1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
// SPDX-License-Identifier: Apache-2.0
// Copyright(c) 2023 Cisco Systems, Inc.
/*
* npt66.c: NPT66 plugin
* An implementation of Network Prefix Translation for IPv6-to-IPv6 (NPTv6) as
* specified in RFC6296.
*/
#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#include <vlib/vlib.h>
#include <vnet/feature/feature.h>
#include <vppinfra/pool.h>
#include "npt66.h"
static int
npt66_feature_enable_disable (u32 sw_if_index, bool is_add)
{
if (vnet_feature_enable_disable ("ip6-unicast", "npt66-input", sw_if_index,
is_add, 0, 0) != 0)
return -1;
if (vnet_feature_enable_disable ("ip6-output", "npt66-output", sw_if_index,
is_add, 0, 0) != 0)
return -1;
return 0;
}
static void
ipv6_prefix_zero (ip6_address_t *address, int prefix_len)
{
int byte_index = prefix_len / 8;
int bit_offset = prefix_len % 8;
uint8_t mask = (1 << (8 - bit_offset)) - 1;
if (byte_index < 16)
{
address->as_u8[byte_index] &= mask;
for (int i = byte_index + 1; i < 16; i++)
{
address->as_u8[i] = 0;
}
}
}
int
npt66_binding_add_del (u32 sw_if_index, ip6_address_t *internal,
int internal_plen, ip6_address_t *external,
int external_plen, bool is_add)
{
npt66_main_t *nm = &npt66_main;
int rv = 0;
/* Currently limited to a single binding per interface */
npt66_binding_t *b = npt66_interface_by_sw_if_index (sw_if_index);
if (is_add)
{
bool configure_feature = false;
/* Ensure prefix lengths are less than or equal to a /64 */
if (internal_plen > 64 || external_plen > 64)
return VNET_API_ERROR_INVALID_VALUE;
/* Create a binding entry (or update existing) */
if (!b)
{
pool_get_zero (nm->bindings, b);
configure_feature = true;
}
b->internal = *internal;
b->internal_plen = internal_plen;
b->external = *external;
b->external_plen = external_plen;
b->sw_if_index = sw_if_index;
ipv6_prefix_zero (&b->internal, internal_plen);
ipv6_prefix_zero (&b->external, external_plen);
vec_validate_init_empty (nm->interface_by_sw_if_index, sw_if_index, ~0);
nm->interface_by_sw_if_index[sw_if_index] = b - nm->bindings;
uword delta = 0;
delta = ip_csum_add_even (delta, b->external.as_u64[0]);
delta = ip_csum_add_even (delta, b->external.as_u64[1]);
delta = ip_csum_sub_even (delta, b->internal.as_u64[0]);
delta = ip_csum_sub_even (delta, b->internal.as_u64[1]);
delta = ip_csum_fold (delta);
b->delta = delta;
if (configure_feature)
rv = npt66_feature_enable_disable (sw_if_index, is_add);
}
else
{
/* Delete a binding entry */
npt66_binding_t *b = npt66_interface_by_sw_if_index (sw_if_index);
if (!b)
return VNET_API_ERROR_NO_SUCH_ENTRY;
nm->interface_by_sw_if_index[sw_if_index] = ~0;
pool_put (nm->bindings, b);
rv = npt66_feature_enable_disable (sw_if_index, is_add);
}
return rv;
}
/*
* Do a lookup in the interface vector (interface_by_sw_if_index)
* and return pool entry.
*/
npt66_binding_t *
npt66_interface_by_sw_if_index (u32 sw_if_index)
{
npt66_main_t *nm = &npt66_main;
if (!nm->interface_by_sw_if_index ||
sw_if_index > (vec_len (nm->interface_by_sw_if_index) - 1))
return 0;
u32 index = nm->interface_by_sw_if_index[sw_if_index];
if (index == ~0)
return 0;
if (pool_is_free_index (nm->bindings, index))
return 0;
return pool_elt_at_index (nm->bindings, index);
}
|
