17 #include "../ip/ip_frag.h" 19 #define IP6_MAP_T_DUAL_LOOP 100 #ifdef IP6_MAP_T_OVERRIDE_TOS 101 return IP6_MAP_T_OVERRIDE_TOS;
131 case ICMP6_echo_request:
132 *sender_port = ((
u16 *) icmp)[2];
133 icmp->type = ICMP4_echo_request;
135 case ICMP6_echo_reply:
136 *sender_port = ((
u16 *) icmp)[2];
137 icmp->type = ICMP4_echo_reply;
139 case ICMP6_destination_unreachable:
145 case ICMP6_destination_unreachable_no_route_to_destination:
146 case ICMP6_destination_unreachable_beyond_scope_of_source_address:
147 case ICMP6_destination_unreachable_address_unreachable:
148 icmp->type = ICMP4_destination_unreachable;
150 ICMP4_destination_unreachable_destination_unreachable_host;
152 case ICMP6_destination_unreachable_destination_administratively_prohibited:
154 ICMP4_destination_unreachable;
156 ICMP4_destination_unreachable_communication_administratively_prohibited;
158 case ICMP6_destination_unreachable_port_unreachable:
159 icmp->type = ICMP4_destination_unreachable;
160 icmp->code = ICMP4_destination_unreachable_port_unreachable;
166 case ICMP6_packet_too_big:
170 icmp->type = ICMP4_destination_unreachable;
173 u32 advertised_mtu = clib_net_to_host_u32 (*((
u32 *) (icmp + 1)));
174 advertised_mtu -= 20;
176 ((
u16 *) (icmp))[3] = clib_host_to_net_u16 (advertised_mtu);
180 case ICMP6_time_exceeded:
184 icmp->type = ICMP4_time_exceeded;
187 case ICMP6_parameter_problem:
193 case ICMP6_parameter_problem_erroneous_header_field:
194 icmp->type = ICMP4_parameter_problem;
195 icmp->code = ICMP4_parameter_problem_pointer_indicates_error;
196 u32 pointer = clib_net_to_host_u32 (*((
u32 *) (icmp + 1)));
200 ((
u8 *) (icmp + 1))[0] =
203 case ICMP6_parameter_problem_unrecognized_next_header:
204 icmp->type = ICMP4_destination_unreachable;
205 icmp->code = ICMP4_destination_unreachable_port_unreachable;
207 case ICMP6_parameter_problem_unrecognized_option:
225 icmp46_header_t *icmp;
228 u32 ip4_sadr, inner_ip4_dadr;
232 icmp = (icmp46_header_t *) (ip6 + 1);
235 if (ip6->
protocol != IP_PROTOCOL_ICMP6)
239 *error = MAP_ERROR_MALFORMED;
246 (icmp, ip6_pay_len, &sender_port, &inner_ip6))
249 *error = MAP_ERROR_ICMP;
262 *error = MAP_ERROR_ICMP;
274 *error = MAP_ERROR_SEC_CHECK;
280 u16 *inner_L4_checksum, inner_l4_offset, inner_frag_offset,
282 u8 *inner_l4, inner_protocol;
295 if (
ip6_parse (inner_ip6, ip6_pay_len - 8,
296 &inner_protocol, &inner_l4_offset, &inner_frag_offset))
298 *error = MAP_ERROR_MALFORMED;
302 inner_l4 =
u8_ptr_add (inner_ip6, inner_l4_offset);
305 if (inner_frag_offset)
307 ip6_frag_hdr_t *inner_frag =
308 (ip6_frag_hdr_t *)
u8_ptr_add (inner_ip6, inner_frag_offset);
309 inner_frag_id =
frag_id_6to4 (inner_frag->identification);
317 if (inner_protocol == IP_PROTOCOL_TCP)
321 else if (inner_protocol == IP_PROTOCOL_UDP)
325 else if (inner_protocol == IP_PROTOCOL_ICMP6)
327 icmp46_header_t *inner_icmp = (icmp46_header_t *) inner_l4;
328 csum = inner_icmp->checksum;
331 inner_icmp->type = (inner_icmp->type == ICMP6_echo_request) ?
332 ICMP4_echo_request : ICMP4_echo_reply;
335 inner_protocol = IP_PROTOCOL_ICMP;
336 inner_L4_checksum = &inner_icmp->checksum;
340 *error = MAP_ERROR_BAD_PROTOCOL;
344 csum = *inner_L4_checksum;
354 *error = MAP_ERROR_SEC_CHECK;
366 *error = MAP_ERROR_SEC_CHECK;
378 sizeof (*ip4) +
sizeof (*ip6) - inner_l4_offset);
383 inner_ip4->
protocol = inner_protocol;
386 if (inner_ip4->
protocol == IP_PROTOCOL_ICMP)
405 icmp = (icmp46_header_t *)
u8_ptr_add (inner_l4, -
sizeof (*ip4) - 8);
426 NULL) ? sizeof (*ip4) : (2 *
sizeof (*ip4) -
435 clib_net_to_host_u16 (ip4->
length) -
444 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
453 while (n_left_from > 0)
457 while (n_left_from > 0 && n_left_to_next > 0)
466 pi0 = to_next[0] = from[0];
471 error0 = MAP_ERROR_NONE;
478 (p0))->payload_length);
482 _ip6_map_t_icmp (d0, p0, &error0);
498 map_t.map_domain_index, 1,
508 to_next, n_left_to_next, pi0,
520 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
525 while (n_left_from > 0)
529 #ifdef IP6_MAP_T_DUAL_LOOP 530 while (n_left_from >= 4 && n_left_to_next >= 2)
535 ip6_frag_hdr_t *frag0, *frag1;
537 u16 frag_id0, frag_offset0, frag_id1, frag_offset1;
538 u8 frag_more0, frag_more1;
541 pi0 = to_next[0] = from[0];
542 pi1 = to_next[1] = from[1];
565 v6.l4_offset -
sizeof (*ip40));
569 v6.l4_offset -
sizeof (*ip40));
606 clib_host_to_net_u16 (frag_offset0 |
610 clib_host_to_net_u16 (frag_offset1 |
611 (frag_more1 ? IP4_HEADER_FLAG_MORE_FRAGMENTS
617 IP_PROTOCOL_ICMP6) ? IP_PROTOCOL_ICMP :
vnet_buffer (p0)->
618 map_t.v6.l4_protocol;
621 IP_PROTOCOL_ICMP6) ? IP_PROTOCOL_ICMP :
vnet_buffer (p1)->
622 map_t.v6.l4_protocol;
643 to_next, n_left_to_next, pi0, pi1,
648 while (n_left_from > 0 && n_left_to_next > 0)
653 ip6_frag_hdr_t *frag0;
660 pi0 = to_next[0] = from[0];
676 v6.l4_offset -
sizeof (*ip40));
696 clib_host_to_net_u16 (frag_offset0 |
702 IP_PROTOCOL_ICMP6) ? IP_PROTOCOL_ICMP :
vnet_buffer (p0)->
703 map_t.v6.l4_protocol;
716 to_next, n_left_to_next, pi0,
728 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
732 while (n_left_from > 0)
736 #ifdef IP6_MAP_T_DUAL_LOOP 737 while (n_left_from >= 4 && n_left_to_next >= 2)
744 u16 fragment_id0, flags0, *checksum0,
745 fragment_id1, flags1, *checksum1;
748 pi0 = to_next[0] = from[0];
749 pi1 = to_next[1] = from[1];
764 v6.l4_offset -
sizeof (*ip40));
768 v6.l4_offset -
sizeof (*ip40));
799 ip6_frag_hdr_t *hdr = (ip6_frag_hdr_t *)
u8_ptr_add (ip60,
815 ip6_frag_hdr_t *hdr = (ip6_frag_hdr_t *)
u8_ptr_add (ip61,
840 sizeof (*ip40) +
sizeof (*ip60) -
844 sizeof (*ip40) +
sizeof (*ip60) -
874 n_left_to_next, pi0, pi1, next0,
879 while (n_left_from > 0 && n_left_to_next > 0)
891 pi0 = to_next[0] = from[0];
903 v6.l4_offset -
sizeof (*ip40));
923 ip6_frag_hdr_t *hdr = (ip6_frag_hdr_t *)
u8_ptr_add (ip60,
943 sizeof (*ip40) +
sizeof (*ip60) -
961 to_next, n_left_to_next, pi0,
973 u32 l4_len0, ip6_frag_hdr_t * frag0)
986 *error0 = (*src_port0 != -1) ? *error0 : MAP_ERROR_FRAGMENT_DROPPED;
991 (
vnet_buffer (p0)->map_t.v6.l4_protocol == IP_PROTOCOL_TCP))
994 l4_len0 <
sizeof (
tcp_header_t) ? MAP_ERROR_MALFORMED : *error0;
1004 (
vnet_buffer (p0)->map_t.v6.l4_protocol == IP_PROTOCOL_UDP))
1007 l4_len0 <
sizeof (
udp_header_t) ? MAP_ERROR_MALFORMED : *error0;
1015 else if (
vnet_buffer (p0)->map_t.v6.l4_protocol == IP_PROTOCOL_ICMP6)
1018 l4_len0 <
sizeof (icmp46_header_t) ? MAP_ERROR_MALFORMED : *error0;
1025 if (((icmp46_header_t *)
1029 || ((icmp46_header_t *)
1043 *error0 = MAP_ERROR_BAD_PROTOCOL;
1050 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
1059 while (n_left_from > 0)
1063 #ifdef IP6_MAP_T_DUAL_LOOP 1064 while (n_left_from >= 4 && n_left_to_next >= 2)
1071 u32 l4_len0, l4_len1;
1072 i32 src_port0, src_port1;
1074 ip6_frag_hdr_t *frag0, *frag1;
1078 pi0 = to_next[0] = from[0];
1079 pi1 = to_next[1] = from[1];
1083 n_left_to_next -= 2;
1085 error0 = MAP_ERROR_NONE;
1086 error1 = MAP_ERROR_NONE;
1122 error0 = MAP_ERROR_MALFORMED;
1134 error1 = MAP_ERROR_MALFORMED;
1138 src_port0 = src_port1 = -1;
1140 sizeof (*ip60) -
vnet_buffer (p0)->map_t.v6.l4_offset;
1142 sizeof (*ip60) -
vnet_buffer (p1)->map_t.v6.l4_offset;
1164 (p0)->map_t.v6.saddr,
1167 error0 = MAP_ERROR_SEC_CHECK;
1177 (p1)->map_t.v6.saddr,
1180 error1 = MAP_ERROR_SEC_CHECK;
1190 && (error0 == MAP_ERROR_NONE))
1207 && (error1 == MAP_ERROR_NONE))
1223 map_t.map_domain_index, 1,
1224 clib_net_to_host_u16
1234 map_t.map_domain_index, 1,
1235 clib_net_to_host_u16
1244 n_left_to_next, pi0, pi1, next0,
1249 while (n_left_from > 0 && n_left_to_next > 0)
1258 ip6_frag_hdr_t *frag0;
1262 pi0 = to_next[0] = from[0];
1266 n_left_to_next -= 1;
1267 error0 = MAP_ERROR_NONE;
1292 error0 = MAP_ERROR_MALFORMED;
1298 sizeof (*ip60) -
vnet_buffer (p0)->map_t.v6.l4_offset;
1309 error0 = (src_port0 != -1) ? error0 : MAP_ERROR_FRAGMENT_MEMORY;
1314 (
vnet_buffer (p0)->map_t.v6.l4_protocol == IP_PROTOCOL_TCP))
1329 (
vnet_buffer (p0)->map_t.v6.l4_protocol == IP_PROTOCOL_UDP))
1342 else if (
vnet_buffer (p0)->map_t.v6.l4_protocol ==
1347 sizeof (icmp46_header_t) ? MAP_ERROR_MALFORMED : error0;
1349 if (((icmp46_header_t *)
1353 || ((icmp46_header_t *)
1356 l4_offset))->code == ICMP6_echo_request)
1366 error0 = MAP_ERROR_BAD_PROTOCOL;
1377 (p0)->map_t.v6.saddr,
1381 error0 = MAP_ERROR_SEC_CHECK;
1392 && (error0 == MAP_ERROR_NONE))
1408 map_t.map_domain_index, 1,
1409 clib_net_to_host_u16
1416 to_next, n_left_to_next, pi0,
1425 #define _(sym,string) string, 1433 .name =
"ip6-map-t-fragmented",
1434 .vector_size =
sizeof (
u32),
1453 .name =
"ip6-map-t-icmp",
1454 .vector_size =
sizeof (
u32),
1473 .name =
"ip6-map-t-tcp-udp",
1474 .vector_size =
sizeof (
u32),
1493 .name =
"ip6-map-t",
1494 .vector_size =
sizeof(
u32),
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
#define map_ip4_reass_lock()
static_always_inline u8 ip6_translate_tos(const ip6_header_t *ip6)
static uword ip6_map_t_tcp_udp(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
bad routing header type(not 4)") sr_error (NO_MORE_SEGMENTS
static_always_inline int ip6_parse(const ip6_header_t *ip6, u32 buff_len, u8 *l4_protocol, u16 *l4_offset, u16 *frag_hdr_offset)
static_always_inline int ip6_icmp_to_icmp6_in_place(icmp46_header_t *icmp, u32 icmp_len, i32 *sender_port, ip6_header_t **inner_ip6)
i32 ip6_get_port(ip6_header_t *ip6, map_dir_e dir, u16 buffer_len)
static uword ip6_map_t(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define u16_net_add(u, val)
static_always_inline u32 ip6_map_t_embedded_address(map_domain_t *d, ip6_address_t *addr)
#define static_always_inline
ip_csum_t ip_incremental_checksum(ip_csum_t sum, void *_data, uword n_bytes)
static u8 icmp6_to_icmp_updater_pointer_table[]
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
vlib_combined_counter_main_t * domain_counters
static_always_inline i32 ip6_map_fragment_get(ip6_header_t *ip6, ip6_frag_hdr_t *frag, map_domain_t *d)
#define ip6_frag_hdr_more(hdr)
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
u16 current_length
Nbytes between current data and the end of this buffer.
#define IP4_FRAG_NODE_NAME
static_always_inline u64 map_get_pfx_net(map_domain_t *d, u32 addr, u16 port)
uword os_get_cpu_number(void)
vlib_node_registration_t ip6_map_t_tcp_udp_node
(constructor) VLIB_REGISTER_NODE (ip6_map_t_tcp_udp_node)
static_always_inline int ip6_map_fragment_cache(ip6_header_t *ip6, ip6_frag_hdr_t *frag, map_domain_t *d, u16 port)
static_always_inline u64 map_get_sfx_net(map_domain_t *d, u32 addr, u16 port)
static_always_inline map_domain_t * ip6_map_get_domain(u32 adj_index, ip4_address_t *addr, u32 *map_domain_index, u8 *error)
map_ip4_reass_t * map_ip4_reass_get(u32 src, u32 dst, u16 fragment_id, u8 protocol, u32 **pi_to_drop)
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
vlib_error_t error
Error code for buffers to be enqueued to error handler.
vlib_node_registration_t ip6_map_t_fragmented_node
(constructor) VLIB_REGISTER_NODE (ip6_map_t_fragmented_node)
#define IP4_HEADER_FLAG_MORE_FRAGMENTS
static uword ip6_map_t_icmp(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
#define clib_memcpy(a, b, c)
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
#define foreach_map_error
vlib_node_registration_t ip6_map_t_icmp_node
(constructor) VLIB_REGISTER_NODE (ip6_map_t_icmp_node)
#define ip6_frag_hdr_offset(hdr)
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 cpu_index, u32 index, u32 packet_increment, u32 byte_increment)
Increment a combined counter.
#define u8_ptr_add(ptr, index)
static ip_csum_t ip_csum_sub_even(ip_csum_t c, ip_csum_t x)
#define map_ip4_reass_unlock()
u8 * format_map_trace(u8 *s, va_list *args)
static uword ip6_map_t_fragmented(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static_always_inline u32 map_get_ip4(ip6_address_t *addr)
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
A collection of combined counters.
static char * map_t_error_strings[]
vlib_node_registration_t ip6_map_t_node
(constructor) VLIB_REGISTER_NODE (ip6_map_t_node)
#define VLIB_REGISTER_NODE(x,...)
#define IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS
static_always_inline void ip6_map_t_classify(vlib_buffer_t *p0, ip6_header_t *ip60, map_domain_t *d0, i32 *src_port0, u8 *error0, ip6_mapt_next_t *next0, u32 l4_len0, ip6_frag_hdr_t *frag0)
ip6_mapt_fragmented_next_t
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
static u16 ip4_header_checksum(ip4_header_t *i)
static u16 ip_csum_fold(ip_csum_t c)
static ip_csum_t ip_csum_add_even(ip_csum_t c, ip_csum_t x)