Greetings, all. I've been using VPP with good success as a MAP-T BR 
(border-relay) to do stateless v4/v6 translation. I would like to use the same 
(or a very small number of ) DMR(s) in the environment to simplify addressing 
and also allow things like putting DNS and NTP listeners in the v6-translated 
MAP space, keeping client traffic off the BR unnecessarily. Let me preface the 
rest of the message by saying the last time I programmed in C regularly was 
about 20 years ago, so please be kind... 

Based on the current "map" plugin, the lookup function for which MAP rule a v6 
packet (in the ip6_map_t function) is: 

d0 = 
ip6_map_get_domain (&ip60->dst_address, 
&vnet_buffer (p0)->map_t.map_domain_index, 
&error0); 

This works fine, but it only allows the DMR (which includes the dst_address in 
the MAP payloads) to be used with one MAP domain. 

I'd like to propose doing that same lookup based on src. It would include 
populating the corresponding prefix table for the MAP v6 prefixes (which 
currently looks empty). Here's what I'm thinking in diff form. I know the 
format is probably unacceptable for inclusion, but I think it gets the idea 
across: 

------------------------------------------ 
diff --git a/src/plugins/map/ip6_map_t.c b/src/plugins/map/ip6_map_t.c 
index 861c049b0..79c1105da 100644 
--- a/src/plugins/map/ip6_map_t.c 
+++ b/src/plugins/map/ip6_map_t.c 
@@ -529,7 +529,8 @@ ip6_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, 
vlib_frame_t * frame) 
ip60 = vlib_buffer_get_current (p0); 

d0 = 
- ip6_map_get_domain (&ip60->dst_address, 
+/* ip6_map_get_domain (&ip60->dst_address, <- this identifies the map domain 
based only on DMR */ 
+ ip6_map_get_domain (&ip60->src_address, 
&vnet_buffer (p0)->map_t.map_domain_index, 
&error0); 
if (!d0) 
diff --git a/src/plugins/map/map.c b/src/plugins/map/map.c 
index 7ae14828d..bcd8db400 100644 
--- a/src/plugins/map/map.c 
+++ b/src/plugins/map/map.c 
@@ -173,8 +173,9 @@ map_create_domain (ip4_address_t * ip4_prefix, 
d->ip4_prefix_len, *map_domain_index); 

/* Really needed? Or always use FIB? */ 
- mm->ip6_src_prefix_tbl->add (mm->ip6_src_prefix_tbl, &d->ip6_src, 
- d->ip6_src_len, *map_domain_index); 
+ /* mm->ip6_src_prefix_tbl->add (mm->ip6_src_prefix_tbl, &d->ip6_src, <- Orig 
*/ 
+ mm->ip6_prefix_tbl->add (mm->ip6_prefix_tbl, &d->ip6_prefix, 
+ d->ip6_prefix_len, *map_domain_index); 

/* Validate packet/byte counters */ 
map_domain_counter_lock (mm); 
diff --git a/src/plugins/map/map.h b/src/plugins/map/map.h 
index d874aa47b..c79648eb9 100644 
--- a/src/plugins/map/map.h 
+++ b/src/plugins/map/map.h 
@@ -335,7 +335,8 @@ ip6_map_get_domain (ip6_address_t * addr, u32 * 
map_domain_index, u8 * error) 
{ 
map_main_t *mm = &map_main; 
u32 mdi = 
- mm->ip6_src_prefix_tbl->lookup (mm->ip6_src_prefix_tbl, addr, 128); 
+/* mm->ip6_src_prefix_tbl->lookup (mm->ip6_src_prefix_tbl, addr, 128); <- Orig 
*/ 
+ mm->ip6_prefix_tbl->lookup (mm->ip6_prefix_tbl, addr, 128); 
if (mdi == ~0) 
{ 
*error = MAP_ERROR_NO_DOMAIN; 

------------------------------------------ 

Would this work, or am I missing a key reason for looking up the MAP rule ID 
based solely on IPv6 dst-IP? 

Thanks! 
Dan 

-- 
Dan Geist dan(@)polter.net 

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#21746): https://lists.fd.io/g/vpp-dev/message/21746
Mute This Topic: https://lists.fd.io/mt/92738239/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to