24 #include <vpp/app/version.h> 73 if (map_domain_index == ~0)
93 if (map_domain_index == ~0)
109 ip6_address_t * ip6_src,
116 u8 suffix_len, suffix_shift;
121 if (ip4_prefix_len + ea_bits_len < 32)
124 suffix_shift = 32 - ip4_prefix_len - ea_bits_len;
125 suffix_len = ea_bits_len;
130 suffix_len = 32 - ip4_prefix_len;
134 if (ea_bits_len > 0 && ((ip6_prefix_len + ea_bits_len) > 64 ||
135 ip6_prefix_len + suffix_len + psid_length > 64))
138 (
"Embedded Address bits must be within the first 64 bits of " 146 *map_domain_index = d - mm->
domains;
163 d->
psid_shift = 16 - psid_length - psid_offset;
211 clib_warning (
"MAP domain delete: domain does not exist: %d",
243 clib_warning (
"MAP rule: domain does not exist: %d", map_domain_index);
263 clib_warning (
"MAP rule: PSID outside bounds: %d [%d]", psid,
270 d->
rules[psid] = *tep;
279 #ifdef MAP_SKIP_IP6_LOOKUP 303 return (
format (s,
"%U (%u)",
309 return (
format (s,
"un-set"));
363 return (&pre_resolved[index].
node);
409 if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
411 ip46_address_t
addr = {
416 FIB_PROTOCOL_IP6, 128, &addr);
419 FIB_PROTOCOL_IP6, 128, &addr);
421 if (ip4 && (ip4->
as_u32 != 0))
423 ip46_address_t
addr = {
428 FIB_PROTOCOL_IP4, 32, &addr);
431 FIB_PROTOCOL_IP4, 32, &addr);
444 bool check_frag =
false;
445 bool saw_enable =
false;
446 bool saw_frag =
false;
454 if (
unformat (line_input,
"enable"))
459 else if (
unformat (line_input,
"disable"))
464 else if (
unformat (line_input,
"fragments on"))
469 else if (
unformat (line_input,
"fragments off"))
485 "Must specify enable 'enable' or 'disable'");
511 ip6_address_t ip6_src;
512 u32 ip6_prefix_len = 0, ip4_prefix_len = 0, map_domain_index, ip6_src_len;
515 u32 ea_bits_len = 0, psid_offset = 0, psid_length = 0;
546 else if (
unformat (line_input,
"ea-bits-len %d", &ea_bits_len))
548 else if (
unformat (line_input,
"psid-offset %d", &psid_offset))
550 else if (
unformat (line_input,
"psid-len %d", &psid_length))
552 else if (
unformat (line_input,
"mtu %d", &mtu))
554 else if (
unformat (line_input,
"tag %s", &tag))
571 &ip6_prefix, ip6_prefix_len, &ip6_src, ip6_src_len,
572 ea_bits_len, psid_offset, psid_length, &map_domain_index,
588 u32 map_domain_index;
597 if (
unformat (line_input,
"index %d", &map_domain_index))
628 u32 psid = 0, map_domain_index;
637 if (
unformat (line_input,
"index %d", &map_domain_index))
639 else if (
unformat (line_input,
"psid %d", &psid))
670 #if MAP_SKIP_IP6_LOOKUP 678 ip6_address_t ip6nh, *p_v6 = NULL;
696 else if (
unformat (line_input,
"del"))
738 p_icmp_addr = &icmp_src_address;
764 bool enabled =
false;
775 else if (
unformat (line_input,
"off"))
805 bool frag_inner =
false;
806 bool frag_ignore_df =
false;
807 bool saw_in_out =
false;
821 else if (
unformat (line_input,
"outer"))
826 else if (
unformat (line_input,
"ignore-df"))
828 frag_ignore_df =
true;
831 else if (
unformat (line_input,
"honor-df"))
833 frag_ignore_df =
false;
872 bool tc_copy =
false;
883 else if (
unformat (line_input,
"%x", &tc))
913 bool counters = va_arg (*args,
int);
928 "[%d] tag {%s} ip4-pfx %U/%d ip6-pfx %U/%d ip6-src %U/%d " 929 "ea-bits-len %d psid-offset %d psid-len %d mtu %d %s",
930 map_domain_index, (de && de->
tag) ? de->
tag : (
u8 *)
"[no-tag]",
942 map_domain_index, &v);
945 map_domain_index, &v);
958 if (dst.as_u64[0] == 0 && dst.as_u64[1] == 0)
975 bool counters =
false;
976 u32 map_domain_index = ~0;
984 ({vlib_cli_output(vm,
"%U", format_map_domain, d, counters);}));
991 if (
unformat (line_input,
"counters"))
993 else if (
unformat (line_input,
"index %d", &map_domain_index))
1009 if (map_domain_index == ~0)
1013 ({vlib_cli_output(vm,
"%U", format_map_domain, d, counters);}));
1046 ASSERT (ci < n->n_errors);
1058 int domains = 0,
rules = 0, domaincount = 0, rulecount = 0;
1068 rulecount+= 0x1 << d->psid_length;
1069 rules += sizeof(ip6_address_t) * 0x1 << d->psid_length;
1071 domains +=
sizeof(*d);
1081 #if MAP_SKIP_IP6_LOOKUP 1083 "MAP pre-resolve: IP6 next-hop: %U, IP4 next-hop: %U\n",
1098 "MAP IPv6 inbound security check: %s, fragmented packet security check: %s",
1099 mm->sec_check ?
"enabled" :
"disabled",
1100 mm->sec_check_frag ?
"enabled" :
"disabled");
1105 mm->icmp6_enabled ?
"enabled" :
"disabled");
1107 mm->frag_inner ?
"enabled" :
"disabled");
1109 mm->frag_ignore_df ?
"enabled" :
"disabled");
1121 clib_memset (total_bytes, 0,
sizeof (total_bytes));
1126 which = cm - mm->domain_counters;
1131 total_pkts[which] += v.
packets;
1132 total_bytes[which] += v.
bytes;
1156 bool is_enable =
true, is_translation =
false;
1169 else if (
unformat (line_input,
"del"))
1171 else if (
unformat (line_input,
"map-t"))
1172 is_translation =
true;
1184 if (sw_if_index == ~0)
1213 format (s,
"MAP domain index: %d L4 port: %u", map_domain_index,
1214 clib_net_to_host_u16 (port));
1233 if (
unformat (line_input,
"%u", &tcp_mss))
1243 if (tcp_mss >= (0x1 << 16))
1273 .path =
"map params traffic-class",
1274 .short_help =
"map params traffic-class {0x0-0xff | copy}",
1289 .path =
"map params tcp-mss",
1290 .short_help =
"map params tcp-mss <value>",
1307 .path =
"map params pre-resolve",
1308 .short_help =
" map params pre-resolve {ip4-nh <address>} " 1309 "| {ip6-nh <address>}",
1331 .path =
"map params security-check",
1332 .short_help =
"map params security-check enable|disable fragments on|off",
1349 .path =
"map params icmp source-address",
1350 .short_help =
"map params icmp source-address <ip4-address>",
1365 .path =
"map params icmp6 unreachables",
1366 .short_help =
"map params icmp6 unreachables {on|off}",
1384 .path =
"map params fragment",
1385 .short_help =
"map params fragment inner|outer ignore-df|honor-df",
1398 .path =
"map add domain",
1399 .short_help =
"map add domain [tag <tag>] ip4-pfx <ip4-pfx> " 1400 "ip6-pfx <ip6-pfx> " 1401 "ip6-src <ip6-pfx> ea-bits-len <n> psid-offset <n> psid-len <n> " 1402 "[map-t] [mtu <mtu>]",
1414 .path =
"map add rule",
1415 .short_help =
"map add rule index <domain> psid <psid> ip6-dst <ip6-addr>",
1427 .path =
"map del domain",
1428 .short_help =
"map del domain index <domain>",
1440 .path =
"show map domain",
1441 .short_help =
"show map domain index <n> [counters]",
1453 .path =
"show map stats",
1454 .short_help =
"show map stats",
1463 .path =
"map interface",
1464 .short_help =
"map interface <interface-name> [map-t] [del]",
1469 .version = VPP_BUILD_VER,
1470 .description =
"Mapping of Address and Port (MAP)",
1484 memset (mm, 0,
sizeof (*mm));
1489 #ifdef MAP_SKIP_IP6_LOOKUP 1523 #ifdef MAP_SKIP_IP6_LOOKUP #define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
int map_param_set_icmp(ip4_address_t *ip4_err_relay_src)
fib_protocol_t fp_proto
protocol type
int map_add_del_psid(u32 map_domain_index, u16 psid, ip6_address_t *tep, bool is_add)
fib_node_index_t fib_entry_track(u32 fib_index, const fib_prefix_t *prefix, fib_node_type_t child_type, index_t child_index, u32 *sibling)
Trackers are used on FIB entries by objects that which to track the changing state of the entry...
lpm_t * lpm_table_init(enum lpm_type_e lpm_type)
fib_node_t node
Linkage into the FIB graph.
static clib_error_t * map_fragment_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
int map_delete_domain(u32 map_domain_index)
void vlib_validate_combined_counter(vlib_combined_counter_main_t *cm, u32 index)
validate a combined counter
static fib_node_t * map_fib_node_get(fib_node_index_t index)
Function definition to get a FIB node from its index.
vl_api_wireguard_peer_flags_t flags
vnet_main_t * vnet_get_main(void)
int map_if_enable_disable(bool is_enable, u32 sw_if_index, bool is_translation)
void fib_node_init(fib_node_t *node, fib_node_type_t type)
dpo_id_t dpo
The Load-balance object index to use to forward.
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static u8 * format_map_domain(u8 *s, va_list *args)
static clib_error_t * show_map_domain_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * map_security_check_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
u64 map_error_counter_get(u32 node_index, map_error_t map_error)
enum fib_node_back_walk_rc_t_ fib_node_back_walk_rc_t
Return code from a back walk function.
const dpo_id_t * fib_entry_contribute_ip_forwarding(fib_node_index_t fib_entry_index)
static void map_fib_resolve(map_main_pre_resolved_t *pr, fib_protocol_t proto, u8 len, const ip46_address_t *addr)
static void map_free_extras(u32 map_domain_index)
void dpo_copy(dpo_id_t *dst, const dpo_id_t *src)
atomic copy a data-plane object.
manual_print typedef ip4_prefix
static void map_domain_counter_unlock(map_main_t *mm)
Combined counter to hold both packets and byte differences.
#define STRUCT_OFFSET_OF(t, f)
const fib_prefix_t * fib_entry_get_prefix(fib_node_index_t fib_entry_index)
unformat_function_t unformat_vnet_sw_interface
int map_create_domain(ip4_address_t *ip4_prefix, u8 ip4_prefix_len, ip6_address_t *ip6_prefix, u8 ip6_prefix_len, ip6_address_t *ip6_src, u8 ip6_src_len, u8 ea_bits_len, u8 psid_offset, u8 psid_length, u32 *map_domain_index, u16 mtu, u8 flags, u8 *tag)
uword * bm_trans_enabled_by_sw_if
vlib_error_t * errors
Vector of errors for this node.
void map_pre_resolve(ip4_address_t *ip4, ip6_address_t *ip6, bool is_del)
enum fib_protocol_t_ fib_protocol_t
Protocol Type.
void fib_node_register_type(fib_node_type_t type, const fib_node_vft_t *vft)
fib_node_register_type
static counter_t vlib_get_simple_counter(vlib_simple_counter_main_t *cm, u32 index)
Get the value of a simple counter Scrapes the entire set of per-thread counters.
manual_print typedef ip6_prefix
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
void(* add)(struct lpm_ *lpm, void *addr_v, u8 pfxlen, u32 value)
static clib_error_t * map_pre_resolve_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define VLIB_INIT_FUNCTION(x)
static clib_error_t * map_icmp_unreachables_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
vlib_combined_counter_main_t * domain_counters
ip4_address_t icmp4_src_address
static clib_error_t * map_add_domain_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
Aggregate type for a prefix.
#define clib_error_return(e, args...)
vlib_simple_counter_main_t icmp_relayed
The identity of a DPO is a combination of its type and its instance number/index of objects of that t...
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static void vlib_zero_combined_counter(vlib_combined_counter_main_t *cm, u32 index)
Clear a combined counter Clears the set of per-thread counters.
counter_t packets
packet counter
static clib_error_t * map_if_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * map_add_rule_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
ip46_address_t fp_addr
The address type is not deriveable from the fp_addr member.
static clib_error_t * map_tcp_mss_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
vlib_error_main_t error_main
static map_main_pre_resolved_t * map_from_fib_node(fib_node_t *node)
int map_param_set_traffic_class(bool copy, u8 tc)
u32 vlib_combined_counter_n_counters(const vlib_combined_counter_main_t *cm)
The number of counters (not the number of per-thread counters)
#define pool_put(P, E)
Free an object E in pool P.
#define FOR_EACH_FIB_PROTOCOL(_item)
fib_node_type_t fn_type
The node's type.
An node in the FIB graph.
static u32 vlib_error_get_code(vlib_node_main_t *nm, vlib_error_t e)
format_function_t format_ip46_address
#define pool_get_aligned(P, E, A)
Allocate an object E from a pool P with alignment A.
lpm_t * ip6_src_prefix_tbl
static void vlib_get_combined_counter(const vlib_combined_counter_main_t *cm, u32 index, vlib_counter_t *result)
Get the value of a combined counter, never called in the speed path Scrapes the entire set of per-thr...
uword * bm_encap_enabled_by_sw_if
sll srl srl sll sra u16x4 i
#define vec_free(V)
Free vector's memory (no header).
static clib_error_t * map_icmp_relay_source_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define clib_warning(format, args...)
static vlib_node_runtime_t * vlib_node_get_runtime(vlib_main_t *vm, u32 node_index)
Get node runtime by node index.
int map_param_set_fragmentation(bool inner, bool ignore_df)
u32 sibling
This object sibling index on the FIB entry's child dependency list.
u32 fib_node_index_t
A typedef of a node index.
#define pool_is_free_index(P, I)
Use free bitmap to query whether given index is free.
static void map_pre_resolve_init(map_main_pre_resolved_t *pr)
static clib_error_t * map_del_domain_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
vlib_main_t vlib_node_runtime_t * node
static void map_domain_counter_lock(map_main_t *mm)
Context passed between object during a back walk.
#define VLIB_CLI_COMMAND(x,...)
#define vec_validate_init_c_string(V, S, L)
Make a vector containing a NULL terminated c-string.
vl_api_gbp_rule_t rules[n_rules]
static void map_save_extras(u32 map_domain_index, u8 *tag)
void vlib_validate_simple_counter(vlib_simple_counter_main_t *cm, u32 index)
validate a simple counter
void fib_entry_untrack(fib_node_index_t fei, u32 sibling)
Stop tracking a FIB entry.
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
static void clib_mem_free(void *p)
static void vlib_zero_simple_counter(vlib_simple_counter_main_t *cm, u32 index)
Clear a simple counter Clears the set of per-thread u16 counters, and the u64 counter.
u8 * format_map_trace(u8 *s, va_list *args)
void(* delete)(struct lpm_ *lpm, void *addr_v, u8 pfxlen)
static u8 * format_map_pre_resolve(u8 *s, va_list *ap)
static vlib_main_t * vlib_get_main(void)
static clib_error_t * map_traffic_class_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
counter_t bytes
byte counter
int map_param_set_security_check(bool enable, bool fragments)
char * stat_segment_name
Name in stat segment directory.
int map_param_set_icmp6(u8 enable_unreachable)
index_t dpoi_index
the index of objects of that type
#define FIB_NODE_INDEX_INVALID
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
clib_error_t * map_plugin_api_hookup(vlib_main_t *vm)
fib_node_index_t fei
The FIB entry index of the next-hop.
vlib_node_main_t node_main
map_domain_extra_t * domain_extras
char * name
The counter collection's name.
A collection of combined counters.
#define FIB_PROTOCOL_MAX
Definition outside of enum so it does not need to be included in non-defaulted switch statements...
A FIB graph nodes virtual function table.
vlib_simple_counter_main_t * simple_domain_counters
static void * clib_mem_alloc_aligned(uword size, uword align)
int map_param_set_tcp(u16 tcp_mss)
static fib_node_back_walk_rc_t map_back_walk(fib_node_t *node, fib_node_back_walk_ctx_t *ctx)
Function definition to backwalk a FIB node.
static void map_stack(map_main_pre_resolved_t *pr)
static vlib_node_t * vlib_get_node(vlib_main_t *vm, u32 i)
Get vlib node by index.
static void map_last_lock_gone(fib_node_t *node)
Function definition to inform the FIB node that its last lock has gone.
void dpo_reset(dpo_id_t *dpo)
reset a DPO ID The DPO will be unlocked.
#define vec_foreach(var, vec)
Vector iterator.
static char * map_flags_to_string(u32 flags)
#define CLIB_CACHE_LINE_BYTES
clib_error_t * map_init(vlib_main_t *vm)
static void map_fib_unresolve(map_main_pre_resolved_t *pr, fib_protocol_t proto, u8 len, const ip46_address_t *addr)
vl_api_interface_index_t sw_if_index
static clib_error_t * show_map_stats_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static uword pool_elts(void *v)
Number of active elements in a pool.