/* * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include /** * the logger */ vlib_log_class_t mfib_entry_logger; /** * Pool of path extensions */ static mfib_path_ext_t *mfib_path_ext_pool; /** * String names for each source */ static const char *mfib_source_names[] = MFIB_SOURCE_NAMES; /* * Pool for all fib_entries */ mfib_entry_t *mfib_entry_pool; static fib_node_t * mfib_entry_get_node (fib_node_index_t index) { return ((fib_node_t*)mfib_entry_get(index)); } static fib_protocol_t mfib_entry_get_proto (const mfib_entry_t * mfib_entry) { return (mfib_entry->mfe_prefix.fp_proto); } fib_forward_chain_type_t mfib_entry_get_default_chain_type (const mfib_entry_t *mfib_entry) { switch (mfib_entry->mfe_prefix.fp_proto) { case FIB_PROTOCOL_IP4: return (FIB_FORW_CHAIN_TYPE_MCAST_IP4); case FIB_PROTOCOL_IP6: return (FIB_FORW_CHAIN_TYPE_MCAST_IP6); case FIB_PROTOCOL_MPLS: ASSERT(0); break; } return (FIB_FORW_CHAIN_TYPE_MCAST_IP4); } static u8 * format_mfib_entry_dpo (u8 * s, va_list * args) { index_t fei = va_arg(*args, index_t); CLIB_UNUSED(u32 indent) = va_arg(*args, u32); return (format(s, "%U", format_mfib_entry, fei, MFIB_ENTRY_FORMAT_BRIEF)); } static inline mfib_path_ext_t * mfib_entry_path_ext_get (index_t mi) { return (pool_elt_at_index(mfib_path_ext_pool, mi)); } static u8 * format_mfib_entry_path_ext (u8 * s, va_list * args) { mfib_path_ext_t *path_ext; index_t mpi = va_arg(*args, index_t); path_ext = mfib_entry_path_ext_get(mpi); return (format(s, "path:%d flags:%U", path_ext->mfpe_path, format_mfib_itf_flags, path_ext->mfpe_flags)); } u8 * format_mfib_entry (u8 * s, va_list * args) { fib_node_index_t fei, mfi; mfib_entry_t *mfib_entry; mfib_entry_src_t *msrc; u32 sw_if_index; int level; fei = va_arg (*args, fib_node_index_t); level = va_arg (*args, int); mfib_entry = mfib_entry_get(fei); s = format (s, "%U", format_mfib_prefix, &mfib_entry->mfe_prefix); s = format (s, ": %U", format_mfib_entry_flags, mfib_entry->mfe_flags); if (level >= MFIB_ENTRY_FORMAT_DETAIL) { fib_node_index_t path_index, mpi; s = format (s, "\n"); s = format (s, " fib:%d", mfib_entry->mfe_fib_index); s = format (s, " index:%d", mfib_entry_get_index(mfib_entry)); s = format (s, " locks:%d\n", mfib_entry->mfe_node.fn_locks); vec_foreach(msrc, mfib_entry->mfe_srcs) { s = format (s, " src:%s locks:%d:", mfib_source_names[msrc->mfes_src], msrc->mfes_ref_count); if (msrc->mfes_cover != FIB_NODE_INDEX_INVALID) { s = format (s, " cover:%d", msrc->mfes_cover); } s = format (s, " %U\n", format_mfib_entry_flags, msrc->mfes_flags); if (FIB_NODE_INDEX_INVALID != msrc->mfes_pl) { s = fib_path_list_format(msrc->mfes_pl, s); } s = format (s, " Extensions:\n"); hash_foreach(path_index, mpi, msrc->mfes_exts, ({ s = format(s, " %U\n", format_mfib_entry_path_ext, mpi); })); s = format (s, " Interface-Forwarding:\n"); hash_foreach(sw_if_index, mfi, msrc->mfes_itfs, ({ s = format(s, " %U\n", format_mfib_itf, mfi); })); } } s = format(s, "\n Interfaces:"); hash_foreach(sw_if_index, mfi, mfib_entry->mfe_itfs, ({ s = format(s, "\n %U", format_mfib_itf, mfi); })); if (MFIB_RPF_ID_NONE != mfib_entry->mfe_rpf_id) { s = format(s, "\n RPF-ID:%d", mfib_entry->mfe_rpf_id); } s = format(s, "\n %U-chain\n %U", format_fib_forw_chain_type, mfib_entry_get_default_chain_type(mfib_entry), format_dpo_id, &mfib_entry->mfe_rep, 2); s = format(s, "\n"); if (level >= MFIB_ENTRY_FORMAT_DETAIL2) { s = format(s, "\nchildren:"); s = fib_node_children_format(mfib_entry->mfe_node.fn_children, s); } return (s); } static mfib_entry_t* mfib_entry_from_fib_node (fib_node_t *node) { ASSERT(FIB_NODE_TYPE_MFIB_ENTRY == node->fn_type); return ((mfib_entry_t*)node); } static int mfib_entry_src_cmp_for_sort (void * v1, void * v2) { mfib_entry_src_t *esrc1 = v1, *esrc2 = v2; return (esrc1->mfes_src - esrc2->mfes_src); } static void mfib_entry_src_init (mfib_entry_t *mfib_entry, mfib_source_t source) { mfib_entry_src_t esrc = { .mfes_pl = FIB_NODE_INDEX_INVALID, .mfes_flags = MFIB_ENTRY_FLAG_NONE, .mfes_src = source, .mfes_cover = FIB_NODE_INDEX_INVALID, .mfes_sibling = FIB_NODE_INDEX_INVALID, .mfes_ref_count = 1, }; vec_add1(mfib_entry->mfe_srcs, esrc); vec_sort_with_function(mfib_entry->mfe_srcs, mfib_entry_src_cmp_for_sort); } static mfib_entry_src_t * mfib_entry_src_find (const mfib_entry_t *mfib_entry, mfib_source_t source, u32 *index) { mfib_entry_src_t *esrc; int ii; ii = 0; vec_foreach(esrc, mfib_entry->mfe_srcs) { if (esrc->mfes_src == source) { if (NULL != index) { *index = ii; } return (esrc); } else { ii++; } } return (NULL); } static mfib_entry_src_t * mfib_entry_src_find_or_create (mfib_entry_t *mfib_entry, mfib_source_t source) { mfib_entry_src_t *msrc; msrc = mfib_entry_src_find(mfib_entry, source, NULL); if (NULL == msrc) { mfib_entry_src_init(mfib_entry, source); msrc = mfib_entry_src_find(mfib_entry, source, NULL); } return (msrc); } static mfib_entry_src_t * mfib_entry_src_update (mfib_entry_t *mfib_entry, mfib_source_t source, fib_rpf_id_t rpf_id, mfib_entry_flags_t entry_flags) { mfib_entry_src_t *msrc; msrc = mfib_entry_src_find_or_create(mfib_entry, source); msrc->mfes_flags = entry_flags; msrc->mfes_rpf_id = rpf_id; return (msrc); } static mfib_entry_src_t * mfib_entry_src_update_and_lock (mfib_entry_t *mfib_entry, mfib_source_t source, fib_rpf_id_t rpf_id, mfib_entry_flags_t entry_flags) { mfib_entry_src_t *msrc; msrc = mfib_entry_src_update(mfib_entry, source, rpf_id, entry_flags); msrc->mfes_ref_count++; return (msrc); } mfib_entry_src_t* mfib_entry_get_best_src (const mfib_entry_t *mfib_entry) { mfib_entry_src_t *bsrc; /* * the enum of sources is deliberately arranged in priority order */ if (0 == vec_len(mfib_entry->mfe_srcs)) { bsrc = NULL; } else { bsrc = vec_elt_at_index(mfib_entry->mfe_srcs, 0); } return (bsrc); } static mfib_source_t mfib_entry_get_best_source (const mfib_entry_t *mfib_entry) { mfib_entry_src_t *bsrc; bsrc = mfib_entry_get_best_src(mfib_entry); return (bsrc->mfes_src); } int mfib_entry_is_sourced (fib_node_index_t mfib_entry_index, mfib_source_t source) { mfib_entry_t *mfib_entry; mfib_entry = mfib_entry_get(mfib_entry_index); return (NULL != mfib_entry_src_find(mfib_entry, source, NULL)); } int mfib_entry_is_host (fib_node_index_t mfib_entry_index) { return (mfib_prefix_is_host(mfib_entry_get_prefix(mfib_entry_index))); } static void mfib_entry_src_flush (mfib_entry_src_t *msrc) { u32 sw_if_index; index_t mfii; hash_foreach(sw_if_index, mfii, msrc->mfes_itfs, ({ mfib_itf_delete(mfib_itf_get(mfii)); })); hash_free(msrc->mfes_itfs); msrc->mfes_itfs = NULL; fib_path_list_unlock(msrc->mfes_pl); } static void mfib_entry_src_remove (mfib_entry_t *mfib_entry, mfib_source_t source) { mfib_entry_src_t *msrc; u32 index = ~0; msrc = mfib_entry_src_find(mfib_entry, source, &index); if (NULL != msrc) { ASSERT(0 != msrc->mfes_ref_count); msrc->mfes_ref_count--; if (0 == msrc->mfes_ref_count) { mfib_entry_src_deactivate(mfib_entry, msrc); mfib_entry_src_flush(msrc); vec_del1(mfib_entry->mfe_srcs, index); if (vec_len (mfib_entry->mfe_srcs) > 1) vec_sort_with_function(mfib_entry->mfe_srcs, mfib_entry_src_cmp_for_sort); } } } u32 mfib_entry_child_add (fib_node_index_t mfib_entry_index, fib_node_type_t child_type, fib_node_index_t child_index) { return (fib_node_child_add(FIB_NODE_TYPE_MFIB_ENTRY, mfib_entry_index, child_type, child_index)); }; void mfib_entry_child_remove (fib_node_index_t mfib_entry_index, u32 sibling_index) { fib_node_child_remove(FIB_NODE_TYPE_MFIB_ENTRY, mfib_entry_index, sibling_index); } static mfib_entry_t * mfib_entry_alloc (u32 fib_index, const mfib_prefix_t *prefix, fib_node_index_t *mfib_entry_index) { mfib_entry_t *mfib_entry; pool_get_aligned(mfib_entry_pool, mfib_entry, CLIB_CACHE_LINE_BYTES); fib_node_init(&mfib_entry->mfe_node, FIB_NODE_TYPE_MFIB_ENTRY); /* * Some of the members require non-default initialisation * so we also init those that don't and thus save on the call to clib_memset. */ mfib_entry->mfe_flags = 0; mfib_entry->mfe_fib_index = fib_index; mfib_entry->mfe_prefix = *prefix; mfib_entry->mfe_srcs = NULL; mfib_entry->mfe_itfs = NULL; mfib_entry->mfe_rpf_id = MFIB_RPF_ID_NONE; mfib_entry->mfe_pl = FIB_NODE_INDEX_INVALID; dpo_reset(&mfib_entry->mfe_rep); *mfib_entry_index = mfib_entry_get_index(mfib_entry); MFIB_ENTRY_DBG(mfib_entry, "alloc"); return (mfib_entry); } static inline mfib_path_ext_t * mfib_entry_path_ext_find (mfib_path_ext_t *exts, fib_node_index_t path_index) { uword *p; p = hash_get(exts, path_index); if (NULL != p) { return (mfib_entry_path_ext_get(p[0])); } return (NULL); } static mfib_path_ext_t* mfib_path_ext_add (mfib_entry_src_t *msrc, fib_node_index_t path_index, mfib_itf_flags_t mfi_flags) { mfib_path_ext_t *path_ext; pool_get(mfib_path_ext_pool, path_ext); path_ext->mfpe_flags = mfi_flags; path_ext->mfpe_path = path_index; hash_set(msrc->mfes_exts, path_index, path_ext - mfib_path_ext_pool); return (path_ext); } static void mfib_path_ext_remove (mfib_entry_src_t *msrc, fib_node_index_t path_index) { mfib_path_ext_t *path_ext; path_ext = mfib_entry_path_ext_find(msrc->mfes_exts, path_index); hash_unset(msrc->mfes_exts, path_index); pool_put(mfib_path_ext_pool, path_ext); } typedef struct mfib_entry_collect_forwarding_ctx_t_ { load_balance_path_t * next_hops; fib_forward_chain_type_t fct; mfib_entry_src_t *msrc; } mfib_entry_collect_forwarding_ctx_t; static fib_path_list_walk_rc_t mfib_entry_src_collect_forwarding (fib_node_index_t pl_index, fib_node_index_t path_index, void *arg) { mfib_entry_collect_forwarding_ctx_t *ctx; load_balance_path_t *nh; ctx = arg; /* * if the path is not resolved, don't include it. */ if (!fib_path_is_resolved(path_index)) { return (FIB_PATH_LIST_WALK_CONTINUE); } /* * If the path is not forwarding to use it */ mfib_path_ext_t *path_ext; path_ext = mfib_entry_path_ext_find(ctx->msrc->mfes_exts, path_index); if (NULL
/*
 * Copyright (c) 2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vlibmemory/api.h>
#include <cnat/cnat_node.h>
#include <cnat/cnat_inline.h>
#include <cnat/cnat_src_policy.h>

typedef enum cnat_translation_next_t_
{
  CNAT_TRANSLATION_NEXT_DROP,
  CNAT_TRANSLATION_NEXT_LOOKUP,
  CNAT_TRANSLATION_N_NEXT,
} cnat_translation_next_t;

vlib_node_registration_t cnat_vip_ip4_node;
vlib_node_registration_t cnat_vip_ip6_node;

/* CNat sub for NAT behind a fib entry (VIP or interposed real IP) */
static uword
cnat_vip_node_fn (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_buffer_t *b,
		  cnat_node_ctx_t *ctx, int session_not_found,
		  cnat_session_t *session)
{
  vlib_combined_counter_main_t *cntm = &cnat_translation_counters;
  cnat_src_policy_main_t *cspm = &cnat_src_policy_main;
  const cnat_translation_t *ct = NULL;
  ip4_header_t *ip4 = NULL;
  ip_protocol_t iproto;
  ip6_header_t *ip6 = NULL;
  udp_header_t *udp0;
  cnat_client_t *cc;
  u16 next0;
  index_t cti;
  u8 trace_flags = 0;
  int rv;

  if (AF_IP4 == ctx->af)
    {
      ip4 = vlib_buffer_get_current (b);
      iproto = ip4->protocol;
      udp0 = (udp_header_t *) (ip4 + 1);
    }
  else
    {
      ip6 = vlib_buffer_get_current (b);
      iproto = ip6->protocol;
      udp0 = (udp_header_t *) (ip6 + 1);
    }

  cc = cnat_client_get (vnet_buffer (b)->ip.adj_index[VLIB_TX]);

  /* Wrong session key */
  if (session->key.cs_proto == 0)
    {
      /* Dont translate & follow the fib programming */
      next0 = cc->cc_parent.dpoi_next_node;
      vnet_buffer (b)->ip.adj_index[VLIB_TX] = cc->cc_parent.dpoi_index;
      goto trace;
    }

  if (!session_not_found)
    {
      /* session table hit */
      cnat_timestamp_update (session->value.cs_ts_index, ctx->now);

      if (INDEX_INVALID != session->value.cs_lbi)
	{
	  /* Translate & follow the translation given LB */
	  next0 = session->value.dpoi_next_node;
	  vnet_buffer (b)->ip.adj_index[VLIB_TX] = session->value.cs_lbi;
	}
      else if (session->value.flags & CNAT_SESSION_FLAG_HAS_SNAT)
	{
	  /* The return needs DNAT, so we need an additionnal
	   * lookup after translation */
	  next0 = CNAT_TRANSLATION_NEXT_LOOKUP;
	}
      else
	{
	  /* Translate & follow the fib programming */
	  next0 = cc->cc_parent.dpoi_next_node;
	  vnet_buffer (b)->ip.adj_index[VLIB_TX] = cc->cc_parent.dpoi_index;
	}
    }
  else
    {
      ct =
	cnat_find_translation (cc->parent_cci,
			       clib_host_to_net_u16 (udp0->dst_port), iproto);
      if (NULL == ct)
	{
	  /* Dont translate & Follow the fib programming */
	  vnet_buffer (b)->ip.adj_index[VLIB_TX] = cc->cc_parent.dpoi_index;
	  next0 = cc->cc_parent.dpoi_next_node;
	  goto trace;
	}

      /* New flow, create the sessions */
      cnat_ep_trk_t *trk0;
      u32 rsession_flags = 0;
      u32 dpoi_index = -1;

      trk0 = cnat_load_balance (ct, ctx->af, ip4, ip6, &dpoi_index);
      if (PREDICT_FALSE (NULL == trk0))
	{
	  /* Dont translate & Follow the fib programming */
	  vnet_buffer (b)->ip.adj_index[VLIB_TX] = cc->cc_parent.dpoi_index;
	  next0 = cc->cc_parent.dpoi_next_node;
	  goto trace;
	}

      /* add the session */
      ip46_address_copy (&session->value.cs_ip[VLIB_TX],
			 &trk0->ct_ep[VLIB_TX].ce_ip.ip);
      if (ip_address_is_zero (&trk0->ct_ep[VLIB_RX].ce_ip))
	{
	  if (AF_IP4 == ctx->af)
	    ip46_address_set_ip4 (&session->value.cs_ip[VLIB_RX],
				  &ip4->src_address);
	  else
	    ip46_address_set_ip6 (&session->value.cs_ip[VLIB_RX],
				  &ip6->src_address);
	}
      else
	{
	  /* We source NAT with the translation */
	  rsession_flags |= CNAT_SESSION_FLAG_HAS_SNAT;
	  ip46_address_copy (&session->value.cs_ip[VLIB_RX],
			     &trk0->ct_ep[VLIB_RX].ce_ip.ip);
	}
      session->value.cs_port[VLIB_TX] =
	clib_host_to_net_u16 (trk0->ct_ep[VLIB_TX].ce_port);
      session->value.cs_port