FD.io VPP  v21.01.1
Vector Packet Processing
nat66.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @file
17  * @brief NAT66 implementation
18  */
19 
20 #include <vpp/app/version.h>
21 #include <vnet/plugin/plugin.h>
22 #include <nat/nat66/nat66.h>
23 #include <vnet/fib/fib_table.h>
25 
28 
29 /* *INDENT-OFF* */
30 
31 /* Hook up input features */
32 VNET_FEATURE_INIT (nat66_in2out, static) = {
33  .arc_name = "ip6-unicast",
34  .node_name = "nat66-in2out",
35  .runs_before = VNET_FEATURES ("ip6-lookup"),
36  .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
37 };
38 VNET_FEATURE_INIT (nat66_out2in, static) = {
39  .arc_name = "ip6-unicast",
40  .node_name = "nat66-out2in",
41  .runs_before = VNET_FEATURES ("ip6-lookup"),
42  .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
43 };
44 
45 /* *INDENT-ON* */
46 
48 static clib_error_t *
50 {
51  nat66_main_t *nm = &nat66_main;
53  u32 static_mapping_buckets = 1024;
54  uword static_mapping_memory_size = 64 << 20;
55 
56  node = vlib_get_node_by_name (vm, (u8 *) "nat66-in2out");
57  nm->in2out_node_index = node->index;
58 
59  node = vlib_get_node_by_name (vm, (u8 *) "nat66-out2in");
60  nm->out2in_node_index = node->index;
61 
62  clib_bihash_init_24_8 (&nm->sm_l, "nat66-static-map-by-local",
63  static_mapping_buckets, static_mapping_memory_size);
64  clib_bihash_init_24_8 (&nm->sm_e, "nat66-static-map-by-external",
65  static_mapping_buckets, static_mapping_memory_size);
66 
67  nm->session_counters.name = "session counters";
68 
69  nat_fib_src_hi = fib_source_allocate ("nat66-hi",
72 
73  nm->in2out_packets.name = "in2out";
74  nm->in2out_packets.stat_segment_name = "/nat64/in2out";
75  nm->out2in_packets.name = "out2in";
76  nm->out2in_packets.stat_segment_name = "/nat64/out2in";
77  return nat66_plugin_api_hookup (vm);
78 }
79 
80 static void
82 {
83  vlib_validate_simple_counter (&nm->in2out_packets, sw_if_index);
84  vlib_zero_simple_counter (&nm->in2out_packets, sw_if_index);
85  vlib_validate_simple_counter (&nm->out2in_packets, sw_if_index);
86  vlib_zero_simple_counter (&nm->out2in_packets, sw_if_index);
87 }
88 
89 int
91 {
92  nat66_main_t *nm = &nat66_main;
93  nat66_interface_t *interface = 0, *i;
94  const char *feature_name;
95 
96  /* *INDENT-OFF* */
97  pool_foreach (i, nm->interfaces)
98  {
99  if (i->sw_if_index == sw_if_index)
100  {
101  interface = i;
102  break;
103  }
104  }
105  /* *INDENT-ON* */
106 
107  if (is_add)
108  {
109  if (interface)
110  return VNET_API_ERROR_VALUE_EXIST;
111 
112  pool_get (nm->interfaces, interface);
113  interface->sw_if_index = sw_if_index;
114  interface->flags =
115  is_inside ? NAT66_INTERFACE_FLAG_IS_INSIDE :
117  nat66_validate_counters (nm, sw_if_index);
118  }
119  else
120  {
121  if (!interface)
122  return VNET_API_ERROR_NO_SUCH_ENTRY;
123 
124  pool_put (nm->interfaces, interface);
125  }
126 
127  feature_name = is_inside ? "nat66-in2out" : "nat66-out2in";
128  int rv = ip6_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add);
129  if (rv)
130  return rv;
131  return vnet_feature_enable_disable ("ip6-unicast", feature_name,
132  sw_if_index, is_add, 0, 0);
133 }
134 
135 void
137 {
138  nat66_main_t *nm = &nat66_main;
139  nat66_interface_t *i = 0;
140 
141  /* *INDENT-OFF* */
142  pool_foreach (i, nm->interfaces)
143  {
144  if (fn (i, ctx))
145  break;
146  }
147  /* *INDENT-ON* */
148 }
149 
151 nat66_static_mapping_get (ip6_address_t * addr, u32 fib_index, u8 is_local)
152 {
153  nat66_main_t *nm = &nat66_main;
154  nat66_static_mapping_t *sm = 0;
155  nat66_sm_key_t sm_key;
157 
158  sm_key.addr.as_u64[0] = addr->as_u64[0];
159  sm_key.addr.as_u64[1] = addr->as_u64[1];
160  sm_key.fib_index = fib_index;
161  sm_key.rsvd = 0;
162 
163  kv.key[0] = sm_key.as_u64[0];
164  kv.key[1] = sm_key.as_u64[1];
165  kv.key[2] = sm_key.as_u64[2];
166 
167  if (!clib_bihash_search_24_8
168  (is_local ? &nm->sm_l : &nm->sm_e, &kv, &value))
169  sm = pool_elt_at_index (nm->sm, value.value);
170 
171  return sm;
172 }
173 
174 int
175 nat66_static_mapping_add_del (ip6_address_t * l_addr, ip6_address_t * e_addr,
176  u32 vrf_id, u8 is_add)
177 {
178  nat66_main_t *nm = &nat66_main;
179  int rv = 0;
180  nat66_static_mapping_t *sm = 0;
181  nat66_sm_key_t sm_key;
183  u32 fib_index = fib_table_find (FIB_PROTOCOL_IP6, vrf_id);
184 
185  sm_key.addr.as_u64[0] = l_addr->as_u64[0];
186  sm_key.addr.as_u64[1] = l_addr->as_u64[1];
187  sm_key.fib_index = fib_index;
188  sm_key.rsvd = 0;
189  kv.key[0] = sm_key.as_u64[0];
190  kv.key[1] = sm_key.as_u64[1];
191  kv.key[2] = sm_key.as_u64[2];
192 
193  if (!clib_bihash_search_24_8 (&nm->sm_l, &kv, &value))
194  sm = pool_elt_at_index (nm->sm, value.value);
195 
196  if (is_add)
197  {
198  if (sm)
199  return VNET_API_ERROR_VALUE_EXIST;
200 
203  pool_get (nm->sm, sm);
204  clib_memset (sm, 0, sizeof (*sm));
205  sm->l_addr.as_u64[0] = l_addr->as_u64[0];
206  sm->l_addr.as_u64[1] = l_addr->as_u64[1];
207  sm->e_addr.as_u64[0] = e_addr->as_u64[0];
208  sm->e_addr.as_u64[1] = e_addr->as_u64[1];
209  sm->fib_index = fib_index;
210 
211  sm_key.fib_index = fib_index;
212  kv.key[0] = sm_key.as_u64[0];
213  kv.key[1] = sm_key.as_u64[1];
214  kv.key[2] = sm_key.as_u64[2];
215  kv.value = sm - nm->sm;
216  if (clib_bihash_add_del_24_8 (&nm->sm_l, &kv, 1))
217  nat66_elog_warn ("nat66-static-map-by-local add key failed");
218  sm_key.addr.as_u64[0] = e_addr->as_u64[0];
219  sm_key.addr.as_u64[1] = e_addr->as_u64[1];
220  sm_key.fib_index = 0;
221  kv.key[0] = sm_key.as_u64[0];
222  kv.key[1] = sm_key.as_u64[1];
223  kv.key[2] = sm_key.as_u64[2];
224  if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 1))
225  nat66_elog_warn ("nat66-static-map-by-external add key failed");
226 
229  }
230  else
231  {
232  if (!sm)
233  return VNET_API_ERROR_NO_SUCH_ENTRY;
234 
235  kv.value = sm - nm->sm;
236  if (clib_bihash_add_del_24_8 (&nm->sm_l, &kv, 0))
237  nat66_elog_warn ("nat66-static-map-by-local delete key failed");
238  sm_key.addr.as_u64[0] = e_addr->as_u64[0];
239  sm_key.addr.as_u64[1] = e_addr->as_u64[1];
240  sm_key.fib_index = 0;
241  kv.key[0] = sm_key.as_u64[0];
242  kv.key[1] = sm_key.as_u64[1];
243  kv.key[2] = sm_key.as_u64[2];
244  if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 0))
245  nat66_elog_warn ("nat66-static-map-by-external delete key failed");
247  pool_put (nm->sm, sm);
248  }
249 
250  return rv;
251 }
252 
253 void
255 {
256  nat66_main_t *nm = &nat66_main;
257  nat66_static_mapping_t *sm = 0;
258 
259  /* *INDENT-OFF* */
260  pool_foreach (sm, nm->sm)
261  {
262  if (fn (sm, ctx))
263  break;
264  }
265  /* *INDENT-ON* */
266 }
267 
268 /*static*/ void
270 {
271  nat66_main_t *nm = &nat66_main;
272  u32 outside_ip6_vrf_id = 0;
273 
274  nm->outside_vrf_id = outside_ip6_vrf_id;
276  outside_ip6_vrf_id,
278 
279 }
280 
281 /* *INDENT-OFF* */
283 {
284  .version = VPP_BUILD_VER,
285  .description = "NAT66",
286 };
287 
289 
290 /* *INDENT-ON* */
291 
292 /*
293  * fd.io coding-style-patch-verification: ON
294  *
295  * Local Variables:
296  * eval: (c-set-style "gnu")
297  * End:
298  */
int(* nat66_interface_walk_fn_t)(nat66_interface_t *i, void *ctx)
Definition: nat66.h:105
enum fib_source_t_ fib_source_t
The different sources that can create a route.
u32 rsvd
Definition: nat66.h:40
void vlib_validate_combined_counter(vlib_combined_counter_main_t *cm, u32 index)
validate a combined counter
Definition: counter.c:108
#define NAT66_INTERFACE_FLAG_IS_INSIDE
Definition: nat66.h:51
#define pool_foreach(VAR, POOL)
Iterate through pool.
Definition: pool.h:527
static void nat66_validate_counters(nat66_main_t *nm, u32 sw_if_index)
Definition: nat66.c:81
fib_source_t nat_fib_src_hi
Definition: nat66.c:27
vlib_simple_counter_main_t in2out_packets
Definition: nat66.h:78
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
u32 index
Definition: node.h:280
add paths without path extensions
Definition: fib_source.h:205
u32 fib_index
Definition: nat66.h:39
u32 vrf_id
Definition: nat44.api:1029
u32 out2in_node_index
Definition: nat66.h:70
static clib_error_t * nat66_init(vlib_main_t *vm)
Definition: nat66.c:49
nat66_interface_t * interfaces
Interface pool.
Definition: nat66.h:59
clib_bihash_24_8_t sm_e
Static mapping by external address lookup table.
Definition: nat66.h:65
#define pool_get(P, E)
Allocate an object E from a pool P (unspecified alignment).
Definition: pool.h:251
vhost_vring_addr_t addr
Definition: vhost_user.h:111
unsigned char u8
Definition: types.h:56
nat66_main_t nat66_main
Definition: nat66.c:26
#define VLIB_INIT_FUNCTION(x)
Definition: init.h:173
#define nat66_elog_warn(nat_elog_str)
Definition: nat66.h:97
unsigned int u32
Definition: types.h:88
u32 fib_table_find(fib_protocol_t proto, u32 table_id)
Get the index of the FIB for a Table-ID.
Definition: fib_table.c:1106
void nat66_config(void)
Definition: nat66.c:269
fib_source_t fib_source_allocate(const char *name, fib_source_priority_t prio, fib_source_behaviour_t bh)
Definition: fib_source.c:118
char * name
The counter collection&#39;s name.
Definition: counter.h:64
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
Definition: pool.h:546
static void vlib_zero_combined_counter(vlib_combined_counter_main_t *cm, u32 index)
Clear a combined counter Clears the set of per-thread counters.
Definition: counter.h:304
void nat66_static_mappings_walk(nat66_static_mapping_walk_fn_t fn, void *ctx)
Definition: nat66.c:254
vlib_node_t * vlib_get_node_by_name(vlib_main_t *vm, u8 *name)
Definition: node.c:45
#define FIB_SOURCE_PRIORITY_HI
Some priority values that plugins might use when they are not to concerned where in the list they&#39;ll ...
Definition: fib_source.h:273
u64 as_u64[3]
Definition: nat66.h:42
IPv6 shallow virtual reassembly.
long ctx[MAX_CONNS]
Definition: main.c:144
vlib_simple_counter_main_t out2in_packets
Definition: nat66.h:79
#define pool_put(P, E)
Free an object E in pool P.
Definition: pool.h:301
int(* nat66_static_mapping_walk_fn_t)(nat66_static_mapping_t *sm, void *ctx)
Definition: nat66.h:108
void fib_table_unlock(u32 fib_index, fib_protocol_t proto, fib_source_t source)
Take a reference counting lock on the table.
Definition: fib_table.c:1300
clib_error_t * nat66_plugin_api_hookup(vlib_main_t *vm)
Definition: nat66_api.c:167
bool is_local
Definition: ikev2_types.api:33
int nat66_interface_add_del(u32 sw_if_index, u8 is_inside, u8 is_add)
Definition: nat66.c:90
ip6_address_t e_addr
Definition: nat66.h:28
sll srl srl sll sra u16x4 i
Definition: vector_sse42.h:317
clib_bihash_24_8_t sm_l
Static mapping by local address lookup table.
Definition: nat66.h:63
vlib_main_t vlib_node_runtime_t * node
Definition: in2out_ed.c:1580
VNET_FEATURE_INIT(nat66_in2out, static)
void vlib_validate_simple_counter(vlib_simple_counter_main_t *cm, u32 index)
validate a simple counter
Definition: counter.c:79
u8 value
Definition: qos.api:54
u32 fib_table_find_or_create_and_lock(fib_protocol_t proto, u32 table_id, fib_source_t src)
Get the index of the FIB for a Table-ID.
Definition: fib_table.c:1165
static void vlib_zero_simple_counter(vlib_simple_counter_main_t *cm, u32 index)
Clear a simple counter Clears the set of per-thread u16 counters, and the u64 counter.
Definition: counter.h:158
int ip6_sv_reass_enable_disable_with_refcnt(u32 sw_if_index, int is_enable)
#define VNET_FEATURES(...)
Definition: feature.h:470
ip6_address_t l_addr
Definition: nat66.h:27
vlib_combined_counter_main_t session_counters
Session counters.
Definition: nat66.h:67
void nat66_interfaces_walk(nat66_interface_walk_fn_t fn, void *ctx)
Definition: nat66.c:136
char * stat_segment_name
Name in stat segment directory.
Definition: counter.h:65
VLIB_PLUGIN_REGISTER()
u32 outside_fib_index
Definition: nat66.h:73
u64 uword
Definition: types.h:112
char * name
The counter collection&#39;s name.
Definition: counter.h:212
int nat66_static_mapping_add_del(ip6_address_t *l_addr, ip6_address_t *e_addr, u32 vrf_id, u8 is_add)
Definition: nat66.c:175
ip6_address_t addr
Definition: nat66.h:38
u32 outside_vrf_id
Definition: nat66.h:72
nat66_static_mapping_t * sm
Static mapping pool.
Definition: nat66.h:61
u32 in2out_node_index
node index
Definition: nat66.h:69
NAT66 global declarations.
nat66_static_mapping_t * nat66_static_mapping_get(ip6_address_t *addr, u32 fib_index, u8 is_local)
Definition: nat66.c:151
#define NAT66_INTERFACE_FLAG_IS_OUTSIDE
Definition: nat66.h:52
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
int vnet_feature_enable_disable(const char *arc_name, const char *node_name, u32 sw_if_index, int enable_disable, void *feature_config, u32 n_feature_config_bytes)
Definition: feature.c:303