189 ip6_address_t ip6_saddr;
190 u32 sw_if_index, fib_index;
191 icmp46_header_t *icmp = ip4_next_header (ip4);
193 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
194 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
196 memset (&saddr, 0, sizeof (saddr));
197 saddr.ip4.as_u32 = ip4->src_address.as_u32;
198 memset (&daddr, 0, sizeof (daddr));
199 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
201 if (icmp->type == ICMP6_echo_request || icmp->type == ICMP6_echo_reply)
203 u16 out_id = ((u16 *) (icmp))[2];
205 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, out_id, 0,
206 IP_PROTOCOL_ICMP, fib_index, 0);
211 nat64_db_bib_entry_by_index (&nm->db, IP_PROTOCOL_ICMP,
219 nat64_db_bib_entry_find (&nm->db, &daddr, out_id,
220 IP_PROTOCOL_ICMP, fib_index, 0);
224 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
226 nat64_db_st_entry_create (&nm->db, bibe, &ip6_saddr, &saddr.ip4,
230 nat64_session_reset_timeout (ste, ctx->vm);
232 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
233 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
235 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
236 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
237 ((u16 *) (icmp))[2] = bibe->in_port;
239 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
243 ip6_header_t *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
245 nat64_compose_ip6 (&ip6->src_address, &ip4->src_address,
246 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX]);
247 ip6->dst_address.as_u64[0] = inner_ip6->src_address.as_u64[0];
248 ip6->dst_address.as_u64[1] = inner_ip6->src_address.as_u64[1];
255 nat64_out2in_inner_icmp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
258 nat64_main_t *nm = &nat64_main;
259 nat64_out2in_set_ctx_t *ctx = arg;
260 nat64_db_bib_entry_t *bibe;
261 nat64_db_st_entry_t *ste;
262 ip46_address_t saddr, daddr;
263 u32 sw_if_index, fib_index;
264 u8 proto = ip4->protocol;
266 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
268 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
270 memset (&saddr, 0, sizeof (saddr));
271 saddr.ip4.as_u32 = ip4->src_address.as_u32;
272 memset (&daddr, 0, sizeof (daddr));
273 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
275 if (proto == IP_PROTOCOL_ICMP6)
277 icmp46_header_t *icmp = ip4_next_header (ip4);
278 u16 out_id = ((u16 *) (icmp))[2];
279 proto = IP_PROTOCOL_ICMP;
282 (icmp->type == ICMP6_echo_request
283 || icmp->type == ICMP6_echo_reply))
287 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, out_id, 0, proto,
292 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
296 ip6->dst_address.as_u64[0] = ste->in_r_addr.as_u64[0];
297 ip6->dst_address.as_u64[1] = ste->in_r_addr.as_u64[1];
298 ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
299 ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
300 ((u16 *) (icmp))[2] = bibe->in_port;
302 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
306 udp_header_t *udp = ip4_next_header (ip4);
307 tcp_header_t *tcp = ip4_next_header (ip4);
308 u16 dport = udp->dst_port;
309 u16 sport = udp->src_port;
314 nat64_db_st_entry_find (&nm->db, &saddr, &daddr, sport, dport, proto,
319 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
323 nat64_compose_ip6 (&ip6->dst_address, &daddr.ip4, bibe->fib_index);
324 ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
325 ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
326 udp->src_port = bibe->in_port;
328 if (proto == IP_PROTOCOL_UDP)
329 checksum = &udp->checksum;
331 checksum = &tcp->checksum;
334 csum = ip_csum_sub_even (*checksum, sport);
335 csum = ip_csum_add_even (csum, udp->src_port);
336 *checksum = ip_csum_fold (csum);
339 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
346 nat64_out2in_unk_proto_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
349 nat64_main_t *nm = &nat64_main;
350 nat64_out2in_set_ctx_t *ctx = arg;
351 nat64_db_bib_entry_t *bibe;
352 nat64_db_st_entry_t *ste;
353 ip46_address_t saddr, daddr;
354 ip6_address_t ip6_saddr;
355 u32 sw_if_index, fib_index;
356 u8 proto = ip4->protocol;
358 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
359 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
361 memset (&saddr, 0, sizeof (saddr));
362 saddr.ip4.as_u32 = ip4->src_address.as_u32;
363 memset (&daddr, 0, sizeof (daddr));
364 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
367 nat64_db_st_entry_find (&nm->db, &daddr, &saddr, 0, 0, proto, fib_index,
371 bibe = nat64_db_bib_entry_by_index (&nm->db, proto, ste->bibe_index);
378 nat64_db_bib_entry_find (&nm->db, &daddr, 0, proto, fib_index, 0);
383 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
385 nat64_db_st_entry_create (&nm->db, bibe, &ip6_saddr, &saddr.ip4, 0);
388 nat64_session_reset_timeout (ste, ctx->vm);
390 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
391 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
393 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
394 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
396 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
402 nat64_out2in_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
403 vlib_frame_t * frame)
405 u32 n_left_from, *from, *to_next;
406 nat64_out2in_next_t next_index;
407 u32 pkts_processed = 0;
409 from = vlib_frame_vector_args (frame);
410 n_left_from = frame->n_vectors;
411 next_index = node->cached_next_index;
412 while (n_left_from > 0)
416 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
418 while (n_left_from > 0 && n_left_to_next > 0)
425 nat64_out2in_set_ctx_t ctx0;
427 /* speculatively enqueue b0 to the current next frame */
435 b0 = vlib_get_buffer (vm, bi0);
436 ip40 = vlib_buffer_get_current (b0);
441 next0 = NAT64_OUT2IN_NEXT_LOOKUP;
443 proto0 = ip_proto_to_snat_proto (ip40->protocol);
445 if (PREDICT_FALSE (proto0 == ~0))
447 if (ip4_to_ip6 (b0, nat64_out2in_unk_proto_set_cb, &ctx0))
449 next0 = NAT64_OUT2IN_NEXT_DROP;
450 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
455 if (PREDICT_FALSE (ip4_is_fragment (ip40)))
457 next0 = NAT64_OUT2IN_NEXT_REASS;
461 if (proto0 == SNAT_PROTOCOL_ICMP)
464 (b0, nat64_out2in_icmp_set_cb, &ctx0,
465 nat64_out2in_inner_icmp_set_cb, &ctx0))
467 next0 = NAT64_OUT2IN_NEXT_DROP;
468 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
474 if (ip4_to_ip6_tcp_udp (b0, nat64_out2in_tcp_udp_set_cb, &ctx0))
476 next0 = NAT64_OUT2IN_NEXT_DROP;
477 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
483 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
484 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
486 nat64_out2in_trace_t *t =
487 vlib_add_trace (vm, node, b0, sizeof (*t));
488 t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
489 t->next_index = next0;
492 pkts_processed += next0 != NAT64_OUT2IN_NEXT_DROP;
494 /* verify speculative enqueue, maybe switch current next frame */
495 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
496 n_left_to_next, bi0, next0);
498 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
500 vlib_node_increment_counter (vm, nat64_out2in_node.index,
501 NAT64_OUT2IN_ERROR_OUT2IN_PACKETS,
503 return frame->n_vectors;
507 VLIB_REGISTER_NODE (nat64_out2in_node) = {
508 .function = nat64_out2in_node_fn,
509 .name = "nat64-out2in",
510 .vector_size = sizeof (u32),
511 .format_trace = format_nat64_out2in_trace,
512 .type = VLIB_NODE_TYPE_INTERNAL,
513 .n_errors = ARRAY_LEN (nat64_out2in_error_strings),
514 .error_strings = nat64_out2in_error_strings,
515 .n_next_nodes = NAT64_OUT2IN_N_NEXT,
516 /* edit / add dispositions here */
518 [NAT64_OUT2IN_NEXT_DROP] = "error-drop",
519 [NAT64_OUT2IN_NEXT_LOOKUP] = "ip6-lookup",
520 [NAT64_OUT2IN_NEXT_REASS] = "nat64-out2in-reass",
525 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_node, nat64_out2in_node_fn);
527 typedef struct nat64_out2in_frag_set_ctx_t_
534 } nat64_out2in_frag_set_ctx_t;
537 nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
539 nat64_main_t *nm = &nat64_main;
540 nat64_out2in_frag_set_ctx_t *ctx = arg;
541 nat64_db_st_entry_t *ste;
542 nat64_db_bib_entry_t *bibe;
543 udp_header_t *udp = ip4_next_header (ip4);
547 ste = nat64_db_st_entry_by_index (&nm->db, ctx->proto, ctx->sess_index);
551 bibe = nat64_db_bib_entry_by_index (&nm->db, ctx->proto, ste->bibe_index);
555 nat64_session_reset_timeout (ste, ctx->vm);
559 udp->dst_port = bibe->in_port;
561 if (ip4->protocol == IP_PROTOCOL_UDP)
563 checksum = &udp->checksum;
568 clib_host_to_net_u16 (ip4->length) - sizeof (*ip4);
569 csum = ip_incremental_checksum (0, udp, udp_len);
571 ip_csum_with_carry (csum, clib_host_to_net_u16 (udp_len));
573 ip_csum_with_carry (csum,
574 clib_host_to_net_u16 (IP_PROTOCOL_UDP));
575 csum = ip_csum_with_carry (csum, ste->in_r_addr.as_u64[0]);
576 csum = ip_csum_with_carry (csum, ste->in_r_addr.as_u64[1]);
577 csum = ip_csum_with_carry (csum, bibe->in_addr.as_u64[0]);
578 csum = ip_csum_with_carry (csum, bibe->in_addr.as_u64[1]);
579 *checksum = ~ip_csum_fold (csum);
583 csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
584 csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
585 csum = ip_csum_sub_even (csum, bibe->out_port);
586 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[0]);
587 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[1]);
588 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[0]);
589 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[1]);
590 csum = ip_csum_add_even (csum, bibe->in_port);
591 *checksum = ip_csum_fold (csum);
596 tcp_header_t *tcp = ip4_next_header (ip4);
597 checksum = &tcp->checksum;
598 csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
599 csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
600 csum = ip_csum_sub_even (csum, bibe->out_port);
601 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[0]);
602 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[1]);
603 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[0]);
604 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[1]);
605 csum = ip_csum_add_even (csum, bibe->in_port);
606 *checksum = ip_csum_fold (csum);
611 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
612 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
614 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
615 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
617 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
623 nat64_out2in_reass_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
624 vlib_frame_t * frame)
626 u32 n_left_from, *from, *to_next;
627 nat64_out2in_next_t next_index;
628 u32 pkts_processed = 0;
629 u32 *fragments_to_drop = 0;
630 u32 *fragments_to_loopback = 0;
631 nat64_main_t *nm = &nat64_main;
633 from = vlib_frame_vector_args (frame);
634 n_left_from = frame->n_vectors;
635 next_index = node->cached_next_index;
637 while (n_left_from > 0)
641 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
643 while (n_left_from > 0 && n_left_to_next > 0)
650 u32 sw_if_index0, fib_index0;
652 nat_reass_ip4_t *reass0;
653 ip46_address_t saddr0, daddr0;
654 nat64_db_st_entry_t *ste0;
655 nat64_db_bib_entry_t *bibe0;
656 ip6_address_t ip6_saddr0;
657 nat64_out2in_frag_set_ctx_t ctx0;
659 /* speculatively enqueue b0 to the current next frame */
667 b0 = vlib_get_buffer (vm, bi0);
668 next0 = NAT64_OUT2IN_NEXT_LOOKUP;
670 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
672 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
675 if (PREDICT_FALSE (nat_reass_is_drop_frag (1)))
677 next0 = NAT64_OUT2IN_NEXT_DROP;
678 b0->error = node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT];
682 ip40 = vlib_buffer_get_current (b0);
684 if (PREDICT_FALSE (!(ip40->protocol == IP_PROTOCOL_TCP
685 || ip40->protocol == IP_PROTOCOL_UDP)))
687 next0 = NAT64_OUT2IN_NEXT_DROP;
688 b0->error = node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT];
692 udp0 = ip4_next_header (ip40);
694 reass0 = nat_ip4_reass_find_or_create (ip40->src_address,
698 1, &fragments_to_drop);
700 if (PREDICT_FALSE (!reass0))
702 next0 = NAT64_OUT2IN_NEXT_DROP;
703 b0->error = node->errors[NAT64_OUT2IN_ERROR_MAX_REASS];
707 if (PREDICT_FALSE (ip4_is_first_fragment (ip40)))
711 memset (&saddr0, 0, sizeof (saddr0));
712 saddr0.ip4.as_u32 = ip40->src_address.as_u32;
713 memset (&daddr0, 0, sizeof (daddr0));
714 daddr0.ip4.as_u32 = ip40->dst_address.as_u32;
717 nat64_db_st_entry_find (&nm->db, &daddr0, &saddr0,
718 udp0->dst_port, udp0->src_port,
719 ip40->protocol, fib_index0, 0);
723 nat64_db_bib_entry_find (&nm->db, &daddr0, udp0->dst_port,
724 ip40->protocol, fib_index0, 0);
727 next0 = NAT64_OUT2IN_NEXT_DROP;
729 node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
733 nat64_compose_ip6 (&ip6_saddr0, &ip40->src_address,
736 nat64_db_st_entry_create (&nm->db, bibe0, &ip6_saddr0,
737 &saddr0.ip4, udp0->src_port);
741 next0 = NAT64_OUT2IN_NEXT_DROP;
743 node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
748 nat64_db_st_entry_get_index (&nm->db, ste0);
750 nat_ip4_reass_get_frags (reass0, &fragments_to_loopback);
756 if (PREDICT_FALSE (reass0->sess_index == (u32) ~ 0))
758 if (nat_ip4_reass_add_fragment (reass0, bi0))
760 b0->error = node->errors[NAT64_OUT2IN_ERROR_MAX_FRAG];
761 next0 = NAT64_OUT2IN_NEXT_DROP;
769 ctx0.sess_index = reass0->sess_index;
770 ctx0.proto = ip40->protocol;
774 if (ip4_to_ip6_fragmented (b0, nat64_out2in_frag_set_cb, &ctx0))
776 next0 = NAT64_OUT2IN_NEXT_DROP;
777 b0->error = node->errors[NAT64_OUT2IN_ERROR_UNKNOWN];
783 ((node->flags & VLIB_NODE_FLAG_TRACE)
784 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
786 nat64_out2in_reass_trace_t *t =
787 vlib_add_trace (vm, node, b0, sizeof (*t));
789 t->sw_if_index = sw_if_index0;
790 t->next_index = next0;
800 pkts_processed += next0 != NAT64_OUT2IN_NEXT_DROP;
802 /* verify speculative enqueue, maybe switch current next frame */
803 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
804 to_next, n_left_to_next,
808 if (n_left_from == 0 && vec_len (fragments_to_loopback))
810 from = vlib_frame_vector_args (frame);
811 u32 len = vec_len (fragments_to_loopback);
812 if (len <= VLIB_FRAME_SIZE)
814 clib_memcpy (from, fragments_to_loopback,
817 vec_reset_length (fragments_to_loopback);
822 fragments_to_loopback + (len -
824 sizeof (u32) * VLIB_FRAME_SIZE);
825 n_left_from = VLIB_FRAME_SIZE;
826 _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
831 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
834 vlib_node_increment_counter (vm, nat64_out2in_reass_node.index,
835 NAT64_OUT2IN_ERROR_OUT2IN_PACKETS,
838 nat_send_all_to_node (vm, fragments_to_drop, node,
839 &node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT],
840 NAT64_OUT2IN_NEXT_DROP);
842 vec_free (fragments_to_drop);
843 vec_free (fragments_to_loopback);
844 return frame->n_vectors;
848 VLIB_REGISTER_NODE (nat64_out2in_reass_node) = {
849 .function = nat64_out2in_reass_node_fn,
850 .name = "nat64-out2in-reass",
851 .vector_size = sizeof (u32),
852 .format_trace = format_nat64_out2in_reass_trace,
853 .type = VLIB_NODE_TYPE_INTERNAL,
854 .n_errors = ARRAY_LEN (nat64_out2in_error_strings),
855 .error_strings = nat64_out2in_error_strings,
856 .n_next_nodes = NAT64_OUT2IN_N_NEXT,
857 /* edit / add dispositions here */
859 [NAT64_OUT2IN_NEXT_DROP] = "error-drop",
860 [NAT64_OUT2IN_NEXT_LOOKUP] = "ip6-lookup",
861 [NAT64_OUT2IN_NEXT_REASS] = "nat64-out2in-reass",
866 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_reass_node,
867 nat64_out2in_reass_node_fn);
870 * fd.io coding-style-patch-verification: ON
873 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob