1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
|
/*
*------------------------------------------------------------------
* nat64_defs.h - NAT64 structure definiitions
*
* Copyright (c) 2007-2013 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*------------------------------------------------------------------
*/
#ifndef __NAT64_DEFS_H__
#define __NAT64_DEFS_H__
#ifdef TOBE_PORTED
#include "spp_platform_common.h"
#include "cgse_defs.h"
#include "xlat_defs.h"
#endif
#include "cnat_cli.h"
#include "cnat_ports.h"
#include "tcp_header_definitions.h"
#include "nat64_tcp_sm.h"
#include "cnat_db.h"
#define NAT64_MAX_FRAG_ID_COUNTERS (256)
#define NAT64_MAX_NAT64_ENTRIES 500
#define NAT64_MAX_ID (NAT64_MAX_NAT64_ENTRIES-1)
#define NAT64_INVALID_ID (0)
#define NAT64_MAX_CFG_INSTANCES 64
#define NAT64_TABLE_ENTRY_DELETED 0
#define NAT64_TABLE_ENTRY_ACTIVE 1
#define NAT64_TABLE_ENTRY_DORMANT 2
#define NAT64_TABLE_ENTRY_INVALID_UIDB 3
#define NAT64_MAX_TRANSLATION_ENTRIES PLATFORM_MAX_TRANSLATION_ENTRIES
#define NAT64_WKP_PREFIX_LEN 96
#define NAT64_WKP_PREFIX_0 0x0064FF9B
#define NAT64_WKP_PREFIX_1 0x00000000
#define NAT64_WKP_PREFIX_2 0x00000000
#define NAT64_WKP_PREFIX_3 0x00000000
/* Reset the expiry time only if it is not 0
** if it is 0 - then queue for delete by clear command
**/
#define NAT64_TIMEOUT_RST(db) \
if(PREDICT_TRUE(db->entry_expires !=0 )) \
db->entry_expires = cnat_current_time;
extern u32 nat64_config_debug_level;
extern u32 nat64_data_path_debug_level;
extern u32 nat64_translation_create_count[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_translation_delete_count[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_translation_create_rate[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_translation_delete_rate[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_in2out_forwarding_count[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_in2out_forwarding_rate[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_out2in_forwarding_count[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_out2in_forwarding_rate[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_translation_create_count_old[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_translation_delete_count_old[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_in2out_forwarding_count_old[NAT64_MAX_NAT64_ENTRIES];
extern u32 nat64_out2in_forwarding_count_old[NAT64_MAX_NAT64_ENTRIES];
extern u16 *nat64_frag_id_counter_ptr;
typedef struct {
u64 v6_to_v4_tcp_input_count;
u64 v6_to_v4_tcp_non_translatable_drop_count;
u64 v6_to_v4_tcp_state_drop_count;
u64 v6_to_v4_tcp_no_db_drop_count;
u64 v6_to_v4_tcp_output_count;
} nat64_v6_to_v4_tcp_counter_t;
typedef struct {
u64 v4_to_v6_tcp_input_count;
u64 v4_to_v6_tcp_no_db_drop_count;
u64 v4_to_v6_tcp_v4_init_policy_drop_count;
u64 v4_to_v6_tcp_state_drop_count;
u64 v4_to_v6_tcp_output_count;
u64 v4_to_v6_tcp_filter_drop_count;
} nat64_v4_to_v6_tcp_counter_t;
typedef struct {
u64 v6_to_v4_udp_input_count;
u64 v6_to_v4_udp_non_translatable_drop_count;
u64 v6_to_v4_udp_no_db_drop_count;
u64 v6_to_v4_udp_output_count;
u64 v6_to_v4_udp_checksum_zero_count;
} nat64_v6_to_v4_udp_counter_t;
typedef struct {
u64 v4_to_v6_udp_input_count;
u64 v4_to_v6_udp_no_db_drop_count;
u64 v4_to_v6_udp_filter_drop_count;
u64 v4_to_v6_udp_output_count;
u64 v4_to_v6_udp_crc_zero_drop_count;
u64 v4_to_v6_udp_frag_crc_zero_drop_count;
u64 v4_to_v6_udp_crc_zero_recycle_sent_count;
u64 v4_to_v6_udp_crc_zero_recycle_drop_count;
} nat64_v4_to_v6_udp_counter_t;
typedef struct {
u64 v6_to_v4_icmp_input_count;
u64 v6_to_v4_icmp_no_db_drop_count;
u64 v6_to_v4_icmp_non_translatable_drop_count;
u64 v6_to_v4_icmp_qry_output_count;
} nat64_v6_to_v4_icmp_counter_t;
typedef struct {
u64 v4_to_v6_icmp_input_count;
u64 v4_to_v6_icmp_no_db_drop_count;
u64 v4_to_v6_icmp_filter_drop;
u64 v4_to_v6_icmp_qry_output_count;
} nat64_v4_to_v6_icmp_counter_t;
typedef struct {
u64 v6_to_v4_icmp_error_input_count;
u64 v6_to_v4_icmp_error_no_db_drop_count;
u64 v6_to_v4_icmp_error_invalid_next_hdr_drop_count;
u64 v6_to_v4_icmp_error_non_translatable_drop_count;
u64 v6_to_v4_icmp_error_unsupported_type_drop_count;
u64 v6_to_v4_icmp_error_output_count;
} nat64_v6_to_v4_icmp_error_counter_t;
typedef struct {
u64 v4_to_v6_icmp_error_input_count;
u64 v4_to_v6_icmp_error_no_db_drop_count;
u64 v4_to_v6_icmp_error_unsupported_type_drop_count;
u64 v4_to_v6_icmp_error_unsupported_protocol_drop_count;
u64 v4_to_v6_icmp_error_output_count;
} nat64_v4_to_v6_icmp_error_counter_t;
typedef struct {
u64 nat64_v4_frag_input_count;
u64 nat64_v4_frag_forward_count;
u64 nat64_v4_frag_drop_count;
u64 nat64_v4_frag_throttled_count;
u64 nat64_v4_frag_timeout_drop_count;
u64 nat64_v4_frag_tcp_input_count;
u64 nat64_v4_frag_udp_input_count;
u64 nat64_v4_frag_icmp_input_count;
u64 nat64_v6_frag_input_count;
u64 nat64_v6_frag_forward_count;
u64 nat64_v6_frag_drop_count;
u64 nat64_v6_frag_throttled_count;
u64 nat64_v6_frag_timeout_drop_count;
u64 nat64_v6_frag_tcp_input_count;
u64 nat64_v6_frag_udp_input_count;
u64 nat64_v6_frag_icmp_input_count;
u64 nat64_v6_frag_invalid_input_count;
} nat64_frag_counter_t;
typedef struct {
u64 v6_to_v4_options_input_count;
u64 v6_to_v4_options_drop_count;
u64 v6_to_v4_options_forward_count;
u64 v6_to_v4_options_no_db_drop_count;
u64 v6_to_v4_unsupp_proto_count;
u64 v4_to_v6_options_input_count;
u64 v4_to_v6_options_drop_count;
u64 v4_to_v6_options_forward_count;
u64 v4_to_v6_options_no_db_drop_count;
u64 v4_to_v6_unsupp_proto_count;
} nat64_options_counter_t;
typedef struct {
u64 v4_icmp_gen_count;
u64 v6_icmp_gen_count;
} nat64_icmp_gen_counter_t;
typedef struct{
u32 nat64_num_translations;
u32 nat64_num_dynamic_translations;
u32 nat64_num_static_translations;
u32 nat64_sessions;
u64 nat64_port_limit_exceeded;
u64 nat64_system_limit_reached;
u64 nat64_resource_depletion_drops;
u64 nat64_no_translation_entry_drops;
u64 nat64_filtering_drops ;
u64 nat64_invalid_ipv6_prefix_drops;
u32 num_subscribers;
u32 dummy;
u64 drops_sessiondb_limit_exceeded;
} nat64_inst_gen_counter_t;
typedef struct {
nat64_v6_to_v4_tcp_counter_t v64_tcp_counters;
nat64_v4_to_v6_tcp_counter_t v46_tcp_counters;
nat64_v6_to_v4_udp_counter_t v64_udp_counters;
nat64_v4_to_v6_udp_counter_t v46_udp_counters;
nat64_v6_to_v4_icmp_counter_t v64_icmp_counters;
nat64_v4_to_v6_icmp_counter_t v46_icmp_counters;
nat64_v6_to_v4_icmp_error_counter_t v64_icmp_error_counters;
nat64_v4_to_v6_icmp_error_counter_t v46_icmp_error_counters;
nat64_frag_counter_t nat64_frag_counters;
nat64_options_counter_t nat64_options_counters;
nat64_icmp_gen_counter_t nat64_icmp_gen_counters;
} nat64_counters_t;
/*
* nat64_portmap_v2_t
* This structure stores information about the IP address and ports
* available for NAT for this nat64 instance.
*/
typedef struct {
u32 delete_time;
u32 last_sent_timestamp;
u32 inuse;
u32 ipv4_address; /* native bit order */
uword bm[(BITS_PER_INST + BITS(uword)-1)/BITS(uword)];
} nat64_portmap_t;
/*
* nat64_v4_db_key_t
* This structure gives information about the v4 transport address
* (ipv4, port, protocol)
*/
typedef struct {
u32 ipv4;
u16 port;
u16 vrf; //bit0-12:inst_id, bit13:unused, bit14-15:protocol
} nat64_v4_db_key_t;
/* Union will be easier while compare/hash */
typedef union {
nat64_v4_db_key_t k;
u64 key64;
} nat64_v4_key_t;
/*
* nat64_v6_db_key_t
* This structure gives information about the v6 transport address
* (ipv6, port, protocol)
*/
typedef struct {
u32 ipv6[4];
u16 port;
u16 vrf; //bit0-12:inst_id, bit13:unused, bit14-15:protocol
} nat64_v6_key_t;
typedef struct {
u16 udp_timeout;
u16 tcp_trans_timeout;
u16 tcp_est_timeout;
u16 tcp_v4_init_timeout;
u16 frag_timeout;
u16 icmp_timeout;
} nat64_timeout_info_t;
#define NAT64_UDP_DEF 300 /* 5min */
#define NAT64_TCP_TRANS_DEF 240 /* 4min */
#define NAT64_TCP_EST_DEF 7200 /* 2Hrs */
#define NAT64_TCP_V4_DEF 6 /* 6 sec */
#define NAT64_FRAG_DEF 2 /* 2 sec */
#define NAT64_ICMP_DEF 60 /* 60 sec */
/*
* nat64_table_entry_t
* This structure is used to store information regarding every nat64 instance.
*/
/* structure will hold the L4 information, of a particular frag stream set
* src_port - holds the original src port
* dst_port - holds the original dst port
* total_len - useful only in ICMP nodes
* cnat_port - vlaue used for looksups
* next_prot - Protocol after translation */
typedef struct l4_frag_info {
u16 next_node_idx;
u16 src_port;
u16 dst_port;
u16 total_length;
u8 protocol;
u16 cnat_prot;
u16 next_prot;
} l4_frag_info_t;
typedef struct {
u16 state;
u16 nat64_id; /* nat64_id value for this table entry - for easy access */
u16 v4_uidb_index; /* V4 uidb index */
u16 v6_uidb_index; /* V6 uidb index */
u8 octet0_position;
u8 octet1_position;
u8 octet2_position;
u8 octet3_position;
u16 v4_to_v6_tcp_mss; /* TCP MSS */
u16 v6_to_v4_tcp_mss; /* TCP MSS */
/*
* V6 NAT64 prefix value and mask size
*/
u32 v6_prefix[4];
u32 v6_prefix_mask[4];
u8 v6_prefix_mask_len;
u8 ubits_reserved_on;
#define IPV4_TOS_OVERRIDE_FLAG 0x1
#define IPV6_TOS_OVERRIDE_FLAG 0x2
#define NAT64_STFUL_RTSP_ALG_ENABLE 0x4
u8 feature_flags;
u8 ipv4_tos_value;
u8 ipv6_tos_value;
u8 df_bit_clear;
u8 ipv6_mtu_set;
u8 filtering_policy;
#define NAT64_ADDRESS_DEPENDENT_ENABLE 1
u8 tcp_policy;
#define NAT64_TCP_SECURITY_FLAG_DISABLE 1
u8 ftp_flags;
u8 tcp_v4_init_enable;
#define NAT64_TCP_V4_INIT_ENABLE 1
u8 logging_policy;
#define NAT64_BIB_LOG_ENABLE 0 /* Default */
#define NAT64_SESSION_LOG_ENABLE 1
#define NAT64_BIDIR_REFRESH 1 /* 1 - timer refresh in both direction */
#define NAT64_UNIDIR_REFRESH 0 /* 0 - default (only v6 side refresh timer)*/
u8 nat64_refresh_both_direction; /* 0 - default (only v6 side refresh timer) */
#define NAT64_BIDIR_REFRESH 1 /* 1 - timer refresh in both direction */
u8 udp_zero_checksum; /* 0 - default (calc checksum) */
#define NAT64_UDP_ZERO_CHECKSUM_DROP 1 /* 1 -drop */
u16 port_limit;
cnat_portmap_v2_t *port_map;
u32 logging_index;
nat64_timeout_info_t timeout_info;
/*
* These fields are not used much, let us keep it in the end
*/
u32 v4_vrf_id; /* V4 vrf id */
u32 v6_vrf_id; /* V6 vrf id */
u32 v4_if_num; /* V4 SVI ifnum */
u32 v6_if_num; /* V6 SVI ifnum */
u16 dyn_start_port;
u16 pcp_server_port;
u32 pcp_server_addr[4];
u32 rseed_ip;
#define NAT64_FRAG_ENABLE 1
#define NAT64_FRAG_DISABLE 0
u8 frag_state;
u8 nat64_enable; /* Enable/Disable this instance. */
u16 rtsp_port;
} nat64_table_entry_t;
extern nat64_table_entry_t nat64_table_array[NAT64_MAX_NAT64_ENTRIES];
extern nat64_table_entry_t *nat64_table_ptr;
extern nat64_counters_t nat64_all_counters[NAT64_MAX_NAT64_ENTRIES];
extern nat64_inst_gen_counter_t nat64_inst_gen_counters[NAT64_MAX_NAT64_ENTRIES];
typedef struct nat64_common_pipeline_data_ {
#ifdef TOBE_PORTED
spp_node_main_vector_t *nmv;
#endif
u16 *nat64_id_ptr;
nat64_table_entry_t *nat64_entry_ptr;
} nat64_common_pipeline_data_t;
typedef struct nat64_v6_to_v4_pipeline_data_ {
nat64_common_pipeline_data_t common_data;
u32 bib_bucket;
u32 session_bucket;
nat64_v6_key_t v6_in_key;
nat64_v6_key_t v6_dest_key;
/*
* IPv6 Data, everthing in host order except for the addr fields
*/
u32 version_trafficclass_flowlabel;
u16 payload_length;
u8 next_header;
u8 hop_limit;
/*
* These Address fields are in Network Order, so that
* it is easy to extract the IPv4 address from them
*/
u32 ipv6_src[4];
u32 ipv6_dst[4];
u8 frag_next_header;
u8 frag_reserved;
u16 frag_offset_res_m;
u32 frag_identification;
ipv4_header *ipv4_header;
union {
struct _v4_l4_info {
u8 *ipv4_l4_header;
u8 pad0;
u8 pad1;
u8 pad2;
u8 pad3;
} v4_l4_info;
struct _v4_icmp_info {
icmp_v4_t *ipv4_icmp_header;
u8 old_icmp_type;
u8 new_icmp_type;
u8 old_icmp_code;
u8 new_icmp_code;
u16 checksum;
u16 old_iden; // length (ICMP extn), ptr (param)
u16 new_iden; // ----- do -------------
u16 old_seq; // MTU for PTB case
u16 new_seq; // ----- do -------------
} v4_icmp_info;
struct _v4_udp_info {
udp_hdr_type_t *ipv4_udp_header;
u8 pad0;
u8 pad1;
u8 pad2;
u8 pad3;
} v4_udp_info;
struct _v4_tcp_info {
tcp_hdr_type *ipv4_tcp_header;
u16 old_src_port;
u16 new_src_port;
u16 dest_port;
nat64_tcp_events tcp_event;
} v4_tcp_info;
} l4_u;
l4_frag_info_t *frag_info; /* port for tcp/udp, ident - icmp */
/* Counters will be added here */
union {
nat64_v6_to_v4_tcp_counter_t *tcp_counter;
nat64_v6_to_v4_udp_counter_t *udp_counter;
nat64_v6_to_v4_icmp_counter_t *icmp_counter;
nat64_v6_to_v4_icmp_error_counter_t *icmp_error_counter;
nat64_frag_counter_t *frag_counter;
nat64_options_counter_t *options_counter;
} nat64_ctr_u;
nat64_icmp_gen_counter_t *icmp_gen_counter;
} nat64_v6_to_v4_pipeline_data_t;
typedef struct nat64_v4_to_v6_pipeline_data_ {
nat64_common_pipeline_data_t common_data;
u32 bib_bucket;
u32 session_bucket;
nat64_v4_key_t v4_src_key; /* Will be translated using Prefix */
nat64_v4_key_t v4_dest_key; /* will be the out key for NAT64 */
/*
* IPv4 data
*/
u8 version_hdr_len_words;
u8 tos;
u16 total_len_bytes;
u16 identification;
u16 frag_flags_offset;
u8 ttl;
u8 protocol;
u16 l4_checksum;
u32 ipv4_src_addr;
u32 ipv4_dst_addr;
/*
* Pointers to IPv6 headers
*/
ipv6_header_t *ipv6_header;
ipv6_frag_header_t *ipv6_frag_header;
union {
struct _v6_l4_info {
u8 *ipv6_l4_header;
u8 pad0;
u8 pad1;
u8 pad2;
u8 pad3;
} v6_l4_info;
struct _v6_icmp_info {
icmp_v6_t *ipv6_icmp_header;
u8 old_icmp_type;
u8 new_icmp_type;
u8 old_icmp_code;
u8 new_icmp_code;
u16 old_iden; // length (ICMP extn), ptr (param)
u16 new_iden; // ----- do -------------
u16 old_seq; // MTU for PTB case
u16 new_seq; // ----- do -------------
} v6_icmp_info;
struct _v6_udp_info {
udp_hdr_type_t *ipv6_udp_header;
u8 pad0;
u8 pad1;
u8 pad2;
u8 pad3;
} v6_udp_info;
struct _v6_tcp_info {
tcp_hdr_type *ipv6_tcp_header;
u16 old_dest_port;
u16 new_dest_port;
u16 src_port;
nat64_tcp_events tcp_event;
} v6_tcp_info;
} l4_u;
l4_frag_info_t *frag_info; /* port for tcp/udp, ident - icmp */
/* Need to add counters here */
union {
nat64_v4_to_v6_tcp_counter_t *tcp_counter;
nat64_v4_to_v6_udp_counter_t *udp_counter;
nat64_v4_to_v6_icmp_counter_t *icmp_counter;
nat64_v4_to_v6_icmp_error_counter_t *icmp_error_counter;
nat64_frag_counter_t *frag_counter;
nat64_options_counter_t *options_counter;
} nat64_ctr_u;
nat64_icmp_gen_counter_t *icmp_gen_counter;
} nat64_v4_to_v6_pipeline_data_t;
#endif
|