blob: d356fd5411cdb0921122bf02118ab63cfb594607 [file] [log] [blame]
/*
* Copyright (c) 2017 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* @brief IPv4 to IPv6 translation
*/
#ifndef __included_ip4_to_ip6_h__
#define __included_ip4_to_ip6_h__
#include <vnet/ip/ip.h>
/**
* IPv4 to IPv6 set call back function type
*/
typedef int (*ip4_to_ip6_set_fn_t) (vlib_buffer_t * b, ip4_header_t * ip4,
ip6_header_t * ip6, void *ctx);
static u8 icmp_to_icmp6_updater_pointer_table[] =
{ 0, 1, 4, 4, ~0,
~0, ~0, ~0, 7, 6,
~0, ~0, 8, 8, 8,
8, 24, 24, 24, 24
};
#define frag_id_4to6(id) (id)
/**
* @brief Get TCP/UDP port number or ICMP id from IPv4 packet.
*
* @param ip4 IPv4 header.
* @param sender 1 get sender port, 0 get receiver port.
*
* @returns Port number on success, 0 otherwise.
*/
always_inline u16
ip4_get_port (ip4_header_t *ip, u8 sender)
{
if (ip->ip_version_and_header_length != 0x45 || ip4_get_fragment_offset (ip))
return 0;
if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
(ip->protocol == IP_PROTOCOL_UDP)))
{
udp_header_t *udp = (void *) (ip + 1);
return (sender) ? udp->src_port : udp->dst_port;
}
else if (ip->protocol == IP_PROTOCOL_ICMP)
{
icmp46_header_t *icmp = (void *) (ip + 1);
if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply)
{
return *((u16 *) (icmp + 1));
}
/*
* Minimum length here consists of:
* - outer IP header length
* - outer ICMP header length (2*sizeof (icmp46_header_t))
* - inner IP header length
* - first 8 bytes of payload of original packet in case of ICMP error
*/
else if (clib_net_to_host_u16 (ip->length) >=
2 * sizeof (ip4_header_t) + 2 * sizeof (icmp46_header_t) + 8)
{
ip = (ip4_header_t *) (icmp + 2);
if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
(ip->protocol == IP_PROTOCOL_UDP)))
{
udp_header_t *udp = (void *) (ip + 1);
return (sender) ? udp->dst_port : udp->src_port;
}
else if (ip->protocol == IP_PROTOCOL_ICMP)
{
icmp46_header_t *icmp = (void *) (ip + 1);
if (icmp->type == ICMP4_echo_request ||
icmp->type == ICMP4_echo_reply)
{
return *((u16 *) (icmp + 1));
}
}
}
}
return 0;
}
/**
* @brief Convert type and code value from ICMP4 to ICMP6.
*
* @param icmp ICMP header.
* @param inner_ip4 Inner IPv4 header if present, 0 otherwise.
*
* @returns 0 on success, non-zero value otherwise.
*/
always_inline int
icmp_to_icmp6_header (icmp46_header_t * icmp, ip4_header_t ** inner_ip4)
{
*inner_ip4 = NULL;
switch (icmp->type)
{
case ICMP4_echo_reply:
icmp->type = ICMP6_echo_reply;
break;
case ICMP4_echo_request:
icmp->type = ICMP6_echo_request;
break;
case ICMP4_destination_unreachable:
*inner_ip4 = (ip4_header_t *) (((u8 *) icmp) + 8);
switch (icmp->code)
{
case ICMP4_destination_unreachable_destination_unreachable_net: //0
case ICMP4_destination_unreachable_destination_unreachable_host: //1
icmp->type = ICMP6_destination_unreachable;
icmp->code = ICMP6_destination_unreachable_no_route_to_destination;
break;
case ICMP4_destination_unreachable_protocol_unreachable: //2
icmp->type = ICMP6_parameter_problem;
icmp->code = ICMP6_parameter_problem_unrecognized_next_header;
break;
case ICMP4_destination_unreachable_port_unreachable: //3
icmp->type = ICMP6_destination_unreachable;
icmp->code = ICMP6_destination_unreachable_port_unreachable;
break;
case ICMP4_destination_unreachable_fragmentation_needed_and_dont_fragment_set: //4
icmp->type =
ICMP6_packet_too_big;
icmp->code = 0;
{
u32 advertised_mtu = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
if (advertised_mtu)
advertised_mtu += 20;
else
advertised_mtu = 1000; //FIXME ! (RFC 1191 - plateau value)
//FIXME: = minimum(advertised MTU+20, MTU_of_IPv6_nexthop, (MTU_of_IPv4_nexthop)+20)
*((u32 *) (icmp + 1)) = clib_host_to_net_u32 (advertised_mtu);
}
break;
case ICMP4_destination_unreachable_source_route_failed: //5
case ICMP4_destination_unreachable_destination_network_unknown: //6
case ICMP4_destination_unreachable_destination_host_unknown: //7
case ICMP4_destination_unreachable_source_host_isolated: //8
case ICMP4_destination_unreachable_network_unreachable_for_type_of_service: //11
case ICMP4_destination_unreachable_host_unreachable_for_type_of_service: //12
icmp->type =
ICMP6_destination_unreachable;
icmp->code = ICMP6_destination_unreachable_no_route_to_destination;
break;
case ICMP4_destination_unreachable_network_administratively_prohibited: //9
case ICMP4_destination_unreachable_host_administratively_prohibited: //10
case ICMP4_destination_unreachable_communication_administratively_prohibited: //13
case ICMP4_destination_unreachable_precedence_cutoff_in_effect: //15
icmp->type = ICMP6_destination_unreachable;
icmp->code =
ICMP6_destination_unreachable_destination_administratively_prohibited;
break;
case ICMP4_destination_unreachable_host_precedence_violation: //14
default:
return -1;
}
break;
case ICMP4_time_exceeded: //11
*inner_ip4 = (ip4_header_t *) (((u8 *) icmp) + 8);
icmp->type = ICMP6_time_exceeded;
break;
case ICMP4_parameter_problem:
*inner_ip4 = (ip4_header_t *) (((u8 *) icmp) + 8);
switch (icmp->code)
{
case ICMP4_parameter_problem_pointer_indicates_error:
case ICMP4_parameter_problem_bad_length:
icmp->type = ICMP6_parameter_problem;
icmp->code = ICMP6_parameter_problem_erroneous_header_field;
{
u8 ptr =
icmp_to_icmp6_updater_pointer_table[*((u8 *) (icmp + 1))];
if (ptr == 0xff)
return -1;
*((u32 *) (icmp + 1)) = clib_host_to_net_u32 (ptr);
}
break;
default:
//All other codes cause error
return -1;
}
break;
default:
//All other types cause error
return -1;
break;
}
return 0;
}
/**
* @brief Translate ICMP4 packet to ICMP6.
*
* @param p Buffer to translate.
* @param fn The function to translate outer header.
* @param ctx A context passed in the outer header translate function.
* @param inner_fn The function to translate inner header.
* @param inner_ctx A context passed in the inner header translate function.
*
* @returns 0 on success, non-zero value otherwise.
*/
always_inline int
icmp_to_icmp6 (vlib_buffer_t * p, ip4_to_ip6_set_fn_t fn, void *ctx,
ip4_to_ip6_set_fn_t inner_fn, void *inner_ctx)
{
ip4_header_t *ip4, *inner_ip4;
ip6_header_t *ip6, *inner_ip6;
u32 ip_len;
icmp46_header_t *icmp;
ip_csum_t csum;
ip6_frag_hdr_t *inner_frag;
ip6_frag_hdr_t *outer_frag= NULL;
u32 inner_frag_id;
u32 inner_frag_offset;
u32 outer_frag_id;
u8 inner_frag_more;
u16 *inner_L4_checksum = 0;
int rv;
ip4 = vlib_buffer_get_current (p);
ip_len = clib_net_to_host_u16 (ip4->length);
ASSERT (ip_len <= p->current_length);
icmp = (icmp46_header_t *) (ip4 + 1);
if (icmp_to_icmp6_header (icmp, &inner_ip4))
return -1;
if (inner_ip4)
{
//We have 2 headers to translate.
//We need to make some room in the middle of the packet
if (PREDICT_FALSE (ip4_is_fragment (inner_ip4)))
{
//Here it starts getting really tricky
//We will add a fragmentation header in the inner packet
if (!ip4_is_first_fragment (inner_ip4))
{
//For now we do not handle unless it is the first fragment
//Ideally we should handle the case as we are in slow path already
return -1;
}
vlib_buffer_advance (p,
-2 * (sizeof (*ip6) - sizeof (*ip4)) -
sizeof (*inner_frag));
ip6 = vlib_buffer_get_current (p);
memmove (u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4)), ip4,
20 + 8);
ip4 =
(ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
icmp = (icmp46_header_t *) (ip4 + 1);
inner_ip6 =
(ip6_header_t *) u8_ptr_add (inner_ip4,
sizeof (*ip4) - sizeof (*ip6) -
sizeof (*inner_frag));
inner_frag =
(ip6_frag_hdr_t *) u8_ptr_add (inner_ip6, sizeof (*inner_ip6));
ip6->payload_length =
u16_net_add (ip4->length,
sizeof (*ip6) - 2 * sizeof (*ip4) +
sizeof (*inner_frag));
inner_frag_id = frag_id_4to6 (inner_ip4->fragment_id);
inner_frag_offset = ip4_get_fragment_offset (inner_ip4);
inner_frag_more =
! !(inner_ip4->flags_and_fragment_offset &
clib_net_to_host_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS));
}
else
{
vlib_buffer_advance (p, -2 * (sizeof (*ip6) - sizeof (*ip4)));
ip6 = vlib_buffer_get_current (p);
memmove (u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4)), ip4,
20 + 8);
ip4 =
(ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
icmp = (icmp46_header_t *) u8_ptr_add (ip4, sizeof (*ip4));
inner_ip6 =
(ip6_header_t *) u8_ptr_add (inner_ip4,
sizeof (*ip4) - sizeof (*ip6));
ip6->payload_length =
u16_net_add (ip4->length, sizeof (*ip6) - 2 * sizeof (*ip4));
inner_frag = NULL;
}
if (PREDICT_TRUE (inner_ip4->protocol == IP_PROTOCOL_TCP))
{
inner_L4_checksum = &((tcp_header_t *) (inner_ip4 + 1))->checksum;
*inner_L4_checksum =
ip_csum_fold (ip_csum_sub_even
(*inner_L4_checksum,
*((u64 *) (&inner_ip4->src_address))));
}
else if (PREDICT_TRUE (inner_ip4->protocol == IP_PROTOCOL_UDP))
{
inner_L4_checksum = &((udp_header_t *) (inner_ip4 + 1))->checksum;
if (*inner_L4_checksum)
*inner_L4_checksum =
ip_csum_fold (ip_csum_sub_even
(*inner_L4_checksum,
*((u64 *) (&inner_ip4->src_address))));
}
else if (inner_ip4->protocol == IP_PROTOCOL_ICMP)
{
//We have an ICMP inside an ICMP
//It needs to be translated, but not for error ICMP messages
icmp46_header_t *inner_icmp = (icmp46_header_t *) (inner_ip4 + 1);
//Only types ICMP4_echo_request and ICMP4_echo_reply are handled by icmp_to_icmp6_header
inner_icmp->type = (inner_icmp->type == ICMP4_echo_request) ?
ICMP6_echo_request : ICMP6_echo_reply;
inner_L4_checksum = &inner_icmp->checksum;
inner_ip4->protocol = IP_PROTOCOL_ICMP6;
}
else
{
/* To shut up Coverity */
os_panic ();
}
inner_ip6->ip_version_traffic_class_and_flow_label =
clib_host_to_net_u32 ((6 << 28) + (inner_ip4->tos << 20));
inner_ip6->payload_length =
u16_net_add (inner_ip4->length, -sizeof (*inner_ip4));
inner_ip6->hop_limit = inner_ip4->ttl;
inner_ip6->protocol = inner_ip4->protocol;
if ((rv = inner_fn (p, inner_ip4, inner_ip6, inner_ctx)) != 0)
return rv;
if (PREDICT_FALSE (inner_frag != NULL))
{
inner_frag->next_hdr = inner_ip6->protocol;
inner_frag->identification = inner_frag_id;
inner_frag->rsv = 0;
inner_frag->fragment_offset_and_more =
ip6_frag_hdr_offset_and_more (inner_frag_offset, inner_frag_more);
inner_ip6->protocol = IP_PROTOCOL_IPV6_FRAGMENTATION;
inner_ip6->payload_length =
clib_host_to_net_u16 (clib_net_to_host_u16
(inner_ip6->payload_length) +
sizeof (*inner_frag));
}
csum = *inner_L4_checksum;
if (inner_ip6->protocol == IP_PROTOCOL_ICMP6)
{
//Recompute ICMP checksum
icmp46_header_t *inner_icmp = (icmp46_header_t *) (inner_ip4 + 1);
inner_icmp->checksum = 0;
csum = ip_csum_with_carry (0, inner_ip6->payload_length);
csum =
ip_csum_with_carry (csum,
clib_host_to_net_u16 (inner_ip6->protocol));
csum = ip_csum_with_carry (csum, inner_ip6->src_address.as_u64[0]);
csum = ip_csum_with_carry (csum, inner_ip6->src_address.as_u64[1]);
csum = ip_csum_with_carry (csum, inner_ip6->dst_address.as_u64[0]);
csum = ip_csum_with_carry (csum, inner_ip6->dst_address.as_u64[1]);
csum =
ip_incremental_checksum (csum, inner_icmp,
clib_net_to_host_u16
(inner_ip6->payload_length));
inner_icmp->checksum = ~ip_csum_fold (csum);
}
else
{
/* UDP checksum is optional */
if (csum)
{
csum =
ip_csum_add_even (csum, inner_ip6->src_address.as_u64[0]);
csum =
ip_csum_add_even (csum, inner_ip6->src_address.as_u64[1]);
csum =
ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[0]);
csum =
ip_csum_add_even (csum, inner_ip6->dst_address.as_u64[1]);
*inner_L4_checksum = ip_csum_fold (csum);
}
}
}
else
{
if (PREDICT_FALSE (ip4->flags_and_fragment_offset &
clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS)))
{
vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6) -
sizeof (*outer_frag));
ip6 = vlib_buffer_get_current (p);
outer_frag = (ip6_frag_hdr_t *) (ip6 + 1);
outer_frag_id = frag_id_4to6 (ip4->fragment_id);
}
else
{
vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6));
ip6 = vlib_buffer_get_current (p);
}
ip6->payload_length =
clib_host_to_net_u16 (clib_net_to_host_u16 (ip4->length) -
sizeof (*ip4));
}
//Translate outer IPv6
ip6->ip_version_traffic_class_and_flow_label =
clib_host_to_net_u32 ((6 << 28) + (ip4->tos << 20));
ip6->hop_limit = ip4->ttl;
ip6->protocol = IP_PROTOCOL_ICMP6;
if ((rv = fn (p, ip4, ip6, ctx)) != 0)
return rv;
if (PREDICT_FALSE (outer_frag != NULL))
{
outer_frag->next_hdr = ip6->protocol;
outer_frag->identification = outer_frag_id;
outer_frag->rsv = 0;
outer_frag->fragment_offset_and_more = ip6_frag_hdr_offset_and_more (0, 1);
ip6->protocol = IP_PROTOCOL_IPV6_FRAGMENTATION;
ip6->payload_length = u16_net_add (ip6->payload_length,
sizeof (*outer_frag));
}
//Truncate when ICMPv6 error message exceeds the minimal IPv6 MTU
if (p->current_length > 1280 && icmp->type < 128)
{
ip6->payload_length = clib_host_to_net_u16 (1280 - sizeof (*ip6));
p->current_length = 1280; //Looks too simple to be correct...
}
//Recompute ICMP checksum
icmp->checksum = 0;
csum = ip_csum_with_carry (0, ip6->payload_length);
csum = ip_csum_with_carry (csum, clib_host_to_net_u16 (ip6->protocol));
csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[0]);
csum = ip_csum_with_carry (csum, ip6->src_address.as_u64[1]);
csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[0]);
csum = ip_csum_with_carry (csum, ip6->dst_address.as_u64[1]);
csum =
ip_incremental_checksum (csum, icmp,
clib_net_to_host_u16 (ip6->payload_length));
icmp->checksum = ~ip_csum_fold (csum);
return 0;
}
#endif /* __included_ip4_to_ip6_h__ */