4 * Copyright (c) 2015 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/fib/fib_table.h>
19 #include <vnet/fib/ip6_fib.h>
20 #include <vnet/adj/adj.h>
21 #include <vnet/map/map_dpo.h>
22 #include <vppinfra/crc32.h>
29 * This code supports the following MAP modes:
31 * Algorithmic Shared IPv4 address (ea_bits_len > 0):
32 * ea_bits_len + ip4_prefix > 32
33 * psid_length > 0, ip6_prefix < 64, ip4_prefix <= 32
34 * Algorithmic Full IPv4 address (ea_bits_len > 0):
35 * ea_bits_len + ip4_prefix = 32
36 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
37 * Algorithmic IPv4 prefix (ea_bits_len > 0):
38 * ea_bits_len + ip4_prefix < 32
39 * psid_length = 0, ip6_prefix < 64, ip4_prefix <= 32
41 * Independent Shared IPv4 address (ea_bits_len = 0):
44 * Rule IPv6 address = 128, Rule PSID Set
45 * Independent Full IPv4 address (ea_bits_len = 0):
47 * psid_length = 0, ip6_prefix = 128
48 * Independent IPv4 prefix (ea_bits_len = 0):
50 * psid_length = 0, ip6_prefix = 128
55 * This code supports MAP-T:
57 * With DMR prefix length equal to 96.
64 map_create_domain (ip4_address_t * ip4_prefix,
66 ip6_address_t * ip6_prefix,
68 ip6_address_t * ip6_src,
72 u8 psid_length, u32 * map_domain_index, u16 mtu, u8 flags)
74 u8 suffix_len, suffix_shift;
75 map_main_t *mm = &map_main;
76 dpo_id_t dpo_v4 = DPO_INVALID;
77 dpo_id_t dpo_v6 = DPO_INVALID;
80 /* Sanity check on the src prefix length */
81 if (flags & MAP_DOMAIN_TRANSLATION)
83 if (ip6_src_len != 96)
85 clib_warning ("MAP-T only supports ip6_src_len = 96 for now.");
88 if ((flags & MAP_DOMAIN_RFC6052) && ip6_prefix_len != 96)
90 clib_warning ("RFC6052 translation only supports ip6_prefix_len = "
97 if (ip6_src_len != 128)
100 ("MAP-E requires a BR address, not a prefix (ip6_src_len should "
106 /* How many, and which bits to grab from the IPv4 DA */
107 if (ip4_prefix_len + ea_bits_len < 32)
109 flags |= MAP_DOMAIN_PREFIX;
110 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
111 suffix_len = ea_bits_len;
116 suffix_len = 32 - ip4_prefix_len;
119 /* EA bits must be within the first 64 bits */
120 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
121 ip6_prefix_len + suffix_len + psid_length > 64))
124 ("Embedded Address bits must be within the first 64 bits of "
129 /* Get domain index */
130 pool_get_aligned (mm->domains, d, CLIB_CACHE_LINE_BYTES);
131 memset (d, 0, sizeof (*d));
132 *map_domain_index = d - mm->domains;
134 /* Init domain struct */
135 d->ip4_prefix.as_u32 = ip4_prefix->as_u32;
136 d->ip4_prefix_len = ip4_prefix_len;
137 d->ip6_prefix = *ip6_prefix;
138 d->ip6_prefix_len = ip6_prefix_len;
139 d->ip6_src = *ip6_src;
140 d->ip6_src_len = ip6_src_len;
141 d->ea_bits_len = ea_bits_len;
142 d->psid_offset = psid_offset;
143 d->psid_length = psid_length;
146 d->suffix_shift = suffix_shift;
147 d->suffix_mask = (1 << suffix_len) - 1;
149 d->psid_shift = 16 - psid_length - psid_offset;
150 d->psid_mask = (1 << d->psid_length) - 1;
151 d->ea_shift = 64 - ip6_prefix_len - suffix_len - d->psid_length;
153 /* MAP data-plane object */
154 if (d->flags & MAP_DOMAIN_TRANSLATION)
155 map_t_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
157 map_dpo_create (DPO_PROTO_IP4, *map_domain_index, &dpo_v4);
159 /* Create ip4 route */
161 .fp_proto = FIB_PROTOCOL_IP4,
162 .fp_len = d->ip4_prefix_len,
164 .ip4 = d->ip4_prefix,
168 fib_table_entry_special_dpo_add (0, &pfx,
170 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
174 * construct a DPO to use the v6 domain
176 if (d->flags & MAP_DOMAIN_TRANSLATION)
177 map_t_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
179 map_dpo_create (DPO_PROTO_IP6, *map_domain_index, &dpo_v6);
182 * Multiple MAP domains may share same source IPv6 TEP. Which is just dandy.
183 * We are not tracking the sharing. So a v4 lookup to find the correct
184 * domain post decap/trnaslate is always done
186 * Create ip6 route. This is a reference counted add. If the prefix
187 * already exists and is MAP sourced, it is now MAP source n+1 times
188 * and will need to be removed n+1 times.
190 fib_prefix_t pfx6 = {
191 .fp_proto = FIB_PROTOCOL_IP6,
192 .fp_len = d->ip6_src_len,
193 .fp_addr.ip6 = d->ip6_src,
196 fib_table_entry_special_dpo_add (0, &pfx6,
198 FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v6);
201 /* Validate packet/byte counters */
202 map_domain_counter_lock (mm);
204 for (i = 0; i < vec_len (mm->simple_domain_counters); i++)
206 vlib_validate_simple_counter (&mm->simple_domain_counters[i],
208 vlib_zero_simple_counter (&mm->simple_domain_counters[i],
211 for (i = 0; i < vec_len (mm->domain_counters); i++)
213 vlib_validate_combined_counter (&mm->domain_counters[i],
215 vlib_zero_combined_counter (&mm->domain_counters[i], *map_domain_index);
217 map_domain_counter_unlock (mm);
226 map_delete_domain (u32 map_domain_index)
228 map_main_t *mm = &map_main;
231 if (pool_is_free_index (mm->domains, map_domain_index))
233 clib_warning ("MAP domain delete: domain does not exist: %d",
238 d = pool_elt_at_index (mm->domains, map_domain_index);
241 .fp_proto = FIB_PROTOCOL_IP4,
242 .fp_len = d->ip4_prefix_len,
244 .ip4 = d->ip4_prefix,
248 fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_MAP);
250 fib_prefix_t pfx6 = {
251 .fp_proto = FIB_PROTOCOL_IP6,
252 .fp_len = d->ip6_src_len,
258 fib_table_entry_special_remove (0, &pfx6, FIB_SOURCE_MAP);
262 clib_mem_free (d->rules);
264 pool_put (mm->domains, d);
270 map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
274 map_main_t *mm = &map_main;
276 if (pool_is_free_index (mm->domains, map_domain_index))
278 clib_warning ("MAP rule: domain does not exist: %d", map_domain_index);
281 d = pool_elt_at_index (mm->domains, map_domain_index);
283 /* Rules are only used in 1:1 independent case */
284 if (d->ea_bits_len > 0)
289 u32 l = (0x1 << d->psid_length) * sizeof (ip6_address_t);
290 d->rules = clib_mem_alloc_aligned (l, CLIB_CACHE_LINE_BYTES);
293 memset (d->rules, 0, l);
296 if (psid >= (0x1 << d->psid_length))
298 clib_warning ("MAP rule: PSID outside bounds: %d [%d]", psid,
299 0x1 << d->psid_length);
305 d->rules[psid] = *tep;
309 memset (&d->rules[psid], 0, sizeof (ip6_address_t));
314 #ifdef MAP_SKIP_IP6_LOOKUP
316 * Pre-resolvd per-protocol global next-hops
318 map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX];
321 map_pre_resolve_init (map_main_pre_resolved_t * pr)
323 pr->fei = FIB_NODE_INDEX_INVALID;
324 fib_node_init (&pr->node, FIB_NODE_TYPE_MAP_E);
328 format_map_pre_resolve (u8 * s, va_list * ap)
330 map_main_pre_resolved_t *pr = va_arg (*ap, map_main_pre_resolved_t *);
332 if (FIB_NODE_INDEX_INVALID != pr->fei)
336 fib_entry_get_prefix (pr->fei, &pfx);
338 return (format (s, "%U (%u)",
339 format_ip46_address, &pfx.fp_addr, IP46_TYPE_ANY,
340 pr->dpo.dpoi_index));
344 return (format (s, "un-set"));
350 * Function definition to inform the FIB node that its last lock has gone.
353 map_last_lock_gone (fib_node_t * node)
356 * The MAP is a root of the graph. As such
357 * it never has children and thus is never locked.
362 static map_main_pre_resolved_t *
363 map_from_fib_node (fib_node_t * node)
365 ASSERT (FIB_NODE_TYPE_MAP_E == node->fn_type);
366 return ((map_main_pre_resolved_t *)
368 STRUCT_OFFSET_OF (map_main_pre_resolved_t, node)));
372 map_stack (map_main_pre_resolved_t * pr)
376 dpo = fib_entry_contribute_ip_forwarding (pr->fei);
378 dpo_copy (&pr->dpo, dpo);
382 * Function definition to backwalk a FIB node
384 static fib_node_back_walk_rc_t
385 map_back_walk (fib_node_t * node, fib_node_back_walk_ctx_t * ctx)
387 map_stack (map_from_fib_node (node));
389 return (FIB_NODE_BACK_WALK_CONTINUE);
393 * Function definition to get a FIB node from its index
396 map_fib_node_get (fib_node_index_t index)
398 return (&pre_resolved[index].node);
402 * Virtual function table registered by MPLS GRE tunnels
403 * for participation in the FIB object graph.
405 const static fib_node_vft_t map_vft = {
406 .fnv_get = map_fib_node_get,
407 .fnv_last_lock = map_last_lock_gone,
408 .fnv_back_walk = map_back_walk,
412 map_fib_resolve (map_main_pre_resolved_t * pr,
413 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
421 pr->fei = fib_table_entry_special_add (0, // default fib
423 FIB_SOURCE_RR, FIB_ENTRY_FLAG_NONE);
424 pr->sibling = fib_entry_child_add (pr->fei, FIB_NODE_TYPE_MAP_E, proto);
429 map_fib_unresolve (map_main_pre_resolved_t * pr,
430 fib_protocol_t proto, u8 len, const ip46_address_t * addr)
438 fib_entry_child_remove (pr->fei, pr->sibling);
440 fib_table_entry_special_remove (0, // default fib
441 &pfx, FIB_SOURCE_RR);
442 dpo_reset (&pr->dpo);
444 pr->fei = FIB_NODE_INDEX_INVALID;
445 pr->sibling = FIB_NODE_INDEX_INVALID;
449 map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
451 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
453 ip46_address_t addr = {
457 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP6],
458 FIB_PROTOCOL_IP6, 128, &addr);
460 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP6],
461 FIB_PROTOCOL_IP6, 128, &addr);
463 if (ip4 && (ip4->as_u32 != 0))
465 ip46_address_t addr = {
469 map_fib_unresolve (&pre_resolved[FIB_PROTOCOL_IP4],
470 FIB_PROTOCOL_IP4, 32, &addr);
472 map_fib_resolve (&pre_resolved[FIB_PROTOCOL_IP4],
473 FIB_PROTOCOL_IP4, 32, &addr);
478 static clib_error_t *
479 map_security_check_command_fn (vlib_main_t * vm,
480 unformat_input_t * input,
481 vlib_cli_command_t * cmd)
483 unformat_input_t _line_input, *line_input = &_line_input;
484 map_main_t *mm = &map_main;
485 clib_error_t *error = NULL;
487 /* Get a line of input. */
488 if (!unformat_user (input, unformat_line_input, line_input))
491 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
493 if (unformat (line_input, "off"))
494 mm->sec_check = false;
495 else if (unformat (line_input, "on"))
496 mm->sec_check = true;
499 error = clib_error_return (0, "unknown input `%U'",
500 format_unformat_error, line_input);
506 unformat_free (line_input);
511 static clib_error_t *
512 map_security_check_frag_command_fn (vlib_main_t * vm,
513 unformat_input_t * input,
514 vlib_cli_command_t * cmd)
516 unformat_input_t _line_input, *line_input = &_line_input;
517 map_main_t *mm = &map_main;
518 clib_error_t *error = NULL;
520 /* Get a line of input. */
521 if (!unformat_user (input, unformat_line_input, line_input))
524 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
526 if (unformat (line_input, "off"))
527 mm->sec_check_frag = false;
528 else if (unformat (line_input, "on"))
529 mm->sec_check_frag = true;
532 error = clib_error_return (0, "unknown input `%U'",
533 format_unformat_error, line_input);
539 unformat_free (line_input);
544 static clib_error_t *
545 map_add_domain_command_fn (vlib_main_t * vm,
546 unformat_input_t * input, vlib_cli_command_t * cmd)
548 unformat_input_t _line_input, *line_input = &_line_input;
549 ip4_address_t ip4_prefix;
550 ip6_address_t ip6_prefix;
551 ip6_address_t ip6_src;
552 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
554 /* Optional arguments */
555 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
559 clib_error_t *error = NULL;
561 /* Get a line of input. */
562 if (!unformat_user (input, unformat_line_input, line_input))
565 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
568 (line_input, "ip4-pfx %U/%d", unformat_ip4_address, &ip4_prefix,
573 (line_input, "ip6-pfx %U/%d", unformat_ip6_address, &ip6_prefix,
578 (line_input, "ip6-src %U/%d", unformat_ip6_address, &ip6_src,
583 (line_input, "ip6-src %U", unformat_ip6_address, &ip6_src))
585 else if (unformat (line_input, "ea-bits-len %d", &ea_bits_len))
587 else if (unformat (line_input, "psid-offset %d", &psid_offset))
589 else if (unformat (line_input, "psid-len %d", &psid_length))
591 else if (unformat (line_input, "mtu %d", &mtu))
593 else if (unformat (line_input, "map-t"))
594 flags |= MAP_DOMAIN_TRANSLATION;
595 else if (unformat (line_input, "rfc6052"))
596 flags |= (MAP_DOMAIN_TRANSLATION | MAP_DOMAIN_RFC6052);
599 error = clib_error_return (0, "unknown input `%U'",
600 format_unformat_error, line_input);
607 error = clib_error_return (0, "mandatory argument(s) missing");
611 map_create_domain (&ip4_prefix, ip4_prefix_len,
612 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
613 ea_bits_len, psid_offset, psid_length, &map_domain_index,
617 unformat_free (line_input);
622 static clib_error_t *
623 map_del_domain_command_fn (vlib_main_t * vm,
624 unformat_input_t * input, vlib_cli_command_t * cmd)
626 unformat_input_t _line_input, *line_input = &_line_input;
628 u32 map_domain_index;
629 clib_error_t *error = NULL;
631 /* Get a line of input. */
632 if (!unformat_user (input, unformat_line_input, line_input))
635 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
637 if (unformat (line_input, "index %d", &map_domain_index))
641 error = clib_error_return (0, "unknown input `%U'",
642 format_unformat_error, line_input);
649 error = clib_error_return (0, "mandatory argument(s) missing");
653 map_delete_domain (map_domain_index);
656 unformat_free (line_input);
661 static clib_error_t *
662 map_add_rule_command_fn (vlib_main_t * vm,
663 unformat_input_t * input, vlib_cli_command_t * cmd)
665 unformat_input_t _line_input, *line_input = &_line_input;
668 u32 psid = 0, map_domain_index;
669 clib_error_t *error = NULL;
671 /* Get a line of input. */
672 if (!unformat_user (input, unformat_line_input, line_input))
675 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
677 if (unformat (line_input, "index %d", &map_domain_index))
679 else if (unformat (line_input, "psid %d", &psid))
682 if (unformat (line_input, "ip6-dst %U", unformat_ip6_address, &tep))
686 error = clib_error_return (0, "unknown input `%U'",
687 format_unformat_error, line_input);
694 error = clib_error_return (0, "mandatory argument(s) missing");
698 if (map_add_del_psid (map_domain_index, psid, &tep, 1) != 0)
700 error = clib_error_return (0, "Failing to add Mapping Rule");
705 unformat_free (line_input);
710 #if MAP_SKIP_IP6_LOOKUP
711 static clib_error_t *
712 map_pre_resolve_command_fn (vlib_main_t * vm,
713 unformat_input_t * input,
714 vlib_cli_command_t * cmd)
716 unformat_input_t _line_input, *line_input = &_line_input;
717 ip4_address_t ip4nh, *p_v4 = NULL;
718 ip6_address_t ip6nh, *p_v6 = NULL;
719 clib_error_t *error = NULL;
722 memset (&ip4nh, 0, sizeof (ip4nh));
723 memset (&ip6nh, 0, sizeof (ip6nh));
725 /* Get a line of input. */
726 if (!unformat_user (input, unformat_line_input, line_input))
729 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
731 if (unformat (line_input, "ip4-nh %U", unformat_ip4_address, &ip4nh))
734 if (unformat (line_input, "ip6-nh %U", unformat_ip6_address, &ip6nh))
736 else if (unformat (line_input, "del"))
740 error = clib_error_return (0, "unknown input `%U'",
741 format_unformat_error, line_input);
746 map_pre_resolve (p_v4, p_v6, is_del);
749 unformat_free (line_input);
755 static clib_error_t *
756 map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
757 unformat_input_t * input,
758 vlib_cli_command_t * cmd)
760 unformat_input_t _line_input, *line_input = &_line_input;
761 ip4_address_t icmp_src_address;
762 map_main_t *mm = &map_main;
763 clib_error_t *error = NULL;
765 mm->icmp4_src_address.as_u32 = 0;
767 /* Get a line of input. */
768 if (!unformat_user (input, unformat_line_input, line_input))
771 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
774 (line_input, "%U", unformat_ip4_address, &icmp_src_address))
775 mm->icmp4_src_address = icmp_src_address;
778 error = clib_error_return (0, "unknown input `%U'",
779 format_unformat_error, line_input);
785 unformat_free (line_input);
790 static clib_error_t *
791 map_icmp_unreachables_command_fn (vlib_main_t * vm,
792 unformat_input_t * input,
793 vlib_cli_command_t * cmd)
795 unformat_input_t _line_input, *line_input = &_line_input;
796 map_main_t *mm = &map_main;
798 clib_error_t *error = NULL;
800 /* Get a line of input. */
801 if (!unformat_user (input, unformat_line_input, line_input))
804 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
807 if (unformat (line_input, "on"))
808 mm->icmp6_enabled = true;
809 else if (unformat (line_input, "off"))
810 mm->icmp6_enabled = false;
813 error = clib_error_return (0, "unknown input `%U'",
814 format_unformat_error, line_input);
821 error = clib_error_return (0, "mandatory argument(s) missing");
824 unformat_free (line_input);
829 static clib_error_t *
830 map_fragment_command_fn (vlib_main_t * vm,
831 unformat_input_t * input, vlib_cli_command_t * cmd)
833 unformat_input_t _line_input, *line_input = &_line_input;
834 map_main_t *mm = &map_main;
835 clib_error_t *error = NULL;
837 /* Get a line of input. */
838 if (!unformat_user (input, unformat_line_input, line_input))
841 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
843 if (unformat (line_input, "inner"))
844 mm->frag_inner = true;
845 else if (unformat (line_input, "outer"))
846 mm->frag_inner = false;
849 error = clib_error_return (0, "unknown input `%U'",
850 format_unformat_error, line_input);
856 unformat_free (line_input);
861 static clib_error_t *
862 map_fragment_df_command_fn (vlib_main_t * vm,
863 unformat_input_t * input,
864 vlib_cli_command_t * cmd)
866 unformat_input_t _line_input, *line_input = &_line_input;
867 map_main_t *mm = &map_main;
868 clib_error_t *error = NULL;
870 /* Get a line of input. */
871 if (!unformat_user (input, unformat_line_input, line_input))
874 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
876 if (unformat (line_input, "on"))
877 mm->frag_ignore_df = true;
878 else if (unformat (line_input, "off"))
879 mm->frag_ignore_df = false;
882 error = clib_error_return (0, "unknown input `%U'",
883 format_unformat_error, line_input);
889 unformat_free (line_input);
894 static clib_error_t *
895 map_traffic_class_command_fn (vlib_main_t * vm,
896 unformat_input_t * input,
897 vlib_cli_command_t * cmd)
899 unformat_input_t _line_input, *line_input = &_line_input;
900 map_main_t *mm = &map_main;
902 clib_error_t *error = NULL;
906 /* Get a line of input. */
907 if (!unformat_user (input, unformat_line_input, line_input))
910 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
912 if (unformat (line_input, "copy"))
914 else if (unformat (line_input, "%x", &tc))
918 error = clib_error_return (0, "unknown input `%U'",
919 format_unformat_error, line_input);
925 unformat_free (line_input);
931 map_flags_to_string (u32 flags)
933 if (flags & MAP_DOMAIN_RFC6052)
935 if (flags & MAP_DOMAIN_PREFIX)
937 if (flags & MAP_DOMAIN_TRANSLATION)
943 format_map_domain (u8 * s, va_list * args)
945 map_domain_t *d = va_arg (*args, map_domain_t *);
946 bool counters = va_arg (*args, int);
947 map_main_t *mm = &map_main;
948 ip6_address_t ip6_prefix;
951 memset (&ip6_prefix, 0, sizeof (ip6_prefix));
953 ip6_prefix = d->ip6_prefix;
956 "[%d] ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d ea_bits_len %d "
957 "psid-offset %d psid-len %d mtu %d %s",
959 format_ip4_address, &d->ip4_prefix, d->ip4_prefix_len,
960 format_ip6_address, &ip6_prefix, d->ip6_prefix_len,
961 format_ip6_address, &d->ip6_src, d->ip6_src_len,
962 d->ea_bits_len, d->psid_offset, d->psid_length, d->mtu,
963 map_flags_to_string (d->flags));
967 map_domain_counter_lock (mm);
969 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_TX],
970 d - mm->domains, &v);
971 s = format (s, " TX: %lld/%lld", v.packets, v.bytes);
972 vlib_get_combined_counter (&mm->domain_counters[MAP_DOMAIN_COUNTER_RX],
973 d - mm->domains, &v);
974 s = format (s, " RX: %lld/%lld", v.packets, v.bytes);
975 map_domain_counter_unlock (mm);
977 s = format (s, "\n");
983 for (i = 0; i < (0x1 << d->psid_length); i++)
986 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
989 " rule psid: %d ip6-dst %U\n", i, format_ip6_address,
997 format_map_ip4_reass (u8 * s, va_list * args)
999 map_main_t *mm = &map_main;
1000 map_ip4_reass_t *r = va_arg (*args, map_ip4_reass_t *);
1001 map_ip4_reass_key_t *k = &r->key;
1002 f64 now = vlib_time_now (mm->vlib_main);
1003 f64 lifetime = (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000);
1004 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1006 "ip4-reass src=%U dst=%U protocol=%d identifier=%d port=%d lifetime=%.3lf\n",
1007 format_ip4_address, &k->src.as_u8, format_ip4_address,
1008 &k->dst.as_u8, k->protocol,
1009 clib_net_to_host_u16 (k->fragment_id),
1010 (r->port >= 0) ? clib_net_to_host_u16 (r->port) : -1, dt);
1015 format_map_ip6_reass (u8 * s, va_list * args)
1017 map_main_t *mm = &map_main;
1018 map_ip6_reass_t *r = va_arg (*args, map_ip6_reass_t *);
1019 map_ip6_reass_key_t *k = &r->key;
1020 f64 now = vlib_time_now (mm->vlib_main);
1021 f64 lifetime = (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000);
1022 f64 dt = (r->ts + lifetime > now) ? (r->ts + lifetime - now) : -1;
1024 "ip6-reass src=%U dst=%U protocol=%d identifier=%d lifetime=%.3lf\n",
1025 format_ip6_address, &k->src.as_u8, format_ip6_address,
1026 &k->dst.as_u8, k->protocol,
1027 clib_net_to_host_u32 (k->fragment_id), dt);
1031 static clib_error_t *
1032 show_map_domain_command_fn (vlib_main_t * vm, unformat_input_t * input,
1033 vlib_cli_command_t * cmd)
1035 unformat_input_t _line_input, *line_input = &_line_input;
1036 map_main_t *mm = &map_main;
1038 bool counters = false;
1039 u32 map_domain_index = ~0;
1040 clib_error_t *error = NULL;
1042 /* Get a line of input. */
1043 if (!unformat_user (input, unformat_line_input, line_input))
1046 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1048 if (unformat (line_input, "counters"))
1050 else if (unformat (line_input, "index %d", &map_domain_index))
1054 error = clib_error_return (0, "unknown input `%U'",
1055 format_unformat_error, line_input);
1060 if (pool_elts (mm->domains) == 0)
1061 vlib_cli_output (vm, "No MAP domains are configured...");
1063 if (map_domain_index == ~0)
1066 pool_foreach(d, mm->domains, ({vlib_cli_output(vm, "%U", format_map_domain, d, counters);}));
1071 if (pool_is_free_index (mm->domains, map_domain_index))
1073 error = clib_error_return (0, "MAP domain does not exists %d",
1078 d = pool_elt_at_index (mm->domains, map_domain_index);
1079 vlib_cli_output (vm, "%U", format_map_domain, d, counters);
1083 unformat_free (line_input);
1088 static clib_error_t *
1089 show_map_fragments_command_fn (vlib_main_t * vm, unformat_input_t * input,
1090 vlib_cli_command_t * cmd)
1092 map_main_t *mm = &map_main;
1093 map_ip4_reass_t *f4;
1094 map_ip6_reass_t *f6;
1097 pool_foreach(f4, mm->ip4_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip4_reass, f4);}));
1100 pool_foreach(f6, mm->ip6_reass_pool, ({vlib_cli_output (vm, "%U", format_map_ip6_reass, f6);}));
1106 map_error_counter_get (u32 node_index, map_error_t map_error)
1108 vlib_main_t *vm = vlib_get_main ();
1109 vlib_node_runtime_t *error_node = vlib_node_get_runtime (vm, node_index);
1110 vlib_error_main_t *em = &vm->error_main;
1111 vlib_error_t e = error_node->errors[map_error];
1112 vlib_node_t *n = vlib_get_node (vm, node_index);
1115 ci = vlib_error_get_code (e);
1116 ASSERT (ci < n->n_errors);
1117 ci += n->error_heap_index;
1119 return (em->counters[ci]);
1122 static clib_error_t *
1123 show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input,
1124 vlib_cli_command_t * cmd)
1126 map_main_t *mm = &map_main;
1128 int domains = 0, rules = 0, domaincount = 0, rulecount = 0;
1129 if (pool_elts (mm->domains) == 0)
1131 vlib_cli_output (vm, "No MAP domains are configured...");
1136 pool_foreach(d, mm->domains, ({
1138 rulecount+= 0x1 << d->psid_length;
1139 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1141 domains += sizeof(*d);
1146 vlib_cli_output (vm, "MAP domains structure: %d\n", sizeof (map_domain_t));
1147 vlib_cli_output (vm, "MAP domains: %d (%d bytes)\n", domaincount, domains);
1148 vlib_cli_output (vm, "MAP rules: %d (%d bytes)\n", rulecount, rules);
1149 vlib_cli_output (vm, "Total: %d bytes)\n", rules + domains);
1151 #if MAP_SKIP_IP6_LOOKUP
1152 vlib_cli_output (vm,
1153 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1154 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP6],
1155 format_map_pre_resolve, &pre_resolved[FIB_PROTOCOL_IP4]);
1160 vlib_cli_output (vm, "MAP traffic-class: copy");
1162 vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc);
1164 vlib_cli_output (vm,
1165 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1166 mm->sec_check ? "enabled" : "disabled",
1167 mm->sec_check_frag ? "enabled" : "disabled");
1169 vlib_cli_output (vm, "ICMP-relay IPv4 source address: %U\n",
1170 format_ip4_address, &mm->icmp4_src_address);
1171 vlib_cli_output (vm, "ICMP6 unreachables sent for unmatched packets: %s\n",
1172 mm->icmp6_enabled ? "enabled" : "disabled");
1173 vlib_cli_output (vm, "Inner fragmentation: %s\n",
1174 mm->frag_inner ? "enabled" : "disabled");
1175 vlib_cli_output (vm, "Fragment packets regardless of DF flag: %s\n",
1176 mm->frag_ignore_df ? "enabled" : "disabled");
1181 vlib_combined_counter_main_t *cm = mm->domain_counters;
1182 u64 total_pkts[MAP_N_DOMAIN_COUNTER];
1183 u64 total_bytes[MAP_N_DOMAIN_COUNTER];
1187 memset (total_pkts, 0, sizeof (total_pkts));
1188 memset (total_bytes, 0, sizeof (total_bytes));
1190 map_domain_counter_lock (mm);
1191 vec_foreach (cm, mm->domain_counters)
1193 which = cm - mm->domain_counters;
1195 for (i = 0; i < vlib_combined_counter_n_counters (cm); i++)
1197 vlib_get_combined_counter (cm, i, &v);
1198 total_pkts[which] += v.packets;
1199 total_bytes[which] += v.bytes;
1202 map_domain_counter_unlock (mm);
1204 vlib_cli_output (vm, "Encapsulated packets: %lld bytes: %lld\n",
1205 total_pkts[MAP_DOMAIN_COUNTER_TX],
1206 total_bytes[MAP_DOMAIN_COUNTER_TX]);
1207 vlib_cli_output (vm, "Decapsulated packets: %lld bytes: %lld\n",
1208 total_pkts[MAP_DOMAIN_COUNTER_RX],
1209 total_bytes[MAP_DOMAIN_COUNTER_RX]);
1211 vlib_cli_output (vm, "ICMP relayed packets: %d\n",
1212 vlib_get_simple_counter (&mm->icmp_relayed, 0));
1217 static clib_error_t *
1218 map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
1219 vlib_cli_command_t * cmd)
1221 unformat_input_t _line_input, *line_input = &_line_input;
1223 f64 ht_ratio = (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1);
1225 u64 buffers = ~(0ull);
1226 u8 ip4 = 0, ip6 = 0;
1228 if (!unformat_user (input, unformat_line_input, line_input))
1231 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1233 if (unformat (line_input, "lifetime %u", &lifetime))
1235 else if (unformat (line_input, "ht-ratio %lf", &ht_ratio))
1237 else if (unformat (line_input, "pool-size %u", &pool_size))
1239 else if (unformat (line_input, "buffers %llu", &buffers))
1241 else if (unformat (line_input, "ip4"))
1243 else if (unformat (line_input, "ip6"))
1247 unformat_free (line_input);
1248 return clib_error_return (0, "invalid input");
1251 unformat_free (line_input);
1254 return clib_error_return (0, "must specify ip4 and/or ip6");
1258 if (pool_size != ~0 && pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1259 return clib_error_return (0, "invalid ip4-reass pool-size ( > %d)",
1260 MAP_IP4_REASS_CONF_POOL_SIZE_MAX);
1261 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1262 && ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1263 return clib_error_return (0, "invalid ip4-reass ht-ratio ( > %d)",
1264 MAP_IP4_REASS_CONF_HT_RATIO_MAX);
1265 if (lifetime != ~0 && lifetime > MAP_IP4_REASS_CONF_LIFETIME_MAX)
1266 return clib_error_return (0, "invalid ip4-reass lifetime ( > %d)",
1267 MAP_IP4_REASS_CONF_LIFETIME_MAX);
1268 if (buffers != ~(0ull) && buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
1269 return clib_error_return (0, "invalid ip4-reass buffers ( > %ld)",
1270 MAP_IP4_REASS_CONF_BUFFERS_MAX);
1275 if (pool_size != ~0 && pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1276 return clib_error_return (0, "invalid ip6-reass pool-size ( > %d)",
1277 MAP_IP6_REASS_CONF_POOL_SIZE_MAX);
1278 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1)
1279 && ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1280 return clib_error_return (0, "invalid ip6-reass ht-log2len ( > %d)",
1281 MAP_IP6_REASS_CONF_HT_RATIO_MAX);
1282 if (lifetime != ~0 && lifetime > MAP_IP6_REASS_CONF_LIFETIME_MAX)
1283 return clib_error_return (0, "invalid ip6-reass lifetime ( > %d)",
1284 MAP_IP6_REASS_CONF_LIFETIME_MAX);
1285 if (buffers != ~(0ull) && buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
1286 return clib_error_return (0, "invalid ip6-reass buffers ( > %ld)",
1287 MAP_IP6_REASS_CONF_BUFFERS_MAX);
1292 u32 reass = 0, packets = 0;
1293 if (pool_size != ~0)
1295 if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
1297 vlib_cli_output (vm, "Could not set ip4-reass pool-size");
1301 vlib_cli_output (vm,
1302 "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1306 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1308 if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1310 vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
1314 vlib_cli_output (vm,
1315 "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1321 if (map_ip4_reass_conf_lifetime (lifetime))
1322 vlib_cli_output (vm, "Could not set ip4-reass lifetime");
1324 vlib_cli_output (vm, "Setting ip4-reass lifetime");
1326 if (buffers != ~(0ull))
1328 if (map_ip4_reass_conf_buffers (buffers))
1329 vlib_cli_output (vm, "Could not set ip4-reass buffers");
1331 vlib_cli_output (vm, "Setting ip4-reass buffers");
1334 if (map_main.ip4_reass_conf_buffers >
1335 map_main.ip4_reass_conf_pool_size *
1336 MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1338 vlib_cli_output (vm,
1339 "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
1345 u32 reass = 0, packets = 0;
1346 if (pool_size != ~0)
1348 if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
1350 vlib_cli_output (vm, "Could not set ip6-reass pool-size");
1354 vlib_cli_output (vm,
1355 "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
1359 if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
1361 if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
1363 vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
1367 vlib_cli_output (vm,
1368 "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
1374 if (map_ip6_reass_conf_lifetime (lifetime))
1375 vlib_cli_output (vm, "Could not set ip6-reass lifetime");
1377 vlib_cli_output (vm, "Setting ip6-reass lifetime");
1379 if (buffers != ~(0ull))
1381 if (map_ip6_reass_conf_buffers (buffers))
1382 vlib_cli_output (vm, "Could not set ip6-reass buffers");
1384 vlib_cli_output (vm, "Setting ip6-reass buffers");
1387 if (map_main.ip6_reass_conf_buffers >
1388 map_main.ip6_reass_conf_pool_size *
1389 MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
1391 vlib_cli_output (vm,
1392 "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
1401 * packet trace format function
1404 format_map_trace (u8 * s, va_list * args)
1406 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1407 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1408 map_trace_t *t = va_arg (*args, map_trace_t *);
1409 u32 map_domain_index = t->map_domain_index;
1413 format (s, "MAP domain index: %d L4 port: %u", map_domain_index,
1414 clib_net_to_host_u16 (port));
1419 static_always_inline map_ip4_reass_t *
1420 map_ip4_reass_lookup (map_ip4_reass_key_t * k, u32 bucket, f64 now)
1422 map_main_t *mm = &map_main;
1423 u32 ri = mm->ip4_reass_hash_table[bucket];
1424 while (ri != MAP_REASS_INDEX_NONE)
1426 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1427 if (r->key.as_u64[0] == k->as_u64[0] &&
1428 r->key.as_u64[1] == k->as_u64[1] &&
1429 now < r->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000))
1433 ri = r->bucket_next;
1438 #define map_ip4_reass_pool_index(r) (r - map_main.ip4_reass_pool)
1441 map_ip4_reass_free (map_ip4_reass_t * r, u32 ** pi_to_drop)
1443 map_main_t *mm = &map_main;
1444 map_ip4_reass_get_fragments (r, pi_to_drop);
1446 // Unlink in hash bucket
1447 map_ip4_reass_t *r2 = NULL;
1448 u32 r2i = mm->ip4_reass_hash_table[r->bucket];
1449 while (r2i != map_ip4_reass_pool_index (r))
1451 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1452 r2 = pool_elt_at_index (mm->ip4_reass_pool, r2i);
1453 r2i = r2->bucket_next;
1457 r2->bucket_next = r->bucket_next;
1461 mm->ip4_reass_hash_table[r->bucket] = r->bucket_next;
1465 if (r->fifo_next == map_ip4_reass_pool_index (r))
1467 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1471 if (mm->ip4_reass_fifo_last == map_ip4_reass_pool_index (r))
1472 mm->ip4_reass_fifo_last = r->fifo_prev;
1473 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next =
1475 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev =
1479 pool_put (mm->ip4_reass_pool, r);
1480 mm->ip4_reass_allocated--;
1484 map_ip4_reass_get (u32 src, u32 dst, u16 fragment_id,
1485 u8 protocol, u32 ** pi_to_drop)
1488 map_main_t *mm = &map_main;
1489 map_ip4_reass_key_t k = {.src.data_u32 = src,
1490 .dst.data_u32 = dst,
1491 .fragment_id = fragment_id,
1492 .protocol = protocol
1496 #ifdef clib_crc32c_uses_intrinsics
1497 h = clib_crc32c ((u8 *) k.as_u32, 16);
1499 u64 tmp = k.as_u32[0] ^ k.as_u32[1] ^ k.as_u32[2] ^ k.as_u32[3];
1500 h = clib_xxhash (tmp);
1502 h = h >> (32 - mm->ip4_reass_ht_log2len);
1504 f64 now = vlib_time_now (mm->vlib_main);
1506 //Cache garbage collection
1507 while (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1509 map_ip4_reass_t *last =
1510 pool_elt_at_index (mm->ip4_reass_pool, mm->ip4_reass_fifo_last);
1511 if (last->ts + (((f64) mm->ip4_reass_conf_lifetime_ms) / 1000) < now)
1512 map_ip4_reass_free (last, pi_to_drop);
1517 if ((r = map_ip4_reass_lookup (&k, h, now)))
1520 if (mm->ip4_reass_allocated >= mm->ip4_reass_conf_pool_size)
1523 pool_get (mm->ip4_reass_pool, r);
1524 mm->ip4_reass_allocated++;
1526 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1527 r->fragments[i] = ~0;
1529 u32 ri = map_ip4_reass_pool_index (r);
1531 //Link in new bucket
1533 r->bucket_next = mm->ip4_reass_hash_table[h];
1534 mm->ip4_reass_hash_table[h] = ri;
1537 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1540 pool_elt_at_index (mm->ip4_reass_pool,
1541 mm->ip4_reass_fifo_last)->fifo_next;
1542 r->fifo_prev = mm->ip4_reass_fifo_last;
1543 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_prev)->fifo_next = ri;
1544 pool_elt_at_index (mm->ip4_reass_pool, r->fifo_next)->fifo_prev = ri;
1548 r->fifo_next = r->fifo_prev = ri;
1549 mm->ip4_reass_fifo_last = ri;
1556 #ifdef MAP_IP4_REASS_COUNT_BYTES
1557 r->expected_total = 0xffff;
1565 map_ip4_reass_add_fragment (map_ip4_reass_t * r, u32 pi)
1567 if (map_main.ip4_reass_buffered_counter >= map_main.ip4_reass_conf_buffers)
1571 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1572 if (r->fragments[i] == ~0)
1574 r->fragments[i] = pi;
1575 map_main.ip4_reass_buffered_counter++;
1581 static_always_inline map_ip6_reass_t *
1582 map_ip6_reass_lookup (map_ip6_reass_key_t * k, u32 bucket, f64 now)
1584 map_main_t *mm = &map_main;
1585 u32 ri = mm->ip6_reass_hash_table[bucket];
1586 while (ri != MAP_REASS_INDEX_NONE)
1588 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1589 if (now < r->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) &&
1590 r->key.as_u64[0] == k->as_u64[0] &&
1591 r->key.as_u64[1] == k->as_u64[1] &&
1592 r->key.as_u64[2] == k->as_u64[2] &&
1593 r->key.as_u64[3] == k->as_u64[3] &&
1594 r->key.as_u64[4] == k->as_u64[4])
1596 ri = r->bucket_next;
1601 #define map_ip6_reass_pool_index(r) (r - map_main.ip6_reass_pool)
1604 map_ip6_reass_free (map_ip6_reass_t * r, u32 ** pi_to_drop)
1606 map_main_t *mm = &map_main;
1608 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1609 if (r->fragments[i].pi != ~0)
1611 vec_add1 (*pi_to_drop, r->fragments[i].pi);
1612 r->fragments[i].pi = ~0;
1613 map_main.ip6_reass_buffered_counter--;
1616 // Unlink in hash bucket
1617 map_ip6_reass_t *r2 = NULL;
1618 u32 r2i = mm->ip6_reass_hash_table[r->bucket];
1619 while (r2i != map_ip6_reass_pool_index (r))
1621 ASSERT (r2i != MAP_REASS_INDEX_NONE);
1622 r2 = pool_elt_at_index (mm->ip6_reass_pool, r2i);
1623 r2i = r2->bucket_next;
1627 r2->bucket_next = r->bucket_next;
1631 mm->ip6_reass_hash_table[r->bucket] = r->bucket_next;
1635 if (r->fifo_next == map_ip6_reass_pool_index (r))
1637 //Single element in the list, list is now empty
1638 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1642 if (mm->ip6_reass_fifo_last == map_ip6_reass_pool_index (r)) //First element
1643 mm->ip6_reass_fifo_last = r->fifo_prev;
1644 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next =
1646 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev =
1650 // Free from pool if necessary
1651 pool_put (mm->ip6_reass_pool, r);
1652 mm->ip6_reass_allocated--;
1656 map_ip6_reass_get (ip6_address_t * src, ip6_address_t * dst, u32 fragment_id,
1657 u8 protocol, u32 ** pi_to_drop)
1660 map_main_t *mm = &map_main;
1661 map_ip6_reass_key_t k = {
1664 .fragment_id = fragment_id,
1665 .protocol = protocol
1671 #ifdef clib_crc32c_uses_intrinsics
1672 h = clib_crc32c ((u8 *) k.as_u32, 40);
1675 k.as_u64[0] ^ k.as_u64[1] ^ k.as_u64[2] ^ k.as_u64[3] ^ k.as_u64[4];
1676 h = clib_xxhash (tmp);
1679 h = h >> (32 - mm->ip6_reass_ht_log2len);
1681 f64 now = vlib_time_now (mm->vlib_main);
1683 //Cache garbage collection
1684 while (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1686 map_ip6_reass_t *last =
1687 pool_elt_at_index (mm->ip6_reass_pool, mm->ip6_reass_fifo_last);
1688 if (last->ts + (((f64) mm->ip6_reass_conf_lifetime_ms) / 1000) < now)
1689 map_ip6_reass_free (last, pi_to_drop);
1694 if ((r = map_ip6_reass_lookup (&k, h, now)))
1697 if (mm->ip6_reass_allocated >= mm->ip6_reass_conf_pool_size)
1700 pool_get (mm->ip6_reass_pool, r);
1701 mm->ip6_reass_allocated++;
1702 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1704 r->fragments[i].pi = ~0;
1705 r->fragments[i].next_data_len = 0;
1706 r->fragments[i].next_data_offset = 0;
1709 u32 ri = map_ip6_reass_pool_index (r);
1711 //Link in new bucket
1713 r->bucket_next = mm->ip6_reass_hash_table[h];
1714 mm->ip6_reass_hash_table[h] = ri;
1717 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1720 pool_elt_at_index (mm->ip6_reass_pool,
1721 mm->ip6_reass_fifo_last)->fifo_next;
1722 r->fifo_prev = mm->ip6_reass_fifo_last;
1723 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_prev)->fifo_next = ri;
1724 pool_elt_at_index (mm->ip6_reass_pool, r->fifo_next)->fifo_prev = ri;
1728 r->fifo_next = r->fifo_prev = ri;
1729 mm->ip6_reass_fifo_last = ri;
1735 r->ip4_header.ip_version_and_header_length = 0;
1736 #ifdef MAP_IP6_REASS_COUNT_BYTES
1737 r->expected_total = 0xffff;
1744 map_ip6_reass_add_fragment (map_ip6_reass_t * r, u32 pi,
1745 u16 data_offset, u16 next_data_offset,
1746 u8 * data_start, u16 data_len)
1748 map_ip6_fragment_t *f = NULL, *prev_f = NULL;
1749 u16 copied_len = (data_len > 20) ? 20 : data_len;
1751 if (map_main.ip6_reass_buffered_counter >= map_main.ip6_reass_conf_buffers)
1754 //Lookup for fragments for the current buffer
1755 //and the one before that
1757 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1759 if (data_offset && r->fragments[i].next_data_offset == data_offset)
1761 prev_f = &r->fragments[i]; // This is buffer for previous packet
1763 else if (r->fragments[i].next_data_offset == next_data_offset)
1765 f = &r->fragments[i]; // This is a buffer for the current packet
1767 else if (r->fragments[i].next_data_offset == 0)
1770 f = &r->fragments[i];
1771 else if (prev_f == NULL)
1772 prev_f = &r->fragments[i];
1776 if (!f || f->pi != ~0)
1784 clib_memcpy (prev_f->next_data, data_start, copied_len);
1785 prev_f->next_data_len = copied_len;
1786 prev_f->next_data_offset = data_offset;
1790 if (((ip4_header_t *) data_start)->ip_version_and_header_length != 0x45)
1793 if (r->ip4_header.ip_version_and_header_length == 0)
1794 clib_memcpy (&r->ip4_header, data_start, sizeof (ip4_header_t));
1799 f->next_data_offset = next_data_offset;
1801 map_main.ip6_reass_buffered_counter++;
1807 map_ip4_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1809 map_main_t *mm = &map_main;
1812 if (dropped_packets)
1813 *dropped_packets = mm->ip4_reass_buffered_counter;
1815 *trashed_reass = mm->ip4_reass_allocated;
1816 if (mm->ip4_reass_fifo_last != MAP_REASS_INDEX_NONE)
1818 u16 ri = mm->ip4_reass_fifo_last;
1821 map_ip4_reass_t *r = pool_elt_at_index (mm->ip4_reass_pool, ri);
1822 for (i = 0; i < MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1823 if (r->fragments[i] != ~0)
1824 map_ip4_drop_pi (r->fragments[i]);
1827 pool_put (mm->ip4_reass_pool, r);
1829 while (ri != mm->ip4_reass_fifo_last);
1832 vec_free (mm->ip4_reass_hash_table);
1833 vec_resize (mm->ip4_reass_hash_table, 1 << mm->ip4_reass_ht_log2len);
1834 for (i = 0; i < (1 << mm->ip4_reass_ht_log2len); i++)
1835 mm->ip4_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1836 pool_free (mm->ip4_reass_pool);
1837 pool_alloc (mm->ip4_reass_pool, mm->ip4_reass_conf_pool_size);
1839 mm->ip4_reass_allocated = 0;
1840 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
1841 mm->ip4_reass_buffered_counter = 0;
1845 map_get_ht_log2len (f32 ht_ratio, u16 pool_size)
1847 u32 desired_size = (u32) (pool_size * ht_ratio);
1849 for (i = 1; i < 31; i++)
1850 if ((1 << i) >= desired_size)
1856 map_ip4_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1857 u32 * dropped_packets)
1859 map_main_t *mm = &map_main;
1860 if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
1863 map_ip4_reass_lock ();
1864 mm->ip4_reass_conf_ht_ratio = ht_ratio;
1865 mm->ip4_reass_ht_log2len =
1866 map_get_ht_log2len (ht_ratio, mm->ip4_reass_conf_pool_size);
1867 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1868 map_ip4_reass_unlock ();
1873 map_ip4_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1874 u32 * dropped_packets)
1876 map_main_t *mm = &map_main;
1877 if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
1880 map_ip4_reass_lock ();
1881 mm->ip4_reass_conf_pool_size = pool_size;
1882 map_ip4_reass_reinit (trashed_reass, dropped_packets);
1883 map_ip4_reass_unlock ();
1888 map_ip4_reass_conf_lifetime (u16 lifetime_ms)
1890 map_main.ip4_reass_conf_lifetime_ms = lifetime_ms;
1895 map_ip4_reass_conf_buffers (u32 buffers)
1897 map_main.ip4_reass_conf_buffers = buffers;
1902 map_ip6_reass_reinit (u32 * trashed_reass, u32 * dropped_packets)
1904 map_main_t *mm = &map_main;
1905 if (dropped_packets)
1906 *dropped_packets = mm->ip6_reass_buffered_counter;
1908 *trashed_reass = mm->ip6_reass_allocated;
1910 if (mm->ip6_reass_fifo_last != MAP_REASS_INDEX_NONE)
1912 u16 ri = mm->ip6_reass_fifo_last;
1915 map_ip6_reass_t *r = pool_elt_at_index (mm->ip6_reass_pool, ri);
1916 for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
1917 if (r->fragments[i].pi != ~0)
1918 map_ip6_drop_pi (r->fragments[i].pi);
1921 pool_put (mm->ip6_reass_pool, r);
1923 while (ri != mm->ip6_reass_fifo_last);
1924 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
1927 vec_free (mm->ip6_reass_hash_table);
1928 vec_resize (mm->ip6_reass_hash_table, 1 << mm->ip6_reass_ht_log2len);
1929 for (i = 0; i < (1 << mm->ip6_reass_ht_log2len); i++)
1930 mm->ip6_reass_hash_table[i] = MAP_REASS_INDEX_NONE;
1931 pool_free (mm->ip6_reass_pool);
1932 pool_alloc (mm->ip6_reass_pool, mm->ip4_reass_conf_pool_size);
1934 mm->ip6_reass_allocated = 0;
1935 mm->ip6_reass_buffered_counter = 0;
1939 map_ip6_reass_conf_ht_ratio (f32 ht_ratio, u32 * trashed_reass,
1940 u32 * dropped_packets)
1942 map_main_t *mm = &map_main;
1943 if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
1946 map_ip6_reass_lock ();
1947 mm->ip6_reass_conf_ht_ratio = ht_ratio;
1948 mm->ip6_reass_ht_log2len =
1949 map_get_ht_log2len (ht_ratio, mm->ip6_reass_conf_pool_size);
1950 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1951 map_ip6_reass_unlock ();
1956 map_ip6_reass_conf_pool_size (u16 pool_size, u32 * trashed_reass,
1957 u32 * dropped_packets)
1959 map_main_t *mm = &map_main;
1960 if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
1963 map_ip6_reass_lock ();
1964 mm->ip6_reass_conf_pool_size = pool_size;
1965 map_ip6_reass_reinit (trashed_reass, dropped_packets);
1966 map_ip6_reass_unlock ();
1971 map_ip6_reass_conf_lifetime (u16 lifetime_ms)
1973 map_main.ip6_reass_conf_lifetime_ms = lifetime_ms;
1978 map_ip6_reass_conf_buffers (u32 buffers)
1980 map_main.ip6_reass_conf_buffers = buffers;
1987 * Configure MAP reassembly behaviour
1990 * @cliexstart{map params reassembly}
1993 VLIB_CLI_COMMAND(map_ip4_reass_lifetime_command, static) = {
1994 .path = "map params reassembly",
1995 .short_help = "map params reassembly [ip4 | ip6] [lifetime <lifetime-ms>] "
1996 "[pool-size <pool-size>] [buffers <buffers>] "
1997 "[ht-ratio <ht-ratio>]",
1998 .function = map_params_reass_command_fn,
2002 * Set or copy the IP TOS/Traffic Class field
2005 * @cliexstart{map params traffic-class}
2007 * This command is used to set the traffic-class field in translated
2008 * or encapsulated packets. If copy is specifed (the default) then the
2009 * traffic-class/TOS field is copied from the original packet to the
2010 * translated / encapsulating header.
2013 VLIB_CLI_COMMAND(map_traffic_class_command, static) = {
2014 .path = "map params traffic-class",
2015 .short_help = "map params traffic-class {0x0-0xff | copy}",
2016 .function = map_traffic_class_command_fn,
2020 * Bypass IP4/IP6 lookup
2023 * @cliexstart{map params pre-resolve}
2025 * Bypass a second FIB lookup of the translated or encapsulated
2026 * packet, and forward the packet directly to the specified
2027 * next-hop. This optimization trades forwarding flexibility for
2031 VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
2032 .path = "map params pre-resolve",
2033 .short_help = " map params pre-resolve {ip4-nh <address>} "
2034 "| {ip6-nh <address>}",
2035 .function = map_pre_resolve_command_fn,
2039 * Enable or disable the MAP-E inbound security check
2042 * @cliexstart{map params security-check}
2044 * By default, a decapsulated packet's IPv4 source address will be
2045 * verified against the outer header's IPv6 source address. Disabling
2046 * this feature will allow IPv4 source address spoofing.
2049 VLIB_CLI_COMMAND(map_security_check_command, static) = {
2050 .path = "map params security-check",
2051 .short_help = "map params security-check on|off",
2052 .function = map_security_check_command_fn,
2056 * Specifiy the IPv4 source address used for relayed ICMP error messages
2059 * @cliexstart{map params icmp source-address}
2061 * This command specifies which IPv4 source address (must be local to
2062 * the system), that is used for relayed received IPv6 ICMP error
2066 VLIB_CLI_COMMAND(map_icmp_relay_source_address_command, static) = {
2067 .path = "map params icmp source-address",
2068 .short_help = "map params icmp source-address <ip4-address>",
2069 .function = map_icmp_relay_source_address_command_fn,
2073 * Send IPv6 ICMP unreachables
2076 * @cliexstart{map params icmp6 unreachables}
2078 * Send IPv6 ICMP unreachable messages back if security check fails or
2079 * no MAP domain exists.
2082 VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
2083 .path = "map params icmp6 unreachables",
2084 .short_help = "map params icmp6 unreachables {on|off}",
2085 .function = map_icmp_unreachables_command_fn,
2089 * Configure MAP fragmentation behaviour
2092 * @cliexstart{map params fragment}
2095 VLIB_CLI_COMMAND(map_fragment_command, static) = {
2096 .path = "map params fragment",
2097 .short_help = "map params fragment inner|outer",
2098 .function = map_fragment_command_fn,
2102 * Ignore the IPv4 Don't fragment bit
2105 * @cliexstart{map params fragment ignore-df}
2107 * Allows fragmentation of the IPv4 packet even if the DF bit is
2108 * set. The choice between inner or outer fragmentation of tunnel
2109 * packets is complicated. The benefit of inner fragmentation is that
2110 * the ultimate endpoint must reassemble, instead of the tunnel
2114 VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
2115 .path = "map params fragment ignore-df",
2116 .short_help = "map params fragment ignore-df on|off",
2117 .function = map_fragment_df_command_fn,
2121 * Specifiy if the inbound security check should be done on fragments
2124 * @cliexstart{map params security-check fragments}
2126 * Typically the inbound on-decapsulation security check is only done
2127 * on the first packet. The packet that contains the L4
2128 * information. While a security check on every fragment is possible,
2129 * it has a cost. State must be created on the first fragment.
2132 VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
2133 .path = "map params security-check fragments",
2134 .short_help = "map params security-check fragments on|off",
2135 .function = map_security_check_frag_command_fn,
2142 * @cliexstart{map add domain}
2145 VLIB_CLI_COMMAND(map_add_domain_command, static) = {
2146 .path = "map add domain",
2147 .short_help = "map add domain ip4-pfx <ip4-pfx> ip6-pfx <ip6-pfx> "
2148 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> "
2149 "[map-t] [mtu <mtu>]",
2150 .function = map_add_domain_command_fn,
2154 * Add MAP rule to a domain
2157 * @cliexstart{map add rule}
2160 VLIB_CLI_COMMAND(map_add_rule_command, static) = {
2161 .path = "map add rule",
2162 .short_help = "map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
2163 .function = map_add_rule_command_fn,
2170 * @cliexstart{map del domain}
2173 VLIB_CLI_COMMAND(map_del_command, static) = {
2174 .path = "map del domain",
2175 .short_help = "map del domain index <domain>",
2176 .function = map_del_domain_command_fn,
2183 * @cliexstart{show map domain}
2186 VLIB_CLI_COMMAND(show_map_domain_command, static) = {
2187 .path = "show map domain",
2188 .short_help = "show map domain index <n> [counters]",
2189 .function = show_map_domain_command_fn,
2193 * Show MAP statistics
2196 * @cliexstart{show map stats}
2199 VLIB_CLI_COMMAND(show_map_stats_command, static) = {
2200 .path = "show map stats",
2201 .short_help = "show map stats",
2202 .function = show_map_stats_command_fn,
2206 * Show MAP fragmentation information
2209 * @cliexstart{show map fragments}
2212 VLIB_CLI_COMMAND(show_map_fragments_command, static) = {
2213 .path = "show map fragments",
2214 .short_help = "show map fragments",
2215 .function = show_map_fragments_command_fn,
2223 map_init (vlib_main_t * vm)
2225 map_main_t *mm = &map_main;
2226 mm->vnet_main = vnet_get_main ();
2229 #ifdef MAP_SKIP_IP6_LOOKUP
2230 fib_protocol_t proto;
2232 FOR_EACH_FIB_PROTOCOL (proto)
2234 map_pre_resolve_init (&pre_resolved[proto]);
2242 /* Inbound security check */
2243 mm->sec_check = true;
2244 mm->sec_check_frag = false;
2246 /* ICMP6 Type 1, Code 5 for security check failure */
2247 mm->icmp6_enabled = false;
2249 /* Inner or outer fragmentation */
2250 mm->frag_inner = false;
2251 mm->frag_ignore_df = false;
2253 vec_validate (mm->domain_counters, MAP_N_DOMAIN_COUNTER - 1);
2254 mm->domain_counters[MAP_DOMAIN_COUNTER_RX].name = "rx";
2255 mm->domain_counters[MAP_DOMAIN_COUNTER_TX].name = "tx";
2257 vlib_validate_simple_counter (&mm->icmp_relayed, 0);
2258 vlib_zero_simple_counter (&mm->icmp_relayed, 0);
2260 /* IP4 virtual reassembly */
2261 mm->ip4_reass_hash_table = 0;
2262 mm->ip4_reass_pool = 0;
2263 mm->ip4_reass_lock =
2264 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2265 *mm->ip4_reass_lock = 0;
2266 mm->ip4_reass_conf_ht_ratio = MAP_IP4_REASS_HT_RATIO_DEFAULT;
2267 mm->ip4_reass_conf_lifetime_ms = MAP_IP4_REASS_LIFETIME_DEFAULT;
2268 mm->ip4_reass_conf_pool_size = MAP_IP4_REASS_POOL_SIZE_DEFAULT;
2269 mm->ip4_reass_conf_buffers = MAP_IP4_REASS_BUFFERS_DEFAULT;
2270 mm->ip4_reass_ht_log2len =
2271 map_get_ht_log2len (mm->ip4_reass_conf_ht_ratio,
2272 mm->ip4_reass_conf_pool_size);
2273 mm->ip4_reass_fifo_last = MAP_REASS_INDEX_NONE;
2274 map_ip4_reass_reinit (NULL, NULL);
2276 /* IP6 virtual reassembly */
2277 mm->ip6_reass_hash_table = 0;
2278 mm->ip6_reass_pool = 0;
2279 mm->ip6_reass_lock =
2280 clib_mem_alloc_aligned (CLIB_CACHE_LINE_BYTES, CLIB_CACHE_LINE_BYTES);
2281 *mm->ip6_reass_lock = 0;
2282 mm->ip6_reass_conf_ht_ratio = MAP_IP6_REASS_HT_RATIO_DEFAULT;
2283 mm->ip6_reass_conf_lifetime_ms = MAP_IP6_REASS_LIFETIME_DEFAULT;
2284 mm->ip6_reass_conf_pool_size = MAP_IP6_REASS_POOL_SIZE_DEFAULT;
2285 mm->ip6_reass_conf_buffers = MAP_IP6_REASS_BUFFERS_DEFAULT;
2286 mm->ip6_reass_ht_log2len =
2287 map_get_ht_log2len (mm->ip6_reass_conf_ht_ratio,
2288 mm->ip6_reass_conf_pool_size);
2289 mm->ip6_reass_fifo_last = MAP_REASS_INDEX_NONE;
2290 map_ip6_reass_reinit (NULL, NULL);
2292 #ifdef MAP_SKIP_IP6_LOOKUP
2293 fib_node_register_type (FIB_NODE_TYPE_MAP_E, &map_vft);
2295 map_dpo_module_init ();
2300 VLIB_INIT_FUNCTION (map_init);
2303 * fd.io coding-style-patch-verification: ON
2306 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob