4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <vnet/map/map_dpo.h>
22 #include <vppinfra/crc32.h>
29 * This code supports the following MAP modes:
31 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
32 * ea_bits_len + ip4_prefix > 32
33 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
34 * Algorithmic Full IPv4 address (ea_bits_len > 0):
35 * ea_bits_len + ip4_prefix = 32
36 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
37 * Algorithmic IPv4 prefix (ea_bits_len > 0):
38 * ea_bits_len + ip4_prefix < 32
39 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
41 * Independent Shared IPv4 address (ea_bits_len = 0):
44 * Rule IPv6 address = 128, Rule PSID Set
45 * Independent Full IPv4 address (ea_bits_len = 0):
47 * psid_length = 0, ip6_prefix = 128
48 * Independent IPv4 prefix (ea_bits_len = 0):
50 * psid_length = 0, ip6_prefix = 128
55 * This code supports MAP-T:
57 * With DMR prefix length equal to 96.
64 map_create_domain (ip4_address_t * ip4_prefix,
66 ip6_address_t * ip6_prefix,
68 ip6_address_t * ip6_src,
72 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
74 u8 suffix_len, suffix_shift;
75 map_main_t *mm = &map_main;
76 dpo_id_t dpo_v4 = DPO_INVALID;
77 dpo_id_t dpo_v6 = DPO_INVALID;
80 /* Sanity check on the src prefix length */
81 if (flags & MAP_DOMAIN_TRANSLATION)
83 if (ip6_src_len != 96)
85 clib_warning ("MAP-T only supports ip6_src_len = 96 for now.");
91 if (ip6_src_len != 128)
94 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
100 /* How many, and which bits to grab from the IPv4 DA */
101 if (ip4_prefix_len + ea_bits_len < 32)
103 flags |= MAP_DOMAIN_PREFIX;
104 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
105 suffix_len = ea_bits_len;
110 suffix_len = 32 - ip4_prefix_len;
113 /* EA bits must be within the first 64 bits */
114 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
115 ip6_prefix_len + suffix_len + psid_length > 64))
118 ("Embedded Address bits must be within the first 64 bits of "
123 /* Get domain index */
124 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
125 memset (d, 0, sizeof (*d));
126 *map_domain_index = d - mm->domains;
128 /* Init domain struct */
129 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
130 d->ip4_prefix_len = ip4_prefix_len;
131 d->ip6_prefix = *ip6_prefix;
132 d->ip6_prefix_len = ip6_prefix_len;
133 d->ip6_src = *ip6_src;
134 d->ip6_src_len = ip6_src_len;
135 d->ea_bits_len = ea_bits_len;
136 d->psid_offset = psid_offset;
137 d->psid_length = psid_length;
140 d->suffix_shift = suffix_shift;
141 d->suffix_mask = (1 << suffix_len) - 1;
143 d->psid_shift = 16 - psid_length - psid_offset;
144 d->psid_mask = (1 << d->psid_length) - 1;
145 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
147 /* MAP data-plane object */
148 if (d->flags & MAP_DOMAIN_TRANSLATION)
149 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
151 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
153 /* Create ip4 route */
155 .fp_proto = FIB_PROTOCOL_IP4,
156 .fp_len = d->ip4_prefix_len,
158 .ip4 = d->ip4_prefix,
162 fib_table_entry_special_dpo_add (0, &pfx,
164 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
168 * construct a DPO to use the v6 domain
170 if (d->flags & MAP_DOMAIN_TRANSLATION)
171 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
173 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
176 * Multiple MAP domains may share same source IPv6 TEP. Which is just dandy.
177 * We are not tracking the sharing. So a v4 lookup to find the correct
178 * domain post decap/trnaslate is always done
180 * Create ip6 route. This is a reference counted add. If the prefix
181 * already exists and is MAP sourced, it is now MAP source n+1 times
182 * and will need to be removed n+1 times.
184 fib_prefix_t pfx6 = {
185 .fp_proto = FIB_PROTOCOL_IP6,
186 .fp_len = d->ip6_src_len,
187 .fp_addr.ip6 = d->ip6_src,
190 fib_table_entry_special_dpo_add (0, &pfx6,
192 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
195 /* Validate packet/byte counters */
196 map_domain_counter_lock (mm);
198 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
200 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
202 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
205 for (i = 0; i < vec_len (mm->domain_counters); i++)
207 vlib_validate_combined_counter (&mm->domain_counters[i],
209 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
211 map_domain_counter_unlock (mm);
220 map_delete_domain (u32 map_domain_index)
222 map_main_t *mm = &map_main;
225 if (pool_is_free_index (mm->domains, map_domain_index))
227 clib_warning ("MAP domain delete: domain does not exist: %d",
232 d = pool_elt_at_index (mm->domains, map_domain_index);
235 .fp_proto = FIB_PROTOCOL_IP4,
236 .fp_len = d->ip4_prefix_len,
238 .ip4 = d->ip4_prefix,
242 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
244 fib_prefix_t pfx6 = {
245 .fp_proto = FIB_PROTOCOL_IP6,
246 .fp_len = d->ip6_src_len,
252 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
256 clib_mem_free (d->rules);
258 pool_put (mm->domains, d);
264 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
268 map_main_t *mm = &map_main;
270 if (pool_is_free_index (mm->domains, map_domain_index))
272 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
275 d = pool_elt_at_index (mm->domains, map_domain_index);
277 /* Rules are only used in 1:1 independent case */
278 if (d->ea_bits_len > 0)
283 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
284 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
287 memset (d->rules, 0, l);
290 if (psid >= (0x1 << d->psid_length))
292 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
293 0x1 << d->psid_length);
299 d->rules[psid] = *tep;
303 memset (&d->rules[psid], 0, sizeof (ip6_address_t));
308 #ifdef MAP_SKIP_IP6_LOOKUP
310 * Pre-resolvd per-protocol global next-hops
312 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
315 map_pre_resolve_init (map_main_pre_resolved_t * pr)
317 pr->fei = FIB_NODE_INDEX_INVALID;
318 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
322 format_map_pre_resolve (u8 * s, va_list * ap)
324 map_main_pre_resolved_t *pr = va_arg (*ap, map_main_pre_resolved_t *);
326 if (FIB_NODE_INDEX_INVALID != pr->fei)
330 fib_entry_get_prefix (pr->fei, &pfx);
332 return (format (s, "%U (%u)",
333 format_ip46_address, &pfx.fp_addr, IP46_TYPE_ANY,
334 pr->dpo.dpoi_index));
338 return (format (s, "un-set"));
344 * Function definition to inform the FIB node that its last lock has gone.
347 map_last_lock_gone (fib_node_t * node)
350 * The MAP is a root of the graph. As such
351 * it never has children and thus is never locked.
356 static map_main_pre_resolved_t *
357 map_from_fib_node (fib_node_t * node)
360 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
362 return ((map_main_pre_resolved_t *)
364 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
368 map_stack (map_main_pre_resolved_t * pr)
372 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
374 dpo_copy (&pr->dpo, dpo);
378 * Function definition to backwalk a FIB node
380 static fib_node_back_walk_rc_t
381 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
383 map_stack (map_from_fib_node (node));
385 return (FIB_NODE_BACK_WALK_CONTINUE);
389 * Function definition to get a FIB node from its index
392 map_fib_node_get (fib_node_index_t index)
394 return (&pre_resolved[index].node);
398 * Virtual function table registered by MPLS GRE tunnels
399 * for participation in the FIB object graph.
401 const static fib_node_vft_t map_vft = {
402 .fnv_get = map_fib_node_get,
403 .fnv_last_lock = map_last_lock_gone,
404 .fnv_back_walk = map_back_walk,
408 map_fib_resolve (map_main_pre_resolved_t * pr,
409 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
417 pr->fei = fib_table_entry_special_add (0, // default fib
419 FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE);
420 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
425 map_fib_unresolve (map_main_pre_resolved_t * pr,
426 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
434 fib_entry_child_remove (pr->fei, pr->sibling);
436 fib_table_entry_special_remove (0, // default fib
437 &pfx, FIB_SOURCE_RR);
438 dpo_reset (&pr->dpo);
440 pr->fei = FIB_NODE_INDEX_INVALID;
441 pr->sibling = FIB_NODE_INDEX_INVALID;
445 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
447 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
449 ip46_address_t addr = {
453 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
454 FIB_PROTOCOL_IP6, 128, &addr);
456 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
457 FIB_PROTOCOL_IP6, 128, &addr);
459 if (ip4 && (ip4->as_u32 != 0))
461 ip46_address_t addr = {
465 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
466 FIB_PROTOCOL_IP4, 32, &addr);
468 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
469 FIB_PROTOCOL_IP4, 32, &addr);
474 static clib_error_t *
475 map_security_check_command_fn (vlib_main_t * vm,
476 unformat_input_t * input,
477 vlib_cli_command_t * cmd)
479 unformat_input_t _line_input, *line_input = &_line_input;
480 map_main_t *mm = &map_main;
481 clib_error_t *error = NULL;
483 /* Get a line of input. */
484 if (!unformat_user (input, unformat_line_input, line_input))
487 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
489 if (unformat (line_input, "off"))
490 mm->sec_check = false;
491 else if (unformat (line_input, "on"))
492 mm->sec_check = true;
495 error = clib_error_return (0, "unknown input `%U'",
496 format_unformat_error, line_input);
502 unformat_free (line_input);
507 static clib_error_t *
508 map_security_check_frag_command_fn (vlib_main_t * vm,
509 unformat_input_t * input,
510 vlib_cli_command_t * cmd)
512 unformat_input_t _line_input, *line_input = &_line_input;
513 map_main_t *mm = &map_main;
514 clib_error_t *error = NULL;
516 /* Get a line of input. */
517 if (!unformat_user (input, unformat_line_input, line_input))
520 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
522 if (unformat (line_input, "off"))
523 mm->sec_check_frag = false;
524 else if (unformat (line_input, "on"))
525 mm->sec_check_frag = true;
528 error = clib_error_return (0, "unknown input `%U'",
529 format_unformat_error, line_input);
535 unformat_free (line_input);
540 static clib_error_t *
541 map_add_domain_command_fn (vlib_main_t * vm,
542 unformat_input_t * input, vlib_cli_command_t * cmd)
544 unformat_input_t _line_input, *line_input = &_line_input;
545 ip4_address_t ip4_prefix;
546 ip6_address_t ip6_prefix;
547 ip6_address_t ip6_src;
548 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
550 /* Optional arguments */
551 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
555 clib_error_t *error = NULL;
557 /* Get a line of input. */
558 if (!unformat_user (input, unformat_line_input, line_input))
561 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
564 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
569 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
574 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
579 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
581 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
583 else if (unformat (line_input, "psid-offset %d", &psid_offset))
585 else if (unformat (line_input, "psid-len %d", &psid_length))
587 else if (unformat (line_input, "mtu %d", &mtu))
589 else if (unformat (line_input, "map-t"))
590 flags |= MAP_DOMAIN_TRANSLATION;
593 error = clib_error_return (0, "unknown input `%U'",
594 format_unformat_error, line_input);
601 error = clib_error_return (0, "mandatory argument(s) missing");
605 map_create_domain (&ip4_prefix, ip4_prefix_len,
606 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
607 ea_bits_len, psid_offset, psid_length, &map_domain_index,
611 unformat_free (line_input);
616 static clib_error_t *
617 map_del_domain_command_fn (vlib_main_t * vm,
618 unformat_input_t * input, vlib_cli_command_t * cmd)
620 unformat_input_t _line_input, *line_input = &_line_input;
622 u32 map_domain_index;
623 clib_error_t *error = NULL;
625 /* Get a line of input. */
626 if (!unformat_user (input, unformat_line_input, line_input))
629 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
631 if (unformat (line_input, "index %d", &map_domain_index))
635 error = clib_error_return (0, "unknown input `%U'",
636 format_unformat_error, line_input);
643 error = clib_error_return (0, "mandatory argument(s) missing");
647 map_delete_domain (map_domain_index);
650 unformat_free (line_input);
655 static clib_error_t *
656 map_add_rule_command_fn (vlib_main_t * vm,
657 unformat_input_t * input, vlib_cli_command_t * cmd)
659 unformat_input_t _line_input, *line_input = &_line_input;
662 u32 psid = 0, map_domain_index;
663 clib_error_t *error = NULL;
665 /* Get a line of input. */
666 if (!unformat_user (input, unformat_line_input, line_input))
669 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
671 if (unformat (line_input, "index %d", &map_domain_index))
673 else if (unformat (line_input, "psid %d", &psid))
676 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
680 error = clib_error_return (0, "unknown input `%U'",
681 format_unformat_error, line_input);
688 error = clib_error_return (0, "mandatory argument(s) missing");
692 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
694 error = clib_error_return (0, "Failing to add Mapping Rule");
699 unformat_free (line_input);
704 #if MAP_SKIP_IP6_LOOKUP
705 static clib_error_t *
706 map_pre_resolve_command_fn (vlib_main_t * vm,
707 unformat_input_t * input,
708 vlib_cli_command_t * cmd)
710 unformat_input_t _line_input, *line_input = &_line_input;
711 ip4_address_t ip4nh, *p_v4 = NULL;
712 ip6_address_t ip6nh, *p_v6 = NULL;
713 clib_error_t *error = NULL;
716 memset (&ip4nh, 0, sizeof (ip4nh));
717 memset (&ip6nh, 0, sizeof (ip6nh));
719 /* Get a line of input. */
720 if (!unformat_user (input, unformat_line_input, line_input))
723 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
725 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
728 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
730 else if (unformat (line_input, "del"))
734 error = clib_error_return (0, "unknown input `%U'",
735 format_unformat_error, line_input);
740 map_pre_resolve (p_v4, p_v6, is_del);
743 unformat_free (line_input);
749 static clib_error_t *
750 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
751 unformat_input_t * input,
752 vlib_cli_command_t * cmd)
754 unformat_input_t _line_input, *line_input = &_line_input;
755 ip4_address_t icmp_src_address;
756 map_main_t *mm = &map_main;
757 clib_error_t *error = NULL;
759 mm->icmp4_src_address.as_u32 = 0;
761 /* Get a line of input. */
762 if (!unformat_user (input, unformat_line_input, line_input))
765 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
768 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
769 mm->icmp4_src_address = icmp_src_address;
772 error = clib_error_return (0, "unknown input `%U'",
773 format_unformat_error, line_input);
779 unformat_free (line_input);
784 static clib_error_t *
785 map_icmp_unreachables_command_fn (vlib_main_t * vm,
786 unformat_input_t * input,
787 vlib_cli_command_t * cmd)
789 unformat_input_t _line_input, *line_input = &_line_input;
790 map_main_t *mm = &map_main;
792 clib_error_t *error = NULL;
794 /* Get a line of input. */
795 if (!unformat_user (input, unformat_line_input, line_input))
798 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
801 if (unformat (line_input, "on"))
802 mm->icmp6_enabled = true;
803 else if (unformat (line_input, "off"))
804 mm->icmp6_enabled = false;
807 error = clib_error_return (0, "unknown input `%U'",
808 format_unformat_error, line_input);
815 error = clib_error_return (0, "mandatory argument(s) missing");
818 unformat_free (line_input);
823 static clib_error_t *
824 map_fragment_command_fn (vlib_main_t * vm,
825 unformat_input_t * input, vlib_cli_command_t * cmd)
827 unformat_input_t _line_input, *line_input = &_line_input;
828 map_main_t *mm = &map_main;
829 clib_error_t *error = NULL;
831 /* Get a line of input. */
832 if (!unformat_user (input, unformat_line_input, line_input))
835 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
837 if (unformat (line_input, "inner"))
838 mm->frag_inner = true;
839 else if (unformat (line_input, "outer"))
840 mm->frag_inner = false;
843 error = clib_error_return (0, "unknown input `%U'",
844 format_unformat_error, line_input);
850 unformat_free (line_input);
855 static clib_error_t *
856 map_fragment_df_command_fn (vlib_main_t * vm,
857 unformat_input_t * input,
858 vlib_cli_command_t * cmd)
860 unformat_input_t _line_input, *line_input = &_line_input;
861 map_main_t *mm = &map_main;
862 clib_error_t *error = NULL;
864 /* Get a line of input. */
865 if (!unformat_user (input, unformat_line_input, line_input))
868 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
870 if (unformat (line_input, "on"))
871 mm->frag_ignore_df = true;
872 else if (unformat (line_input, "off"))
873 mm->frag_ignore_df = false;
876 error = clib_error_return (0, "unknown input `%U'",
877 format_unformat_error, line_input);
883 unformat_free (line_input);
888 static clib_error_t *
889 map_traffic_class_command_fn (vlib_main_t * vm,
890 unformat_input_t * input,
891 vlib_cli_command_t * cmd)
893 unformat_input_t _line_input, *line_input = &_line_input;
894 map_main_t *mm = &map_main;
896 clib_error_t *error = NULL;
900 /* Get a line of input. */
901 if (!unformat_user (input, unformat_line_input, line_input))
904 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
906 if (unformat (line_input, "copy"))
908 else if (unformat (line_input, "%x", &tc))
912 error = clib_error_return (0, "unknown input `%U'",
913 format_unformat_error, line_input);
919 unformat_free (line_input);
925 format_map_domain (u8 * s, va_list * args)
927 map_domain_t *d = va_arg (*args, map_domain_t *);
928 bool counters = va_arg (*args, int);
929 map_main_t *mm = &map_main;
930 ip6_address_t ip6_prefix;
933 memset (&ip6_prefix, 0, sizeof (ip6_prefix));
935 ip6_prefix = d->ip6_prefix;
938 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea_bits_len %d psid-offset %d psid-len %d mtu %d %s",
940 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
941 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
942 format_ip6_address, &d->ip6_src, d->ip6_src_len,
943 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
944 (d->flags & MAP_DOMAIN_TRANSLATION) ? "map-t" : "");
948 map_domain_counter_lock (mm);
950 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
951 d - mm->domains, &v);
952 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
953 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
954 d - mm->domains, &v);
955 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
956 map_domain_counter_unlock (mm);
958 s = format (s, "\n");
964 for (i = 0; i < (0x1 << d->psid_length); i++)
967 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
970 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
978 format_map_ip4_reass (u8 * s, va_list * args)
980 map_main_t *mm = &map_main;
981 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
982 map_ip4_reass_key_t *k = &r->key;
983 f64 now = vlib_time_now (mm->vlib_main);
984 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
985 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
987 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
988 format_ip4_address, &k->src.as_u8, format_ip4_address,
989 &k->dst.as_u8, k->protocol,
990 clib_net_to_host_u16 (k->fragment_id),
991 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
996 format_map_ip6_reass (u8 * s, va_list * args)
998 map_main_t *mm = &map_main;
999 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
1000 map_ip6_reass_key_t *k = &r->key;
1001 f64 now = vlib_time_now (mm->vlib_main);
1002 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
1003 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1005 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
1006 format_ip6_address, &k->src.as_u8, format_ip6_address,
1007 &k->dst.as_u8, k->protocol,
1008 clib_net_to_host_u32 (k->fragment_id), dt);
1012 static clib_error_t *
1013 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
1014 vlib_cli_command_t * cmd)
1016 unformat_input_t _line_input, *line_input = &_line_input;
1017 map_main_t *mm = &map_main;
1019 bool counters = false;
1020 u32 map_domain_index = ~0;
1021 clib_error_t *error = NULL;
1023 /* Get a line of input. */
1024 if (!unformat_user (input, unformat_line_input, line_input))
1027 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1029 if (unformat (line_input, "counters"))
1031 else if (unformat (line_input, "index %d", &map_domain_index))
1035 error = clib_error_return (0, "unknown input `%U'",
1036 format_unformat_error, line_input);
1041 if (pool_elts (mm->domains) == 0)
1042 vlib_cli_output (vm, "No MAP domains are configured...");
1044 if (map_domain_index == ~0)
1047 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
1052 if (pool_is_free_index (mm->domains, map_domain_index))
1054 error = clib_error_return (0, "MAP domain does not exists %d",
1059 d = pool_elt_at_index (mm->domains, map_domain_index);
1060 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1064 unformat_free (line_input);
1069 static clib_error_t *
1070 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1071 vlib_cli_command_t * cmd)
1073 map_main_t *mm = &map_main;
1074 map_ip4_reass_t *f4;
1075 map_ip6_reass_t *f6;
1078 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1081 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1087 map_error_counter_get (u32 node_index, map_error_t map_error)
1089 vlib_main_t *vm = vlib_get_main ();
1090 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1091 vlib_error_main_t *em = &vm->error_main;
1092 vlib_error_t e = error_node->errors[map_error];
1093 vlib_node_t *n = vlib_get_node (vm, node_index);
1096 ci = vlib_error_get_code (e);
1097 ASSERT (ci < n->n_errors);
1098 ci += n->error_heap_index;
1100 return (em->counters[ci]);
1103 static clib_error_t *
1104 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1105 vlib_cli_command_t * cmd)
1107 map_main_t *mm = &map_main;
1109 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1110 if (pool_elts (mm->domains) == 0)
1112 vlib_cli_output (vm, "No MAP domains are configured...");
1117 pool_foreach(d, mm->domains, ({
1119 rulecount+= 0x1 << d->psid_length;
1120 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1122 domains += sizeof(*d);
1127 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1128 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1129 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1130 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1132 #if MAP_SKIP_IP6_LOOKUP
1133 vlib_cli_output (vm,
1134 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1135 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1136 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1141 vlib_cli_output (vm, "MAP traffic-class: copy");
1143 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1145 vlib_cli_output (vm,
1146 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1147 mm->sec_check ? "enabled" : "disabled",
1148 mm->sec_check_frag ? "enabled" : "disabled");
1150 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1151 format_ip4_address, &mm->icmp4_src_address);
1152 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1153 mm->icmp6_enabled ? "enabled" : "disabled");
1154 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1155 mm->frag_inner ? "enabled" : "disabled");
1156 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1157 mm->frag_ignore_df ? "enabled" : "disabled");
1162 vlib_combined_counter_main_t *cm = mm->domain_counters;
1163 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1164 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1168 memset (total_pkts, 0, sizeof (total_pkts));
1169 memset (total_bytes, 0, sizeof (total_bytes));
1171 map_domain_counter_lock (mm);
1172 vec_foreach (cm, mm->domain_counters)
1174 which = cm - mm->domain_counters;
1176 for (i = 0; i < vlib_combined_counter_n_counters (cm); i++)
1178 vlib_get_combined_counter (cm, i, &v);
1179 total_pkts[which] += v.packets;
1180 total_bytes[which] += v.bytes;
1183 map_domain_counter_unlock (mm);
1185 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1186 total_pkts[MAP_DOMAIN_COUNTER_TX],
1187 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1188 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1189 total_pkts[MAP_DOMAIN_COUNTER_RX],
1190 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1192 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1193 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1198 static clib_error_t *
1199 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1200 vlib_cli_command_t * cmd)
1202 unformat_input_t _line_input, *line_input = &_line_input;
1204 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1206 u64 buffers = ~(0ull);
1207 u8 ip4 = 0, ip6 = 0;
1209 if (!unformat_user (input, unformat_line_input, line_input))
1212 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1214 if (unformat (line_input, "lifetime %u", &lifetime))
1216 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1218 else if (unformat (line_input, "pool-size %u", &pool_size))
1220 else if (unformat (line_input, "buffers %llu", &buffers))
1222 else if (unformat (line_input, "ip4"))
1224 else if (unformat (line_input, "ip6"))
1228 unformat_free (line_input);
1229 return clib_error_return (0, "invalid input");
1232 unformat_free (line_input);
1235 return clib_error_return (0, "must specify ip4 and/or ip6");
1239 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1240 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1241 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1242 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1243 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1244 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1245 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1246 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1247 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1248 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1249 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1250 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1251 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1256 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1257 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1258 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1259 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1260 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1261 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1262 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1263 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1264 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1265 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1266 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1267 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1268 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1273 u32 reass = 0, packets = 0;
1274 if (pool_size != ~0)
1276 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1278 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1282 vlib_cli_output (vm,
1283 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1287 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1289 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1291 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1295 vlib_cli_output (vm,
1296 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1302 if (map_ip4_reass_conf_lifetime (lifetime))
1303 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1305 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1307 if (buffers != ~(0ull))
1309 if (map_ip4_reass_conf_buffers (buffers))
1310 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1312 vlib_cli_output (vm, "Setting ip4-reass buffers");
1315 if (map_main.ip4_reass_conf_buffers >
1316 map_main.ip4_reass_conf_pool_size *
1317 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1319 vlib_cli_output (vm,
1320 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1326 u32 reass = 0, packets = 0;
1327 if (pool_size != ~0)
1329 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1331 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1335 vlib_cli_output (vm,
1336 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1340 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1342 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1344 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1348 vlib_cli_output (vm,
1349 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1355 if (map_ip6_reass_conf_lifetime (lifetime))
1356 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1358 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1360 if (buffers != ~(0ull))
1362 if (map_ip6_reass_conf_buffers (buffers))
1363 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1365 vlib_cli_output (vm, "Setting ip6-reass buffers");
1368 if (map_main.ip6_reass_conf_buffers >
1369 map_main.ip6_reass_conf_pool_size *
1370 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1372 vlib_cli_output (vm,
1373 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1382 * packet trace format function
1385 format_map_trace (u8 * s, va_list * args)
1387 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1388 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1389 map_trace_t *t = va_arg (*args, map_trace_t *);
1390 u32 map_domain_index = t->map_domain_index;
1394 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1395 clib_net_to_host_u16 (port));
1400 static_always_inline map_ip4_reass_t *
1401 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1403 map_main_t *mm = &map_main;
1404 u32 ri = mm->ip4_reass_hash_table[bucket];
1405 while (ri != MAP_REASS_INDEX_NONE)
1407 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1408 if (r->key.as_u64[0] == k->as_u64[0] &&
1409 r->key.as_u64[1] == k->as_u64[1] &&
1410 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1414 ri = r->bucket_next;
1419 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1422 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1424 map_main_t *mm = &map_main;
1425 map_ip4_reass_get_fragments (r, pi_to_drop);
1427 // Unlink in hash bucket
1428 map_ip4_reass_t *r2 = NULL;
1429 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1430 while (r2i != map_ip4_reass_pool_index (r))
1432 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1433 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1434 r2i = r2->bucket_next;
1438 r2->bucket_next = r->bucket_next;
1442 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1446 if (r->fifo_next == map_ip4_reass_pool_index (r))
1448 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1452 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1453 mm->ip4_reass_fifo_last = r->fifo_prev;
1454 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1456 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1460 pool_put (mm->ip4_reass_pool, r);
1461 mm->ip4_reass_allocated--;
1465 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1466 u8 protocol, u32 ** pi_to_drop)
1469 map_main_t *mm = &map_main;
1470 map_ip4_reass_key_t k = {.src.data_u32 = src,
1471 .dst.data_u32 = dst,
1472 .fragment_id = fragment_id,
1473 .protocol = protocol
1477 #ifdef clib_crc32c_uses_intrinsics
1478 h = clib_crc32c ((u8 *) k.as_u32, 16);
1480 u64 tmp = k.as_u32[0] ^ k.as_u32[1] ^ k.as_u32[2] ^ k.as_u32[3];
1481 h = clib_xxhash (tmp);
1483 h = h >> (32 - mm->ip4_reass_ht_log2len);
1485 f64 now = vlib_time_now (mm->vlib_main);
1487 //Cache garbage collection
1488 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1490 map_ip4_reass_t *last =
1491 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1492 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1493 map_ip4_reass_free (last, pi_to_drop);
1498 if ((r = map_ip4_reass_lookup (&k, h, now)))
1501 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1504 pool_get (mm->ip4_reass_pool, r);
1505 mm->ip4_reass_allocated++;
1507 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1508 r->fragments[i] = ~0;
1510 u32 ri = map_ip4_reass_pool_index (r);
1512 //Link in new bucket
1514 r->bucket_next = mm->ip4_reass_hash_table[h];
1515 mm->ip4_reass_hash_table[h] = ri;
1518 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1521 pool_elt_at_index (mm->ip4_reass_pool,
1522 mm->ip4_reass_fifo_last)->fifo_next;
1523 r->fifo_prev = mm->ip4_reass_fifo_last;
1524 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1525 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1529 r->fifo_next = r->fifo_prev = ri;
1530 mm->ip4_reass_fifo_last = ri;
1537 #ifdef MAP_IP4_REASS_COUNT_BYTES
1538 r->expected_total = 0xffff;
1546 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1548 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1552 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1553 if (r->fragments[i] == ~0)
1555 r->fragments[i] = pi;
1556 map_main.ip4_reass_buffered_counter++;
1562 static_always_inline map_ip6_reass_t *
1563 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1565 map_main_t *mm = &map_main;
1566 u32 ri = mm->ip6_reass_hash_table[bucket];
1567 while (ri != MAP_REASS_INDEX_NONE)
1569 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1570 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1571 r->key.as_u64[0] == k->as_u64[0] &&
1572 r->key.as_u64[1] == k->as_u64[1] &&
1573 r->key.as_u64[2] == k->as_u64[2] &&
1574 r->key.as_u64[3] == k->as_u64[3] &&
1575 r->key.as_u64[4] == k->as_u64[4])
1577 ri = r->bucket_next;
1582 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1585 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1587 map_main_t *mm = &map_main;
1589 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1590 if (r->fragments[i].pi != ~0)
1592 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1593 r->fragments[i].pi = ~0;
1594 map_main.ip6_reass_buffered_counter--;
1597 // Unlink in hash bucket
1598 map_ip6_reass_t *r2 = NULL;
1599 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1600 while (r2i != map_ip6_reass_pool_index (r))
1602 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1603 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1604 r2i = r2->bucket_next;
1608 r2->bucket_next = r->bucket_next;
1612 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1616 if (r->fifo_next == map_ip6_reass_pool_index (r))
1618 //Single element in the list, list is now empty
1619 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1623 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1624 mm->ip6_reass_fifo_last = r->fifo_prev;
1625 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1627 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1631 // Free from pool if necessary
1632 pool_put (mm->ip6_reass_pool, r);
1633 mm->ip6_reass_allocated--;
1637 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1638 u8 protocol, u32 ** pi_to_drop)
1641 map_main_t *mm = &map_main;
1642 map_ip6_reass_key_t k = {
1645 .fragment_id = fragment_id,
1646 .protocol = protocol
1652 #ifdef clib_crc32c_uses_intrinsics
1653 h = clib_crc32c ((u8 *) k.as_u32, 40);
1656 k.as_u64[0] ^ k.as_u64[1] ^ k.as_u64[2] ^ k.as_u64[3] ^ k.as_u64[4];
1657 h = clib_xxhash (tmp);
1660 h = h >> (32 - mm->ip6_reass_ht_log2len);
1662 f64 now = vlib_time_now (mm->vlib_main);
1664 //Cache garbage collection
1665 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1667 map_ip6_reass_t *last =
1668 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1669 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1670 map_ip6_reass_free (last, pi_to_drop);
1675 if ((r = map_ip6_reass_lookup (&k, h, now)))
1678 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1681 pool_get (mm->ip6_reass_pool, r);
1682 mm->ip6_reass_allocated++;
1683 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1685 r->fragments[i].pi = ~0;
1686 r->fragments[i].next_data_len = 0;
1687 r->fragments[i].next_data_offset = 0;
1690 u32 ri = map_ip6_reass_pool_index (r);
1692 //Link in new bucket
1694 r->bucket_next = mm->ip6_reass_hash_table[h];
1695 mm->ip6_reass_hash_table[h] = ri;
1698 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1701 pool_elt_at_index (mm->ip6_reass_pool,
1702 mm->ip6_reass_fifo_last)->fifo_next;
1703 r->fifo_prev = mm->ip6_reass_fifo_last;
1704 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1705 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1709 r->fifo_next = r->fifo_prev = ri;
1710 mm->ip6_reass_fifo_last = ri;
1716 r->ip4_header.ip_version_and_header_length = 0;
1717 #ifdef MAP_IP6_REASS_COUNT_BYTES
1718 r->expected_total = 0xffff;
1725 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1726 u16 data_offset, u16 next_data_offset,
1727 u8 * data_start, u16 data_len)
1729 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1730 u16 copied_len = (data_len > 20) ? 20 : data_len;
1732 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1735 //Lookup for fragments for the current buffer
1736 //and the one before that
1738 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1740 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1742 prev_f = &r->fragments[i]; // This is buffer for previous packet
1744 else if (r->fragments[i].next_data_offset == next_data_offset)
1746 f = &r->fragments[i]; // This is a buffer for the current packet
1748 else if (r->fragments[i].next_data_offset == 0)
1751 f = &r->fragments[i];
1752 else if (prev_f == NULL)
1753 prev_f = &r->fragments[i];
1757 if (!f || f->pi != ~0)
1765 clib_memcpy (prev_f->next_data, data_start, copied_len);
1766 prev_f->next_data_len = copied_len;
1767 prev_f->next_data_offset = data_offset;
1771 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1774 if (r->ip4_header.ip_version_and_header_length == 0)
1775 clib_memcpy (&r->ip4_header, data_start, sizeof (ip4_header_t));
1780 f->next_data_offset = next_data_offset;
1782 map_main.ip6_reass_buffered_counter++;
1788 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1790 map_main_t *mm = &map_main;
1793 if (dropped_packets)
1794 *dropped_packets = mm->ip4_reass_buffered_counter;
1796 *trashed_reass = mm->ip4_reass_allocated;
1797 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1799 u16 ri = mm->ip4_reass_fifo_last;
1802 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1803 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1804 if (r->fragments[i] != ~0)
1805 map_ip4_drop_pi (r->fragments[i]);
1808 pool_put (mm->ip4_reass_pool, r);
1810 while (ri != mm->ip4_reass_fifo_last);
1813 vec_free (mm->ip4_reass_hash_table);
1814 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1815 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1816 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1817 pool_free (mm->ip4_reass_pool);
1818 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1820 mm->ip4_reass_allocated = 0;
1821 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1822 mm->ip4_reass_buffered_counter = 0;
1826 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1828 u32 desired_size = (u32) (pool_size * ht_ratio);
1830 for (i = 1; i < 31; i++)
1831 if ((1 << i) >= desired_size)
1837 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1838 u32 * dropped_packets)
1840 map_main_t *mm = &map_main;
1841 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1844 map_ip4_reass_lock ();
1845 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1846 mm->ip4_reass_ht_log2len =
1847 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1848 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1849 map_ip4_reass_unlock ();
1854 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1855 u32 * dropped_packets)
1857 map_main_t *mm = &map_main;
1858 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1861 map_ip4_reass_lock ();
1862 mm->ip4_reass_conf_pool_size = pool_size;
1863 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1864 map_ip4_reass_unlock ();
1869 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1871 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1876 map_ip4_reass_conf_buffers (u32 buffers)
1878 map_main.ip4_reass_conf_buffers = buffers;
1883 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1885 map_main_t *mm = &map_main;
1886 if (dropped_packets)
1887 *dropped_packets = mm->ip6_reass_buffered_counter;
1889 *trashed_reass = mm->ip6_reass_allocated;
1891 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1893 u16 ri = mm->ip6_reass_fifo_last;
1896 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1897 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1898 if (r->fragments[i].pi != ~0)
1899 map_ip6_drop_pi (r->fragments[i].pi);
1902 pool_put (mm->ip6_reass_pool, r);
1904 while (ri != mm->ip6_reass_fifo_last);
1905 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1908 vec_free (mm->ip6_reass_hash_table);
1909 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1910 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1911 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1912 pool_free (mm->ip6_reass_pool);
1913 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1915 mm->ip6_reass_allocated = 0;
1916 mm->ip6_reass_buffered_counter = 0;
1920 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1921 u32 * dropped_packets)
1923 map_main_t *mm = &map_main;
1924 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1927 map_ip6_reass_lock ();
1928 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1929 mm->ip6_reass_ht_log2len =
1930 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1931 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1932 map_ip6_reass_unlock ();
1937 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1938 u32 * dropped_packets)
1940 map_main_t *mm = &map_main;
1941 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1944 map_ip6_reass_lock ();
1945 mm->ip6_reass_conf_pool_size = pool_size;
1946 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1947 map_ip6_reass_unlock ();
1952 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
1954 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
1959 map_ip6_reass_conf_buffers (u32 buffers)
1961 map_main.ip6_reass_conf_buffers = buffers;
1968 * Configure MAP reassembly behaviour
1971 * @cliexstart{map params reassembly}
1974 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
1975 .path = "map params reassembly",
1976 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
1977 "[pool-size <pool-size>] [buffers <buffers>] "
1978 "[ht-ratio <ht-ratio>]",
1979 .function = map_params_reass_command_fn,
1983 * Set or copy the IP TOS/Traffic Class field
1986 * @cliexstart{map params traffic-class}
1988 * This command is used to set the traffic-class field in translated
1989 * or encapsulated packets. If copy is specifed (the default) then the
1990 * traffic-class/TOS field is copied from the original packet to the
1991 * translated / encapsulating header.
1994 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
1995 .path = "map params traffic-class",
1996 .short_help = "map params traffic-class {0x0-0xff | copy}",
1997 .function = map_traffic_class_command_fn,
2001 * Bypass IP4/IP6 lookup
2004 * @cliexstart{map params pre-resolve}
2006 * Bypass a second FIB lookup of the translated or encapsulated
2007 * packet, and forward the packet directly to the specified
2008 * next-hop. This optimization trades forwarding flexibility for
2012 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
2013 .path = "map params pre-resolve",
2014 .short_help = " map params pre-resolve {ip4-nh <address>} "
2015 "| {ip6-nh <address>}",
2016 .function = map_pre_resolve_command_fn,
2020 * Enable or disable the MAP-E inbound security check
2023 * @cliexstart{map params security-check}
2025 * By default, a decapsulated packet's IPv4 source address will be
2026 * verified against the outer header's IPv6 source address. Disabling
2027 * this feature will allow IPv4 source address spoofing.
2030 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2031 .path = "map params security-check",
2032 .short_help = "map params security-check on|off",
2033 .function = map_security_check_command_fn,
2037 * Specifiy the IPv4 source address used for relayed ICMP error messages
2040 * @cliexstart{map params icmp source-address}
2042 * This command specifies which IPv4 source address (must be local to
2043 * the system), that is used for relayed received IPv6 ICMP error
2047 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2048 .path = "map params icmp source-address",
2049 .short_help = "map params icmp source-address <ip4-address>",
2050 .function = map_icmp_relay_source_address_command_fn,
2054 * Send IPv6 ICMP unreachables
2057 * @cliexstart{map params icmp6 unreachables}
2059 * Send IPv6 ICMP unreachable messages back if security check fails or
2060 * no MAP domain exists.
2063 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2064 .path = "map params icmp6 unreachables",
2065 .short_help = "map params icmp6 unreachables {on|off}",
2066 .function = map_icmp_unreachables_command_fn,
2070 * Configure MAP fragmentation behaviour
2073 * @cliexstart{map params fragment}
2076 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2077 .path = "map params fragment",
2078 .short_help = "map params fragment inner|outer",
2079 .function = map_fragment_command_fn,
2083 * Ignore the IPv4 Don't fragment bit
2086 * @cliexstart{map params fragment ignore-df}
2088 * Allows fragmentation of the IPv4 packet even if the DF bit is
2089 * set. The choice between inner or outer fragmentation of tunnel
2090 * packets is complicated. The benefit of inner fragmentation is that
2091 * the ultimate endpoint must reassemble, instead of the tunnel
2095 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
2096 .path = "map params fragment ignore-df",
2097 .short_help = "map params fragment ignore-df on|off",
2098 .function = map_fragment_df_command_fn,
2102 * Specifiy if the inbound security check should be done on fragments
2105 * @cliexstart{map params security-check fragments}
2107 * Typically the inbound on-decapsulation security check is only done
2108 * on the first packet. The packet that contains the L4
2109 * information. While a security check on every fragment is possible,
2110 * it has a cost. State must be created on the first fragment.
2113 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
2114 .path = "map params security-check fragments",
2115 .short_help = "map params security-check fragments on|off",
2116 .function = map_security_check_frag_command_fn,
2123 * @cliexstart{map add domain}
2126 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2127 .path = "map add domain",
2128 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2129 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2130 "[map-t] [mtu <mtu>]",
2131 .function = map_add_domain_command_fn,
2135 * Add MAP rule to a domain
2138 * @cliexstart{map add rule}
2141 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2142 .path = "map add rule",
2143 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2144 .function = map_add_rule_command_fn,
2151 * @cliexstart{map del domain}
2154 VLIB_CLI_COMMAND(map_del_command, static) = {
2155 .path = "map del domain",
2156 .short_help = "map del domain index <domain>",
2157 .function = map_del_domain_command_fn,
2164 * @cliexstart{show map domain}
2167 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2168 .path = "show map domain",
2169 .short_help = "show map domain index <n> [counters]",
2170 .function = show_map_domain_command_fn,
2174 * Show MAP statistics
2177 * @cliexstart{show map stats}
2180 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2181 .path = "show map stats",
2182 .short_help = "show map stats",
2183 .function = show_map_stats_command_fn,
2187 * Show MAP fragmentation information
2190 * @cliexstart{show map fragments}
2193 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2194 .path = "show map fragments",
2195 .short_help = "show map fragments",
2196 .function = show_map_fragments_command_fn,
2204 map_init (vlib_main_t * vm)
2206 map_main_t *mm = &map_main;
2207 mm->vnet_main = vnet_get_main ();
2210 #ifdef MAP_SKIP_IP6_LOOKUP
2211 fib_protocol_t proto;
2213 FOR_EACH_FIB_PROTOCOL (proto)
2215 map_pre_resolve_init (&pre_resolved[proto]);
2223 /* Inbound security check */
2224 mm->sec_check = true;
2225 mm->sec_check_frag = false;
2227 /* ICMP6 Type 1, Code 5 for security check failure */
2228 mm->icmp6_enabled = false;
2230 /* Inner or outer fragmentation */
2231 mm->frag_inner = false;
2232 mm->frag_ignore_df = false;
2234 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2235 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "rx";
2236 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "tx";
2238 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2239 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2241 /* IP4 virtual reassembly */
2242 mm->ip4_reass_hash_table = 0;
2243 mm->ip4_reass_pool = 0;
2244 mm->ip4_reass_lock =
2245 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2246 *mm->ip4_reass_lock = 0;
2247 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2248 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2249 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2250 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2251 mm->ip4_reass_ht_log2len =
2252 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2253 mm->ip4_reass_conf_pool_size);
2254 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2255 map_ip4_reass_reinit (NULL, NULL);
2257 /* IP6 virtual reassembly */
2258 mm->ip6_reass_hash_table = 0;
2259 mm->ip6_reass_pool = 0;
2260 mm->ip6_reass_lock =
2261 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2262 *mm->ip6_reass_lock = 0;
2263 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2264 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2265 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2266 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2267 mm->ip6_reass_ht_log2len =
2268 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2269 mm->ip6_reass_conf_pool_size);
2270 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2271 map_ip6_reass_reinit (NULL, NULL);
2273 #ifdef MAP_SKIP_IP6_LOOKUP
2274 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2276 map_dpo_module_init ();
2281 VLIB_INIT_FUNCTION (map_init);
2284 * fd.io coding-style-patch-verification: ON
2287 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob