summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/map/map.api169
-rw-r--r--src/plugins/map/map.c334
-rw-r--r--src/plugins/map/map.h18
-rw-r--r--src/plugins/map/map_api.c339
4 files changed, 648 insertions, 212 deletions
diff --git a/src/plugins/map/map.api b/src/plugins/map/map.api
index 9918d7210c4..78e7bec2c0b 100644
--- a/src/plugins/map/map.api
+++ b/src/plugins/map/map.api
@@ -13,7 +13,7 @@
* limitations under the License.
*/
-option version = "2.2.0";
+option version = "2.3.0";
import "vnet/ip/ip_types.api";
@@ -153,3 +153,170 @@ define map_summary_stats_reply
u64 total_ip4_fragments;
u64 total_security_check[2];
};
+
+
+/** \brief Set MAP fragmentation parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param inner - 1=frag inner packet, 0=frag tunnel packets
+ @param ignore_df - 1=IP4 fragment despite DF bit, 0=honor DF
+*/
+autoreply define map_param_set_fragmentation
+{
+ u32 client_index;
+ u32 context;
+ bool inner;
+ bool ignore_df;
+};
+
+
+/** \brief Set MAP ICMP parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param icmp4_err_relay_src - IPv4 ICMP err relay src address
+*/
+autoreply define map_param_set_icmp
+{
+ u32 client_index;
+ u32 context;
+ vl_api_ip4_address_t ip4_err_relay_src;
+};
+
+
+/** \brief Set MAP ICMP6 parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param enable_unreachable - 1 = send ICMP unreachable err msgs
+*/
+autoreply define map_param_set_icmp6
+{
+ u32 client_index;
+ u32 context;
+ bool enable_unreachable;
+};
+
+
+/** \brief Add/delete MAP pre-resolve IP addresses parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_add - 1 = Add non-zero IP addresses, 0 = delete
+ @param ip4_nh_address - direct IP4 next-hop address
+ @param ip6_nh_address - direct IP6 next-hop address
+*/
+autoreply define map_param_add_del_pre_resolve
+{
+ u32 client_index;
+ u32 context;
+ bool is_add;
+ vl_api_ip4_address_t ip4_nh_address;
+ vl_api_ip6_address_t ip6_nh_address;
+};
+
+
+/** \brief Set MAP reassembly parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param is_ip6 - 1 = params apply to IPv6, 0 = params apply to IPv4
+ @param lifetime_ms - reassembly valid lifetime, or ~0
+ @param pool_size - max number of reassemblies, or ~0
+ @param buffers - max number of reassembly buffers, or ~0
+ @param ht_ratio - hash-table size factor, or ~0
+*/
+autoreply define map_param_set_reassembly
+{
+ u32 client_index;
+ u32 context;
+ bool is_ip6;
+ u16 lifetime_ms;
+ u16 pool_size;
+ u32 buffers;
+ f64 ht_ratio;
+};
+
+
+/** \brief Set MAP security-check parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param enable - 1=enable security check on first inbound packet
+ @param fragments - 1=enable check on (subsequent) fragments too
+*/
+autoreply define map_param_set_security_check
+{
+ u32 client_index;
+ u32 context;
+ bool enable;
+ bool fragments;
+};
+
+
+/** \brief Set MAP traffic class parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param copy - 1 = copy packet class/TOS field, 0 = use class instead
+ @param class - class field value when copy == 0
+*/
+autoreply define map_param_set_traffic_class
+{
+ u32 client_index;
+ u32 context;
+ bool copy;
+ u8 class;
+};
+
+
+/** \brief Request for a single block of MAP parameters
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+define map_param_get
+{
+ u32 client_index;
+ u32 context;
+};
+
+
+/** \brief Reply for map_param_get request
+ @param context - sender context, to match reply w/ request
+ @param retval - return code for request
+ @param inner - 1=frag inner packet, 0=frag tunnel packets, ~0=untouched
+ @param ignore_df - 1=IP4 fragm despite DF bit, 0=honor DF, ~0=untouched
+ @param icmp_ip4_err_relay_src - IPv4 ICMP err relay src address
+ @param icmp6_enable_unreachable - 1 = send ICMP unreachable err msgs
+ @param ip4_nh_address - direct IP4 next-hop address
+ @param ip6_nh_address - direct IP6 next-hop address
+ @param ip4_lifetime_ms - reassembly valid lifetime, or ~0
+ @param ip4_pool_size - max number of reassemblies, or ~0
+ @param ip4_buffers - max number of reassembly buffers, or ~0
+ @param ip4_ht_ratio - reassembly valid lifetime, or ~0
+ @param ip6_lifetime_ms - max number of reassemblies, or ~0
+ @param ip6_pool_size - max number of reassemblies, or ~0
+ @param ip6_buffers - max number of reassembly buffers, or ~0
+ @param ip6_ht_ratio - hash-table size factor, or ~0
+ @param sec_check_enable - 1=enable security check on first inbound packet
+ @param sec_check_fragments - 1=enable check on (subsequent) fragments too
+ @param tc_copy - 1 = copy packet class/TOS field, 0 = use class instead
+ @param tc_class - class field value when copy == 0
+*/
+define map_param_get_reply
+{
+ u32 context;
+ i32 retval;
+ u8 frag_inner;
+ u8 frag_ignore_df;
+ vl_api_ip4_address_t icmp_ip4_err_relay_src;
+ bool icmp6_enable_unreachable;
+ vl_api_ip4_address_t ip4_nh_address;
+ vl_api_ip6_address_t ip6_nh_address;
+ u16 ip4_lifetime_ms;
+ u16 ip4_pool_size;
+ u32 ip4_buffers;
+ f64 ip4_ht_ratio;
+ u16 ip6_lifetime_ms;
+ u16 ip6_pool_size;
+ u32 ip6_buffers;
+ f64 ip6_ht_ratio;
+ bool sec_check_enable;
+ bool sec_check_fragments;
+ bool tc_copy;
+ u8 tc_class;
+};
diff --git a/src/plugins/map/map.c b/src/plugins/map/map.c
index ee3ff728b58..8156ec835a8 100644
--- a/src/plugins/map/map.c
+++ b/src/plugins/map/map.c
@@ -440,7 +440,7 @@ map_fib_unresolve (map_main_pre_resolved_t * pr,
pr->sibling = FIB_NODE_INDEX_INVALID;
}
-static void
+void
map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del)
{
if (ip6 && (ip6->as_u64[0] != 0 || ip6->as_u64[1] != 0))
@@ -476,8 +476,11 @@ map_security_check_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
- map_main_t *mm = &map_main;
clib_error_t *error = NULL;
+ bool enable = false;
+ bool check_frag = false;
+ bool saw_enable = false;
+ bool saw_frag = false;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
@@ -485,10 +488,26 @@ map_security_check_command_fn (vlib_main_t * vm,
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat (line_input, "off"))
- mm->sec_check = false;
- else if (unformat (line_input, "on"))
- mm->sec_check = true;
+ if (unformat (line_input, "enable"))
+ {
+ enable = false;
+ saw_enable = true;
+ }
+ else if (unformat (line_input, "disable"))
+ {
+ enable = true;
+ saw_enable = true;
+ }
+ else if (unformat (line_input, "fragments on"))
+ {
+ check_frag = true;
+ saw_frag = true;
+ }
+ else if (unformat (line_input, "fragments off"))
+ {
+ check_frag = false;
+ saw_frag = true;
+ }
else
{
error = clib_error_return (0, "unknown input `%U'",
@@ -497,45 +516,28 @@ map_security_check_command_fn (vlib_main_t * vm,
}
}
-done:
- unformat_free (line_input);
-
- return error;
-}
-
-static clib_error_t *
-map_security_check_frag_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- unformat_input_t _line_input, *line_input = &_line_input;
- map_main_t *mm = &map_main;
- clib_error_t *error = NULL;
-
- /* Get a line of input. */
- if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ if (!saw_enable)
+ {
+ error = clib_error_return (0,
+ "Must specify enable 'enable' or 'disable'");
+ goto done;
+ }
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ if (!saw_frag)
{
- if (unformat (line_input, "off"))
- mm->sec_check_frag = false;
- else if (unformat (line_input, "on"))
- mm->sec_check_frag = true;
- else
- {
- error = clib_error_return (0, "unknown input `%U'",
- format_unformat_error, line_input);
- goto done;
- }
+ error = clib_error_return (0, "Must specify fragments 'on' or 'off'");
+ goto done;
}
+ map_param_set_security_check (enable, check_frag);
+
done:
unformat_free (line_input);
return error;
}
+
static clib_error_t *
map_add_domain_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
@@ -754,6 +756,7 @@ map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
{
unformat_input_t _line_input, *line_input = &_line_input;
ip4_address_t icmp_src_address;
+ ip4_address_t *p_icmp_addr = 0;
map_main_t *mm = &map_main;
clib_error_t *error = NULL;
@@ -767,7 +770,10 @@ map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
{
if (unformat
(line_input, "%U", unformat_ip4_address, &icmp_src_address))
- mm->icmp4_src_address = icmp_src_address;
+ {
+ mm->icmp4_src_address = icmp_src_address;
+ p_icmp_addr = &icmp_src_address;
+ }
else
{
error = clib_error_return (0, "unknown input `%U'",
@@ -776,6 +782,8 @@ map_icmp_relay_source_address_command_fn (vlib_main_t * vm,
}
}
+ map_param_set_icmp (p_icmp_addr);
+
done:
unformat_free (line_input);
@@ -788,9 +796,9 @@ map_icmp_unreachables_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
- map_main_t *mm = &map_main;
int num_m_args = 0;
clib_error_t *error = NULL;
+ bool enabled = false;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
@@ -800,9 +808,9 @@ map_icmp_unreachables_command_fn (vlib_main_t * vm,
{
num_m_args++;
if (unformat (line_input, "on"))
- mm->icmp6_enabled = true;
+ enabled = true;
else if (unformat (line_input, "off"))
- mm->icmp6_enabled = false;
+ enabled = false;
else
{
error = clib_error_return (0, "unknown input `%U'",
@@ -815,19 +823,26 @@ map_icmp_unreachables_command_fn (vlib_main_t * vm,
if (num_m_args != 1)
error = clib_error_return (0, "mandatory argument(s) missing");
+
+ map_param_set_icmp6 (enabled);
+
done:
unformat_free (line_input);
return error;
}
+
static clib_error_t *
map_fragment_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
- map_main_t *mm = &map_main;
clib_error_t *error = NULL;
+ bool frag_inner = false;
+ bool frag_ignore_df = false;
+ bool saw_in_out = false;
+ bool saw_df = false;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
@@ -836,9 +851,25 @@ map_fragment_command_fn (vlib_main_t * vm,
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "inner"))
- mm->frag_inner = true;
+ {
+ frag_inner = true;
+ saw_in_out = true;
+ }
else if (unformat (line_input, "outer"))
- mm->frag_inner = false;
+ {
+ frag_inner = false;
+ saw_in_out = true;
+ }
+ else if (unformat (line_input, "ignore-df"))
+ {
+ frag_ignore_df = true;
+ saw_df = true;
+ }
+ else if (unformat (line_input, "honor-df"))
+ {
+ frag_ignore_df = false;
+ saw_df = true;
+ }
else
{
error = clib_error_return (0, "unknown input `%U'",
@@ -847,39 +878,20 @@ map_fragment_command_fn (vlib_main_t * vm,
}
}
-done:
- unformat_free (line_input);
-
- return error;
-}
-
-static clib_error_t *
-map_fragment_df_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- unformat_input_t _line_input, *line_input = &_line_input;
- map_main_t *mm = &map_main;
- clib_error_t *error = NULL;
-
- /* Get a line of input. */
- if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ if (!saw_in_out)
+ {
+ error = clib_error_return (0, "Must specify 'inner' or 'outer'");
+ goto done;
+ }
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ if (!saw_df)
{
- if (unformat (line_input, "on"))
- mm->frag_ignore_df = true;
- else if (unformat (line_input, "off"))
- mm->frag_ignore_df = false;
- else
- {
- error = clib_error_return (0, "unknown input `%U'",
- format_unformat_error, line_input);
- goto done;
- }
+ error = clib_error_return (0, "Must specify 'ignore-df' or 'honor-df'");
+ goto done;
}
+ map_param_set_fragmentation (frag_inner, frag_ignore_df);
+
done:
unformat_free (line_input);
@@ -892,11 +904,10 @@ map_traffic_class_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
- map_main_t *mm = &map_main;
u32 tc = 0;
clib_error_t *error = NULL;
+ bool tc_copy = false;
- mm->tc_copy = false;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
@@ -905,9 +916,9 @@ map_traffic_class_command_fn (vlib_main_t * vm,
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "copy"))
- mm->tc_copy = true;
+ tc_copy = true;
else if (unformat (line_input, "%x", &tc))
- mm->tc = tc & 0xff;
+ tc = tc & 0xff;
else
{
error = clib_error_return (0, "unknown input `%U'",
@@ -916,6 +927,8 @@ map_traffic_class_command_fn (vlib_main_t * vm,
}
}
+ map_param_set_traffic_class (tc_copy, tc);
+
done:
unformat_free (line_input);
@@ -1282,110 +1295,34 @@ map_params_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
MAP_IP6_REASS_CONF_BUFFERS_MAX);
}
- if (ip4)
+ int rv;
+ u32 reass = 0, packets = 0;
+ rv = map_param_set_reassembly (!ip4, lifetime, pool_size, buffers, ht_ratio,
+ &reass, &packets);
+
+ switch (rv)
{
- u32 reass = 0, packets = 0;
- if (pool_size != ~0)
- {
- if (map_ip4_reass_conf_pool_size (pool_size, &reass, &packets))
- {
- vlib_cli_output (vm, "Could not set ip4-reass pool-size");
- }
- else
- {
- vlib_cli_output (vm,
- "Setting ip4-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
- reass, packets);
- }
- }
- if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
- {
- if (map_ip4_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
- {
- vlib_cli_output (vm, "Could not set ip4-reass ht-log2len");
- }
- else
- {
- vlib_cli_output (vm,
- "Setting ip4-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
- reass, packets);
- }
- }
- if (lifetime != ~0)
- {
- if (map_ip4_reass_conf_lifetime (lifetime))
- vlib_cli_output (vm, "Could not set ip4-reass lifetime");
- else
- vlib_cli_output (vm, "Setting ip4-reass lifetime");
- }
- if (buffers != ~(0ull))
- {
- if (map_ip4_reass_conf_buffers (buffers))
- vlib_cli_output (vm, "Could not set ip4-reass buffers");
- else
- vlib_cli_output (vm, "Setting ip4-reass buffers");
- }
+ case 0:
+ vlib_cli_output (vm,
+ "Note: destroyed-reassembly=%u , dropped-fragments=%u",
+ reass, packets);
+ break;
- if (map_main.ip4_reass_conf_buffers >
- map_main.ip4_reass_conf_pool_size *
- MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
- {
- vlib_cli_output (vm,
- "Note: 'ip4-reass buffers' > pool-size * max-fragments-per-reassembly.");
- }
- }
+ case MAP_ERR_BAD_POOL_SIZE:
+ return clib_error_return (0, "Could not set reass pool-size");
- if (ip6)
- {
- u32 reass = 0, packets = 0;
- if (pool_size != ~0)
- {
- if (map_ip6_reass_conf_pool_size (pool_size, &reass, &packets))
- {
- vlib_cli_output (vm, "Could not set ip6-reass pool-size");
- }
- else
- {
- vlib_cli_output (vm,
- "Setting ip6-reass pool-size (destroyed-reassembly=%u , dropped-fragments=%u)",
- reass, packets);
- }
- }
- if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
- {
- if (map_ip6_reass_conf_ht_ratio (ht_ratio, &reass, &packets))
- {
- vlib_cli_output (vm, "Could not set ip6-reass ht-log2len");
- }
- else
- {
- vlib_cli_output (vm,
- "Setting ip6-reass ht-log2len (destroyed-reassembly=%u , dropped-fragments=%u)",
- reass, packets);
- }
- }
- if (lifetime != ~0)
- {
- if (map_ip6_reass_conf_lifetime (lifetime))
- vlib_cli_output (vm, "Could not set ip6-reass lifetime");
- else
- vlib_cli_output (vm, "Setting ip6-reass lifetime");
- }
- if (buffers != ~(0ull))
- {
- if (map_ip6_reass_conf_buffers (buffers))
- vlib_cli_output (vm, "Could not set ip6-reass buffers");
- else
- vlib_cli_output (vm, "Setting ip6-reass buffers");
- }
+ case MAP_ERR_BAD_HT_RATIO:
+ return clib_error_return (0, "Could not set reass ht-log2len");
- if (map_main.ip6_reass_conf_buffers >
- map_main.ip6_reass_conf_pool_size *
- MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
- {
- vlib_cli_output (vm,
- "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
- }
+ case MAP_ERR_BAD_LIFETIME:
+ return clib_error_return (0, "Could not set ip6-reass lifetime");
+
+ case MAP_ERR_BAD_BUFFERS:
+ return clib_error_return (0, "Could not set ip6-reass buffers");
+
+ case MAP_ERR_BAD_BUFFERS_TOO_LARGE:
+ return clib_error_return (0,
+ "Note: 'ip6-reass buffers' > pool-size * max-fragments-per-reassembly.");
}
return 0;
@@ -2032,6 +1969,7 @@ VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
/*?
* Enable or disable the MAP-E inbound security check
+ * Specifiy if the inbound security check should be done on fragments
*
* @cliexpar
* @cliexstart{map params security-check}
@@ -2039,14 +1977,20 @@ VLIB_CLI_COMMAND(map_pre_resolve_command, static) = {
* By default, a decapsulated packet's IPv4 source address will be
* verified against the outer header's IPv6 source address. Disabling
* this feature will allow IPv4 source address spoofing.
+ *
+ * Typically the inbound on-decapsulation security check is only done
+ * on the first packet. The packet that contains the L4
+ * information. While a security check on every fragment is possible,
+ * it has a cost. State must be created on the first fragment.
* @cliexend
?*/
VLIB_CLI_COMMAND(map_security_check_command, static) = {
.path = "map params security-check",
- .short_help = "map params security-check on|off",
+ .short_help = "map params security-check enable|disable fragments on|off",
.function = map_security_check_command_fn,
};
+
/*?
* Specifiy the IPv4 source address used for relayed ICMP error messages
*
@@ -2085,19 +2029,6 @@ VLIB_CLI_COMMAND(map_icmp_unreachables_command, static) = {
*
* @cliexpar
* @cliexstart{map params fragment}
- * @cliexend
- ?*/
-VLIB_CLI_COMMAND(map_fragment_command, static) = {
- .path = "map params fragment",
- .short_help = "map params fragment inner|outer",
- .function = map_fragment_command_fn,
-};
-
-/*?
- * Ignore the IPv4 Don't fragment bit
- *
- * @cliexpar
- * @cliexstart{map params fragment ignore-df}
*
* Allows fragmentation of the IPv4 packet even if the DF bit is
* set. The choice between inner or outer fragmentation of tunnel
@@ -2106,29 +2037,12 @@ VLIB_CLI_COMMAND(map_fragment_command, static) = {
* endpoint.
* @cliexend
?*/
-VLIB_CLI_COMMAND(map_fragment_df_command, static) = {
- .path = "map params fragment ignore-df",
- .short_help = "map params fragment ignore-df on|off",
- .function = map_fragment_df_command_fn,
+VLIB_CLI_COMMAND(map_fragment_command, static) = {
+ .path = "map params fragment",
+ .short_help = "map params fragment inner|outer ignore-df|honor-df",
+ .function = map_fragment_command_fn,
};
-/*?
- * Specifiy if the inbound security check should be done on fragments
- *
- * @cliexpar
- * @cliexstart{map params security-check fragments}
- *
- * Typically the inbound on-decapsulation security check is only done
- * on the first packet. The packet that contains the L4
- * information. While a security check on every fragment is possible,
- * it has a cost. State must be created on the first fragment.
- * @cliexend
- ?*/
-VLIB_CLI_COMMAND(map_security_check_frag_command, static) = {
- .path = "map params security-check fragments",
- .short_help = "map params security-check fragments on|off",
- .function = map_security_check_frag_command_fn,
-};
/*?
* Add MAP domain
diff --git a/src/plugins/map/map.h b/src/plugins/map/map.h
index 0d4270d5806..21baf73678a 100644
--- a/src/plugins/map/map.h
+++ b/src/plugins/map/map.h
@@ -25,6 +25,13 @@
#define MAP_SKIP_IP6_LOOKUP 1
+#define MAP_ERR_GOOD 0
+#define MAP_ERR_BAD_POOL_SIZE -1
+#define MAP_ERR_BAD_HT_RATIO -2
+#define MAP_ERR_BAD_LIFETIME -3
+#define MAP_ERR_BAD_BUFFERS -4
+#define MAP_ERR_BAD_BUFFERS_TOO_LARGE -5
+
int map_create_domain (ip4_address_t * ip4_prefix, u8 ip4_prefix_len,
ip6_address_t * ip6_prefix, u8 ip6_prefix_len,
ip6_address_t * ip6_src, u8 ip6_src_len,
@@ -35,6 +42,17 @@ int map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep,
u8 is_add);
u8 *format_map_trace (u8 * s, va_list * args);
+int map_param_set_fragmentation (bool inner, bool ignore_df);
+int map_param_set_icmp (ip4_address_t * ip4_err_relay_src);
+int map_param_set_icmp6 (u8 enable_unreachable);
+void map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del);
+int map_param_set_reassembly (bool is_ipv6, u16 lifetime_ms,
+ u16 pool_size, u32 buffers, f64 ht_ratio,
+ u32 * reass, u32 * packets);
+int map_param_set_security_check (bool enable, bool fragments);
+int map_param_set_traffic_class (bool copy, u8 tc);
+
+
typedef enum
{
MAP_DOMAIN_PREFIX = 1 << 0,
diff --git a/src/plugins/map/map_api.c b/src/plugins/map/map_api.c
index 0b17793e952..8ce6428fbc6 100644
--- a/src/plugins/map/map_api.c
+++ b/src/plugins/map/map_api.c
@@ -252,13 +252,350 @@ out:
vl_api_send_msg (reg, (u8 *) rmp);
}
+
+int
+map_param_set_fragmentation (bool inner, bool ignore_df)
+{
+ map_main_t *mm = &map_main;
+
+ mm->frag_inner = ! !inner;
+ mm->frag_ignore_df = ! !ignore_df;
+
+ return 0;
+}
+
+static void
+ vl_api_map_param_set_fragmentation_t_handler
+ (vl_api_map_param_set_fragmentation_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_set_fragmentation_reply_t *rmp;
+ int rv = 0;
+
+ rv = map_param_set_fragmentation (mp->inner, mp->ignore_df);
+
+ REPLY_MACRO (VL_API_MAP_PARAM_SET_FRAGMENTATION_REPLY);
+}
+
+
+int
+map_param_set_icmp (ip4_address_t * icmp_src_address)
+{
+ map_main_t *mm = &map_main;
+
+ if (icmp_src_address == 0)
+ return -1;
+
+ mm->icmp4_src_address = *icmp_src_address;
+
+ return 0;
+}
+
+
+static void
+vl_api_map_param_set_icmp_t_handler (vl_api_map_param_set_icmp_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_set_icmp_reply_t *rmp;
+ int rv;
+
+ rv = map_param_set_icmp ((ip4_address_t *) & mp->ip4_err_relay_src);
+
+ REPLY_MACRO (VL_API_MAP_PARAM_SET_ICMP_REPLY);
+}
+
+
+int
+map_param_set_icmp6 (u8 enable_unreachable)
+{
+ map_main_t *mm = &map_main;
+
+ mm->icmp6_enabled = ! !enable_unreachable;
+
+ return 0;
+}
+
+static void
+vl_api_map_param_set_icmp6_t_handler (vl_api_map_param_set_icmp6_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_set_icmp6_reply_t *rmp;
+ int rv;
+
+ rv = map_param_set_icmp6 (mp->enable_unreachable);
+
+ REPLY_MACRO (VL_API_MAP_PARAM_SET_ICMP6_REPLY);
+}
+
+
+static void
+ vl_api_map_param_add_del_pre_resolve_t_handler
+ (vl_api_map_param_add_del_pre_resolve_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_add_del_pre_resolve_reply_t *rmp;
+ int rv = 0;
+
+ map_pre_resolve ((ip4_address_t *) & mp->ip4_nh_address,
+ (ip6_address_t *) & mp->ip6_nh_address, mp->is_add);
+
+ REPLY_MACRO (VL_API_MAP_PARAM_ADD_DEL_PRE_RESOLVE_REPLY);
+}
+
+
+int
+map_param_set_reassembly (bool is_ipv6,
+ u16 lifetime_ms,
+ u16 pool_size,
+ u32 buffers,
+ f64 ht_ratio, u32 * reass, u32 * packets)
+{
+ u32 ps_reass = 0, ps_packets = 0;
+ u32 ht_reass = 0, ht_packets = 0;
+
+ if (is_ipv6)
+ {
+ if (pool_size != (u16) ~ 0)
+ {
+ if (pool_size > MAP_IP6_REASS_CONF_POOL_SIZE_MAX)
+ return MAP_ERR_BAD_POOL_SIZE;
+ if (map_ip6_reass_conf_pool_size
+ (pool_size, &ps_reass, &ps_packets))
+ return MAP_ERR_BAD_POOL_SIZE;
+ }
+
+ if (ht_ratio != (MAP_IP6_REASS_CONF_HT_RATIO_MAX + 1))
+ {
+ if (ht_ratio > MAP_IP6_REASS_CONF_HT_RATIO_MAX)
+ return MAP_ERR_BAD_HT_RATIO;
+ if (map_ip6_reass_conf_ht_ratio (ht_ratio, &ht_reass, &ht_packets))
+ return MAP_ERR_BAD_HT_RATIO;
+ }
+
+ if (lifetime_ms != (u16) ~ 0)
+ {
+ if (lifetime_ms > MAP_IP6_REASS_CONF_LIFETIME_MAX)
+ return MAP_ERR_BAD_LIFETIME;
+ if (map_ip6_reass_conf_lifetime (lifetime_ms))
+ return MAP_ERR_BAD_LIFETIME;
+ }
+
+ if (buffers != ~0)
+ {
+ if (buffers > MAP_IP6_REASS_CONF_BUFFERS_MAX)
+ return MAP_ERR_BAD_BUFFERS;
+ if (map_ip6_reass_conf_buffers (buffers))
+ return MAP_ERR_BAD_BUFFERS;
+ }
+
+ if (map_main.ip6_reass_conf_buffers >
+ map_main.ip6_reass_conf_pool_size *
+ MAP_IP6_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
+ {
+ return MAP_ERR_BAD_BUFFERS_TOO_LARGE;
+ }
+ }
+ else
+ {
+ if (pool_size != (u16) ~ 0)
+ {
+ if (pool_size > MAP_IP4_REASS_CONF_POOL_SIZE_MAX)
+ return MAP_ERR_BAD_POOL_SIZE;
+ if (map_ip4_reass_conf_pool_size
+ (pool_size, &ps_reass, &ps_packets))
+ return MAP_ERR_BAD_POOL_SIZE;
+ }
+
+ if (ht_ratio != (MAP_IP4_REASS_CONF_HT_RATIO_MAX + 1))
+ {
+ if (ht_ratio > MAP_IP4_REASS_CONF_HT_RATIO_MAX)
+ return MAP_ERR_BAD_HT_RATIO;
+ if (map_ip4_reass_conf_ht_ratio (ht_ratio, &ht_reass, &ht_packets))
+ return MAP_ERR_BAD_HT_RATIO;
+ }
+
+ if (lifetime_ms != (u16) ~ 0)
+ {
+ if (lifetime_ms > MAP_IP4_REASS_CONF_LIFETIME_MAX)
+ return MAP_ERR_BAD_LIFETIME;
+ if (map_ip4_reass_conf_lifetime (lifetime_ms))
+ return MAP_ERR_BAD_LIFETIME;
+ }
+
+ if (buffers != ~0)
+ {
+ if (buffers > MAP_IP4_REASS_CONF_BUFFERS_MAX)
+ return MAP_ERR_BAD_BUFFERS;
+ if (map_ip4_reass_conf_buffers (buffers))
+ return MAP_ERR_BAD_BUFFERS;
+ }
+
+ if (map_main.ip4_reass_conf_buffers >
+ map_main.ip4_reass_conf_pool_size *
+ MAP_IP4_REASS_MAX_FRAGMENTS_PER_REASSEMBLY)
+ {
+ return MAP_ERR_BAD_BUFFERS_TOO_LARGE;
+ }
+ }
+
+ if (reass)
+ *reass = ps_reass + ht_reass;
+
+ if (packets)
+ *packets = ps_packets + ht_packets;
+
+ return 0;
+}
+
+
+static void
+ vl_api_map_param_set_reassembly_t_handler
+ (vl_api_map_param_set_reassembly_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_set_reassembly_reply_t *rmp;
+ u32 reass = 0, packets = 0;
+ int rv;
+ f64 ht_ratio;
+
+ ht_ratio = (f64) clib_net_to_host_u64 (mp->ht_ratio);
+ if (ht_ratio == ~0)
+ ht_ratio = MAP_IP6_REASS_CONF_HT_RATIO_MAX + 1;
+
+ rv = map_param_set_reassembly (mp->is_ip6,
+ clib_net_to_host_u16 (mp->lifetime_ms),
+ clib_net_to_host_u16 (mp->pool_size),
+ clib_net_to_host_u32 (mp->buffers),
+ ht_ratio, &reass, &packets);
+
+ /*
+ * FIXME: Should the lost reass and packet counts be returned in the API?
+ */
+
+ REPLY_MACRO (VL_API_MAP_PARAM_SET_REASSEMBLY_REPLY);
+}
+
+
+int
+map_param_set_security_check (bool enable, bool fragments)
+{
+ map_main_t *mm = &map_main;
+
+ mm->sec_check = ! !enable;
+ mm->sec_check_frag = ! !fragments;
+
+ return 0;
+}
+
+static void
+ vl_api_map_param_set_security_check_t_handler
+ (vl_api_map_param_set_security_check_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_set_security_check_reply_t *rmp;
+ int rv;
+
+ rv = map_param_set_security_check (mp->enable, mp->fragments);
+
+ REPLY_MACRO (VL_API_MAP_PARAM_SET_SECURITY_CHECK_REPLY);
+}
+
+
+int
+map_param_set_traffic_class (bool copy, u8 tc)
+{
+ map_main_t *mm = &map_main;
+
+ mm->tc_copy = ! !copy;
+ mm->tc = tc;
+
+ return 0;
+}
+
+static void
+ vl_api_map_param_set_traffic_class_t_handler
+ (vl_api_map_param_set_traffic_class_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_set_traffic_class_reply_t *rmp;
+ int rv;
+
+ rv = map_param_set_traffic_class (mp->copy, mp->class);
+
+ REPLY_MACRO (VL_API_MAP_PARAM_SET_TRAFFIC_CLASS_REPLY);
+}
+
+
+static void
+vl_api_map_param_get_t_handler (vl_api_map_param_get_t * mp)
+{
+ map_main_t *mm = &map_main;
+ vl_api_map_param_get_reply_t *rmp;
+ vl_api_registration_t *reg;
+
+ reg = vl_api_client_index_to_registration (mp->client_index);
+ if (!reg)
+ return;
+
+ rmp = vl_msg_api_alloc (sizeof (*rmp));
+ rmp->_vl_msg_id = htons (VL_API_MAP_PARAM_GET_REPLY + mm->msg_id_base);
+ rmp->context = mp->context;
+ rmp->retval = 0;
+
+ rmp->frag_inner = mm->frag_inner;
+ rmp->frag_ignore_df = mm->frag_ignore_df;
+
+ clib_memcpy (&rmp->icmp_ip4_err_relay_src,
+ &mm->icmp4_src_address, sizeof (rmp->icmp_ip4_err_relay_src));
+
+ rmp->icmp6_enable_unreachable = mm->icmp6_enabled;
+
+ /*
+ * FIXME: How are these addresses re-extracted from the FIB?
+ * Or should a local map_main copy be kept?
+ */
+ clib_memset (&rmp->ip4_nh_address, 0, sizeof (rmp->ip4_nh_address));
+ clib_memset (&rmp->ip6_nh_address, 0, sizeof (rmp->ip6_nh_address));
+
+ rmp->ip4_lifetime_ms =
+ clib_net_to_host_u16 (mm->ip4_reass_conf_lifetime_ms);
+ rmp->ip4_pool_size = clib_net_to_host_u16 (mm->ip4_reass_conf_pool_size);
+ rmp->ip4_buffers = clib_net_to_host_u32 (mm->ip4_reass_conf_buffers);
+ rmp->ip4_ht_ratio =
+ clib_net_to_host_u32 ((u32) mm->ip4_reass_conf_ht_ratio);
+
+ rmp->ip6_lifetime_ms =
+ clib_net_to_host_u16 (mm->ip6_reass_conf_lifetime_ms);
+ rmp->ip6_pool_size = clib_net_to_host_u16 (mm->ip6_reass_conf_pool_size);
+ rmp->ip6_buffers = clib_net_to_host_u32 (mm->ip6_reass_conf_buffers);
+ rmp->ip6_ht_ratio =
+ clib_net_to_host_u32 ((u32) mm->ip6_reass_conf_ht_ratio);
+
+ rmp->sec_check_enable = mm->sec_check;
+ rmp->sec_check_fragments = mm->sec_check_frag;
+
+ rmp->tc_copy = mm->tc_copy;
+ rmp->tc_class = mm->tc;
+
+ vl_api_send_msg (reg, (u8 *) rmp);
+}
+
+
#define foreach_map_plugin_api_msg \
_(MAP_ADD_DOMAIN, map_add_domain) \
_(MAP_DEL_DOMAIN, map_del_domain) \
_(MAP_ADD_DEL_RULE, map_add_del_rule) \
_(MAP_DOMAIN_DUMP, map_domain_dump) \
_(MAP_RULE_DUMP, map_rule_dump) \
-_(MAP_SUMMARY_STATS, map_summary_stats)
+_(MAP_SUMMARY_STATS, map_summary_stats) \
+_(MAP_PARAM_SET_FRAGMENTATION, map_param_set_fragmentation) \
+_(MAP_PARAM_SET_ICMP, map_param_set_icmp) \
+_(MAP_PARAM_SET_ICMP6, map_param_set_icmp6) \
+_(MAP_PARAM_ADD_DEL_PRE_RESOLVE, map_param_add_del_pre_resolve) \
+_(MAP_PARAM_SET_REASSEMBLY, map_param_set_reassembly) \
+_(MAP_PARAM_SET_SECURITY_CHECK, map_param_set_security_check) \
+_(MAP_PARAM_SET_TRAFFIC_CLASS, map_param_set_traffic_class) \
+_(MAP_PARAM_GET, map_param_get)
#define vl_msg_name_crc_list
#include <map/map_all_api_h.h>