Line data Source code
1 : /*
2 : * Copyright (c) 2018 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : /**
16 : * @file
17 : * @brief NAT66 inside to outside network translation
18 : */
19 :
20 : #include <nat/nat66/nat66.h>
21 : #include <vnet/ip/ip6_to_ip4.h>
22 : #include <vnet/fib/fib_table.h>
23 :
24 : typedef struct
25 : {
26 : u32 sw_if_index;
27 : u32 next_index;
28 : } nat66_in2out_trace_t;
29 :
30 : static u8 *
31 1 : format_nat66_in2out_trace (u8 * s, va_list * args)
32 : {
33 1 : CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
34 1 : CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
35 1 : nat66_in2out_trace_t *t = va_arg (*args, nat66_in2out_trace_t *);
36 :
37 : s =
38 1 : format (s, "NAT66-in2out: sw_if_index %d, next index %d", t->sw_if_index,
39 : t->next_index);
40 :
41 1 : return s;
42 : }
43 :
44 : #define foreach_nat66_in2out_error \
45 : _(NO_TRANSLATION, "no translation") \
46 : _(UNKNOWN, "unknown")
47 :
48 : typedef enum
49 : {
50 : #define _(sym,str) NAT66_IN2OUT_ERROR_##sym,
51 : foreach_nat66_in2out_error
52 : #undef _
53 : NAT66_IN2OUT_N_ERROR,
54 : } nat66_in2out_error_t;
55 :
56 : static char *nat66_in2out_error_strings[] = {
57 : #define _(sym,string) string,
58 : foreach_nat66_in2out_error
59 : #undef _
60 : };
61 :
62 : typedef enum
63 : {
64 : NAT66_IN2OUT_NEXT_IP6_LOOKUP,
65 : NAT66_IN2OUT_NEXT_DROP,
66 : NAT66_IN2OUT_N_NEXT,
67 : } nat66_in2out_next_t;
68 :
69 : static inline u8
70 5 : nat66_not_translate (u32 rx_fib_index, ip6_address_t ip6_addr)
71 : {
72 5 : nat66_main_t *nm = &nat66_main;
73 : u32 sw_if_index;
74 : nat66_interface_t *i;
75 5 : fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
76 5 : fib_prefix_t pfx = {
77 : .fp_proto = FIB_PROTOCOL_IP6,
78 : .fp_len = 128,
79 : .fp_addr = {
80 : .ip6 = ip6_addr,
81 : },
82 : };
83 :
84 5 : fei = fib_table_lookup (rx_fib_index, &pfx);
85 5 : if (FIB_NODE_INDEX_INVALID == fei)
86 0 : return 1;
87 5 : sw_if_index = fib_entry_get_resolving_interface (fei);
88 :
89 5 : if (sw_if_index == ~0)
90 : {
91 0 : fei = fib_table_lookup (nm->outside_fib_index, &pfx);
92 0 : if (FIB_NODE_INDEX_INVALID == fei)
93 0 : return 1;
94 0 : sw_if_index = fib_entry_get_resolving_interface (fei);
95 : }
96 :
97 : /* *INDENT-OFF* */
98 11 : pool_foreach (i, nm->interfaces)
99 : {
100 : /* NAT packet aimed at outside interface */
101 10 : if (nat66_interface_is_outside (i) && sw_if_index == i->sw_if_index)
102 4 : return 0;
103 : }
104 : /* *INDENT-ON* */
105 :
106 1 : return 1;
107 : }
108 :
109 2302 : VLIB_NODE_FN (nat66_in2out_node) (vlib_main_t * vm,
110 : vlib_node_runtime_t * node,
111 : vlib_frame_t * frame)
112 : {
113 : u32 n_left_from, *from, *to_next;
114 : nat66_in2out_next_t next_index;
115 2 : u32 thread_index = vm->thread_index;
116 2 : nat66_main_t *nm = &nat66_main;
117 :
118 2 : from = vlib_frame_vector_args (frame);
119 2 : n_left_from = frame->n_vectors;
120 2 : next_index = node->cached_next_index;
121 :
122 4 : while (n_left_from > 0)
123 : {
124 : u32 n_left_to_next;
125 :
126 2 : vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
127 :
128 7 : while (n_left_from > 0 && n_left_to_next > 0)
129 : {
130 : u32 bi0;
131 : vlib_buffer_t *b0;
132 5 : u32 next0 = NAT66_IN2OUT_NEXT_IP6_LOOKUP;
133 : ip6_header_t *ip60;
134 : u16 l4_offset0, frag_offset0;
135 : u8 l4_protocol0;
136 : nat66_static_mapping_t *sm0;
137 : u32 sw_if_index0, fib_index0;
138 : udp_header_t *udp0;
139 : tcp_header_t *tcp0;
140 : icmp46_header_t *icmp0;
141 5 : u16 *checksum0 = 0;
142 : ip_csum_t csum0;
143 :
144 : /* speculatively enqueue b0 to the current next frame */
145 5 : bi0 = from[0];
146 5 : to_next[0] = bi0;
147 5 : from += 1;
148 5 : to_next += 1;
149 5 : n_left_from -= 1;
150 5 : n_left_to_next -= 1;
151 :
152 5 : b0 = vlib_get_buffer (vm, bi0);
153 5 : ip60 = vlib_buffer_get_current (b0);
154 :
155 5 : if (PREDICT_FALSE
156 : (ip6_parse
157 : (vm, b0, ip60, b0->current_length, &l4_protocol0, &l4_offset0,
158 : &frag_offset0)))
159 : {
160 0 : next0 = NAT66_IN2OUT_NEXT_DROP;
161 0 : b0->error = node->errors[NAT66_IN2OUT_ERROR_UNKNOWN];
162 0 : goto trace0;
163 : }
164 :
165 5 : sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
166 : fib_index0 =
167 5 : fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6,
168 : sw_if_index0);
169 :
170 5 : if (nat66_not_translate (fib_index0, ip60->dst_address))
171 1 : goto trace0;
172 :
173 4 : sm0 = nat66_static_mapping_get (&ip60->src_address, fib_index0, 1);
174 4 : if (PREDICT_FALSE (!sm0))
175 : {
176 0 : goto trace0;
177 : }
178 :
179 4 : if (l4_protocol0 == IP_PROTOCOL_UDP)
180 : {
181 1 : udp0 = (udp_header_t *) u8_ptr_add (ip60, l4_offset0);
182 1 : checksum0 = &udp0->checksum;
183 : }
184 3 : else if (l4_protocol0 == IP_PROTOCOL_TCP)
185 : {
186 1 : tcp0 = (tcp_header_t *) u8_ptr_add (ip60, l4_offset0);
187 1 : checksum0 = &tcp0->checksum;
188 : }
189 2 : else if (l4_protocol0 == IP_PROTOCOL_ICMP6)
190 : {
191 1 : icmp0 = (icmp46_header_t *) u8_ptr_add (ip60, l4_offset0);
192 1 : checksum0 = &icmp0->checksum;
193 : }
194 : else
195 1 : goto skip_csum0;
196 :
197 3 : csum0 = ip_csum_sub_even (*checksum0, ip60->src_address.as_u64[0]);
198 3 : csum0 = ip_csum_sub_even (csum0, ip60->src_address.as_u64[1]);
199 3 : csum0 = ip_csum_add_even (csum0, sm0->e_addr.as_u64[0]);
200 3 : csum0 = ip_csum_add_even (csum0, sm0->e_addr.as_u64[1]);
201 3 : *checksum0 = ip_csum_fold (csum0);
202 :
203 4 : skip_csum0:
204 4 : ip60->src_address.as_u64[0] = sm0->e_addr.as_u64[0];
205 4 : ip60->src_address.as_u64[1] = sm0->e_addr.as_u64[1];
206 :
207 4 : vlib_increment_combined_counter (&nm->session_counters,
208 4 : thread_index, sm0 - nm->sm, 1,
209 : vlib_buffer_length_in_chain (vm,
210 : b0));
211 :
212 5 : trace0:
213 5 : if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
214 : && (b0->flags & VLIB_BUFFER_IS_TRACED)))
215 : {
216 : nat66_in2out_trace_t *t =
217 5 : vlib_add_trace (vm, node, b0, sizeof (*t));
218 5 : t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
219 5 : t->next_index = next0;
220 : }
221 :
222 5 : if (next0 != NAT66_IN2OUT_NEXT_DROP)
223 : {
224 5 : vlib_increment_simple_counter (&nm->in2out_packets,
225 : thread_index, sw_if_index0, 1);
226 : }
227 :
228 : /* verify speculative enqueue, maybe switch current next frame */
229 5 : vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
230 : n_left_to_next, bi0, next0);
231 : }
232 2 : vlib_put_next_frame (vm, node, next_index, n_left_to_next);
233 : }
234 :
235 2 : return frame->n_vectors;
236 : }
237 :
238 : /* *INDENT-OFF* */
239 66842 : VLIB_REGISTER_NODE (nat66_in2out_node) = {
240 : .name = "nat66-in2out",
241 : .vector_size = sizeof (u32),
242 : .format_trace = format_nat66_in2out_trace,
243 : .type = VLIB_NODE_TYPE_INTERNAL,
244 : .n_errors = ARRAY_LEN (nat66_in2out_error_strings),
245 : .error_strings = nat66_in2out_error_strings,
246 : .n_next_nodes = NAT66_IN2OUT_N_NEXT,
247 : /* edit / add dispositions here */
248 : .next_nodes = {
249 : [NAT66_IN2OUT_NEXT_DROP] = "error-drop",
250 : [NAT66_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
251 : },
252 : };
253 : /* *INDENT-ON* */
254 :
255 : /*
256 : * fd.io coding-style-patch-verification: ON
257 : *
258 : * Local Variables:
259 : * eval: (c-set-style "gnu")
260 : * End:
261 : */
|
