From 5f14967a32745bda3b30662133b183e7b8131ade Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Sat, 23 Mar 2019 15:03:42 +0100 Subject: [PATCH] Introduce the icmp6 table --- doc/plan.org | 1 + p4app/controller.py | 17 ++++- p4src/settings.p4 | 1 + p4src/static-mapping.p4 | 155 ++++++++++++++++++++-------------------- 4 files changed, 94 insertions(+), 80 deletions(-) diff --git a/doc/plan.org b/doc/plan.org index 0623ccf..ca5ac03 100644 --- a/doc/plan.org +++ b/doc/plan.org @@ -122,6 +122,7 @@ | 2019-03-23 | Parsing down to link layer option | | | | Parsing on wrong field detected by unset fields in wireshark | | | | Correcting parser->leads to incorrect checksum | | +| | - NDP is answered to, but icmp6 echo request isn't -> extend table | | | | | | | | | | | 2019-03-28 | Meet Laurent #4 | | diff --git a/p4app/controller.py b/p4app/controller.py index c18f6a7..7342184 100755 --- a/p4app/controller.py +++ b/p4app/controller.py @@ -181,10 +181,19 @@ class L2Controller(object): icmp6_net = "{}/128".format(icmp6_addr) mac_addr = self.info['mac_addr'] - self.controller.table_add("v6_networks", + self.controller.table_add("icmp6", "icmp6_neighbor_solicitation", [str(icmp6_net)], [str(addr), str(mac_addr)]) + def init_icmp6_echo_in_switch(self, addr): + icmp6_addr = addr + icmp6_net = "{}/128".format(icmp6_addr) + + self.controller.table_add("icmp6", + "icmp6_echo_reply", + [str(icmp6_net)], [str(addr)]) + + def fill_tables(self): self.controller.table_clear("v6_networks") for v6route in self.v6_routes[self.mode]: @@ -193,15 +202,17 @@ class L2Controller(object): if self.args.multicast_to_controller: self.listen_to_icmp6_multicast() + self.controller.table_clear("icmp6") for v6addr in self.v6_addresses[self.mode]: self.init_ndp_in_switch(v6addr) + self.init_icmp6_echo_in_switch(v6addr) + self.controller.table_clear("v4_networks") for v4route in self.v4_routes[self.mode]: self.controller.table_add("v4_networks", "set_egress_port", [str(v4route['net'])], [str(v4route['port'])]) - self.controller.table_clear("v6_addresses") # Disable icmp handling in the controller # for v6addr in self.v6_addresses[self.mode]: # log.debug("Adding v6 address: {}".format(v6addr)) @@ -216,7 +227,7 @@ class L2Controller(object): # # Experimental: controller does NDP, switch does ICMP6 echo reply # self.controller.table_add("v6_addresses", "controller_reply", [str(another_addr_ns)], [str(self.task['ICMP6_NS'])]) - # self.controller.table_add("v6_addresses", "icmp6_echo_reply", [str(another_addr)]) + for nat64map in self.nat64_map[self.mode]: self.static_nat64_mapping(**nat64map) diff --git a/p4src/settings.p4 b/p4src/settings.p4 index 7610ce6..975962c 100644 --- a/p4src/settings.p4 +++ b/p4src/settings.p4 @@ -10,5 +10,6 @@ #define ROUTING_TABLE_SIZE 64 /* maximum routes per protocol */ #define ADDRESS_TABLE_SIZE 64 /* maximum number of addresses per protocol */ #define NDP_TABLE_SIZE 64 /* maximum number of multicast groups */ +#define ICMP6_TABLE_SIZE 64 /* maximum number of multicast groups */ #endif diff --git a/p4src/static-mapping.p4 b/p4src/static-mapping.p4 index 85b7f40..58c2b2f 100644 --- a/p4src/static-mapping.p4 +++ b/p4src/static-mapping.p4 @@ -42,60 +42,6 @@ control MyIngress(inout headers hdr, standard_metadata.mcast_grp = mcast_grp; } - action icmp6_neighbor_solicitation(ipv6_addr_t addr, mac_addr_t mac_addr) { - /* egress = ingress */ - standard_metadata.egress_spec = standard_metadata.ingress_port; - - /* 1. IPv6 changes */ - hdr.ipv6.dst_addr = hdr.ipv6.src_addr; - hdr.ipv6.src_addr = addr; - - /* 2. ICMP6 changes */ - hdr.icmp6.type = ICMP6_NA; - hdr.icmp6.code = 0; - // checksum is calculated in deparser - - /* 3. icmp6/neighbor advertisement: values taken from real world answers */ - hdr.icmp6_na_ns.router = 0; - hdr.icmp6_na_ns.solicitated = 1; - hdr.icmp6_na_ns.override = 1; - hdr.icmp6_na_ns.reserved = 0; - hdr.icmp6_na_ns.target_addr = addr; - - /* 4. Link layer options */ - hdr.icmp6_option_link_layer_addr.type = ICMP6_NDP_OPT_TARGET_LL; - hdr.icmp6_option_link_layer_addr.ll_length = 1; /* 1* 64 bit */ - hdr.icmp6_option_link_layer_addr.mac_addr = mac_addr; - - - /* version1: rebuilding packet */ - /* - truncate((bit<32>)(112 + 320 + 32)/8); - hdr.icmp6_na.setValid(); - - hdr.icmp6_na.solicitated = 1; - hdr.icmp6_na.override = 1; - */ - - /* checksum trigger / content */ - meta.task = TASK_CHECKSUM_ICMP6_NA; - meta.cast_length = (bit<32>) hdr.ipv6.payload_length; - } - - action icmp6_echo_reply() { - mac_addr_t mac_tmp = hdr.ethernet.dst_addr; - hdr.ethernet.dst_addr = hdr.ethernet.src_addr; - hdr.ethernet.src_addr = mac_tmp; - - ipv6_addr_t addr_tmp = hdr.ipv6.dst_addr; - hdr.ipv6.dst_addr = hdr.ipv6.src_addr; - hdr.ipv6.src_addr = addr_tmp; - - hdr.icmp6.type = ICMP6_ECHO_REPLY; - - meta.task = TASK_CHECKSUM_ICMP6; - meta.cast_length = (bit<32>) hdr.ipv6.payload_length; - } /********************** NAT64 / NAT46 ACTIONS ***********************************/ @@ -167,18 +113,88 @@ control MyIngress(inout headers hdr, } - /********************** Reply to NDP for US ***********************************/ - table ndp_answer { + + /********************** ICMP6 ***********************************/ + + /* old/unused action */ + action icmp6_answer() { + if(hdr.icmp6.isValid()) { + if(hdr.icmp6.code == ICMP6_ECHO_REQUEST) { + ipv6_addr_t tmp = hdr.ipv6.src_addr; + hdr.ipv6.src_addr = hdr.ipv6.dst_addr; + hdr.ipv6.dst_addr = tmp; + hdr.icmp6.code = ICMP6_ECHO_REPLY; + } + } + } + + action icmp6_neighbor_solicitation(ipv6_addr_t addr, mac_addr_t mac_addr) { + /* egress = ingress */ + standard_metadata.egress_spec = standard_metadata.ingress_port; + + /* 1. IPv6 changes */ + hdr.ipv6.dst_addr = hdr.ipv6.src_addr; + hdr.ipv6.src_addr = addr; + + /* 2. ICMP6 changes */ + hdr.icmp6.type = ICMP6_NA; + hdr.icmp6.code = 0; + // checksum is calculated in deparser + + /* 3. icmp6/neighbor advertisement: values taken from real world answers */ + hdr.icmp6_na_ns.router = 0; + hdr.icmp6_na_ns.solicitated = 1; + hdr.icmp6_na_ns.override = 1; + hdr.icmp6_na_ns.reserved = 0; + hdr.icmp6_na_ns.target_addr = addr; + + /* 4. Link layer options */ + hdr.icmp6_option_link_layer_addr.type = ICMP6_NDP_OPT_TARGET_LL; + hdr.icmp6_option_link_layer_addr.ll_length = 1; /* 1* 64 bit */ + hdr.icmp6_option_link_layer_addr.mac_addr = mac_addr; + + + /* version1: rebuilding packet */ + /* + truncate((bit<32>)(112 + 320 + 32)/8); + hdr.icmp6_na.setValid(); + + hdr.icmp6_na.solicitated = 1; + hdr.icmp6_na.override = 1; + */ + + /* checksum trigger / content */ + meta.task = TASK_CHECKSUM_ICMP6_NA; + meta.cast_length = (bit<32>) hdr.ipv6.payload_length; + } + + action icmp6_echo_reply() { + mac_addr_t mac_tmp = hdr.ethernet.dst_addr; + hdr.ethernet.dst_addr = hdr.ethernet.src_addr; + hdr.ethernet.src_addr = mac_tmp; + + ipv6_addr_t addr_tmp = hdr.ipv6.dst_addr; + hdr.ipv6.dst_addr = hdr.ipv6.src_addr; + hdr.ipv6.src_addr = addr_tmp; + + hdr.icmp6.type = ICMP6_ECHO_REPLY; + + meta.task = TASK_CHECKSUM_ICMP6; + meta.cast_length = (bit<32>) hdr.ipv6.payload_length; + } + + table icmp6 { key = { - hdr.ipv6.dst_addr: exact; /* our multicast embedded mac address */ + hdr.ipv6.dst_addr: lpm; hdr.icmp6.type: exact; } actions = { controller_debug; icmp6_neighbor_solicitation; + icmp6_echo_reply; NoAction; } - size = NDP_TABLE_SIZE; + size = ICMP6_TABLE_SIZE; default_action = NoAction; } @@ -213,7 +229,7 @@ control MyIngress(inout headers hdr, // default_action = controller_debug; } - /********************** NDP support ***********************************/ + /********************** NDP support for OTHERS (unused ATM) ***********************************/ table ndp { key = { @@ -230,23 +246,6 @@ control MyIngress(inout headers hdr, } - /********************** ADDRESS TABLES ***********************************/ - action icmp6_answer() { - if(hdr.icmp6.isValid()) { - if(hdr.icmp6.code == ICMP6_ECHO_REQUEST) { - ipv6_addr_t tmp = hdr.ipv6.src_addr; - hdr.ipv6.src_addr = hdr.ipv6.dst_addr; - hdr.ipv6.dst_addr = tmp; - hdr.icmp6.code = ICMP6_ECHO_REPLY; - } - } - - /* do something: - - change src/dst - - change type - */ - } - /********************** ROUTING (egress definiton) TABLES ***********************************/ @@ -302,7 +301,9 @@ control MyIngress(inout headers hdr, // ndp_answer.apply(); //ndp.apply(); /* flood or if it is us - answer */ - v6_addresses.apply(); + + + icmp6.apply(); v6_networks.apply(); } if(hdr.ipv4.isValid()) {