FD.io VPP  v17.10-9-gd594711
Vector Packet Processing
ip6_map.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "map.h"
16 
17 #include "../ip/ip_frag.h"
18 #include <vnet/ip/ip4_to_ip6.h>
19 #include <vnet/ip/ip6_to_ip4.h>
20 
22 {
24 #ifdef MAP_SKIP_IP6_LOOKUP
26 #endif
35 };
36 
38 {
42 };
43 
45 {
50 };
51 
53 {
57 };
58 
62 
63 typedef struct
64 {
69 
70 u8 *
71 format_ip6_map_ip4_reass_trace (u8 * s, va_list * args)
72 {
73  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
74  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
76  va_arg (*args, map_ip6_map_ip4_reass_trace_t *);
77  return format (s, "MAP domain index: %d L4 port: %u Status: %s",
78  t->map_domain_index, t->port,
79  t->cached ? "cached" : "forwarded");
80 }
81 
82 typedef struct
83 {
88 
89 u8 *
90 format_ip6_map_ip6_reass_trace (u8 * s, va_list * args)
91 {
92  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
93  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
95  va_arg (*args, map_ip6_map_ip6_reass_trace_t *);
96  return format (s, "Offset: %d Fragment length: %d Status: %s", t->offset,
97  t->frag_len, t->out ? "out" : "in");
98 }
99 
100 /*
101  * ip6_map_sec_check
102  */
105  ip6_header_t * ip6)
106 {
107  u16 sp4 = clib_net_to_host_u16 (port);
108  u32 sa4 = clib_net_to_host_u32 (ip4->src_address.as_u32);
109  u64 sal6 = map_get_pfx (d, sa4, sp4);
110  u64 sar6 = map_get_sfx (d, sa4, sp4);
111 
112  if (PREDICT_FALSE
113  (sal6 != clib_net_to_host_u64 (ip6->src_address.as_u64[0])
114  || sar6 != clib_net_to_host_u64 (ip6->src_address.as_u64[1])))
115  return (false);
116  return (true);
117 }
118 
121  ip6_header_t * ip6, u32 * next, u8 * error)
122 {
123  map_main_t *mm = &map_main;
124  if (d->ea_bits_len || d->rules)
125  {
126  if (d->psid_length > 0)
127  {
128  if (!ip4_is_fragment (ip4))
129  {
130  u16 port = ip4_get_port (ip4, 1);
131  if (port)
132  {
133  if (mm->sec_check)
134  *error =
135  ip6_map_sec_check (d, port, ip4,
136  ip6) ? MAP_ERROR_NONE :
137  MAP_ERROR_DECAP_SEC_CHECK;
138  }
139  else
140  {
141  *error = MAP_ERROR_BAD_PROTOCOL;
142  }
143  }
144  else
145  {
146  *next = mm->sec_check_frag ? IP6_MAP_NEXT_IP4_REASS : *next;
147  }
148  }
149  }
150 }
151 
154 {
155 #ifdef MAP_SKIP_IP6_LOOKUP
157  {
158  vnet_buffer (p0)->ip.adj_index[VLIB_TX] =
160  return (true);
161  }
162 #endif
163  return (false);
164 }
165 
166 /*
167  * ip6_map
168  */
169 static uword
171 {
172  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
173  vlib_node_runtime_t *error_node =
175  map_main_t *mm = &map_main;
177  u32 thread_index = vlib_get_thread_index ();
178 
179  from = vlib_frame_vector_args (frame);
180  n_left_from = frame->n_vectors;
181  next_index = node->cached_next_index;
182  while (n_left_from > 0)
183  {
184  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
185 
186  /* Dual loop */
187  while (n_left_from >= 4 && n_left_to_next >= 2)
188  {
189  u32 pi0, pi1;
190  vlib_buffer_t *p0, *p1;
191  u8 error0 = MAP_ERROR_NONE;
192  u8 error1 = MAP_ERROR_NONE;
193  map_domain_t *d0 = 0, *d1 = 0;
194  ip4_header_t *ip40, *ip41;
195  ip6_header_t *ip60, *ip61;
196  u16 port0 = 0, port1 = 0;
197  u32 map_domain_index0 = ~0, map_domain_index1 = ~0;
200 
201  /* Prefetch next iteration. */
202  {
203  vlib_buffer_t *p2, *p3;
204 
205  p2 = vlib_get_buffer (vm, from[2]);
206  p3 = vlib_get_buffer (vm, from[3]);
207 
208  vlib_prefetch_buffer_header (p2, LOAD);
209  vlib_prefetch_buffer_header (p3, LOAD);
210 
211  /* IPv6 + IPv4 header + 8 bytes of ULP */
212  CLIB_PREFETCH (p2->data, 68, LOAD);
213  CLIB_PREFETCH (p3->data, 68, LOAD);
214  }
215 
216  pi0 = to_next[0] = from[0];
217  pi1 = to_next[1] = from[1];
218  from += 2;
219  n_left_from -= 2;
220  to_next += 2;
221  n_left_to_next -= 2;
222 
223  p0 = vlib_get_buffer (vm, pi0);
224  p1 = vlib_get_buffer (vm, pi1);
225  ip60 = vlib_buffer_get_current (p0);
226  ip61 = vlib_buffer_get_current (p1);
227  vlib_buffer_advance (p0, sizeof (ip6_header_t));
228  vlib_buffer_advance (p1, sizeof (ip6_header_t));
229  ip40 = vlib_buffer_get_current (p0);
230  ip41 = vlib_buffer_get_current (p1);
231 
232  /*
233  * Encapsulated IPv4 packet
234  * - IPv4 fragmented -> Pass to virtual reassembly unless security check disabled
235  * - Lookup/Rewrite or Fragment node in case of packet > MTU
236  * Fragmented IPv6 packet
237  * ICMP IPv6 packet
238  * - Error -> Pass to ICMPv6/ICMPv4 relay
239  * - Info -> Pass to IPv6 local
240  * Anything else -> drop
241  */
242  if (PREDICT_TRUE
243  (ip60->protocol == IP_PROTOCOL_IP_IN_IP
244  && clib_net_to_host_u16 (ip60->payload_length) > 20))
245  {
246  d0 =
247  ip6_map_get_domain (vnet_buffer (p0)->ip.adj_index[VLIB_TX],
248  (ip4_address_t *) & ip40->
249  src_address.as_u32, &map_domain_index0,
250  &error0);
251  }
252  else if (ip60->protocol == IP_PROTOCOL_ICMP6 &&
253  clib_net_to_host_u16 (ip60->payload_length) >
254  sizeof (icmp46_header_t))
255  {
256  icmp46_header_t *icmp = (void *) (ip60 + 1);
257  next0 = (icmp->type == ICMP6_echo_request
258  || icmp->type ==
259  ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
261  }
262  else if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
263  {
264  next0 = IP6_MAP_NEXT_IP6_REASS;
265  }
266  else
267  {
268  error0 = MAP_ERROR_BAD_PROTOCOL;
269  }
270  if (PREDICT_TRUE
271  (ip61->protocol == IP_PROTOCOL_IP_IN_IP
272  && clib_net_to_host_u16 (ip61->payload_length) > 20))
273  {
274  d1 =
275  ip6_map_get_domain (vnet_buffer (p1)->ip.adj_index[VLIB_TX],
276  (ip4_address_t *) & ip41->
277  src_address.as_u32, &map_domain_index1,
278  &error1);
279  }
280  else if (ip61->protocol == IP_PROTOCOL_ICMP6 &&
281  clib_net_to_host_u16 (ip61->payload_length) >
282  sizeof (icmp46_header_t))
283  {
284  icmp46_header_t *icmp = (void *) (ip61 + 1);
285  next1 = (icmp->type == ICMP6_echo_request
286  || icmp->type ==
287  ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
289  }
290  else if (ip61->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
291  {
292  next1 = IP6_MAP_NEXT_IP6_REASS;
293  }
294  else
295  {
296  error1 = MAP_ERROR_BAD_PROTOCOL;
297  }
298 
299  if (d0)
300  {
301  /* MAP inbound security check */
302  ip6_map_security_check (d0, ip40, ip60, &next0, &error0);
303 
304  if (PREDICT_TRUE (error0 == MAP_ERROR_NONE &&
305  next0 == IP6_MAP_NEXT_IP4_LOOKUP))
306  {
307  if (PREDICT_FALSE
308  (d0->mtu
309  && (clib_host_to_net_u16 (ip40->length) > d0->mtu)))
310  {
311  vnet_buffer (p0)->ip_frag.header_offset = 0;
312  vnet_buffer (p0)->ip_frag.flags = 0;
313  vnet_buffer (p0)->ip_frag.next_index =
315  vnet_buffer (p0)->ip_frag.mtu = d0->mtu;
317  }
318  else
319  {
320  next0 =
322  ip40) ?
323  IP6_MAP_NEXT_IP4_REWRITE : next0;
324  }
326  thread_index,
327  map_domain_index0, 1,
328  clib_net_to_host_u16
329  (ip40->length));
330  }
331  }
332  if (d1)
333  {
334  /* MAP inbound security check */
335  ip6_map_security_check (d1, ip41, ip61, &next1, &error1);
336 
337  if (PREDICT_TRUE (error1 == MAP_ERROR_NONE &&
338  next1 == IP6_MAP_NEXT_IP4_LOOKUP))
339  {
340  if (PREDICT_FALSE
341  (d1->mtu
342  && (clib_host_to_net_u16 (ip41->length) > d1->mtu)))
343  {
344  vnet_buffer (p1)->ip_frag.header_offset = 0;
345  vnet_buffer (p1)->ip_frag.flags = 0;
346  vnet_buffer (p1)->ip_frag.next_index =
348  vnet_buffer (p1)->ip_frag.mtu = d1->mtu;
350  }
351  else
352  {
353  next1 =
355  ip41) ?
356  IP6_MAP_NEXT_IP4_REWRITE : next1;
357  }
359  thread_index,
360  map_domain_index1, 1,
361  clib_net_to_host_u16
362  (ip41->length));
363  }
364  }
365 
367  {
368  map_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr));
369  tr->map_domain_index = map_domain_index0;
370  tr->port = port0;
371  }
372 
374  {
375  map_trace_t *tr = vlib_add_trace (vm, node, p1, sizeof (*tr));
376  tr->map_domain_index = map_domain_index1;
377  tr->port = port1;
378  }
379 
380  if (error0 == MAP_ERROR_DECAP_SEC_CHECK && mm->icmp6_enabled)
381  {
382  /* Set ICMP parameters */
383  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
384  icmp6_error_set_vnet_buffer (p0, ICMP6_destination_unreachable,
385  ICMP6_destination_unreachable_source_address_failed_policy,
386  0);
387  next0 = IP6_MAP_NEXT_ICMP;
388  }
389  else
390  {
391  next0 = (error0 == MAP_ERROR_NONE) ? next0 : IP6_MAP_NEXT_DROP;
392  }
393 
394  if (error1 == MAP_ERROR_DECAP_SEC_CHECK && mm->icmp6_enabled)
395  {
396  /* Set ICMP parameters */
397  vlib_buffer_advance (p1, -sizeof (ip6_header_t));
398  icmp6_error_set_vnet_buffer (p1, ICMP6_destination_unreachable,
399  ICMP6_destination_unreachable_source_address_failed_policy,
400  0);
401  next1 = IP6_MAP_NEXT_ICMP;
402  }
403  else
404  {
405  next1 = (error1 == MAP_ERROR_NONE) ? next1 : IP6_MAP_NEXT_DROP;
406  }
407 
408  /* Reset packet */
409  if (next0 == IP6_MAP_NEXT_IP6_LOCAL)
410  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
411  if (next1 == IP6_MAP_NEXT_IP6_LOCAL)
412  vlib_buffer_advance (p1, -sizeof (ip6_header_t));
413 
414  p0->error = error_node->errors[error0];
415  p1->error = error_node->errors[error1];
416  vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
417  n_left_to_next, pi0, pi1, next0,
418  next1);
419  }
420 
421  /* Single loop */
422  while (n_left_from > 0 && n_left_to_next > 0)
423  {
424  u32 pi0;
425  vlib_buffer_t *p0;
426  u8 error0 = MAP_ERROR_NONE;
427  map_domain_t *d0 = 0;
428  ip4_header_t *ip40;
429  ip6_header_t *ip60;
430  i32 port0 = 0;
431  u32 map_domain_index0 = ~0;
433 
434  pi0 = to_next[0] = from[0];
435  from += 1;
436  n_left_from -= 1;
437  to_next += 1;
438  n_left_to_next -= 1;
439 
440  p0 = vlib_get_buffer (vm, pi0);
441  ip60 = vlib_buffer_get_current (p0);
442  vlib_buffer_advance (p0, sizeof (ip6_header_t));
443  ip40 = vlib_buffer_get_current (p0);
444 
445  /*
446  * Encapsulated IPv4 packet
447  * - IPv4 fragmented -> Pass to virtual reassembly unless security check disabled
448  * - Lookup/Rewrite or Fragment node in case of packet > MTU
449  * Fragmented IPv6 packet
450  * ICMP IPv6 packet
451  * - Error -> Pass to ICMPv6/ICMPv4 relay
452  * - Info -> Pass to IPv6 local
453  * Anything else -> drop
454  */
455  if (PREDICT_TRUE
456  (ip60->protocol == IP_PROTOCOL_IP_IN_IP
457  && clib_net_to_host_u16 (ip60->payload_length) > 20))
458  {
459  d0 =
460  ip6_map_get_domain (vnet_buffer (p0)->ip.adj_index[VLIB_TX],
461  (ip4_address_t *) & ip40->
462  src_address.as_u32, &map_domain_index0,
463  &error0);
464  }
465  else if (ip60->protocol == IP_PROTOCOL_ICMP6 &&
466  clib_net_to_host_u16 (ip60->payload_length) >
467  sizeof (icmp46_header_t))
468  {
469  icmp46_header_t *icmp = (void *) (ip60 + 1);
470  next0 = (icmp->type == ICMP6_echo_request
471  || icmp->type ==
472  ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
474  }
475  else if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION &&
476  (((ip6_frag_hdr_t *) (ip60 + 1))->next_hdr ==
477  IP_PROTOCOL_IP_IN_IP))
478  {
479  next0 = IP6_MAP_NEXT_IP6_REASS;
480  }
481  else
482  {
483  error0 = MAP_ERROR_BAD_PROTOCOL;
484  }
485 
486  if (d0)
487  {
488  /* MAP inbound security check */
489  ip6_map_security_check (d0, ip40, ip60, &next0, &error0);
490 
491  if (PREDICT_TRUE (error0 == MAP_ERROR_NONE &&
492  next0 == IP6_MAP_NEXT_IP4_LOOKUP))
493  {
494  if (PREDICT_FALSE
495  (d0->mtu
496  && (clib_host_to_net_u16 (ip40->length) > d0->mtu)))
497  {
498  vnet_buffer (p0)->ip_frag.header_offset = 0;
499  vnet_buffer (p0)->ip_frag.flags = 0;
500  vnet_buffer (p0)->ip_frag.next_index =
502  vnet_buffer (p0)->ip_frag.mtu = d0->mtu;
504  }
505  else
506  {
507  next0 =
509  ip40) ?
510  IP6_MAP_NEXT_IP4_REWRITE : next0;
511  }
513  thread_index,
514  map_domain_index0, 1,
515  clib_net_to_host_u16
516  (ip40->length));
517  }
518  }
519 
521  {
522  map_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr));
523  tr->map_domain_index = map_domain_index0;
524  tr->port = (u16) port0;
525  }
526 
527  if (mm->icmp6_enabled &&
528  (error0 == MAP_ERROR_DECAP_SEC_CHECK
529  || error0 == MAP_ERROR_NO_DOMAIN))
530  {
531  /* Set ICMP parameters */
532  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
533  icmp6_error_set_vnet_buffer (p0, ICMP6_destination_unreachable,
534  ICMP6_destination_unreachable_source_address_failed_policy,
535  0);
536  next0 = IP6_MAP_NEXT_ICMP;
537  }
538  else
539  {
540  next0 = (error0 == MAP_ERROR_NONE) ? next0 : IP6_MAP_NEXT_DROP;
541  }
542 
543  /* Reset packet */
544  if (next0 == IP6_MAP_NEXT_IP6_LOCAL)
545  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
546 
547  p0->error = error_node->errors[error0];
548  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
549  n_left_to_next, pi0, next0);
550  }
551  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
552  }
553 
554  return frame->n_vectors;
555 }
556 
557 
560  map_ip6_reass_t * r, u32 ** fragments_ready,
561  u32 ** fragments_to_drop)
562 {
563  ip4_header_t *ip40;
564  ip6_header_t *ip60;
565  ip6_frag_hdr_t *frag0;
566  vlib_buffer_t *p0;
567 
569  return;
570 
571  //The IP header is here, we need to check for packets
572  //that can be forwarded
573  int i;
574  for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
575  {
576  if (r->fragments[i].pi == ~0 ||
577  ((!r->fragments[i].next_data_len)
578  && (r->fragments[i].next_data_offset != (0xffff))))
579  continue;
580 
581  p0 = vlib_get_buffer (vm, r->fragments[i].pi);
582  ip60 = vlib_buffer_get_current (p0);
583  frag0 = (ip6_frag_hdr_t *) (ip60 + 1);
584  ip40 = (ip4_header_t *) (frag0 + 1);
585 
586  if (ip6_frag_hdr_offset (frag0))
587  {
588  //Not first fragment, add the IPv4 header
589  clib_memcpy (ip40, &r->ip4_header, 20);
590  }
591 
592 #ifdef MAP_IP6_REASS_COUNT_BYTES
593  r->forwarded +=
594  clib_net_to_host_u16 (ip60->payload_length) - sizeof (*frag0);
595 #endif
596 
597  if (ip6_frag_hdr_more (frag0))
598  {
599  //Not last fragment, we copy end of next
601  r->fragments[i].next_data, 20);
602  p0->current_length += 20;
603  ip60->payload_length = u16_net_add (ip60->payload_length, 20);
604  }
605 
606  if (!ip4_is_fragment (ip40))
607  {
608  ip40->fragment_id = frag_id_6to4 (frag0->identification);
610  clib_host_to_net_u16 (ip6_frag_hdr_offset (frag0));
611  }
612  else
613  {
615  clib_host_to_net_u16 (ip4_get_fragment_offset (ip40) +
616  ip6_frag_hdr_offset (frag0));
617  }
618 
619  if (ip6_frag_hdr_more (frag0))
621  clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
622 
623  ip40->length =
624  clib_host_to_net_u16 (p0->current_length - sizeof (*ip60) -
625  sizeof (*frag0));
626  ip40->checksum = ip4_header_checksum (ip40);
627 
629  {
631  vlib_add_trace (vm, node, p0, sizeof (*tr));
632  tr->offset = ip4_get_fragment_offset (ip40);
633  tr->frag_len = clib_net_to_host_u16 (ip40->length) - sizeof (*ip40);
634  tr->out = 1;
635  }
636 
637  vec_add1 (*fragments_ready, r->fragments[i].pi);
638  r->fragments[i].pi = ~0;
639  r->fragments[i].next_data_len = 0;
640  r->fragments[i].next_data_offset = 0;
642 
643  //TODO: Best solution would be that ip6_map handles extension headers
644  // and ignores atomic fragment. But in the meantime, let's just copy the header.
645 
646  u8 protocol = frag0->next_hdr;
647  memmove (u8_ptr_add (ip40, -sizeof (*ip60)), ip60, sizeof (*ip60));
648  ((ip6_header_t *) u8_ptr_add (ip40, -sizeof (*ip60)))->protocol =
649  protocol;
650  vlib_buffer_advance (p0, sizeof (*frag0));
651  }
652 }
653 
654 void
656 {
661 }
662 
663 void
665 {
670 }
671 
672 /*
673  * ip6_reass
674  * TODO: We should count the number of successfully
675  * transmitted fragment bytes and compare that to the last fragment
676  * offset such that we can free the reassembly structure when all fragments
677  * have been forwarded.
678  */
679 static uword
681  vlib_node_runtime_t * node, vlib_frame_t * frame)
682 {
683  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
684  vlib_node_runtime_t *error_node =
686  u32 *fragments_to_drop = NULL;
687  u32 *fragments_ready = NULL;
688 
689  from = vlib_frame_vector_args (frame);
690  n_left_from = frame->n_vectors;
691  next_index = node->cached_next_index;
692  while (n_left_from > 0)
693  {
694  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
695 
696  /* Single loop */
697  while (n_left_from > 0 && n_left_to_next > 0)
698  {
699  u32 pi0;
700  vlib_buffer_t *p0;
701  u8 error0 = MAP_ERROR_NONE;
702  ip6_header_t *ip60;
703  ip6_frag_hdr_t *frag0;
704  u16 offset;
705  u16 next_offset;
706  u16 frag_len;
707 
708  pi0 = to_next[0] = from[0];
709  from += 1;
710  n_left_from -= 1;
711  to_next += 1;
712  n_left_to_next -= 1;
713 
714  p0 = vlib_get_buffer (vm, pi0);
715  ip60 = vlib_buffer_get_current (p0);
716  frag0 = (ip6_frag_hdr_t *) (ip60 + 1);
717  offset =
718  clib_host_to_net_u16 (frag0->fragment_offset_and_more) & (~7);
719  frag_len =
720  clib_net_to_host_u16 (ip60->payload_length) - sizeof (*frag0);
721  next_offset =
722  ip6_frag_hdr_more (frag0) ? (offset + frag_len) : (0xffff);
723 
724  //FIXME: Support other extension headers, maybe
725 
727  {
729  vlib_add_trace (vm, node, p0, sizeof (*tr));
730  tr->offset = offset;
731  tr->frag_len = frag_len;
732  tr->out = 0;
733  }
734 
736  map_ip6_reass_t *r =
737  map_ip6_reass_get (&ip60->src_address, &ip60->dst_address,
738  frag0->identification, frag0->next_hdr,
739  &fragments_to_drop);
740  //FIXME: Use better error codes
741  if (PREDICT_FALSE (!r))
742  {
743  // Could not create a caching entry
744  error0 = MAP_ERROR_FRAGMENT_MEMORY;
745  }
746  else if (PREDICT_FALSE ((frag_len <= 20 &&
747  (ip6_frag_hdr_more (frag0) || (!offset)))))
748  {
749  //Very small fragment are restricted to the last one and
750  //can't be the first one
751  error0 = MAP_ERROR_FRAGMENT_MALFORMED;
752  }
753  else
755  (r, pi0, offset, next_offset, (u8 *) (frag0 + 1), frag_len))
756  {
757  map_ip6_reass_free (r, &fragments_to_drop);
758  error0 = MAP_ERROR_FRAGMENT_MEMORY;
759  }
760  else
761  {
762 #ifdef MAP_IP6_REASS_COUNT_BYTES
763  if (!ip6_frag_hdr_more (frag0))
764  r->expected_total = offset + frag_len;
765 #endif
766  ip6_map_ip6_reass_prepare (vm, node, r, &fragments_ready,
767  &fragments_to_drop);
768 #ifdef MAP_IP6_REASS_COUNT_BYTES
769  if (r->forwarded >= r->expected_total)
770  map_ip6_reass_free (r, &fragments_to_drop);
771 #endif
772  }
774 
775  if (error0 == MAP_ERROR_NONE)
776  {
777  if (frag_len > 20)
778  {
779  //Dequeue the packet
780  n_left_to_next++;
781  to_next--;
782  }
783  else
784  {
785  //All data from that packet was copied no need to keep it, but this is not an error
786  p0->error = error_node->errors[MAP_ERROR_NONE];
787  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
788  to_next, n_left_to_next,
789  pi0,
791  }
792  }
793  else
794  {
795  p0->error = error_node->errors[error0];
796  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
797  n_left_to_next, pi0,
799  }
800  }
801  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
802  }
803 
804  map_send_all_to_node (vm, fragments_ready, node,
805  &error_node->errors[MAP_ERROR_NONE],
807  map_send_all_to_node (vm, fragments_to_drop, node,
808  &error_node->errors[MAP_ERROR_FRAGMENT_DROPPED],
810 
811  vec_free (fragments_to_drop);
812  vec_free (fragments_ready);
813  return frame->n_vectors;
814 }
815 
816 /*
817  * ip6_ip4_virt_reass
818  */
819 static uword
821  vlib_node_runtime_t * node, vlib_frame_t * frame)
822 {
823  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
824  vlib_node_runtime_t *error_node =
826  map_main_t *mm = &map_main;
828  u32 thread_index = vlib_get_thread_index ();
829  u32 *fragments_to_drop = NULL;
830  u32 *fragments_to_loopback = NULL;
831 
832  from = vlib_frame_vector_args (frame);
833  n_left_from = frame->n_vectors;
834  next_index = node->cached_next_index;
835  while (n_left_from > 0)
836  {
837  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
838 
839  /* Single loop */
840  while (n_left_from > 0 && n_left_to_next > 0)
841  {
842  u32 pi0;
843  vlib_buffer_t *p0;
844  u8 error0 = MAP_ERROR_NONE;
845  map_domain_t *d0;
846  ip4_header_t *ip40;
847  ip6_header_t *ip60;
848  i32 port0 = 0;
849  u32 map_domain_index0 = ~0;
851  u8 cached = 0;
852 
853  pi0 = to_next[0] = from[0];
854  from += 1;
855  n_left_from -= 1;
856  to_next += 1;
857  n_left_to_next -= 1;
858 
859  p0 = vlib_get_buffer (vm, pi0);
860  ip40 = vlib_buffer_get_current (p0);
861  ip60 = ((ip6_header_t *) ip40) - 1;
862 
863  d0 =
864  ip6_map_get_domain (vnet_buffer (p0)->ip.adj_index[VLIB_TX],
865  (ip4_address_t *) & ip40->src_address.as_u32,
866  &map_domain_index0, &error0);
867 
869  //This node only deals with fragmented ip4
871  ip40->dst_address.as_u32,
872  ip40->fragment_id,
873  ip40->protocol,
874  &fragments_to_drop);
875  if (PREDICT_FALSE (!r))
876  {
877  // Could not create a caching entry
878  error0 = MAP_ERROR_FRAGMENT_MEMORY;
879  }
880  else if (PREDICT_TRUE (ip4_get_fragment_offset (ip40)))
881  {
882  // This is a fragment
883  if (r->port >= 0)
884  {
885  // We know the port already
886  port0 = r->port;
887  }
888  else if (map_ip4_reass_add_fragment (r, pi0))
889  {
890  // Not enough space for caching
891  error0 = MAP_ERROR_FRAGMENT_MEMORY;
892  map_ip4_reass_free (r, &fragments_to_drop);
893  }
894  else
895  {
896  cached = 1;
897  }
898  }
899  else if ((port0 = ip4_get_port (ip40, 1)) == 0)
900  {
901  // Could not find port from first fragment. Stop reassembling.
902  error0 = MAP_ERROR_BAD_PROTOCOL;
903  port0 = 0;
904  map_ip4_reass_free (r, &fragments_to_drop);
905  }
906  else
907  {
908  // Found port. Remember it and loopback saved fragments
909  r->port = port0;
910  map_ip4_reass_get_fragments (r, &fragments_to_loopback);
911  }
912 
913 #ifdef MAP_IP4_REASS_COUNT_BYTES
914  if (!cached && r)
915  {
916  r->forwarded += clib_host_to_net_u16 (ip40->length) - 20;
917  if (!ip4_get_fragment_more (ip40))
918  r->expected_total =
919  ip4_get_fragment_offset (ip40) * 8 +
920  clib_host_to_net_u16 (ip40->length) - 20;
921  if (r->forwarded >= r->expected_total)
922  map_ip4_reass_free (r, &fragments_to_drop);
923  }
924 #endif
925 
927 
928  if (PREDICT_TRUE (error0 == MAP_ERROR_NONE))
929  error0 =
930  ip6_map_sec_check (d0, port0, ip40,
931  ip60) ? MAP_ERROR_NONE :
932  MAP_ERROR_DECAP_SEC_CHECK;
933 
934  if (PREDICT_FALSE
935  (d0->mtu && (clib_host_to_net_u16 (ip40->length) > d0->mtu)
936  && error0 == MAP_ERROR_NONE && !cached))
937  {
938  vnet_buffer (p0)->ip_frag.header_offset = 0;
939  vnet_buffer (p0)->ip_frag.flags = 0;
940  vnet_buffer (p0)->ip_frag.next_index = IP4_FRAG_NEXT_IP4_LOOKUP;
941  vnet_buffer (p0)->ip_frag.mtu = d0->mtu;
943  }
944 
946  {
948  vlib_add_trace (vm, node, p0, sizeof (*tr));
949  tr->map_domain_index = map_domain_index0;
950  tr->port = port0;
951  tr->cached = cached;
952  }
953 
954  if (cached)
955  {
956  //Dequeue the packet
957  n_left_to_next++;
958  to_next--;
959  }
960  else
961  {
962  if (error0 == MAP_ERROR_NONE)
964  thread_index,
965  map_domain_index0, 1,
966  clib_net_to_host_u16
967  (ip40->length));
968  next0 =
969  (error0 ==
970  MAP_ERROR_NONE) ? next0 : IP6_MAP_IP4_REASS_NEXT_DROP;
971  p0->error = error_node->errors[error0];
972  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
973  n_left_to_next, pi0, next0);
974  }
975 
976  //Loopback when we reach the end of the inpu vector
977  if (n_left_from == 0 && vec_len (fragments_to_loopback))
978  {
979  from = vlib_frame_vector_args (frame);
980  u32 len = vec_len (fragments_to_loopback);
981  if (len <= VLIB_FRAME_SIZE)
982  {
983  clib_memcpy (from, fragments_to_loopback,
984  sizeof (u32) * len);
985  n_left_from = len;
986  vec_reset_length (fragments_to_loopback);
987  }
988  else
989  {
990  clib_memcpy (from,
991  fragments_to_loopback + (len -
993  sizeof (u32) * VLIB_FRAME_SIZE);
994  n_left_from = VLIB_FRAME_SIZE;
995  _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
996  }
997  }
998  }
999  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1000  }
1001  map_send_all_to_node (vm, fragments_to_drop, node,
1002  &error_node->errors[MAP_ERROR_FRAGMENT_DROPPED],
1004 
1005  vec_free (fragments_to_drop);
1006  vec_free (fragments_to_loopback);
1007  return frame->n_vectors;
1008 }
1009 
1010 /*
1011  * ip6_icmp_relay
1012  */
1013 static uword
1015  vlib_node_runtime_t * node, vlib_frame_t * frame)
1016 {
1017  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
1018  vlib_node_runtime_t *error_node =
1020  map_main_t *mm = &map_main;
1021  u32 thread_index = vlib_get_thread_index ();
1022  u16 *fragment_ids, *fid;
1023 
1024  from = vlib_frame_vector_args (frame);
1025  n_left_from = frame->n_vectors;
1026  next_index = node->cached_next_index;
1027 
1028  /* Get random fragment IDs for replies. */
1029  fid = fragment_ids =
1031  n_left_from * sizeof (fragment_ids[0]));
1032 
1033  while (n_left_from > 0)
1034  {
1035  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1036 
1037  /* Single loop */
1038  while (n_left_from > 0 && n_left_to_next > 0)
1039  {
1040  u32 pi0;
1041  vlib_buffer_t *p0;
1042  u8 error0 = MAP_ERROR_NONE;
1043  ip6_header_t *ip60;
1045  u32 mtu;
1046 
1047  pi0 = to_next[0] = from[0];
1048  from += 1;
1049  n_left_from -= 1;
1050  to_next += 1;
1051  n_left_to_next -= 1;
1052 
1053  p0 = vlib_get_buffer (vm, pi0);
1054  ip60 = vlib_buffer_get_current (p0);
1055  u16 tlen = clib_net_to_host_u16 (ip60->payload_length);
1056 
1057  /*
1058  * In:
1059  * IPv6 header (40)
1060  * ICMPv6 header (8)
1061  * IPv6 header (40)
1062  * Original IPv4 header / packet
1063  * Out:
1064  * New IPv4 header
1065  * New ICMP header
1066  * Original IPv4 header / packet
1067  */
1068 
1069  /* Need at least ICMP(8) + IPv6(40) + IPv4(20) + L4 header(8) */
1070  if (tlen < 76)
1071  {
1072  error0 = MAP_ERROR_ICMP_RELAY;
1073  goto error;
1074  }
1075 
1076  icmp46_header_t *icmp60 = (icmp46_header_t *) (ip60 + 1);
1077  ip6_header_t *inner_ip60 = (ip6_header_t *) (icmp60 + 2);
1078 
1079  if (inner_ip60->protocol != IP_PROTOCOL_IP_IN_IP)
1080  {
1081  error0 = MAP_ERROR_ICMP_RELAY;
1082  goto error;
1083  }
1084 
1085  ip4_header_t *inner_ip40 = (ip4_header_t *) (inner_ip60 + 1);
1086  vlib_buffer_advance (p0, 60); /* sizeof ( IPv6 + ICMP + IPv6 - IPv4 - ICMP ) */
1087  ip4_header_t *new_ip40 = vlib_buffer_get_current (p0);
1088  icmp46_header_t *new_icmp40 = (icmp46_header_t *) (new_ip40 + 1);
1089 
1090  /*
1091  * Relay according to RFC2473, section 8.3
1092  */
1093  switch (icmp60->type)
1094  {
1095  case ICMP6_destination_unreachable:
1096  case ICMP6_time_exceeded:
1097  case ICMP6_parameter_problem:
1098  /* Type 3 - destination unreachable, Code 1 - host unreachable */
1099  new_icmp40->type = ICMP4_destination_unreachable;
1100  new_icmp40->code =
1101  ICMP4_destination_unreachable_destination_unreachable_host;
1102  break;
1103 
1104  case ICMP6_packet_too_big:
1105  /* Type 3 - destination unreachable, Code 4 - packet too big */
1106  /* Potential TODO: Adjust domain tunnel MTU based on the value received here */
1107  mtu = clib_net_to_host_u32 (*((u32 *) (icmp60 + 1)));
1108 
1109  /* Check DF flag */
1110  if (!
1111  (inner_ip40->flags_and_fragment_offset &
1112  clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT)))
1113  {
1114  error0 = MAP_ERROR_ICMP_RELAY;
1115  goto error;
1116  }
1117 
1118  new_icmp40->type = ICMP4_destination_unreachable;
1119  new_icmp40->code =
1120  ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set;
1121  *((u32 *) (new_icmp40 + 1)) =
1122  clib_host_to_net_u32 (mtu < 1280 ? 1280 : mtu);
1123  break;
1124 
1125  default:
1126  error0 = MAP_ERROR_ICMP_RELAY;
1127  break;
1128  }
1129 
1130  /*
1131  * Ensure the total ICMP packet is no longer than 576 bytes (RFC1812)
1132  */
1133  new_ip40->ip_version_and_header_length = 0x45;
1134  new_ip40->tos = 0;
1135  u16 nlen = (tlen - 20) > 576 ? 576 : tlen - 20;
1136  new_ip40->length = clib_host_to_net_u16 (nlen);
1137  new_ip40->fragment_id = fid[0];
1138  fid++;
1139  new_ip40->ttl = 64;
1140  new_ip40->protocol = IP_PROTOCOL_ICMP;
1141  new_ip40->src_address = mm->icmp4_src_address;
1142  new_ip40->dst_address = inner_ip40->src_address;
1143  new_ip40->checksum = ip4_header_checksum (new_ip40);
1144 
1145  new_icmp40->checksum = 0;
1146  ip_csum_t sum = ip_incremental_checksum (0, new_icmp40, nlen - 20);
1147  new_icmp40->checksum = ~ip_csum_fold (sum);
1148 
1149  vlib_increment_simple_counter (&mm->icmp_relayed, thread_index, 0,
1150  1);
1151 
1152  error:
1154  {
1155  map_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr));
1156  tr->map_domain_index = 0;
1157  tr->port = 0;
1158  }
1159 
1160  next0 =
1161  (error0 == MAP_ERROR_NONE) ? next0 : IP6_ICMP_RELAY_NEXT_DROP;
1162  p0->error = error_node->errors[error0];
1163  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1164  n_left_to_next, pi0, next0);
1165  }
1166  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1167  }
1168 
1169  return frame->n_vectors;
1170 
1171 }
1172 
1173 static char *map_error_strings[] = {
1174 #define _(sym,string) string,
1176 #undef _
1177 };
1178 
1179 /* *INDENT-OFF* */
1181  .function = ip6_map,
1182  .name = "ip6-map",
1183  .vector_size = sizeof(u32),
1184  .format_trace = format_map_trace,
1185  .type = VLIB_NODE_TYPE_INTERNAL,
1186 
1187  .n_errors = MAP_N_ERROR,
1188  .error_strings = map_error_strings,
1189 
1190  .n_next_nodes = IP6_MAP_N_NEXT,
1191  .next_nodes = {
1192  [IP6_MAP_NEXT_IP4_LOOKUP] = "ip4-lookup",
1193 #ifdef MAP_SKIP_IP6_LOOKUP
1194  [IP6_MAP_NEXT_IP4_REWRITE] = "ip4-load-balance",
1195 #endif
1196  [IP6_MAP_NEXT_IP6_REASS] = "ip6-map-ip6-reass",
1197  [IP6_MAP_NEXT_IP4_REASS] = "ip6-map-ip4-reass",
1198  [IP6_MAP_NEXT_IP4_FRAGMENT] = "ip4-frag",
1199  [IP6_MAP_NEXT_IP6_ICMP_RELAY] = "ip6-map-icmp-relay",
1200  [IP6_MAP_NEXT_IP6_LOCAL] = "ip6-local",
1201  [IP6_MAP_NEXT_DROP] = "error-drop",
1202  [IP6_MAP_NEXT_ICMP] = "ip6-icmp-error",
1203  },
1204 };
1205 /* *INDENT-ON* */
1206 
1207 /* *INDENT-OFF* */
1209  .function = ip6_map_ip6_reass,
1210  .name = "ip6-map-ip6-reass",
1211  .vector_size = sizeof(u32),
1212  .format_trace = format_ip6_map_ip6_reass_trace,
1213  .type = VLIB_NODE_TYPE_INTERNAL,
1214  .n_errors = MAP_N_ERROR,
1215  .error_strings = map_error_strings,
1216  .n_next_nodes = IP6_MAP_IP6_REASS_N_NEXT,
1217  .next_nodes = {
1218  [IP6_MAP_IP6_REASS_NEXT_IP6_MAP] = "ip6-map",
1219  [IP6_MAP_IP6_REASS_NEXT_DROP] = "error-drop",
1220  },
1221 };
1222 /* *INDENT-ON* */
1223 
1224 /* *INDENT-OFF* */
1226  .function = ip6_map_ip4_reass,
1227  .name = "ip6-map-ip4-reass",
1228  .vector_size = sizeof(u32),
1229  .format_trace = format_ip6_map_ip4_reass_trace,
1230  .type = VLIB_NODE_TYPE_INTERNAL,
1231  .n_errors = MAP_N_ERROR,
1232  .error_strings = map_error_strings,
1233  .n_next_nodes = IP6_MAP_IP4_REASS_N_NEXT,
1234  .next_nodes = {
1235  [IP6_MAP_IP4_REASS_NEXT_IP4_LOOKUP] = "ip4-lookup",
1236  [IP6_MAP_IP4_REASS_NEXT_IP4_FRAGMENT] = "ip4-frag",
1237  [IP6_MAP_IP4_REASS_NEXT_DROP] = "error-drop",
1238  },
1239 };
1240 /* *INDENT-ON* */
1241 
1242 /* *INDENT-OFF* */
1244  .function = ip6_map_icmp_relay,
1245  .name = "ip6-map-icmp-relay",
1246  .vector_size = sizeof(u32),
1247  .format_trace = format_map_trace, //FIXME
1248  .type = VLIB_NODE_TYPE_INTERNAL,
1249  .n_errors = MAP_N_ERROR,
1250  .error_strings = map_error_strings,
1251  .n_next_nodes = IP6_ICMP_RELAY_N_NEXT,
1252  .next_nodes = {
1253  [IP6_ICMP_RELAY_NEXT_IP4_LOOKUP] = "ip4-lookup",
1254  [IP6_ICMP_RELAY_NEXT_DROP] = "error-drop",
1255  },
1256 };
1257 /* *INDENT-ON* */
1258 
1259 /*
1260  * fd.io coding-style-patch-verification: ON
1261  *
1262  * Local Variables:
1263  * eval: (c-set-style "gnu")
1264  * End:
1265  */
u16 forwarded
Definition: map.h:182
#define map_ip4_reass_lock()
Definition: map.h:458
u8 psid_length
Definition: map.h:93
sll srl srl sll sra u16x4 i
Definition: vector_sse2.h:337
#define CLIB_UNUSED(x)
Definition: clib.h:79
static_always_inline bool ip6_map_sec_check(map_domain_t *d, u16 port, ip4_header_t *ip4, ip6_header_t *ip6)
Definition: ip6_map.c:104
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 thread_index, u32 index, u64 n_packets, u64 n_bytes)
Increment a combined counter.
Definition: counter.h:211
static_always_inline u64 map_get_pfx(map_domain_t *d, u32 addr, u16 port)
Definition: map.h:351
ip4_address_t src_address
Definition: ip4_packet.h:164
static void vlib_set_next_frame_buffer(vlib_main_t *vm, vlib_node_runtime_t *node, u32 next_index, u32 buffer_index)
Definition: node_funcs.h:397
ip6_map_ip4_reass_next_e
Definition: ip6_map.c:44
#define PREDICT_TRUE(x)
Definition: clib.h:98
u64 as_u64[2]
Definition: ip6_packet.h:51
dpo_id_t dpo
The Load-balance object index to use to forward.
Definition: map.h:216
#define NULL
Definition: clib.h:55
static void * clib_random_buffer_get_data(clib_random_buffer_t *b, uword n_bytes)
Definition: random_buffer.h:78
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:518
struct _vlib_node_registration vlib_node_registration_t
ip6_icmp_relay_next_e
Definition: ip6_map.c:52
bool sec_check_frag
Definition: map.h:240
uword ip_csum_t
Definition: ip_packet.h:90
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:419
static void vlib_increment_simple_counter(vlib_simple_counter_main_t *cm, u32 thread_index, u32 index, u64 increment)
Increment a simple counter.
Definition: counter.h:78
u16 flags_and_fragment_offset
Definition: ip4_packet.h:145
static char * map_error_strings[]
Definition: ip6_map.c:1173
vlib_error_t * errors
Vector of errors for this node.
Definition: node.h:415
vlib_node_registration_t ip6_map_ip4_reass_node
(constructor) VLIB_REGISTER_NODE (ip6_map_ip4_reass_node)
Definition: ip6_map.c:59
#define u16_net_add(u, val)
Definition: map.h:514
static_always_inline void ip6_map_ip6_reass_prepare(vlib_main_t *vm, vlib_node_runtime_t *node, map_ip6_reass_t *r, u32 **fragments_ready, u32 **fragments_to_drop)
Definition: ip6_map.c:559
ip6_address_t src_address
Definition: ip6_packet.h:341
vlib_node_registration_t ip6_map_node
(constructor) VLIB_REGISTER_NODE (ip6_map_node)
Definition: ip6_map.c:1180
IPv4 to IPv6 translation.
map_ip6_fragment_t fragments[MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY]
Definition: map.h:189
u16 port
Definition: map.h:329
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
#define map_ip6_reass_unlock()
Definition: map.h:482
#define static_always_inline
Definition: clib.h:85
static_always_inline void ip6_map_security_check(map_domain_t *d, ip4_header_t *ip4, ip6_header_t *ip6, u32 *next, u8 *error)
Definition: ip6_map.c:120
ip_csum_t ip_incremental_checksum(ip_csum_t sum, void *_data, uword n_bytes)
Definition: ip_checksum.c:43
ip4_address_t dst_address
Definition: ip4_packet.h:164
vlib_combined_counter_main_t * domain_counters
Definition: map.h:232
static int ip4_get_fragment_offset(ip4_header_t *i)
Definition: ip4_packet.h:192
ip4_address_t icmp4_src_address
Definition: map.h:244
int i32
Definition: types.h:81
vlib_node_registration_t ip6_map_ip6_reass_node
(constructor) VLIB_REGISTER_NODE (ip6_map_ip6_reass_node)
Definition: ip6_map.c:60
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
Definition: buffer.h:169
static_always_inline void map_send_all_to_node(vlib_main_t *vm, u32 *pi_vector, vlib_node_runtime_t *node, vlib_error_t *error, u32 next)
Definition: map.h:549
vlib_simple_counter_main_t icmp_relayed
Definition: map.h:245
int map_ip4_reass_add_fragment(map_ip4_reass_t *r, u32 pi)
Definition: map.c:1544
ip6_address_t * rules
Definition: map.h:83
unsigned long u64
Definition: types.h:89
u8 ea_bits_len
Definition: map.h:91
#define frag_id_6to4(id)
Definition: ip6_to_ip4.h:45
u8 * format_ip6_map_ip4_reass_trace(u8 *s, va_list *args)
Definition: ip6_map.c:71
void icmp6_error_set_vnet_buffer(vlib_buffer_t *b, u8 type, u8 code, u32 data)
Definition: icmp6.c:509
static u16 ip4_get_port(ip4_header_t *ip, u8 sender)
Get TCP/UDP port number or ICMP id from IPv4 packet.
Definition: ip4_to_ip6.h:51
static int ip4_is_fragment(ip4_header_t *i)
Definition: ip4_packet.h:205
#define ip6_frag_hdr_more(hdr)
Definition: ip6_packet.h:522
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:72
static_always_inline map_domain_t * ip6_map_get_domain(u32 mdi, ip4_address_t *addr, u32 *map_domain_index, u8 *error)
Definition: map.h:423
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:193
map_ip4_reass_t * map_ip4_reass_get(u32 src, u32 dst, u16 fragment_id, u8 protocol, u32 **pi_to_drop)
Definition: map.c:1463
#define PREDICT_FALSE(x)
Definition: clib.h:97
#define VLIB_FRAME_SIZE
Definition: node.h:328
map_main_t map_main
Definition: map.h:332
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
Definition: buffer_node.h:70
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:216
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:364
u16 expected_total
Definition: map.h:130
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:113
void map_ip4_drop_pi(u32 pi)
Definition: ip6_map.c:664
map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX]
Pre-resolvd per-protocol global next-hops.
Definition: map.c:310
void map_ip4_reass_free(map_ip4_reass_t *r, u32 **pi_to_drop)
Definition: map.c:1420
#define IP4_HEADER_FLAG_MORE_FRAGMENTS
Definition: ip4_packet.h:146
u8 next_data_len
Definition: map.h:173
u16 n_vectors
Definition: node.h:344
u16 next_data_offset
Definition: map.h:172
static_always_inline uword vlib_get_thread_index(void)
Definition: threads.h:221
static_always_inline void map_ip4_reass_get_fragments(map_ip4_reass_t *r, u32 **pi)
Definition: map.h:462
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:82
vlib_main_t * vm
Definition: buffer.c:283
map_ip6_reass_t * map_ip6_reass_get(ip6_address_t *src, ip6_address_t *dst, u32 fragment_id, u8 protocol, u32 **pi_to_drop)
Definition: map.c:1635
u8 next_data[20]
Definition: map.h:174
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:336
#define VLIB_BUFFER_IS_TRACED
Definition: buffer.h:93
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
Definition: node_funcs.h:89
u16 forwarded
Definition: map.h:131
static uword ip6_map_icmp_relay(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:1014
#define clib_memcpy(a, b, c)
Definition: string.h:69
bool icmp6_enabled
Definition: map.h:241
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
Definition: main.c:454
static uword ip6_map_ip4_reass(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:820
#define foreach_map_error
Definition: map.h:299
static uword ip6_map(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:170
#define ip6_frag_hdr_offset(hdr)
Definition: ip6_packet.h:519
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
Definition: node.h:456
#define u8_ptr_add(ptr, index)
Definition: map.h:513
unsigned int u32
Definition: types.h:88
bool sec_check
Definition: map.h:239
ip6_map_next_e
Definition: ip6_map.c:21
static_always_inline bool ip6_map_ip4_lookup_bypass(vlib_buffer_t *p0, ip4_header_t *ip)
Definition: ip6_map.c:153
ip4_header_t ip4_header
Definition: map.h:188
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
Definition: buffer.h:206
#define map_ip4_reass_unlock()
Definition: map.h:459
static vlib_node_registration_t ip6_map_icmp_relay_node
(constructor) VLIB_REGISTER_NODE (ip6_map_icmp_relay_node)
Definition: ip6_map.c:61
u8 * format_map_trace(u8 *s, va_list *args)
Definition: map.c:1383
IPv6 to IPv4 translation.
static int ip4_get_fragment_more(ip4_header_t *i)
Definition: ip4_packet.h:198
u8 * format_ip6_map_ip6_reass_trace(u8 *s, va_list *args)
Definition: ip6_map.c:90
ip6_map_ip6_reass_next_e
Definition: ip6_map.c:37
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
u64 uword
Definition: types.h:112
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace_funcs.h:55
Definition: defs.h:47
unsigned short u16
Definition: types.h:57
static uword ip6_map_ip6_reass(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:680
u16 mtu
Definition: map.h:87
u16 payload_length
Definition: ip6_packet.h:332
index_t dpoi_index
the index of objects of that type
Definition: dpo.h:166
#define FIB_NODE_INDEX_INVALID
Definition: fib_types.h:29
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
unsigned char u8
Definition: types.h:56
#define map_ip6_reass_lock()
Definition: map.h:481
i32 port
Definition: map.h:133
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:267
A collection of combined counters.
Definition: counter.h:180
struct clib_bihash_value offset
template key/value backing page structure
void map_ip6_reass_free(map_ip6_reass_t *r, u32 **pi_to_drop)
Definition: map.c:1583
#define vnet_buffer(b)
Definition: buffer.h:306
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:143
#define MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY
Definition: map.h:68
u8 data[0]
Packet data.
Definition: buffer.h:157
#define IP4_HEADER_FLAG_DONT_FRAGMENT
Definition: ip4_packet.h:147
static_always_inline u64 map_get_sfx(map_domain_t *d, u32 addr, u16 port)
Definition: map.h:375
u32 map_domain_index
Definition: map.h:328
u8 ip_version_and_header_length
Definition: ip4_packet.h:132
u32 ip6_reass_buffered_counter
Definition: map.h:292
int map_ip6_reass_add_fragment(map_ip6_reass_t *r, u32 pi, u16 data_offset, u16 next_data_offset, u8 *data_start, u16 data_len)
Definition: map.c:1723
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:75
u16 expected_total
Definition: map.h:181
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:57
static u16 ip4_header_checksum(ip4_header_t *i)
Definition: ip4_packet.h:239
clib_random_buffer_t random_buffer
Definition: main.h:167
static u16 ip_csum_fold(ip_csum_t c)
Definition: ip_packet.h:145
void map_ip6_drop_pi(u32 pi)
Definition: ip6_map.c:655
ip6_address_t dst_address
Definition: ip6_packet.h:341