Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@demo-exe
demo-exe committed Feb 5, 2024
1 parent aa2bea7 commit 47b836b
Show file tree
Hide file tree
Showing 5 changed files with 158 additions and 147 deletions.
10 changes: 5 additions & 5 deletions test/e2e/upg_e2e.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2404,7 +2404,7 @@ func describeGTPProxy(title string, ipMode framework.UPGIPMode) {
func describeNAT(f *framework.Framework) {
ginkgo.Describe("NAT translations", func() {
ginkgo.BeforeEach(func() {
// setupNAT(f)
setupNAT(f)
f.VPP.Ctl("clear trace")
out, _ := f.VPP.Ctl("trace add virtio-input 10")
fmt.Println("QQQQQQ ", out)
Expand All @@ -2420,7 +2420,7 @@ func describeNAT(f *framework.Framework) {
})

verify := func(sessionCfg framework.SessionConfig) {
// sessionCfg.NatPoolName = "testing"
sessionCfg.NatPoolName = "testing"
seid := startMeasurementSession(f, &sessionCfg)
trafficCfg := smallVolumeHTTPConfig(nil)
trafficRec := &traffic.PreciseTrafficRec{}
Expand Down Expand Up @@ -2846,10 +2846,10 @@ func verifyPSDBU(m message.Message, numUsageReports int) {
}

func setupNAT(f *framework.Framework) {
f.VPP.Ctl("nat44 plugin enable sessions 1000")
f.VPP.Ctl("set interface nat44 out sgi0 output-feature")
// f.VPP.Ctl("nat44 plugin enable sessions 1000")
// f.VPP.Ctl("set interface nat44 out sgi0 output-feature")
f.VPP.Ctl("upf nat pool 144.0.0.20 - 144.0.0.120 block_size 512 nwi sgi name testing min_port 10128")
f.VPP.Ctl("nat44 controlled enable")
// f.VPP.Ctl("nat44 controlled enable")
}

func verifyPFCPError(err error, cause uint8, seid pfcp.SEID, failedRuleID uint32, message string) {
Expand Down
62 changes: 3 additions & 59 deletions upf/upf_forward.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -270,62 +270,6 @@ upf_forward (vlib_main_t *vm, vlib_node_runtime_t *node, const char *node_name,
}
}
}

// nat
ip4_header_t *ip4 = vlib_buffer_get_current (b);
tcp_header_t *tcp = ip4_next_header (ip4);
// ip4->src_address.as_u32 = 0xAAAAAAAA;
// upf_debug ("QQQQQQQ IP hdr: %U", format_ip4_header,
// vlib_buffer_get_current (b), b->current_length);
//
int l3_csum_delta = 0;
int l4_csum_delta = 0;
if (ip4->src_address.as_u32 == 0x300010a &&
ip4->dst_address.as_u32 == 0x301000a)
{
ip4->src_address.as_u32 = 0x14000090;

l3_csum_delta = ip_csum_add_even (l3_csum_delta, 0x14000090);
l3_csum_delta = ip_csum_sub_even (l3_csum_delta, 0x300010a);
}
if (ip4->src_address.as_u32 == 0x14000090 &&
ip4->dst_address.as_u32 == 0x300010a)
{
ip4->src_address.as_u32 = 0x301000a;
l3_csum_delta = ip_csum_add_even (l3_csum_delta, 0x301000a);
l3_csum_delta = ip_csum_sub_even (l3_csum_delta, 0x14000090);
// l3_csum_delta = ip_csum_add_even (l3_csum_delta,
// 0x300010a); l3_csum_delta = ip_csum_sub_even
// (l3_csum_delta, 0x14000090);
}

// // int delta = ip_csum_add_even (0, ip4->src_address.as_u32);
// // ip_sum = ip_csum_add_even (ip_sum, delta);
// // ip4->checksum = ip_csum_fold (ip_sum);
//
// ip_csum_t tcp_sum = tcp->checksum;
// tcp_sum = ip_csum_sub_even (tcp_sum, f->l3_csum_delta);
// tcp_sum = ip_csum_sub_even (tcp_sum, f->l4_csum_delta);
// mss_clamping (sm->mss_clamping, tcp, &tcp_sum);
// tcp->checksum = ip_csum_fold (tcp_sum);
//

ip_csum_t tcp_sum = tcp->checksum;
tcp_sum = ip_csum_sub_even (tcp_sum, l3_csum_delta);
tcp_sum = ip_csum_sub_even (tcp_sum, l4_csum_delta);
// mss_clamping (sm->mss_clamping, tcp, &tcp_sum);
tcp->checksum = ip_csum_fold (tcp_sum);

ip_csum_t ip_sum = ip4->checksum;
ip_sum = ip_csum_sub_even (ip_sum, l3_csum_delta);
ip4->checksum = ip_csum_fold (ip_sum);

// ip4->checksum = 0;
// ip4->checksum = ip4_header_checksum (ip4);

clib_warning ("QQQQQZ ip4->src_address.as_u32 = %x, "
"ip4->dst_address.as_u32 = %x",
ip4->src_address.as_u32, ip4->dst_address.as_u32);
}
else if (far->apply_action & FAR_DROP)
{
Expand Down Expand Up @@ -438,9 +382,9 @@ VLIB_REGISTER_NODE (upf_ip4_forward_node) = {
[UPF_FORWARD_NEXT_DROP] = "error-drop",
[UPF_FORWARD_NEXT_GTP_IP4_ENCAP] = "upf4-encap",
[UPF_FORWARD_NEXT_GTP_IP6_ENCAP] = "upf6-encap",
[UPF_FORWARD_NEXT_IP_INPUT] = "ip4-input",
[UPF_FORWARD_NEXT_IP_REWRITE] = "ip4-rewrite",
[UPF_FORWARD_NEXT_IP_LOOKUP] = "ip4-lookup"
[UPF_FORWARD_NEXT_IP_INPUT] = "upf-nat-i2o",
[UPF_FORWARD_NEXT_IP_REWRITE] = "ip4-rewrite", // unused
[UPF_FORWARD_NEXT_IP_LOOKUP] = "ip4-lookup" // TODO: nat ??
},
};
/* clang-format on */
Expand Down
167 changes: 114 additions & 53 deletions upf/upf_nat.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,6 @@

#ifndef CLIB_MARCH_VARIANT



const static char *const upf_session_dpo_ip4_nodes[] = {
"upf-ip4-session-dpo",
NULL,
Expand Down Expand Up @@ -106,7 +104,7 @@ format_upf_session_dpo_trace (u8 *s, va_list *args)
return s;
}

VLIB_NODE_FN (upf_nat_node)
VLIB_NODE_FN (upf_nat_o2i)
(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame)
{
vlib_node_runtime_t *error_node =
Expand All @@ -133,7 +131,6 @@ VLIB_NODE_FN (upf_nat_node)
/* TODO: dual and maybe quad loop */
while (n_left_from > 0 && n_left_to_next > 0)
{
ip4_header_t *ip0;
u32 error0;

bi = from[0];
Expand All @@ -143,69 +140,115 @@ VLIB_NODE_FN (upf_nat_node)
n_left_from -= 1;
n_left_to_next -= 1;

error0 = IP4_ERROR_NONE;
next = UPF_NAT_NEXT_FLOW_PROCESS;

b = vlib_get_buffer (vm, bi);
ip4_header_t *ip4 = vlib_buffer_get_current (b);
tcp_header_t *tcp = ip4_next_header (ip4);

sidx = vnet_buffer (b)->ip.adj_index[VLIB_TX];
upf_debug ("Session %d (0x%08x)", sidx, sidx);
upf_session_t *sx0;
sx0 = pool_elt_at_index (gtm->sessions,
upf_buffer_opaque (b)->gtpu.session_index);

// UPF_ENTER_SUBGRAPH (b, sidx, 1);
error0 = IP4_ERROR_NONE;
next = UPF_NAT_NEXT_FLOW_PROCESS;
upf_debug ("IP hdr: %U", format_ip4_header, ip0, b->current_length);
bool is_incoming =
sx0->nat_addr->ext_addr.as_u32 == ip4->dst_address.as_u32;

if (is_incoming)
{
ip4->dst_address.as_u32 = sx0->user_addr.as_u32;
}

// TODO: checksum delta magic
tcp->checksum = 0;
tcp->checksum = ip4_tcp_udp_compute_checksum (vm, b, ip4);

ip4_header_t *ip4 = vlib_buffer_get_current (b);
tcp_header_t *tcp = ip4_next_header (ip4);
// ip4->src_address.as_u32 = 0xAAAAAAAA;
// upf_debug ("QQQQQQQ IP hdr: %U", format_ip4_header,
// vlib_buffer_get_current (b), b->current_length);
//
int l3_csum_delta = 0;
int l4_csum_delta = 0;
if (ip4->dst_address.as_u32 == 0x14000090 &&
ip4->src_address.as_u32 == 0x301000a)
ip4->checksum = 0;
ip4->checksum = ip4_header_checksum (ip4);

trace:
b->error = error_node->errors[error0];
if (PREDICT_FALSE (b->flags & VLIB_BUFFER_IS_TRACED))
{
ip4->dst_address.as_u32 = 0x300010a;
l3_csum_delta = ip_csum_add_even (l3_csum_delta, 0x300010a);
l3_csum_delta = ip_csum_sub_even (l3_csum_delta, 0x14000090);
// l3_csum_delta = ip_csum_add_even (l3_csum_delta,
// 0x300010a); l3_csum_delta = ip_csum_sub_even
// (l3_csum_delta, 0x14000090);
upf_session_t *sess = pool_elt_at_index (gtm->sessions, sidx);
upf_session_dpo_trace_t *tr =
vlib_add_trace (vm, node, b, sizeof (*tr));
tr->session_index = sidx;
tr->up_seid = sess->up_seid;
clib_memcpy (tr->packet_data, vlib_buffer_get_current (b),
sizeof (tr->packet_data));
}

// // int delta = ip_csum_add_even (0, ip4->src_address.as_u32);
// // ip_sum = ip_csum_add_even (ip_sum, delta);
// // ip4->checksum = ip_csum_fold (ip_sum);
//
// ip_csum_t tcp_sum = tcp->checksum;
// tcp_sum = ip_csum_sub_even (tcp_sum, f->l3_csum_delta);
// tcp_sum = ip_csum_sub_even (tcp_sum, f->l4_csum_delta);
// mss_clamping (sm->mss_clamping, tcp, &tcp_sum);
// tcp->checksum = ip_csum_fold (tcp_sum);
//
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
n_left_to_next, bi, next);
}

vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}

return from_frame->n_vectors;
}

VLIB_NODE_FN (upf_nat_i2o)
(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *from_frame)
{
vlib_node_runtime_t *error_node =
vlib_node_get_runtime (vm, ip4_input_node.index);
u32 n_left_from, next_index, *from, *to_next;
upf_main_t *gtm = &upf_main;

from = vlib_frame_vector_args (from_frame);
n_left_from = from_frame->n_vectors;

u16 next = 0;
u32 sidx = 0;

next_index = node->cached_next_index;

ip_csum_t tcp_sum = tcp->checksum;
tcp_sum = ip_csum_sub_even (tcp_sum, l3_csum_delta);
tcp_sum = ip_csum_sub_even (tcp_sum, l4_csum_delta);
// mss_clamping (sm->mss_clamping, tcp, &tcp_sum);
tcp->checksum = ip_csum_fold (tcp_sum);
while (n_left_from > 0)
{
u32 n_left_to_next;
vlib_buffer_t *b;
u32 bi;

ip_csum_t ip_sum = ip4->checksum;
ip_sum = ip_csum_sub_even (ip_sum, l3_csum_delta);
ip4->checksum = ip_csum_fold (ip_sum);
vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);

// ip4->checksum = 0;
// ip4->checksum = ip4_header_checksum (ip4);
/* TODO: dual and maybe quad loop */
while (n_left_from > 0 && n_left_to_next > 0)
{
u32 error0;

clib_warning ("QQQQQZaaaaanat ip4->src_address.as_u32 = %x, "
"ip4->dst_address.as_u32 = %x",
ip4->src_address.as_u32, ip4->dst_address.as_u32);
bi = from[0];
to_next[0] = bi;
from += 1;
to_next += 1;
n_left_from -= 1;
n_left_to_next -= 1;

error0 = IP4_ERROR_NONE;
next = UPF_NAT_NEXT_FLOW_PROCESS;

b = vlib_get_buffer (vm, bi);
ip4_header_t *ip4 = vlib_buffer_get_current (b);
tcp_header_t *tcp = ip4_next_header (ip4);

upf_session_t *sx0;
sx0 = pool_elt_at_index (gtm->sessions,
upf_buffer_opaque (b)->gtpu.session_index);

bool is_outgoing = sx0->user_addr.as_u32 == ip4->src_address.as_u32;

if (is_outgoing)
{
ip4->src_address.as_u32 = sx0->nat_addr->ext_addr.as_u32;
}

// ip4_ttl_and_checksum_check (b, ip0, &next, &error0);
// vnet_calc_checksums_inline (vm, b, 1 /* is_ip4 */, 0 /* is_ip6 */);
// TODO: checksum delta magic
tcp->checksum = 0;
tcp->checksum = ip4_tcp_udp_compute_checksum (vm, b, ip4);

ip4->checksum = 0;
ip4->checksum = ip4_header_checksum (ip4);

trace:
b->error = error_node->errors[error0];
Expand All @@ -231,8 +274,8 @@ VLIB_NODE_FN (upf_nat_node)
}

/* clang-format off */
VLIB_REGISTER_NODE (upf_nat_node) = {
.name = "upf-nat-test",
VLIB_REGISTER_NODE (upf_nat_o2i) = {
.name = "upf-nat-o2i",
.vector_size = sizeof (u32),
.format_trace = format_upf_session_dpo_trace,
.type = VLIB_NODE_TYPE_INTERNAL,
Expand All @@ -247,3 +290,21 @@ VLIB_REGISTER_NODE (upf_nat_node) = {
[UPF_NAT_NEXT_FLOW_PROCESS] = "upf-ip4-flow-process",
},
};

/* clang-format off */
VLIB_REGISTER_NODE (upf_nat_i2o) = {
.name = "upf-nat-i2o",
.vector_size = sizeof (u32),
.format_trace = format_upf_session_dpo_trace,
.type = VLIB_NODE_TYPE_INTERNAL,

.n_errors = ARRAY_LEN(upf_session_dpo_error_strings),
.error_strings = upf_session_dpo_error_strings,

.n_next_nodes = UPF_NAT_N_NEXT,
.next_nodes = {
[UPF_NAT_NEXT_DROP] = "error-drop",
[UPF_NAT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
[UPF_NAT_NEXT_FLOW_PROCESS] = "ip4-input",
},
};
Loading

0 comments on commit 47b836b

Please sign in to comment.