Line data Source code
1 : /*
2 : * ct6_out2in.c - ip6 connection tracker, inside-to-outside path
3 : *
4 : * Copyright (c) 2019 Cisco and/or its affiliates.
5 : * Licensed under the Apache License, Version 2.0 (the "License");
6 : * you may not use this file except in compliance with the License.
7 : * You may obtain a copy of the License at:
8 : *
9 : * http://www.apache.org/licenses/LICENSE-2.0
10 : *
11 : * Unless required by applicable law or agreed to in writing, software
12 : * distributed under the License is distributed on an "AS IS" BASIS,
13 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 : * See the License for the specific language governing permissions and
15 : * limitations under the License.
16 : */
17 : #include <vlib/vlib.h>
18 : #include <vnet/vnet.h>
19 : #include <vppinfra/error.h>
20 : #include <ct6/ct6.h>
21 :
22 : typedef struct
23 : {
24 : u32 sw_if_index;
25 : u32 next_index;
26 : u32 session_index;
27 : } ct6_out2in_trace_t;
28 :
29 : #ifndef CLIB_MARCH_VARIANT
30 :
31 : /* packet trace format function */
32 : static u8 *
33 0 : format_ct6_out2in_trace (u8 * s, va_list * args)
34 : {
35 0 : CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
36 0 : CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
37 0 : ct6_out2in_trace_t *t = va_arg (*args, ct6_out2in_trace_t *);
38 :
39 0 : s = format (s, "CT6_OUT2IN: sw_if_index %d, next index %d session %d\n",
40 : t->sw_if_index, t->next_index, t->session_index);
41 0 : return s;
42 : }
43 :
44 : vlib_node_registration_t ct6_out2in_node;
45 :
46 : #endif /* CLIB_MARCH_VARIANT */
47 :
48 : #define foreach_ct6_out2in_error \
49 : _(PROCESSED, "ct6 packets processed") \
50 : _(NO_SESSION, "ct6 no session drops")
51 :
52 :
53 : typedef enum
54 : {
55 : #define _(sym,str) CT6_OUT2IN_ERROR_##sym,
56 : foreach_ct6_out2in_error
57 : #undef _
58 : CT6_OUT2IN_N_ERROR,
59 : } ct6_out2in_error_t;
60 :
61 : #ifndef CLIB_MARCH_VARIANT
62 : static char *ct6_out2in_error_strings[] = {
63 : #define _(sym,string) string,
64 : foreach_ct6_out2in_error
65 : #undef _
66 : };
67 : #endif /* CLIB_MARCH_VARIANT */
68 :
69 : typedef enum
70 : {
71 : CT6_OUT2IN_NEXT_DROP,
72 : CT6_OUT2IN_N_NEXT,
73 : } ct6_next_t;
74 :
75 : always_inline uword
76 0 : ct6_out2in_inline (vlib_main_t * vm,
77 : vlib_node_runtime_t * node, vlib_frame_t * frame,
78 : int is_trace)
79 : {
80 : u32 n_left_from, *from;
81 : vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b;
82 : u16 nexts[VLIB_FRAME_SIZE], *next;
83 0 : ct6_main_t *cmp = &ct6_main;
84 0 : u32 my_thread_index = vm->thread_index;
85 0 : f64 now = vlib_time_now (vm);
86 0 : u32 dropped = 0;
87 :
88 0 : from = vlib_frame_vector_args (frame);
89 0 : n_left_from = frame->n_vectors;
90 :
91 0 : vlib_get_buffers (vm, from, bufs, n_left_from);
92 0 : b = bufs;
93 0 : next = nexts;
94 :
95 : #if 0
96 : while (n_left_from >= 4)
97 : {
98 : /* Prefetch next iteration. */
99 : if (PREDICT_TRUE (n_left_from >= 8))
100 : {
101 : vlib_prefetch_buffer_header (b[4], STORE);
102 : vlib_prefetch_buffer_header (b[5], STORE);
103 : vlib_prefetch_buffer_header (b[6], STORE);
104 : vlib_prefetch_buffer_header (b[7], STORE);
105 : clib_prefetch_store (b[4]->data);
106 : clib_prefetch_store (b[5]->data);
107 : clib_prefetch_store (b[6]->data);
108 : clib_prefetch_store (b[7]->data);
109 : }
110 :
111 : /* $$$$ process 4x pkts right here */
112 : next[0] = 0;
113 : next[1] = 0;
114 : next[2] = 0;
115 : next[3] = 0;
116 :
117 : if (is_trace)
118 : {
119 : if (b[0]->flags & VLIB_BUFFER_IS_TRACED)
120 : {
121 : ct6_trace_t *t = vlib_add_trace (vm, node, b[0], sizeof (*t));
122 : t->next_index = next[0];
123 : t->sw_if_index = vnet_buffer (b[0])->sw_if_index[VLIB_RX];
124 : }
125 : if (b[1]->flags & VLIB_BUFFER_IS_TRACED)
126 : {
127 : ct6_trace_t *t = vlib_add_trace (vm, node, b[1], sizeof (*t));
128 : t->next_index = next[1];
129 : t->sw_if_index = vnet_buffer (b[1])->sw_if_index[VLIB_RX];
130 : }
131 : if (b[2]->flags & VLIB_BUFFER_IS_TRACED)
132 : {
133 : ct6_trace_t *t = vlib_add_trace (vm, node, b[2], sizeof (*t));
134 : t->next_index = next[2];
135 : t->sw_if_index = vnet_buffer (b[2])->sw_if_index[VLIB_RX];
136 : }
137 : if (b[3]->flags & VLIB_BUFFER_IS_TRACED)
138 : {
139 : ct6_trace_t *t = vlib_add_trace (vm, node, b[3], sizeof (*t));
140 : t->next_index = next[3];
141 : t->sw_if_index = vnet_buffer (b[3])->sw_if_index[VLIB_RX];
142 : }
143 : }
144 :
145 : b += 4;
146 : next += 4;
147 : n_left_from -= 4;
148 : }
149 : #endif
150 :
151 0 : while (n_left_from > 0)
152 : {
153 : clib_bihash_kv_48_8_t kvp0;
154 : ct6_session_key_t *key0;
155 : ct6_session_t *s0;
156 0 : u32 session_index0 = ~0;
157 : u32 next0;
158 :
159 : ip6_header_t *ip0;
160 : udp_header_t *udp0;
161 :
162 : /* Are we having fun yet? */
163 0 : vnet_feature_next (&next0, b[0]);
164 0 : next[0] = next0;
165 :
166 0 : ip0 = vlib_buffer_get_current (b[0]);
167 :
168 : /*
169 : * Pass non-global unicast traffic
170 : */
171 0 : if (PREDICT_FALSE (!ip6_address_is_global_unicast (&ip0->src_address)
172 : ||
173 : !ip6_address_is_global_unicast (&ip0->src_address)))
174 0 : goto trace0;
175 : /* Pass non-udp, non-tcp traffic */
176 0 : if (PREDICT_FALSE (ip0->protocol != IP_PROTOCOL_TCP &&
177 : ip0->protocol != IP_PROTOCOL_UDP))
178 0 : goto trace0;
179 :
180 0 : udp0 = ip6_next_header (ip0);
181 :
182 : /*
183 : * See if we know about this flow.
184 : */
185 0 : key0 = (ct6_session_key_t *) & kvp0;
186 0 : clib_memcpy_fast (&key0->src, &ip0->src_address,
187 : sizeof (ip6_address_t));
188 0 : clib_memcpy_fast (&key0->dst, &ip0->dst_address,
189 : sizeof (ip6_address_t));
190 0 : key0->as_u64[4] = 0;
191 0 : key0->as_u64[5] = 0;
192 0 : key0->sport = udp0->src_port;
193 0 : key0->dport = udp0->dst_port;
194 0 : key0->proto = ip0->protocol;
195 :
196 : /* Do we know about this session? */
197 0 : if (clib_bihash_search_48_8 (&cmp->session_hash, &kvp0, &kvp0) < 0)
198 : {
199 : /* Bad engineer, no donut for you... */
200 0 : next[0] = CT6_OUT2IN_NEXT_DROP;
201 0 : b[0]->error = node->errors[CT6_OUT2IN_ERROR_NO_SESSION];
202 0 : dropped++;
203 0 : goto trace0;
204 : }
205 : else
206 : {
207 0 : s0 = pool_elt_at_index (cmp->sessions[my_thread_index], kvp0.value);
208 0 : session_index0 = kvp0.value;
209 0 : ct6_update_session_hit (cmp, s0, now);
210 : }
211 :
212 0 : trace0:
213 0 : if (is_trace)
214 : {
215 0 : if (b[0]->flags & VLIB_BUFFER_IS_TRACED)
216 : {
217 : ct6_out2in_trace_t *t =
218 0 : vlib_add_trace (vm, node, b[0], sizeof (*t));
219 0 : t->next_index = next[0];
220 0 : t->sw_if_index = vnet_buffer (b[0])->sw_if_index[VLIB_RX];
221 0 : t->session_index = session_index0;
222 : }
223 : }
224 :
225 0 : b += 1;
226 0 : next += 1;
227 0 : n_left_from -= 1;
228 : }
229 :
230 0 : vlib_buffer_enqueue_to_next (vm, node, from, nexts, frame->n_vectors);
231 :
232 0 : vlib_node_increment_counter (vm, node->node_index,
233 0 : CT6_OUT2IN_ERROR_PROCESSED, frame->n_vectors);
234 0 : vlib_node_increment_counter (vm, node->node_index,
235 : CT6_OUT2IN_ERROR_NO_SESSION, dropped);
236 :
237 0 : return frame->n_vectors;
238 : }
239 :
240 2300 : VLIB_NODE_FN (ct6_out2in_node) (vlib_main_t * vm, vlib_node_runtime_t * node,
241 : vlib_frame_t * frame)
242 : {
243 0 : if (PREDICT_FALSE (node->flags & VLIB_NODE_FLAG_TRACE))
244 0 : return ct6_out2in_inline (vm, node, frame, 1 /* is_trace */ );
245 : else
246 0 : return ct6_out2in_inline (vm, node, frame, 0 /* is_trace */ );
247 : }
248 :
249 : /* *INDENT-OFF* */
250 : #ifndef CLIB_MARCH_VARIANT
251 163052 : VLIB_REGISTER_NODE (ct6_out2in_node) =
252 : {
253 : .name = "ct6-out2in",
254 : .vector_size = sizeof (u32),
255 : .format_trace = format_ct6_out2in_trace,
256 : .type = VLIB_NODE_TYPE_INTERNAL,
257 :
258 : .n_errors = ARRAY_LEN(ct6_out2in_error_strings),
259 : .error_strings = ct6_out2in_error_strings,
260 :
261 : .n_next_nodes = CT6_OUT2IN_N_NEXT,
262 :
263 : /* edit / add dispositions here */
264 : .next_nodes = {
265 : [CT6_OUT2IN_NEXT_DROP] = "error-drop",
266 : },
267 : };
268 : #endif /* CLIB_MARCH_VARIANT */
269 : /* *INDENT-ON* */
270 :
271 : /*
272 : * fd.io coding-style-patch-verification: ON
273 : *
274 : * Local Variables:
275 : * eval: (c-set-style "gnu")
276 : * End:
277 : */
|
