4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <vnet/map/map_dpo.h>
27 crc_u32 (u32 data, u32 value)
29 __asm__ volatile ("crc32l %[data], %[value];":[value] "+r" (value):[data]
34 #include <vppinfra/xxhash.h>
37 crc_u32 (u32 data, u32 value)
39 u64 tmp = ((u64) data << 32) | (u64) value;
40 return (u32) clib_xxhash (tmp);
46 * This code supports the following MAP modes:
48 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
49 * ea_bits_len + ip4_prefix > 32
50 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
51 * Algorithmic Full IPv4 address (ea_bits_len > 0):
52 * ea_bits_len + ip4_prefix = 32
53 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
54 * Algorithmic IPv4 prefix (ea_bits_len > 0):
55 * ea_bits_len + ip4_prefix < 32
56 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
58 * Independent Shared IPv4 address (ea_bits_len = 0):
61 * Rule IPv6 address = 128, Rule PSID Set
62 * Independent Full IPv4 address (ea_bits_len = 0):
64 * psid_length = 0, ip6_prefix = 128
65 * Independent IPv4 prefix (ea_bits_len = 0):
67 * psid_length = 0, ip6_prefix = 128
72 * This code supports MAP-T:
74 * With DMR prefix length equal to 96.
80 ip4_get_port (ip4_header_t * ip, map_dir_e dir, u16 buffer_len)
82 //TODO: use buffer length
83 if (ip->ip_version_and_header_length != 0x45 ||
84 ip4_get_fragment_offset (ip))
87 if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
88 (ip->protocol == IP_PROTOCOL_UDP)))
90 udp_header_t *udp = (void *) (ip + 1);
91 return (dir == MAP_SENDER) ? udp->src_port : udp->dst_port;
93 else if (ip->protocol == IP_PROTOCOL_ICMP)
95 icmp46_header_t *icmp = (void *) (ip + 1);
96 if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
98 return *((u16 *) (icmp + 1));
100 else if (clib_net_to_host_u16 (ip->length) >= 64)
102 ip = (ip4_header_t *) (icmp + 2);
103 if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
104 (ip->protocol == IP_PROTOCOL_UDP)))
106 udp_header_t *udp = (void *) (ip + 1);
107 return (dir == MAP_SENDER) ? udp->dst_port : udp->src_port;
109 else if (ip->protocol == IP_PROTOCOL_ICMP)
111 icmp46_header_t *icmp = (void *) (ip + 1);
112 if (icmp->type == ICMP4_echo_request ||
113 icmp->type == ICMP4_echo_reply)
115 return *((u16 *) (icmp + 1));
124 ip6_get_port (ip6_header_t * ip6, map_dir_e dir, u16 buffer_len)
131 if (ip6_parse (ip6, buffer_len, &l4_protocol, &l4_offset, &frag_offset))
134 //TODO: Use buffer length
137 ip6_frag_hdr_offset (((ip6_frag_hdr_t *)
138 u8_ptr_add (ip6, frag_offset))))
139 return -1; //Can't deal with non-first fragment for now
141 l4 = u8_ptr_add (ip6, l4_offset);
142 if (l4_protocol == IP_PROTOCOL_TCP || l4_protocol == IP_PROTOCOL_UDP)
145 MAP_SENDER) ? ((udp_header_t *) (l4))->src_port : ((udp_header_t
149 else if (l4_protocol == IP_PROTOCOL_ICMP6)
151 icmp46_header_t *icmp = (icmp46_header_t *) (l4);
152 if (icmp->type == ICMP6_echo_request)
154 return (dir == MAP_SENDER) ? ((u16 *) (icmp))[2] : -1;
156 else if (icmp->type == ICMP6_echo_reply)
158 return (dir == MAP_SENDER) ? -1 : ((u16 *) (icmp))[2];
166 map_create_domain (ip4_address_t * ip4_prefix,
168 ip6_address_t * ip6_prefix,
170 ip6_address_t * ip6_src,
174 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
176 u8 suffix_len, suffix_shift;
177 map_main_t *mm = &map_main;
178 dpo_id_t dpo_v4 = DPO_INVALID;
179 dpo_id_t dpo_v6 = DPO_INVALID;
180 fib_node_index_t fei;
183 /* Sanity check on the src prefix length */
184 if (flags & MAP_DOMAIN_TRANSLATION)
186 if (ip6_src_len != 96)
188 clib_warning ("MAP-T only supports ip6_src_len = 96 for now.");
194 if (ip6_src_len != 128)
197 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
203 /* How many, and which bits to grab from the IPv4 DA */
204 if (ip4_prefix_len + ea_bits_len < 32)
206 flags |= MAP_DOMAIN_PREFIX;
207 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
208 suffix_len = ea_bits_len;
213 suffix_len = 32 - ip4_prefix_len;
216 /* EA bits must be within the first 64 bits */
217 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
218 ip6_prefix_len + suffix_len + psid_length > 64))
221 ("Embedded Address bits must be within the first 64 bits of "
226 /* Get domain index */
227 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
228 memset (d, 0, sizeof (*d));
229 *map_domain_index = d - mm->domains;
231 /* Init domain struct */
232 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
233 d->ip4_prefix_len = ip4_prefix_len;
234 d->ip6_prefix = *ip6_prefix;
235 d->ip6_prefix_len = ip6_prefix_len;
236 d->ip6_src = *ip6_src;
237 d->ip6_src_len = ip6_src_len;
238 d->ea_bits_len = ea_bits_len;
239 d->psid_offset = psid_offset;
240 d->psid_length = psid_length;
243 d->suffix_shift = suffix_shift;
244 d->suffix_mask = (1 << suffix_len) - 1;
246 d->psid_shift = 16 - psid_length - psid_offset;
247 d->psid_mask = (1 << d->psid_length) - 1;
248 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
250 /* MAP data-plane object */
251 if (d->flags & MAP_DOMAIN_TRANSLATION)
252 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
254 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
256 /* Create ip4 route */
258 .fp_proto = FIB_PROTOCOL_IP4,
259 .fp_len = d->ip4_prefix_len,
261 .ip4 = d->ip4_prefix,
265 fib_table_entry_special_dpo_add (0, &pfx,
267 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
271 * Multiple MAP domains may share same source IPv6 TEP.
272 * In this case the route will exist and be MAP sourced.
273 * Find the adj (if any) already contributed and modify it
275 fib_prefix_t pfx6 = {
276 .fp_proto = FIB_PROTOCOL_IP6,
277 .fp_len = d->ip6_src_len,
283 fei = fib_table_lookup_exact_match (0, &pfx6);
285 if (FIB_NODE_INDEX_INVALID != fei)
287 dpo_id_t dpo = DPO_INVALID;
289 if (fib_entry_get_dpo_for_source (fei, FIB_SOURCE_MAP, &dpo))
292 * modify the existing MAP to indicate it's shared
295 const dpo_id_t *md_dpo;
298 ASSERT (DPO_LOAD_BALANCE == dpo.dpoi_type);
300 md_dpo = load_balance_get_bucket (dpo.dpoi_index, 0);
301 md = map_dpo_get (md_dpo->dpoi_index);
304 dpo_copy (&dpo_v6, md_dpo);
311 if (d->flags & MAP_DOMAIN_TRANSLATION)
312 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
314 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
318 * Create ip6 route. This is a reference counted add. If the prefix
319 * already exists and is MAP sourced, it is now MAP source n+1 times
320 * and will need to be removed n+1 times.
322 fib_table_entry_special_dpo_add (0, &pfx6,
324 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
327 /* Validate packet/byte counters */
328 map_domain_counter_lock (mm);
330 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
332 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
334 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
337 for (i = 0; i < vec_len (mm->domain_counters); i++)
339 vlib_validate_combined_counter (&mm->domain_counters[i],
341 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
343 map_domain_counter_unlock (mm);
352 map_delete_domain (u32 map_domain_index)
354 map_main_t *mm = &map_main;
357 if (pool_is_free_index (mm->domains, map_domain_index))
359 clib_warning ("MAP domain delete: domain does not exist: %d",
364 d = pool_elt_at_index (mm->domains, map_domain_index);
367 .fp_proto = FIB_PROTOCOL_IP4,
368 .fp_len = d->ip4_prefix_len,
370 .ip4 = d->ip4_prefix,
374 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
376 fib_prefix_t pfx6 = {
377 .fp_proto = FIB_PROTOCOL_IP6,
378 .fp_len = d->ip6_src_len,
384 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
388 clib_mem_free (d->rules);
390 pool_put (mm->domains, d);
396 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
400 map_main_t *mm = &map_main;
402 if (pool_is_free_index (mm->domains, map_domain_index))
404 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
407 d = pool_elt_at_index (mm->domains, map_domain_index);
409 /* Rules are only used in 1:1 independent case */
410 if (d->ea_bits_len > 0)
415 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
416 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
419 memset (d->rules, 0, l);
422 if (psid >= (0x1 << d->psid_length))
424 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
425 0x1 << d->psid_length);
431 d->rules[psid] = *tep;
435 memset (&d->rules[psid], 0, sizeof (ip6_address_t));
440 #ifdef MAP_SKIP_IP6_LOOKUP
442 * Pre-resolvd per-protocol global next-hops
444 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
447 map_pre_resolve_init (map_main_pre_resolved_t * pr)
449 pr->fei = FIB_NODE_INDEX_INVALID;
450 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
454 format_map_pre_resolve (u8 * s, va_list ap)
456 map_main_pre_resolved_t *pr = va_arg (ap, map_main_pre_resolved_t *);
458 if (FIB_NODE_INDEX_INVALID != pr->fei)
462 fib_entry_get_prefix (pr->fei, &pfx);
464 return (format (s, "%U (%u)",
465 format_ip46_address, &pfx.fp_addr, IP46_TYPE_ANY,
466 pr->dpo.dpoi_index));
470 return (format (s, "un-set"));
476 * Function definition to inform the FIB node that its last lock has gone.
479 map_last_lock_gone (fib_node_t * node)
482 * The MAP is a root of the graph. As such
483 * it never has children and thus is never locked.
488 static map_main_pre_resolved_t *
489 map_from_fib_node (fib_node_t * node)
492 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
494 return ((map_main_pre_resolved_t *)
496 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
500 map_stack (map_main_pre_resolved_t * pr)
504 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
506 dpo_copy (&pr->dpo, dpo);
510 * Function definition to backwalk a FIB node
512 static fib_node_back_walk_rc_t
513 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
515 map_stack (map_from_fib_node (node));
517 return (FIB_NODE_BACK_WALK_CONTINUE);
521 * Function definition to get a FIB node from its index
524 map_fib_node_get (fib_node_index_t index)
526 return (&pre_resolved[index].node);
530 * Virtual function table registered by MPLS GRE tunnels
531 * for participation in the FIB object graph.
533 const static fib_node_vft_t map_vft = {
534 .fnv_get = map_fib_node_get,
535 .fnv_last_lock = map_last_lock_gone,
536 .fnv_back_walk = map_back_walk,
540 map_fib_resolve (map_main_pre_resolved_t * pr,
541 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
549 pr->fei = fib_table_entry_special_add (0, // default fib
554 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
559 map_fib_unresolve (map_main_pre_resolved_t * pr,
560 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
568 fib_entry_child_remove (pr->fei, pr->sibling);
570 fib_table_entry_special_remove (0, // default fib
571 &pfx, FIB_SOURCE_RR);
572 dpo_reset (&pr->dpo);
574 pr->fei = FIB_NODE_INDEX_INVALID;
575 pr->sibling = FIB_NODE_INDEX_INVALID;
579 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
581 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
583 ip46_address_t addr = {
587 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
588 FIB_PROTOCOL_IP6, 128, &addr);
590 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
591 FIB_PROTOCOL_IP6, 128, &addr);
593 if (ip4 && (ip4->as_u32 != 0))
595 ip46_address_t addr = {
599 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
600 FIB_PROTOCOL_IP4, 32, &addr);
602 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
603 FIB_PROTOCOL_IP4, 32, &addr);
608 static clib_error_t *
609 map_security_check_command_fn (vlib_main_t * vm,
610 unformat_input_t * input,
611 vlib_cli_command_t * cmd)
613 unformat_input_t _line_input, *line_input = &_line_input;
614 map_main_t *mm = &map_main;
615 clib_error_t *error = NULL;
617 /* Get a line of input. */
618 if (!unformat_user (input, unformat_line_input, line_input))
621 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
623 if (unformat (line_input, "off"))
624 mm->sec_check = false;
625 else if (unformat (line_input, "on"))
626 mm->sec_check = true;
629 error = clib_error_return (0, "unknown input `%U'",
630 format_unformat_error, line_input);
636 unformat_free (line_input);
641 static clib_error_t *
642 map_security_check_frag_command_fn (vlib_main_t * vm,
643 unformat_input_t * input,
644 vlib_cli_command_t * cmd)
646 unformat_input_t _line_input, *line_input = &_line_input;
647 map_main_t *mm = &map_main;
648 clib_error_t *error = NULL;
650 /* Get a line of input. */
651 if (!unformat_user (input, unformat_line_input, line_input))
654 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
656 if (unformat (line_input, "off"))
657 mm->sec_check_frag = false;
658 else if (unformat (line_input, "on"))
659 mm->sec_check_frag = true;
662 error = clib_error_return (0, "unknown input `%U'",
663 format_unformat_error, line_input);
669 unformat_free (line_input);
674 static clib_error_t *
675 map_add_domain_command_fn (vlib_main_t * vm,
676 unformat_input_t * input, vlib_cli_command_t * cmd)
678 unformat_input_t _line_input, *line_input = &_line_input;
679 ip4_address_t ip4_prefix;
680 ip6_address_t ip6_prefix;
681 ip6_address_t ip6_src;
682 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
684 /* Optional arguments */
685 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
689 clib_error_t *error = NULL;
691 /* Get a line of input. */
692 if (!unformat_user (input, unformat_line_input, line_input))
695 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
698 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
703 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
708 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
713 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
715 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
717 else if (unformat (line_input, "psid-offset %d", &psid_offset))
719 else if (unformat (line_input, "psid-len %d", &psid_length))
721 else if (unformat (line_input, "mtu %d", &mtu))
723 else if (unformat (line_input, "map-t"))
724 flags |= MAP_DOMAIN_TRANSLATION;
727 error = clib_error_return (0, "unknown input `%U'",
728 format_unformat_error, line_input);
735 error = clib_error_return (0, "mandatory argument(s) missing");
739 map_create_domain (&ip4_prefix, ip4_prefix_len,
740 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
741 ea_bits_len, psid_offset, psid_length, &map_domain_index,
745 unformat_free (line_input);
750 static clib_error_t *
751 map_del_domain_command_fn (vlib_main_t * vm,
752 unformat_input_t * input, vlib_cli_command_t * cmd)
754 unformat_input_t _line_input, *line_input = &_line_input;
756 u32 map_domain_index;
757 clib_error_t *error = NULL;
759 /* Get a line of input. */
760 if (!unformat_user (input, unformat_line_input, line_input))
763 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
765 if (unformat (line_input, "index %d", &map_domain_index))
769 error = clib_error_return (0, "unknown input `%U'",
770 format_unformat_error, line_input);
777 error = clib_error_return (0, "mandatory argument(s) missing");
781 map_delete_domain (map_domain_index);
784 unformat_free (line_input);
789 static clib_error_t *
790 map_add_rule_command_fn (vlib_main_t * vm,
791 unformat_input_t * input, vlib_cli_command_t * cmd)
793 unformat_input_t _line_input, *line_input = &_line_input;
796 u32 psid = 0, map_domain_index;
797 clib_error_t *error = NULL;
799 /* Get a line of input. */
800 if (!unformat_user (input, unformat_line_input, line_input))
803 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
805 if (unformat (line_input, "index %d", &map_domain_index))
807 else if (unformat (line_input, "psid %d", &psid))
810 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
814 error = clib_error_return (0, "unknown input `%U'",
815 format_unformat_error, line_input);
822 error = clib_error_return (0, "mandatory argument(s) missing");
826 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
828 error = clib_error_return (0, "Failing to add Mapping Rule");
833 unformat_free (line_input);
838 #if MAP_SKIP_IP6_LOOKUP
839 static clib_error_t *
840 map_pre_resolve_command_fn (vlib_main_t * vm,
841 unformat_input_t * input,
842 vlib_cli_command_t * cmd)
844 unformat_input_t _line_input, *line_input = &_line_input;
845 ip4_address_t ip4nh, *p_v4 = NULL;
846 ip6_address_t ip6nh, *p_v6 = NULL;
847 clib_error_t *error = NULL;
850 memset (&ip4nh, 0, sizeof (ip4nh));
851 memset (&ip6nh, 0, sizeof (ip6nh));
853 /* Get a line of input. */
854 if (!unformat_user (input, unformat_line_input, line_input))
857 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
859 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
862 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
864 else if (unformat (line_input, "del"))
868 error = clib_error_return (0, "unknown input `%U'",
869 format_unformat_error, line_input);
874 map_pre_resolve (p_v4, p_v6, is_del);
877 unformat_free (line_input);
883 static clib_error_t *
884 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
885 unformat_input_t * input,
886 vlib_cli_command_t * cmd)
888 unformat_input_t _line_input, *line_input = &_line_input;
889 ip4_address_t icmp_src_address;
890 map_main_t *mm = &map_main;
891 clib_error_t *error = NULL;
893 mm->icmp4_src_address.as_u32 = 0;
895 /* Get a line of input. */
896 if (!unformat_user (input, unformat_line_input, line_input))
899 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
902 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
903 mm->icmp4_src_address = icmp_src_address;
906 error = clib_error_return (0, "unknown input `%U'",
907 format_unformat_error, line_input);
913 unformat_free (line_input);
918 static clib_error_t *
919 map_icmp_unreachables_command_fn (vlib_main_t * vm,
920 unformat_input_t * input,
921 vlib_cli_command_t * cmd)
923 unformat_input_t _line_input, *line_input = &_line_input;
924 map_main_t *mm = &map_main;
926 clib_error_t *error = NULL;
928 /* Get a line of input. */
929 if (!unformat_user (input, unformat_line_input, line_input))
932 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
935 if (unformat (line_input, "on"))
936 mm->icmp6_enabled = true;
937 else if (unformat (line_input, "off"))
938 mm->icmp6_enabled = false;
941 error = clib_error_return (0, "unknown input `%U'",
942 format_unformat_error, line_input);
949 error = clib_error_return (0, "mandatory argument(s) missing");
952 unformat_free (line_input);
957 static clib_error_t *
958 map_fragment_command_fn (vlib_main_t * vm,
959 unformat_input_t * input, vlib_cli_command_t * cmd)
961 unformat_input_t _line_input, *line_input = &_line_input;
962 map_main_t *mm = &map_main;
963 clib_error_t *error = NULL;
965 /* Get a line of input. */
966 if (!unformat_user (input, unformat_line_input, line_input))
969 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
971 if (unformat (line_input, "inner"))
972 mm->frag_inner = true;
973 else if (unformat (line_input, "outer"))
974 mm->frag_inner = false;
977 error = clib_error_return (0, "unknown input `%U'",
978 format_unformat_error, line_input);
984 unformat_free (line_input);
989 static clib_error_t *
990 map_fragment_df_command_fn (vlib_main_t * vm,
991 unformat_input_t * input,
992 vlib_cli_command_t * cmd)
994 unformat_input_t _line_input, *line_input = &_line_input;
995 map_main_t *mm = &map_main;
996 clib_error_t *error = NULL;
998 /* Get a line of input. */
999 if (!unformat_user (input, unformat_line_input, line_input))
1002 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1004 if (unformat (line_input, "on"))
1005 mm->frag_ignore_df = true;
1006 else if (unformat (line_input, "off"))
1007 mm->frag_ignore_df = false;
1010 error = clib_error_return (0, "unknown input `%U'",
1011 format_unformat_error, line_input);
1017 unformat_free (line_input);
1022 static clib_error_t *
1023 map_traffic_class_command_fn (vlib_main_t * vm,
1024 unformat_input_t * input,
1025 vlib_cli_command_t * cmd)
1027 unformat_input_t _line_input, *line_input = &_line_input;
1028 map_main_t *mm = &map_main;
1030 clib_error_t *error = NULL;
1032 mm->tc_copy = false;
1034 /* Get a line of input. */
1035 if (!unformat_user (input, unformat_line_input, line_input))
1038 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1040 if (unformat (line_input, "copy"))
1042 else if (unformat (line_input, "%x", &tc))
1046 error = clib_error_return (0, "unknown input `%U'",
1047 format_unformat_error, line_input);
1053 unformat_free (line_input);
1059 format_map_domain (u8 * s, va_list * args)
1061 map_domain_t *d = va_arg (*args, map_domain_t *);
1062 bool counters = va_arg (*args, int);
1063 map_main_t *mm = &map_main;
1064 ip6_address_t ip6_prefix;
1067 memset (&ip6_prefix, 0, sizeof (ip6_prefix));
1069 ip6_prefix = d->ip6_prefix;
1072 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea_bits_len %d psid-offset %d psid-len %d mtu %d %s",
1074 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
1075 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
1076 format_ip6_address, &d->ip6_src, d->ip6_src_len,
1077 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
1078 (d->flags & MAP_DOMAIN_TRANSLATION) ? "map-t" : "");
1082 map_domain_counter_lock (mm);
1084 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
1085 d - mm->domains, &v);
1086 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
1087 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
1088 d - mm->domains, &v);
1089 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
1090 map_domain_counter_unlock (mm);
1092 s = format (s, "\n");
1098 for (i = 0; i < (0x1 << d->psid_length); i++)
1101 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
1104 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
1112 format_map_ip4_reass (u8 * s, va_list * args)
1114 map_main_t *mm = &map_main;
1115 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
1116 map_ip4_reass_key_t *k = &r->key;
1117 f64 now = vlib_time_now (mm->vlib_main);
1118 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
1119 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1121 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
1122 format_ip4_address, &k->src.as_u8, format_ip4_address,
1123 &k->dst.as_u8, k->protocol,
1124 clib_net_to_host_u16 (k->fragment_id),
1125 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
1130 format_map_ip6_reass (u8 * s, va_list * args)
1132 map_main_t *mm = &map_main;
1133 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
1134 map_ip6_reass_key_t *k = &r->key;
1135 f64 now = vlib_time_now (mm->vlib_main);
1136 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
1137 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1139 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
1140 format_ip6_address, &k->src.as_u8, format_ip6_address,
1141 &k->dst.as_u8, k->protocol,
1142 clib_net_to_host_u32 (k->fragment_id), dt);
1146 static clib_error_t *
1147 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
1148 vlib_cli_command_t * cmd)
1150 unformat_input_t _line_input, *line_input = &_line_input;
1151 map_main_t *mm = &map_main;
1153 bool counters = false;
1154 u32 map_domain_index = ~0;
1155 clib_error_t *error = NULL;
1157 /* Get a line of input. */
1158 if (!unformat_user (input, unformat_line_input, line_input))
1161 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1163 if (unformat (line_input, "counters"))
1165 else if (unformat (line_input, "index %d", &map_domain_index))
1169 error = clib_error_return (0, "unknown input `%U'",
1170 format_unformat_error, line_input);
1175 if (pool_elts (mm->domains) == 0)
1176 vlib_cli_output (vm, "No MAP domains are configured...");
1178 if (map_domain_index == ~0)
1181 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
1186 if (pool_is_free_index (mm->domains, map_domain_index))
1188 error = clib_error_return (0, "MAP domain does not exists %d",
1193 d = pool_elt_at_index (mm->domains, map_domain_index);
1194 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1198 unformat_free (line_input);
1203 static clib_error_t *
1204 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1205 vlib_cli_command_t * cmd)
1207 map_main_t *mm = &map_main;
1208 map_ip4_reass_t *f4;
1209 map_ip6_reass_t *f6;
1212 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1215 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1221 map_error_counter_get (u32 node_index, map_error_t map_error)
1223 vlib_main_t *vm = vlib_get_main ();
1224 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1225 vlib_error_main_t *em = &vm->error_main;
1226 vlib_error_t e = error_node->errors[map_error];
1227 vlib_node_t *n = vlib_get_node (vm, node_index);
1230 ci = vlib_error_get_code (e);
1231 ASSERT (ci < n->n_errors);
1232 ci += n->error_heap_index;
1234 return (em->counters[ci]);
1237 static clib_error_t *
1238 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1239 vlib_cli_command_t * cmd)
1241 map_main_t *mm = &map_main;
1243 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1244 if (pool_elts (mm->domains) == 0)
1245 vlib_cli_output (vm, "No MAP domains are configured...");
1248 pool_foreach(d, mm->domains, ({
1250 rulecount+= 0x1 << d->psid_length;
1251 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1253 domains += sizeof(*d);
1258 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1259 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1260 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1261 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1263 #if MAP_SKIP_IP6_LOOKUP
1264 vlib_cli_output (vm,
1265 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1266 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1267 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1272 vlib_cli_output (vm, "MAP traffic-class: copy");
1274 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1276 vlib_cli_output (vm,
1277 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1278 mm->sec_check ? "enabled" : "disabled",
1279 mm->sec_check_frag ? "enabled" : "disabled");
1281 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1282 format_ip4_address, &mm->icmp4_src_address);
1283 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1284 mm->icmp6_enabled ? "enabled" : "disabled");
1285 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1286 mm->frag_inner ? "enabled" : "disabled");
1287 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1288 mm->frag_ignore_df ? "enabled" : "disabled");
1293 vlib_combined_counter_main_t *cm = mm->domain_counters;
1294 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1295 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1299 memset (total_pkts, 0, sizeof (total_pkts));
1300 memset (total_bytes, 0, sizeof (total_bytes));
1302 map_domain_counter_lock (mm);
1303 vec_foreach (cm, mm->domain_counters)
1305 which = cm - mm->domain_counters;
1307 for (i = 0; i < vec_len (cm->maxi); i++)
1309 vlib_get_combined_counter (cm, i, &v);
1310 total_pkts[which] += v.packets;
1311 total_bytes[which] += v.bytes;
1314 map_domain_counter_unlock (mm);
1316 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1317 total_pkts[MAP_DOMAIN_COUNTER_TX],
1318 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1319 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1320 total_pkts[MAP_DOMAIN_COUNTER_RX],
1321 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1323 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1324 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1329 static clib_error_t *
1330 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1331 vlib_cli_command_t * cmd)
1333 unformat_input_t _line_input, *line_input = &_line_input;
1335 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1337 u64 buffers = ~(0ull);
1338 u8 ip4 = 0, ip6 = 0;
1340 if (!unformat_user (input, unformat_line_input, line_input))
1343 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1345 if (unformat (line_input, "lifetime %u", &lifetime))
1347 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1349 else if (unformat (line_input, "pool-size %u", &pool_size))
1351 else if (unformat (line_input, "buffers %llu", &buffers))
1353 else if (unformat (line_input, "ip4"))
1355 else if (unformat (line_input, "ip6"))
1359 unformat_free (line_input);
1360 return clib_error_return (0, "invalid input");
1363 unformat_free (line_input);
1366 return clib_error_return (0, "must specify ip4 and/or ip6");
1370 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1371 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1372 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1373 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1374 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1375 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1376 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1377 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1378 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1379 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1380 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1381 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1382 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1387 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1388 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1389 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1390 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1391 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1392 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1393 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1394 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1395 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1396 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1397 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1398 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1399 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1404 u32 reass = 0, packets = 0;
1405 if (pool_size != ~0)
1407 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1409 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1413 vlib_cli_output (vm,
1414 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1418 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1420 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1422 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1426 vlib_cli_output (vm,
1427 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1433 if (map_ip4_reass_conf_lifetime (lifetime))
1434 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1436 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1438 if (buffers != ~(0ull))
1440 if (map_ip4_reass_conf_buffers (buffers))
1441 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1443 vlib_cli_output (vm, "Setting ip4-reass buffers");
1446 if (map_main.ip4_reass_conf_buffers >
1447 map_main.ip4_reass_conf_pool_size *
1448 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1450 vlib_cli_output (vm,
1451 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1457 u32 reass = 0, packets = 0;
1458 if (pool_size != ~0)
1460 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1462 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1466 vlib_cli_output (vm,
1467 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1471 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1473 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1475 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1479 vlib_cli_output (vm,
1480 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1486 if (map_ip6_reass_conf_lifetime (lifetime))
1487 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1489 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1491 if (buffers != ~(0ull))
1493 if (map_ip6_reass_conf_buffers (buffers))
1494 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1496 vlib_cli_output (vm, "Setting ip6-reass buffers");
1499 if (map_main.ip6_reass_conf_buffers >
1500 map_main.ip6_reass_conf_pool_size *
1501 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1503 vlib_cli_output (vm,
1504 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1513 * packet trace format function
1516 format_map_trace (u8 * s, va_list * args)
1518 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1519 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1520 map_trace_t *t = va_arg (*args, map_trace_t *);
1521 u32 map_domain_index = t->map_domain_index;
1525 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1526 clib_net_to_host_u16 (port));
1531 static_always_inline map_ip4_reass_t *
1532 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1534 map_main_t *mm = &map_main;
1535 u32 ri = mm->ip4_reass_hash_table[bucket];
1536 while (ri != MAP_REASS_INDEX_NONE)
1538 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1539 if (r->key.as_u64[0] == k->as_u64[0] &&
1540 r->key.as_u64[1] == k->as_u64[1] &&
1541 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1545 ri = r->bucket_next;
1550 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1553 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1555 map_main_t *mm = &map_main;
1556 map_ip4_reass_get_fragments (r, pi_to_drop);
1558 // Unlink in hash bucket
1559 map_ip4_reass_t *r2 = NULL;
1560 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1561 while (r2i != map_ip4_reass_pool_index (r))
1563 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1564 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1565 r2i = r2->bucket_next;
1569 r2->bucket_next = r->bucket_next;
1573 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1577 if (r->fifo_next == map_ip4_reass_pool_index (r))
1579 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1583 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1584 mm->ip4_reass_fifo_last = r->fifo_prev;
1585 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1587 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1591 pool_put (mm->ip4_reass_pool, r);
1592 mm->ip4_reass_allocated--;
1596 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1597 u8 protocol, u32 ** pi_to_drop)
1600 map_main_t *mm = &map_main;
1601 map_ip4_reass_key_t k = {.src.data_u32 = src,
1602 .dst.data_u32 = dst,
1603 .fragment_id = fragment_id,
1604 .protocol = protocol
1608 h = crc_u32 (k.as_u32[0], h);
1609 h = crc_u32 (k.as_u32[1], h);
1610 h = crc_u32 (k.as_u32[2], h);
1611 h = crc_u32 (k.as_u32[3], h);
1612 h = h >> (32 - mm->ip4_reass_ht_log2len);
1614 f64 now = vlib_time_now (mm->vlib_main);
1616 //Cache garbage collection
1617 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1619 map_ip4_reass_t *last =
1620 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1621 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1622 map_ip4_reass_free (last, pi_to_drop);
1627 if ((r = map_ip4_reass_lookup (&k, h, now)))
1630 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1633 pool_get (mm->ip4_reass_pool, r);
1634 mm->ip4_reass_allocated++;
1636 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1637 r->fragments[i] = ~0;
1639 u32 ri = map_ip4_reass_pool_index (r);
1641 //Link in new bucket
1643 r->bucket_next = mm->ip4_reass_hash_table[h];
1644 mm->ip4_reass_hash_table[h] = ri;
1647 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1650 pool_elt_at_index (mm->ip4_reass_pool,
1651 mm->ip4_reass_fifo_last)->fifo_next;
1652 r->fifo_prev = mm->ip4_reass_fifo_last;
1653 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1654 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1658 r->fifo_next = r->fifo_prev = ri;
1659 mm->ip4_reass_fifo_last = ri;
1666 #ifdef MAP_IP4_REASS_COUNT_BYTES
1667 r->expected_total = 0xffff;
1675 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1677 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1681 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1682 if (r->fragments[i] == ~0)
1684 r->fragments[i] = pi;
1685 map_main.ip4_reass_buffered_counter++;
1691 static_always_inline map_ip6_reass_t *
1692 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1694 map_main_t *mm = &map_main;
1695 u32 ri = mm->ip6_reass_hash_table[bucket];
1696 while (ri != MAP_REASS_INDEX_NONE)
1698 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1699 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1700 r->key.as_u64[0] == k->as_u64[0] &&
1701 r->key.as_u64[1] == k->as_u64[1] &&
1702 r->key.as_u64[2] == k->as_u64[2] &&
1703 r->key.as_u64[3] == k->as_u64[3] &&
1704 r->key.as_u64[4] == k->as_u64[4])
1706 ri = r->bucket_next;
1711 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1714 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1716 map_main_t *mm = &map_main;
1718 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1719 if (r->fragments[i].pi != ~0)
1721 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1722 r->fragments[i].pi = ~0;
1723 map_main.ip6_reass_buffered_counter--;
1726 // Unlink in hash bucket
1727 map_ip6_reass_t *r2 = NULL;
1728 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1729 while (r2i != map_ip6_reass_pool_index (r))
1731 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1732 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1733 r2i = r2->bucket_next;
1737 r2->bucket_next = r->bucket_next;
1741 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1745 if (r->fifo_next == map_ip6_reass_pool_index (r))
1747 //Single element in the list, list is now empty
1748 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1752 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1753 mm->ip6_reass_fifo_last = r->fifo_prev;
1754 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1756 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1760 // Free from pool if necessary
1761 pool_put (mm->ip6_reass_pool, r);
1762 mm->ip6_reass_allocated--;
1766 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1767 u8 protocol, u32 ** pi_to_drop)
1770 map_main_t *mm = &map_main;
1771 map_ip6_reass_key_t k = {
1774 .fragment_id = fragment_id,
1775 .protocol = protocol
1780 for (i = 0; i < 10; i++)
1781 h = crc_u32 (k.as_u32[i], h);
1782 h = h >> (32 - mm->ip6_reass_ht_log2len);
1784 f64 now = vlib_time_now (mm->vlib_main);
1786 //Cache garbage collection
1787 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1789 map_ip6_reass_t *last =
1790 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1791 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1792 map_ip6_reass_free (last, pi_to_drop);
1797 if ((r = map_ip6_reass_lookup (&k, h, now)))
1800 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1803 pool_get (mm->ip6_reass_pool, r);
1804 mm->ip6_reass_allocated++;
1805 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1807 r->fragments[i].pi = ~0;
1808 r->fragments[i].next_data_len = 0;
1809 r->fragments[i].next_data_offset = 0;
1812 u32 ri = map_ip6_reass_pool_index (r);
1814 //Link in new bucket
1816 r->bucket_next = mm->ip6_reass_hash_table[h];
1817 mm->ip6_reass_hash_table[h] = ri;
1820 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1823 pool_elt_at_index (mm->ip6_reass_pool,
1824 mm->ip6_reass_fifo_last)->fifo_next;
1825 r->fifo_prev = mm->ip6_reass_fifo_last;
1826 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1827 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1831 r->fifo_next = r->fifo_prev = ri;
1832 mm->ip6_reass_fifo_last = ri;
1838 r->ip4_header.ip_version_and_header_length = 0;
1839 #ifdef MAP_IP6_REASS_COUNT_BYTES
1840 r->expected_total = 0xffff;
1847 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1848 u16 data_offset, u16 next_data_offset,
1849 u8 * data_start, u16 data_len)
1851 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1852 u16 copied_len = (data_len > 20) ? 20 : data_len;
1854 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1857 //Lookup for fragments for the current buffer
1858 //and the one before that
1860 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1862 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1864 prev_f = &r->fragments[i]; // This is buffer for previous packet
1866 else if (r->fragments[i].next_data_offset == next_data_offset)
1868 f = &r->fragments[i]; // This is a buffer for the current packet
1870 else if (r->fragments[i].next_data_offset == 0)
1873 f = &r->fragments[i];
1874 else if (prev_f == NULL)
1875 prev_f = &r->fragments[i];
1879 if (!f || f->pi != ~0)
1887 clib_memcpy (prev_f->next_data, data_start, copied_len);
1888 prev_f->next_data_len = copied_len;
1889 prev_f->next_data_offset = data_offset;
1893 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1896 if (r->ip4_header.ip_version_and_header_length == 0)
1897 clib_memcpy (&r->ip4_header, data_start, sizeof (ip4_header_t));
1902 f->next_data_offset = next_data_offset;
1904 map_main.ip6_reass_buffered_counter++;
1910 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1912 map_main_t *mm = &map_main;
1915 if (dropped_packets)
1916 *dropped_packets = mm->ip4_reass_buffered_counter;
1918 *trashed_reass = mm->ip4_reass_allocated;
1919 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1921 u16 ri = mm->ip4_reass_fifo_last;
1924 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1925 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1926 if (r->fragments[i] != ~0)
1927 map_ip4_drop_pi (r->fragments[i]);
1930 pool_put (mm->ip4_reass_pool, r);
1932 while (ri != mm->ip4_reass_fifo_last);
1935 vec_free (mm->ip4_reass_hash_table);
1936 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1937 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1938 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1939 pool_free (mm->ip4_reass_pool);
1940 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1942 mm->ip4_reass_allocated = 0;
1943 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1944 mm->ip4_reass_buffered_counter = 0;
1948 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1950 u32 desired_size = (u32) (pool_size * ht_ratio);
1952 for (i = 1; i < 31; i++)
1953 if ((1 << i) >= desired_size)
1959 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1960 u32 * dropped_packets)
1962 map_main_t *mm = &map_main;
1963 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1966 map_ip4_reass_lock ();
1967 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1968 mm->ip4_reass_ht_log2len =
1969 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1970 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1971 map_ip4_reass_unlock ();
1976 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1977 u32 * dropped_packets)
1979 map_main_t *mm = &map_main;
1980 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1983 map_ip4_reass_lock ();
1984 mm->ip4_reass_conf_pool_size = pool_size;
1985 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1986 map_ip4_reass_unlock ();
1991 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1993 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1998 map_ip4_reass_conf_buffers (u32 buffers)
2000 map_main.ip4_reass_conf_buffers = buffers;
2005 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
2007 map_main_t *mm = &map_main;
2008 if (dropped_packets)
2009 *dropped_packets = mm->ip6_reass_buffered_counter;
2011 *trashed_reass = mm->ip6_reass_allocated;
2013 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
2015 u16 ri = mm->ip6_reass_fifo_last;
2018 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
2019 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
2020 if (r->fragments[i].pi != ~0)
2021 map_ip6_drop_pi (r->fragments[i].pi);
2024 pool_put (mm->ip6_reass_pool, r);
2026 while (ri != mm->ip6_reass_fifo_last);
2027 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2030 vec_free (mm->ip6_reass_hash_table);
2031 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
2032 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
2033 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
2034 pool_free (mm->ip6_reass_pool);
2035 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
2037 mm->ip6_reass_allocated = 0;
2038 mm->ip6_reass_buffered_counter = 0;
2042 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
2043 u32 * dropped_packets)
2045 map_main_t *mm = &map_main;
2046 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
2049 map_ip6_reass_lock ();
2050 mm->ip6_reass_conf_ht_ratio = ht_ratio;
2051 mm->ip6_reass_ht_log2len =
2052 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
2053 map_ip6_reass_reinit (trashed_reass, dropped_packets);
2054 map_ip6_reass_unlock ();
2059 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
2060 u32 * dropped_packets)
2062 map_main_t *mm = &map_main;
2063 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
2066 map_ip6_reass_lock ();
2067 mm->ip6_reass_conf_pool_size = pool_size;
2068 map_ip6_reass_reinit (trashed_reass, dropped_packets);
2069 map_ip6_reass_unlock ();
2074 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
2076 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
2081 map_ip6_reass_conf_buffers (u32 buffers)
2083 map_main.ip6_reass_conf_buffers = buffers;
2090 * Configure MAP reassembly behaviour
2093 * @cliexstart{map params reassembly}
2096 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
2097 .path = "map params reassembly",
2098 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
2099 "[pool-size <pool-size>] [buffers <buffers>] "
2100 "[ht-ratio <ht-ratio>]",
2101 .function = map_params_reass_command_fn,
2105 * Set or copy the IP TOS/Traffic Class field
2108 * @cliexstart{map params traffic-class}
2110 * This command is used to set the traffic-class field in translated
2111 * or encapsulated packets. If copy is specifed (the default) then the
2112 * traffic-class/TOS field is copied from the original packet to the
2113 * translated / encapsulating header.
2116 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
2117 .path = "map params traffic-class",
2118 .short_help = "map params traffic-class {0x0-0xff | copy}",
2119 .function = map_traffic_class_command_fn,
2123 * Bypass IP4/IP6 lookup
2126 * @cliexstart{map params pre-resolve}
2128 * Bypass a second FIB lookup of the translated or encapsulated
2129 * packet, and forward the packet directly to the specified
2130 * next-hop. This optimization trades forwarding flexibility for
2134 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
2135 .path = "map params pre-resolve",
2136 .short_help = " map params pre-resolve {ip4-nh <address>} "
2137 "| {ip6-nh <address>}",
2138 .function = map_pre_resolve_command_fn,
2142 * Enable or disable the MAP-E inbound security check
2145 * @cliexstart{map params security-check}
2147 * By default, a decapsulated packet's IPv4 source address will be
2148 * verified against the outer header's IPv6 source address. Disabling
2149 * this feature will allow IPv4 source address spoofing.
2152 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2153 .path = "map params security-check",
2154 .short_help = "map params security-check on|off",
2155 .function = map_security_check_command_fn,
2159 * Specifiy the IPv4 source address used for relayed ICMP error messages
2162 * @cliexstart{map params icmp source-address}
2164 * This command specifies which IPv4 source address (must be local to
2165 * the system), that is used for relayed received IPv6 ICMP error
2169 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2170 .path = "map params icmp source-address",
2171 .short_help = "map params icmp source-address <ip4-address>",
2172 .function = map_icmp_relay_source_address_command_fn,
2176 * Send IPv6 ICMP unreachables
2179 * @cliexstart{map params icmp6 unreachables}
2181 * Send IPv6 ICMP unreachable messages back if security check fails or
2182 * no MAP domain exists.
2185 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2186 .path = "map params icmp6 unreachables",
2187 .short_help = "map params icmp6 unreachables {on|off}",
2188 .function = map_icmp_unreachables_command_fn,
2192 * Configure MAP fragmentation behaviour
2195 * @cliexstart{map params fragment}
2198 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2199 .path = "map params fragment",
2200 .short_help = "map params fragment inner|outer",
2201 .function = map_fragment_command_fn,
2205 * Ignore the IPv4 Don't fragment bit
2208 * @cliexstart{map params fragment ignore-df}
2210 * Allows fragmentation of the IPv4 packet even if the DF bit is
2211 * set. The choice between inner or outer fragmentation of tunnel
2212 * packets is complicated. The benefit of inner fragmentation is that
2213 * the ultimate endpoint must reassemble, instead of the tunnel
2217 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
2218 .path = "map params fragment ignore-df",
2219 .short_help = "map params fragment ignore-df on|off",
2220 .function = map_fragment_df_command_fn,
2224 * Specifiy if the inbound security check should be done on fragments
2227 * @cliexstart{map params security-check fragments}
2229 * Typically the inbound on-decapsulation security check is only done
2230 * on the first packet. The packet that contains the L4
2231 * information. While a security check on every fragment is possible,
2232 * it has a cost. State must be created on the first fragment.
2235 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
2236 .path = "map params security-check fragments",
2237 .short_help = "map params security-check fragments on|off",
2238 .function = map_security_check_frag_command_fn,
2245 * @cliexstart{map add domain}
2248 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2249 .path = "map add domain",
2250 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2251 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2252 "[map-t] [mtu <mtu>]",
2253 .function = map_add_domain_command_fn,
2257 * Add MAP rule to a domain
2260 * @cliexstart{map add rule}
2263 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2264 .path = "map add rule",
2265 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2266 .function = map_add_rule_command_fn,
2273 * @cliexstart{map del domain}
2276 VLIB_CLI_COMMAND(map_del_command, static) = {
2277 .path = "map del domain",
2278 .short_help = "map del domain index <domain>",
2279 .function = map_del_domain_command_fn,
2286 * @cliexstart{show map domain}
2289 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2290 .path = "show map domain",
2291 .short_help = "show map domain index <n> [counters]",
2292 .function = show_map_domain_command_fn,
2296 * Show MAP statistics
2299 * @cliexstart{show map stats}
2302 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2303 .path = "show map stats",
2304 .short_help = "show map stats",
2305 .function = show_map_stats_command_fn,
2309 * Show MAP fragmentation information
2312 * @cliexstart{show map fragments}
2315 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2316 .path = "show map fragments",
2317 .short_help = "show map fragments",
2318 .function = show_map_fragments_command_fn,
2326 map_init (vlib_main_t * vm)
2328 map_main_t *mm = &map_main;
2329 mm->vnet_main = vnet_get_main ();
2332 #ifdef MAP_SKIP_IP6_LOOKUP
2333 fib_protocol_t proto;
2335 FOR_EACH_FIB_PROTOCOL (proto)
2337 map_pre_resolve_init (&pre_resolved[proto]);
2345 /* Inbound security check */
2346 mm->sec_check = true;
2347 mm->sec_check_frag = false;
2349 /* ICMP6 Type 1, Code 5 for security check failure */
2350 mm->icmp6_enabled = false;
2352 /* Inner or outer fragmentation */
2353 mm->frag_inner = false;
2354 mm->frag_ignore_df = false;
2356 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2357 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "rx";
2358 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "tx";
2360 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2361 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2363 /* IP4 virtual reassembly */
2364 mm->ip4_reass_hash_table = 0;
2365 mm->ip4_reass_pool = 0;
2366 mm->ip4_reass_lock =
2367 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2368 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2369 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2370 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2371 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2372 mm->ip4_reass_ht_log2len =
2373 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2374 mm->ip4_reass_conf_pool_size);
2375 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2376 map_ip4_reass_reinit (NULL, NULL);
2378 /* IP6 virtual reassembly */
2379 mm->ip6_reass_hash_table = 0;
2380 mm->ip6_reass_pool = 0;
2381 mm->ip6_reass_lock =
2382 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2383 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2384 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2385 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2386 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2387 mm->ip6_reass_ht_log2len =
2388 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2389 mm->ip6_reass_conf_pool_size);
2390 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2391 map_ip6_reass_reinit (NULL, NULL);
2393 #ifdef MAP_SKIP_IP6_LOOKUP
2394 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2396 map_dpo_module_init ();
2401 VLIB_INIT_FUNCTION (map_init);
2404 * fd.io coding-style-patch-verification: ON
2407 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob