da/dd2/cnat__src__policy_8c_source.html

 /*
  * Copyright (c) 2020 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include <cnat/cnat_src_policy.h>
 #include <cnat/cnat_inline.h>

 #include <cnat/cnat_session.h>
 #include <cnat/cnat_translation.h>

 cnat_src_policy_main_t cnat_src_policy_main;

 void
 cnat_register_vip_src_policy (cnat_vip_source_policy_t fp)
 {
   cnat_src_policy_main.vip_policy = fp;
 }

 cnat_source_policy_errors_t
 cnat_vip_default_source_policy (vlib_main_t * vm,
                                 vlib_buffer_t * b,
                                 cnat_session_t * session,
                                 u32 * rsession_flags,
                                 const cnat_translation_t * ct,
                                 cnat_node_ctx_t * ctx)
 {
   ip_protocol_t iproto;
   udp_header_t *udp0;
   ip4_header_t *ip4;
   ip6_header_t *ip6;

   if (AF_IP4 == ctx->af)
     {
       ip4 = vlib_buffer_get_current (b);
       iproto = ip4->protocol;
       udp0 = (udp_header_t *) (ip4 + 1);
     }
   else
     {
       ip6 = vlib_buffer_get_current (b);
       iproto = ip6->protocol;
       udp0 = (udp_header_t *) (ip6 + 1);
     }

   int rv = 0;
   if (!session->value.cs_port[VLIB_RX])
     {
       u16 sport;
       sport = udp0->src_port;
       /* Allocate a port only if asked and if we actually sNATed */
       if ((ct->flags & CNAT_TRANSLATION_FLAG_ALLOCATE_PORT)
           && (*rsession_flags & CNAT_SESSION_FLAG_HAS_SNAT))
         {
           sport = 0;            /* force allocation */
           session->value.flags |= CNAT_SESSION_FLAG_ALLOC_PORT;
           rv = cnat_allocate_port (&sport, iproto);
           if (rv)
             return CNAT_SOURCE_ERROR_EXHAUSTED_PORTS;
         }

       session->value.cs_port[VLIB_RX] = sport;
     }
   return 0;
 }

 always_inline cnat_src_port_allocator_t *
 cnat_get_src_port_allocator (ip_protocol_t iproto)
 {
   cnat_src_policy_main_t *cspm = &cnat_src_policy_main;
   switch (iproto)
     {
     case IP_PROTOCOL_TCP:
       return &cspm->src_ports[CNAT_SPORT_PROTO_TCP];
     case IP_PROTOCOL_UDP:
       return &cspm->src_ports[CNAT_SPORT_PROTO_UDP];
     case IP_PROTOCOL_ICMP:
       return &cspm->src_ports[CNAT_SPORT_PROTO_ICMP];
     case IP_PROTOCOL_ICMP6:
       return &cspm->src_ports[CNAT_SPORT_PROTO_ICMP6];
     default:
       return 0;
     }
 }

 void
 cnat_free_port (u16 port, ip_protocol_t iproto)
 {
   cnat_src_port_allocator_t *ca;
   ca = cnat_get_src_port_allocator (iproto);
   if (!ca)
     return;
   clib_spinlock_lock (&ca->lock);
   clib_bitmap_set_no_check (ca->bmap, port, 0);
   clib_spinlock_unlock (&ca->lock);
 }

 int
 cnat_allocate_port (u16 * port, ip_protocol_t iproto)
 {
   *port = clib_net_to_host_u16 (*port);
   if (*port == 0)
     *port = MIN_SRC_PORT;
   cnat_src_port_allocator_t *ca;
   ca = cnat_get_src_port_allocator (iproto);
   if (!ca)
     return -1;
   clib_spinlock_lock (&ca->lock);
   if (clib_bitmap_get_no_check (ca->bmap, *port))
     {
       *port = clib_bitmap_next_clear (ca->bmap, *port);
       if (PREDICT_FALSE (*port >= UINT16_MAX))
         *port = clib_bitmap_next_clear (ca->bmap, MIN_SRC_PORT);
       if (PREDICT_FALSE (*port >= UINT16_MAX))
         return -1;
     }
   clib_bitmap_set_no_check (ca->bmap, *port, 1);
   *port = clib_host_to_net_u16 (*port);
   clib_spinlock_unlock (&ca->lock);
   return 0;
 }

 static clib_error_t *
 cnat_src_policy_init (vlib_main_t * vm)
 {
   cnat_src_policy_main_t *cspm = &cnat_src_policy_main;
   cspm->vip_policy = cnat_vip_default_source_policy;
   cspm->default_policy = cnat_vip_default_source_policy;

   vec_validate (cspm->src_ports, CNAT_N_SPORT_PROTO);
   for (int i = 0; i < CNAT_N_SPORT_PROTO; i++)
     {
       clib_spinlock_init (&cspm->src_ports[i].lock);
       clib_bitmap_validate (cspm->src_ports[i].bmap, UINT16_MAX);
     }
   /* Inject cleanup callback */
   cnat_free_port_cb = cnat_free_port;
   return (NULL);
 }

 VLIB_INIT_FUNCTION (cnat_src_policy_init);

 /*
  * fd.io coding-style-patch-verification: ON
  *
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */
vec_validate
#define vec_validate(V, I)
Make sure vector is long enough for given index (no header, unspecified alignment) ...
Definition: vec.h:509

cnat_allocate_port
int cnat_allocate_port(u16 *port, ip_protocol_t iproto)
Definition: cnat_src_policy.c:109

cnat_session.h

clib_spinlock_unlock
static_always_inline void clib_spinlock_unlock(clib_spinlock_t *p)
Definition: lock.h:121

clib_spinlock_lock
static_always_inline void clib_spinlock_lock(clib_spinlock_t *p)
Definition: lock.h:82

CNAT_SESSION_FLAG_ALLOC_PORT
This session source port was allocated, free it on cleanup.
Definition: cnat_session.h:120

cnat_free_port_cb
void(* cnat_free_port_cb)(u16 port, ip_protocol_t iproto)
Port cleanup callback.
Definition: cnat_session.c:25

cnat_translation.h

cnat_src_policy_main
cnat_src_policy_main_t cnat_src_policy_main
Definition: cnat_src_policy.c:22

cnat_get_src_port_allocator
static cnat_src_port_allocator_t * cnat_get_src_port_allocator(ip_protocol_t iproto)
Definition: cnat_src_policy.c:78

cnat_session_t_::cs_port
u16 cs_port[VLIB_N_DIR]
ports in rx/tx
Definition: cnat_session.h:53

cnat_node_ctx_
Definition: cnat_types.h:159

cnat_translation_t_
A Translation represents the translation of a VEP to one of a set of real server addresses.
Definition: cnat_translation.h:110

cnat_free_port
void cnat_free_port(u16 port, ip_protocol_t iproto)
Definition: cnat_src_policy.c:97

vm
vlib_main_t * vm
Definition: in2out_ed.c:1580

CNAT_SPORT_PROTO_ICMP
Definition: cnat_src_policy.h:28

CNAT_SPORT_PROTO_TCP
Definition: cnat_src_policy.h:26

udp_header_t
Definition: udp_packet.h:45

cnat_source_policy_errors_t
enum cnat_source_policy_errors_ cnat_source_policy_errors_t

clib_bitmap_get_no_check
static uword clib_bitmap_get_no_check(uword *ai, uword i)
Gets the ith bit value from a bitmap Does not sanity-check the bit position.
Definition: bitmap.h:212

clib_bitmap_set_no_check
static uword clib_bitmap_set_no_check(uword *a, uword i, uword new_value)
Sets the ith bit of a bitmap to new_value.
Definition: bitmap.h:141

clib_bitmap_validate
#define clib_bitmap_validate(v, n_bits)
Definition: bitmap.h:115

cnat_session_t_
A session represents the memory of a translation.
Definition: cnat_session.h:38

udp_header_t::src_port
u16 src_port
Definition: udp_packet.h:48

VLIB_INIT_FUNCTION
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173

ip6
vl_api_ip6_address_t ip6
Definition: one.api:424

CNAT_SOURCE_ERROR_EXHAUSTED_PORTS
Definition: cnat_src_policy.h:35

CNAT_SPORT_PROTO_UDP
Definition: cnat_src_policy.h:27

AF_IP4
Definition: ip_types.h:23

b
const cJSON *const b
Definition: cJSON.h:255

cnat_vip_source_policy_t
cnat_source_policy_errors_t(* cnat_vip_source_policy_t)(vlib_main_t *vm, vlib_buffer_t *b, cnat_session_t *session, u32 *rsession_flags, const cnat_translation_t *ct, cnat_node_ctx_t *ctx)
Definition: cnat_src_policy.h:50

u32
unsigned int u32
Definition: types.h:88

cnat_src_policy_main_::src_ports
cnat_src_port_allocator_t * src_ports
Definition: cnat_src_policy.h:60

clib_spinlock_init
static void clib_spinlock_init(clib_spinlock_t *p)
Definition: lock.h:65

CNAT_SESSION_FLAG_HAS_SNAT
Indicates a return path session that was source NATed on the way in.
Definition: cnat_session.h:116

ip_protocol_t
enum ip_protocol ip_protocol_t

ip6_header_t::protocol
u8 protocol
Definition: ip6_packet.h:304

ctx
long ctx[MAX_CONNS]
Definition: main.c:144

u16
unsigned short u16
Definition: types.h:57

vlib_buffer_get_current
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
Definition: buffer.h:233

PREDICT_FALSE
#define PREDICT_FALSE(x)
Definition: clib.h:121

always_inline
#define always_inline
Definition: ipsec.h:28

ip4
vl_api_ip4_address_t ip4
Definition: one.api:376

cnat_src_port_allocator_::bmap
clib_bitmap_t * bmap
Definition: cnat_src_policy.h:42

MIN_SRC_PORT
#define MIN_SRC_PORT
Definition: cnat_types.h:52

cnat_src_policy_main_::default_policy
cnat_vip_source_policy_t default_policy
Definition: cnat_src_policy.h:57

cnat_node_ctx_::af
ip_address_family_t af
Definition: cnat_types.h:164

cnat_src_port_allocator_
Definition: cnat_src_policy.h:39

i
sll srl srl sll sra u16x4 i
Definition: vector_sse42.h:317

CNAT_TRANSLATION_FLAG_ALLOCATE_PORT
Definition: cnat_translation.h:62

cnat_vip_default_source_policy
cnat_source_policy_errors_t cnat_vip_default_source_policy(vlib_main_t *vm, vlib_buffer_t *b, cnat_session_t *session, u32 *rsession_flags, const cnat_translation_t *ct, cnat_node_ctx_t *ctx)
Definition: cnat_src_policy.c:31

cnat_session_t_::flags
u32 flags
session flags if cs_lbi == INDEX_INVALID
Definition: cnat_session.h:100

ip4_header_t::protocol
u8 protocol
Definition: ip4_packet.h:115

ip6_header_t
Definition: ip6_packet.h:294

CNAT_N_SPORT_PROTO
Definition: cnat_src_policy.h:30

cnat_src_port_allocator_::lock
clib_spinlock_t lock
Definition: cnat_src_policy.h:45

clib_error_t
Definition: clib_error.h:21

cnat_src_policy.h

cnat_register_vip_src_policy
void cnat_register_vip_src_policy(cnat_vip_source_policy_t fp)
Definition: cnat_src_policy.c:25

vlib_main_t
Definition: main.h:119

vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:102

port
u16 port
Definition: lb_types.api:73

cnat_src_policy_main_
Definition: cnat_src_policy.h:54

CNAT_SPORT_PROTO_ICMP6
Definition: cnat_src_policy.h:29

cnat_inline.h

ip4_header_t
Definition: ip4_packet.h:87

cnat_translation_t_::flags
u8 flags
Translation flags.
Definition: cnat_translation.h:151

VLIB_RX
Definition: defs.h:46

cnat_src_policy_main_::vip_policy
cnat_vip_source_policy_t vip_policy
Definition: cnat_src_policy.h:56

cnat_session_t_::value
struct cnat_session_t_::@633 value
this value sits in the same memory location a &#39;value&#39; in the bihash kvp

cnat_src_policy_init
static clib_error_t * cnat_src_policy_init(vlib_main_t *vm)
Definition: cnat_src_policy.c:134