blob: 7a0d534959c2a6becc7927608b7bbfc46736776a [file] [log] [blame]
Matus Fabiana774b532017-05-02 03:15:22 -07001/*
2 * Copyright (c) 2017 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15/**
16 * @file
17 * @brief IPv6 to IPv4 translation
18 */
19#ifndef __included_ip6_to_ip4_h__
20#define __included_ip6_to_ip4_h__
21
22#include <vnet/ip/ip.h>
23
24/**
25 * IPv6 to IPv4 set call back function type
26 */
27typedef int (*ip6_to_ip4_set_fn_t) (ip6_header_t * ip6, ip4_header_t * ip4,
28 void *ctx);
29
30/* *INDENT-OFF* */
31static u8 icmp6_to_icmp_updater_pointer_table[] =
32 { 0, 1, ~0, ~0,
33 2, 2, 9, 8,
34 12, 12, 12, 12,
35 12, 12, 12, 12,
36 12, 12, 12, 12,
37 12, 12, 12, 12,
38 24, 24, 24, 24,
39 24, 24, 24, 24,
40 24, 24, 24, 24,
41 24, 24, 24, 24
42 };
43/* *INDENT-ON* */
44
45#define frag_id_6to4(id) ((id) ^ ((id) >> 16))
46
47/**
48 * @brief Parse some useful information from IPv6 header.
49 *
50 * @param ip6 IPv6 header.
51 * @param buff_len Buffer length.
52 * @param l4_protocol L4 protocol number.
53 * @param l4_offset L4 header offset.
54 * @param frag_hdr_offset Fragment header offset if present, 0 otherwise.
55 *
56 * @returns 0 on success, non-zero value otherwise.
57 */
58static_always_inline int
59ip6_parse (const ip6_header_t * ip6, u32 buff_len,
60 u8 * l4_protocol, u16 * l4_offset, u16 * frag_hdr_offset)
61{
62 if (ip6->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION)
63 {
64 *l4_protocol = ((ip6_frag_hdr_t *) (ip6 + 1))->next_hdr;
65 *frag_hdr_offset = sizeof (*ip6);
66 *l4_offset = sizeof (*ip6) + sizeof (ip6_frag_hdr_t);
67 }
68 else
69 {
70 *l4_protocol = ip6->protocol;
71 *frag_hdr_offset = 0;
72 *l4_offset = sizeof (*ip6);
73 }
74
75 return (buff_len < (*l4_offset + 4)) ||
76 (clib_net_to_host_u16 (ip6->payload_length) <
77 (*l4_offset + 4 - sizeof (*ip6)));
78}
79
80/**
81 * @brief Get TCP/UDP port number or ICMP id from IPv6 packet.
82 *
83 * @param ip6 IPv6 header.
84 * @param sender 1 get sender port, 0 get receiver port.
85 * @param buffer_len Buffer length.
86 *
87 * @returns Port number on success, 0 otherwise.
88 */
89always_inline u16
90ip6_get_port (ip6_header_t * ip6, u8 sender, u16 buffer_len)
91{
92 u8 l4_protocol;
93 u16 l4_offset;
94 u16 frag_offset;
95 u8 *l4;
96
97 if (ip6_parse (ip6, buffer_len, &l4_protocol, &l4_offset, &frag_offset))
98 return 0;
99
100 if (frag_offset &&
101 ip6_frag_hdr_offset (((ip6_frag_hdr_t *)
102 u8_ptr_add (ip6, frag_offset))))
103 return 0; //Can't deal with non-first fragment for now
104
105 l4 = u8_ptr_add (ip6, l4_offset);
106 if (l4_protocol == IP_PROTOCOL_TCP || l4_protocol == IP_PROTOCOL_UDP)
107 {
108 return (sender) ? ((udp_header_t *) (l4))->src_port : ((udp_header_t
109 *)
110 (l4))->dst_port;
111 }
112 else if (l4_protocol == IP_PROTOCOL_ICMP6)
113 {
114 icmp46_header_t *icmp = (icmp46_header_t *) (l4);
115 if (icmp->type == ICMP6_echo_request)
116 {
117 return (sender) ? ((u16 *) (icmp))[2] : -1;
118 }
119 else if (icmp->type == ICMP6_echo_reply)
120 {
121 return (sender) ? -1 : ((u16 *) (icmp))[2];
122 }
123 }
124 return 0;
125}
126
127/**
128 * @brief Convert type and code value from ICMP6 to ICMP4.
129 *
130 * @param icmp ICMP header.
131 * @param inner_ip6 Inner IPv6 header if present, 0 otherwise.
132 *
133 * @returns 0 on success, non-zero value otherwise.
134 */
135static_always_inline int
136icmp6_to_icmp_header (icmp46_header_t * icmp, ip6_header_t ** inner_ip6)
137{
138 *inner_ip6 = NULL;
139 switch (icmp->type)
140 {
141 case ICMP6_echo_request:
142 icmp->type = ICMP4_echo_request;
143 break;
144 case ICMP6_echo_reply:
145 icmp->type = ICMP4_echo_reply;
146 break;
147 case ICMP6_destination_unreachable:
148 *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
149
150 switch (icmp->code)
151 {
152 case ICMP6_destination_unreachable_no_route_to_destination: //0
153 case ICMP6_destination_unreachable_beyond_scope_of_source_address: //2
154 case ICMP6_destination_unreachable_address_unreachable: //3
155 icmp->type = ICMP4_destination_unreachable;
156 icmp->code =
157 ICMP4_destination_unreachable_destination_unreachable_host;
158 break;
159 case ICMP6_destination_unreachable_destination_administratively_prohibited: //1
160 icmp->type =
161 ICMP4_destination_unreachable;
162 icmp->code =
163 ICMP4_destination_unreachable_communication_administratively_prohibited;
164 break;
165 case ICMP6_destination_unreachable_port_unreachable:
166 icmp->type = ICMP4_destination_unreachable;
167 icmp->code = ICMP4_destination_unreachable_port_unreachable;
168 break;
169 default:
170 return -1;
171 }
172 break;
173 case ICMP6_packet_too_big:
174 *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
175
176 icmp->type = ICMP4_destination_unreachable;
177 icmp->code = 4;
178 {
179 u32 advertised_mtu = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
180 advertised_mtu -= 20;
181 //FIXME: = minimum(advertised MTU-20, MTU_of_IPv4_nexthop, (MTU_of_IPv6_nexthop)-20)
182 ((u16 *) (icmp))[3] = clib_host_to_net_u16 (advertised_mtu);
183 }
184 break;
185
186 case ICMP6_time_exceeded:
187 *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
188
189 icmp->type = ICMP4_time_exceeded;
190 break;
191
192 case ICMP6_parameter_problem:
193 *inner_ip6 = (ip6_header_t *) u8_ptr_add (icmp, 8);
194
195 switch (icmp->code)
196 {
197 case ICMP6_parameter_problem_erroneous_header_field:
198 icmp->type = ICMP4_parameter_problem;
199 icmp->code = ICMP4_parameter_problem_pointer_indicates_error;
200 u32 pointer = clib_net_to_host_u32 (*((u32 *) (icmp + 1)));
201 if (pointer >= 40)
202 return -1;
203
204 ((u8 *) (icmp + 1))[0] =
205 icmp6_to_icmp_updater_pointer_table[pointer];
206 break;
207 case ICMP6_parameter_problem_unrecognized_next_header:
208 icmp->type = ICMP4_destination_unreachable;
209 icmp->code = ICMP4_destination_unreachable_port_unreachable;
210 break;
211 case ICMP6_parameter_problem_unrecognized_option:
212 default:
213 return -1;
214 }
215 break;
216 default:
217 return -1;
218 break;
219 }
220 return 0;
221}
222
223/**
224 * @brief Translate TOS value from IPv6 to IPv4.
225 *
226 * @param ip6 IPv6 header.
227 *
228 * @returns IPv4 TOS value.
229 */
230static_always_inline u8
231ip6_translate_tos (const ip6_header_t * ip6)
232{
233 return (clib_net_to_host_u32 (ip6->ip_version_traffic_class_and_flow_label)
234 & 0x0ff00000) >> 20;
235}
236
237/**
238 * @brief Translate ICMP6 packet to ICMP4.
239 *
240 * @param p Buffer to translate.
241 * @param fn The function to translate outer header.
242 * @param ctx A context passed in the outer header translate function.
243 * @param inner_fn The function to translate inner header.
244 * @param inner_ctx A context passed in the inner header translate function.
245 *
246 * @returns 0 on success, non-zero value otherwise.
247 */
248always_inline int
249icmp6_to_icmp (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx,
250 ip6_to_ip4_set_fn_t inner_fn, void *inner_ctx)
251{
252 ip6_header_t *ip6, *inner_ip6;
253 ip4_header_t *ip4, *inner_ip4;
254 u32 ip6_pay_len;
255 icmp46_header_t *icmp;
256 ip_csum_t csum;
257 int rv;
258
259 ip6 = vlib_buffer_get_current (p);
260 ip6_pay_len = clib_net_to_host_u16 (ip6->payload_length);
261 icmp = (icmp46_header_t *) (ip6 + 1);
262 ASSERT (ip6_pay_len + sizeof (*ip6) <= p->current_length);
263
264 //No extensions headers allowed here
265 if (ip6->protocol != IP_PROTOCOL_ICMP6)
266 return -1;
267
268 //There are no fragmented ICMP messages, so no extension header for now
269 if (icmp6_to_icmp_header (icmp, &inner_ip6))
270 return -1;
271
272 if (inner_ip6)
273 {
274 u16 *inner_L4_checksum, inner_l4_offset, inner_frag_offset,
275 inner_frag_id;
276 u8 *inner_l4, inner_protocol;
277
278 //We have two headers to translate
279 // FROM
280 // [ IPv6 ]<- ext ->[IC][ IPv6 ]<- ext ->[L4 header ...
281 // Handled cases:
282 // [ IPv6 ][IC][ IPv6 ][L4 header ...
283 // [ IPv6 ][IC][ IPv6 ][Fr][L4 header ...
284 // TO
285 // [ IPv4][IC][ IPv4][L4 header ...
286
287 if (ip6_parse (inner_ip6, ip6_pay_len - 8,
288 &inner_protocol, &inner_l4_offset, &inner_frag_offset))
289 return -1;
290
291 inner_l4 = u8_ptr_add (inner_ip6, inner_l4_offset);
292 inner_ip4 =
293 (ip4_header_t *) u8_ptr_add (inner_l4, -sizeof (*inner_ip4));
294 if (inner_frag_offset)
295 {
296 ip6_frag_hdr_t *inner_frag =
297 (ip6_frag_hdr_t *) u8_ptr_add (inner_ip6, inner_frag_offset);
298 inner_frag_id = frag_id_6to4 (inner_frag->identification);
299 }
300 else
301 {
302 inner_frag_id = 0;
303 }
304
305 //Do the translation of the inner packet
306 if (inner_protocol == IP_PROTOCOL_TCP)
307 {
308 inner_L4_checksum = (u16 *) u8_ptr_add (inner_l4, 16);
309 }
310 else if (inner_protocol == IP_PROTOCOL_UDP)
311 {
312 inner_L4_checksum = (u16 *) u8_ptr_add (inner_l4, 6);
313 }
314 else if (inner_protocol == IP_PROTOCOL_ICMP6)
315 {
316 icmp46_header_t *inner_icmp = (icmp46_header_t *) inner_l4;
Matus Fabiana774b532017-05-02 03:15:22 -0700317 //It cannot be of a different type as ip6_icmp_to_icmp6_in_place succeeded
318 inner_icmp->type = (inner_icmp->type == ICMP6_echo_request) ?
319 ICMP4_echo_request : ICMP4_echo_reply;
Matus Fabiana774b532017-05-02 03:15:22 -0700320 inner_protocol = IP_PROTOCOL_ICMP; //Will be copied to ip6 later
321 inner_L4_checksum = &inner_icmp->checksum;
322 }
323 else
324 {
325 return -1;
326 }
327
328 csum = *inner_L4_checksum;
329 csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[0]);
330 csum = ip_csum_sub_even (csum, inner_ip6->src_address.as_u64[1]);
331 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[0]);
332 csum = ip_csum_sub_even (csum, inner_ip6->dst_address.as_u64[1]);
Matus Fabian029f3d22017-06-15 02:28:50 -0700333 *inner_L4_checksum = ip_csum_fold (csum);
Matus Fabiana774b532017-05-02 03:15:22 -0700334
335 if ((rv = inner_fn (inner_ip6, inner_ip4, inner_ctx)) != 0)
336 return rv;
337
338 inner_ip4->ip_version_and_header_length =
339 IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
340 inner_ip4->tos = ip6_translate_tos (inner_ip6);
341 inner_ip4->length =
342 u16_net_add (inner_ip6->payload_length,
343 sizeof (*ip4) + sizeof (*ip6) - inner_l4_offset);
344 inner_ip4->fragment_id = inner_frag_id;
345 inner_ip4->flags_and_fragment_offset =
346 clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
347 inner_ip4->ttl = inner_ip6->hop_limit;
348 inner_ip4->protocol = inner_protocol;
349 inner_ip4->checksum = ip4_header_checksum (inner_ip4);
350
351 if (inner_ip4->protocol == IP_PROTOCOL_ICMP)
352 {
Matus Fabian029f3d22017-06-15 02:28:50 -0700353 //Recompute ICMP checksum
354 icmp46_header_t *inner_icmp = (icmp46_header_t *) inner_l4;
355 inner_icmp->checksum = 0;
Matus Fabiana774b532017-05-02 03:15:22 -0700356 csum =
Matus Fabian029f3d22017-06-15 02:28:50 -0700357 ip_incremental_checksum (0, inner_icmp,
358 clib_net_to_host_u16 (inner_ip4->length)
359 - sizeof (*inner_ip4));
360 inner_icmp->checksum = ~ip_csum_fold (csum);
Matus Fabiana774b532017-05-02 03:15:22 -0700361 }
362 else
363 {
364 //Update to new pseudo-header
Matus Fabian029f3d22017-06-15 02:28:50 -0700365 csum = *inner_L4_checksum;
Matus Fabiana774b532017-05-02 03:15:22 -0700366 csum = ip_csum_add_even (csum, inner_ip4->src_address.as_u32);
367 csum = ip_csum_add_even (csum, inner_ip4->dst_address.as_u32);
Matus Fabian029f3d22017-06-15 02:28:50 -0700368 *inner_L4_checksum = ip_csum_fold (csum);
Matus Fabiana774b532017-05-02 03:15:22 -0700369 }
Matus Fabiana774b532017-05-02 03:15:22 -0700370
371 //Move up icmp header
372 ip4 = (ip4_header_t *) u8_ptr_add (inner_l4, -2 * sizeof (*ip4) - 8);
373 clib_memcpy (u8_ptr_add (inner_l4, -sizeof (*ip4) - 8), icmp, 8);
374 icmp = (icmp46_header_t *) u8_ptr_add (inner_l4, -sizeof (*ip4) - 8);
375 }
376 else
377 {
378 //Only one header to translate
379 ip4 = (ip4_header_t *) u8_ptr_add (ip6, sizeof (*ip6) - sizeof (*ip4));
380 }
381
382 vlib_buffer_advance (p, (u32) (((u8 *) ip4) - ((u8 *) ip6)));
383
384 if ((rv = fn (ip6, ip4, ctx)) != 0)
385 return rv;
386
387 ip4->ip_version_and_header_length =
388 IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
389 ip4->tos = ip6_translate_tos (ip6);
390 ip4->fragment_id = 0;
391 ip4->flags_and_fragment_offset = 0;
392 ip4->ttl = ip6->hop_limit;
393 ip4->protocol = IP_PROTOCOL_ICMP;
394 //TODO fix the length depending on offset length
395 ip4->length = u16_net_add (ip6->payload_length,
396 (inner_ip6 ==
397 NULL) ? sizeof (*ip4) : (2 * sizeof (*ip4) -
398 sizeof (*ip6)));
399 ip4->checksum = ip4_header_checksum (ip4);
400
401 //Recompute ICMP checksum
402 icmp->checksum = 0;
403 csum =
404 ip_incremental_checksum (0, icmp,
405 clib_net_to_host_u16 (ip4->length) -
406 sizeof (*ip4));
407 icmp->checksum = ~ip_csum_fold (csum);
408
409 return 0;
410}
411
412/**
413 * @brief Translate IPv6 fragmented packet to IPv4.
414 *
415 * @param p Buffer to translate.
416 * @param fn The function to translate header.
417 * @param ctx A context passed in the header translate function.
418 *
419 * @returns 0 on success, non-zero value otherwise.
420 */
421always_inline int
422ip6_to_ip4_fragmented (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx)
423{
424 ip6_header_t *ip6;
425 ip6_frag_hdr_t *frag;
426 ip4_header_t *ip4;
427 u16 frag_id;
428 u8 frag_more;
429 u16 frag_offset;
430 u8 l4_protocol;
431 u16 l4_offset;
432 int rv;
433
434 ip6 = vlib_buffer_get_current (p);
435
436 if (ip6_parse
437 (ip6, p->current_length, &l4_protocol, &l4_offset, &frag_offset))
438 return -1;
439
440 frag = (ip6_frag_hdr_t *) u8_ptr_add (ip6, frag_offset);
441 ip4 = (ip4_header_t *) u8_ptr_add (ip6, l4_offset - sizeof (*ip4));
442 vlib_buffer_advance (p, l4_offset - sizeof (*ip4));
443
444 frag_id = frag_id_6to4 (frag->identification);
445 frag_more = ip6_frag_hdr_more (frag);
446 frag_offset = ip6_frag_hdr_offset (frag);
447
448 if ((rv = fn (ip6, ip4, ctx)) != 0)
449 return rv;
450
451 ip4->ip_version_and_header_length =
452 IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
453 ip4->tos = ip6_translate_tos (ip6);
454 ip4->length = u16_net_add (ip6->payload_length,
455 sizeof (*ip4) - l4_offset + sizeof (*ip6));
456 ip4->fragment_id = frag_id;
457 ip4->flags_and_fragment_offset =
458 clib_host_to_net_u16 (frag_offset |
459 (frag_more ? IP4_HEADER_FLAG_MORE_FRAGMENTS : 0));
460 ip4->ttl = ip6->hop_limit;
461 ip4->protocol =
462 (l4_protocol == IP_PROTOCOL_ICMP6) ? IP_PROTOCOL_ICMP : l4_protocol;
463 ip4->checksum = ip4_header_checksum (ip4);
464
465 return 0;
466}
467
468/**
469 * @brief Translate IPv6 UDP/TCP packet to IPv4.
470 *
471 * @param p Buffer to translate.
472 * @param fn The function to translate header.
473 * @param ctx A context passed in the header translate function.
474 *
475 * @returns 0 on success, non-zero value otherwise.
476 */
477always_inline int
478ip6_to_ip4_tcp_udp (vlib_buffer_t * p, ip6_to_ip4_set_fn_t fn, void *ctx,
479 u8 udp_checksum)
480{
481 ip6_header_t *ip6;
482 u16 *checksum;
Matus Fabianb1291e22017-05-05 04:57:16 -0700483 ip_csum_t csum = 0;
Matus Fabiana774b532017-05-02 03:15:22 -0700484 ip4_header_t *ip4;
485 u16 fragment_id;
486 u16 flags;
487 u16 frag_offset;
488 u8 l4_protocol;
489 u16 l4_offset;
490 int rv;
491
492 ip6 = vlib_buffer_get_current (p);
493
494 if (ip6_parse
495 (ip6, p->current_length, &l4_protocol, &l4_offset, &frag_offset))
496 return -1;
497
498 if (l4_protocol == IP_PROTOCOL_TCP)
499 {
500 tcp_header_t *tcp = ip6_next_header (ip6);
501 checksum = &tcp->checksum;
502 }
503 else
504 {
505 udp_header_t *udp = ip6_next_header (ip6);
506 checksum = &udp->checksum;
507 //UDP checksum is optional over IPv4
508 if (!udp_checksum)
509 goto no_csum;
510 }
511
512 csum = ip_csum_sub_even (*checksum, ip6->src_address.as_u64[0]);
513 csum = ip_csum_sub_even (csum, ip6->src_address.as_u64[1]);
514 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[0]);
515 csum = ip_csum_sub_even (csum, ip6->dst_address.as_u64[1]);
Matus Fabian029f3d22017-06-15 02:28:50 -0700516 *checksum = ip_csum_fold (csum);
Matus Fabiana774b532017-05-02 03:15:22 -0700517
518no_csum:
519 ip4 = (ip4_header_t *) u8_ptr_add (ip6, l4_offset - sizeof (*ip4));
520
521 vlib_buffer_advance (p, l4_offset - sizeof (*ip4));
522
523 if (PREDICT_FALSE (frag_offset))
524 {
525 //Only the first fragment
526 ip6_frag_hdr_t *hdr = (ip6_frag_hdr_t *) u8_ptr_add (ip6, frag_offset);
527 fragment_id = frag_id_6to4 (hdr->identification);
528 flags = clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS);
529 }
530 else
531 {
532 fragment_id = 0;
533 flags = 0;
534 }
535
536 if ((rv = fn (ip6, ip4, ctx)) != 0)
537 return rv;
538
539 ip4->ip_version_and_header_length =
540 IP4_VERSION_AND_HEADER_LENGTH_NO_OPTIONS;
541 ip4->tos = ip6_translate_tos (ip6);
542 ip4->length = u16_net_add (ip6->payload_length,
543 sizeof (*ip4) + sizeof (*ip6) - l4_offset);
544 ip4->fragment_id = fragment_id;
545 ip4->flags_and_fragment_offset = flags;
546 ip4->ttl = ip6->hop_limit;
547 ip4->protocol = l4_protocol;
548 ip4->checksum = ip4_header_checksum (ip4);
549
550 //UDP checksum is optional over IPv4
551 if (!udp_checksum && l4_protocol == IP_PROTOCOL_UDP)
552 {
553 *checksum = 0;
554 }
555 else
556 {
Matus Fabian029f3d22017-06-15 02:28:50 -0700557 csum = ip_csum_add_even (*checksum, ip4->dst_address.as_u32);
Matus Fabiana774b532017-05-02 03:15:22 -0700558 csum = ip_csum_add_even (csum, ip4->src_address.as_u32);
559 *checksum = ip_csum_fold (csum);
560 }
561
562 return 0;
563}
564
565#endif /* __included_ip6_to_ip4_h__ */
566
567/*
568 * fd.io coding-style-patch-verification: ON
569 *
570 * Local Variables:
571 * eval: (c-set-style "gnu")
572 * End:
573 */