24 #ifdef MAP_SKIP_IP6_LOOKUP 77 return format (s,
"MAP domain index: %d L4 port: %u Status: %s",
79 t->
cached ?
"cached" :
"forwarded");
96 return format (s,
"Offset: %d Fragment length: %d Status: %s", t->
offset,
107 u16 sp4 = clib_net_to_host_u16 (port);
136 ip6) ? MAP_ERROR_NONE :
137 MAP_ERROR_DECAP_SEC_CHECK;
141 *error = MAP_ERROR_BAD_PROTOCOL;
155 #ifdef MAP_SKIP_IP6_LOOKUP 172 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
182 while (n_left_from > 0)
187 while (n_left_from >= 4 && n_left_to_next >= 2)
191 u8 error0 = MAP_ERROR_NONE;
192 u8 error1 = MAP_ERROR_NONE;
196 u16 port0 = 0, port1 = 0;
197 u32 map_domain_index0 = ~0, map_domain_index1 = ~0;
216 pi0 = to_next[0] = from[0];
217 pi1 = to_next[1] = from[1];
243 (ip60->
protocol == IP_PROTOCOL_IP_IN_IP
251 else if (ip60->
protocol == IP_PROTOCOL_ICMP6 &&
253 sizeof (icmp46_header_t))
255 icmp46_header_t *icmp = (
void *) (ip60 + 1);
256 next0 = (icmp->type == ICMP6_echo_request
261 else if (ip60->
protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
267 error0 = MAP_ERROR_BAD_PROTOCOL;
270 (ip61->
protocol == IP_PROTOCOL_IP_IN_IP
278 else if (ip61->
protocol == IP_PROTOCOL_ICMP6 &&
280 sizeof (icmp46_header_t))
282 icmp46_header_t *icmp = (
void *) (ip61 + 1);
283 next1 = (icmp->type == ICMP6_echo_request
288 else if (ip61->
protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
294 error1 = MAP_ERROR_BAD_PROTOCOL;
307 && (clib_host_to_net_u16 (ip40->
length) > d0->
mtu)))
324 map_domain_index0, 1,
339 && (clib_host_to_net_u16 (ip41->
length) > d1->mtu)))
356 map_domain_index1, 1,
376 if (error0 == MAP_ERROR_DECAP_SEC_CHECK && mm->
icmp6_enabled)
381 ICMP6_destination_unreachable_source_address_failed_policy,
390 if (error1 == MAP_ERROR_DECAP_SEC_CHECK && mm->
icmp6_enabled)
395 ICMP6_destination_unreachable_source_address_failed_policy,
413 n_left_to_next, pi0, pi1, next0,
418 while (n_left_from > 0 && n_left_to_next > 0)
422 u8 error0 = MAP_ERROR_NONE;
427 u32 map_domain_index0 = ~0;
430 pi0 = to_next[0] = from[0];
452 (ip60->
protocol == IP_PROTOCOL_IP_IN_IP
460 else if (ip60->
protocol == IP_PROTOCOL_ICMP6 &&
462 sizeof (icmp46_header_t))
464 icmp46_header_t *icmp = (
void *) (ip60 + 1);
465 next0 = (icmp->type == ICMP6_echo_request
470 else if (ip60->
protocol == IP_PROTOCOL_IPV6_FRAGMENTATION &&
471 (((ip6_frag_hdr_t *) (ip60 + 1))->next_hdr ==
472 IP_PROTOCOL_IP_IN_IP))
494 && (clib_host_to_net_u16 (ip40->
length) > d0->
mtu)))
511 map_domain_index0, 1,
525 (error0 == MAP_ERROR_DECAP_SEC_CHECK
526 || error0 == MAP_ERROR_NO_DOMAIN))
531 ICMP6_destination_unreachable_source_address_failed_policy,
546 n_left_to_next, pi0, next0);
558 u32 ** fragments_to_drop)
562 ip6_frag_hdr_t *frag0;
580 frag0 = (ip6_frag_hdr_t *) (ip60 + 1);
589 #ifdef MAP_IP6_REASS_COUNT_BYTES 630 tr->
frag_len = clib_net_to_host_u16 (ip40->
length) -
sizeof (*ip40);
643 u8 protocol = frag0->next_hdr;
644 memmove (
u8_ptr_add (ip40, -
sizeof (*ip60)), ip60,
sizeof (*ip60));
680 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
689 while (n_left_from > 0)
694 while (n_left_from > 0 && n_left_to_next > 0)
698 u8 error0 = MAP_ERROR_NONE;
700 ip6_frag_hdr_t *frag0;
705 pi0 = to_next[0] = from[0];
713 frag0 = (ip6_frag_hdr_t *) (ip60 + 1);
715 clib_host_to_net_u16 (frag0->fragment_offset_and_more) & (~7);
735 frag0->identification, frag0->next_hdr,
741 error0 = MAP_ERROR_FRAGMENT_MEMORY;
748 error0 = MAP_ERROR_FRAGMENT_MALFORMED;
752 (r, pi0, offset, next_offset, (
u8 *) (frag0 + 1), frag_len))
755 error0 = MAP_ERROR_FRAGMENT_MEMORY;
759 #ifdef MAP_IP6_REASS_COUNT_BYTES 765 #ifdef MAP_IP6_REASS_COUNT_BYTES 772 if (error0 == MAP_ERROR_NONE)
785 to_next, n_left_to_next,
802 &error_node->
errors[MAP_ERROR_NONE],
805 &error_node->
errors[MAP_ERROR_FRAGMENT_DROPPED],
820 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
827 u32 *fragments_to_loopback =
NULL;
832 while (n_left_from > 0)
837 while (n_left_from > 0 && n_left_to_next > 0)
841 u8 error0 = MAP_ERROR_NONE;
846 u32 map_domain_index0 = ~0;
850 pi0 = to_next[0] = from[0];
862 &map_domain_index0, &error0);
874 error0 = MAP_ERROR_FRAGMENT_MEMORY;
887 error0 = MAP_ERROR_FRAGMENT_MEMORY;
898 error0 = MAP_ERROR_BAD_PROTOCOL;
909 #ifdef MAP_IP4_REASS_COUNT_BYTES 916 clib_host_to_net_u16 (ip40->
length) - 20;
927 ip60) ? MAP_ERROR_NONE :
928 MAP_ERROR_DECAP_SEC_CHECK;
931 (d0->
mtu && (clib_host_to_net_u16 (ip40->
length) > d0->
mtu)
932 && error0 == MAP_ERROR_NONE && !cached))
957 if (error0 == MAP_ERROR_NONE)
960 map_domain_index0, 1,
968 n_left_to_next, pi0, next0);
972 if (n_left_from == 0 &&
vec_len (fragments_to_loopback))
996 &error_node->
errors[MAP_ERROR_FRAGMENT_DROPPED],
1011 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
1016 u16 *fragment_ids, *fid;
1023 fid = fragment_ids =
1025 n_left_from * sizeof (fragment_ids[0]));
1027 while (n_left_from > 0)
1032 while (n_left_from > 0 && n_left_to_next > 0)
1036 u8 error0 = MAP_ERROR_NONE;
1041 pi0 = to_next[0] = from[0];
1045 n_left_to_next -= 1;
1066 error0 = MAP_ERROR_ICMP_RELAY;
1070 icmp46_header_t *icmp60 = (icmp46_header_t *) (ip60 + 1);
1073 if (inner_ip60->
protocol != IP_PROTOCOL_IP_IN_IP)
1075 error0 = MAP_ERROR_ICMP_RELAY;
1082 icmp46_header_t *new_icmp40 = (icmp46_header_t *) (new_ip40 + 1);
1087 switch (icmp60->type)
1089 case ICMP6_destination_unreachable:
1090 case ICMP6_time_exceeded:
1091 case ICMP6_parameter_problem:
1093 new_icmp40->type = ICMP4_destination_unreachable;
1095 ICMP4_destination_unreachable_destination_unreachable_host;
1098 case ICMP6_packet_too_big:
1101 mtu = clib_net_to_host_u32 (*((
u32 *) (icmp60 + 1)));
1108 error0 = MAP_ERROR_ICMP_RELAY;
1112 new_icmp40->type = ICMP4_destination_unreachable;
1114 ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set;
1115 *((
u32 *) (new_icmp40 + 1)) =
1116 clib_host_to_net_u32 (mtu < 1280 ? 1280 : mtu);
1120 error0 = MAP_ERROR_ICMP_RELAY;
1129 u16 nlen = (tlen - 20) > 576 ? 576 : tlen - 20;
1130 new_ip40->
length = clib_host_to_net_u16 (nlen);
1134 new_ip40->
protocol = IP_PROTOCOL_ICMP;
1139 new_icmp40->checksum = 0;
1158 n_left_to_next, pi0, next0);
1168 #define _(sym,string) string, 1176 .arc_name =
"ip6-unicast",
1177 .node_name =
"ip6-map",
1184 .vector_size =
sizeof(
u32),
1194 #ifdef MAP_SKIP_IP6_LOOKUP 1211 .name =
"ip6-map-ip6-reass",
1212 .vector_size =
sizeof(
u32),
1228 .name =
"ip6-map-ip4-reass",
1229 .vector_size =
sizeof(
u32),
1246 .name =
"ip6-map-icmp-relay",
1247 .vector_size =
sizeof(
u32),
#define map_ip4_reass_lock()
static_always_inline bool ip6_map_sec_check(map_domain_t *d, u16 port, ip4_header_t *ip4, ip6_header_t *ip6)
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 thread_index, u32 index, u64 n_packets, u64 n_bytes)
Increment a combined counter.
static_always_inline u64 map_get_pfx(map_domain_t *d, u32 addr, u16 port)
static void vlib_set_next_frame_buffer(vlib_main_t *vm, vlib_node_runtime_t *node, u32 next_index, u32 buffer_index)
#define clib_memcpy_fast(a, b, c)
dpo_id_t dpo
The Load-balance object index to use to forward.
static void * clib_random_buffer_get_data(clib_random_buffer_t *b, uword n_bytes)
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
static_always_inline map_domain_t * ip4_map_get_domain(ip4_address_t *addr, u32 *map_domain_index, u8 *error)
static void vlib_increment_simple_counter(vlib_simple_counter_main_t *cm, u32 thread_index, u32 index, u64 increment)
Increment a simple counter.
static char * map_error_strings[]
vlib_error_t * errors
Vector of errors for this node.
vlib_node_registration_t ip6_map_ip4_reass_node
(constructor) VLIB_REGISTER_NODE (ip6_map_ip4_reass_node)
static_always_inline void ip6_map_ip6_reass_prepare(vlib_main_t *vm, vlib_node_runtime_t *node, map_ip6_reass_t *r, u32 **fragments_ready, u32 **fragments_to_drop)
vlib_node_registration_t ip6_map_node
(constructor) VLIB_REGISTER_NODE (ip6_map_node)
IPv4 to IPv6 translation.
map_ip6_fragment_t fragments[MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY]
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
static int ip4_is_fragment(const ip4_header_t *i)
#define map_ip6_reass_unlock()
#define static_always_inline
static_always_inline void ip6_map_security_check(map_domain_t *d, ip4_header_t *ip4, ip6_header_t *ip6, u32 *next, u8 *error)
vlib_combined_counter_main_t * domain_counters
ip4_address_t icmp4_src_address
vlib_node_registration_t ip6_map_ip6_reass_node
(constructor) VLIB_REGISTER_NODE (ip6_map_ip6_reass_node)
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
static_always_inline void map_send_all_to_node(vlib_main_t *vm, u32 *pi_vector, vlib_node_runtime_t *node, vlib_error_t *error, u32 next)
vlib_simple_counter_main_t icmp_relayed
int map_ip4_reass_add_fragment(map_ip4_reass_t *r, u32 pi)
u8 * format_ip6_map_ip4_reass_trace(u8 *s, va_list *args)
void icmp6_error_set_vnet_buffer(vlib_buffer_t *b, u8 type, u8 code, u32 data)
static u16 ip4_get_port(ip4_header_t *ip, u8 sender)
Get TCP/UDP port number or ICMP id from IPv4 packet.
#define ip6_frag_hdr_more(hdr)
u16 current_length
Nbytes between current data and the end of this buffer.
VNET_FEATURE_INIT(ip6_map_feature, static)
static int ip4_get_fragment_offset(const ip4_header_t *i)
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
map_ip4_reass_t * map_ip4_reass_get(u32 src, u32 dst, u16 fragment_id, u8 protocol, u32 **pi_to_drop)
vl_api_address_union_t src_address
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
vlib_error_t error
Error code for buffers to be enqueued to error handler.
void map_ip4_drop_pi(u32 pi)
map_main_pre_resolved_t pre_resolved[FIB_PROTOCOL_MAX]
Pre-resolvd per-protocol global next-hops.
void map_ip4_reass_free(map_ip4_reass_t *r, u32 **pi_to_drop)
#define IP4_HEADER_FLAG_MORE_FRAGMENTS
#define VLIB_REGISTER_NODE(x,...)
static_always_inline void map_ip4_reass_get_fragments(map_ip4_reass_t *r, u32 **pi)
#define CLIB_PREFETCH(addr, size, type)
map_ip6_reass_t * map_ip6_reass_get(ip6_address_t *src, ip6_address_t *dst, u32 fragment_id, u8 protocol, u32 **pi_to_drop)
#define vec_free(V)
Free vector's memory (no header).
static_always_inline void vnet_feature_next(u32 *next0, vlib_buffer_t *b0)
static ip_csum_t ip_incremental_checksum(ip_csum_t sum, void *_data, uword n_bytes)
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
static uword ip6_map_icmp_relay(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
static uword ip6_map_ip4_reass(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define foreach_map_error
static int ip4_get_fragment_more(const ip4_header_t *i)
static uword ip6_map(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define ip6_frag_hdr_offset(hdr)
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
static_always_inline bool ip6_map_ip4_lookup_bypass(vlib_buffer_t *p0, ip4_header_t *ip)
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
#define map_ip4_reass_unlock()
static vlib_node_registration_t ip6_map_icmp_relay_node
(constructor) VLIB_REGISTER_NODE (ip6_map_icmp_relay_node)
u8 * format_map_trace(u8 *s, va_list *args)
IPv6 to IPv4 translation.
u8 * format_ip6_map_ip6_reass_trace(u8 *s, va_list *args)
#define u8_ptr_add(ptr, index)
#define VNET_FEATURES(...)
static vlib_main_t * vlib_get_main(void)
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
struct _vlib_node_registration vlib_node_registration_t
static uword ip6_map_ip6_reass(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
index_t dpoi_index
the index of objects of that type
#define FIB_NODE_INDEX_INVALID
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
#define map_ip6_reass_lock()
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
A collection of combined counters.
struct clib_bihash_value offset
template key/value backing page structure
void map_ip6_reass_free(map_ip6_reass_t *r, u32 **pi_to_drop)
#define MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY
#define u16_net_add(u, val)
#define IP4_HEADER_FLAG_DONT_FRAGMENT
static_always_inline u64 map_get_sfx(map_domain_t *d, u32 addr, u16 port)
u32 ip6_reass_buffered_counter
int map_ip6_reass_add_fragment(map_ip6_reass_t *r, u32 pi, u16 data_offset, u16 next_data_offset, u8 *data_start, u16 data_len)
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
static u16 ip4_header_checksum(ip4_header_t *i)
clib_random_buffer_t random_buffer
static u16 ip_csum_fold(ip_csum_t c)
void map_ip6_drop_pi(u32 pi)