Line data Source code
1 : /*
2 : * Copyright (c) 2017 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : #ifndef __included_nat64_h__
16 : #define __included_nat64_h__
17 :
18 : #include <vnet/vnet.h>
19 : #include <vnet/ip/ip.h>
20 : #include <vnet/ethernet/ethernet.h>
21 : #include <vnet/ip/icmp46_packet.h>
22 : #include <vnet/api_errno.h>
23 : #include <vnet/fib/fib_source.h>
24 : #include <vppinfra/dlist.h>
25 : #include <vppinfra/error.h>
26 : #include <vlibapi/api.h>
27 : #include <vlib/log.h>
28 : #include <vnet/fib/fib_table.h>
29 : #include <vnet/fib/ip4_fib.h>
30 : #include <vnet/ip/reass/ip4_sv_reass.h>
31 :
32 : #include <nat/lib/lib.h>
33 : #include <nat/lib/inlines.h>
34 : #include <nat/lib/nat_inlines.h>
35 :
36 : #include <nat/nat64/nat64_db.h>
37 :
38 : typedef struct
39 : {
40 : u16 identifier;
41 : u16 sequence;
42 : } icmp_echo_header_t;
43 :
44 : typedef struct
45 : {
46 : u16 src_port, dst_port;
47 : } tcp_udp_header_t;
48 :
49 : #define foreach_nat64_tcp_ses_state \
50 : _(0, CLOSED, "closed") \
51 : _(1, V4_INIT, "v4-init") \
52 : _(2, V6_INIT, "v6-init") \
53 : _(3, ESTABLISHED, "established") \
54 : _(4, V4_FIN_RCV, "v4-fin-rcv") \
55 : _(5, V6_FIN_RCV, "v6-fin-rcv") \
56 : _(6, V6_FIN_V4_FIN_RCV, "v6-fin-v4-fin-rcv") \
57 : _(7, TRANS, "trans")
58 :
59 : typedef enum
60 : {
61 : #define _(v, N, s) NAT64_TCP_STATE_##N = v,
62 : foreach_nat64_tcp_ses_state
63 : #undef _
64 : } nat64_tcp_ses_state_t;
65 :
66 : typedef enum
67 : {
68 : NAT64_CLEANER_RESCHEDULE = 1,
69 : } nat64_cleaner_process_event_e;
70 :
71 : typedef struct
72 : {
73 : ip6_address_t prefix;
74 : u8 plen;
75 : u32 vrf_id;
76 : u32 fib_index;
77 : } nat64_prefix_t;
78 :
79 : typedef struct
80 : {
81 : ip6_address_t in_addr;
82 : u16 in_port;
83 : ip4_address_t out_addr;
84 : u16 out_port;
85 : u32 fib_index;
86 : u32 thread_index;
87 : u8 proto;
88 : u8 is_add;
89 : u8 done;
90 : } nat64_static_bib_to_update_t;
91 :
92 : typedef struct
93 : {
94 : ip4_address_t addr;
95 : u32 fib_index;
96 : /* *INDENT-OFF* */
97 : #define _(N, i, n, s) \
98 : u16 busy_##n##_ports; \
99 : u16 * busy_##n##_ports_per_thread; \
100 : u32 busy_##n##_port_refcounts[65535];
101 : foreach_nat_protocol
102 : #undef _
103 : /* *INDENT-ON* */
104 : } nat64_address_t;
105 :
106 : typedef struct
107 : {
108 : u32 sw_if_index;
109 : u8 flags;
110 : } nat64_interface_t;
111 :
112 : typedef struct
113 : {
114 : u32 enabled;
115 :
116 : nat64_config_t config;
117 :
118 : /* API message ID base */
119 : u16 msg_id_base;
120 :
121 : /* log class */
122 : vlib_log_class_t log_class;
123 :
124 : /** Interface pool */
125 : nat64_interface_t *interfaces;
126 :
127 : /** Address pool vector */
128 : nat64_address_t *addr_pool;
129 :
130 : /** sw_if_indices whose interface addresses should be auto-added */
131 : u32 *auto_add_sw_if_indices;
132 :
133 : /** Pref64 vector */
134 : nat64_prefix_t *pref64;
135 :
136 : /** BIB and session DB per thread */
137 : nat64_db_t *db;
138 :
139 : /** Worker handoff */
140 : u32 fq_in2out_index;
141 : u32 fq_out2in_index;
142 :
143 : /** Pool of static BIB entries to be added/deleted in worker threads */
144 : nat64_static_bib_to_update_t *static_bibs;
145 :
146 : /** config parameters */
147 : u32 bib_buckets;
148 : uword bib_memory_size;
149 : u32 st_buckets;
150 : uword st_memory_size;
151 :
152 : /** values of various timeouts */
153 : u32 udp_timeout;
154 : u32 icmp_timeout;
155 : u32 tcp_trans_timeout;
156 : u32 tcp_est_timeout;
157 :
158 : /* Total count of interfaces enabled */
159 : u32 total_enabled_count;
160 :
161 : /* Expire walk process node index */
162 : u32 expire_walk_node_index;
163 :
164 : /* Expire worker walk process node index */
165 : u32 expire_worker_walk_node_index;
166 :
167 : /* counters/gauges */
168 : vlib_simple_counter_main_t total_bibs;
169 : vlib_simple_counter_main_t total_sessions;
170 :
171 : /** node index **/
172 : u32 error_node_index;
173 :
174 : u32 in2out_node_index;
175 : u32 in2out_slowpath_node_index;
176 :
177 : u32 out2in_node_index;
178 :
179 : #define _(x) vlib_simple_counter_main_t x;
180 : struct
181 : {
182 : struct
183 : {
184 : foreach_nat_counter;
185 : } in2out;
186 :
187 : struct
188 : {
189 : foreach_nat_counter;
190 : } out2in;
191 : } counters;
192 : #undef _
193 :
194 : /* convenience */
195 : ip4_main_t *ip4_main;
196 :
197 : /* required */
198 : vnet_main_t *vnet_main;
199 :
200 : /* Randomize port allocation order */
201 : u32 random_seed;
202 :
203 : /* TCP MSS clamping */
204 : u16 mss_clamping;
205 :
206 : fib_source_t fib_src_hi;
207 : fib_source_t fib_src_low;
208 :
209 : /* Thread settings */
210 : u32 num_workers;
211 : u32 first_worker_index;
212 : u32 *workers;
213 : u16 port_per_thread;
214 :
215 : } nat64_main_t;
216 :
217 : extern nat64_main_t nat64_main;
218 : extern vlib_node_registration_t nat64_in2out_node;
219 : extern vlib_node_registration_t nat64_out2in_node;
220 :
221 : /**
222 : * @brief Add/delete address to NAT64 pool.
223 : *
224 : * @param thread_index Thread index used by ipfix nat logging (not address per thread).
225 : * @param addr IPv4 address.
226 : * @param vrf_id VRF id of tenant, ~0 means independent of VRF.
227 : * @param is_add 1 if add, 0 if delete.
228 : *
229 : * @returns 0 on success, non-zero value otherwise.
230 : */
231 : int nat64_add_del_pool_addr (u32 thread_index,
232 : ip4_address_t * addr, u32 vrf_id, u8 is_add);
233 :
234 : /**
235 : * @brief Call back function when walking addresses in NAT64 pool, non-zero
236 : * return value stop walk.
237 : */
238 : typedef int (*nat64_pool_addr_walk_fn_t) (nat64_address_t * addr, void *ctx);
239 :
240 : /**
241 : * @brief Walk NAT64 pool.
242 : *
243 : * @param fn The function to invoke on each entry visited.
244 : * @param ctx A context passed in the visit function.
245 : */
246 : void nat64_pool_addr_walk (nat64_pool_addr_walk_fn_t fn, void *ctx);
247 :
248 : /**
249 : * @brief NAT64 pool address from specific (DHCP addressed) interface.
250 : *
251 : * @param sw_if_index Index of the interface.
252 : * @param is_add 1 if add, 0 if delete.
253 : *
254 : * @returns 0 on success, non-zero value otherwise.
255 : */
256 : int nat64_add_interface_address (u32 sw_if_index, int is_add);
257 :
258 : /**
259 : * @brief Enable/disable NAT64 feature on the interface.
260 : *
261 : * @param sw_if_index Index of the interface.
262 : * @param is_inside 1 if inside, 0 if outside.
263 : * @param is_add 1 if add, 0 if delete.
264 : *
265 : * @returns 0 on success, non-zero value otherwise.
266 : */
267 : int nat64_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add);
268 :
269 : /**
270 : * @brief Call back function when walking interfaces with NAT64 feature,
271 : * non-zero return value stop walk.
272 : */
273 : typedef int (*nat64_interface_walk_fn_t) (nat64_interface_t * i, void *ctx);
274 :
275 : /**
276 : * @brief Walk NAT64 interfaces.
277 : *
278 : * @param fn The function to invoke on each entry visited.
279 : * @param ctx A context passed in the visit function.
280 : */
281 : void nat64_interfaces_walk (nat64_interface_walk_fn_t fn, void *ctx);
282 :
283 : /**
284 : * @brief Initialize NAT64.
285 : *
286 : * @param vm vlib main.
287 : *
288 : * @return error code.
289 : */
290 : clib_error_t *nat64_init (vlib_main_t * vm);
291 :
292 : /**
293 : * @brief Add/delete static NAT64 BIB entry.
294 : *
295 : * @param in_addr Inside IPv6 address.
296 : * @param out_addr Outside IPv4 address.
297 : * @param in_port Inside port number.
298 : * @param out_port Outside port number.
299 : * @param proto L4 protocol.
300 : * @param vrf_id VRF id of tenant.
301 : * @param is_add 1 if add, 0 if delete.
302 : *
303 : * @returns 0 on success, non-zero value otherwise.
304 : */
305 : int nat64_add_del_static_bib_entry (ip6_address_t * in_addr,
306 : ip4_address_t * out_addr, u16 in_port,
307 : u16 out_port, u8 proto, u32 vrf_id,
308 : u8 is_add);
309 :
310 : /**
311 : * @brief Alloce IPv4 address and port pair from NAT64 pool.
312 : *
313 : * @param fib_index FIB index of tenant.
314 : * @param proto L4 protocol.
315 : * @param addr Allocated IPv4 address.
316 : * @param port Allocated port number.
317 : * @param thread_index Thread index.
318 : *
319 : * @returns 0 on success, non-zero value otherwise.
320 : */
321 : int nat64_alloc_out_addr_and_port (u32 fib_index, nat_protocol_t proto,
322 : ip4_address_t * addr, u16 * port,
323 : u32 thread_index);
324 :
325 : /**
326 : * @brief Set UDP session timeout.
327 : *
328 : * @param timeout Timeout value in seconds (if 0 reset to default value 300sec).
329 : *
330 : * @returns 0 on success, non-zero value otherwise.
331 : */
332 : int nat64_set_udp_timeout (u32 timeout);
333 :
334 : /**
335 : * @brief Get UDP session timeout.
336 : *
337 : * @returns UDP session timeout in seconds.
338 : */
339 : u32 nat64_get_udp_timeout (void);
340 :
341 : /**
342 : * @brief Set ICMP session timeout.
343 : *
344 : * @param timeout Timeout value in seconds (if 0 reset to default value 60sec).
345 : *
346 : * @returns 0 on success, non-zero value otherwise.
347 : */
348 : int nat64_set_icmp_timeout (u32 timeout);
349 :
350 : /**
351 : * @brief Get ICMP session timeout.
352 : *
353 : * @returns ICMP session timeout in seconds.
354 : */
355 : u32 nat64_get_icmp_timeout (void);
356 :
357 : /**
358 : * @brief Set TCP session timeouts.
359 : *
360 : * @param trans Transitory timeout in seconds (if 0 reset to default value 240sec).
361 : * @param est Established timeout in seconds (if 0 reset to default value 7440sec).
362 : *
363 : * @returns 0 on success, non-zero value otherwise.
364 : */
365 : int nat64_set_tcp_timeouts (u32 trans, u32 est);
366 :
367 : /**
368 : * @brief Get TCP transitory timeout.
369 : *
370 : * @returns TCP transitory timeout in seconds.
371 : */
372 : u32 nat64_get_tcp_trans_timeout (void);
373 :
374 : /**
375 : * @brief Get TCP established timeout.
376 : *
377 : * @returns TCP established timeout in seconds.
378 : */
379 : u32 nat64_get_tcp_est_timeout (void);
380 :
381 : /**
382 : * @brief Reset NAT64 session timeout.
383 : *
384 : * @param ste Session table entry.
385 : * @param vm VLIB main.
386 : **/
387 : void nat64_session_reset_timeout (nat64_db_st_entry_t * ste,
388 : vlib_main_t * vm);
389 :
390 : /**
391 : * @brief Set NAT64 TCP session state.
392 : *
393 : * @param ste Session table entry.
394 : * @param tcp TCP header.
395 : * @param is_ip6 1 if IPv6 packet, 0 if IPv4.
396 : */
397 : void nat64_tcp_session_set_state (nat64_db_st_entry_t * ste,
398 : tcp_header_t * tcp, u8 is_ip6);
399 :
400 : /**
401 : * @brief Add/delete NAT64 prefix.
402 : *
403 : * @param prefix NAT64 prefix.
404 : * @param plen Prefix length.
405 : * @param vrf_id VRF id of tenant.
406 : * @param is_add 1 if add, 0 if delete.
407 : *
408 : * @returns 0 on success, non-zero value otherwise.
409 : */
410 : int nat64_add_del_prefix (ip6_address_t * prefix, u8 plen, u32 vrf_id,
411 : u8 is_add);
412 :
413 : /**
414 : * @brief Call back function when walking addresses in NAT64 prefixes, non-zero
415 : * return value stop walk.
416 : */
417 : typedef int (*nat64_prefix_walk_fn_t) (nat64_prefix_t * pref64, void *ctx);
418 :
419 : /**
420 : * @brief Walk NAT64 prefixes.
421 : *
422 : * @param fn The function to invoke on each entry visited.
423 : * @param ctx A context passed in the visit function.
424 : */
425 : void nat64_prefix_walk (nat64_prefix_walk_fn_t fn, void *ctx);
426 :
427 : /**
428 : * Compose IPv4-embedded IPv6 addresses.
429 : * @param ip6 IPv4-embedded IPv6 addresses.
430 : * @param ip4 IPv4 address.
431 : * @param fib_index Tenant FIB index.
432 : */
433 : void nat64_compose_ip6 (ip6_address_t * ip6, ip4_address_t * ip4,
434 : u32 fib_index);
435 :
436 : /**
437 : * Extract IPv4 address from the IPv4-embedded IPv6 addresses.
438 : *
439 : * @param ip6 IPv4-embedded IPv6 addresses.
440 : * @param ip4 IPv4 address.
441 : * @param fib_index Tenant FIB index.
442 : */
443 : void nat64_extract_ip4 (ip6_address_t * ip6, ip4_address_t * ip4,
444 : u32 fib_index);
445 :
446 : /**
447 : * @brief Set NAT64 hash tables configuration.
448 : *
449 : * @param bib_buckets Number of BIB hash buckets.
450 : * @param bib_memory_size Memory size of BIB hash.
451 : * @param st_buckets Number of session table hash buckets.
452 : * @param st_memory_size Memory size of session table hash.
453 : */
454 : void nat64_set_hash (u32 bib_buckets, uword bib_memory_size, u32 st_buckets,
455 : uword st_memory_size);
456 :
457 : /**
458 : * @brief Get worker thread index for NAT64 in2out.
459 : *
460 : * @param addr IPv6 src address.
461 : *
462 : * @returns worker thread index.
463 : */
464 : u32 nat64_get_worker_in2out (ip6_address_t * addr);
465 :
466 : /**
467 : * @brief Get worker thread index for NAT64 out2in.
468 : *
469 : * @param ip IPv4 header.
470 : *
471 : * @returns worker thread index.
472 : */
473 : u32 nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip);
474 :
475 : /* NAT64 interface flags */
476 : #define NAT64_INTERFACE_FLAG_IS_INSIDE 1
477 : #define NAT64_INTERFACE_FLAG_IS_OUTSIDE 2
478 :
479 : /** \brief Check if NAT64 interface is inside.
480 : @param i NAT64 interface
481 : @return 1 if inside interface
482 : */
483 : #define nat64_interface_is_inside(i) i->flags & NAT64_INTERFACE_FLAG_IS_INSIDE
484 :
485 : /** \brief Check if NAT64 interface is outside.
486 : @param i NAT64 interface
487 : @return 1 if outside interface
488 : */
489 : #define nat64_interface_is_outside(i) i->flags & NAT64_INTERFACE_FLAG_IS_OUTSIDE
490 :
491 : static_always_inline u8
492 4912 : plugin_enabled ()
493 : {
494 4912 : nat64_main_t *nm = &nat64_main;
495 4912 : return nm->enabled;
496 : }
497 :
498 : void
499 : nat64_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index,
500 : int is_add);
501 :
502 : int nat64_plugin_enable (nat64_config_t c);
503 : int nat64_plugin_disable ();
504 : void nat64_reset_timeouts ();
505 :
506 : format_function_t format_nat_protocol;
507 : unformat_function_t unformat_nat_protocol;
508 :
509 : /* logging */
510 : #define nat64_log_err(...) \
511 : vlib_log(VLIB_LOG_LEVEL_ERR, nat64_main.log_class, __VA_ARGS__)
512 : #define nat64_log_warn(...) \
513 : vlib_log(VLIB_LOG_LEVEL_WARNING, nat64_main.log_class, __VA_ARGS__)
514 : #define nat64_log_notice(...) \
515 : vlib_log(VLIB_LOG_LEVEL_NOTICE, nat64_main.log_class, __VA_ARGS__)
516 : #define nat64_log_info(...) \
517 : vlib_log(VLIB_LOG_LEVEL_INFO, nat64_main.log_class, __VA_ARGS__)
518 : #define nat64_log_debug(...)\
519 : vlib_log(VLIB_LOG_LEVEL_DEBUG, nat64_main.log_class, __VA_ARGS__)
520 :
521 : clib_error_t *nat64_api_hookup (vlib_main_t * vm);
522 :
523 : #endif /* __included_nat64_h__ */
524 :
525 : /*
526 : * fd.io coding-style-patch-verification: ON
527 : *
528 : * Local Variables:
529 : * eval: (c-set-style "gnu")
530 : * End:
531 : */
|
