ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
vpp/plugins/vcgn-plugin/vcgn/cnat_db.h
Ole Troan ea3e1fc875 Plugins: Clean up the plugin directory so that each plugin has its own 
directory and GNU autotools setup.

Change-Id: I6c59d1297389c9413db0c0b9bdf3b759080bf1b8
Signed-off-by: Ole Troan <ot@cisco.com>
2016-06-27 15:04:00 +00:00

702 lines
20 KiB
C
Raw Blame History

/*
*------------------------------------------------------------------
* cnat_db.h - translation database definitions
*
* Copyright (c) 2007-2013 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*------------------------------------------------------------------
*/
#ifndef __CNAT_DB_H__
#define __CNAT_DB_H__
#include "cnat_cli.h"
#include "cnat_ports.h"
#include "index_list.h"
#define VRF_NAME_LEN_STORED 12
#define MAX_VRFID 400
typedef struct _cnat_svi_params_entry {
u16 svi_type;
u16 pad;
u32 vrf_id;
u16 if_num;
u32 ipv6_addr[4];
u32 ipv4_addr;
u8 direction;
u32 tbl_id; /* vrf */
u32 vrf_override_id; /* tbl_id for override vrf */
u8 vrf_override_flag;
u8 partition_id;
} cnat_svi_params_entry;
typedef struct _cnat_ingress_vrfid_name_entry {
u32 vrf_id;
u16 ref_count; /*no# of serviceApps under a single vrf*/
u8 vrf_name[VRF_NAME_LEN_STORED];
u16 pad1;
} cnat_ingress_vrfid_name_entry;
#define HASH_ENHANCE 4
#define CNAT_DB_SIZE (PLATFORM_MAX_NAT_ENTRIES / PLATFORM_CNAT_INSTS)
#define CNAT_MAIN_HASH_SIZE (HASH_ENHANCE * PLATFORM_CNAT_MAIN_PRELIM_HASH_SIZE)
#define CNAT_MAIN_HASH_MASK (CNAT_MAIN_HASH_SIZE-1)
#define CNAT_USER_DB_SIZE (PLATFORM_MAX_USER_ENTRIES / PLATFORM_CNAT_INSTS)
#define CNAT_USER_HASH_SIZE (HASH_ENHANCE * PLATFORM_CNAT_USER_PRELIM_HASH_SIZE)
#define CNAT_USER_HASH_MASK (CNAT_USER_HASH_SIZE-1)
#define CNAT_SESSION_DB_SIZE (PLATFORM_MAX_NAT_ENTRIES / PLATFORM_CNAT_INSTS)
#define CNAT_SESSION_HASH_SIZE (HASH_ENHANCE * PLATFORM_CNAT_MAIN_PRELIM_HASH_SIZE)
#define CNAT_SESSION_HASH_MASK (CNAT_SESSION_HASH_SIZE-1)
#define CNAT_MAX_SESSIONS_PER_BIB 0xFFFF
#define NUM_BITS_IN_UWORD (8*sizeof(uword))
/* No. of per ip/port config will be limited to 1024 */
#define CNAT_TIMEOUT_HASH_SIZE 1024
#define CNAT_TIMEOUT_HASH_MASK (CNAT_TIMEOUT_HASH_SIZE - 1)
#define CNAT_TIMEOUT_FULL_MASK 0xFFFFFFFFFFFFFFFF
#define CNAT_TIMEOUT_IPPROT_MASK PLATFORM_CNAT_TIMEOUT_IPPROT_MASK
#define CNAT_TIMEOUT_PORTPROT_MASK PLATFORM_CNAT_TIMEOUT_PORTPROT_MASK
#define TRUE 1
#define FALSE 0
/*
* The key structure. All fields are in NETWORK byte order!
*/
typedef struct {
u32 ipv4;
u16 port;
u16 vrf; //bit0-12:vrf, bit13:unused, bit14-15:protocol
} cnat_db_key_t;
/* bit14-15:protocol in cnat_db_key_t */
#define CNAT_INVALID_PROTO 0x0000
#define CNAT_PPTP 0x0000
#define CNAT_UDP 0x4000
#define CNAT_TCP 0x8000
#define CNAT_ICMP 0xc000
#define CNAT_VRF_MASK 0x3fff
#define CNAT_PRO_MASK 0xc000
#define CNAT_PRO_SHIFT 14
/*
* Maximum number of VRF entries supported
*/
#define CNAT_MAX_VRFMAP_ENTRIES (CNAT_VRF_MASK + 1)
/*
* for hashing purposes, fetch the key in one instr.
*/
typedef union {
cnat_db_key_t k;
u64 key64;
} cnat_key_t;
typedef struct {
cnat_key_t k;
u32 bucket;
} cnat_db_key_bucket_t;
typedef struct {
u32 ipv6[4];
cnat_key_t ipv4_key;
} dslite_key_t;
typedef struct {
/*
cnat_db_key_bucket_t ck;
u32 ipv6[4];
*/
dslite_key_t dk;
u32 bucket;
} dslite_db_key_bucket_t;
/* Per port/ip timeout related strucutres */
extern index_slist_t *cnat_timeout_hash;
typedef struct {
cnat_key_t timeout_key;
u16 timeout_value;
} cnat_timeout_t;
typedef struct {
cnat_timeout_t t_key;
index_slist_t t_hash;
} cnat_timeout_db_entry_t;
extern cnat_timeout_db_entry_t *cnat_timeout_db;
/*
* Main translation database entries. Currently 0x5A = 90 bytes in length.
* Given 20,000,000 entries, it saves nearly 1gb of SDRAM to pack the entries
* and pay the extra prefetch. So, that's what we do.
*/
typedef struct {
/* 0x00 */
index_slist_t out2in_hash; /* hash-and-chain, x2 */
index_slist_t in2out_hash;
/* 0x08 */
u16 flags; /* Always need flags... */
#define CNAT_DB_FLAG_PORT_PAIR (1<<0)
#define CNAT_DB_FLAG_TCP_ACTIVE (1<<1)
#define CNAT_DB_FLAG_ENTRY_FREE (1<<2)
#define CNAT_DB_FLAG_UDP_ACTIVE (1<<3)
#define CNAT_DB_FLAG_STATIC_PORT (1<<4)
/* This alg entry is set for FTP data connection */
#define CNAT_DB_FLAG_ALG_ENTRY (1<<5)
/* Will be set for TCP connection with destination port - 1723
* note - here CNAT_DB_FLAG_TCP_ACTIVE is also set */
#define CNAT_DB_FLAG_PPTP_TUNNEL_INIT (1<<6)
#define CNAT_DB_FLAG_PPTP_TUNNEL_ACTIVE (1<<7)
/* for PPTP GRE packtes */
#define CNAT_DB_FLAG_PPTP_GRE_ENTRY (1<<8)
/* for PCP support */
#define CNAT_DB_FLAG_PCPI (1<<9)
#define CNAT_DB_FLAG_PCPE (1<<10)
#define CNAT_PCP_FLAG (CNAT_DB_FLAG_PCPI | CNAT_DB_FLAG_PCPE)
#define CNAT_TAC_SEQ_MISMATCH (1<<11)
/* This alg entry is set for ftp control connection */
#define CNAT_DB_FLAG_ALG_CTRL_FLOW (1<<12)
/* This is for marking the state where connection is closing */
#define CNAT_DB_FLAG_TCP_CLOSING (1<<13)
#define CNAT_DB_DSLITE_FLAG (1<<14)
#define CNAT_DB_NAT64_FLAG (1<<15)
/* 0x0A */
u16 vrfmap_index; /* index of vrfmap */
/* 0x0C */
u32 user_index; /* index of user that owns this entry */
/* 0x10 */
cnat_key_t out2in_key; /* network-to-user, outside-to-inside key */
/* 0x18 */
cnat_key_t in2out_key; /* user-to-network, inside-to-outside key */
/* 0x20 */
index_dlist_t user_ports; /* per-user translation list */
/* 0x28 */
u32 out2in_pkts; /* pkt counters */
/* 0x2C */
u32 in2out_pkts;
/* 0x30 */
u32 entry_expires; /* timestamp used to expire translations */
/* 0x34 */
union { /* used by FTP ALG, pkt len delta due to FTP PORT cmd */
u16 delta;
i8 alg_dlt[2]; /* two delta values, 0 for previous, 1 for current */
u16 il; /* Used to indicate if interleaved mode is used
in case of RTSP ALG */
} alg;
/* 0x36 */
u16 timeout;
/* 0x38 */
union {
struct seq_pcp_t {
u32 tcp_seq_num; /* last tcp (FTP) seq # that has pkt len change due to PORT */
u32 pcp_lifetime; /* peer and map life time value sent in reply*/
} seq_pcp;
/* This is for TCP seq check */
struct tcp_seq_chk_t {
u32 seq_no;
u32 ack_no;
} tcp_seq_chk;
/* used for pptp alg entries
1. only tunnel : prev and next = 0xFFFFFFFF
2. first gre entry : prev = tunnel db, next = next gre db
3. last gre entry : prev = previous gre/tunnel db, next= 0xFFFFFFFF;
*while adding gre entry- updated at the begining of head
*while deleting gre entry - hash look up will be done and prev and next are adjusted
* while deleting need not traverse throufgh the list, as done in index_dlist_remelem
*/
index_dlist_t pptp_list;
} proto_data;
/* 0x40 */
u32 dst_ipv4; /* pointer to ipv4 dst list, used in evil mode */
/* 0x44 */
u16 dst_port;
/* 0x46 */
u16 dslite_nat44_inst_id;
/* 0x48 */
u32 session_head_index;
/* 0x4C */
u16 nsessions;
/* 0x4E */
u8 unused;
/* 0x4F */
u8 scale;
/* 0x50 */
u32 diff_window;
/* Sizeof cnat_main_db_entry_t = 0x54 */
} cnat_main_db_entry_t;
/* Caution ...
* 1. The size of this structure should be same as that of
* nat64_bib_user_entry_t
* 2. Do not alter the position of first four fields
*/
typedef struct {
/* 0x00 */
index_slist_t user_hash; /* hash 'n chain bucket chain */
/* 0x04 */
u16 ntranslations; /* translations hold by this user */
/* 0x06 */
u8 icmp_msg_count; /* use to rate limit imcp send to this user */
/* 0x07 */
u8 flags; /* To identfiy whether it is NAT64 or NAT44 etc */
#define CNAT_USER_DB_NAT44_FLAG 0
#define CNAT_USER_DB_NAT64_FLAG 1
#define CNAT_USER_DB_DSLITE_FLAG 2
#define CNAT_USER_DB_PORT_LIMIT_EXCEEDED 0X80
/* 0x08 */
u32 translation_list_head_index;
/* 0x0C */
u32 portmap_index; /* index of bound port-map */
/* 0x10 */
cnat_key_t key; /* For dslite this should store IPv6 address */
u32 ipv6[4]; // B4 ipv6 address
/* 0x18 */
#if 0
u32 temp1;
u32 temp2;
u32 temp3;
#endif
/* 0x28 same as nat64_user_db */
#ifndef NO_BULK_LOGGING
/* Now adding 8 more bytes for bulk allocation.. This makes it
* 0x30 (48). Added the same to nat64_bib_user_entry_t make the
* the sizes equal. For nat64 stful, we may support bulk allocation
* later.
*/
/* Indicates the currently used bulk port range */
i16 bulk_port_range_cache[BULK_RANGE_CACHE_SIZE];
#endif /* #ifndef NO_BULK_LOGGING */
} cnat_user_db_entry_t;
/*
* cnat_session_entry_t
* This structure represents the cnat session table. It maintains the
* information about the destination of a given translation (main db)
* There would be entry here only if packets are send to more than 1 destn
* from the same source.
*/
typedef struct {
/* 0x00 */
index_slist_t cnat_session_hash;
/* 0x04 */
u32 main_db_index; /* would point to v4 src transport address */
/* 0x08 */
cnat_key_t v4_dest_key;
/* 0x10 */
u16 flags; /* Same as cnat_main_db_t */
/* 0x12 */
u16 timeout;
/* 0x14 */
u32 entry_expires;
/* 0x18 */
index_dlist_t main_list;
/* 0x20 = 32 B */
union { /* alg same as cnat_main_db_t */
u16 delta;
i8 alg_dlt[2];
u16 il;
} alg;
/* 0x22 */
u16 tcp_flags;
/* 0x24 */
u32 tcp_seq_num;
/* 0x28 */
u32 ack_no;
/* 0x2C */
u32 window;
/* 0x30 */
u8 scale;
/* 0x31 */
u8 pad;
/* 0x32 */
} cnat_session_entry_t;
/*
* out2in and in2out hash bucket arrays are simply arrays of index_slist_t's
*/
typedef enum {
CNAT_DB_CREATE_DEFAULT=0, /* honor cnat_main_db_max_ports_per_user */
CNAT_DB_CREATE_OVERRIDE, /* just do it. */
} cnat_db_create_policy_t;
typedef struct {
cnat_key_t in2out_key;
cnat_key_t out2in_key;
u32 dst_ipv4; /* evil for mode only */
u16 cnat_instance;
cnat_portmap_t *portmap;
u16 *portmap_inuse;
cnat_main_db_entry_t *db;
cnat_db_create_policy_t policy;
port_pair_t pair_of_ports;
} cnat_db_create_args_t;
extern cnat_main_db_entry_t *cnat_main_db;
extern cnat_user_db_entry_t *cnat_user_db;
extern cnat_session_entry_t *cnat_session_db;
#define S_WAO 0
#define S_WA 1 /* waiting for address pool */
#define S_WO 2 /* waiting for outside vrf */
#define S_RUN 3 /* got everything */
#define S_DEL 4 /* just delete */
#define INVALID_UIDX 0xffff /*invalid svi app uidb index */
#define INVALID_VRFID 0xffffffff /*invalid vrf id */
typedef struct {
u16 status;
u16 tcp_mss; //tcp max segment size for this inside vrf */
u32 delete_time;
u16 i_vrf; //inside SVI uidx
u16 o_vrf; //outside SVI uidx
u32 i_vrf_id; //inside vrf id
u32 o_vrf_id; //outside vrf id
cnat_portmap_v2_t *portmap_list;
u32 nfv9_logging_index;
u32 syslog_logging_index;
u16 ip_n_to_1;
#ifndef NO_BULK_LOGGING
bulk_alloc_size_t bulk_size;
#endif /* #ifndef NO_BULK_LOGGING */
u32 pcp_server_addr;
u32 pcp_server_port;
u8 nf_logging_policy;
u8 syslog_logging_policy;
u8 frag_tout;
u32 rseed_ip;
u16 port_limit;
u8 tcp_seq_check_enable;
u8 pad;
u32 tcp_seq_user_window;
u8 filter_policy;
u8 ignore_port;
} cnat_vrfmap_t;
/*
* When creating cnat_vrfmap entry, ensure that any already
* configured logging info is taken into account
*/
#define CNAT_SET_VRFMAP_NFV9_LOGGING_INDEX(logging_index, i_vrf) \
do { \
cnat_nfv9_logging_info_t *my_nfv9_logging_info = 0; \
pool_foreach (my_nfv9_logging_info, cnat_nfv9_logging_info, ({ \
if (my_nfv9_logging_info->i_vrf == i_vrf) { \
logging_index = my_nfv9_logging_info - cnat_nfv9_logging_info; \
break; \
} \
})); \
while (0)
typedef struct {
/*
* spp_ctx_alloc() call failed
*/
u64 nfv9_logging_context_creation_fail_count;
/*
* Cannot send the existing logging pkt, so cannot create
* any additional packets for logging purposes
*/
u64 nfv9_logging_context_creation_deferred_count;
/*
* Cannot send the existing logging pkt due to cnat_rewrite_output
* superframe being full.
*/
u64 nfv9_downstream_constipation_count;
/*
* buffer for spp_ctx_alloc() call failed
*/
u64 nfv9_logging_context_buffer_allocation_fail_count;
} cnat_global_counters_t;
extern cnat_global_counters_t cnat_global_counters;
extern u16 *cnat_portmap_indices_by_vrf;
extern cnat_vrfmap_t *cnat_portmap_by_vrf;
extern cnat_portmap_t **cnat_portmaps;
extern u16 **cnat_portmaps_inuse;
extern cnat_vrfmap_t *cnat_map_by_vrf;
/*
* Special define to indicate that the VRF map index entry is empty
*/
#define VRF_MAP_ENTRY_EMPTY 0xffff
extern u16 vrf_map_array[CNAT_MAX_VRFMAP_ENTRIES];
extern cnat_svi_params_entry svi_params_array[CNAT_MAX_VRFMAP_ENTRIES];
extern cnat_ingress_vrfid_name_entry vrfid_name_map[MAX_VRFID];
extern index_slist_t *cnat_out2in_hash;
extern index_slist_t *cnat_in2out_hash;
extern index_slist_t *cnat_user_hash;
extern index_slist_t *cnat_session_hash;
typedef enum {
CNAT_DB_IN2OUT = 0,
CNAT_DB_OUT2IN,
} cnat_db_which_t;
typedef enum {
CNAT_NO_ICMP_MSG =0,
CNAT_ICMP_MSG,
} cnat_icmp_msg_t;
typedef struct {
cnat_errno_t error;
cnat_icmp_msg_t gen_icmp_msg;
u32 svi_addr;
} cnat_gen_icmp_info;
typedef cnat_vrfmap_t nat64_vrfmap_t;
typedef cnat_portmap_v2_t nat64_portmap_v2_t;
#define CNAT_V4_GET_HASH(key64, hash, mask) \
a = key64; \
b = c = 0x9e3779b97f4a7c13LL; \
/* Jenkins hash, arbitrarily use c as the "answer" */ \
hash_mix64(a, b, c); \
hash = c & mask;
#define CNAT_V4_GET_SESSION_HASH(main_index, in_addr, port, vrf, hash, mask) \
a = main_index ^ in_addr ^ port ^ vrf; \
b = c = 0x9e3779b9; \
/* Jenkins hash, arbitrarily use c as the "answer" */ \
hash_mix32(a, b, c); \
hash = c & mask;
#define CNAT_V4_GET_FRAG_HASH(key64, key32, hash, mask) \
a = key64; \
b = key32; \
c = 0x9e3779b97f4a7c13LL; \
hash_mix64(a, b, c); \
hash = c % mask;
#define CNAT_DB_UPDATE_IN2OUT_TIMER \
db->entry_expires = cnat_current_time; \
db->in2out_pkts++;
#define CNAT_DB_TIMEOUT_RST(db) \
if(PREDICT_TRUE(db->entry_expires != 0 )) \
db->entry_expires = cnat_current_time;
#define DEBUG_I2O_DROP(debug_flag) \
if (debug_i_flag & debug_flag) { \
cnat_db_debug_i2o_drop(&ki); \
}
cnat_main_db_entry_t *cnat_main_db_create (cnat_db_create_args_t *a);
void cnat_main_db_entry_delete(cnat_main_db_entry_t *ep);
void cnat_delete_main_db_entry(cnat_main_db_entry_t *ep);
void cnat_delete_main_db_entry_v2(cnat_main_db_entry_t *ep);
cnat_main_db_entry_t*
cnat_get_main_db_entry(cnat_db_key_bucket_t *ki,
port_pair_t port_type,
cnat_errno_t *error,
cnat_user_db_entry_t ** user_db_entry);
cnat_main_db_entry_t*
cnat_get_main_db_entry_v2(cnat_db_key_bucket_t *ki,
port_pair_t port_pair_type,
port_type_t port_type,
cnat_gen_icmp_info *info,
cnat_key_t *dest_info);
cnat_main_db_entry_t*
cnat_create_static_main_db_entry_v2(cnat_db_key_bucket_t *ki,
cnat_db_key_bucket_t *ko,
cnat_vrfmap_t *my_vrfmap,
cnat_gen_icmp_info *info);
cnat_main_db_entry_t*
cnat_create_main_db_entry_and_hash(cnat_db_key_bucket_t *ki,
cnat_db_key_bucket_t *ko,
cnat_user_db_entry_t *udb);
cnat_user_db_entry_t*
cnat_user_db_create_entry(cnat_db_key_bucket_t *uki,
u32 portmap_index);
cnat_user_db_entry_t*
cnat_user_db_lookup_entry(cnat_db_key_bucket_t *uki);
cnat_main_db_entry_t*
cnat_main_db_lookup_entry(cnat_db_key_bucket_t *ki);
cnat_main_db_entry_t*
cnat_main_db_lookup_entry_out2in (cnat_db_key_bucket_t *ko);
void cnat_main_db_entry_dump (cnat_main_db_entry_t *db);
void cnat_db_in2out_hash_delete (cnat_main_db_entry_t *ep, cnat_user_db_entry_t *up);
void cnat_db_out2in_hash_delete (cnat_main_db_entry_t *ep);
void cnat_user_db_delete (cnat_user_db_entry_t *up);
void cnat_db_debug_i2o_drop(cnat_db_key_bucket_t *ki);
/*
* Function to dump the Hash Table that maps if_num to uidb_index
*/
extern void cnat_if_num_hash_table_dump(void);
#define MAIN_DB_TYPE 0
#define SESSION_DB_TYPE 1
u16 query_and_update_db_timeout(void *db, u8 db_type);
u16 cnat_timeout_db_create (cnat_timeout_t t_entry);
void cnat_timeout_db_delete(cnat_key_t t_key);
cnat_session_entry_t *
cnat_create_session_db_entry(cnat_key_t *ko,
cnat_main_db_entry_t *bdb, u8 log);
void cnat_dest_update_main2session(cnat_main_db_entry_t *mdb,
cnat_session_entry_t *sdb);
cnat_session_entry_t *cnat_handle_1to2_session(
cnat_main_db_entry_t *mdb,
cnat_key_t *dest_info);
void cnat_add_dest_n_log(
cnat_main_db_entry_t *mdb,
cnat_key_t *dest_info);
cnat_session_entry_t *
cnat_session_db_lookup_entry(cnat_key_t *ko,u32 main_db_index);
cnat_session_entry_t *
cnat_session_db_edm_lookup_entry(cnat_key_t *ko,
u32 session_head_index,
u32 main_db_index);
typedef struct{
u32 sessions;
u32 active_translations;
u32 num_dynamic_translations;
u32 num_static_translations;
u64 in2out_drops_port_limit_exceeded;
u64 in2out_drops_system_limit_reached;
u64 in2out_drops_resource_depletion;
u64 no_translation_entry_drops;
u32 num_subscribers;
u32 dummy;
u64 drops_sessiondb_limit_exceeded;
} nat44_dslite_common_stats_t;
typedef struct {
u32 translation_delete_count;
u32 translation_create_count;
u32 out2in_forwarding_count;
} nat44_dslite_global_stats_t;
typedef struct {
u64 v4_to_v6_tcp_seq_mismatch_drop_count;
u64 v4_to_v6_tcp_seq_mismatch_count;
u64 v4_to_v6_out2in_session_create_count;
u64 v4_to_v6_end_point_filter_drop_count;
} nat44_counters_stats_t;
#define NAT44_STATS 0
#define DSLITE_STATS 1
extern nat44_dslite_common_stats_t nat44_dslite_common_stats[255]; /* 0 is for nat44 */
extern nat44_dslite_global_stats_t nat44_dslite_global_stats[2]; /* 0 for nat44 and 1 for dslite */
extern nat44_counters_stats_t nat44_counters_stats[CNAT_MAX_VRFMAP_ENTRIES];/*For displaying show cgn <cgn-name> inside-vrf <vrf-name> counters */
#define NAT44_COMMON_STATS nat44_dslite_common_stats[NAT44_RESERVED_INST_ID]
#define NAT44_GLOBAL_STATS nat44_dslite_global_stats[NAT44_STATS]
#define DSLITE_GLOBAL_STATS nat44_dslite_global_stats[DSLITE_STATS]
#define SESSION_LOG_ENABLE 1
#define ALG_ENABLED_DB(db) \
((db->flags & CNAT_PCP_FLAG) || \
(db->flags & CNAT_DB_FLAG_ALG_CTRL_FLOW) || \
(db->flags & (CNAT_DB_FLAG_PPTP_TUNNEL_INIT | \
CNAT_DB_FLAG_PPTP_TUNNEL_ACTIVE)))
#endif /* __CNAT_DB_H__ */
Reference in New Issue View Git Blame Copy Permalink