Line data Source code
1 : /*
2 : * Copyright (c) 2018 Cisco and/or its affiliates.
3 : * Licensed under the Apache License, Version 2.0 (the "License");
4 : * you may not use this file except in compliance with the License.
5 : * You may obtain a copy of the License at:
6 : *
7 : * http://www.apache.org/licenses/LICENSE-2.0
8 : *
9 : * Unless required by applicable law or agreed to in writing, software
10 : * distributed under the License is distributed on an "AS IS" BASIS,
11 : * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 : * See the License for the specific language governing permissions and
13 : * limitations under the License.
14 : */
15 : /**
16 : * @file
17 : * @brief NAT66 outside to inside network translation
18 : */
19 :
20 : #include <nat/nat66/nat66.h>
21 : #include <vnet/ip/ip6_to_ip4.h>
22 : #include <vnet/fib/fib_table.h>
23 :
24 : typedef struct
25 : {
26 : u32 sw_if_index;
27 : u32 next_index;
28 : } nat66_out2in_trace_t;
29 :
30 : static u8 *
31 4 : format_nat66_out2in_trace (u8 * s, va_list * args)
32 : {
33 4 : CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
34 4 : CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
35 4 : nat66_out2in_trace_t *t = va_arg (*args, nat66_out2in_trace_t *);
36 :
37 : s =
38 4 : format (s, "NAT66-out2in: sw_if_index %d, next index %d", t->sw_if_index,
39 : t->next_index);
40 :
41 4 : return s;
42 : }
43 :
44 : #define foreach_nat66_out2in_error \
45 : _(NO_TRANSLATION, "no translation") \
46 : _(UNKNOWN, "unknown")
47 :
48 : typedef enum
49 : {
50 : #define _(sym,str) NAT66_OUT2IN_ERROR_##sym,
51 : foreach_nat66_out2in_error
52 : #undef _
53 : NAT66_OUT2IN_N_ERROR,
54 : } nat66_out2in_error_t;
55 :
56 : static char *nat66_out2in_error_strings[] = {
57 : #define _(sym,string) string,
58 : foreach_nat66_out2in_error
59 : #undef _
60 : };
61 :
62 : typedef enum
63 : {
64 : NAT66_OUT2IN_NEXT_IP6_LOOKUP,
65 : NAT66_OUT2IN_NEXT_DROP,
66 : NAT66_OUT2IN_N_NEXT,
67 : } nat66_out2in_next_t;
68 :
69 2301 : VLIB_NODE_FN (nat66_out2in_node) (vlib_main_t * vm,
70 : vlib_node_runtime_t * node,
71 : vlib_frame_t * frame)
72 : {
73 : u32 n_left_from, *from, *to_next;
74 : nat66_out2in_next_t next_index;
75 1 : u32 thread_index = vm->thread_index;
76 1 : nat66_main_t *nm = &nat66_main;
77 :
78 1 : from = vlib_frame_vector_args (frame);
79 1 : n_left_from = frame->n_vectors;
80 1 : next_index = node->cached_next_index;
81 :
82 2 : while (n_left_from > 0)
83 : {
84 : u32 n_left_to_next;
85 :
86 1 : vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
87 :
88 5 : while (n_left_from > 0 && n_left_to_next > 0)
89 : {
90 : u32 bi0;
91 : vlib_buffer_t *b0;
92 4 : u32 next0 = NAT66_OUT2IN_NEXT_IP6_LOOKUP;
93 : ip6_header_t *ip60;
94 : u16 l4_offset0, frag_offset0;
95 : u8 l4_protocol0;
96 : nat66_static_mapping_t *sm0;
97 : u32 sw_if_index0, fib_index0;
98 : udp_header_t *udp0;
99 : tcp_header_t *tcp0;
100 : icmp46_header_t *icmp0;
101 4 : u16 *checksum0 = 0;
102 : ip_csum_t csum0;
103 :
104 : /* speculatively enqueue b0 to the current next frame */
105 4 : bi0 = from[0];
106 4 : to_next[0] = bi0;
107 4 : from += 1;
108 4 : to_next += 1;
109 4 : n_left_from -= 1;
110 4 : n_left_to_next -= 1;
111 :
112 4 : b0 = vlib_get_buffer (vm, bi0);
113 4 : ip60 = vlib_buffer_get_current (b0);
114 :
115 4 : if (PREDICT_FALSE
116 : (ip6_parse
117 : (vm, b0, ip60, b0->current_length, &l4_protocol0, &l4_offset0,
118 : &frag_offset0)))
119 : {
120 0 : next0 = NAT66_OUT2IN_NEXT_DROP;
121 0 : b0->error = node->errors[NAT66_OUT2IN_ERROR_UNKNOWN];
122 0 : goto trace0;
123 : }
124 :
125 4 : sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
126 : fib_index0 =
127 4 : fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6,
128 : sw_if_index0);
129 :
130 4 : sm0 = nat66_static_mapping_get (&ip60->dst_address, fib_index0, 0);
131 4 : if (PREDICT_FALSE (!sm0))
132 : {
133 0 : goto trace0;
134 : }
135 :
136 4 : if (l4_protocol0 == IP_PROTOCOL_UDP)
137 : {
138 1 : udp0 = (udp_header_t *) u8_ptr_add (ip60, l4_offset0);
139 1 : checksum0 = &udp0->checksum;
140 : }
141 3 : else if (l4_protocol0 == IP_PROTOCOL_TCP)
142 : {
143 1 : tcp0 = (tcp_header_t *) u8_ptr_add (ip60, l4_offset0);
144 1 : checksum0 = &tcp0->checksum;
145 : }
146 2 : else if (l4_protocol0 == IP_PROTOCOL_ICMP6)
147 : {
148 1 : icmp0 = (icmp46_header_t *) u8_ptr_add (ip60, l4_offset0);
149 1 : checksum0 = &icmp0->checksum;
150 : }
151 : else
152 1 : goto skip_csum0;
153 :
154 3 : csum0 = ip_csum_sub_even (*checksum0, ip60->dst_address.as_u64[0]);
155 3 : csum0 = ip_csum_sub_even (csum0, ip60->dst_address.as_u64[1]);
156 3 : csum0 = ip_csum_add_even (csum0, sm0->l_addr.as_u64[0]);
157 3 : csum0 = ip_csum_add_even (csum0, sm0->l_addr.as_u64[1]);
158 3 : *checksum0 = ip_csum_fold (csum0);
159 :
160 4 : skip_csum0:
161 4 : ip60->dst_address.as_u64[0] = sm0->l_addr.as_u64[0];
162 4 : ip60->dst_address.as_u64[1] = sm0->l_addr.as_u64[1];
163 4 : vnet_buffer (b0)->sw_if_index[VLIB_TX] = sm0->fib_index;
164 :
165 4 : vlib_increment_combined_counter (&nm->session_counters,
166 4 : thread_index, sm0 - nm->sm, 1,
167 : vlib_buffer_length_in_chain (vm,
168 : b0));
169 :
170 4 : trace0:
171 4 : if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
172 : && (b0->flags & VLIB_BUFFER_IS_TRACED)))
173 : {
174 : nat66_out2in_trace_t *t =
175 4 : vlib_add_trace (vm, node, b0, sizeof (*t));
176 4 : t->sw_if_index = vnet_buffer (b0)->sw_if_index[VLIB_RX];
177 4 : t->next_index = next0;
178 : }
179 :
180 4 : if (next0 != NAT66_OUT2IN_NEXT_DROP)
181 : {
182 4 : vlib_increment_simple_counter (&nm->out2in_packets,
183 : thread_index, sw_if_index0, 1);
184 : }
185 :
186 : /* verify speculative enqueue, maybe switch current next frame */
187 4 : vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
188 : n_left_to_next, bi0, next0);
189 : }
190 1 : vlib_put_next_frame (vm, node, next_index, n_left_to_next);
191 : }
192 :
193 1 : return frame->n_vectors;
194 : }
195 :
196 : /* *INDENT-OFF* */
197 66842 : VLIB_REGISTER_NODE (nat66_out2in_node) = {
198 : .name = "nat66-out2in",
199 : .vector_size = sizeof (u32),
200 : .format_trace = format_nat66_out2in_trace,
201 : .type = VLIB_NODE_TYPE_INTERNAL,
202 : .n_errors = ARRAY_LEN (nat66_out2in_error_strings),
203 : .error_strings = nat66_out2in_error_strings,
204 : .n_next_nodes = NAT66_OUT2IN_N_NEXT,
205 : /* edit / add dispositions here */
206 : .next_nodes = {
207 : [NAT66_OUT2IN_NEXT_DROP] = "error-drop",
208 : [NAT66_OUT2IN_NEXT_IP6_LOOKUP] = "ip6-lookup",
209 : },
210 : };
211 : /* *INDENT-ON* */
212 :
213 : /*
214 : * fd.io coding-style-patch-verification: ON
215 : *
216 : * Local Variables:
217 : * eval: (c-set-style "gnu")
218 : * End:
219 : */
|
