4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <vnet/map/map_dpo.h>
22 #include <vppinfra/crc32.h>
29 * This code supports the following MAP modes:
31 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
32 * ea_bits_len + ip4_prefix > 32
33 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
34 * Algorithmic Full IPv4 address (ea_bits_len > 0):
35 * ea_bits_len + ip4_prefix = 32
36 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
37 * Algorithmic IPv4 prefix (ea_bits_len > 0):
38 * ea_bits_len + ip4_prefix < 32
39 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
41 * Independent Shared IPv4 address (ea_bits_len = 0):
44 * Rule IPv6 address = 128, Rule PSID Set
45 * Independent Full IPv4 address (ea_bits_len = 0):
47 * psid_length = 0, ip6_prefix = 128
48 * Independent IPv4 prefix (ea_bits_len = 0):
50 * psid_length = 0, ip6_prefix = 128
55 * This code supports MAP-T:
57 * With DMR prefix length equal to 96.
64 map_create_domain (ip4_address_t * ip4_prefix,
66 ip6_address_t * ip6_prefix,
68 ip6_address_t * ip6_src,
72 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
74 u8 suffix_len, suffix_shift;
75 map_main_t *mm = &map_main;
76 dpo_id_t dpo_v4 = DPO_INVALID;
77 dpo_id_t dpo_v6 = DPO_INVALID;
80 /* Sanity check on the src prefix length */
81 if (flags & MAP_DOMAIN_TRANSLATION)
83 if (ip6_src_len != 96)
85 clib_warning ("MAP-T only supports ip6_src_len = 96 for now.");
88 if ((flags & MAP_DOMAIN_RFC6052) && ip6_prefix_len != 96)
90 clib_warning ("RFC6052 translation only supports ip6_prefix_len = "
97 if (ip6_src_len != 128)
100 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
106 /* How many, and which bits to grab from the IPv4 DA */
107 if (ip4_prefix_len + ea_bits_len < 32)
109 if (!(flags & MAP_DOMAIN_TRANSLATION))
110 flags |= MAP_DOMAIN_PREFIX;
111 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
112 suffix_len = ea_bits_len;
117 suffix_len = 32 - ip4_prefix_len;
120 /* EA bits must be within the first 64 bits */
121 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
122 ip6_prefix_len + suffix_len + psid_length > 64))
125 ("Embedded Address bits must be within the first 64 bits of "
130 if (mm->is_ce && !(flags & MAP_DOMAIN_TRANSLATION))
132 clib_warning ("MAP-E CE is not supported yet");
136 /* Get domain index */
137 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
138 memset (d, 0, sizeof (*d));
139 *map_domain_index = d - mm->domains;
141 /* Init domain struct */
142 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
143 d->ip4_prefix_len = ip4_prefix_len;
144 d->ip6_prefix = *ip6_prefix;
145 d->ip6_prefix_len = ip6_prefix_len;
146 d->ip6_src = *ip6_src;
147 d->ip6_src_len = ip6_src_len;
148 d->ea_bits_len = ea_bits_len;
149 d->psid_offset = psid_offset;
150 d->psid_length = psid_length;
153 d->suffix_shift = suffix_shift;
154 d->suffix_mask = (1 << suffix_len) - 1;
156 d->psid_shift = 16 - psid_length - psid_offset;
157 d->psid_mask = (1 << d->psid_length) - 1;
158 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
160 /* MAP data-plane object */
161 if (d->flags & MAP_DOMAIN_TRANSLATION)
162 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
164 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
166 /* Create ip4 route */
168 ip4_address_t ip4_pfx;
176 ip4_pfx_len = d->ip4_prefix_len;
177 ip4_pfx = d->ip4_prefix;
180 .fp_proto = FIB_PROTOCOL_IP4,
181 .fp_len = ip4_pfx_len,
187 fib_table_entry_special_dpo_add (0, &pfx,
189 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
193 * construct a DPO to use the v6 domain
195 if (d->flags & MAP_DOMAIN_TRANSLATION)
196 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
198 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
201 * Multiple MAP domains may share same source IPv6 TEP. Which is just dandy.
202 * We are not tracking the sharing. So a v4 lookup to find the correct
203 * domain post decap/trnaslate is always done
205 * Create ip6 route. This is a reference counted add. If the prefix
206 * already exists and is MAP sourced, it is now MAP source n+1 times
207 * and will need to be removed n+1 times.
210 ip6_address_t ip6_pfx;
213 ip6_pfx_len = d->ip6_prefix_len;
214 ip6_pfx = d->ip6_prefix;
218 ip6_pfx_len = d->ip6_src_len;
219 ip6_pfx = d->ip6_src;
221 fib_prefix_t pfx6 = {
222 .fp_proto = FIB_PROTOCOL_IP6,
223 .fp_len = ip6_pfx_len,
224 .fp_addr.ip6 = ip6_pfx,
227 fib_table_entry_special_dpo_add (0, &pfx6,
229 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
232 /* Validate packet/byte counters */
233 map_domain_counter_lock (mm);
235 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
237 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
239 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
242 for (i = 0; i < vec_len (mm->domain_counters); i++)
244 vlib_validate_combined_counter (&mm->domain_counters[i],
246 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
248 map_domain_counter_unlock (mm);
257 map_delete_domain (u32 map_domain_index)
259 map_main_t *mm = &map_main;
262 if (pool_is_free_index (mm->domains, map_domain_index))
264 clib_warning ("MAP domain delete: domain does not exist: %d",
269 d = pool_elt_at_index (mm->domains, map_domain_index);
272 .fp_proto = FIB_PROTOCOL_IP4,
273 .fp_len = d->ip4_prefix_len,
275 .ip4 = d->ip4_prefix,
279 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
281 fib_prefix_t pfx6 = {
282 .fp_proto = FIB_PROTOCOL_IP6,
283 .fp_len = d->ip6_src_len,
289 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
293 clib_mem_free (d->rules);
295 pool_put (mm->domains, d);
301 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
305 map_main_t *mm = &map_main;
307 if (pool_is_free_index (mm->domains, map_domain_index))
309 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
312 d = pool_elt_at_index (mm->domains, map_domain_index);
314 /* Rules are only used in 1:1 independent case */
315 if (d->ea_bits_len > 0)
320 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
321 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
324 memset (d->rules, 0, l);
327 if (psid >= (0x1 << d->psid_length))
329 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
330 0x1 << d->psid_length);
336 d->rules[psid] = *tep;
340 memset (&d->rules[psid], 0, sizeof (ip6_address_t));
345 #ifdef MAP_SKIP_IP6_LOOKUP
347 * Pre-resolvd per-protocol global next-hops
349 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
352 map_pre_resolve_init (map_main_pre_resolved_t * pr)
354 pr->fei = FIB_NODE_INDEX_INVALID;
355 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
359 format_map_pre_resolve (u8 * s, va_list * ap)
361 map_main_pre_resolved_t *pr = va_arg (*ap, map_main_pre_resolved_t *);
363 if (FIB_NODE_INDEX_INVALID != pr->fei)
367 fib_entry_get_prefix (pr->fei, &pfx);
369 return (format (s, "%U (%u)",
370 format_ip46_address, &pfx.fp_addr, IP46_TYPE_ANY,
371 pr->dpo.dpoi_index));
375 return (format (s, "un-set"));
381 * Function definition to inform the FIB node that its last lock has gone.
384 map_last_lock_gone (fib_node_t * node)
387 * The MAP is a root of the graph. As such
388 * it never has children and thus is never locked.
393 static map_main_pre_resolved_t *
394 map_from_fib_node (fib_node_t * node)
396 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
397 return ((map_main_pre_resolved_t *)
399 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
403 map_stack (map_main_pre_resolved_t * pr)
407 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
409 dpo_copy (&pr->dpo, dpo);
413 * Function definition to backwalk a FIB node
415 static fib_node_back_walk_rc_t
416 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
418 map_stack (map_from_fib_node (node));
420 return (FIB_NODE_BACK_WALK_CONTINUE);
424 * Function definition to get a FIB node from its index
427 map_fib_node_get (fib_node_index_t index)
429 return (&pre_resolved[index].node);
433 * Virtual function table registered by MPLS GRE tunnels
434 * for participation in the FIB object graph.
436 const static fib_node_vft_t map_vft = {
437 .fnv_get = map_fib_node_get,
438 .fnv_last_lock = map_last_lock_gone,
439 .fnv_back_walk = map_back_walk,
443 map_fib_resolve (map_main_pre_resolved_t * pr,
444 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
452 pr->fei = fib_table_entry_special_add (0, // default fib
454 FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE);
455 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
460 map_fib_unresolve (map_main_pre_resolved_t * pr,
461 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
469 fib_entry_child_remove (pr->fei, pr->sibling);
471 fib_table_entry_special_remove (0, // default fib
472 &pfx, FIB_SOURCE_RR);
473 dpo_reset (&pr->dpo);
475 pr->fei = FIB_NODE_INDEX_INVALID;
476 pr->sibling = FIB_NODE_INDEX_INVALID;
480 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
482 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
484 ip46_address_t addr = {
488 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
489 FIB_PROTOCOL_IP6, 128, &addr);
491 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
492 FIB_PROTOCOL_IP6, 128, &addr);
494 if (ip4 && (ip4->as_u32 != 0))
496 ip46_address_t addr = {
500 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
501 FIB_PROTOCOL_IP4, 32, &addr);
503 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
504 FIB_PROTOCOL_IP4, 32, &addr);
509 static clib_error_t *
510 map_security_check_command_fn (vlib_main_t * vm,
511 unformat_input_t * input,
512 vlib_cli_command_t * cmd)
514 unformat_input_t _line_input, *line_input = &_line_input;
515 map_main_t *mm = &map_main;
516 clib_error_t *error = NULL;
518 /* Get a line of input. */
519 if (!unformat_user (input, unformat_line_input, line_input))
522 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
524 if (unformat (line_input, "off"))
525 mm->sec_check = false;
526 else if (unformat (line_input, "on"))
527 mm->sec_check = true;
530 error = clib_error_return (0, "unknown input `%U'",
531 format_unformat_error, line_input);
537 unformat_free (line_input);
542 static clib_error_t *
543 map_security_check_frag_command_fn (vlib_main_t * vm,
544 unformat_input_t * input,
545 vlib_cli_command_t * cmd)
547 unformat_input_t _line_input, *line_input = &_line_input;
548 map_main_t *mm = &map_main;
549 clib_error_t *error = NULL;
551 /* Get a line of input. */
552 if (!unformat_user (input, unformat_line_input, line_input))
555 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
557 if (unformat (line_input, "off"))
558 mm->sec_check_frag = false;
559 else if (unformat (line_input, "on"))
560 mm->sec_check_frag = true;
563 error = clib_error_return (0, "unknown input `%U'",
564 format_unformat_error, line_input);
570 unformat_free (line_input);
575 static clib_error_t *
576 map_add_domain_command_fn (vlib_main_t * vm,
577 unformat_input_t * input, vlib_cli_command_t * cmd)
579 unformat_input_t _line_input, *line_input = &_line_input;
580 ip4_address_t ip4_prefix;
581 ip6_address_t ip6_prefix;
582 ip6_address_t ip6_src;
583 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
585 /* Optional arguments */
586 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
590 clib_error_t *error = NULL;
592 /* Get a line of input. */
593 if (!unformat_user (input, unformat_line_input, line_input))
596 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
599 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
604 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
609 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
614 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
616 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
618 else if (unformat (line_input, "psid-offset %d", &psid_offset))
620 else if (unformat (line_input, "psid-len %d", &psid_length))
622 else if (unformat (line_input, "mtu %d", &mtu))
624 else if (unformat (line_input, "map-t"))
625 flags |= MAP_DOMAIN_TRANSLATION;
626 else if (unformat (line_input, "rfc6052"))
627 flags |= (MAP_DOMAIN_TRANSLATION | MAP_DOMAIN_RFC6052);
630 error = clib_error_return (0, "unknown input `%U'",
631 format_unformat_error, line_input);
638 error = clib_error_return (0, "mandatory argument(s) missing");
642 map_create_domain (&ip4_prefix, ip4_prefix_len,
643 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
644 ea_bits_len, psid_offset, psid_length, &map_domain_index,
648 unformat_free (line_input);
653 static clib_error_t *
654 map_del_domain_command_fn (vlib_main_t * vm,
655 unformat_input_t * input, vlib_cli_command_t * cmd)
657 unformat_input_t _line_input, *line_input = &_line_input;
659 u32 map_domain_index;
660 clib_error_t *error = NULL;
662 /* Get a line of input. */
663 if (!unformat_user (input, unformat_line_input, line_input))
666 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
668 if (unformat (line_input, "index %d", &map_domain_index))
672 error = clib_error_return (0, "unknown input `%U'",
673 format_unformat_error, line_input);
680 error = clib_error_return (0, "mandatory argument(s) missing");
684 map_delete_domain (map_domain_index);
687 unformat_free (line_input);
692 static clib_error_t *
693 map_add_rule_command_fn (vlib_main_t * vm,
694 unformat_input_t * input, vlib_cli_command_t * cmd)
696 unformat_input_t _line_input, *line_input = &_line_input;
699 u32 psid = 0, map_domain_index;
700 clib_error_t *error = NULL;
702 /* Get a line of input. */
703 if (!unformat_user (input, unformat_line_input, line_input))
706 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
708 if (unformat (line_input, "index %d", &map_domain_index))
710 else if (unformat (line_input, "psid %d", &psid))
713 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
717 error = clib_error_return (0, "unknown input `%U'",
718 format_unformat_error, line_input);
725 error = clib_error_return (0, "mandatory argument(s) missing");
729 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
731 error = clib_error_return (0, "Failing to add Mapping Rule");
736 unformat_free (line_input);
741 #if MAP_SKIP_IP6_LOOKUP
742 static clib_error_t *
743 map_pre_resolve_command_fn (vlib_main_t * vm,
744 unformat_input_t * input,
745 vlib_cli_command_t * cmd)
747 unformat_input_t _line_input, *line_input = &_line_input;
748 ip4_address_t ip4nh, *p_v4 = NULL;
749 ip6_address_t ip6nh, *p_v6 = NULL;
750 clib_error_t *error = NULL;
753 memset (&ip4nh, 0, sizeof (ip4nh));
754 memset (&ip6nh, 0, sizeof (ip6nh));
756 /* Get a line of input. */
757 if (!unformat_user (input, unformat_line_input, line_input))
760 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
762 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
765 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
767 else if (unformat (line_input, "del"))
771 error = clib_error_return (0, "unknown input `%U'",
772 format_unformat_error, line_input);
777 map_pre_resolve (p_v4, p_v6, is_del);
780 unformat_free (line_input);
786 static clib_error_t *
787 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
788 unformat_input_t * input,
789 vlib_cli_command_t * cmd)
791 unformat_input_t _line_input, *line_input = &_line_input;
792 ip4_address_t icmp_src_address;
793 map_main_t *mm = &map_main;
794 clib_error_t *error = NULL;
796 mm->icmp4_src_address.as_u32 = 0;
798 /* Get a line of input. */
799 if (!unformat_user (input, unformat_line_input, line_input))
802 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
805 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
806 mm->icmp4_src_address = icmp_src_address;
809 error = clib_error_return (0, "unknown input `%U'",
810 format_unformat_error, line_input);
816 unformat_free (line_input);
821 static clib_error_t *
822 map_icmp_unreachables_command_fn (vlib_main_t * vm,
823 unformat_input_t * input,
824 vlib_cli_command_t * cmd)
826 unformat_input_t _line_input, *line_input = &_line_input;
827 map_main_t *mm = &map_main;
829 clib_error_t *error = NULL;
831 /* Get a line of input. */
832 if (!unformat_user (input, unformat_line_input, line_input))
835 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
838 if (unformat (line_input, "on"))
839 mm->icmp6_enabled = true;
840 else if (unformat (line_input, "off"))
841 mm->icmp6_enabled = false;
844 error = clib_error_return (0, "unknown input `%U'",
845 format_unformat_error, line_input);
852 error = clib_error_return (0, "mandatory argument(s) missing");
855 unformat_free (line_input);
860 static clib_error_t *
861 map_fragment_command_fn (vlib_main_t * vm,
862 unformat_input_t * input, vlib_cli_command_t * cmd)
864 unformat_input_t _line_input, *line_input = &_line_input;
865 map_main_t *mm = &map_main;
866 clib_error_t *error = NULL;
868 /* Get a line of input. */
869 if (!unformat_user (input, unformat_line_input, line_input))
872 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
874 if (unformat (line_input, "inner"))
875 mm->frag_inner = true;
876 else if (unformat (line_input, "outer"))
877 mm->frag_inner = false;
880 error = clib_error_return (0, "unknown input `%U'",
881 format_unformat_error, line_input);
887 unformat_free (line_input);
892 static clib_error_t *
893 map_fragment_df_command_fn (vlib_main_t * vm,
894 unformat_input_t * input,
895 vlib_cli_command_t * cmd)
897 unformat_input_t _line_input, *line_input = &_line_input;
898 map_main_t *mm = &map_main;
899 clib_error_t *error = NULL;
901 /* Get a line of input. */
902 if (!unformat_user (input, unformat_line_input, line_input))
905 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
907 if (unformat (line_input, "on"))
908 mm->frag_ignore_df = true;
909 else if (unformat (line_input, "off"))
910 mm->frag_ignore_df = false;
913 error = clib_error_return (0, "unknown input `%U'",
914 format_unformat_error, line_input);
920 unformat_free (line_input);
925 static clib_error_t *
926 map_traffic_class_command_fn (vlib_main_t * vm,
927 unformat_input_t * input,
928 vlib_cli_command_t * cmd)
930 unformat_input_t _line_input, *line_input = &_line_input;
931 map_main_t *mm = &map_main;
933 clib_error_t *error = NULL;
937 /* Get a line of input. */
938 if (!unformat_user (input, unformat_line_input, line_input))
941 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
943 if (unformat (line_input, "copy"))
945 else if (unformat (line_input, "%x", &tc))
949 error = clib_error_return (0, "unknown input `%U'",
950 format_unformat_error, line_input);
956 unformat_free (line_input);
962 map_flags_to_string (u32 flags)
964 if (flags & MAP_DOMAIN_RFC6052)
966 if (flags & MAP_DOMAIN_PREFIX)
968 if (flags & MAP_DOMAIN_TRANSLATION)
974 format_map_domain (u8 * s, va_list * args)
976 map_domain_t *d = va_arg (*args, map_domain_t *);
977 bool counters = va_arg (*args, int);
978 map_main_t *mm = &map_main;
979 ip6_address_t ip6_prefix;
982 memset (&ip6_prefix, 0, sizeof (ip6_prefix));
984 ip6_prefix = d->ip6_prefix;
987 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea_bits_len %d "
988 "psid-offset %d psid-len %d mtu %d %s",
990 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
991 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
992 format_ip6_address, &d->ip6_src, d->ip6_src_len,
993 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
994 map_flags_to_string (d->flags));
998 map_domain_counter_lock (mm);
1000 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
1001 d - mm->domains, &v);
1002 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
1003 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
1004 d - mm->domains, &v);
1005 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
1006 map_domain_counter_unlock (mm);
1008 s = format (s, "\n");
1014 for (i = 0; i < (0x1 << d->psid_length); i++)
1017 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
1020 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
1028 format_map_ip4_reass (u8 * s, va_list * args)
1030 map_main_t *mm = &map_main;
1031 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
1032 map_ip4_reass_key_t *k = &r->key;
1033 f64 now = vlib_time_now (mm->vlib_main);
1034 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
1035 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1037 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
1038 format_ip4_address, &k->src.as_u8, format_ip4_address,
1039 &k->dst.as_u8, k->protocol,
1040 clib_net_to_host_u16 (k->fragment_id),
1041 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
1046 format_map_ip6_reass (u8 * s, va_list * args)
1048 map_main_t *mm = &map_main;
1049 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
1050 map_ip6_reass_key_t *k = &r->key;
1051 f64 now = vlib_time_now (mm->vlib_main);
1052 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
1053 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1055 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
1056 format_ip6_address, &k->src.as_u8, format_ip6_address,
1057 &k->dst.as_u8, k->protocol,
1058 clib_net_to_host_u32 (k->fragment_id), dt);
1062 static clib_error_t *
1063 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
1064 vlib_cli_command_t * cmd)
1066 unformat_input_t _line_input, *line_input = &_line_input;
1067 map_main_t *mm = &map_main;
1069 bool counters = false;
1070 u32 map_domain_index = ~0;
1071 clib_error_t *error = NULL;
1073 /* Get a line of input. */
1074 if (!unformat_user (input, unformat_line_input, line_input))
1077 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1079 if (unformat (line_input, "counters"))
1081 else if (unformat (line_input, "index %d", &map_domain_index))
1085 error = clib_error_return (0, "unknown input `%U'",
1086 format_unformat_error, line_input);
1091 if (pool_elts (mm->domains) == 0)
1092 vlib_cli_output (vm, "No MAP domains are configured...");
1094 if (map_domain_index == ~0)
1097 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
1102 if (pool_is_free_index (mm->domains, map_domain_index))
1104 error = clib_error_return (0, "MAP domain does not exists %d",
1109 d = pool_elt_at_index (mm->domains, map_domain_index);
1110 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1114 unformat_free (line_input);
1119 static clib_error_t *
1120 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1121 vlib_cli_command_t * cmd)
1123 map_main_t *mm = &map_main;
1124 map_ip4_reass_t *f4;
1125 map_ip6_reass_t *f6;
1128 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1131 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1137 map_error_counter_get (u32 node_index, map_error_t map_error)
1139 vlib_main_t *vm = vlib_get_main ();
1140 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1141 vlib_error_main_t *em = &vm->error_main;
1142 vlib_error_t e = error_node->errors[map_error];
1143 vlib_node_t *n = vlib_get_node (vm, node_index);
1146 ci = vlib_error_get_code (e);
1147 ASSERT (ci < n->n_errors);
1148 ci += n->error_heap_index;
1150 return (em->counters[ci]);
1153 static clib_error_t *
1154 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1155 vlib_cli_command_t * cmd)
1157 map_main_t *mm = &map_main;
1159 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1160 if (pool_elts (mm->domains) == 0)
1162 vlib_cli_output (vm, "No MAP domains are configured...");
1167 pool_foreach(d, mm->domains, ({
1169 rulecount+= 0x1 << d->psid_length;
1170 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1172 domains += sizeof(*d);
1177 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1178 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1179 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1180 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1182 #if MAP_SKIP_IP6_LOOKUP
1183 vlib_cli_output (vm,
1184 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1185 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1186 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1191 vlib_cli_output (vm, "MAP traffic-class: copy");
1193 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1195 vlib_cli_output (vm,
1196 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1197 mm->sec_check ? "enabled" : "disabled",
1198 mm->sec_check_frag ? "enabled" : "disabled");
1200 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1201 format_ip4_address, &mm->icmp4_src_address);
1202 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1203 mm->icmp6_enabled ? "enabled" : "disabled");
1204 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1205 mm->frag_inner ? "enabled" : "disabled");
1206 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1207 mm->frag_ignore_df ? "enabled" : "disabled");
1212 vlib_combined_counter_main_t *cm = mm->domain_counters;
1213 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1214 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1218 memset (total_pkts, 0, sizeof (total_pkts));
1219 memset (total_bytes, 0, sizeof (total_bytes));
1221 map_domain_counter_lock (mm);
1222 vec_foreach (cm, mm->domain_counters)
1224 which = cm - mm->domain_counters;
1226 for (i = 0; i < vlib_combined_counter_n_counters (cm); i++)
1228 vlib_get_combined_counter (cm, i, &v);
1229 total_pkts[which] += v.packets;
1230 total_bytes[which] += v.bytes;
1233 map_domain_counter_unlock (mm);
1235 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1236 total_pkts[MAP_DOMAIN_COUNTER_TX],
1237 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1238 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1239 total_pkts[MAP_DOMAIN_COUNTER_RX],
1240 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1242 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1243 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1248 static clib_error_t *
1249 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1250 vlib_cli_command_t * cmd)
1252 unformat_input_t _line_input, *line_input = &_line_input;
1254 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1256 u64 buffers = ~(0ull);
1257 u8 ip4 = 0, ip6 = 0;
1259 if (!unformat_user (input, unformat_line_input, line_input))
1262 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1264 if (unformat (line_input, "lifetime %u", &lifetime))
1266 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1268 else if (unformat (line_input, "pool-size %u", &pool_size))
1270 else if (unformat (line_input, "buffers %llu", &buffers))
1272 else if (unformat (line_input, "ip4"))
1274 else if (unformat (line_input, "ip6"))
1278 unformat_free (line_input);
1279 return clib_error_return (0, "invalid input");
1282 unformat_free (line_input);
1285 return clib_error_return (0, "must specify ip4 and/or ip6");
1289 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1290 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1291 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1292 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1293 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1294 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1295 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1296 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1297 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1298 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1299 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1300 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1301 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1306 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1307 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1308 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1309 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1310 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1311 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1312 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1313 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1314 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1315 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1316 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1317 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1318 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1323 u32 reass = 0, packets = 0;
1324 if (pool_size != ~0)
1326 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1328 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1332 vlib_cli_output (vm,
1333 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1337 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1339 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1341 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1345 vlib_cli_output (vm,
1346 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1352 if (map_ip4_reass_conf_lifetime (lifetime))
1353 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1355 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1357 if (buffers != ~(0ull))
1359 if (map_ip4_reass_conf_buffers (buffers))
1360 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1362 vlib_cli_output (vm, "Setting ip4-reass buffers");
1365 if (map_main.ip4_reass_conf_buffers >
1366 map_main.ip4_reass_conf_pool_size *
1367 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1369 vlib_cli_output (vm,
1370 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1376 u32 reass = 0, packets = 0;
1377 if (pool_size != ~0)
1379 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1381 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1385 vlib_cli_output (vm,
1386 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1390 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1392 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1394 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1398 vlib_cli_output (vm,
1399 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1405 if (map_ip6_reass_conf_lifetime (lifetime))
1406 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1408 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1410 if (buffers != ~(0ull))
1412 if (map_ip6_reass_conf_buffers (buffers))
1413 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1415 vlib_cli_output (vm, "Setting ip6-reass buffers");
1418 if (map_main.ip6_reass_conf_buffers >
1419 map_main.ip6_reass_conf_pool_size *
1420 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1422 vlib_cli_output (vm,
1423 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1432 * packet trace format function
1435 format_map_trace (u8 * s, va_list * args)
1437 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1438 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1439 map_trace_t *t = va_arg (*args, map_trace_t *);
1440 u32 map_domain_index = t->map_domain_index;
1444 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1445 clib_net_to_host_u16 (port));
1450 static_always_inline map_ip4_reass_t *
1451 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1453 map_main_t *mm = &map_main;
1454 u32 ri = mm->ip4_reass_hash_table[bucket];
1455 while (ri != MAP_REASS_INDEX_NONE)
1457 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1458 if (r->key.as_u64[0] == k->as_u64[0] &&
1459 r->key.as_u64[1] == k->as_u64[1] &&
1460 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1464 ri = r->bucket_next;
1469 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1472 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1474 map_main_t *mm = &map_main;
1475 map_ip4_reass_get_fragments (r, pi_to_drop);
1477 // Unlink in hash bucket
1478 map_ip4_reass_t *r2 = NULL;
1479 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1480 while (r2i != map_ip4_reass_pool_index (r))
1482 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1483 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1484 r2i = r2->bucket_next;
1488 r2->bucket_next = r->bucket_next;
1492 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1496 if (r->fifo_next == map_ip4_reass_pool_index (r))
1498 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1502 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1503 mm->ip4_reass_fifo_last = r->fifo_prev;
1504 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1506 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1510 pool_put (mm->ip4_reass_pool, r);
1511 mm->ip4_reass_allocated--;
1515 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1516 u8 protocol, u32 ** pi_to_drop)
1519 map_main_t *mm = &map_main;
1520 map_ip4_reass_key_t k = {.src.data_u32 = src,
1521 .dst.data_u32 = dst,
1522 .fragment_id = fragment_id,
1523 .protocol = protocol
1527 #ifdef clib_crc32c_uses_intrinsics
1528 h = clib_crc32c ((u8 *) k.as_u32, 16);
1530 u64 tmp = k.as_u32[0] ^ k.as_u32[1] ^ k.as_u32[2] ^ k.as_u32[3];
1531 h = clib_xxhash (tmp);
1533 h = h >> (32 - mm->ip4_reass_ht_log2len);
1535 f64 now = vlib_time_now (mm->vlib_main);
1537 //Cache garbage collection
1538 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1540 map_ip4_reass_t *last =
1541 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1542 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1543 map_ip4_reass_free (last, pi_to_drop);
1548 if ((r = map_ip4_reass_lookup (&k, h, now)))
1551 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1554 pool_get (mm->ip4_reass_pool, r);
1555 mm->ip4_reass_allocated++;
1557 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1558 r->fragments[i] = ~0;
1560 u32 ri = map_ip4_reass_pool_index (r);
1562 //Link in new bucket
1564 r->bucket_next = mm->ip4_reass_hash_table[h];
1565 mm->ip4_reass_hash_table[h] = ri;
1568 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1571 pool_elt_at_index (mm->ip4_reass_pool,
1572 mm->ip4_reass_fifo_last)->fifo_next;
1573 r->fifo_prev = mm->ip4_reass_fifo_last;
1574 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1575 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1579 r->fifo_next = r->fifo_prev = ri;
1580 mm->ip4_reass_fifo_last = ri;
1587 #ifdef MAP_IP4_REASS_COUNT_BYTES
1588 r->expected_total = 0xffff;
1596 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1598 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1602 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1603 if (r->fragments[i] == ~0)
1605 r->fragments[i] = pi;
1606 map_main.ip4_reass_buffered_counter++;
1612 static_always_inline map_ip6_reass_t *
1613 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1615 map_main_t *mm = &map_main;
1616 u32 ri = mm->ip6_reass_hash_table[bucket];
1617 while (ri != MAP_REASS_INDEX_NONE)
1619 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1620 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1621 r->key.as_u64[0] == k->as_u64[0] &&
1622 r->key.as_u64[1] == k->as_u64[1] &&
1623 r->key.as_u64[2] == k->as_u64[2] &&
1624 r->key.as_u64[3] == k->as_u64[3] &&
1625 r->key.as_u64[4] == k->as_u64[4])
1627 ri = r->bucket_next;
1632 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1635 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1637 map_main_t *mm = &map_main;
1639 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1640 if (r->fragments[i].pi != ~0)
1642 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1643 r->fragments[i].pi = ~0;
1644 map_main.ip6_reass_buffered_counter--;
1647 // Unlink in hash bucket
1648 map_ip6_reass_t *r2 = NULL;
1649 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1650 while (r2i != map_ip6_reass_pool_index (r))
1652 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1653 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1654 r2i = r2->bucket_next;
1658 r2->bucket_next = r->bucket_next;
1662 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1666 if (r->fifo_next == map_ip6_reass_pool_index (r))
1668 //Single element in the list, list is now empty
1669 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1673 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1674 mm->ip6_reass_fifo_last = r->fifo_prev;
1675 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1677 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1681 // Free from pool if necessary
1682 pool_put (mm->ip6_reass_pool, r);
1683 mm->ip6_reass_allocated--;
1687 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1688 u8 protocol, u32 ** pi_to_drop)
1691 map_main_t *mm = &map_main;
1692 map_ip6_reass_key_t k = {
1695 .fragment_id = fragment_id,
1696 .protocol = protocol
1702 #ifdef clib_crc32c_uses_intrinsics
1703 h = clib_crc32c ((u8 *) k.as_u32, 40);
1706 k.as_u64[0] ^ k.as_u64[1] ^ k.as_u64[2] ^ k.as_u64[3] ^ k.as_u64[4];
1707 h = clib_xxhash (tmp);
1710 h = h >> (32 - mm->ip6_reass_ht_log2len);
1712 f64 now = vlib_time_now (mm->vlib_main);
1714 //Cache garbage collection
1715 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1717 map_ip6_reass_t *last =
1718 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1719 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1720 map_ip6_reass_free (last, pi_to_drop);
1725 if ((r = map_ip6_reass_lookup (&k, h, now)))
1728 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1731 pool_get (mm->ip6_reass_pool, r);
1732 mm->ip6_reass_allocated++;
1733 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1735 r->fragments[i].pi = ~0;
1736 r->fragments[i].next_data_len = 0;
1737 r->fragments[i].next_data_offset = 0;
1740 u32 ri = map_ip6_reass_pool_index (r);
1742 //Link in new bucket
1744 r->bucket_next = mm->ip6_reass_hash_table[h];
1745 mm->ip6_reass_hash_table[h] = ri;
1748 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1751 pool_elt_at_index (mm->ip6_reass_pool,
1752 mm->ip6_reass_fifo_last)->fifo_next;
1753 r->fifo_prev = mm->ip6_reass_fifo_last;
1754 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1755 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1759 r->fifo_next = r->fifo_prev = ri;
1760 mm->ip6_reass_fifo_last = ri;
1766 r->ip4_header.ip_version_and_header_length = 0;
1767 #ifdef MAP_IP6_REASS_COUNT_BYTES
1768 r->expected_total = 0xffff;
1775 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1776 u16 data_offset, u16 next_data_offset,
1777 u8 * data_start, u16 data_len)
1779 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1780 u16 copied_len = (data_len > 20) ? 20 : data_len;
1782 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1785 //Lookup for fragments for the current buffer
1786 //and the one before that
1788 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1790 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1792 prev_f = &r->fragments[i]; // This is buffer for previous packet
1794 else if (r->fragments[i].next_data_offset == next_data_offset)
1796 f = &r->fragments[i]; // This is a buffer for the current packet
1798 else if (r->fragments[i].next_data_offset == 0)
1801 f = &r->fragments[i];
1802 else if (prev_f == NULL)
1803 prev_f = &r->fragments[i];
1807 if (!f || f->pi != ~0)
1815 clib_memcpy (prev_f->next_data, data_start, copied_len);
1816 prev_f->next_data_len = copied_len;
1817 prev_f->next_data_offset = data_offset;
1821 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1824 if (r->ip4_header.ip_version_and_header_length == 0)
1825 clib_memcpy (&r->ip4_header, data_start, sizeof (ip4_header_t));
1830 f->next_data_offset = next_data_offset;
1832 map_main.ip6_reass_buffered_counter++;
1838 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1840 map_main_t *mm = &map_main;
1843 if (dropped_packets)
1844 *dropped_packets = mm->ip4_reass_buffered_counter;
1846 *trashed_reass = mm->ip4_reass_allocated;
1847 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1849 u16 ri = mm->ip4_reass_fifo_last;
1852 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1853 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1854 if (r->fragments[i] != ~0)
1855 map_ip4_drop_pi (r->fragments[i]);
1858 pool_put (mm->ip4_reass_pool, r);
1860 while (ri != mm->ip4_reass_fifo_last);
1863 vec_free (mm->ip4_reass_hash_table);
1864 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1865 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1866 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1867 pool_free (mm->ip4_reass_pool);
1868 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1870 mm->ip4_reass_allocated = 0;
1871 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1872 mm->ip4_reass_buffered_counter = 0;
1876 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1878 u32 desired_size = (u32) (pool_size * ht_ratio);
1880 for (i = 1; i < 31; i++)
1881 if ((1 << i) >= desired_size)
1887 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1888 u32 * dropped_packets)
1890 map_main_t *mm = &map_main;
1891 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1894 map_ip4_reass_lock ();
1895 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1896 mm->ip4_reass_ht_log2len =
1897 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1898 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1899 map_ip4_reass_unlock ();
1904 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1905 u32 * dropped_packets)
1907 map_main_t *mm = &map_main;
1908 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1911 map_ip4_reass_lock ();
1912 mm->ip4_reass_conf_pool_size = pool_size;
1913 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1914 map_ip4_reass_unlock ();
1919 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1921 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1926 map_ip4_reass_conf_buffers (u32 buffers)
1928 map_main.ip4_reass_conf_buffers = buffers;
1933 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1935 map_main_t *mm = &map_main;
1936 if (dropped_packets)
1937 *dropped_packets = mm->ip6_reass_buffered_counter;
1939 *trashed_reass = mm->ip6_reass_allocated;
1941 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1943 u16 ri = mm->ip6_reass_fifo_last;
1946 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1947 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1948 if (r->fragments[i].pi != ~0)
1949 map_ip6_drop_pi (r->fragments[i].pi);
1952 pool_put (mm->ip6_reass_pool, r);
1954 while (ri != mm->ip6_reass_fifo_last);
1955 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1958 vec_free (mm->ip6_reass_hash_table);
1959 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1960 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1961 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1962 pool_free (mm->ip6_reass_pool);
1963 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1965 mm->ip6_reass_allocated = 0;
1966 mm->ip6_reass_buffered_counter = 0;
1970 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1971 u32 * dropped_packets)
1973 map_main_t *mm = &map_main;
1974 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1977 map_ip6_reass_lock ();
1978 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1979 mm->ip6_reass_ht_log2len =
1980 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1981 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1982 map_ip6_reass_unlock ();
1987 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1988 u32 * dropped_packets)
1990 map_main_t *mm = &map_main;
1991 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1994 map_ip6_reass_lock ();
1995 mm->ip6_reass_conf_pool_size = pool_size;
1996 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1997 map_ip6_reass_unlock ();
2002 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
2004 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
2009 map_ip6_reass_conf_buffers (u32 buffers)
2011 map_main.ip6_reass_conf_buffers = buffers;
2018 * Configure MAP reassembly behaviour
2021 * @cliexstart{map params reassembly}
2024 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
2025 .path = "map params reassembly",
2026 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
2027 "[pool-size <pool-size>] [buffers <buffers>] "
2028 "[ht-ratio <ht-ratio>]",
2029 .function = map_params_reass_command_fn,
2033 * Set or copy the IP TOS/Traffic Class field
2036 * @cliexstart{map params traffic-class}
2038 * This command is used to set the traffic-class field in translated
2039 * or encapsulated packets. If copy is specifed (the default) then the
2040 * traffic-class/TOS field is copied from the original packet to the
2041 * translated / encapsulating header.
2044 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
2045 .path = "map params traffic-class",
2046 .short_help = "map params traffic-class {0x0-0xff | copy}",
2047 .function = map_traffic_class_command_fn,
2051 * Bypass IP4/IP6 lookup
2054 * @cliexstart{map params pre-resolve}
2056 * Bypass a second FIB lookup of the translated or encapsulated
2057 * packet, and forward the packet directly to the specified
2058 * next-hop. This optimization trades forwarding flexibility for
2062 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
2063 .path = "map params pre-resolve",
2064 .short_help = " map params pre-resolve {ip4-nh <address>} "
2065 "| {ip6-nh <address>}",
2066 .function = map_pre_resolve_command_fn,
2070 * Enable or disable the MAP-E inbound security check
2073 * @cliexstart{map params security-check}
2075 * By default, a decapsulated packet's IPv4 source address will be
2076 * verified against the outer header's IPv6 source address. Disabling
2077 * this feature will allow IPv4 source address spoofing.
2080 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2081 .path = "map params security-check",
2082 .short_help = "map params security-check on|off",
2083 .function = map_security_check_command_fn,
2087 * Specifiy the IPv4 source address used for relayed ICMP error messages
2090 * @cliexstart{map params icmp source-address}
2092 * This command specifies which IPv4 source address (must be local to
2093 * the system), that is used for relayed received IPv6 ICMP error
2097 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2098 .path = "map params icmp source-address",
2099 .short_help = "map params icmp source-address <ip4-address>",
2100 .function = map_icmp_relay_source_address_command_fn,
2104 * Send IPv6 ICMP unreachables
2107 * @cliexstart{map params icmp6 unreachables}
2109 * Send IPv6 ICMP unreachable messages back if security check fails or
2110 * no MAP domain exists.
2113 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2114 .path = "map params icmp6 unreachables",
2115 .short_help = "map params icmp6 unreachables {on|off}",
2116 .function = map_icmp_unreachables_command_fn,
2120 * Configure MAP fragmentation behaviour
2123 * @cliexstart{map params fragment}
2126 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2127 .path = "map params fragment",
2128 .short_help = "map params fragment inner|outer",
2129 .function = map_fragment_command_fn,
2133 * Ignore the IPv4 Don't fragment bit
2136 * @cliexstart{map params fragment ignore-df}
2138 * Allows fragmentation of the IPv4 packet even if the DF bit is
2139 * set. The choice between inner or outer fragmentation of tunnel
2140 * packets is complicated. The benefit of inner fragmentation is that
2141 * the ultimate endpoint must reassemble, instead of the tunnel
2145 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
2146 .path = "map params fragment ignore-df",
2147 .short_help = "map params fragment ignore-df on|off",
2148 .function = map_fragment_df_command_fn,
2152 * Specifiy if the inbound security check should be done on fragments
2155 * @cliexstart{map params security-check fragments}
2157 * Typically the inbound on-decapsulation security check is only done
2158 * on the first packet. The packet that contains the L4
2159 * information. While a security check on every fragment is possible,
2160 * it has a cost. State must be created on the first fragment.
2163 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
2164 .path = "map params security-check fragments",
2165 .short_help = "map params security-check fragments on|off",
2166 .function = map_security_check_frag_command_fn,
2173 * @cliexstart{map add domain}
2176 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2177 .path = "map add domain",
2178 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2179 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2180 "[map-t] [map-ce] [mtu <mtu>]",
2181 .function = map_add_domain_command_fn,
2185 * Add MAP rule to a domain
2188 * @cliexstart{map add rule}
2191 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2192 .path = "map add rule",
2193 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2194 .function = map_add_rule_command_fn,
2201 * @cliexstart{map del domain}
2204 VLIB_CLI_COMMAND(map_del_command, static) = {
2205 .path = "map del domain",
2206 .short_help = "map del domain index <domain>",
2207 .function = map_del_domain_command_fn,
2214 * @cliexstart{show map domain}
2217 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2218 .path = "show map domain",
2219 .short_help = "show map domain index <n> [counters]",
2220 .function = show_map_domain_command_fn,
2224 * Show MAP statistics
2227 * @cliexstart{show map stats}
2230 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2231 .path = "show map stats",
2232 .short_help = "show map stats",
2233 .function = show_map_stats_command_fn,
2237 * Show MAP fragmentation information
2240 * @cliexstart{show map fragments}
2243 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2244 .path = "show map fragments",
2245 .short_help = "show map fragments",
2246 .function = show_map_fragments_command_fn,
2250 static clib_error_t *
2251 map_config (vlib_main_t * vm, unformat_input_t * input)
2253 map_main_t *mm = &map_main;
2256 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2258 if (unformat (input, "customer edge"))
2261 return clib_error_return (0, "unknown input '%U'",
2262 format_unformat_error, input);
2270 VLIB_CONFIG_FUNCTION (map_config, "map");
2276 map_init (vlib_main_t * vm)
2278 map_main_t *mm = &map_main;
2279 mm->vnet_main = vnet_get_main ();
2282 #ifdef MAP_SKIP_IP6_LOOKUP
2283 fib_protocol_t proto;
2285 FOR_EACH_FIB_PROTOCOL (proto)
2287 map_pre_resolve_init (&pre_resolved[proto]);
2295 /* Inbound security check */
2296 mm->sec_check = true;
2297 mm->sec_check_frag = false;
2299 /* ICMP6 Type 1, Code 5 for security check failure */
2300 mm->icmp6_enabled = false;
2304 /* Inner or outer fragmentation */
2305 mm->frag_inner = false;
2306 mm->frag_ignore_df = false;
2308 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2309 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "rx";
2310 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "tx";
2312 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2313 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2315 /* IP4 virtual reassembly */
2316 mm->ip4_reass_hash_table = 0;
2317 mm->ip4_reass_pool = 0;
2318 mm->ip4_reass_lock =
2319 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2320 *mm->ip4_reass_lock = 0;
2321 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2322 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2323 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2324 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2325 mm->ip4_reass_ht_log2len =
2326 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2327 mm->ip4_reass_conf_pool_size);
2328 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2329 map_ip4_reass_reinit (NULL, NULL);
2331 /* IP6 virtual reassembly */
2332 mm->ip6_reass_hash_table = 0;
2333 mm->ip6_reass_pool = 0;
2334 mm->ip6_reass_lock =
2335 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2336 *mm->ip6_reass_lock = 0;
2337 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2338 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2339 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2340 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2341 mm->ip6_reass_ht_log2len =
2342 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2343 mm->ip6_reass_conf_pool_size);
2344 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2345 map_ip6_reass_reinit (NULL, NULL);
2347 #ifdef MAP_SKIP_IP6_LOOKUP
2348 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2350 map_dpo_module_init ();
2355 VLIB_INIT_FUNCTION (map_init);
2358 * fd.io coding-style-patch-verification: ON
2361 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob