Rewrite code to use unique destination networks

This commit is contained in:
Nico Schottelius 2019-03-25 12:11:20 +01:00
parent 42f5e00e74
commit 4a280716a6
2 changed files with 28 additions and 9 deletions

View file

@ -54,13 +54,17 @@ class L2Controller(object):
self.info['ipv6_link_local'] = ipaddress.ip_address("fe80::200:aff:fe00:42") self.info['ipv6_link_local'] = ipaddress.ip_address("fe80::200:aff:fe00:42")
self.info['v6_mask'] = 64 self.info['v6_mask'] = 64
self.info['v6_nat64_mask'] = 96
self.info['v6_base'] = ipaddress.ip_network("2001:db8::/32") self.info['v6_base'] = ipaddress.ip_network("2001:db8::/32")
self.info['v6_base_hostnet'] = ipaddress.ip_network("2001:db8::/48") self.info['v6_base_hostnet'] = ipaddress.ip_network("2001:db8::/48")
self.info['v6_gen'] = self.info['v6_base_hostnet'].subnets(new_prefix=self.info['v6_mask'])
# possible new range for NAT64 prefixes # possible new range for NAT64 prefixes
self.info['v6_base_nat64'] = ipaddress.ip_network("2001:db8:1::/48") self.info['v6_nat64_base'] = ipaddress.ip_network("2001:db8:1::/48")
self.info['v6_gen'] = self.info['v6_base_hostnet'].subnets(new_prefix=self.info['v6_mask']) # We reserve /64 (easier for reading), but only use /96
self.info['v6_nat64_gen'] = self.info['v6_nat64_base'].subnets(new_prefix=self.info['v6_mask'])
self.info['v4_mask'] = 24 self.info['v4_mask'] = 24
self.info['v4_base'] = ipaddress.ip_network("10.0.0.0/8") self.info['v4_base'] = ipaddress.ip_network("10.0.0.0/8")
@ -123,12 +127,19 @@ class L2Controller(object):
# specific settings - mapping 256 IPv6 IPs max statically (based on /24) # specific settings - mapping 256 IPv6 IPs max statically (based on /24)
for mode in ["range_router"]: for mode in ["range_router"]:
for v6_net in self.v6_routes[mode]: for v6_net in self.v6_routes[mode]:
# This is a /64
v6_dst_base = self.info['v6_nat64_base'].next()
# This is a /96xs!
v6_dst = v6_dst_base.subnets(new_prefix=self.info['v6_nat64_mask']).next()
for v4_net in self.v4_routes[mode]: for v4_net in self.v4_routes[mode]:
v4_dst = self.info['v4_nat64_map'].next() v4_dst = self.info['v4_nat64_map'].next()
self.nat64_map[mode].append({ self.nat64_map[mode].append({
"v6_src": v6_net['net'], "v6_src": v6_net['net'],
"v6_dst": self.info['nat64_prefix'] # static # "v6_dst": self.info['nat64_prefix'] # static -- not supported ATM
"v6_dst": v6_dst
"v4_src": v4_net['net'], "v4_src": v4_net['net'],
"v4_dst": v4_dst "v4_dst": v4_dst
}) })
@ -241,21 +252,29 @@ class L2Controller(object):
# self.controller.table_add("v6_addresses", "controller_reply", [str(another_addr_ns)], [str(self.task['ICMP6_NS'])]) # self.controller.table_add("v6_addresses", "controller_reply", [str(another_addr_ns)], [str(self.task['ICMP6_NS'])])
def static_nat64_mapping(self, v6_src, v6_dst, v4_src, v4_dst): def static_nat64_mapping(self, v6_src, v6_dst, v4_src, v4_dst):
"""
Currently using destination only matching due to non priority
LPM support in P4
This could be solved with ternary matches or smart double table usage
"""
log.info("NAT64 map: ({} -> {} => {}), ({} -> {} -> {} (only /24)))".format( log.info("NAT64 map: ({} -> {} => {}), ({} -> {} -> {} (only /24)))".format(
v6_src, v6_dst, v4_dst, v6_src, v6_dst, v4_dst,
v4_src, v4_dst, v6_src) v4_src, v4_dst, v6_src)
self.controller.table_add("nat64", "nat64_static", self.controller.table_add("nat64", "nat64_static",
[str(v6_src) # [str(v6_src)
str(v6_dst)], [str(v6_dst)],
[str(v6_src.network_address), [str(v6_src.network_address),
str(v4_dst.network_address), str(v4_dst.network_address),
str(v6_dst.network_address)] str(v6_dst.network_address)]
) )
self.controller.table_add("nat46", "nat46_static", self.controller.table_add("nat46", "nat46_static",
[str(v4_src) # [str(v4_src)
str(v4_dst)], [str(v4_dst)],
[str(v6_src.network_address), [str(v6_src.network_address),
str(v4_dst.network_address), str(v4_dst.network_address),
str(v6_dst.network_address)] str(v6_dst.network_address)]

View file

@ -120,7 +120,7 @@ control MyIngress(inout headers hdr,
table nat64 { table nat64 {
key = { key = {
hdr.ipv6.src_addr: lpm; // hdr.ipv6.src_addr: lpm;
hdr.ipv6.dst_addr: lpm; hdr.ipv6.dst_addr: lpm;
} }
actions = { actions = {
@ -134,7 +134,7 @@ control MyIngress(inout headers hdr,
table nat46 { table nat46 {
key = { key = {
hdr.ipv4.src_addr: lpm; // hdr.ipv4.src_addr: lpm;
hdr.ipv4.dst_addr: lpm; hdr.ipv4.dst_addr: lpm;
} }
actions = { actions = {