NAT64: Move IPv6-IPv4 virtual reassembly code from MAP-T to common library (VPP-708)

Change-Id: I9ad636f80bf109ffac9ca1b6d80d5f2c31f2076a
Signed-off-by: Matus Fabian <matfabia@cisco.com>

1 files changed, 571 insertions, 0 deletions

diff --git a/src/vnet/ip/ip6_to_ip4.h b/src/vnet/ip/ip6_to_ip4.h
new file mode 100644
index 00000000000..f5d56883263
--- /dev/null
+++ b/src/vnet/ip/ip6_to_ip4.h
@@ -0,0 +1,571 @@
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file
+ * @brief IPv6 to IPv4 translation
+ */
+#ifndef __included_ip6_to_ip4_h__
+#define __included_ip6_to_ip4_h__
+
+#include <vnet/ip/ip.h>
+
+/**
+ * IPv6 to IPv4 set call back function type
+ */
+typedef int (*ip6_to_ip4_set_fn_t) (ip6_header_t * ip6, ip4_header_t * ip4,
+				    void *ctx);
+
+/* *INDENT-OFF* */
+static u8 icmp6_to_icmp_updater_pointer_table[] =
+  { 0, 1, ~0, ~0,
+    2, 2, 9, 8,
+    12, 12, 12, 12,
+    12, 12, 12, 12,
+    12, 12, 12, 12,
+    12, 12, 12, 12,
+    24, 24, 24, 24,
+    24, 24, 24, 24,
+    24, 24, 24, 24,
+    24, 24, 24, 24
+  };
+/* *INDENT-ON* */
+
+#define frag_id_6to4(id) ((id) ^ ((id) >> 16))
+
+/**
+ * @brief Parse some useful information from IPv6 header.
+ *
+ * @param ip6             IPv6 header.
+ * @param buff_len        Buffer length.
+ * @param l4_protocol     L4 protocol number.
+ * @param l4_offset       L4 header offset.
+ * @param frag_hdr_offset Fragment header offset if present, 0 otherwise.
+ *
+ * @returns 0 on success, non-zero value otherwise.
+ */
+static_always_inline int
+ip6_parse (const ip6_header_t * ip6, u32 buff_len,
+	   u8 * l4_protocol, u16 * l4_offset, u16 * frag_hdr_offset)
+{
+  if (ip6->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
+    {
+      *l4_protocol = ((ip6_frag_hdr_t *) (ip6 + 1))->next_hdr;
+      *frag_hdr_offset = sizeof (*ip6);
+      *l4_offset = sizeof (*ip6) + sizeof (ip6_frag_hdr_t);
+    }
+  else
+    {
+      *l4_protocol = ip6->protocol;
+      *frag_hdr_offset = 0;
+      *l4_offset = sizeof (*ip6);
+    }
+
+  return (buff_len < (*l4_offset + 4)) ||
+    (clib_net_to_host_u16 (ip6->payload_length) <
+     (*l4_offset + 4 - sizeof (*ip6)));
+}
+
+/**
+ * @brief Get TCP/UDP port number or ICMP id from IPv6 packet.
+ *
+ * @param ip6        IPv6 header.
+ * @param sender     1 get sender port, 0 get receiver port.
+ * @param buffer_len Buffer length.
+ *
+ * @returns Port number on success, 0 otherwise.
+ */
+always_inline u16
+ip6_get_port (ip6_header_t * ip6, u8 sender, u16 buffer_len)
+{
+  u8 l4_protocol;
+  u16 l4_offset;
+  u16 frag_offset;
+  u8 *l4;
+
+  if (ip6_parse (ip6, buffer_len, &l4_protocol, &l4_offset, &frag_offset))
+    return 0;
+
+  if (frag_offset &&
+      ip6_frag_hdr_offset (((ip6_frag_hdr_t *)
+			    u8_ptr_add (ip6, frag_offset))))
+    return 0;			//Can't deal with non-first fragment for now
+
+  l4 = u8_ptr_add (ip6, l4_offset);
+  if (l4_protocol == IP_PROTOCOL_TCP || l4_protocol == IP_PROTOCOL_UDP)
+    {
+      return (sender) ? ((udp_header_t *) (l4))->src_port : ((udp_header_t
+							      *)
+							     (l4))->dst_port;
+    }
+  else if (l4_protocol == IP_PROTOCOL_ICMP6)
+    {
+      icmp46_header_t *icmp = (icmp46_header_t *) (l4);
+      if (icmp->type == ICMP6_echo_request)
+	{
+	  return (sender) ? ((u16 *) (icmp))[2] : -1;
+	}
+      else if (icmp->type == ICMP6_echo_reply)
+	{
+	  return (sender) ? -1 : ((u16 *) (icmp))[2];
+	}
+    }
+  return 0;
+}
+
+/**
+ * @brief Convert type and code value from ICMP6 to ICMP4.
+ *
+ * @param icmp      ICMP header.
+ * @param inner_ip6 Inner IPv6 header if present, 0 otherwise.
+ *
+ * @returns 0 on success, non-zero value otherwise.
+ */
+static_always_inline int
+icmp6_to_icmp_header (icmp46_header_t * icmp, ip6_header_t ** inner_ip6)
+{
+  *inner_ip6 = NULL;
+  switch (icmp->type)
+    {
+    case ICMP6_echo_request:
+      icmp->type = ICMP4_echo_request;
+      break;
+    case ICMP6_echo_reply:
+      icmp->type = ICMP4_echo_reply;
+      break;
+    case ICMP6_destination_unreachable:
+      *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
+
+      switch (icmp->code)
+	{
+	case ICMP6_destination_unreachable_no_route_to_destination:	//0
+	case ICMP6_destination_unreachable_beyond_scope_of_source_address:	//2
+	case ICMP6_destination_unreachable_address_unreachable:	//3
+	  icmp->type = ICMP4_destination_unreachable;
+	  icmp->code =
+	    ICMP4_destination_unreachable_destination_unreachable_host;
+	  break;
+	case ICMP6_destination_unreachable_destination_administratively_prohibited:	//1
+	  icmp->type =
+	    ICMP4_destination_unreachable;
+	  icmp->code =
+	    ICMP4_destination_unreachable_communication_administratively_prohibited;
+	  break;
+	case ICMP6_destination_unreachable_port_unreachable:
+	  icmp->type = ICMP4_destination_unreachable;
+	  icmp->code = ICMP4_destination_unreachable_port_unreachable;
+	  break;
+	default:
+	  return -1;
+	}
+      break;
+    case ICMP6_packet_too_big:
+      *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
+
+      icmp->type = ICMP4_destination_unreachable;
+      icmp->code = 4;
+      {
+	u32 advertised_mtu = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
+	advertised_mtu -= 20;
+	//FIXME: = minimum(advertised MTU-20, MTU_of_IPv4_nexthop, (MTU_of_IPv6_nexthop)-20)
+	((u16 *) (icmp))[3] = clib_host_to_net_u16 (advertised_mtu);
+      }
+      break;
+
+    case ICMP6_time_exceeded:
+      *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
+
+      icmp->type = ICMP4_time_exceeded;
+      break;
+
+    case ICMP6_parameter_problem:
+      *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
+
+      switch (icmp->code)
+	{
+	case ICMP6_parameter_problem_erroneous_header_field:
+	  icmp->type = ICMP4_parameter_problem;
+	  icmp->code = ICMP4_parameter_problem_pointer_indicates_error;
+	  u32 pointer = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
+	  if (pointer >= 40)
+	    return -1;
+
+	  ((u8 *) (icmp + 1))[0] =
+	    icmp6_to_icmp_updater_pointer_table[pointer];
+	  break;
+	case ICMP6_parameter_problem_unrecognized_next_header:
+	  icmp->type = ICMP4_destination_unreachable;
+	  icmp->code = ICMP4_destination_unreachable_port_unreachable;
+	  break;
+	case ICMP6_parameter_problem_unrecognized_option:
+	default:
+	  return -1;
+	}
+      break;
+    default:
+      return -1;
+      break;
+    }
+  return 0;
+}
+
+/**
+ * @brief Translate TOS value from IPv6 to IPv4.
+ *
+ * @param ip6 IPv6 header.
+ *
+ * @returns IPv4 TOS value.
+ */
+static_always_inline u8
+ip6_translate_tos (const ip6_header_t * ip6)
+{
+  return (clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label)
+	  & 0x0ff00000) >> 20;
+}
+
+/**
+ * @brief Translate ICMP6 packet to ICMP4.
+ *
+ * @param p         Buffer to translate.
+ * @param fn        The function to translate outer header.
+ * @param ctx       A context passed in the outer header translate function.
+ * @param inner_fn  The function to translate inner header.
+ * @param inner_ctx A context passed in the inner header translate function.
+ *
+ * @returns 0 on success, non-zero value otherwise.
+ */
+always_inline int
+icmp6_to_icmp (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx,
+	       ip6_to_ip4_set_fn_t inner_fn, void *inner_ctx)
+{
+  ip6_header_t *ip6, *inner_ip6;
+  ip4_header_t *ip4, *inner_ip4;
+  u32 ip6_pay_len;
+  icmp46_header_t *icmp;
+  ip_csum_t csum;
+  int rv;
+
+  ip6 = vlib_buffer_get_current (p);
+  ip6_pay_len = clib_net_to_host_u16 (ip6->payload_length);
+  icmp = (icmp46_header_t *) (ip6 + 1);
+  ASSERT (ip6_pay_len + sizeof (*ip6) <= p->current_length);
+
+  //No extensions headers allowed here
+  if (ip6->protocol != IP_PROTOCOL_ICMP6)
+    return -1;
+
+  //There are no fragmented ICMP messages, so no extension header for now
+  if (icmp6_to_icmp_header (icmp, &inner_ip6))
+    return -1;
+
+  if (inner_ip6)
+    {
+      u16 *inner_L4_checksum, inner_l4_offset, inner_frag_offset,
+	inner_frag_id;
+      u8 *inner_l4, inner_protocol;
+
+      //We have two headers to translate
+      //   FROM
+      //   [   IPv6   ]<- ext ->[IC][   IPv6   ]<- ext ->[L4 header ...
+      // Handled cases:
+      //                     [   IPv6   ][IC][   IPv6   ][L4 header ...
+      //                 [   IPv6   ][IC][   IPv6   ][Fr][L4 header ...
+      //    TO
+      //                               [ IPv4][IC][ IPv4][L4 header ...
+
+      if (ip6_parse (inner_ip6, ip6_pay_len - 8,
+		     &inner_protocol, &inner_l4_offset, &inner_frag_offset))
+	return -1;
+
+      inner_l4 = u8_ptr_add (inner_ip6, inner_l4_offset);
+      inner_ip4 =
+	(ip4_header_t *) u8_ptr_add (inner_l4, -sizeof (*inner_ip4));
+      if (inner_frag_offset)
+	{
+	  ip6_frag_hdr_t *inner_frag =
+	    (ip6_frag_hdr_t *) u8_ptr_add (inner_ip6, inner_frag_offset);
+	  inner_frag_id = frag_id_6to4 (inner_frag->identification);
+	}
+      else
+	{
+	  inner_frag_id = 0;
+	}
+
+      //Do the translation of the inner packet
+      if (inner_protocol == IP_PROTOCOL_TCP)
+	{
+	  inner_L4_checksum = (u16 *) u8_ptr_add (inner_l4, 16);
+	}
+      else if (inner_protocol == IP_PROTOCOL_UDP)
+	{
+	  inner_L4_checksum = (u16 *) u8_ptr_add (inner_l4, 6);
+	}
+      else if (inner_protocol == IP_PROTOCOL_ICMP6)
+	{
+	  icmp46_header_t *inner_icmp = (icmp46_header_t *) inner_l4;
+	  csum = inner_icmp->checksum;
+	  csum = ip_csum_sub_even (csum, *((u16 *) inner_icmp));
+	  //It cannot be of a different type as ip6_icmp_to_icmp6_in_place succeeded
+	  inner_icmp->type = (inner_icmp->type == ICMP6_echo_request) ?
+	    ICMP4_echo_request : ICMP4_echo_reply;
+	  csum = ip_csum_add_even (csum, *((u16 *) inner_icmp));
+	  inner_icmp->checksum = ip_csum_fold (csum);
+	  inner_protocol = IP_PROTOCOL_ICMP;	//Will be copied to ip6 later
+	  inner_L4_checksum = &inner_icmp->checksum;
+	}
+      else
+	{
+	  return -1;
+	}
+
+      csum = *inner_L4_checksum;
+      csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[0]);
+      csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[1]);
+      csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[0]);
+      csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[1]);
+
+      if ((rv = inner_fn (inner_ip6, inner_ip4, inner_ctx)) != 0)
+	return rv;
+
+      inner_ip4->ip_version_and_header_length =
+	IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
+      inner_ip4->tos = ip6_translate_tos (inner_ip6);
+      inner_ip4->length =
+	u16_net_add (inner_ip6->payload_length,
+		     sizeof (*ip4) + sizeof (*ip6) - inner_l4_offset);
+      inner_ip4->fragment_id = inner_frag_id;
+      inner_ip4->flags_and_fragment_offset =
+	clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
+      inner_ip4->ttl = inner_ip6->hop_limit;
+      inner_ip4->protocol = inner_protocol;
+      inner_ip4->checksum = ip4_header_checksum (inner_ip4);
+
+      if (inner_ip4->protocol == IP_PROTOCOL_ICMP)
+	{
+	  //Remove remainings of the pseudo-header in the csum
+	  csum =
+	    ip_csum_sub_even (csum, clib_host_to_net_u16 (IP_PROTOCOL_ICMP6));
+	  csum =
+	    ip_csum_sub_even (csum, inner_ip4->length - sizeof (*inner_ip4));
+	}
+      else
+	{
+	  //Update to new pseudo-header
+	  csum = ip_csum_add_even (csum, inner_ip4->src_address.as_u32);
+	  csum = ip_csum_add_even (csum, inner_ip4->dst_address.as_u32);
+	}
+      *inner_L4_checksum = ip_csum_fold (csum);
+
+      //Move up icmp header
+      ip4 = (ip4_header_t *) u8_ptr_add (inner_l4, -2 * sizeof (*ip4) - 8);
+      clib_memcpy (u8_ptr_add (inner_l4, -sizeof (*ip4) - 8), icmp, 8);
+      icmp = (icmp46_header_t *) u8_ptr_add (inner_l4, -sizeof (*ip4) - 8);
+    }
+  else
+    {
+      //Only one header to translate
+      ip4 = (ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
+    }
+
+  vlib_buffer_advance (p, (u32) (((u8 *) ip4) - ((u8 *) ip6)));
+
+  if ((rv = fn (ip6, ip4, ctx)) != 0)
+    return rv;
+
+  ip4->ip_version_and_header_length =
+    IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
+  ip4->tos = ip6_translate_tos (ip6);
+  ip4->fragment_id = 0;
+  ip4->flags_and_fragment_offset = 0;
+  ip4->ttl = ip6->hop_limit;
+  ip4->protocol = IP_PROTOCOL_ICMP;
+  //TODO fix the length depending on offset length
+  ip4->length = u16_net_add (ip6->payload_length,
+			     (inner_ip6 ==
+			      NULL) ? sizeof (*ip4) : (2 * sizeof (*ip4) -
+						       sizeof (*ip6)));
+  ip4->checksum = ip4_header_checksum (ip4);
+
+  //Recompute ICMP checksum
+  icmp->checksum = 0;
+  csum =
+    ip_incremental_checksum (0, icmp,
+			     clib_net_to_host_u16 (ip4->length) -
+			     sizeof (*ip4));
+  icmp->checksum = ~ip_csum_fold (csum);
+
+  return 0;
+}
+
+/**
+ * @brief Translate IPv6 fragmented packet to IPv4.
+ *
+ * @param p   Buffer to translate.
+ * @param fn  The function to translate header.
+ * @param ctx A context passed in the header translate function.
+ *
+ * @returns 0 on success, non-zero value otherwise.
+ */
+always_inline int
+ip6_to_ip4_fragmented (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx)
+{
+  ip6_header_t *ip6;
+  ip6_frag_hdr_t *frag;
+  ip4_header_t *ip4;
+  u16 frag_id;
+  u8 frag_more;
+  u16 frag_offset;
+  u8 l4_protocol;
+  u16 l4_offset;
+  int rv;
+
+  ip6 = vlib_buffer_get_current (p);
+
+  if (ip6_parse
+      (ip6, p->current_length, &l4_protocol, &l4_offset, &frag_offset))
+    return -1;
+
+  frag = (ip6_frag_hdr_t *) u8_ptr_add (ip6, frag_offset);
+  ip4 = (ip4_header_t *) u8_ptr_add (ip6, l4_offset - sizeof (*ip4));
+  vlib_buffer_advance (p, l4_offset - sizeof (*ip4));
+
+  frag_id = frag_id_6to4 (frag->identification);
+  frag_more = ip6_frag_hdr_more (frag);
+  frag_offset = ip6_frag_hdr_offset (frag);
+
+  if ((rv = fn (ip6, ip4, ctx)) != 0)
+    return rv;
+
+  ip4->ip_version_and_header_length =
+    IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
+  ip4->tos = ip6_translate_tos (ip6);
+  ip4->length = u16_net_add (ip6->payload_length,
+			     sizeof (*ip4) - l4_offset + sizeof (*ip6));
+  ip4->fragment_id = frag_id;
+  ip4->flags_and_fragment_offset =
+    clib_host_to_net_u16 (frag_offset |
+			  (frag_more ? IP4_HEADER_FLAG_MORE_FRAGMENTS : 0));
+  ip4->ttl = ip6->hop_limit;
+  ip4->protocol =
+    (l4_protocol == IP_PROTOCOL_ICMP6) ? IP_PROTOCOL_ICMP : l4_protocol;
+  ip4->checksum = ip4_header_checksum (ip4);
+
+  return 0;
+}
+
+/**
+ * @brief Translate IPv6 UDP/TCP packet to IPv4.
+ *
+ * @param p   Buffer to translate.
+ * @param fn  The function to translate header.
+ * @param ctx A context passed in the header translate function.
+ *
+ * @returns 0 on success, non-zero value otherwise.
+ */
+always_inline int
+ip6_to_ip4_tcp_udp (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx,
+		    u8 udp_checksum)
+{
+  ip6_header_t *ip6;
+  u16 *checksum;
+  ip_csum_t csum;
+  ip4_header_t *ip4;
+  u16 fragment_id;
+  u16 flags;
+  u16 frag_offset;
+  u8 l4_protocol;
+  u16 l4_offset;
+  int rv;
+
+  ip6 = vlib_buffer_get_current (p);
+
+  if (ip6_parse
+      (ip6, p->current_length, &l4_protocol, &l4_offset, &frag_offset))
+    return -1;
+
+  if (l4_protocol == IP_PROTOCOL_TCP)
+    {
+      tcp_header_t *tcp = ip6_next_header (ip6);
+      checksum = &tcp->checksum;
+    }
+  else
+    {
+      udp_header_t *udp = ip6_next_header (ip6);
+      checksum = &udp->checksum;
+      //UDP checksum is optional over IPv4
+      if (!udp_checksum)
+	goto no_csum;
+    }
+
+  csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
+  csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
+  csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
+  csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
+
+no_csum:
+  ip4 = (ip4_header_t *) u8_ptr_add (ip6, l4_offset - sizeof (*ip4));
+
+  vlib_buffer_advance (p, l4_offset - sizeof (*ip4));
+
+  if (PREDICT_FALSE (frag_offset))
+    {
+      //Only the first fragment
+      ip6_frag_hdr_t *hdr = (ip6_frag_hdr_t *) u8_ptr_add (ip6, frag_offset);
+      fragment_id = frag_id_6to4 (hdr->identification);
+      flags = clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
+    }
+  else
+    {
+      fragment_id = 0;
+      flags = 0;
+    }
+
+  if ((rv = fn (ip6, ip4, ctx)) != 0)
+    return rv;
+
+  ip4->ip_version_and_header_length =
+    IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
+  ip4->tos = ip6_translate_tos (ip6);
+  ip4->length = u16_net_add (ip6->payload_length,
+			     sizeof (*ip4) + sizeof (*ip6) - l4_offset);
+  ip4->fragment_id = fragment_id;
+  ip4->flags_and_fragment_offset = flags;
+  ip4->ttl = ip6->hop_limit;
+  ip4->protocol = l4_protocol;
+  ip4->checksum = ip4_header_checksum (ip4);
+
+  //UDP checksum is optional over IPv4
+  if (!udp_checksum && l4_protocol == IP_PROTOCOL_UDP)
+    {
+      *checksum = 0;
+    }
+  else
+    {
+      csum = ip_csum_add_even (csum, ip4->dst_address.as_u32);
+      csum = ip_csum_add_even (csum, ip4->src_address.as_u32);
+      *checksum = ip_csum_fold (csum);
+    }
+
+  return 0;
+}
+
+#endif /* __included_ip6_to_ip4_h__ */
+
+/*
+ * fd.io coding-style-patch-verification: ON
+ *
+ * Local Variables:
+ * eval: (c-set-style "gnu")
+ * End:
+ */