FD.io VPP  v19.08.3-2-gbabecb413
Vector Packet Processing
ip6_map.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2015 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #include "map.h"
16 
17 #include <vnet/ip/ip_frag.h>
18 #include <vnet/ip/ip4_to_ip6.h>
19 #include <vnet/ip/ip6_to_ip4.h>
20 
21 enum ip6_map_next_e
22 {
23  IP6_MAP_NEXT_IP4_LOOKUP,
24 #ifdef MAP_SKIP_IP6_LOOKUP
25  IP6_MAP_NEXT_IP4_REWRITE,
26 #endif
27  IP6_MAP_NEXT_IP6_REASS,
28  IP6_MAP_NEXT_IP4_REASS,
29  IP6_MAP_NEXT_IP4_FRAGMENT,
30  IP6_MAP_NEXT_IP6_ICMP_RELAY,
31  IP6_MAP_NEXT_IP6_LOCAL,
32  IP6_MAP_NEXT_DROP,
33  IP6_MAP_NEXT_ICMP,
34  IP6_MAP_N_NEXT,
35 };
36 
37 enum ip6_map_ip6_reass_next_e
38 {
39  IP6_MAP_IP6_REASS_NEXT_IP6_MAP,
40  IP6_MAP_IP6_REASS_NEXT_DROP,
41  IP6_MAP_IP6_REASS_N_NEXT,
42 };
43 
44 enum ip6_map_ip4_reass_next_e
45 {
46  IP6_MAP_IP4_REASS_NEXT_IP4_LOOKUP,
47  IP6_MAP_IP4_REASS_NEXT_IP4_FRAGMENT,
48  IP6_MAP_IP4_REASS_NEXT_DROP,
49  IP6_MAP_IP4_REASS_N_NEXT,
50 };
51 
52 enum ip6_icmp_relay_next_e
53 {
54  IP6_ICMP_RELAY_NEXT_IP4_LOOKUP,
55  IP6_ICMP_RELAY_NEXT_DROP,
56  IP6_ICMP_RELAY_N_NEXT,
57 };
58 
59 vlib_node_registration_t ip6_map_ip4_reass_node;
60 vlib_node_registration_t ip6_map_ip6_reass_node;
61 static vlib_node_registration_t ip6_map_icmp_relay_node;
62 
63 typedef struct
64 {
65  u32 map_domain_index;
66  u16 port;
67  u8 cached;
68 } map_ip6_map_ip4_reass_trace_t;
69 
70 u8 *
71 format_ip6_map_ip4_reass_trace (u8 * s, va_list * args)
72 {
73  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
74  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
75  map_ip6_map_ip4_reass_trace_t *t =
76  va_arg (*args, map_ip6_map_ip4_reass_trace_t *);
77  return format (s, "MAP domain index: %d L4 port: %u Status: %s",
78  t->map_domain_index, t->port,
79  t->cached ? "cached" : "forwarded");
80 }
81 
82 typedef struct
83 {
84  u16 offset;
85  u16 frag_len;
86  u8 out;
87 } map_ip6_map_ip6_reass_trace_t;
88 
89 u8 *
90 format_ip6_map_ip6_reass_trace (u8 * s, va_list * args)
91 {
92  CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
93  CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
94  map_ip6_map_ip6_reass_trace_t *t =
95  va_arg (*args, map_ip6_map_ip6_reass_trace_t *);
96  return format (s, "Offset: %d Fragment length: %d Status: %s", t->offset,
97  t->frag_len, t->out ? "out" : "in");
98 }
99 
100 /*
101  * ip6_map_sec_check
102  */
103 static_always_inline bool
104 ip6_map_sec_check (map_domain_t * d, u16 port, ip4_header_t * ip4,
105  ip6_header_t * ip6)
106 {
107  u16 sp4 = clib_net_to_host_u16 (port);
108  u32 sa4 = clib_net_to_host_u32 (ip4->src_address.as_u32);
109  u64 sal6 = map_get_pfx (d, sa4, sp4);
110  u64 sar6 = map_get_sfx (d, sa4, sp4);
111 
112  if (PREDICT_FALSE
113  (sal6 != clib_net_to_host_u64 (ip6->src_address.as_u64[0])
114  || sar6 != clib_net_to_host_u64 (ip6->src_address.as_u64[1])))
115  return (false);
116  return (true);
117 }
118 
119 static_always_inline void
120 ip6_map_security_check (map_domain_t * d, ip4_header_t * ip4,
121  ip6_header_t * ip6, u32 * next, u8 * error)
122 {
123  map_main_t *mm = &map_main;
124  if (d->ea_bits_len || d->rules)
125  {
126  if (d->psid_length > 0)
127  {
128  if (!ip4_is_fragment (ip4))
129  {
130  u16 port = ip4_get_port (ip4, 1);
131  if (port)
132  {
133  if (mm->sec_check)
134  *error =
135  ip6_map_sec_check (d, port, ip4,
136  ip6) ? MAP_ERROR_NONE :
137  MAP_ERROR_DECAP_SEC_CHECK;
138  }
139  else
140  {
141  *error = MAP_ERROR_BAD_PROTOCOL;
142  }
143  }
144  else
145  {
146  *next = mm->sec_check_frag ? IP6_MAP_NEXT_IP4_REASS : *next;
147  }
148  }
149  }
150 }
151 
152 /*
153  * ip6_map
154  */
155 static uword
156 ip6_map (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
157 {
158  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
159  vlib_node_runtime_t *error_node =
160  vlib_node_get_runtime (vm, ip6_map_node.index);
161  map_main_t *mm = &map_main;
162  vlib_combined_counter_main_t *cm = mm->domain_counters;
163  u32 thread_index = vm->thread_index;
164 
165  from = vlib_frame_vector_args (frame);
166  n_left_from = frame->n_vectors;
167  next_index = node->cached_next_index;
168  while (n_left_from > 0)
169  {
170  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
171 
172  /* Dual loop */
173  while (n_left_from >= 4 && n_left_to_next >= 2)
174  {
175  u32 pi0, pi1;
176  vlib_buffer_t *p0, *p1;
177  u8 error0 = MAP_ERROR_NONE;
178  u8 error1 = MAP_ERROR_NONE;
179  map_domain_t *d0 = 0, *d1 = 0;
180  ip4_header_t *ip40, *ip41;
181  ip6_header_t *ip60, *ip61;
182  u16 port0 = 0, port1 = 0;
183  u32 map_domain_index0 = ~0, map_domain_index1 = ~0;
184  u32 next0 = IP6_MAP_NEXT_IP4_LOOKUP;
185  u32 next1 = IP6_MAP_NEXT_IP4_LOOKUP;
186 
187  /* Prefetch next iteration. */
188  {
189  vlib_buffer_t *p2, *p3;
190 
191  p2 = vlib_get_buffer (vm, from[2]);
192  p3 = vlib_get_buffer (vm, from[3]);
193 
194  vlib_prefetch_buffer_header (p2, LOAD);
195  vlib_prefetch_buffer_header (p3, LOAD);
196 
197  /* IPv6 + IPv4 header + 8 bytes of ULP */
198  CLIB_PREFETCH (p2->data, 68, LOAD);
199  CLIB_PREFETCH (p3->data, 68, LOAD);
200  }
201 
202  pi0 = to_next[0] = from[0];
203  pi1 = to_next[1] = from[1];
204  from += 2;
205  n_left_from -= 2;
206  to_next += 2;
207  n_left_to_next -= 2;
208 
209  p0 = vlib_get_buffer (vm, pi0);
210  p1 = vlib_get_buffer (vm, pi1);
211  ip60 = vlib_buffer_get_current (p0);
212  ip61 = vlib_buffer_get_current (p1);
213  vlib_buffer_advance (p0, sizeof (ip6_header_t));
214  vlib_buffer_advance (p1, sizeof (ip6_header_t));
215  ip40 = vlib_buffer_get_current (p0);
216  ip41 = vlib_buffer_get_current (p1);
217 
218  /*
219  * Encapsulated IPv4 packet
220  * - IPv4 fragmented -> Pass to virtual reassembly unless security check disabled
221  * - Lookup/Rewrite or Fragment node in case of packet > MTU
222  * Fragmented IPv6 packet
223  * ICMP IPv6 packet
224  * - Error -> Pass to ICMPv6/ICMPv4 relay
225  * - Info -> Pass to IPv6 local
226  * Anything else -> drop
227  */
228  if (PREDICT_TRUE
229  (ip60->protocol == IP_PROTOCOL_IP_IN_IP
230  && clib_net_to_host_u16 (ip60->payload_length) > 20))
231  {
232  d0 =
233  ip4_map_get_domain ((ip4_address_t *) & ip40->
234  src_address.as_u32, &map_domain_index0,
235  &error0);
236  }
237  else if (ip60->protocol == IP_PROTOCOL_ICMP6 &&
238  clib_net_to_host_u16 (ip60->payload_length) >
239  sizeof (icmp46_header_t))
240  {
241  icmp46_header_t *icmp = (void *) (ip60 + 1);
242  next0 = (icmp->type == ICMP6_echo_request
243  || icmp->type ==
244  ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
245  IP6_MAP_NEXT_IP6_ICMP_RELAY;
246  }
247  else if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
248  {
249  next0 = IP6_MAP_NEXT_IP6_REASS;
250  }
251  else
252  {
253  error0 = MAP_ERROR_BAD_PROTOCOL;
254  }
255  if (PREDICT_TRUE
256  (ip61->protocol == IP_PROTOCOL_IP_IN_IP
257  && clib_net_to_host_u16 (ip61->payload_length) > 20))
258  {
259  d1 =
260  ip4_map_get_domain ((ip4_address_t *) & ip41->
261  src_address.as_u32, &map_domain_index1,
262  &error1);
263  }
264  else if (ip61->protocol == IP_PROTOCOL_ICMP6 &&
265  clib_net_to_host_u16 (ip61->payload_length) >
266  sizeof (icmp46_header_t))
267  {
268  icmp46_header_t *icmp = (void *) (ip61 + 1);
269  next1 = (icmp->type == ICMP6_echo_request
270  || icmp->type ==
271  ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
272  IP6_MAP_NEXT_IP6_ICMP_RELAY;
273  }
274  else if (ip61->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
275  {
276  next1 = IP6_MAP_NEXT_IP6_REASS;
277  }
278  else
279  {
280  error1 = MAP_ERROR_BAD_PROTOCOL;
281  }
282 
283  if (d0)
284  {
285  /* MAP inbound security check */
286  ip6_map_security_check (d0, ip40, ip60, &next0, &error0);
287 
288  if (PREDICT_TRUE (error0 == MAP_ERROR_NONE &&
289  next0 == IP6_MAP_NEXT_IP4_LOOKUP))
290  {
291  if (PREDICT_FALSE
292  (d0->mtu
293  && (clib_host_to_net_u16 (ip40->length) > d0->mtu)))
294  {
295  vnet_buffer (p0)->ip_frag.flags = 0;
296  vnet_buffer (p0)->ip_frag.next_index =
297  IP4_FRAG_NEXT_IP4_LOOKUP;
298  vnet_buffer (p0)->ip_frag.mtu = d0->mtu;
299  next0 = IP6_MAP_NEXT_IP4_FRAGMENT;
300  }
301  else
302  {
303  next0 =
304  ip6_map_ip4_lookup_bypass (p0,
305  ip40) ?
306  IP6_MAP_NEXT_IP4_REWRITE : next0;
307  }
308  vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_RX,
309  thread_index,
310  map_domain_index0, 1,
311  clib_net_to_host_u16
312  (ip40->length));
313  }
314  }
315  if (d1)
316  {
317  /* MAP inbound security check */
318  ip6_map_security_check (d1, ip41, ip61, &next1, &error1);
319 
320  if (PREDICT_TRUE (error1 == MAP_ERROR_NONE &&
321  next1 == IP6_MAP_NEXT_IP4_LOOKUP))
322  {
323  if (PREDICT_FALSE
324  (d1->mtu
325  && (clib_host_to_net_u16 (ip41->length) > d1->mtu)))
326  {
327  vnet_buffer (p1)->ip_frag.flags = 0;
328  vnet_buffer (p1)->ip_frag.next_index =
329  IP4_FRAG_NEXT_IP4_LOOKUP;
330  vnet_buffer (p1)->ip_frag.mtu = d1->mtu;
331  next1 = IP6_MAP_NEXT_IP4_FRAGMENT;
332  }
333  else
334  {
335  next1 =
336  ip6_map_ip4_lookup_bypass (p1,
337  ip41) ?
338  IP6_MAP_NEXT_IP4_REWRITE : next1;
339  }
340  vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_RX,
341  thread_index,
342  map_domain_index1, 1,
343  clib_net_to_host_u16
344  (ip41->length));
345  }
346  }
347 
348  if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
349  {
350  map_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr));
351  tr->map_domain_index = map_domain_index0;
352  tr->port = port0;
353  }
354 
355  if (PREDICT_FALSE (p1->flags & VLIB_BUFFER_IS_TRACED))
356  {
357  map_trace_t *tr = vlib_add_trace (vm, node, p1, sizeof (*tr));
358  tr->map_domain_index = map_domain_index1;
359  tr->port = port1;
360  }
361 
362  if (error0 == MAP_ERROR_DECAP_SEC_CHECK && mm->icmp6_enabled)
363  {
364  /* Set ICMP parameters */
365  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
366  icmp6_error_set_vnet_buffer (p0, ICMP6_destination_unreachable,
367  ICMP6_destination_unreachable_source_address_failed_policy,
368  0);
369  next0 = IP6_MAP_NEXT_ICMP;
370  }
371  else
372  {
373  next0 = (error0 == MAP_ERROR_NONE) ? next0 : IP6_MAP_NEXT_DROP;
374  }
375 
376  if (error1 == MAP_ERROR_DECAP_SEC_CHECK && mm->icmp6_enabled)
377  {
378  /* Set ICMP parameters */
379  vlib_buffer_advance (p1, -sizeof (ip6_header_t));
380  icmp6_error_set_vnet_buffer (p1, ICMP6_destination_unreachable,
381  ICMP6_destination_unreachable_source_address_failed_policy,
382  0);
383  next1 = IP6_MAP_NEXT_ICMP;
384  }
385  else
386  {
387  next1 = (error1 == MAP_ERROR_NONE) ? next1 : IP6_MAP_NEXT_DROP;
388  }
389 
390  /* Reset packet */
391  if (next0 == IP6_MAP_NEXT_IP6_LOCAL)
392  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
393  if (next1 == IP6_MAP_NEXT_IP6_LOCAL)
394  vlib_buffer_advance (p1, -sizeof (ip6_header_t));
395 
396  p0->error = error_node->errors[error0];
397  p1->error = error_node->errors[error1];
398  vlib_validate_buffer_enqueue_x2 (vm, node, next_index, to_next,
399  n_left_to_next, pi0, pi1, next0,
400  next1);
401  }
402 
403  /* Single loop */
404  while (n_left_from > 0 && n_left_to_next > 0)
405  {
406  u32 pi0;
407  vlib_buffer_t *p0;
408  u8 error0 = MAP_ERROR_NONE;
409  map_domain_t *d0 = 0;
410  ip4_header_t *ip40;
411  ip6_header_t *ip60;
412  i32 port0 = 0;
413  u32 map_domain_index0 = ~0;
414  u32 next0 = IP6_MAP_NEXT_IP4_LOOKUP;
415 
416  pi0 = to_next[0] = from[0];
417  from += 1;
418  n_left_from -= 1;
419  to_next += 1;
420  n_left_to_next -= 1;
421 
422  p0 = vlib_get_buffer (vm, pi0);
423  ip60 = vlib_buffer_get_current (p0);
424  vlib_buffer_advance (p0, sizeof (ip6_header_t));
425  ip40 = vlib_buffer_get_current (p0);
426 
427  /*
428  * Encapsulated IPv4 packet
429  * - IPv4 fragmented -> Pass to virtual reassembly unless security check disabled
430  * - Lookup/Rewrite or Fragment node in case of packet > MTU
431  * Fragmented IPv6 packet
432  * ICMP IPv6 packet
433  * - Error -> Pass to ICMPv6/ICMPv4 relay
434  * - Info -> Pass to IPv6 local
435  * Anything else -> drop
436  */
437  if (PREDICT_TRUE
438  (ip60->protocol == IP_PROTOCOL_IP_IN_IP
439  && clib_net_to_host_u16 (ip60->payload_length) > 20))
440  {
441  d0 =
442  ip4_map_get_domain ((ip4_address_t *) & ip40->
443  src_address.as_u32, &map_domain_index0,
444  &error0);
445  }
446  else if (ip60->protocol == IP_PROTOCOL_ICMP6 &&
447  clib_net_to_host_u16 (ip60->payload_length) >
448  sizeof (icmp46_header_t))
449  {
450  icmp46_header_t *icmp = (void *) (ip60 + 1);
451  next0 = (icmp->type == ICMP6_echo_request
452  || icmp->type ==
453  ICMP6_echo_reply) ? IP6_MAP_NEXT_IP6_LOCAL :
454  IP6_MAP_NEXT_IP6_ICMP_RELAY;
455  }
456  else if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION &&
457  (((ip6_frag_hdr_t *) (ip60 + 1))->next_hdr ==
458  IP_PROTOCOL_IP_IN_IP))
459  {
460  next0 = IP6_MAP_NEXT_IP6_REASS;
461  }
462  else
463  {
464  /* XXX: Move get_domain to ip6_get_domain lookup on source */
465  //error0 = MAP_ERROR_BAD_PROTOCOL;
466  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
467  vnet_feature_next (&next0, p0);
468  }
469 
470  if (d0)
471  {
472  /* MAP inbound security check */
473  ip6_map_security_check (d0, ip40, ip60, &next0, &error0);
474 
475  if (PREDICT_TRUE (error0 == MAP_ERROR_NONE &&
476  next0 == IP6_MAP_NEXT_IP4_LOOKUP))
477  {
478  if (PREDICT_FALSE
479  (d0->mtu
480  && (clib_host_to_net_u16 (ip40->length) > d0->mtu)))
481  {
482  vnet_buffer (p0)->ip_frag.flags = 0;
483  vnet_buffer (p0)->ip_frag.next_index =
484  IP4_FRAG_NEXT_IP4_LOOKUP;
485  vnet_buffer (p0)->ip_frag.mtu = d0->mtu;
486  next0 = IP6_MAP_NEXT_IP4_FRAGMENT;
487  }
488  else
489  {
490  next0 =
491  ip6_map_ip4_lookup_bypass (p0,
492  ip40) ?
493  IP6_MAP_NEXT_IP4_REWRITE : next0;
494  }
495  vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_RX,
496  thread_index,
497  map_domain_index0, 1,
498  clib_net_to_host_u16
499  (ip40->length));
500  }
501  }
502 
503  if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
504  {
505  map_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr));
506  tr->map_domain_index = map_domain_index0;
507  tr->port = (u16) port0;
508  }
509 
510  if (mm->icmp6_enabled &&
511  (error0 == MAP_ERROR_DECAP_SEC_CHECK
512  || error0 == MAP_ERROR_NO_DOMAIN))
513  {
514  /* Set ICMP parameters */
515  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
516  icmp6_error_set_vnet_buffer (p0, ICMP6_destination_unreachable,
517  ICMP6_destination_unreachable_source_address_failed_policy,
518  0);
519  next0 = IP6_MAP_NEXT_ICMP;
520  }
521  else
522  {
523  next0 = (error0 == MAP_ERROR_NONE) ? next0 : IP6_MAP_NEXT_DROP;
524  }
525 
526  /* Reset packet */
527  if (next0 == IP6_MAP_NEXT_IP6_LOCAL)
528  vlib_buffer_advance (p0, -sizeof (ip6_header_t));
529 
530  p0->error = error_node->errors[error0];
531  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
532  n_left_to_next, pi0, next0);
533  }
534  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
535  }
536 
537  return frame->n_vectors;
538 }
539 
540 
541 static_always_inline void
542 ip6_map_ip6_reass_prepare (vlib_main_t * vm, vlib_node_runtime_t * node,
543  map_ip6_reass_t * r, u32 ** fragments_ready,
544  u32 ** fragments_to_drop)
545 {
546  ip4_header_t *ip40;
547  ip6_header_t *ip60;
548  ip6_frag_hdr_t *frag0;
549  vlib_buffer_t *p0;
550 
551  if (!r->ip4_header.ip_version_and_header_length)
552  return;
553 
554  //The IP header is here, we need to check for packets
555  //that can be forwarded
556  int i;
557  for (i = 0; i < MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY; i++)
558  {
559  if (r->fragments[i].pi == ~0 ||
560  ((!r->fragments[i].next_data_len)
561  && (r->fragments[i].next_data_offset != (0xffff))))
562  continue;
563 
564  p0 = vlib_get_buffer (vm, r->fragments[i].pi);
565  ip60 = vlib_buffer_get_current (p0);
566  frag0 = (ip6_frag_hdr_t *) (ip60 + 1);
567  ip40 = (ip4_header_t *) (frag0 + 1);
568 
569  if (ip6_frag_hdr_offset (frag0))
570  {
571  //Not first fragment, add the IPv4 header
572  clib_memcpy_fast (ip40, &r->ip4_header, 20);
573  }
574 
575 #ifdef MAP_IP6_REASS_COUNT_BYTES
576  r->forwarded +=
577  clib_net_to_host_u16 (ip60->payload_length) - sizeof (*frag0);
578 #endif
579 
580  if (ip6_frag_hdr_more (frag0))
581  {
582  //Not last fragment, we copy end of next
583  clib_memcpy_fast (u8_ptr_add (ip60, p0->current_length),
584  r->fragments[i].next_data, 20);
585  p0->current_length += 20;
586  ip60->payload_length = u16_net_add (ip60->payload_length, 20);
587  }
588 
589  if (!ip4_is_fragment (ip40))
590  {
591  ip40->fragment_id = frag_id_6to4 (frag0->identification);
592  ip40->flags_and_fragment_offset =
593  clib_host_to_net_u16 (ip6_frag_hdr_offset (frag0));
594  }
595  else
596  {
597  ip40->flags_and_fragment_offset =
598  clib_host_to_net_u16 (ip4_get_fragment_offset (ip40) +
599  ip6_frag_hdr_offset (frag0));
600  }
601 
602  if (ip6_frag_hdr_more (frag0))
603  ip40->flags_and_fragment_offset |=
604  clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
605 
606  ip40->length =
607  clib_host_to_net_u16 (p0->current_length - sizeof (*ip60) -
608  sizeof (*frag0));
609  ip40->checksum = ip4_header_checksum (ip40);
610 
611  if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
612  {
613  map_ip6_map_ip6_reass_trace_t *tr =
614  vlib_add_trace (vm, node, p0, sizeof (*tr));
615  tr->offset = ip4_get_fragment_offset (ip40);
616  tr->frag_len = clib_net_to_host_u16 (ip40->length) - sizeof (*ip40);
617  tr->out = 1;
618  }
619 
620  vec_add1 (*fragments_ready, r->fragments[i].pi);
621  r->fragments[i].pi = ~0;
622  r->fragments[i].next_data_len = 0;
623  r->fragments[i].next_data_offset = 0;
624  map_main.ip6_reass_buffered_counter--;
625 
626  //TODO: Best solution would be that ip6_map handles extension headers
627  // and ignores atomic fragment. But in the meantime, let's just copy the header.
628 
629  u8 protocol = frag0->next_hdr;
630  memmove (u8_ptr_add (ip40, -sizeof (*ip60)), ip60, sizeof (*ip60));
631  ((ip6_header_t *) u8_ptr_add (ip40, -sizeof (*ip60)))->protocol =
632  protocol;
633  vlib_buffer_advance (p0, sizeof (*frag0));
634  }
635 }
636 
637 void
638 map_ip6_drop_pi (u32 pi)
639 {
640  vlib_main_t *vm = vlib_get_main ();
641  vlib_node_runtime_t *n =
642  vlib_node_get_runtime (vm, ip6_map_ip6_reass_node.index);
643  vlib_set_next_frame_buffer (vm, n, IP6_MAP_IP6_REASS_NEXT_DROP, pi);
644 }
645 
646 void
647 map_ip4_drop_pi (u32 pi)
648 {
649  vlib_main_t *vm = vlib_get_main ();
650  vlib_node_runtime_t *n =
651  vlib_node_get_runtime (vm, ip6_map_ip4_reass_node.index);
652  vlib_set_next_frame_buffer (vm, n, IP6_MAP_IP4_REASS_NEXT_DROP, pi);
653 }
654 
655 /*
656  * ip6_reass
657  * TODO: We should count the number of successfully
658  * transmitted fragment bytes and compare that to the last fragment
659  * offset such that we can free the reassembly structure when all fragments
660  * have been forwarded.
661  */
662 static uword
663 ip6_map_ip6_reass (vlib_main_t * vm,
664  vlib_node_runtime_t * node, vlib_frame_t * frame)
665 {
666  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
667  vlib_node_runtime_t *error_node =
668  vlib_node_get_runtime (vm, ip6_map_ip6_reass_node.index);
669  u32 *fragments_to_drop = NULL;
670  u32 *fragments_ready = NULL;
671 
672  from = vlib_frame_vector_args (frame);
673  n_left_from = frame->n_vectors;
674  next_index = node->cached_next_index;
675  while (n_left_from > 0)
676  {
677  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
678 
679  /* Single loop */
680  while (n_left_from > 0 && n_left_to_next > 0)
681  {
682  u32 pi0;
683  vlib_buffer_t *p0;
684  u8 error0 = MAP_ERROR_NONE;
685  ip6_header_t *ip60;
686  ip6_frag_hdr_t *frag0;
687  u16 offset;
688  u16 next_offset;
689  u16 frag_len;
690 
691  pi0 = to_next[0] = from[0];
692  from += 1;
693  n_left_from -= 1;
694  to_next += 1;
695  n_left_to_next -= 1;
696 
697  p0 = vlib_get_buffer (vm, pi0);
698  ip60 = vlib_buffer_get_current (p0);
699  frag0 = (ip6_frag_hdr_t *) (ip60 + 1);
700  offset =
701  clib_host_to_net_u16 (frag0->fragment_offset_and_more) & (~7);
702  frag_len =
703  clib_net_to_host_u16 (ip60->payload_length) - sizeof (*frag0);
704  next_offset =
705  ip6_frag_hdr_more (frag0) ? (offset + frag_len) : (0xffff);
706 
707  //FIXME: Support other extension headers, maybe
708 
709  if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
710  {
711  map_ip6_map_ip6_reass_trace_t *tr =
712  vlib_add_trace (vm, node, p0, sizeof (*tr));
713  tr->offset = offset;
714  tr->frag_len = frag_len;
715  tr->out = 0;
716  }
717 
718  map_ip6_reass_lock ();
719  map_ip6_reass_t *r =
720  map_ip6_reass_get (&ip60->src_address, &ip60->dst_address,
721  frag0->identification, frag0->next_hdr,
722  &fragments_to_drop);
723  //FIXME: Use better error codes
724  if (PREDICT_FALSE (!r))
725  {
726  // Could not create a caching entry
727  error0 = MAP_ERROR_FRAGMENT_MEMORY;
728  }
729  else if (PREDICT_FALSE ((frag_len <= 20 &&
730  (ip6_frag_hdr_more (frag0) || (!offset)))))
731  {
732  //Very small fragment are restricted to the last one and
733  //can't be the first one
734  error0 = MAP_ERROR_FRAGMENT_MALFORMED;
735  }
736  else
737  if (map_ip6_reass_add_fragment
738  (r, pi0, offset, next_offset, (u8 *) (frag0 + 1), frag_len))
739  {
740  map_ip6_reass_free (r, &fragments_to_drop);
741  error0 = MAP_ERROR_FRAGMENT_MEMORY;
742  }
743  else
744  {
745 #ifdef MAP_IP6_REASS_COUNT_BYTES
746  if (!ip6_frag_hdr_more (frag0))
747  r->expected_total = offset + frag_len;
748 #endif
749  ip6_map_ip6_reass_prepare (vm, node, r, &fragments_ready,
750  &fragments_to_drop);
751 #ifdef MAP_IP6_REASS_COUNT_BYTES
752  if (r->forwarded >= r->expected_total)
753  map_ip6_reass_free (r, &fragments_to_drop);
754 #endif
755  }
756  map_ip6_reass_unlock ();
757 
758  if (error0 == MAP_ERROR_NONE)
759  {
760  if (frag_len > 20)
761  {
762  //Dequeue the packet
763  n_left_to_next++;
764  to_next--;
765  }
766  else
767  {
768  //All data from that packet was copied no need to keep it, but this is not an error
769  p0->error = error_node->errors[MAP_ERROR_NONE];
770  vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
771  to_next, n_left_to_next,
772  pi0,
773  IP6_MAP_IP6_REASS_NEXT_DROP);
774  }
775  }
776  else
777  {
778  p0->error = error_node->errors[error0];
779  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
780  n_left_to_next, pi0,
781  IP6_MAP_IP6_REASS_NEXT_DROP);
782  }
783  }
784  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
785  }
786 
787  map_send_all_to_node (vm, fragments_ready, node,
788  &error_node->errors[MAP_ERROR_NONE],
789  IP6_MAP_IP6_REASS_NEXT_IP6_MAP);
790  map_send_all_to_node (vm, fragments_to_drop, node,
791  &error_node->errors[MAP_ERROR_FRAGMENT_DROPPED],
792  IP6_MAP_IP6_REASS_NEXT_DROP);
793 
794  vec_free (fragments_to_drop);
795  vec_free (fragments_ready);
796  return frame->n_vectors;
797 }
798 
799 /*
800  * ip6_map_ip4_reass
801  */
802 static uword
803 ip6_map_ip4_reass (vlib_main_t * vm,
804  vlib_node_runtime_t * node, vlib_frame_t * frame)
805 {
806  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
807  vlib_node_runtime_t *error_node =
808  vlib_node_get_runtime (vm, ip6_map_ip4_reass_node.index);
809  map_main_t *mm = &map_main;
810  vlib_combined_counter_main_t *cm = mm->domain_counters;
811  u32 thread_index = vm->thread_index;
812  u32 *fragments_to_drop = NULL;
813  u32 *fragments_to_loopback = NULL;
814 
815  from = vlib_frame_vector_args (frame);
816  n_left_from = frame->n_vectors;
817  next_index = node->cached_next_index;
818  while (n_left_from > 0)
819  {
820  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
821 
822  /* Single loop */
823  while (n_left_from > 0 && n_left_to_next > 0)
824  {
825  u32 pi0;
826  vlib_buffer_t *p0;
827  u8 error0 = MAP_ERROR_NONE;
828  map_domain_t *d0;
829  ip4_header_t *ip40;
830  ip6_header_t *ip60;
831  i32 port0 = 0;
832  u32 map_domain_index0 = ~0;
833  u32 next0 = IP6_MAP_IP4_REASS_NEXT_IP4_LOOKUP;
834  u8 cached = 0;
835 
836  pi0 = to_next[0] = from[0];
837  from += 1;
838  n_left_from -= 1;
839  to_next += 1;
840  n_left_to_next -= 1;
841 
842  p0 = vlib_get_buffer (vm, pi0);
843  ip40 = vlib_buffer_get_current (p0);
844  ip60 = ((ip6_header_t *) ip40) - 1;
845 
846  d0 =
847  ip4_map_get_domain ((ip4_address_t *) & ip40->src_address.as_u32,
848  &map_domain_index0, &error0);
849 
850  map_ip4_reass_lock ();
851  //This node only deals with fragmented ip4
852  map_ip4_reass_t *r = map_ip4_reass_get (ip40->src_address.as_u32,
853  ip40->dst_address.as_u32,
854  ip40->fragment_id,
855  ip40->protocol,
856  &fragments_to_drop);
857  if (PREDICT_FALSE (!r))
858  {
859  // Could not create a caching entry
860  error0 = MAP_ERROR_FRAGMENT_MEMORY;
861  }
862  else if (PREDICT_TRUE (ip4_get_fragment_offset (ip40)))
863  {
864  // This is a fragment
865  if (r->port >= 0)
866  {
867  // We know the port already
868  port0 = r->port;
869  }
870  else if (map_ip4_reass_add_fragment (r, pi0))
871  {
872  // Not enough space for caching
873  error0 = MAP_ERROR_FRAGMENT_MEMORY;
874  map_ip4_reass_free (r, &fragments_to_drop);
875  }
876  else
877  {
878  cached = 1;
879  }
880  }
881  else if ((port0 = ip4_get_port (ip40, 1)) == 0)
882  {
883  // Could not find port from first fragment. Stop reassembling.
884  error0 = MAP_ERROR_BAD_PROTOCOL;
885  port0 = 0;
886  map_ip4_reass_free (r, &fragments_to_drop);
887  }
888  else
889  {
890  // Found port. Remember it and loopback saved fragments
891  r->port = port0;
892  map_ip4_reass_get_fragments (r, &fragments_to_loopback);
893  }
894 
895 #ifdef MAP_IP4_REASS_COUNT_BYTES
896  if (!cached && r)
897  {
898  r->forwarded += clib_host_to_net_u16 (ip40->length) - 20;
899  if (!ip4_get_fragment_more (ip40))
900  r->expected_total =
901  ip4_get_fragment_offset (ip40) * 8 +
902  clib_host_to_net_u16 (ip40->length) - 20;
903  if (r->forwarded >= r->expected_total)
904  map_ip4_reass_free (r, &fragments_to_drop);
905  }
906 #endif
907 
908  map_ip4_reass_unlock ();
909 
910  if (PREDICT_TRUE (error0 == MAP_ERROR_NONE))
911  error0 =
912  ip6_map_sec_check (d0, port0, ip40,
913  ip60) ? MAP_ERROR_NONE :
914  MAP_ERROR_DECAP_SEC_CHECK;
915 
916  if (PREDICT_FALSE
917  (d0->mtu && (clib_host_to_net_u16 (ip40->length) > d0->mtu)
918  && error0 == MAP_ERROR_NONE && !cached))
919  {
920  vnet_buffer (p0)->ip_frag.flags = 0;
921  vnet_buffer (p0)->ip_frag.next_index = IP4_FRAG_NEXT_IP4_LOOKUP;
922  vnet_buffer (p0)->ip_frag.mtu = d0->mtu;
923  next0 = IP6_MAP_IP4_REASS_NEXT_IP4_FRAGMENT;
924  }
925 
926  if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
927  {
928  map_ip6_map_ip4_reass_trace_t *tr =
929  vlib_add_trace (vm, node, p0, sizeof (*tr));
930  tr->map_domain_index = map_domain_index0;
931  tr->port = port0;
932  tr->cached = cached;
933  }
934 
935  if (cached)
936  {
937  //Dequeue the packet
938  n_left_to_next++;
939  to_next--;
940  }
941  else
942  {
943  if (error0 == MAP_ERROR_NONE)
944  vlib_increment_combined_counter (cm + MAP_DOMAIN_COUNTER_RX,
945  thread_index,
946  map_domain_index0, 1,
947  clib_net_to_host_u16
948  (ip40->length));
949  next0 =
950  (error0 ==
951  MAP_ERROR_NONE) ? next0 : IP6_MAP_IP4_REASS_NEXT_DROP;
952  p0->error = error_node->errors[error0];
953  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
954  n_left_to_next, pi0, next0);
955  }
956 
957  //Loopback when we reach the end of the inpu vector
958  if (n_left_from == 0 && vec_len (fragments_to_loopback))
959  {
960  from = vlib_frame_vector_args (frame);
961  u32 len = vec_len (fragments_to_loopback);
962  if (len <= VLIB_FRAME_SIZE)
963  {
964  clib_memcpy_fast (from, fragments_to_loopback,
965  sizeof (u32) * len);
966  n_left_from = len;
967  vec_reset_length (fragments_to_loopback);
968  }
969  else
970  {
971  clib_memcpy_fast (from, fragments_to_loopback +
972  (len - VLIB_FRAME_SIZE),
973  sizeof (u32) * VLIB_FRAME_SIZE);
974  n_left_from = VLIB_FRAME_SIZE;
975  _vec_len (fragments_to_loopback) = len - VLIB_FRAME_SIZE;
976  }
977  }
978  }
979  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
980  }
981  map_send_all_to_node (vm, fragments_to_drop, node,
982  &error_node->errors[MAP_ERROR_FRAGMENT_DROPPED],
983  IP6_MAP_IP4_REASS_NEXT_DROP);
984 
985  vec_free (fragments_to_drop);
986  vec_free (fragments_to_loopback);
987  return frame->n_vectors;
988 }
989 
990 /*
991  * ip6_icmp_relay
992  */
993 static uword
994 ip6_map_icmp_relay (vlib_main_t * vm,
995  vlib_node_runtime_t * node, vlib_frame_t * frame)
996 {
997  u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
998  vlib_node_runtime_t *error_node =
999  vlib_node_get_runtime (vm, ip6_map_icmp_relay_node.index);
1000  map_main_t *mm = &map_main;
1001  u32 thread_index = vm->thread_index;
1002  u16 *fragment_ids, *fid;
1003 
1004  from = vlib_frame_vector_args (frame);
1005  n_left_from = frame->n_vectors;
1006  next_index = node->cached_next_index;
1007 
1008  /* Get random fragment IDs for replies. */
1009  fid = fragment_ids =
1010  clib_random_buffer_get_data (&vm->random_buffer,
1011  n_left_from * sizeof (fragment_ids[0]));
1012 
1013  while (n_left_from > 0)
1014  {
1015  vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1016 
1017  /* Single loop */
1018  while (n_left_from > 0 && n_left_to_next > 0)
1019  {
1020  u32 pi0;
1021  vlib_buffer_t *p0;
1022  u8 error0 = MAP_ERROR_NONE;
1023  ip6_header_t *ip60;
1024  u32 next0 = IP6_ICMP_RELAY_NEXT_IP4_LOOKUP;
1025  u32 mtu;
1026 
1027  pi0 = to_next[0] = from[0];
1028  from += 1;
1029  n_left_from -= 1;
1030  to_next += 1;
1031  n_left_to_next -= 1;
1032 
1033  p0 = vlib_get_buffer (vm, pi0);
1034  ip60 = vlib_buffer_get_current (p0);
1035  u16 tlen = clib_net_to_host_u16 (ip60->payload_length);
1036 
1037  /*
1038  * In:
1039  * IPv6 header (40)
1040  * ICMPv6 header (8)
1041  * IPv6 header (40)
1042  * Original IPv4 header / packet
1043  * Out:
1044  * New IPv4 header
1045  * New ICMP header
1046  * Original IPv4 header / packet
1047  */
1048 
1049  /* Need at least ICMP(8) + IPv6(40) + IPv4(20) + L4 header(8) */
1050  if (tlen < 76)
1051  {
1052  error0 = MAP_ERROR_ICMP_RELAY;
1053  goto error;
1054  }
1055 
1056  icmp46_header_t *icmp60 = (icmp46_header_t *) (ip60 + 1);
1057  ip6_header_t *inner_ip60 = (ip6_header_t *) (icmp60 + 2);
1058 
1059  if (inner_ip60->protocol != IP_PROTOCOL_IP_IN_IP)
1060  {
1061  error0 = MAP_ERROR_ICMP_RELAY;
1062  goto error;
1063  }
1064 
1065  ip4_header_t *inner_ip40 = (ip4_header_t *) (inner_ip60 + 1);
1066  vlib_buffer_advance (p0, 60); /* sizeof ( IPv6 + ICMP + IPv6 - IPv4 - ICMP ) */
1067  ip4_header_t *new_ip40 = vlib_buffer_get_current (p0);
1068  icmp46_header_t *new_icmp40 = (icmp46_header_t *) (new_ip40 + 1);
1069 
1070  /*
1071  * Relay according to RFC2473, section 8.3
1072  */
1073  switch (icmp60->type)
1074  {
1075  case ICMP6_destination_unreachable:
1076  case ICMP6_time_exceeded:
1077  case ICMP6_parameter_problem:
1078  /* Type 3 - destination unreachable, Code 1 - host unreachable */
1079  new_icmp40->type = ICMP4_destination_unreachable;
1080  new_icmp40->code =
1081  ICMP4_destination_unreachable_destination_unreachable_host;
1082  break;
1083 
1084  case ICMP6_packet_too_big:
1085  /* Type 3 - destination unreachable, Code 4 - packet too big */
1086  /* Potential TODO: Adjust domain tunnel MTU based on the value received here */
1087  mtu = clib_net_to_host_u32 (*((u32 *) (icmp60 + 1)));
1088 
1089  /* Check DF flag */
1090  if (!
1091  (inner_ip40->flags_and_fragment_offset &
1092  clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT)))
1093  {
1094  error0 = MAP_ERROR_ICMP_RELAY;
1095  goto error;
1096  }
1097 
1098  new_icmp40->type = ICMP4_destination_unreachable;
1099  new_icmp40->code =
1100  ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set;
1101  *((u32 *) (new_icmp40 + 1)) =
1102  clib_host_to_net_u32 (mtu < 1280 ? 1280 : mtu);
1103  break;
1104 
1105  default:
1106  error0 = MAP_ERROR_ICMP_RELAY;
1107  break;
1108  }
1109 
1110  /*
1111  * Ensure the total ICMP packet is no longer than 576 bytes (RFC1812)
1112  */
1113  new_ip40->ip_version_and_header_length = 0x45;
1114  new_ip40->tos = 0;
1115  u16 nlen = (tlen - 20) > 576 ? 576 : tlen - 20;
1116  new_ip40->length = clib_host_to_net_u16 (nlen);
1117  new_ip40->fragment_id = fid[0];
1118  fid++;
1119  new_ip40->ttl = 64;
1120  new_ip40->protocol = IP_PROTOCOL_ICMP;
1121  new_ip40->src_address = mm->icmp4_src_address;
1122  new_ip40->dst_address = inner_ip40->src_address;
1123  new_ip40->checksum = ip4_header_checksum (new_ip40);
1124 
1125  new_icmp40->checksum = 0;
1126  ip_csum_t sum = ip_incremental_checksum (0, new_icmp40, nlen - 20);
1127  new_icmp40->checksum = ~ip_csum_fold (sum);
1128 
1129  vlib_increment_simple_counter (&mm->icmp_relayed, thread_index, 0,
1130  1);
1131 
1132  error:
1133  if (PREDICT_FALSE (p0->flags & VLIB_BUFFER_IS_TRACED))
1134  {
1135  map_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof (*tr));
1136  tr->map_domain_index = 0;
1137  tr->port = 0;
1138  }
1139 
1140  next0 =
1141  (error0 == MAP_ERROR_NONE) ? next0 : IP6_ICMP_RELAY_NEXT_DROP;
1142  p0->error = error_node->errors[error0];
1143  vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
1144  n_left_to_next, pi0, next0);
1145  }
1146  vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1147  }
1148 
1149  return frame->n_vectors;
1150 
1151 }
1152 
1153 static char *map_error_strings[] = {
1154 #define _(sym,string) string,
1155  foreach_map_error
1156 #undef _
1157 };
1158 
1159 /* *INDENT-OFF* */
1160 VNET_FEATURE_INIT (ip6_map_feature, static) =
1161 {
1162  .arc_name = "ip6-unicast",
1163  .node_name = "ip6-map",
1164  .runs_before = VNET_FEATURES ("ip6-flow-classify"),
1165 };
1166 
1167 VLIB_REGISTER_NODE(ip6_map_node) = {
1168  .function = ip6_map,
1169  .name = "ip6-map",
1170  .vector_size = sizeof(u32),
1171  .format_trace = format_map_trace,
1172  .type = VLIB_NODE_TYPE_INTERNAL,
1173 
1174  .n_errors = MAP_N_ERROR,
1175  .error_strings = map_error_strings,
1176 
1177  .n_next_nodes = IP6_MAP_N_NEXT,
1178  .next_nodes = {
1179  [IP6_MAP_NEXT_IP4_LOOKUP] = "ip4-lookup",
1180 #ifdef MAP_SKIP_IP6_LOOKUP
1181  [IP6_MAP_NEXT_IP4_REWRITE] = "ip4-load-balance",
1182 #endif
1183  [IP6_MAP_NEXT_IP6_REASS] = "ip6-map-ip6-reass",
1184  [IP6_MAP_NEXT_IP4_REASS] = "ip6-map-ip4-reass",
1185  [IP6_MAP_NEXT_IP4_FRAGMENT] = "ip4-frag",
1186  [IP6_MAP_NEXT_IP6_ICMP_RELAY] = "ip6-map-icmp-relay",
1187  [IP6_MAP_NEXT_IP6_LOCAL] = "ip6-local",
1188  [IP6_MAP_NEXT_DROP] = "error-drop",
1189  [IP6_MAP_NEXT_ICMP] = "ip6-icmp-error",
1190  },
1191 };
1192 /* *INDENT-ON* */
1193 
1194 /* *INDENT-OFF* */
1195 VLIB_REGISTER_NODE(ip6_map_ip6_reass_node) = {
1196  .function = ip6_map_ip6_reass,
1197  .name = "ip6-map-ip6-reass",
1198  .vector_size = sizeof(u32),
1199  .format_trace = format_ip6_map_ip6_reass_trace,
1200  .type = VLIB_NODE_TYPE_INTERNAL,
1201  .n_errors = MAP_N_ERROR,
1202  .error_strings = map_error_strings,
1203  .n_next_nodes = IP6_MAP_IP6_REASS_N_NEXT,
1204  .next_nodes = {
1205  [IP6_MAP_IP6_REASS_NEXT_IP6_MAP] = "ip6-map",
1206  [IP6_MAP_IP6_REASS_NEXT_DROP] = "error-drop",
1207  },
1208 };
1209 /* *INDENT-ON* */
1210 
1211 /* *INDENT-OFF* */
1212 VLIB_REGISTER_NODE(ip6_map_ip4_reass_node) = {
1213  .function = ip6_map_ip4_reass,
1214  .name = "ip6-map-ip4-reass",
1215  .vector_size = sizeof(u32),
1216  .format_trace = format_ip6_map_ip4_reass_trace,
1217  .type = VLIB_NODE_TYPE_INTERNAL,
1218  .n_errors = MAP_N_ERROR,
1219  .error_strings = map_error_strings,
1220  .n_next_nodes = IP6_MAP_IP4_REASS_N_NEXT,
1221  .next_nodes = {
1222  [IP6_MAP_IP4_REASS_NEXT_IP4_LOOKUP] = "ip4-lookup",
1223  [IP6_MAP_IP4_REASS_NEXT_IP4_FRAGMENT] = "ip4-frag",
1224  [IP6_MAP_IP4_REASS_NEXT_DROP] = "error-drop",
1225  },
1226 };
1227 /* *INDENT-ON* */
1228 
1229 /* *INDENT-OFF* */
1230 VLIB_REGISTER_NODE(ip6_map_icmp_relay_node, static) = {
1231  .function = ip6_map_icmp_relay,
1232  .name = "ip6-map-icmp-relay",
1233  .vector_size = sizeof(u32),
1234  .format_trace = format_map_trace, //FIXME
1235  .type = VLIB_NODE_TYPE_INTERNAL,
1236  .n_errors = MAP_N_ERROR,
1237  .error_strings = map_error_strings,
1238  .n_next_nodes = IP6_ICMP_RELAY_N_NEXT,
1239  .next_nodes = {
1240  [IP6_ICMP_RELAY_NEXT_IP4_LOOKUP] = "ip4-lookup",
1241  [IP6_ICMP_RELAY_NEXT_DROP] = "error-drop",
1242  },
1243 };
1244 /* *INDENT-ON* */
1245 
1246 /*
1247  * fd.io coding-style-patch-verification: ON
1248  *
1249  * Local Variables:
1250  * eval: (c-set-style "gnu")
1251  * End:
1252  */
map_ip6_reass_t::forwarded
u16 forwarded
Definition: map.h:219
vlib_buffer_t::flags
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
Definition: buffer.h:124
map_ip4_reass_lock
#define map_ip4_reass_lock()
Definition: map.h:505
map_domain_t::psid_length
u8 psid_length
Definition: map.h:120
map_ip6_reass_t
Definition: map.h:214
IP6_MAP_IP4_REASS_NEXT_IP4_LOOKUP
Definition: ip6_map.c:46
map_ip6_map_ip6_reass_trace_t::frag_len
u16 frag_len
Definition: ip6_map.c:85
IP6_MAP_NEXT_IP4_LOOKUP
Definition: ip6_map.c:23
CLIB_UNUSED
#define CLIB_UNUSED(x)
Definition: clib.h:83
map_main
map_main_t map_main
Definition: map.c:27
ip6_map_sec_check
static_always_inline bool ip6_map_sec_check(map_domain_t *d, u16 port, ip4_header_t *ip4, ip6_header_t *ip6)
Definition: ip6_map.c:104
IP6_MAP_N_NEXT
Definition: ip6_map.c:34
vlib_increment_combined_counter
static void vlib_increment_combined_counter(vlib_combined_counter_main_t *cm, u32 thread_index, u32 index, u64 n_packets, u64 n_bytes)
Increment a combined counter.
Definition: counter.h:220
map_get_pfx
static_always_inline u64 map_get_pfx(map_domain_t *d, u32 addr, u16 port)
Definition: map.h:402
IP6_MAP_NEXT_IP4_REASS
Definition: ip6_map.c:28
ip4_header_t::src_address
ip4_address_t src_address
Definition: ip4_packet.h:170
ip4_header_t::ttl
u8 ttl
Definition: ip4_packet.h:157
vlib_set_next_frame_buffer
static void vlib_set_next_frame_buffer(vlib_main_t *vm, vlib_node_runtime_t *node, u32 next_index, u32 buffer_index)
Definition: node_funcs.h:371
ip6_map_ip4_reass_next_e
ip6_map_ip4_reass_next_e
Definition: ip6_map.c:44
PREDICT_TRUE
#define PREDICT_TRUE(x)
Definition: clib.h:113
IP6_MAP_NEXT_IP6_ICMP_RELAY
Definition: ip6_map.c:30
ip6_address_t::as_u64
u64 as_u64[2]
Definition: ip6_packet.h:51
u64
unsigned long u64
Definition: types.h:89
clib_memcpy_fast
#define clib_memcpy_fast(a, b, c)
Definition: string.h:81
clib_random_buffer_get_data
static void * clib_random_buffer_get_data(clib_random_buffer_t *b, uword n_bytes)
Definition: random_buffer.h:83
IP6_MAP_NEXT_IP4_REWRITE
Definition: ip6_map.c:25
vlib_main_t::thread_index
u32 thread_index
Definition: main.h:218
vlib_buffer_t::current_length
u16 current_length
Nbytes between current data and the end of this buffer.
Definition: buffer.h:113
IP6_ICMP_RELAY_NEXT_DROP
Definition: ip6_map.c:55
vec_add1
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:522
ip6_icmp_relay_next_e
ip6_icmp_relay_next_e
Definition: ip6_map.c:52
i
int i
Definition: flowhash_template.h:376
ip4_map_get_domain
static_always_inline map_domain_t * ip4_map_get_domain(ip4_address_t *addr, u32 *map_domain_index, u8 *error)
Definition: map.h:465
map_ip6_map_ip6_reass_trace_t::offset
u16 offset
Definition: ip6_map.c:84
map_main_t::sec_check_frag
bool sec_check_frag
Definition: map.h:281
ip_csum_t
uword ip_csum_t
Definition: ip_packet.h:219
format
u8 * format(u8 *s, const char *fmt,...)
Definition: format.c:424
vlib_increment_simple_counter
static void vlib_increment_simple_counter(vlib_simple_counter_main_t *cm, u32 thread_index, u32 index, u64 increment)
Increment a simple counter.
Definition: counter.h:78
ip4_header_t::flags_and_fragment_offset
u16 flags_and_fragment_offset
Definition: ip4_packet.h:151
ip6_map_ip4_lookup_bypass
static_always_inline bool ip6_map_ip4_lookup_bypass(vlib_buffer_t *p0, ip4_header_t *ip)
Definition: map.h:691
map_main_t
Definition: map.h:263
IP4_FRAG_NEXT_IP4_LOOKUP
Definition: ip_frag.h:53
map_error_strings
static char * map_error_strings[]
Definition: ip6_map.c:1153
vlib_node_runtime_t::errors
vlib_error_t * errors
Vector of errors for this node.
Definition: node.h:470
ip6_map_ip4_reass_node
vlib_node_registration_t ip6_map_ip4_reass_node
(constructor) VLIB_REGISTER_NODE (ip6_map_ip4_reass_node)
Definition: ip6_map.c:59
ip4_header_t::fragment_id
u16 fragment_id
Definition: ip4_packet.h:147
ip6_map_ip6_reass_prepare
static_always_inline void ip6_map_ip6_reass_prepare(vlib_main_t *vm, vlib_node_runtime_t *node, map_ip6_reass_t *r, u32 **fragments_ready, u32 **fragments_to_drop)
Definition: ip6_map.c:542
ip6_header_t::src_address
ip6_address_t src_address
Definition: ip6_packet.h:383
u8
unsigned char u8
Definition: types.h:56
vlib_frame_t
Definition: node.h:382
ip6_map_node
vlib_node_registration_t ip6_map_node
(constructor) VLIB_REGISTER_NODE (ip6_map_node)
Definition: ip6_map.c:1167
ip4_to_ip6.h
IPv4 to IPv6 translation.
map_ip6_reass_t::fragments
map_ip6_fragment_t fragments[MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY]
Definition: map.h:226
map_trace_t::port
u16 port
Definition: map.h:380
vec_reset_length
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
Definition: vec_bootstrap.h:178
ip4_is_fragment
static int ip4_is_fragment(const ip4_header_t *i)
Definition: ip4_packet.h:213
map_ip6_reass_unlock
#define map_ip6_reass_unlock()
Definition: map.h:531
vlib_node_runtime_t
Definition: node.h:464
u8_ptr_add
#define u8_ptr_add(ptr, index)
Definition: ip_types.h:34
IP6_ICMP_RELAY_NEXT_IP4_LOOKUP
Definition: ip6_map.c:54
static_always_inline
#define static_always_inline
Definition: clib.h:100
ip6_map_security_check
static_always_inline void ip6_map_security_check(map_domain_t *d, ip4_header_t *ip4, ip6_header_t *ip6, u32 *next, u8 *error)
Definition: ip6_map.c:120
map_ip6_map_ip4_reass_trace_t::map_domain_index
u32 map_domain_index
Definition: ip6_map.c:65
ip4_header_t::dst_address
ip4_address_t dst_address
Definition: ip4_packet.h:170
map_main_t::domain_counters
vlib_combined_counter_main_t * domain_counters
Definition: map.h:270
map_main_t::icmp4_src_address
ip4_address_t icmp4_src_address
Definition: map.h:287
ip6_map_ip6_reass_node
vlib_node_registration_t ip6_map_ip6_reass_node
(constructor) VLIB_REGISTER_NODE (ip6_map_ip6_reass_node)
Definition: ip6_map.c:60
vlib_prefetch_buffer_header
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
Definition: buffer.h:203
IP6_MAP_IP6_REASS_NEXT_DROP
Definition: ip6_map.c:40
map_send_all_to_node
static_always_inline void map_send_all_to_node(vlib_main_t *vm, u32 *pi_vector, vlib_node_runtime_t *node, vlib_error_t *error, u32 next)
Definition: map.h:602
map_main_t::icmp_relayed
vlib_simple_counter_main_t icmp_relayed
Definition: map.h:288
map_ip4_reass_add_fragment
int map_ip4_reass_add_fragment(map_ip4_reass_t *r, u32 pi)
Definition: map.c:1524
map_domain_t::rules
ip6_address_t * rules
Definition: map.h:110
map_domain_t::ea_bits_len
u8 ea_bits_len
Definition: map.h:118
u32
unsigned int u32
Definition: types.h:88
VLIB_FRAME_SIZE
#define VLIB_FRAME_SIZE
Definition: node.h:378
frag_id_6to4
#define frag_id_6to4(id)
Definition: ip6_to_ip4.h:45
format_ip6_map_ip4_reass_trace
u8 * format_ip6_map_ip4_reass_trace(u8 *s, va_list *args)
Definition: ip6_map.c:71
icmp6_error_set_vnet_buffer
void icmp6_error_set_vnet_buffer(vlib_buffer_t *b, u8 type, u8 code, u32 data)
Definition: icmp6.c:446
ip4_get_port
static u16 ip4_get_port(ip4_header_t *ip, u8 sender)
Get TCP/UDP port number or ICMP id from IPv4 packet.
Definition: ip4_to_ip6.h:51
type
vl_api_fib_path_type_t type
Definition: fib_types.api:123
ip4_address_t
Definition: ip4_packet.h:49
ip6_frag_hdr_more
#define ip6_frag_hdr_more(hdr)
Definition: ip6_packet.h:648
vlib_buffer_t::error
vlib_error_t error
Error code for buffers to be enqueued to error handler.
Definition: buffer.h:136
IP6_MAP_NEXT_IP6_REASS
Definition: ip6_map.c:27
cm
vnet_crypto_main_t * cm
Definition: quic_crypto.c:41
ip6_header_t::protocol
u8 protocol
Definition: ip6_packet.h:377
VNET_FEATURE_INIT
VNET_FEATURE_INIT(ip6_map_feature, static)
protocol
vl_api_ip_proto_t protocol
Definition: punt.api:39
map_domain_t
Definition: map.h:104
u16
unsigned short u16
Definition: types.h:57
ip4_get_fragment_offset
static int ip4_get_fragment_offset(const ip4_header_t *i)
Definition: ip4_packet.h:200
vlib_buffer_get_current
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:229
map_ip4_reass_get
map_ip4_reass_t * map_ip4_reass_get(u32 src, u32 dst, u16 fragment_id, u8 protocol, u32 **pi_to_drop)
Definition: map.c:1443
PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:112
port
u16 port
Definition: punt.api:40
src_address
vl_api_address_union_t src_address
Definition: ip_types.api:97
IP6_MAP_NEXT_IP4_FRAGMENT
Definition: ip6_map.c:29
map_ip6_fragment_t::pi
u32 pi
Definition: map.h:208
vlib_validate_buffer_enqueue_x2
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
Definition: buffer_node.h:70
vlib_validate_buffer_enqueue_x1
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
Definition: buffer_node.h:218
vlib_get_next_frame
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
Definition: node_funcs.h:338
map_ip4_reass_t::expected_total
u16 expected_total
Definition: map.h:167
IP6_MAP_NEXT_IP6_LOCAL
Definition: ip6_map.c:31
len
u8 len
Definition: ip_types.api:90
map_ip4_drop_pi
void map_ip4_drop_pi(u32 pi)
Definition: ip6_map.c:647
ip4_header_t::length
u16 length
Definition: ip4_packet.h:144
map_ip4_reass_free
void map_ip4_reass_free(map_ip4_reass_t *r, u32 **pi_to_drop)
Definition: map.c:1400
IP4_HEADER_FLAG_MORE_FRAGMENTS
#define IP4_HEADER_FLAG_MORE_FRAGMENTS
Definition: ip4_packet.h:152
map_ip6_map_ip6_reass_trace_t::out
u8 out
Definition: ip6_map.c:86
ip4_header_t::checksum
u16 checksum
Definition: ip4_packet.h:163
VLIB_REGISTER_NODE
#define VLIB_REGISTER_NODE(x,...)
Definition: node.h:169
map_ip6_fragment_t::next_data_len
u8 next_data_len
Definition: map.h:210
vlib_frame_t::n_vectors
u16 n_vectors
Definition: node.h:397
map_ip6_fragment_t::next_data_offset
u16 next_data_offset
Definition: map.h:209
map_ip4_reass_get_fragments
static_always_inline void map_ip4_reass_get_fragments(map_ip4_reass_t *r, u32 **pi)
Definition: map.h:509
CLIB_PREFETCH
#define CLIB_PREFETCH(addr, size, type)
Definition: cache.h:80
vm
vlib_main_t * vm
Definition: buffer.c:323
IP6_MAP_IP6_REASS_NEXT_IP6_MAP
Definition: ip6_map.c:39
map_ip6_reass_get
map_ip6_reass_t * map_ip6_reass_get(ip6_address_t *src, ip6_address_t *dst, u32 fragment_id, u8 protocol, u32 **pi_to_drop)
Definition: map.c:1615
map_ip6_fragment_t::next_data
u8 next_data[20]
Definition: map.h:211
vec_free
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
vnet_feature_next
static_always_inline void vnet_feature_next(u32 *next0, vlib_buffer_t *b0)
Definition: feature.h:302
map_ip6_map_ip6_reass_trace_t
Definition: ip6_map.c:82
map_trace_t
Definition: map.h:378
vlib_node_get_runtime
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
Definition: node_funcs.h:89
vlib_buffer_t::data
u8 data[]
Packet data.
Definition: buffer.h:181
map_ip4_reass_t::forwarded
u16 forwarded
Definition: map.h:168
ip6_map_icmp_relay
static uword ip6_map_icmp_relay(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:994
map_main_t::icmp6_enabled
bool icmp6_enabled
Definition: map.h:282
vlib_put_next_frame
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
Definition: main.c:456
ip6_map_ip4_reass
static uword ip6_map_ip4_reass(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:803
foreach_map_error
#define foreach_map_error
Definition: map.h:350
ip_frag.h
ip4_get_fragment_more
static int ip4_get_fragment_more(const ip4_header_t *i)
Definition: ip4_packet.h:206
ip4_header_t::protocol
u8 protocol
Definition: ip4_packet.h:160
i32
signed int i32
Definition: types.h:77
ip6_map
static uword ip6_map(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:156
ip6_frag_hdr_offset
#define ip6_frag_hdr_offset(hdr)
Definition: ip6_packet.h:642
vlib_node_runtime_t::cached_next_index
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
Definition: node.h:515
map_main_t::sec_check
bool sec_check
Definition: map.h:280
IP6_MAP_IP6_REASS_N_NEXT
Definition: ip6_map.c:41
map_ip6_map_ip4_reass_trace_t
Definition: ip6_map.c:63
ip6_map_next_e
ip6_map_next_e
Definition: ip6_map.c:21
ip4_header_t::tos
ip_dscp_t tos
Definition: ip4_packet.h:141
ip6_header_t
Definition: ip6_packet.h:367
IP6_MAP_NEXT_DROP
Definition: ip6_map.c:32
map_ip6_reass_t::ip4_header
ip4_header_t ip4_header
Definition: map.h:225
vlib_buffer_advance
static void vlib_buffer_advance(vlib_buffer_t *b, word l)
Advance current data pointer by the supplied (signed!) amount.
Definition: buffer.h:248
map_ip4_reass_unlock
#define map_ip4_reass_unlock()
Definition: map.h:506
ip6_map_icmp_relay_node
static vlib_node_registration_t ip6_map_icmp_relay_node
(constructor) VLIB_REGISTER_NODE (ip6_map_icmp_relay_node)
Definition: ip6_map.c:61
format_map_trace
u8 * format_map_trace(u8 *s, va_list *args)
Definition: map.c:1363
ip6_to_ip4.h
IPv6 to IPv4 translation.
format_ip6_map_ip6_reass_trace
u8 * format_ip6_map_ip6_reass_trace(u8 *s, va_list *args)
Definition: ip6_map.c:90
VNET_FEATURES
#define VNET_FEATURES(...)
Definition: feature.h:442
ip6_map_ip6_reass_next_e
ip6_map_ip6_reass_next_e
Definition: ip6_map.c:37
vlib_get_main
static vlib_main_t * vlib_get_main(void)
Definition: global_funcs.h:23
IP6_MAP_NEXT_ICMP
Definition: ip6_map.c:33
vlib_add_trace
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
Definition: trace_funcs.h:55
vlib_node_registration_t
struct _vlib_node_registration vlib_node_registration_t
IP6_MAP_IP4_REASS_N_NEXT
Definition: ip6_map.c:49
ip6_map_ip6_reass
static uword ip6_map_ip6_reass(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: ip6_map.c:663
map_domain_t::mtu
u16 mtu
Definition: map.h:114
ip6_header_t::payload_length
u16 payload_length
Definition: ip6_packet.h:374
vec_len
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
Definition: vec_bootstrap.h:143
map_ip6_reass_lock
#define map_ip6_reass_lock()
Definition: map.h:530
map_ip4_reass_t::port
i32 port
Definition: map.h:170
vlib_main_t
Definition: main.h:83
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:102
uword
u64 uword
Definition: types.h:112
vlib_node_t
Definition: node.h:258
vlib_frame_vector_args
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
Definition: node_funcs.h:244
IP6_ICMP_RELAY_N_NEXT
Definition: ip6_map.c:56
map_ip6_map_ip4_reass_trace_t::port
u16 port
Definition: ip6_map.c:66
IP6_MAP_IP4_REASS_NEXT_IP4_FRAGMENT
Definition: ip6_map.c:47
map_ip4_reass_t
Definition: map.h:162
vlib_combined_counter_main_t
A collection of combined counters.
Definition: counter.h:188
offset
struct clib_bihash_value offset
template key/value backing page structure
map_ip6_reass_free
void map_ip6_reass_free(map_ip6_reass_t *r, u32 **pi_to_drop)
Definition: map.c:1563
vnet_buffer
#define vnet_buffer(b)
Definition: buffer.h:365
map_ip6_map_ip4_reass_trace_t::cached
u8 cached
Definition: ip6_map.c:67
MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY
#define MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY
Definition: map.h:92
IP6_MAP_IP4_REASS_NEXT_DROP
Definition: ip6_map.c:48
IP4_HEADER_FLAG_DONT_FRAGMENT
#define IP4_HEADER_FLAG_DONT_FRAGMENT
Definition: ip4_packet.h:153
map_get_sfx
static_always_inline u64 map_get_sfx(map_domain_t *d, u32 addr, u16 port)
Definition: map.h:426
map_trace_t::map_domain_index
u32 map_domain_index
Definition: map.h:379
u16_net_add
#define u16_net_add(u, val)
Definition: ip_types.h:35
ip4_address_t::as_u32
u32 as_u32
Definition: ip4_packet.h:56
ip4_header_t::ip_version_and_header_length
u8 ip_version_and_header_length
Definition: ip4_packet.h:138
map_main_t::ip6_reass_buffered_counter
u32 ip6_reass_buffered_counter
Definition: map.h:335
map_ip6_reass_add_fragment
int map_ip6_reass_add_fragment(map_ip6_reass_t *r, u32 pi, u16 data_offset, u16 next_data_offset, u8 *data_start, u16 data_len)
Definition: map.c:1703
ip4_header_t
Definition: ip4_packet.h:132
map_ip6_reass_t::expected_total
u16 expected_total
Definition: map.h:218
ip_incremental_checksum
static ip_csum_t ip_incremental_checksum(ip_csum_t sum, void *_data, uword n_bytes)
Definition: ip_packet.h:293
vlib_get_buffer
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
Definition: buffer_funcs.h:85
ip4_header_checksum
static u16 ip4_header_checksum(ip4_header_t *i)
Definition: ip4_packet.h:247
vlib_main_t::random_buffer
clib_random_buffer_t random_buffer
Definition: main.h:212
ip_csum_fold
static u16 ip_csum_fold(ip_csum_t c)
Definition: ip_packet.h:275
map_ip6_drop_pi
void map_ip6_drop_pi(u32 pi)
Definition: ip6_map.c:638
ip6_header_t::dst_address
ip6_address_t dst_address
Definition: ip6_packet.h:383