2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT64 IPv4 to IPv6 translation (otside to inside network)
20 #include <nat/nat64.h>
21 #include <nat/nat_reass.h>
22 #include <nat/nat_inlines.h>
23 #include <vnet/ip/ip4_to_ip6.h>
24 #include <vnet/fib/ip4_fib.h>
25 #include <vnet/udp/udp.h>
31 } nat64_out2in_trace_t;
34 format_nat64_out2in_trace (u8 * s, va_list * args)
36 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
37 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
38 nat64_out2in_trace_t *t = va_arg (*args, nat64_out2in_trace_t *);
41 format (s, "NAT64-out2in: sw_if_index %d, next index %d", t->sw_if_index,
52 } nat64_out2in_reass_trace_t;
55 format_nat64_out2in_reass_trace (u8 * s, va_list * args)
57 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
58 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
59 nat64_out2in_reass_trace_t *t =
60 va_arg (*args, nat64_out2in_reass_trace_t *);
63 format (s, "NAT64-out2in-reass: sw_if_index %d, next index %d, status %s",
64 t->sw_if_index, t->next_index,
65 t->cached ? "cached" : "translated");
70 vlib_node_registration_t nat64_out2in_node;
71 vlib_node_registration_t nat64_out2in_reass_node;
72 vlib_node_registration_t nat64_out2in_handoff_node;
74 #define foreach_nat64_out2in_error \
75 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \
76 _(OUT2IN_PACKETS, "Good out2in packets processed") \
77 _(NO_TRANSLATION, "No translation") \
78 _(UNKNOWN, "unknown") \
79 _(DROP_FRAGMENT, "Drop fragment") \
80 _(MAX_REASS, "Maximum reassemblies exceeded") \
81 _(MAX_FRAG, "Maximum fragments per reassembly exceeded")
86 #define _(sym,str) NAT64_OUT2IN_ERROR_##sym,
87 foreach_nat64_out2in_error
90 } nat64_out2in_error_t;
92 static char *nat64_out2in_error_strings[] = {
93 #define _(sym,string) string,
94 foreach_nat64_out2in_error
100 NAT64_OUT2IN_NEXT_IP6_LOOKUP,
101 NAT64_OUT2IN_NEXT_IP4_LOOKUP,
102 NAT64_OUT2IN_NEXT_DROP,
103 NAT64_OUT2IN_NEXT_REASS,
105 } nat64_out2in_next_t;
107 typedef struct nat64_out2in_set_ctx_t_
112 } nat64_out2in_set_ctx_t;
115 nat64_out2in_tcp_udp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
118 nat64_main_t *nm = &nat64_main;
119 nat64_out2in_set_ctx_t *ctx = arg;
120 nat64_db_bib_entry_t *bibe;
121 nat64_db_st_entry_t *ste;
122 ip46_address_t saddr, daddr;
123 ip6_address_t ip6_saddr;
124 udp_header_t *udp = ip4_next_header (ip4);
125 tcp_header_t *tcp = ip4_next_header (ip4);
126 u8 proto = ip4->protocol;
127 u16 dport = udp->dst_port;
128 u16 sport = udp->src_port;
129 u32 sw_if_index, fib_index;
132 nat64_db_t *db = &nm->db[ctx->thread_index];
134 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
135 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
137 memset (&saddr, 0, sizeof (saddr));
138 saddr.ip4.as_u32 = ip4->src_address.as_u32;
139 memset (&daddr, 0, sizeof (daddr));
140 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
143 nat64_db_st_entry_find (db, &daddr, &saddr, dport, sport, proto,
147 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
153 bibe = nat64_db_bib_entry_find (db, &daddr, dport, proto, fib_index, 0);
158 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
160 nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, sport);
163 nat64_session_reset_timeout (ste, ctx->vm);
165 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
166 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
168 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
169 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
170 udp->dst_port = bibe->in_port;
172 if (proto == IP_PROTOCOL_UDP)
173 checksum = &udp->checksum;
175 checksum = &tcp->checksum;
176 csum = ip_csum_sub_even (*checksum, dport);
177 csum = ip_csum_add_even (csum, udp->dst_port);
178 *checksum = ip_csum_fold (csum);
180 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
186 nat64_out2in_icmp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
188 nat64_main_t *nm = &nat64_main;
189 nat64_out2in_set_ctx_t *ctx = arg;
190 nat64_db_bib_entry_t *bibe;
191 nat64_db_st_entry_t *ste;
192 ip46_address_t saddr, daddr;
193 ip6_address_t ip6_saddr;
194 u32 sw_if_index, fib_index;
195 icmp46_header_t *icmp = ip4_next_header (ip4);
196 nat64_db_t *db = &nm->db[ctx->thread_index];
198 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
199 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
201 memset (&saddr, 0, sizeof (saddr));
202 saddr.ip4.as_u32 = ip4->src_address.as_u32;
203 memset (&daddr, 0, sizeof (daddr));
204 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
206 if (icmp->type == ICMP6_echo_request || icmp->type == ICMP6_echo_reply)
208 u16 out_id = ((u16 *) (icmp))[2];
210 nat64_db_st_entry_find (db, &daddr, &saddr, out_id, 0,
211 IP_PROTOCOL_ICMP, fib_index, 0);
216 nat64_db_bib_entry_by_index (db, IP_PROTOCOL_ICMP,
224 nat64_db_bib_entry_find (db, &daddr, out_id,
225 IP_PROTOCOL_ICMP, fib_index, 0);
229 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
231 nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, 0);
234 nat64_session_reset_timeout (ste, ctx->vm);
236 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
237 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
239 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
240 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
241 ((u16 *) (icmp))[2] = bibe->in_port;
243 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
247 ip6_header_t *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
249 nat64_compose_ip6 (&ip6->src_address, &ip4->src_address,
250 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX]);
251 ip6->dst_address.as_u64[0] = inner_ip6->src_address.as_u64[0];
252 ip6->dst_address.as_u64[1] = inner_ip6->src_address.as_u64[1];
259 nat64_out2in_inner_icmp_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
262 nat64_main_t *nm = &nat64_main;
263 nat64_out2in_set_ctx_t *ctx = arg;
264 nat64_db_bib_entry_t *bibe;
265 nat64_db_st_entry_t *ste;
266 ip46_address_t saddr, daddr;
267 u32 sw_if_index, fib_index;
268 u8 proto = ip4->protocol;
269 nat64_db_t *db = &nm->db[ctx->thread_index];
271 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
273 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6, sw_if_index);
275 memset (&saddr, 0, sizeof (saddr));
276 saddr.ip4.as_u32 = ip4->src_address.as_u32;
277 memset (&daddr, 0, sizeof (daddr));
278 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
280 if (proto == IP_PROTOCOL_ICMP6)
282 icmp46_header_t *icmp = ip4_next_header (ip4);
283 u16 out_id = ((u16 *) (icmp))[2];
284 proto = IP_PROTOCOL_ICMP;
287 (icmp->type == ICMP6_echo_request
288 || icmp->type == ICMP6_echo_reply))
292 nat64_db_st_entry_find (db, &saddr, &daddr, out_id, 0, proto,
297 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
301 ip6->dst_address.as_u64[0] = ste->in_r_addr.as_u64[0];
302 ip6->dst_address.as_u64[1] = ste->in_r_addr.as_u64[1];
303 ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
304 ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
305 ((u16 *) (icmp))[2] = bibe->in_port;
307 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
311 udp_header_t *udp = ip4_next_header (ip4);
312 tcp_header_t *tcp = ip4_next_header (ip4);
313 u16 dport = udp->dst_port;
314 u16 sport = udp->src_port;
319 nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto,
324 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
328 nat64_compose_ip6 (&ip6->dst_address, &daddr.ip4, bibe->fib_index);
329 ip6->src_address.as_u64[0] = bibe->in_addr.as_u64[0];
330 ip6->src_address.as_u64[1] = bibe->in_addr.as_u64[1];
331 udp->src_port = bibe->in_port;
333 if (proto == IP_PROTOCOL_UDP)
334 checksum = &udp->checksum;
336 checksum = &tcp->checksum;
339 csum = ip_csum_sub_even (*checksum, sport);
340 csum = ip_csum_add_even (csum, udp->src_port);
341 *checksum = ip_csum_fold (csum);
344 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
351 nat64_out2in_unk_proto_set_cb (ip4_header_t * ip4, ip6_header_t * ip6,
354 nat64_main_t *nm = &nat64_main;
355 nat64_out2in_set_ctx_t *ctx = arg;
356 nat64_db_bib_entry_t *bibe;
357 nat64_db_st_entry_t *ste;
358 ip46_address_t saddr, daddr;
359 ip6_address_t ip6_saddr;
360 u32 sw_if_index, fib_index;
361 u8 proto = ip4->protocol;
362 nat64_db_t *db = &nm->db[ctx->thread_index];
364 sw_if_index = vnet_buffer (ctx->b)->sw_if_index[VLIB_RX];
365 fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
367 memset (&saddr, 0, sizeof (saddr));
368 saddr.ip4.as_u32 = ip4->src_address.as_u32;
369 memset (&daddr, 0, sizeof (daddr));
370 daddr.ip4.as_u32 = ip4->dst_address.as_u32;
373 nat64_db_st_entry_find (db, &daddr, &saddr, 0, 0, proto, fib_index, 0);
376 bibe = nat64_db_bib_entry_by_index (db, proto, ste->bibe_index);
382 bibe = nat64_db_bib_entry_find (db, &daddr, 0, proto, fib_index, 0);
387 nat64_compose_ip6 (&ip6_saddr, &ip4->src_address, bibe->fib_index);
388 ste = nat64_db_st_entry_create (db, bibe, &ip6_saddr, &saddr.ip4, 0);
391 nat64_session_reset_timeout (ste, ctx->vm);
393 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
394 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
396 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
397 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
399 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
405 nat64_out2in_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
406 vlib_frame_t * frame)
408 u32 n_left_from, *from, *to_next;
409 nat64_out2in_next_t next_index;
410 u32 pkts_processed = 0;
411 u32 thread_index = vm->thread_index;
413 from = vlib_frame_vector_args (frame);
414 n_left_from = frame->n_vectors;
415 next_index = node->cached_next_index;
416 while (n_left_from > 0)
420 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
422 while (n_left_from > 0 && n_left_to_next > 0)
429 nat64_out2in_set_ctx_t ctx0;
432 /* speculatively enqueue b0 to the current next frame */
440 b0 = vlib_get_buffer (vm, bi0);
441 ip40 = vlib_buffer_get_current (b0);
445 ctx0.thread_index = thread_index;
447 next0 = NAT64_OUT2IN_NEXT_IP6_LOOKUP;
449 proto0 = ip_proto_to_snat_proto (ip40->protocol);
451 if (PREDICT_FALSE (proto0 == ~0))
453 if (ip4_to_ip6 (b0, nat64_out2in_unk_proto_set_cb, &ctx0))
455 next0 = NAT64_OUT2IN_NEXT_DROP;
456 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
461 if (PREDICT_FALSE (ip4_is_fragment (ip40)))
463 next0 = NAT64_OUT2IN_NEXT_REASS;
467 if (proto0 == SNAT_PROTOCOL_ICMP)
470 (b0, nat64_out2in_icmp_set_cb, &ctx0,
471 nat64_out2in_inner_icmp_set_cb, &ctx0))
473 next0 = NAT64_OUT2IN_NEXT_DROP;
474 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
480 if (ip4_to_ip6_tcp_udp (b0, nat64_out2in_tcp_udp_set_cb, &ctx0))
482 udp0 = ip4_next_header (ip40);
484 * Send DHCP packets to the ipv4 stack, or we won't
485 * be able to use dhcp client on the outside interface
487 if ((proto0 == SNAT_PROTOCOL_UDP)
488 && (udp0->dst_port ==
489 clib_host_to_net_u16 (UDP_DST_PORT_dhcp_to_client)))
491 next0 = NAT64_OUT2IN_NEXT_IP4_LOOKUP;
494 next0 = NAT64_OUT2IN_NEXT_DROP;
495 b0->error = node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
501 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
502 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
504 nat64_out2in_trace_t *t =
505 vlib_add_trace (vm, node, b0, sizeof (*t));
506 t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
507 t->next_index = next0;
510 pkts_processed += next0 != NAT64_OUT2IN_NEXT_DROP;
512 /* verify speculative enqueue, maybe switch current next frame */
513 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
514 n_left_to_next, bi0, next0);
516 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
518 vlib_node_increment_counter (vm, nat64_out2in_node.index,
519 NAT64_OUT2IN_ERROR_OUT2IN_PACKETS,
521 return frame->n_vectors;
525 VLIB_REGISTER_NODE (nat64_out2in_node) = {
526 .function = nat64_out2in_node_fn,
527 .name = "nat64-out2in",
528 .vector_size = sizeof (u32),
529 .format_trace = format_nat64_out2in_trace,
530 .type = VLIB_NODE_TYPE_INTERNAL,
531 .n_errors = ARRAY_LEN (nat64_out2in_error_strings),
532 .error_strings = nat64_out2in_error_strings,
533 .n_next_nodes = NAT64_OUT2IN_N_NEXT,
534 /* edit / add dispositions here */
536 [NAT64_OUT2IN_NEXT_DROP] = "error-drop",
537 [NAT64_OUT2IN_NEXT_IP6_LOOKUP] = "ip6-lookup",
538 [NAT64_OUT2IN_NEXT_IP4_LOOKUP] = "ip4-lookup",
539 [NAT64_OUT2IN_NEXT_REASS] = "nat64-out2in-reass",
544 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_node, nat64_out2in_node_fn);
546 typedef struct nat64_out2in_frag_set_ctx_t_
554 } nat64_out2in_frag_set_ctx_t;
557 nat64_out2in_frag_set_cb (ip4_header_t * ip4, ip6_header_t * ip6, void *arg)
559 nat64_main_t *nm = &nat64_main;
560 nat64_out2in_frag_set_ctx_t *ctx = arg;
561 nat64_db_st_entry_t *ste;
562 nat64_db_bib_entry_t *bibe;
563 udp_header_t *udp = ip4_next_header (ip4);
566 nat64_db_t *db = &nm->db[ctx->thread_index];
568 ste = nat64_db_st_entry_by_index (db, ctx->proto, ctx->sess_index);
572 bibe = nat64_db_bib_entry_by_index (db, ctx->proto, ste->bibe_index);
576 nat64_session_reset_timeout (ste, ctx->vm);
580 udp->dst_port = bibe->in_port;
582 if (ip4->protocol == IP_PROTOCOL_UDP)
584 checksum = &udp->checksum;
589 clib_host_to_net_u16 (ip4->length) - sizeof (*ip4);
590 csum = ip_incremental_checksum (0, udp, udp_len);
592 ip_csum_with_carry (csum, clib_host_to_net_u16 (udp_len));
594 ip_csum_with_carry (csum,
595 clib_host_to_net_u16 (IP_PROTOCOL_UDP));
596 csum = ip_csum_with_carry (csum, ste->in_r_addr.as_u64[0]);
597 csum = ip_csum_with_carry (csum, ste->in_r_addr.as_u64[1]);
598 csum = ip_csum_with_carry (csum, bibe->in_addr.as_u64[0]);
599 csum = ip_csum_with_carry (csum, bibe->in_addr.as_u64[1]);
600 *checksum = ~ip_csum_fold (csum);
604 csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
605 csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
606 csum = ip_csum_sub_even (csum, bibe->out_port);
607 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[0]);
608 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[1]);
609 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[0]);
610 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[1]);
611 csum = ip_csum_add_even (csum, bibe->in_port);
612 *checksum = ip_csum_fold (csum);
617 tcp_header_t *tcp = ip4_next_header (ip4);
618 checksum = &tcp->checksum;
619 csum = ip_csum_sub_even (*checksum, bibe->out_addr.as_u32);
620 csum = ip_csum_sub_even (csum, ste->out_r_addr.as_u32);
621 csum = ip_csum_sub_even (csum, bibe->out_port);
622 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[0]);
623 csum = ip_csum_add_even (csum, ste->in_r_addr.as_u64[1]);
624 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[0]);
625 csum = ip_csum_add_even (csum, bibe->in_addr.as_u64[1]);
626 csum = ip_csum_add_even (csum, bibe->in_port);
627 *checksum = ip_csum_fold (csum);
632 ip6->src_address.as_u64[0] = ste->in_r_addr.as_u64[0];
633 ip6->src_address.as_u64[1] = ste->in_r_addr.as_u64[1];
635 ip6->dst_address.as_u64[0] = bibe->in_addr.as_u64[0];
636 ip6->dst_address.as_u64[1] = bibe->in_addr.as_u64[1];
638 vnet_buffer (ctx->b)->sw_if_index[VLIB_TX] = bibe->fib_index;
644 nat64_out2in_reass_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
645 vlib_frame_t * frame)
647 u32 n_left_from, *from, *to_next;
648 nat64_out2in_next_t next_index;
649 u32 pkts_processed = 0;
650 u32 *fragments_to_drop = 0;
651 u32 *fragments_to_loopback = 0;
652 nat64_main_t *nm = &nat64_main;
653 u32 thread_index = vm->thread_index;
655 from = vlib_frame_vector_args (frame);
656 n_left_from = frame->n_vectors;
657 next_index = node->cached_next_index;
659 while (n_left_from > 0)
663 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
665 while (n_left_from > 0 && n_left_to_next > 0)
672 u32 sw_if_index0, fib_index0;
674 nat_reass_ip4_t *reass0;
675 ip46_address_t saddr0, daddr0;
676 nat64_db_st_entry_t *ste0;
677 nat64_db_bib_entry_t *bibe0;
678 ip6_address_t ip6_saddr0;
679 nat64_out2in_frag_set_ctx_t ctx0;
680 nat64_db_t *db = &nm->db[thread_index];
682 /* speculatively enqueue b0 to the current next frame */
690 b0 = vlib_get_buffer (vm, bi0);
691 next0 = NAT64_OUT2IN_NEXT_IP6_LOOKUP;
693 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
695 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
698 ctx0.thread_index = thread_index;
700 if (PREDICT_FALSE (nat_reass_is_drop_frag (1)))
702 next0 = NAT64_OUT2IN_NEXT_DROP;
703 b0->error = node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT];
707 ip40 = vlib_buffer_get_current (b0);
709 if (PREDICT_FALSE (!(ip40->protocol == IP_PROTOCOL_TCP
710 || ip40->protocol == IP_PROTOCOL_UDP)))
712 next0 = NAT64_OUT2IN_NEXT_DROP;
713 b0->error = node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT];
717 udp0 = ip4_next_header (ip40);
719 reass0 = nat_ip4_reass_find_or_create (ip40->src_address,
723 1, &fragments_to_drop);
725 if (PREDICT_FALSE (!reass0))
727 next0 = NAT64_OUT2IN_NEXT_DROP;
728 b0->error = node->errors[NAT64_OUT2IN_ERROR_MAX_REASS];
732 if (PREDICT_FALSE (ip4_is_first_fragment (ip40)))
736 memset (&saddr0, 0, sizeof (saddr0));
737 saddr0.ip4.as_u32 = ip40->src_address.as_u32;
738 memset (&daddr0, 0, sizeof (daddr0));
739 daddr0.ip4.as_u32 = ip40->dst_address.as_u32;
742 nat64_db_st_entry_find (db, &daddr0, &saddr0,
743 udp0->dst_port, udp0->src_port,
744 ip40->protocol, fib_index0, 0);
748 nat64_db_bib_entry_find (db, &daddr0, udp0->dst_port,
749 ip40->protocol, fib_index0, 0);
752 next0 = NAT64_OUT2IN_NEXT_DROP;
754 node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
758 nat64_compose_ip6 (&ip6_saddr0, &ip40->src_address,
761 nat64_db_st_entry_create (db, bibe0, &ip6_saddr0,
762 &saddr0.ip4, udp0->src_port);
766 next0 = NAT64_OUT2IN_NEXT_DROP;
768 node->errors[NAT64_OUT2IN_ERROR_NO_TRANSLATION];
772 reass0->sess_index = nat64_db_st_entry_get_index (db, ste0);
773 reass0->thread_index = thread_index;
775 nat_ip4_reass_get_frags (reass0, &fragments_to_loopback);
781 if (PREDICT_FALSE (reass0->sess_index == (u32) ~ 0))
783 if (nat_ip4_reass_add_fragment (reass0, bi0))
785 b0->error = node->errors[NAT64_OUT2IN_ERROR_MAX_FRAG];
786 next0 = NAT64_OUT2IN_NEXT_DROP;
794 ctx0.sess_index = reass0->sess_index;
795 ctx0.proto = ip40->protocol;
799 if (ip4_to_ip6_fragmented (b0, nat64_out2in_frag_set_cb, &ctx0))
801 next0 = NAT64_OUT2IN_NEXT_DROP;
802 b0->error = node->errors[NAT64_OUT2IN_ERROR_UNKNOWN];
808 ((node->flags & VLIB_NODE_FLAG_TRACE)
809 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
811 nat64_out2in_reass_trace_t *t =
812 vlib_add_trace (vm, node, b0, sizeof (*t));
814 t->sw_if_index = sw_if_index0;
815 t->next_index = next0;
825 pkts_processed += next0 != NAT64_OUT2IN_NEXT_DROP;
827 /* verify speculative enqueue, maybe switch current next frame */
828 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
829 to_next, n_left_to_next,
833 if (n_left_from == 0 && vec_len (fragments_to_loopback))
835 from = vlib_frame_vector_args (frame);
836 u32 len = vec_len (fragments_to_loopback);
837 if (len <= VLIB_FRAME_SIZE)
839 clib_memcpy (from, fragments_to_loopback,
842 vec_reset_length (fragments_to_loopback);
847 fragments_to_loopback + (len -
849 sizeof (u32) * VLIB_FRAME_SIZE);
850 n_left_from = VLIB_FRAME_SIZE;
851 _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
856 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
859 vlib_node_increment_counter (vm, nat64_out2in_reass_node.index,
860 NAT64_OUT2IN_ERROR_OUT2IN_PACKETS,
863 nat_send_all_to_node (vm, fragments_to_drop, node,
864 &node->errors[NAT64_OUT2IN_ERROR_DROP_FRAGMENT],
865 NAT64_OUT2IN_NEXT_DROP);
867 vec_free (fragments_to_drop);
868 vec_free (fragments_to_loopback);
869 return frame->n_vectors;
873 VLIB_REGISTER_NODE (nat64_out2in_reass_node) = {
874 .function = nat64_out2in_reass_node_fn,
875 .name = "nat64-out2in-reass",
876 .vector_size = sizeof (u32),
877 .format_trace = format_nat64_out2in_reass_trace,
878 .type = VLIB_NODE_TYPE_INTERNAL,
879 .n_errors = ARRAY_LEN (nat64_out2in_error_strings),
880 .error_strings = nat64_out2in_error_strings,
881 .n_next_nodes = NAT64_OUT2IN_N_NEXT,
882 /* edit / add dispositions here */
884 [NAT64_OUT2IN_NEXT_DROP] = "error-drop",
885 [NAT64_OUT2IN_NEXT_IP6_LOOKUP] = "ip6-lookup",
886 [NAT64_OUT2IN_NEXT_IP4_LOOKUP] = "ip4-lookup",
887 [NAT64_OUT2IN_NEXT_REASS] = "nat64-out2in-reass",
892 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_reass_node,
893 nat64_out2in_reass_node_fn);
897 u32 next_worker_index;
899 } nat64_out2in_handoff_trace_t;
902 format_nat64_out2in_handoff_trace (u8 * s, va_list * args)
904 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
905 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
906 nat64_out2in_handoff_trace_t *t =
907 va_arg (*args, nat64_out2in_handoff_trace_t *);
910 m = t->do_handoff ? "next worker" : "same worker";
911 s = format (s, "NAT64-OUT2IN-HANDOFF: %s %d", m, t->next_worker_index);
917 nat64_out2in_handoff_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
918 vlib_frame_t * frame)
920 nat64_main_t *nm = &nat64_main;
921 vlib_thread_main_t *tm = vlib_get_thread_main ();
922 u32 n_left_from, *from, *to_next = 0, *to_next_drop = 0;
923 static __thread vlib_frame_queue_elt_t **handoff_queue_elt_by_worker_index;
924 static __thread vlib_frame_queue_t **congested_handoff_queue_by_worker_index
926 vlib_frame_queue_elt_t *hf = 0;
927 vlib_frame_queue_t *fq;
928 vlib_frame_t *f = 0, *d = 0;
930 u32 n_left_to_next_worker = 0, *to_next_worker = 0;
931 u32 next_worker_index = 0;
932 u32 current_worker_index = ~0;
933 u32 thread_index = vm->thread_index;
937 fq_index = nm->fq_out2in_index;
938 to_node_index = nat64_out2in_node.index;
940 if (PREDICT_FALSE (handoff_queue_elt_by_worker_index == 0))
942 vec_validate (handoff_queue_elt_by_worker_index, tm->n_vlib_mains - 1);
944 vec_validate_init_empty (congested_handoff_queue_by_worker_index,
945 tm->n_vlib_mains - 1,
946 (vlib_frame_queue_t *) (~0));
949 from = vlib_frame_vector_args (frame);
950 n_left_from = frame->n_vectors;
952 while (n_left_from > 0)
963 b0 = vlib_get_buffer (vm, bi0);
965 ip0 = vlib_buffer_get_current (b0);
967 next_worker_index = nat64_get_worker_out2in (ip0);
969 if (PREDICT_FALSE (next_worker_index != thread_index))
973 if (next_worker_index != current_worker_index)
976 is_vlib_frame_queue_congested (fq_index, next_worker_index,
978 congested_handoff_queue_by_worker_index);
982 /* if this is 1st frame */
985 d = vlib_get_frame_to_node (vm, nm->error_node_index);
986 to_next_drop = vlib_frame_vector_args (d);
989 to_next_drop[0] = bi0;
996 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
999 vlib_get_worker_handoff_queue_elt (fq_index,
1001 handoff_queue_elt_by_worker_index);
1002 n_left_to_next_worker = VLIB_FRAME_SIZE - hf->n_vectors;
1003 to_next_worker = &hf->buffer_index[hf->n_vectors];
1004 current_worker_index = next_worker_index;
1007 ASSERT (to_next_worker != 0);
1009 /* enqueue to correct worker thread */
1010 to_next_worker[0] = bi0;
1012 n_left_to_next_worker--;
1014 if (n_left_to_next_worker == 0)
1016 hf->n_vectors = VLIB_FRAME_SIZE;
1017 vlib_put_frame_queue_elt (hf);
1018 current_worker_index = ~0;
1019 handoff_queue_elt_by_worker_index[next_worker_index] = 0;
1026 /* if this is 1st frame */
1029 f = vlib_get_frame_to_node (vm, to_node_index);
1030 to_next = vlib_frame_vector_args (f);
1040 ((node->flags & VLIB_NODE_FLAG_TRACE)
1041 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1043 nat64_out2in_handoff_trace_t *t =
1044 vlib_add_trace (vm, node, b0, sizeof (*t));
1045 t->next_worker_index = next_worker_index;
1046 t->do_handoff = do_handoff;
1051 vlib_put_frame_to_node (vm, to_node_index, f);
1054 vlib_put_frame_to_node (vm, nm->error_node_index, d);
1057 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1059 /* Ship frames to the worker nodes */
1060 for (i = 0; i < vec_len (handoff_queue_elt_by_worker_index); i++)
1062 if (handoff_queue_elt_by_worker_index[i])
1064 hf = handoff_queue_elt_by_worker_index[i];
1066 * It works better to let the handoff node
1067 * rate-adapt, always ship the handoff queue element.
1069 if (1 || hf->n_vectors == hf->last_n_vectors)
1071 vlib_put_frame_queue_elt (hf);
1072 handoff_queue_elt_by_worker_index[i] = 0;
1075 hf->last_n_vectors = hf->n_vectors;
1077 congested_handoff_queue_by_worker_index[i] =
1078 (vlib_frame_queue_t *) (~0);
1081 current_worker_index = ~0;
1082 return frame->n_vectors;
1086 VLIB_REGISTER_NODE (nat64_out2in_handoff_node) = {
1087 .function = nat64_out2in_handoff_node_fn,
1088 .name = "nat64-out2in-handoff",
1089 .vector_size = sizeof (u32),
1090 .format_trace = format_nat64_out2in_handoff_trace,
1091 .type = VLIB_NODE_TYPE_INTERNAL,
1101 VLIB_NODE_FUNCTION_MULTIARCH (nat64_out2in_handoff_node,
1102 nat64_out2in_handoff_node_fn);
1104 * fd.io coding-style-patch-verification: ON
1107 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob