ipv6 odds and ends (#175)

Author: rcgoodfellow

.helix/languages.toml

@@ -0,0 +1,7 @@
+[[language]]
+name = "rust"
+[language-server.rust-analyzer.config.cargo]
+# default to tofino_sde, can change this to any other feature such as softnpu
+# as needed during development but in source control this should probably
+# remain as tofino_sde
+features = [ "tofino_sde" ]

asic/src/softnpu/table.rs

@@ -381,7 +381,8 @@ impl TableOps<Handle> for Table {
                 }
                 ("rewrite", params)
             }
-            (NAT_INGRESS4, "forward_ipv4_to") => {
+            (NAT_INGRESS4, "forward_ipv4_to")
+            | (NAT_INGRESS6, "forward_ipv6_to") => {
                 let mut target = Vec::new();
                 let mut vni = Vec::new();
                 let mut mac = Vec::new();
@@ -587,6 +588,13 @@ fn keyset_data(match_data: Vec<MatchEntryField>, table: &str) -> Vec<u8> {
                         serialize_value_type(&x, &mut data);
                         keyset_data.extend_from_slice(&data[..4]);
                     }
+                    NAT_V6 => {
+                        // "dst_addr" => hdr.ipv6.dst: exact => bit<128>
+                        let mut buf = Vec::new();
+                        serialize_value_type(&x, &mut buf);
+                        buf.reverse();
+                        keyset_data.extend_from_slice(&buf);
+                    }
                     LOCAL_V6 => {
                         let mut buf = Vec::new();
                         serialize_value_type(&x, &mut buf);
@@ -619,7 +627,7 @@ fn keyset_data(match_data: Vec<MatchEntryField>, table: &str) -> Vec<u8> {
             // Ranges (i.e. port ranges)
             MatchEntryValue::Range(x) => {
                 match table {
-                    NAT_V4 => {
+                    NAT_V4 | NAT_V6 => {
                         // "l4_dst_port" => ingress.nat_id: range =>  bit<16>
                         let low = &x.low.to_le_bytes();
                         let high = &x.high.to_le_bytes();

common/src/illumos.rs

@@ -145,8 +145,16 @@ pub async fn address_add(
     addr: impl Into<oxnet::IpNet>,
 ) -> Result<()> {
     let addr_obj = format!("{iface}/{tag}");
-    let addr = addr.into().to_string();
 
+    let addr: oxnet::IpNet = addr.into();
+    if addr.is_ipv6() {
+        let tag = "ll";
+        if !address_exists(iface, tag).await? {
+            linklocal_add(iface, tag).await?;
+        }
+    }
+
+    let addr = addr.to_string();
     ipadm_quiet(&["create-addr", "-t", "-T", "static", "-a", &addr, &addr_obj])
         .await
 }

dpd-api/src/lib.rs

@@ -56,6 +56,7 @@ api_versions!([
     // |  example for the next person.
     // v
     // (next_int, IDENT),
+    (2, DUAL_STACK_NAT_WORKFLOW),
     (1, INITIAL),
 ]);
 
@@ -1331,23 +1332,49 @@ pub trait DpdApi {
      */
     #[endpoint {
         method = GET,
-        path = "/rpw/nat/ipv4/gen"
+        path = "/rpw/nat/ipv4/gen",
+        versions = ..VERSION_DUAL_STACK_NAT_WORKFLOW
     }]
     async fn ipv4_nat_generation(
         rqctx: RequestContext<Self::Context>,
     ) -> Result<HttpResponseOk<i64>, HttpError>;
 
+    /**
+     * Get NAT generation number
+     */
+    #[endpoint {
+        method = GET,
+        path = "/rpw/nat/gen",
+        versions = VERSION_DUAL_STACK_NAT_WORKFLOW..
+    }]
+    async fn nat_generation(
+        rqctx: RequestContext<Self::Context>,
+    ) -> Result<HttpResponseOk<i64>, HttpError>;
+
     /**
      * Trigger NATv4 Reconciliation
      */
     #[endpoint {
         method = POST,
-        path = "/rpw/nat/ipv4/trigger"
+        path = "/rpw/nat/ipv4/trigger",
+        versions = ..VERSION_DUAL_STACK_NAT_WORKFLOW
     }]
     async fn ipv4_nat_trigger_update(
         rqctx: RequestContext<Self::Context>,
     ) -> Result<HttpResponseOk<()>, HttpError>;
 
+    /**
+     * Trigger NAT Reconciliation
+     */
+    #[endpoint {
+        method = POST,
+        path = "/rpw/nat/trigger",
+        versions = VERSION_DUAL_STACK_NAT_WORKFLOW..
+    }]
+    async fn nat_trigger_update(
+        rqctx: RequestContext<Self::Context>,
+    ) -> Result<HttpResponseOk<()>, HttpError>;
+
     /**
      * Get the list of P4 tables
      */

dpd/src/api_server.rs

@@ -1754,18 +1754,30 @@ impl DpdApi for DpdApiImpl {
 
     async fn ipv4_nat_generation(
         rqctx: RequestContext<Arc<Switch>>,
+    ) -> Result<HttpResponseOk<i64>, HttpError> {
+        Self::nat_generation(rqctx).await
+    }
+
+    async fn nat_generation(
+        rqctx: RequestContext<Arc<Switch>>,
     ) -> Result<HttpResponseOk<i64>, HttpError> {
         let switch = rqctx.context();
 
-        Ok(HttpResponseOk(nat::get_ipv4_nat_generation(switch)))
+        Ok(HttpResponseOk(nat::get_nat_generation(switch)))
     }
 
     async fn ipv4_nat_trigger_update(
         rqctx: RequestContext<Arc<Switch>>,
+    ) -> Result<HttpResponseOk<()>, HttpError> {
+        Self::nat_trigger_update(rqctx).await
+    }
+
+    async fn nat_trigger_update(
+        rqctx: RequestContext<Arc<Switch>>,
     ) -> Result<HttpResponseOk<()>, HttpError> {
         let switch = rqctx.context();
 
-        match switch.workflow_server.trigger(Task::Ipv4Nat) {
+        match switch.workflow_server.trigger(Task::Nat) {
             Ok(_) => Ok(HttpResponseOk(())),
             Err(e) => {
                 error!(rqctx.log, "unable to trigger rpw"; "error" => ?e);

dpd/src/nat.rs

@@ -7,7 +7,7 @@
 use slog::{debug, error, trace};
 use std::collections::BTreeMap;
 use std::fmt;
-use std::net::{Ipv4Addr, Ipv6Addr};
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
 use std::ops::Bound;
 
 use crate::Switch;
@@ -413,6 +413,19 @@ pub fn get_ipv4_mapping(
     Err(DpdError::Missing("no mapping".into()))
 }
 
+pub fn set_mapping(
+    switch: &Switch,
+    nat_ip: IpAddr,
+    low: u16,
+    high: u16,
+    tgt: NatTarget,
+) -> DpdResult<()> {
+    match nat_ip {
+        IpAddr::V4(nat_ip) => set_ipv4_mapping(switch, nat_ip, low, high, tgt),
+        IpAddr::V6(nat_ip) => set_ipv6_mapping(switch, nat_ip, low, high, tgt),
+    }
+}
+
 pub fn set_ipv4_mapping(
     switch: &Switch,
     nat_ip: Ipv4Addr,
@@ -465,6 +478,18 @@ pub fn set_ipv4_mapping(
     }
 }
 
+pub fn clear_mapping(
+    switch: &Switch,
+    nat_ip: IpAddr,
+    low: u16,
+    high: u16,
+) -> DpdResult<()> {
+    match nat_ip {
+        IpAddr::V4(nat_ip) => clear_ipv4_mapping(switch, nat_ip, low, high),
+        IpAddr::V6(nat_ip) => clear_ipv6_mapping(switch, nat_ip, low, high),
+    }
+}
+
 /// Find the first `NatTarget` where its `Ipv4NatEntry` matches the provided
 /// `Ipv4Addr` and overlaps with the provided port range, then remove it.
 pub fn clear_ipv4_mapping(
@@ -502,9 +527,25 @@ pub fn clear_ipv4_mapping(
     Ok(())
 }
 
+pub fn clear_overlapping_mappings(
+    switch: &Switch,
+    nat_ip: IpAddr,
+    low: u16,
+    high: u16,
+) -> DpdResult<()> {
+    match nat_ip {
+        IpAddr::V4(nat_ip) => {
+            clear_overlapping_mappings_v4(switch, nat_ip, low, high)
+        }
+        IpAddr::V6(nat_ip) => {
+            clear_overlapping_mappings_v6(switch, nat_ip, low, high)
+        }
+    }
+}
+
 /// Deletes any `Ipv4NatEntry` where each entry matches the provided
 /// `Ipv4Addr` and overlaps with the provided port range
-pub fn clear_overlapping_ipv4_mappings(
+pub fn clear_overlapping_mappings_v4(
     switch: &Switch,
     nat_ip: Ipv4Addr,
     low: u16,
@@ -542,6 +583,44 @@ pub fn clear_overlapping_ipv4_mappings(
     Ok(())
 }
 
+pub fn clear_overlapping_mappings_v6(
+    switch: &Switch,
+    nat_ip: Ipv6Addr,
+    low: u16,
+    high: u16,
+) -> DpdResult<()> {
+    let mut nat = switch.nat.lock().unwrap();
+    trace!(
+        switch.log,
+        "clearing all nat entries overlapping with {}/{}-{}", nat_ip, low, high
+    );
+
+    if let Some(mappings) = nat.ipv6_mappings.get_mut(&nat_ip) {
+        let mut mappings_to_delete = find_mappings(mappings, low, high);
+        // delete starting with the last index first, or you'll end up shifting the
+        // collection underneath you
+        mappings_to_delete.reverse();
+        for idx in mappings_to_delete {
+            let ent = mappings.remove(idx);
+            let full = ipv6_entry(nat_ip, &ent);
+            match nat::delete_ipv6_entry(switch, nat_ip, ent.low, ent.high) {
+                Err(e) => {
+                    error!(switch.log, "failed to clear {}: {:?}", full, e);
+                    return Err(e);
+                }
+                _ => {
+                    debug!(switch.log, "cleared nat entry {}", full);
+                }
+            };
+        }
+        if mappings.is_empty() {
+            nat.ipv6_mappings.remove(&nat_ip);
+        }
+    }
+
+    Ok(())
+}
+
 pub fn reset_ipv6(switch: &Switch) -> DpdResult<()> {
     let mut nat = switch.nat.lock().unwrap();
 
@@ -568,14 +647,14 @@ pub fn reset_ipv4(switch: &Switch) -> DpdResult<()> {
     }
 }
 
-pub fn set_ipv4_nat_generation(switch: &Switch, generation: i64) {
+pub fn set_nat_generation(switch: &Switch, generation: i64) {
     let mut nat = switch.nat.lock().unwrap();
 
     debug!(switch.log, "setting nat generation");
     nat.ipv4_generation = generation;
 }
 
-pub fn get_ipv4_nat_generation(switch: &Switch) -> i64 {
+pub fn get_nat_generation(switch: &Switch) -> i64 {
     let nat = switch.nat.lock().unwrap();
 
     debug!(switch.log, "fetching nat generation");