blob: 7a0d534959c2a6becc7927608b7bbfc46736776a [file] [log] [blame]
/*
* Copyright (c) 2017 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* @brief IPv6 to IPv4 translation
*/
#ifndef __included_ip6_to_ip4_h__
#define __included_ip6_to_ip4_h__
#include <vnet/ip/ip.h>
/**
* IPv6 to IPv4 set call back function type
*/
typedef int (*ip6_to_ip4_set_fn_t) (ip6_header_t * ip6, ip4_header_t * ip4,
void *ctx);
/* *INDENT-OFF* */
static u8 icmp6_to_icmp_updater_pointer_table[] =
{ 0, 1, ~0, ~0,
2, 2, 9, 8,
12, 12, 12, 12,
12, 12, 12, 12,
12, 12, 12, 12,
12, 12, 12, 12,
24, 24, 24, 24,
24, 24, 24, 24,
24, 24, 24, 24,
24, 24, 24, 24
};
/* *INDENT-ON* */
#define frag_id_6to4(id) ((id) ^ ((id) >> 16))
/**
* @brief Parse some useful information from IPv6 header.
*
* @param ip6 IPv6 header.
* @param buff_len Buffer length.
* @param l4_protocol L4 protocol number.
* @param l4_offset L4 header offset.
* @param frag_hdr_offset Fragment header offset if present, 0 otherwise.
*
* @returns 0 on success, non-zero value otherwise.
*/
static_always_inline int
ip6_parse (const ip6_header_t * ip6, u32 buff_len,
u8 * l4_protocol, u16 * l4_offset, u16 * frag_hdr_offset)
{
if (ip6->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
{
*l4_protocol = ((ip6_frag_hdr_t *) (ip6 + 1))->next_hdr;
*frag_hdr_offset = sizeof (*ip6);
*l4_offset = sizeof (*ip6) + sizeof (ip6_frag_hdr_t);
}
else
{
*l4_protocol = ip6->protocol;
*frag_hdr_offset = 0;
*l4_offset = sizeof (*ip6);
}
return (buff_len < (*l4_offset + 4)) ||
(clib_net_to_host_u16 (ip6->payload_length) <
(*l4_offset + 4 - sizeof (*ip6)));
}
/**
* @brief Get TCP/UDP port number or ICMP id from IPv6 packet.
*
* @param ip6 IPv6 header.
* @param sender 1 get sender port, 0 get receiver port.
* @param buffer_len Buffer length.
*
* @returns Port number on success, 0 otherwise.
*/
always_inline u16
ip6_get_port (ip6_header_t * ip6, u8 sender, u16 buffer_len)
{
u8 l4_protocol;
u16 l4_offset;
u16 frag_offset;
u8 *l4;
if (ip6_parse (ip6, buffer_len, &l4_protocol, &l4_offset, &frag_offset))
return 0;
if (frag_offset &&
ip6_frag_hdr_offset (((ip6_frag_hdr_t *)
u8_ptr_add (ip6, frag_offset))))
return 0; //Can't deal with non-first fragment for now
l4 = u8_ptr_add (ip6, l4_offset);
if (l4_protocol == IP_PROTOCOL_TCP || l4_protocol == IP_PROTOCOL_UDP)
{
return (sender) ? ((udp_header_t *) (l4))->src_port : ((udp_header_t
*)
(l4))->dst_port;
}
else if (l4_protocol == IP_PROTOCOL_ICMP6)
{
icmp46_header_t *icmp = (icmp46_header_t *) (l4);
if (icmp->type == ICMP6_echo_request)
{
return (sender) ? ((u16 *) (icmp))[2] : -1;
}
else if (icmp->type == ICMP6_echo_reply)
{
return (sender) ? -1 : ((u16 *) (icmp))[2];
}
}
return 0;
}
/**
* @brief Convert type and code value from ICMP6 to ICMP4.
*
* @param icmp ICMP header.
* @param inner_ip6 Inner IPv6 header if present, 0 otherwise.
*
* @returns 0 on success, non-zero value otherwise.
*/
static_always_inline int
icmp6_to_icmp_header (icmp46_header_t * icmp, ip6_header_t ** inner_ip6)
{
*inner_ip6 = NULL;
switch (icmp->type)
{
case ICMP6_echo_request:
icmp->type = ICMP4_echo_request;
break;
case ICMP6_echo_reply:
icmp->type = ICMP4_echo_reply;
break;
case ICMP6_destination_unreachable:
*inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
switch (icmp->code)
{
case ICMP6_destination_unreachable_no_route_to_destination: //0
case ICMP6_destination_unreachable_beyond_scope_of_source_address: //2
case ICMP6_destination_unreachable_address_unreachable: //3
icmp->type = ICMP4_destination_unreachable;
icmp->code =
ICMP4_destination_unreachable_destination_unreachable_host;
break;
case ICMP6_destination_unreachable_destination_administratively_prohibited: //1
icmp->type =
ICMP4_destination_unreachable;
icmp->code =
ICMP4_destination_unreachable_communication_administratively_prohibited;
break;
case ICMP6_destination_unreachable_port_unreachable:
icmp->type = ICMP4_destination_unreachable;
icmp->code = ICMP4_destination_unreachable_port_unreachable;
break;
default:
return -1;
}
break;
case ICMP6_packet_too_big:
*inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
icmp->type = ICMP4_destination_unreachable;
icmp->code = 4;
{
u32 advertised_mtu = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
advertised_mtu -= 20;
//FIXME: = minimum(advertised MTU-20, MTU_of_IPv4_nexthop, (MTU_of_IPv6_nexthop)-20)
((u16 *) (icmp))[3] = clib_host_to_net_u16 (advertised_mtu);
}
break;
case ICMP6_time_exceeded:
*inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
icmp->type = ICMP4_time_exceeded;
break;
case ICMP6_parameter_problem:
*inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
switch (icmp->code)
{
case ICMP6_parameter_problem_erroneous_header_field:
icmp->type = ICMP4_parameter_problem;
icmp->code = ICMP4_parameter_problem_pointer_indicates_error;
u32 pointer = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
if (pointer >= 40)
return -1;
((u8 *) (icmp + 1))[0] =
icmp6_to_icmp_updater_pointer_table[pointer];
break;
case ICMP6_parameter_problem_unrecognized_next_header:
icmp->type = ICMP4_destination_unreachable;
icmp->code = ICMP4_destination_unreachable_port_unreachable;
break;
case ICMP6_parameter_problem_unrecognized_option:
default:
return -1;
}
break;
default:
return -1;
break;
}
return 0;
}
/**
* @brief Translate TOS value from IPv6 to IPv4.
*
* @param ip6 IPv6 header.
*
* @returns IPv4 TOS value.
*/
static_always_inline u8
ip6_translate_tos (const ip6_header_t * ip6)
{
return (clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label)
& 0x0ff00000) >> 20;
}
/**
* @brief Translate ICMP6 packet to ICMP4.
*
* @param p Buffer to translate.
* @param fn The function to translate outer header.
* @param ctx A context passed in the outer header translate function.
* @param inner_fn The function to translate inner header.
* @param inner_ctx A context passed in the inner header translate function.
*
* @returns 0 on success, non-zero value otherwise.
*/
always_inline int
icmp6_to_icmp (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx,
ip6_to_ip4_set_fn_t inner_fn, void *inner_ctx)
{
ip6_header_t *ip6, *inner_ip6;
ip4_header_t *ip4, *inner_ip4;
u32 ip6_pay_len;
icmp46_header_t *icmp;
ip_csum_t csum;
int rv;
ip6 = vlib_buffer_get_current (p);
ip6_pay_len = clib_net_to_host_u16 (ip6->payload_length);
icmp = (icmp46_header_t *) (ip6 + 1);
ASSERT (ip6_pay_len + sizeof (*ip6) <= p->current_length);
//No extensions headers allowed here
if (ip6->protocol != IP_PROTOCOL_ICMP6)
return -1;
//There are no fragmented ICMP messages, so no extension header for now
if (icmp6_to_icmp_header (icmp, &inner_ip6))
return -1;
if (inner_ip6)
{
u16 *inner_L4_checksum, inner_l4_offset, inner_frag_offset,
inner_frag_id;
u8 *inner_l4, inner_protocol;
//We have two headers to translate
// FROM
// [ IPv6 ]<- ext ->[IC][ IPv6 ]<- ext ->[L4 header ...
// Handled cases:
// [ IPv6 ][IC][ IPv6 ][L4 header ...
// [ IPv6 ][IC][ IPv6 ][Fr][L4 header ...
// TO
// [ IPv4][IC][ IPv4][L4 header ...
if (ip6_parse (inner_ip6, ip6_pay_len - 8,
&inner_protocol, &inner_l4_offset, &inner_frag_offset))
return -1;
inner_l4 = u8_ptr_add (inner_ip6, inner_l4_offset);
inner_ip4 =
(ip4_header_t *) u8_ptr_add (inner_l4, -sizeof (*inner_ip4));
if (inner_frag_offset)
{
ip6_frag_hdr_t *inner_frag =
(ip6_frag_hdr_t *) u8_ptr_add (inner_ip6, inner_frag_offset);
inner_frag_id = frag_id_6to4 (inner_frag->identification);
}
else
{
inner_frag_id = 0;
}
//Do the translation of the inner packet
if (inner_protocol == IP_PROTOCOL_TCP)
{
inner_L4_checksum = (u16 *) u8_ptr_add (inner_l4, 16);
}
else if (inner_protocol == IP_PROTOCOL_UDP)
{
inner_L4_checksum = (u16 *) u8_ptr_add (inner_l4, 6);
}
else if (inner_protocol == IP_PROTOCOL_ICMP6)
{
icmp46_header_t *inner_icmp = (icmp46_header_t *) inner_l4;
//It cannot be of a different type as ip6_icmp_to_icmp6_in_place succeeded
inner_icmp->type = (inner_icmp->type == ICMP6_echo_request) ?
ICMP4_echo_request : ICMP4_echo_reply;
inner_protocol = IP_PROTOCOL_ICMP; //Will be copied to ip6 later
inner_L4_checksum = &inner_icmp->checksum;
}
else
{
return -1;
}
csum = *inner_L4_checksum;
csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[0]);
csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[1]);
csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[0]);
csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[1]);
*inner_L4_checksum = ip_csum_fold (csum);
if ((rv = inner_fn (inner_ip6, inner_ip4, inner_ctx)) != 0)
return rv;
inner_ip4->ip_version_and_header_length =
IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
inner_ip4->tos = ip6_translate_tos (inner_ip6);
inner_ip4->length =
u16_net_add (inner_ip6->payload_length,
sizeof (*ip4) + sizeof (*ip6) - inner_l4_offset);
inner_ip4->fragment_id = inner_frag_id;
inner_ip4->flags_and_fragment_offset =
clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
inner_ip4->ttl = inner_ip6->hop_limit;
inner_ip4->protocol = inner_protocol;
inner_ip4->checksum = ip4_header_checksum (inner_ip4);
if (inner_ip4->protocol == IP_PROTOCOL_ICMP)
{
//Recompute ICMP checksum
icmp46_header_t *inner_icmp = (icmp46_header_t *) inner_l4;
inner_icmp->checksum = 0;
csum =
ip_incremental_checksum (0, inner_icmp,
clib_net_to_host_u16 (inner_ip4->length)
- sizeof (*inner_ip4));
inner_icmp->checksum = ~ip_csum_fold (csum);
}
else
{
//Update to new pseudo-header
csum = *inner_L4_checksum;
csum = ip_csum_add_even (csum, inner_ip4->src_address.as_u32);
csum = ip_csum_add_even (csum, inner_ip4->dst_address.as_u32);
*inner_L4_checksum = ip_csum_fold (csum);
}
//Move up icmp header
ip4 = (ip4_header_t *) u8_ptr_add (inner_l4, -2 * sizeof (*ip4) - 8);
clib_memcpy (u8_ptr_add (inner_l4, -sizeof (*ip4) - 8), icmp, 8);
icmp = (icmp46_header_t *) u8_ptr_add (inner_l4, -sizeof (*ip4) - 8);
}
else
{
//Only one header to translate
ip4 = (ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
}
vlib_buffer_advance (p, (u32) (((u8 *) ip4) - ((u8 *) ip6)));
if ((rv = fn (ip6, ip4, ctx)) != 0)
return rv;
ip4->ip_version_and_header_length =
IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
ip4->tos = ip6_translate_tos (ip6);
ip4->fragment_id = 0;
ip4->flags_and_fragment_offset = 0;
ip4->ttl = ip6->hop_limit;
ip4->protocol = IP_PROTOCOL_ICMP;
//TODO fix the length depending on offset length
ip4->length = u16_net_add (ip6->payload_length,
(inner_ip6 ==
NULL) ? sizeof (*ip4) : (2 * sizeof (*ip4) -
sizeof (*ip6)));
ip4->checksum = ip4_header_checksum (ip4);
//Recompute ICMP checksum
icmp->checksum = 0;
csum =
ip_incremental_checksum (0, icmp,
clib_net_to_host_u16 (ip4->length) -
sizeof (*ip4));
icmp->checksum = ~ip_csum_fold (csum);
return 0;
}
/**
* @brief Translate IPv6 fragmented packet to IPv4.
*
* @param p Buffer to translate.
* @param fn The function to translate header.
* @param ctx A context passed in the header translate function.
*
* @returns 0 on success, non-zero value otherwise.
*/
always_inline int
ip6_to_ip4_fragmented (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx)
{
ip6_header_t *ip6;
ip6_frag_hdr_t *frag;
ip4_header_t *ip4;
u16 frag_id;
u8 frag_more;
u16 frag_offset;
u8 l4_protocol;
u16 l4_offset;
int rv;
ip6 = vlib_buffer_get_current (p);
if (ip6_parse
(ip6, p->current_length, &l4_protocol, &l4_offset, &frag_offset))
return -1;
frag = (ip6_frag_hdr_t *) u8_ptr_add (ip6, frag_offset);
ip4 = (ip4_header_t *) u8_ptr_add (ip6, l4_offset - sizeof (*ip4));
vlib_buffer_advance (p, l4_offset - sizeof (*ip4));
frag_id = frag_id_6to4 (frag->identification);
frag_more = ip6_frag_hdr_more (frag);
frag_offset = ip6_frag_hdr_offset (frag);
if ((rv = fn (ip6, ip4, ctx)) != 0)
return rv;
ip4->ip_version_and_header_length =
IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
ip4->tos = ip6_translate_tos (ip6);
ip4->length = u16_net_add (ip6->payload_length,
sizeof (*ip4) - l4_offset + sizeof (*ip6));
ip4->fragment_id = frag_id;
ip4->flags_and_fragment_offset =
clib_host_to_net_u16 (frag_offset |
(frag_more ? IP4_HEADER_FLAG_MORE_FRAGMENTS : 0));
ip4->ttl = ip6->hop_limit;
ip4->protocol =
(l4_protocol == IP_PROTOCOL_ICMP6) ? IP_PROTOCOL_ICMP : l4_protocol;
ip4->checksum = ip4_header_checksum (ip4);
return 0;
}
/**
* @brief Translate IPv6 UDP/TCP packet to IPv4.
*
* @param p Buffer to translate.
* @param fn The function to translate header.
* @param ctx A context passed in the header translate function.
*
* @returns 0 on success, non-zero value otherwise.
*/
always_inline int
ip6_to_ip4_tcp_udp (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx,
u8 udp_checksum)
{
ip6_header_t *ip6;
u16 *checksum;
ip_csum_t csum = 0;
ip4_header_t *ip4;
u16 fragment_id;
u16 flags;
u16 frag_offset;
u8 l4_protocol;
u16 l4_offset;
int rv;
ip6 = vlib_buffer_get_current (p);
if (ip6_parse
(ip6, p->current_length, &l4_protocol, &l4_offset, &frag_offset))
return -1;
if (l4_protocol == IP_PROTOCOL_TCP)
{
tcp_header_t *tcp = ip6_next_header (ip6);
checksum = &tcp->checksum;
}
else
{
udp_header_t *udp = ip6_next_header (ip6);
checksum = &udp->checksum;
//UDP checksum is optional over IPv4
if (!udp_checksum)
goto no_csum;
}
csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
*checksum = ip_csum_fold (csum);
no_csum:
ip4 = (ip4_header_t *) u8_ptr_add (ip6, l4_offset - sizeof (*ip4));
vlib_buffer_advance (p, l4_offset - sizeof (*ip4));
if (PREDICT_FALSE (frag_offset))
{
//Only the first fragment
ip6_frag_hdr_t *hdr = (ip6_frag_hdr_t *) u8_ptr_add (ip6, frag_offset);
fragment_id = frag_id_6to4 (hdr->identification);
flags = clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
}
else
{
fragment_id = 0;
flags = 0;
}
if ((rv = fn (ip6, ip4, ctx)) != 0)
return rv;
ip4->ip_version_and_header_length =
IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
ip4->tos = ip6_translate_tos (ip6);
ip4->length = u16_net_add (ip6->payload_length,
sizeof (*ip4) + sizeof (*ip6) - l4_offset);
ip4->fragment_id = fragment_id;
ip4->flags_and_fragment_offset = flags;
ip4->ttl = ip6->hop_limit;
ip4->protocol = l4_protocol;
ip4->checksum = ip4_header_checksum (ip4);
//UDP checksum is optional over IPv4
if (!udp_checksum && l4_protocol == IP_PROTOCOL_UDP)
{
*checksum = 0;
}
else
{
csum = ip_csum_add_even (*checksum, ip4->dst_address.as_u32);
csum = ip_csum_add_even (csum, ip4->src_address.as_u32);
*checksum = ip_csum_fold (csum);
}
return 0;
}
#endif /* __included_ip6_to_ip4_h__ */
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/