vpp - Vector Packet Processing

Age	Commit message (Expand)	Author	Files	Lines
2021-05-13	tests: move test source to vpp/test	Dave Wallace	1	-0/+1438
2019-08-22	tests: move plugin tests to src/plugins/*/test	Dave Wallace	1	-1519/+0
2019-07-24	acl: implement counters	Andrew Yourtchenko	1	-5/+35
2019-04-11	Tests: Refactor tearDown show command logging, add lifecycle markers.	Paul Vinciguerra	1	-15/+16
2019-04-10	Tests Cleanup: Fix missing calls to setUpClass/tearDownClass.	Paul Vinciguerra	1	-0/+4
2019-03-11	vpp_papi_provider: Remove more wrapper functions.	Ole Troan	1	-2/+2
2019-03-07	Tests: Refactor payload_to_info()	Paul Vinciguerra	1	-2/+2
2019-03-07	VPP-1508: test_acl_plugin vapi changes for Python3.	Paul Vinciguerra	1	-43/+43
2018-10-20	acl-plugin: use the L2 feature arc infrastructure instead of L2 classifier fo...	Andrew Yourtchenko	1	-0/+8
2018-10-14	acl-plugin: make each test in test_acl_plugin runnable separately	Andrew Yourtchenko	1	-36/+75
2018-06-25	make test: fix broken interfaces #2	Klement Sekera	1	-1/+1
2018-04-10	test: Fix issues with new version of pycodestyle (VPP-1232)	Chris Luke	1	-1/+2
2018-03-23	acl-plugin: make test: add a test which deletes an interface with applied ACL	Andrew Yourtchenko	1	-0/+39
2018-02-08	acl-plugin: add whitelisted ethertype mode (VPP-1163)	Andrew Yourtchenko	1	-7/+93
2017-11-11	ACLs: Use better error return codes than "-1" everywhere.	Jon Loeliger	1	-5/+5
2017-11-10	make test: automatically seed random generator	Klement Sekera	1	-2/+0
2017-10-25	VPP-1033: Python API support arbitrary sized input parameters.	Ole Troan	1	-2/+2
2017-09-27	acl-plugin: take 2 at VPP-991 fix, this time with a test case which verifies it.	Andrew Yourtchenko	1	-1/+30
2017-09-26	acl-plugin: test: move the API calls to vpp_papi_provider.py	Andrew Yourtchenko	1	-49/+15
2017-09-07	acl-plugin: match index set to first portrange element if non-first portrange...	Andrew Yourtchenko	1	-0/+191
2017-06-19	acl-plugin: bihash-based ACL lookup	Andrew Yourtchenko	1	-0/+3
2017-04-18	ACL-plugin does not match UDP next-header, VPP-687	Pavel Kotucek	1	-7/+79
2017-04-06	acl-plugin: make the IPv4/IPv6 non-first fragment handling in line with ACL (...	Andrew Yourtchenko	1	-6/+43
2017-03-13	ACL plugin rejects ICMP messages (VPP-624)	Pavel Kotucek	1	-0/+1015

/* *--------------------------------------------------------------------------- * cnat_v4_funtions.c * * Copyright (c) 2008-2013 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. *--------------------------------------------------------------------------- */ #include <vlib/vlib.h> #include <vnet/vnet.h> #include <vnet/pg/pg.h> #include <vppinfra/error.h> #include "tcp_header_definitions.h" #include "cnat_db.h" #include "cnat_config.h" #include "cnat_v4_functions.h" #include "dslite_defs.h" #include "dslite_db.h" static u32 tcp_logging_count; static u32 tcp_logging_overflow; static tcp_logging_struct_t tcp_logging_array[MAX_TCP_LOGGING_COUNT]; /* * Function to log TCP pkts checksum changes.. */ void tcp_debug_logging ( u32 seq_num, u32 ack_num, u32 old_ip, u32 new_ip, u16 old_port, u16 new_port, u16 old_ip_crc, u16 new_ip_crc, u16 old_tcp_crc, u16 new_tcp_crc) { tcp_logging_array[tcp_logging_count].seq_num = seq_num; tcp_logging_array[tcp_logging_count].ack_num = ack_num; tcp_logging_array[tcp_logging_count].old_ip = old_ip; tcp_logging_array[tcp_logging_count].new_ip = new_ip; tcp_logging_array[tcp_logging_count].old_port = old_port; tcp_logging_array[tcp_logging_count].new_port = new_port; tcp_logging_array[tcp_logging_count].old_ip_crc = old_ip_crc; tcp_logging_array[tcp_logging_count].new_ip_crc = new_ip_crc; tcp_logging_array[tcp_logging_count].old_tcp_crc = old_tcp_crc; tcp_logging_array[tcp_logging_count].new_tcp_crc = new_tcp_crc; tcp_logging_count++; if (tcp_logging_count >= MAX_TCP_LOGGING_COUNT) { tcp_logging_overflow = 1; tcp_logging_count = 0; } } /* * Function to dmp TCP pkts logged.. */ void tcp_debug_logging_dump (void) { u32 i, total_count, start_entry; if (tcp_logging_overflow) { total_count = MAX_TCP_LOGGING_COUNT; start_entry = tcp_logging_count; printf("Logging Entries Wrapped Around, displaying %d entries\n", total_count); } else { total_count = tcp_logging_count; start_entry = 0; printf("Displaying %d entries\n", total_count); } printf("SEQ ACK IP_O IP_N PORT_O PORT_N L3_CRC_O L3_CRC_N L4_CRC_O L4_CRC_N\n"); for (i = 0; i < total_count; i++) { u32 entry = (i + start_entry) % MAX_TCP_LOGGING_COUNT; printf("%04d: 0x%08x 0x%08x 0x%08x 0x%08x 0x%04x 0x%04x 0x%04x 0x%04x 0x%04x 0x%04x\n", entry, tcp_logging_array[entry].seq_num, tcp_logging_array[entry].ack_num, tcp_logging_array[entry].old_ip, tcp_logging_array[entry].new_ip, tcp_logging_array[entry].old_port, tcp_logging_array[entry].new_port, tcp_logging_array[entry].old_ip_crc, tcp_logging_array[entry].new_ip_crc, tcp_logging_array[entry].old_tcp_crc, tcp_logging_array[entry].new_tcp_crc); } } /* * Function to enable TCP logging */ void tcp_debug_logging_enable_disable (u32 enable_flag) { switch (enable_flag) { case TCP_LOGGING_DISABLE: if (tcp_logging_enable_flag == TCP_LOGGING_DISABLE) { printf("\nTCP Logging ALREADY DISABLED\n"); } else { printf("\nTCP Logging DISABLED\n"); } tcp_logging_enable_flag = 0; break; case TCP_LOGGING_ENABLE: if (tcp_logging_enable_flag == TCP_LOGGING_ENABLE) { printf("\nTCP Logging ALREADY ENABLED\n"); } else { tcp_logging_enable_flag = 1; tcp_logging_count = 0; tcp_logging_overflow = 0; printf("\nTCP Logging ENABLED\n"); } break; case TCP_LOGGING_PACKET_DUMP: tcp_debug_logging_dump(); break; case TCP_LOGGING_SUMMARY_DUMP: default: printf("\ntcp_logging_enable_flag %d, tcp_log_count %d\n", tcp_logging_enable_flag, tcp_logging_count); printf("To Enable TCP LOGGING provide a flag value of %d\n", TCP_LOGGING_ENABLE); break; } } void hex_dump (u8 * p, int len) { int i; for (i=0;i<len;i++) { if(i && (i & 0x3 ) == 0) printf(" "); if(i && (i & 0xf ) == 0) printf("\n"); PLATFORM_DEBUG_PRINT("%02X ", p[i]); } PLATFORM_DEBUG_PRINT("\n"); } void print_icmp_pkt (ipv4_header *ip) { u32 i, total_len; u8 *pkt = (u8 *) ip; total_len = clib_net_to_host_u16(ip->total_len_bytes); printf("\n======== PRINTING PKT START======\n"); printf("======== IP PACKET LEN %d ===========\n", total_len); for (i=0; i < 20; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== ICMP HEADER =================\n"); for (i=20; i < 28; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== ICMP BODY ===================\n"); for (i=28; i < total_len; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== PRINTING PKT END =======\n"); } void print_udp_pkt (ipv4_header *ip) { u32 i, total_len, udp_len; u8 *pkt = (u8 *) ip; total_len = clib_net_to_host_u16(ip->total_len_bytes); udp_len = total_len - 20; printf("\n======== PRINTING PKT START======\n"); printf("======== IP PACKET LEN %d ===========\n", total_len); for (i=0; i < 20; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== UDP PSEUDO HEADER ==========\n"); for (i=12; i < 20; i++) { printf(" %02X ", *(pkt + i)); } printf(" 00 11 %02X %02X ", udp_len >> 8, udp_len & 0xff); printf("\n======== UDP HEADER =================\n"); for (i=20; i < 28; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== UDP BODY ===================\n"); for (i=28; i < total_len; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== PRINTING PKT END =======\n"); } void print_tcp_pkt (ipv4_header *ip) { u32 i, total_len, tcp_len; u8 *pkt = (u8 *) ip; total_len = clib_net_to_host_u16(ip->total_len_bytes); tcp_len = total_len - 20; printf("\n======== PRINTING PKT START======\n"); printf("======== IP PACKET LEN %d ===========\n", total_len); for (i=0; i < 20; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== TCP PSEUDO HEADER ==========\n"); for (i=12; i < 20; i++) { printf(" %02X ", *(pkt + i)); } printf(" 00 06 %02X %02X ", tcp_len >> 8, tcp_len & 0xff); printf("\n======== TCP HEADER =================\n"); for (i=20; i < 40; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== TCP BODY ===================\n"); for (i=40; i < total_len; i++) { printf(" %02X ", *(pkt + i)); } printf("\n======== PRINTING PKT END =======\n"); } /* IN: ipv4 and tcp header pointer, * new ipv4 addr and port value * main db index for accessing per vrf mss value * DO: * NAT * mss adjust if needed * ip & tcp checksum update (incremental) */ inline void tcp_in2out_nat_mss_n_checksum (ipv4_header * ip, tcp_hdr_type * tcp, u32 ipv4_addr, u16 port, cnat_main_db_entry_t * db) { u8 *mss_ptr; u8 check_mss = 0; u16 mss_old, mss_new; cnat_vrfmap_t * vrf_map_p; cnat_v4_recalculate_tcp_checksum(ip, tcp, &(ip->src_addr), &(tcp->src_port), ipv4_addr, port); u16 frag_offset = clib_net_to_host_u16(ip->frag_flags_offset); if(PREDICT_FALSE(frag_offset & IP_FRAG_OFFSET_MASK)) { return; /* No TCP Header at all */ } /* * check SYN bit and if options field is present * If yes, proceed to extract the options and get TCP MSS value */ check_mss = ((tcp->flags & TCP_FLAG_SYN) && (((tcp->hdr_len>>4) << 2) > sizeof(tcp_hdr_type))); if (PREDICT_FALSE(check_mss)) { /* get per VRF mss config */ if(PREDICT_FALSE(db->flags & (CNAT_DB_DSLITE_FLAG))) { mss_new = dslite_table_db_ptr[db->dslite_nat44_inst_id].tcp_mss; } else { vrf_map_p = cnat_map_by_vrf + db->vrfmap_index; mss_new = vrf_map_p->tcp_mss; } DSLITE_PRINTF(1, "Check MSS true..%u\n", mss_new); /* * If TCP MSS is not configured, skip the MSS checks */ if (PREDICT_FALSE(mss_new != V4_TCP_MSS_NOT_CONFIGURED_VALUE)) { /* if mss_ptr != NULL, then it points to MSS option */ mss_ptr = tcp_findoption(tcp, TCP_OPTION_MSS); /* * TCP option field: | kind 1B | len 1B | value 2B| * where kind != [0,1] */ if (PREDICT_TRUE(mss_ptr && (mss_ptr[1] == 4))) { u16 *ptr = (u16*)(mss_ptr + 2); mss_old = clib_net_to_host_u16(*ptr); if (PREDICT_FALSE(mss_old > mss_new)) { u32 sum32; u16 mss_old_r, old_tcp_checksum_r; *ptr = clib_host_to_net_u16(mss_new); mss_old_r = ~mss_old; old_tcp_checksum_r = ~clib_net_to_host_u16(tcp->tcp_checksum); /* * Revise the TCP checksum */ sum32 = old_tcp_checksum_r + mss_old_r + mss_new; FILL_CHECKSUM(tcp->tcp_checksum, sum32) if (PREDICT_FALSE(tcp_logging_enable_flag)) { tcp_debug_logging( clib_net_to_host_u32(tcp->seq_num), clib_net_to_host_u32(tcp->ack_num), 0, 0, mss_old, mss_new, 0, 0, ~old_tcp_checksum_r, clib_net_to_host_u16(tcp->tcp_checksum)); } } } } } } u32 get_my_svi_intf_ip_addr() { return 0x01010101; }