1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
|
#ifndef NAT_CHECK_H
#define NAT_CHECK_H
/*
Hanoh Haim
Cisco Systems, Inc.
*/
/*
Copyright (c) 2015-2015 Cisco Systems, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
#include <map>
#include "msg_manager.h"
#include <common/Network/Packet/TcpHeader.h>
#include <common/Network/Packet/UdpHeader.h>
#include <common/Network/Packet/IPHeader.h>
#include <common/Network/Packet/IPv6Header.h>
#include <common/Network/Packet/EthernetHeader.h>
#include "os_time.h"
#include "nat_check_flow_table.h"
// 2msec timeout
#define MAX_TIME_MSG_IN_QUEUE_SEC ( 0.002 )
#define NAT_FLOW_ID_MASK_TCP_ACK 0x00ffffff
#define NAT_FLOW_ID_MASK_IP_ID 0x000001ff
class CNatOption {
public:
enum {
noIPV4_OPTION = 0x10, /* dummy IPV4 option */
noOPTION_LEN = 0x8,
noIPV4_MAGIC = 0xEE,
noIPV4_MAGIC_RX = 0xED,
noIPV6_OPTION_LEN = (noOPTION_LEN/8)-1,
noIPV6_OPTION = 0x3C, /*IPv6-Opts Destination Options for IPv6 RFC 2460*/
};
void set_option_type(uint8_t id) {
u.m_data[0 ] =id;
}
uint8_t get_option_type() {
return (u.m_data[0]);
}
void set_option_len(uint8_t len) {
u.m_data[1] = len;
}
uint8_t get_option_len(){
return ( u.m_data[1]);
}
void set_thread_id(uint8_t thread_id) {
u.m_data[3] = thread_id;
}
uint8_t get_thread_id() {
return (u.m_data[3]);
}
void set_magic(uint8_t magic){
u.m_data[2] = magic;
}
uint8_t get_magic(){
return (u.m_data[2]);
}
// Used when doing NAT using IP option
void set_fid(uint32_t fid) {
u.m_data_uint32[1] = fid & NAT_FLOW_ID_MASK_TCP_ACK;
}
uint32_t get_fid() {
return (u.m_data_uint32[1]);
}
bool is_valid_ipv4_magic_op0(void){
return ( ( PKT_NTOHL( u.m_data_uint32[0] )& 0xFFFFFF00 ) ==
(CNatOption::noIPV4_OPTION <<24) + (CNatOption::noOPTION_LEN<<16) + (CNatOption::noIPV4_MAGIC<<8) ?true:false);
}
bool is_valid_ipv4_magic(void) {
return (is_valid_ipv4_magic_op0());
}
bool is_valid_ipv6_magic(void) {
return ( ( PKT_NTOHL( u.m_data_uint32[0] )& 0x00FFFF00 ) ==
(CNatOption::noIPV6_OPTION_LEN<<16) + (CNatOption::noIPV4_MAGIC<<8) ?true:false);
}
void set_init_ipv4_header() {
set_option_type(CNatOption::noIPV4_OPTION);
set_option_len(CNatOption::noOPTION_LEN);
set_magic(CNatOption::noIPV4_MAGIC);
}
void set_init_ipv6_header(void){
set_option_len(noIPV6_OPTION_LEN);
set_magic(CNatOption::noIPV4_MAGIC);
}
void dump(FILE *fd);
private:
union u_ {
uint8_t m_data[8];
uint32_t m_data_uint32[2];
} u;
};
struct CNatFlowInfo {
uint32_t m_external_ip;
uint32_t m_tcp_seq;
uint32_t m_fid;
uint16_t m_external_port;
uint16_t m_pad;
};
#if __x86_64__
/* size of 64 bytes */
#define MAX_NAT_FLOW_INFO (7)
#define MAX_PKT_MSG_INFO (26)
#else
#define MAX_NAT_FLOW_INFO (8)
#define MAX_PKT_MSG_INFO (30)
#endif
/*
!!! WARNING - CGenNodeNatInfo !!
this struct should be in the same size of CGenNode beacuse allocator is global .
*/
struct CGenNodeNatInfo : public CGenNodeMsgBase {
uint8_t m_pad;
uint16_t m_cnt;
//uint32_t m_pad2;
#if __x86_64__
uint32_t m_pad3;
#endif
CNatFlowInfo m_data[MAX_NAT_FLOW_INFO];
uint64_t m_pad4[8];
public:
CNatFlowInfo * get_next_msg() {
CNatFlowInfo * lp=&m_data[m_cnt];
m_cnt++;
return (lp);
}
void init();
bool is_full(){
return (m_cnt==MAX_NAT_FLOW_INFO?true:false);
}
void dump(FILE *fd);
};
struct CGenNodeLatencyPktInfo : public CGenNodeMsgBase {
uint8_t m_dir;
uint16_t m_latency_offset;
uint8_t m_update_ts;
uint8_t m_pad3[3];
struct rte_mbuf *m_pkt;
uint32_t m_pad4[MAX_PKT_MSG_INFO];
uint64_t m_pad5[8];
};
/* per thread ring info for NAT messages
try to put as many messages */
class CNatPerThreadInfo {
public:
CNatPerThreadInfo() {
m_last_time=0;
m_cur_nat_msg=0;
m_ring=0;
}
public:
dsec_t m_last_time;
CGenNodeNatInfo * m_cur_nat_msg;
CNodeRing * m_ring;
};
class CNatStats {
public:
uint64_t m_total_rx;
uint64_t m_total_msg;
/* errors */
uint64_t m_err_no_valid_thread_id;
uint64_t m_err_no_valid_proto;
uint64_t m_err_queue_full;
public:
void reset();
uint64_t get_errs(){
return (m_err_no_valid_thread_id+m_err_no_valid_proto+m_err_queue_full);
}
void Dump(FILE *fd);
};
class CNatRxManager {
public:
bool Create();
void Delete();
void handle_packet_ipv4(CNatOption * option, IPHeader * ipv4, bool is_first);
void handle_aging();
void Dump(FILE *fd);
void DumpShort(FILE *fd);
static inline uint32_t calc_tcp_ack_val(uint32_t fid, uint8_t thread_id) {
return ((fid & NAT_FLOW_ID_MASK_TCP_ACK) << 8) | thread_id;
}
static inline uint16_t calc_ip_id_val(uint32_t fid, uint8_t thread_id) {
// MSB bit == 1 signals this is latency packet
return ((fid & NAT_FLOW_ID_MASK_IP_ID) << 6) | (thread_id & 0x3f) | 0x8000;
}
void get_info_from_tcp_ack(uint32_t tcp_ack, uint32_t &fid, uint8_t &thread_id);
void get_info_from_ip_id(uint16_t ip_id, uint32_t &fid, uint8_t &thread_id);
private:
CNatPerThreadInfo * get_thread_info(uint8_t thread_id);
void flush_node(CNatPerThreadInfo * thread_info);
private:
uint8_t m_max_threads;
CNatPerThreadInfo * m_per_thread;
CNatStats m_stats;
CNatCheckFlowTable m_ft;
};
#endif
|