diff options
Diffstat (limited to 'src/plugins/map/map.h')
-rw-r--r-- | src/plugins/map/map.h | 116 |
1 files changed, 79 insertions, 37 deletions
diff --git a/src/plugins/map/map.h b/src/plugins/map/map.h index 5b8aef4e872..2169435bc09 100644 --- a/src/plugins/map/map.h +++ b/src/plugins/map/map.h @@ -20,8 +20,8 @@ #include <vnet/fib/fib_types.h> #include <vnet/fib/ip4_fib.h> #include <vnet/adj/adj.h> -#include <map/map_dpo.h> #include <vnet/dpo/load_balance.h> +#include "lpm.h" #define MAP_SKIP_IP6_LOOKUP 1 @@ -39,7 +39,7 @@ int map_create_domain (ip4_address_t * ip4_prefix, u8 ip4_prefix_len, u32 * map_domain_index, u16 mtu, u8 flags); int map_delete_domain (u32 map_domain_index); int map_add_del_psid (u32 map_domain_index, u16 psid, ip6_address_t * tep, - u8 is_add); + bool is_add); int map_if_enable_disable (bool is_enable, u32 sw_if_index, bool is_translation); u8 *format_map_trace (u8 * s, va_list * args); @@ -47,7 +47,7 @@ u8 *format_map_trace (u8 * s, va_list * args); int map_param_set_fragmentation (bool inner, bool ignore_df); int map_param_set_icmp (ip4_address_t * ip4_err_relay_src); int map_param_set_icmp6 (u8 enable_unreachable); -void map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, int is_del); +void map_pre_resolve (ip4_address_t * ip4, ip6_address_t * ip6, bool is_del); int map_param_set_reassembly (bool is_ipv6, u16 lifetime_ms, u16 pool_size, u32 buffers, f64 ht_ratio, u32 * reass, u32 * packets); @@ -321,6 +321,10 @@ typedef struct { /* Counters */ u32 ip6_reass_buffered_counter; + /* Lookup tables */ + lpm_t *ip4_prefix_tbl; + lpm_t *ip6_prefix_tbl; + lpm_t *ip6_src_prefix_tbl; } map_main_t; /* @@ -412,7 +416,7 @@ map_get_sfx (map_domain_t *d, u32 addr, u16 port) if (d->ip6_prefix_len == 128) return clib_net_to_host_u64(d->ip6_prefix.as_u64[1]); - if (d->flags & MAP_DOMAIN_RFC6052) + if (d->ip6_src_len == 96) return (clib_net_to_host_u64(d->ip6_prefix.as_u64[1]) | addr); /* IPv4 prefix */ @@ -431,62 +435,48 @@ map_get_sfx_net (map_domain_t *d, u32 addr, u16 port) } static_always_inline u32 -map_get_ip4 (ip6_address_t *addr, map_domain_flags_e flags) +map_get_ip4 (ip6_address_t *addr, u16 prefix_len) { - if (flags & MAP_DOMAIN_RFC6052) + ASSERT(prefix_len == 64 || prefix_len == 96); + if (prefix_len == 96) return clib_host_to_net_u32(clib_net_to_host_u64(addr->as_u64[1])); else return clib_host_to_net_u32(clib_net_to_host_u64(addr->as_u64[1]) >> 16); } -/* - * Get the MAP domain from an IPv4 lookup adjacency. - */ static_always_inline map_domain_t * -ip4_map_get_domain (u32 mdi) +ip4_map_get_domain (ip4_address_t *addr, u32 *map_domain_index, u8 *error) { map_main_t *mm = &map_main; + u32 mdi = mm->ip4_prefix_tbl->lookup(mm->ip4_prefix_tbl, addr, 32); + if (mdi == ~0) { + *error = MAP_ERROR_NO_DOMAIN; + return 0; + } + *map_domain_index = mdi; return pool_elt_at_index(mm->domains, mdi); } /* - * Get the MAP domain from an IPv6 lookup adjacency. - * If the IPv6 address or prefix is not shared, no lookup is required. - * The IPv4 address is used otherwise. + * Get the MAP domain from an IPv6 address. + * If the IPv6 address or + * prefix is shared the IPv4 address must be used. */ static_always_inline map_domain_t * -ip6_map_get_domain (u32 mdi, - ip4_address_t *addr, +ip6_map_get_domain (ip6_address_t *addr, u32 *map_domain_index, u8 *error) { map_main_t *mm = &map_main; - -#ifdef TODO - /* - * Disable direct MAP domain lookup on decap, until the security check is updated to verify IPv4 SA. - * (That's done implicitly when MAP domain is looked up in the IPv4 FIB) - */ - //#ifdef MAP_NONSHARED_DOMAIN_ENABLED - //#error "How can you be sure this domain is not shared?" -#endif + u32 mdi = mm->ip6_src_prefix_tbl->lookup(mm->ip6_src_prefix_tbl, addr, 128); + if (mdi == ~0) { + *error = MAP_ERROR_NO_DOMAIN; + return 0; + } *map_domain_index = mdi; return pool_elt_at_index(mm->domains, mdi); - -#ifdef TODO - u32 lbi = ip4_fib_forwarding_lookup(0, addr); - const dpo_id_t *dpo = load_balance_get_bucket(lbi, 0); - if (PREDICT_TRUE(dpo->dpoi_type == map_dpo_type || - dpo->dpoi_type == map_t_dpo_type)) - { - *map_domain_index = dpo->dpoi_index; - return pool_elt_at_index(mm->domains, *map_domain_index); - } - *error = MAP_ERROR_NO_DOMAIN; - return NULL; -#endif } map_ip4_reass_t * @@ -551,6 +541,9 @@ int map_ip6_reass_conf_lifetime(u16 lifetime_ms); int map_ip6_reass_conf_buffers(u32 buffers); #define MAP_IP6_REASS_CONF_BUFFERS_MAX (0xffffffff) +/* + * Supports prefix of 96 or 64 (with u-octet) + */ static_always_inline void ip4_map_t_embedded_address (map_domain_t *d, ip6_address_t *ip6, const ip4_address_t *ip4) @@ -613,6 +606,55 @@ map_send_all_to_node(vlib_main_t *vm, u32 *pi_vector, } } +static_always_inline void +map_mss_clamping (tcp_header_t * tcp, ip_csum_t * sum, u16 mss_clamping) +{ + u8 *data; + u8 opt_len, opts_len, kind; + u16 mss; + u16 mss_value_net = clib_host_to_net_u16(mss_clamping); + + if (!tcp_syn (tcp)) + return; + + opts_len = (tcp_doff (tcp) << 2) - sizeof (tcp_header_t); + data = (u8 *) (tcp + 1); + for (; opts_len > 0; opts_len -= opt_len, data += opt_len) + { + kind = data[0]; + + if (kind == TCP_OPTION_EOL) + break; + else if (kind == TCP_OPTION_NOOP) + { + opt_len = 1; + continue; + } + else + { + if (opts_len < 2) + return; + opt_len = data[1]; + + if (opt_len < 2 || opt_len > opts_len) + return; + } + + if (kind == TCP_OPTION_MSS) + { + mss = *(u16 *) (data + 2); + if (clib_net_to_host_u16 (mss) > mss_clamping) + { + *sum = + ip_csum_update (*sum, mss, mss_value_net, ip4_header_t, + length); + clib_memcpy (data + 2, &mss_value_net, 2); + } + return; + } + } +} + /* * fd.io coding-style-patch-verification: ON * |