/* * Copyright (c) 2017 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /** * @file * @brief IPv6 Reassembly. * * This file contains the source code for IPv6 reassembly. */ #include #include #include #include #include #define MSEC_PER_SEC 1000 #define IP6_REASS_TIMEOUT_DEFAULT_MS 100 #define IP6_REASS_EXPIRE_WALK_INTERVAL_DEFAULT_MS 10000 // 10 seconds default #define IP6_REASS_MAX_REASSEMBLIES_DEFAULT 1024 #define IP6_REASS_HT_LOAD_FACTOR (0.75) static vlib_node_registration_t ip6_reass_node; typedef struct { union { struct { ip6_address_t src; ip6_address_t dst; // align by making this 4 octets even though its a 2 octets field u32 xx_id; // align by making this 4 octets even though its a 2 octets field u32 frag_id; // align by making this 4 octets even though its a 1 octet field u32 proto; u32 unused; }; u64 as_u64[6]; }; } ip6_reass_key_t; always_inline u32 ip6_reass_buffer_get_data_offset_no_check (vlib_buffer_t * b) { vnet_buffer_opaque_t *vnb = vnet_buffer (b); return vnb->ip.reass.range_first - vnb->ip.reass.fragment_first; } always_inline u32 ip6_reass_buffer_get_data_offset (vlib_buffer_t * b) { vnet_buffer_opaque_t *vnb = vnet_buffer (b); ASSERT (vnb->ip.reass.range_first >= vnb->ip.reass.fragment_first); return ip6_reass_buffer_get_data_offset_no_check (b); } always_inline u16 ip6_reass_buffer_get_data_len_no_check (vlib_buffer_t * b) { vnet_buffer_opaque_t *vnb = vnet_buffer (b); return clib_min (vnb->ip.reass.range_last, vnb->ip.reass.fragment_last) - (vnb->ip.reass.fragment_first + ip6_reass_buffer_get_data_offset (b)) + 1; } always_inline u16 ip6_reass_buffer_get_data_len (vlib_buffer_t * b) { vnet_buffer_opaque_t *vnb = vnet_buffer (b); ASSERT (vnb->ip.reass.range_last > vnb->ip.reass.fragment_first); return ip6_reass_buffer_get_data_len_no_check (b); } typedef struct { // hash table key ip6_reass_key_t key; // time when last packet was received f64 last_heard; // internal id of this reassembly u64 id; // buffer index of first buffer in this reassembly context u32 first_bi; // last octet of packet, ~0 until fragment without more_fragments arrives u32 last_packet_octet; // length of data collected so far u32 data_len; // trace operation counter u32 trace_op_counter; // next index - used by non-feature node u8 next_index; // minimum fragment length for this reassembly - used to estimate MTU u16 min_fragment_length; } ip6_reass_t; typedef struct { ip6_reass_t *pool; u32 reass_n; u32 buffers_n; u32 id_counter; clib_spinlock_t lock; } ip6_reass_per_thread_t; typedef struct { // IPv6 config u32 timeout_ms; f64 timeout; u32 expire_walk_interval_ms; u32 max_reass_n; // IPv6 runtime clib_bihash_48_8_t hash; // per-thread data ip6_reass_per_thread_t *per_thread_data; // convenience vlib_main_t *vlib_main; vnet_main_t *vnet_main; // node index of ip6-drop node u32 ip6_drop_idx; u32 ip6_icmp_error_idx; u32 ip6_reass_expire_node_idx; } ip6_reass_main_t; ip6_reass_main_t ip6_reass_main; typedef enum { IP6_REASSEMBLY_NEXT_INPUT, IP6_REASSEMBLY_NEXT_DROP, IP6_REASSEMBLY_NEXT_ICMP_ERROR, IP6_REASSEMBLY_N_NEXT, } ip6_reass_next_t; typedef enum { RANGE_NEW, RANGE_OVERLAP, ICMP_ERROR_RT_EXCEEDED, ICMP_ERROR_FL_TOO_BIG, ICMP_ERROR_FL_NOT_MULT_8, FINALIZE, } ip6_reass_trace_operation_e; typedef struct { u16 range_first; u16 range_last; u32 range_bi; i32 data_offset; u32 data_len; u32 first_bi; } ip6_reass_range_trace_t; typedef struct { ip6_reass_trace_operation_e action; u32 reass_id; ip6_reass_range_trace_t trace_range; u32 size_diff; u32 op_id; u32 fragment_first; u32 fragment_last; u32 total_data_len; } ip6_reass_trace_t; static void ip6_reass_trace_details (vlib_main_t * vm, u32 bi, ip6_reass_range_trace_t * trace) { vlib_buffer_t *b = vlib_get_buffer (vm, bi); vnet_buffer_opaque_t *vnb = vnet_buffer (b); trace->range_first = vnb->ip.reass.range_first; trace->range_last = vnb->ip.reass.range_last; trace->data_offset = ip6_reass_buffer_get_data_offset_no_check (b); trace->data_len = ip6_reass_buffer_get_data_len_no_check (b); trace->range_bi = bi; } static u8 * format_ip6_reass_range_trace (u8 * s, va_list * args) { ip6_reass_range_trace_t *trace = va_arg (*args, ip6_reass_range_trace_t *); s = format (s, "range: [%u, %u], off %d, len %u, bi %u", trace->range_first, trace->range_last, trace->data_offset, trace->data_len, trace->range_bi); return s; } static u8 * format_ip6_reass_trace (u8 * s, va_list * args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); ip6_reass_trace_t *t = va_arg (*args, ip6_reass_trace_t *); s = format (s, "reass id: %u, op id: %u ", t->reass_id, t->op_id); u32 indent = format_get_indent (s); s = format (s, "first bi: %u, data len: %u, ip/fragment[%u, %u]", t->trace_range.first_bi, t->total_data_len, t->fragment_first, t->fragment_last); switch (t->action) { case RANGE_NEW: s = format (s, "\n%Unew %U", format_white_space, indent, format_ip6_reass_range_trace, &t->trace_range); break; case RANGE_OVERLAP: s = format (s, "\n%Uoverlap %U", format_white_space, indent, format_ip6_reass_range_trace, &t->trace_range); break; case ICMP_ERROR_FL_TOO_BIG: s = format (s, "\n%Uicmp-error - frag_len > 65535 %U", format_white_space, indent, format_ip6_reass_range_trace, &t->trace_range); break; case ICMP_ERROR_FL_NOT_MULT_8: s = format (s, "\n%Uicmp-error - frag_len mod 8 != 0 %U", format_white_space, indent, format_ip6_reass_range_trace, &t->trace_range); break; case ICMP_ERROR_RT_EXCEEDED: s = format (s, "\n%Uicmp-error - reassembly time exceeded", format_white_space, indent); break; case FINALIZE: s = format (s, "\n%Ufinalize reassembly", format_white_space, indent); break; } return s; } static void ip6_reass_add_trace (vlib_main_t * vm, vlib_node_runtime_t * node, ip6_reass_main_t * rm, ip6_reass_t * reass, u32 bi, ip6_reass_trace_operation_e action, u32 size_diff) { vlib_buffer_t *b = vlib_get_buffer (vm, bi); vnet_buffer_opaque_t *vnb = vnet_buffer (b); if (pool_is_free_index (vm->trace_main.trace_buffer_pool, b->trace_index)) { // this buffer's trace is gone b->flags &= ~VLIB_BUFFER_IS_TRACED; return; } ip6_reass_trace_t *t = vlib_add_trace (vm, node, b, sizeof (t[0])); t->reass_id = reass->id; t->action = action; ip6_reass_trace_details (vm, bi, &t->trace_range); t->size_diff = size_diff; t->op_id = reass->trace_op_counter; ++reass->trace_op_counter; t->fragment_first = vnb->ip.reass.fragment_first; t->fragment_last = vnb->ip.reass.fragment_last; t->trace_range.first_bi = reass->first_bi; t->total_data_len = reass->data_len; #if 0 static u8 *s = NULL; s = format (s, "%U", format_ip6_reass_trace, NULL, NULL, t); printf ("%.*s\n", vec_len (s), s); fflush (stdout); vec_reset_length (s); #endif } always_inline void ip6_reass_free (ip6_reass_main_t * rm, ip6_reass_per_thread_t * rt, ip6_reass_t * reass) { clib_bihash_kv_48_8_t kv; kv.key[0] = reass->key.as_u64[0]; kv.key[1] = reass->key.as_u64[1]; kv.key[2] = reass->key.as_u64[2]; kv.key[3] = reass->key.as_u64[3]; kv.key[4] = reass->key.as_u64[4]; kv.key[5] = reass->key.as_u64[5]; clib_bihash_add_del_48_8 (&rm->hash, &kv, 0); pool_put (rt->pool, reass); --rt->reass_n; } always_inline void ip6_reass_drop_all (vlib_main_t * vm, ip6_reass_main_t * rm, ip6_reass_t * reass, u32 ** vec_drop_bi) { u32 range_bi = reass->first_bi; vlib_buffer_t *range_b; vnet_buffer_opaque_t *range_vnb; while (~0 != range_bi) { range_b = vlib_get_buffer (vm, range_bi); range_vnb = vnet_buffer (range_b); u32 bi = range_bi; while (~0 != bi) { vec_add1 (*vec_drop_bi, bi); vlib_buffer_t *b = vlib_get_buffer (vm, bi); if (b->flags & VLIB_BUFFER_NEXT_PRESENT) { bi = b->next_buffer; b->flags &= ~VLIB_BUFFER_NEXT_PRESENT; } else { bi = ~0; } } range_bi = range_vnb->ip.reass.next_range_bi; } } always_inline void ip6_reass_on_timeout (vlib_main_t * vm, vlib_node_runtime_t * node, ip6_reass_main_t * rm, ip6_reass_t * reass, u32 * icmp_bi, u32 ** vec_timeout) { if (~0 == reass->first_bi) { return; } vlib_buffer_t *b = vlib_get_buffer (vm, reass->first_bi); if (0 == vnet_buffer (b)->ip.reass.fragment_first) { *icmp_bi = reass->first_bi; if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED)) { ip6_reass_add_trace (vm, node, rm, reass, reass->first_bi, ICMP_ERROR_RT_EXCEEDED, 0); } // fragment with offset zero received - send icmp message back if (b->flags & VLIB_BUFFER_NEXT_PRESENT) { // separate first buffer from chain and steer it towards icmp node b->flags &= ~VLIB_BUFFER_NEXT_PRESENT; reass->first_bi = b->next_buffer; } else { reass->first_bi = vnet_buffer (b)->ip.reass.next_range_bi; } icmp6_error_set_vnet_buffer (b, ICMP6_time_exceeded, ICMP6_time_exceeded_fragment_reassembly_time_exceeded, 0); } ip6_reass_drop_all (vm, rm, reass, vec_timeout); } always_inline ip6_reass_t * ip6_reass_find_or_create (vlib_main_t * vm, vlib_node_runtime_t * node, ip6_reass_main_t * rm, ip6_reass_per_thread_t * rt, ip6_reass_key_t * k, u32 * icmp_bi, u32 ** vec_timeout) { ip6_reass_t *reass = NULL; f64 now = vlib_time_now (rm->vlib_main); clib_bihash_kv_48_8_t kv, value; kv.key[0] = k->as_u64[0]; kv.key[1] = k->as_u64[1]; kv.key[2] = k->as_u64[2]; kv.key[3] = k->as_u64[3]; kv.key[4] = k->as_u64[4]; kv.key[5] = k->as_u64[5]; if (!clib_bihash_search_48_8 (&rm->hash, &kv, &value)) { reass = pool_elt_at_index (rt->pool, value.value); if (now > reass->last_heard + rm->timeout) { ip6_reass_on_timeout (vm, node, rm, reass, icmp_bi, vec_timeout); ip6_reass_free (rm, rt, reass); reass = NULL; } } if (reass) { reass->last_heard = now; return reass; } if (rt->reass_n >= rm->max_reass_n) { reass = NULL; return reass; } else { pool_get (rt->pool, reass); memset (reass, 0, sizeof (*reass)); reass->id = ((u64) os_get_thread_index () * 1000000000) + rt->id_counter; ++rt->id_counter; reass->first_bi = ~0; reass->last_packet_octet = ~0; reass->data_len = 0; ++rt->reass_n; } reass->key.as_u64[0] = kv.key[0] = k->as_u64[0]; reass->key.as_u64[1] = kv.key[1] = k->as_u64[1]; reass->key.as_u64[2] = kv.key[2] = k->as_u64[2]; reass->key.as_u64[3] = kv.key[3] = k->as_u64[3]; reass->key.as_u64[4] = kv.key[4] = k->as_u64[4]; reass->key.as_u64[5] = kv.key[5] = k->as_u64[5]; kv.value = reass - rt->pool; reass->last_heard = now; if (clib_bihash_add_del_48_8 (&rm->hash, &kv, 1)) { ip6_reass_free (rm, rt, reass); reass = NULL; } return reass; } always_inline void ip6_reass_finalize (vlib_main_t * vm, vlib_node_runtime_t * 
/*
 * srv6_end_m_gtp6_d_di_di.c
 *
 * Copyright (c) 2019 Arrcus Inc and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <vnet/vnet.h>
#include <vnet/adj/adj.h>
#include <vnet/plugin/plugin.h>
#include <vpp/app/version.h>
#include <srv6-mobile/mobile.h>

srv6_end_main_v6_decap_di_t srv6_end_main_v6_decap_di;

static void
clb_dpo_lock_srv6_end_m_gtp6_d_di (dpo_id_t * dpo)
{
}

static void
clb_dpo_unlock_srv6_end_m_gtp6_d_di (dpo_id_t * dpo)
{
}

static u8 *
clb_dpo_format_srv6_end_m_gtp6_d_di (u8 * s, va_list * args)
{
  index_t index = va_arg (*args, index_t);
  CLIB_UNUSED (u32 indent) = va_arg (*args, u32);

  return (format (s, "SR: dynamic_proxy_index:[%u]", index));
}

const static dpo_vft_t dpo_vft = {
  .dv_lock = clb_dpo_lock_srv6_end_m_gtp6_d_di,
  .dv_unlock = clb_dpo_unlock_srv6_end_m_gtp6_d_di,
  .dv_format = clb_dpo_format_srv6_end_m_gtp6_d_di,
};

const static char *const srv6_end_m_gtp6_d_di_nodes[] = {
  "srv6-end-m-gtp6-d-di",
  NULL,
};

const static char *const *const dpo_nodes[DPO_PROTO_NUM] = {
  [DPO_PROTO_IP6] = srv6_end_m_gtp6_d_di_nodes,
};

static u8 fn_name[] = "SRv6-End.M.GTP6.D.DI-plugin";
static u8 keyword_str[] = "end.m.gtp6.d.di";
static u8 def_str[] =
  "Endpoint function with drop-in dencapsulation for IPv6/GTP tunnel";
static u8 param_str[] = "<sr-prefix>/<sr-prefixlen> [nhtype <nhtype>]";

static u8 *
clb_format_srv6_end_m_gtp6_d_di (u8 * s, va_list * args)
{
  srv6_end_gtp6_param_t *ls_mem = va_arg (*args, void *);

  s = format (s, "SRv6 End gtp6.d Drop-in\n\t");

  s =
    format (s, "SR Prefix: %U/%d", format_ip6_address, &ls_mem->sr_prefix,
	    ls_mem->sr_prefixlen);

  if (ls_mem->nhtype != SRV6_NHTYPE_NONE)
    {
      if (ls_mem->nhtype == SRV6_NHTYPE_IPV4)
	s = format (s, ", NHType IPv4\n");
      else if (ls_mem->nhtype == SRV6_NHTYPE_IPV6)
	s = format (s, ", NHType IPv6\n");
      else if (ls_mem->nhtype == SRV6_NHTYPE_NON_IP)
	s = format (s, ", NHType Non-IP\n");
      else
	s = format (s, ", NHType Unknow(%d)\n", ls_mem->nhtype);
    }
  else
    s = format (s, "\n");

  return s;
}

static uword
clb_unformat_srv6_end_m_gtp6_d_di (unformat_input_t * input, va_list * args)
{
  void **plugin_mem_p = va_arg (*args, void **);
  srv6_end_gtp6_param_t *ls_mem;
  ip6_address_t sr_prefix;
  u32 sr_prefixlen = 0;
  u8 nhtype;

  if (unformat (input, "end.m.gtp6.d.di %U/%d nhtype ipv4",
		unformat_ip6_address, &sr_prefix, &sr_prefixlen))
    {
      nhtype = SRV6_NHTYPE_IPV4;
    }
  else if (unformat (input, "end.m.gtp6.d.di %U/%d nhtype ipv6",
		     unformat_ip6_address, &sr_prefix, &sr_prefixlen))
    {
      nhtype = SRV6_NHTYPE_IPV6;
    }
  else if (unformat (input, "end.m.gtp6.d.di %U/%d nhtype non-ip",
		     unformat_ip6_address, &sr_prefix, &sr_prefixlen))
    {
      nhtype = SRV6_NHTYPE_NON_IP;
    }
  else if (unformat (input, "end.m.gtp6.d.di %U/%d",
		     unformat_ip6_address, &sr_prefix, &sr_prefixlen))
    {
      nhtype = SRV6_NHTYPE_NONE;
    }
  else
    {
      return 0;
    }

  ls_mem = clib_mem_alloc_aligned_at_offset (sizeof *ls_mem, 0, 0, 1);
  clib_memset (ls_mem, 0, sizeof *ls_mem);
  *plugin_mem_p = ls_mem;

  ls_mem->sr_prefix = sr_prefix;
  ls_mem->sr_prefixlen = sr_prefixlen;
  ls_mem->nhtype = nhtype;

  return 1;
}

static int
clb_creation_srv6_end_m_gtp6_d_di (ip6_sr_localsid_t * localsid)
{
  return 0;
}

static int
clb_removal_srv6_end_m_gtp6_d_di (ip6_sr_localsid_t * localsid)
{
  srv6_end_gtp6_param_t *ls_mem;

  ls_mem = localsid->plugin_mem;

  clib_mem_free (ls_mem);

  return 0;
}

static clib_error_t *
srv6_end_m_gtp6_d_di_init (vlib_main_t * vm)
{
  srv6_end_main_v6_decap_di_t *sm = &srv6_end_main_v6_decap_di;
  ip6srv_combo_header_t *ip6;
  dpo_type_t dpo_type;
  vlib_node_t *node;
  int rc;

  sm->vlib_main = vm;
  sm->vnet_main = vnet_get_main ();

  node = vlib_get_node_by_name (vm, (u8 *) "srv6-end-m-gtp6-d-di");
  sm->end_m_gtp6_d_di_node_index = node->index;

  node = vlib_get_node_by_name (vm, (u8 *) "error-drop");
  sm->error_node_index = node->index;

  ip6 = &sm->cache_hdr;

  clib_memset_u8 (ip6, 0, sizeof (ip6srv_combo_header_t));

  // IPv6 header (default)
  ip6->ip.ip_version_traffic_class_and_flow_label = 0x60;
  ip6->ip.hop_limit = 64;
  ip6->ip.protocol = IPPROTO_IPV6_ROUTE;

  // SR header (default)
  ip6->sr.type = 4;

  dpo_type = dpo_register_new_type (&dpo_vft, dpo_nodes);

  rc = sr_localsid_register_function (vm, fn_name, keyword_str, def_str, param_str, 128,	//prefix len
				      &dpo_type,
				      clb_format_srv6_end_m_gtp6_d_di,
				      clb_unformat_srv6_end_m_gtp6_d_di,
				      clb_creation_srv6_end_m_gtp6_d_di,
				      clb_removal_srv6_end_m_gtp6_d_di);
  if (rc < 0)
    clib_error_return (0, "SRv6 Endpoint GTP6.D.DI LocalSID function"
		       "couldn't be registered");
  return 0;
}