diff options
author | Jon Loeliger <jdl@netgate.com> | 2018-12-17 13:43:52 -0600 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2018-12-19 14:27:00 +0000 |
commit | f34597fc86c64d054073bf614761beea020c2244 (patch) | |
tree | 1dc65fc3c3d5e0e235eb0fb3b98524ebf6db6f0f | |
parent | c6cb18b29d50d522d54b04587b13becc8363ec5c (diff) |
MAP: Add API support for MAP input feature.
Change-Id: I336919a1d3a9d1b404e375a30575cce5e5335137
Signed-off-by: Jon Loeliger <jdl@netgate.com>
-rw-r--r-- | src/plugins/map/map.api | 29 | ||||
-rw-r--r-- | src/plugins/map/map.c | 118 | ||||
-rw-r--r-- | src/plugins/map/map.h | 5 | ||||
-rw-r--r-- | src/plugins/map/map_api.c | 64 |
4 files changed, 216 insertions, 0 deletions
diff --git a/src/plugins/map/map.api b/src/plugins/map/map.api index 78e7bec2c0b..752d1b55d9c 100644 --- a/src/plugins/map/map.api +++ b/src/plugins/map/map.api @@ -125,6 +125,22 @@ define map_rule_details u16 psid; }; +/** \brief Enable or disable a MAP interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param sw_if_index - + @param is_enable - 0=disable, 1=enable interface + @param is_translation - 0=encapsulation, 1=translation +*/ +autoreply define map_if_enable_disable +{ + u32 client_index; + u32 context; + u32 sw_if_index; + bool is_enable; + bool is_translation; /* 0 - encapsulation, 1 - translation */ +}; + /** \brief Request for a single block of summary stats @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -264,6 +280,19 @@ autoreply define map_param_set_traffic_class }; +/** \brief Set MAP TCP parammeters + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @parma tcp_mss - TCP MSS clamping value +*/ +autoreply define map_param_set_tcp +{ + u32 client_index; + u32 context; + u16 tcp_mss; +}; + + /** \brief Request for a single block of MAP parameters @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request diff --git a/src/plugins/map/map.c b/src/plugins/map/map.c index 8156ec835a8..307b7a97cfc 100644 --- a/src/plugins/map/map.c +++ b/src/plugins/map/map.c @@ -1169,6 +1169,9 @@ show_map_stats_command_fn (vlib_main_t * vm, unformat_input_t * input, else vlib_cli_output (vm, "MAP traffic-class: %x", mm->tc); + if (mm->tcp_mss) + vlib_cli_output (vm, "MAP TCP MSS clamping: %u", mm->tcp_mss); + vlib_cli_output (vm, "MAP IPv6 inbound security check: %s, fragmented packet security check: %s", mm->sec_check ? "enabled" : "disabled", @@ -1329,6 +1332,56 @@ map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input, } +static clib_error_t * +map_if_command_fn (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *error = NULL; + bool is_enable = true, is_translation = false; + vnet_main_t *vnm = vnet_get_main (); + u32 sw_if_index = ~0; + + /* Get a line of input. */ + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat + (line_input, "%U", unformat_vnet_sw_interface, vnm, &sw_if_index)) + ; + else if (unformat (line_input, "del")) + is_enable = false; + else if (unformat (line_input, "map-t")) + is_translation = true; + else + { + error = clib_error_return (0, "unknown input `%U'", + format_unformat_error, line_input); + goto done; + } + } + +done: + unformat_free (line_input); + + if (sw_if_index == ~0) + { + error = clib_error_return (0, "unknown interface"); + return error; + } + + int rv = map_if_enable_disable (is_enable, sw_if_index, is_translation); + if (rv) + { + error = clib_error_return (0, "failure enabling MAP on interface"); + } + + return error; +} + + /* * packet trace format function */ @@ -1913,6 +1966,45 @@ map_ip6_reass_conf_buffers (u32 buffers) return 0; } +static clib_error_t * +map_tcp_mss_command_fn (vlib_main_t * vm, + unformat_input_t * input, vlib_cli_command_t * cmd) +{ + unformat_input_t _line_input, *line_input = &_line_input; + clib_error_t *error = NULL; + u32 tcp_mss = 0; + + /* Get a line of input. */ + if (!unformat_user (input, unformat_line_input, line_input)) + return 0; + + while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) + { + if (unformat (line_input, "%u", &tcp_mss)) + ; + else + { + error = clib_error_return (0, "unknown input `%U'", + format_unformat_error, line_input); + goto done; + } + } + + if (tcp_mss >= (0x1 << 16)) + { + error = clib_error_return (0, "invalid value `%u'", tcp_mss); + goto done; + } + + map_param_set_tcp (tcp_mss); + +done: + unformat_free (line_input); + + return error; +} + + /* *INDENT-OFF* */ /*? @@ -1949,6 +2041,22 @@ VLIB_CLI_COMMAND(map_traffic_class_command, static) = { }; /*? + * TCP MSS clamping + * + * @cliexpar + * @cliexstart{map params tcp-mss} + * + * This command is used to set the TCP MSS in translated + * or encapsulated packets. + * @cliexend + ?*/ +VLIB_CLI_COMMAND(map_tcp_mss_command, static) = { + .path = "map params tcp-mss", + .short_help = "map params tcp-mss <value>", + .function = map_tcp_mss_command_fn, +}; + +/*? * Bypass IP4/IP6 lookup * * @cliexpar @@ -2124,6 +2232,16 @@ VLIB_CLI_COMMAND(show_map_fragments_command, static) = { .function = show_map_fragments_command_fn, }; +/*? + * Enable MAP processing on interface (input feature) + * + ?*/ +VLIB_CLI_COMMAND(map_if_command, static) = { + .path = "map interface", + .short_help = "map interface <interface-name> [map-t] [del]", + .function = map_if_command_fn, +}; + VLIB_PLUGIN_REGISTER() = { .version = VPP_BUILD_VER, .description = "Mapping of address and port (MAP)", diff --git a/src/plugins/map/map.h b/src/plugins/map/map.h index 21baf73678a..5b8aef4e872 100644 --- a/src/plugins/map/map.h +++ b/src/plugins/map/map.h @@ -40,6 +40,8 @@ int map_create_domain (ip4_address_t * ip4_prefix, u8 ip4_prefix_len, int map_delete_domain (u32 map_domain_index); int map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep, u8 is_add); +int map_if_enable_disable (bool is_enable, u32 sw_if_index, + bool is_translation); u8 *format_map_trace (u8 * s, va_list * args); int map_param_set_fragmentation (bool inner, bool ignore_df); @@ -51,6 +53,7 @@ int map_param_set_reassembly (bool is_ipv6, u16 lifetime_ms, u32 * reass, u32 * packets); int map_param_set_security_check (bool enable, bool fragments); int map_param_set_traffic_class (bool copy, u8 tc); +int map_param_set_tcp (u16 tcp_mss); typedef enum @@ -265,6 +268,8 @@ typedef struct { bool sec_check_frag; /* Inbound security check for (subsequent) fragments */ bool icmp6_enabled; /* Send destination unreachable for security check failure */ + u16 tcp_mss; /* TCP MSS clamp value */ + /* ICMPv6 -> ICMPv4 relay parameters */ ip4_address_t icmp4_src_address; vlib_simple_counter_main_t icmp_relayed; diff --git a/src/plugins/map/map_api.c b/src/plugins/map/map_api.c index 5133893a11c..ac1665e5384 100644 --- a/src/plugins/map/map_api.c +++ b/src/plugins/map/map_api.c @@ -526,6 +526,29 @@ static void } +int +map_param_set_tcp (u16 tcp_mss) +{ + map_main_t *mm = &map_main; + + mm->tcp_mss = tcp_mss; + + return 0; +} + + +static void +vl_api_map_param_set_tcp_t_handler (vl_api_map_param_set_tcp_t * mp) +{ + map_main_t *mm = &map_main; + vl_api_map_param_set_tcp_reply_t *rmp; + int rv = 0; + + map_param_set_tcp (ntohs (mp->tcp_mss)); + REPLY_MACRO (VL_API_MAP_PARAM_SET_TCP_REPLY); +} + + static void vl_api_map_param_get_t_handler (vl_api_map_param_get_t * mp) { @@ -581,12 +604,52 @@ vl_api_map_param_get_t_handler (vl_api_map_param_get_t * mp) } +int +map_if_enable_disable (bool is_enable, u32 sw_if_index, bool is_translation) +{ + if (is_translation == false) + { + vnet_feature_enable_disable ("ip4-unicast", "ip4-map", sw_if_index, + is_enable ? 1 : 0, 0, 0); + vnet_feature_enable_disable ("ip6-unicast", "ip6-map", sw_if_index, + is_enable ? 1 : 0, 0, 0); + } + else + { + vnet_feature_enable_disable ("ip4-unicast", "ip4-map-t", sw_if_index, + is_enable ? 1 : 0, 0, 0); + vnet_feature_enable_disable ("ip6-unicast", "ip6-map-t", sw_if_index, + is_enable ? 1 : 0, 0, 0); + } + return 0; +} + + +static void +vl_api_map_if_enable_disable_t_handler (vl_api_map_if_enable_disable_t * mp) +{ + map_main_t *mm = &map_main; + vl_api_map_if_enable_disable_reply_t *rmp; + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = + map_if_enable_disable (mp->is_enable, htonl (mp->sw_if_index), + mp->is_translation); + + BAD_SW_IF_INDEX_LABEL; + REPLY_MACRO (VL_API_MAP_IF_ENABLE_DISABLE_REPLY); +} + + #define foreach_map_plugin_api_msg \ _(MAP_ADD_DOMAIN, map_add_domain) \ _(MAP_DEL_DOMAIN, map_del_domain) \ _(MAP_ADD_DEL_RULE, map_add_del_rule) \ _(MAP_DOMAIN_DUMP, map_domain_dump) \ _(MAP_RULE_DUMP, map_rule_dump) \ +_(MAP_IF_ENABLE_DISABLE, map_if_enable_disable) \ _(MAP_SUMMARY_STATS, map_summary_stats) \ _(MAP_PARAM_SET_FRAGMENTATION, map_param_set_fragmentation) \ _(MAP_PARAM_SET_ICMP, map_param_set_icmp) \ @@ -595,6 +658,7 @@ _(MAP_PARAM_ADD_DEL_PRE_RESOLVE, map_param_add_del_pre_resolve) \ _(MAP_PARAM_SET_REASSEMBLY, map_param_set_reassembly) \ _(MAP_PARAM_SET_SECURITY_CHECK, map_param_set_security_check) \ _(MAP_PARAM_SET_TRAFFIC_CLASS, map_param_set_traffic_class) \ +_(MAP_PARAM_SET_TCP, map_param_set_tcp) \ _(MAP_PARAM_GET, map_param_get) #define vl_msg_name_crc_list |