xlat 0.1.0.alpha1

data/clab/.gitignore

@@ -0,0 +1,5 @@
+*.bak
+.tls/
+authorized_keys
+topology-data.json
+ansible-inventory.yml

data/clab/464xlat-ce-pd.clab.yml

@@ -0,0 +1,138 @@
+name: 464xlat-ue-pd
+
+# Scenario:
+#  The user equipment (ue) has IPv6-only connectivity with a /64 delegated prefix.
+#  UE performs on-host CLAT using a /96 prefix chosen within its delegated prefix.
+#  The server (sv) has IPv4-only connectivity.
+#  The provider-side translator (plat) provides NAT64 service between UE and the server.
+#
+#  CLAT is SIIT (xlat), and PLAT is NAT66 (nftables) + SIIT (xlat).
+#
+# [ue] <--> [rt1] <--> [plat] <--> [rt2] <--> [sv]
+#
+# Addresses:
+#  64:ff9b::/96                 plat: PLAT-side IPv6 prefix (Pref64::/n)
+#  2001:db8:2::/48              rt1: UE pool
+#  2001:db8:2:cafe::/64         ue: delegated prefix
+#  2001:db8:2:cafe::1           ue: primary address
+#  2001:db8:2:cafe:46:700::/96  ue: CLAT-side IPv6 prefix
+#  2001:db8:66:d1e0::/96        plat: NAT66 outer prefix (local use)
+#  fe80::1                      rt1: link-local
+#  fe80::2                      rt2: link-local
+#  fe80::64                     plat: link-local
+#  fe80::cafe                   ue: link-local
+#  192.0.0.1                    ue: loopback address for IPv4 service continuity
+#  192.0.2.0/24                 rt2: server segment
+#  192.0.2.1                    rt2: gateway address for the segment
+#  192.0.2.80                   server: primary address
+#  203.0.113.0/29               plat: NAT64 outer pool
+
+mgmt:
+  external-access: false
+
+topology:
+  nodes:
+    ue:
+      kind: linux
+      image: &image localhost/xlat/xlat
+      cmd: --multiqueue=4 tun-xlat 64:ff9b::/96 2001:db8:2:cafe:46:700::/96
+      exec:
+        - &remove_default_rt sh -c 'ip -4 route del default && ip -6 route del default'
+        - &enable_forwarding sysctl -w net.ipv4.conf.all.forwarding=1 net.ipv6.conf.all.forwarding=1
+        - &wait_xlat sh -c 'for i in $(seq 10); do if ip link show tun-xlat; then break; else sleep 1; fi; done'
+
+        # Direct IPv4 traffic to Xlat
+        - ip link set dev tun-xlat up
+        - ip route add 0.0.0.0/0 dev tun-xlat
+        - ip route add 2001:db8:2:cafe:46:700::/96 dev tun-xlat
+
+        # Assign a dummy IPv4 address from IPv4 Service Continuity Prefix [RFC7335]
+        - ip addr add 192.0.0.1/32 dev lo
+
+        # rt1: IPv6 uplink
+        - ip addr add 2001:db8:2:cafe::1/64 dev eth1
+        - ip addr add fe80::cafe/64 dev eth1
+        - ip route add ::/0 via fe80::1 dev eth1
+
+    rt1:
+      kind: linux
+      image: *image
+      entrypoint: /bin/sleep
+      cmd: infinity
+      exec:
+        - *remove_default_rt
+        - *enable_forwarding
+
+        # ue
+        - ip addr add fe80::1/64 dev eth1
+        - ip route add 2001:db8:2:cafe::/64 via fe80::cafe dev eth1
+
+        # plat
+        - ip addr add fe80::1/64 dev eth2
+        - ip route add 64:ff9b::/96 via fe80::64 dev eth2
+
+    plat:
+      kind: linux
+      image: *image
+      cmd: --multiqueue=4 tun-xlat 2001:db8:66:d1e0::/96 64:ff9b::/96
+      env:
+        XLAT_PROFILE: 'on'
+#        XLAT_NOJIT: 'on'
+      exec:
+        - *remove_default_rt
+        - *enable_forwarding
+        - *wait_xlat
+
+        # rt1
+        - ip addr add fe80::64/64 dev eth1
+        - ip route add ::/0 via fe80::1 dev eth1
+
+        # rt2
+        - ip addr add fe80::64/64 dev eth2
+        - ip route add 0.0.0.0/0 via inet6 fe80::2 dev eth2
+
+        # Configure NAT66: Pref64::/96 -> internal prefix + IPv4 outer
+        - nft "add table ip6 nat"
+        - nft "add chain ip6 nat postrouting { type nat hook postrouting priority srcnat; }"
+        - nft "add rule ip6 nat postrouting ip6 daddr 64:ff9b::/96 counter snat to 2001:db8:66:d1e0::cb00:7100/125"  # 203.0.113.0/29
+
+        # Direct NAT64 traffic to Xlat
+        - ip link set dev tun-xlat up
+        - ip route add 64:ff9b::/96 dev tun-xlat
+        - ip route add 203.0.113.0/29 dev tun-xlat
+
+    rt2:
+      kind: linux
+      image: *image
+      entrypoint: /bin/sleep
+      cmd: infinity
+      exec:
+        - *remove_default_rt
+        - *enable_forwarding
+
+        # plat
+        - ip addr add fe80::2/64 dev eth1
+        - ip route add 203.0.113.0/29 via inet6 fe80::64 dev eth1
+
+        # sv
+        - ip addr add 192.0.2.1/24 dev eth2
+
+    sv:
+      kind: linux
+      image: busybox
+      cmd: httpd -f -h /tmp
+      exec:
+        - *remove_default_rt
+        - *enable_forwarding
+
+        - sh -c 'echo Hello > /tmp/index.html'
+
+        # rt2: IPv4 uplink
+        - ip addr add 192.0.2.80/24 dev eth1
+        - ip route add 0.0.0.0/0 via 192.0.2.1 dev eth1
+
+  links:
+    - endpoints: ["ue:eth1", "rt1:eth1"]
+    - endpoints: ["plat:eth1", "rt1:eth2"]
+    - endpoints: ["plat:eth2", "rt2:eth1"]
+    - endpoints: ["sv:eth1", "rt2:eth2"]

data/clab/build.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -eu
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+docker build -t localhost/xlat/xlat ..

data/exe/xlat-siit

@@ -0,0 +1,91 @@
+#!/usr/bin/env ruby
+
+require 'logger'
+require 'optparse'
+require 'xlat/adapters/linux_tun'
+require 'xlat/address_translators/rfc6052'
+require 'xlat/rfc7915'
+require 'xlat/runner'
+
+opt = OptionParser.new do |opt|
+  opt.banner = "Usage: #{File.basename($0)} [options] IFNAME SRC::/N DST::/N"
+  opt.on('--multiqueue COUNT', Integer) {|n| @multiqueue = n }
+end
+opt.parse!(ARGV)
+
+if ARGV.size != 3
+  $stderr.puts opt.help
+  exit 1
+end
+
+ifname, src_prefix, dst_prefix = *ARGV
+src_translator = Xlat::AddressTranslators::Rfc6052.new(src_prefix)
+dst_translator = Xlat::AddressTranslators::Rfc6052.new(dst_prefix)
+
+def do_work(stderr, ifname, src_translator, dst_translator, multiqueue)
+  logger = Logger.new(stderr)
+
+  Xlat::Adapters::LinuxTun.open(ifname, multiqueue:) do |tun|
+    tun.mtu = 1500
+
+    loop do
+      Xlat::Runner.new(
+        adapter: tun,
+        translator: Xlat::Rfc7915.new(
+          source_address_translator: src_translator,
+          destination_address_translator: dst_translator,
+        ),
+        logger:,
+      ).run
+    rescue
+      logger.error { $!.full_message }
+    end
+  end
+end
+
+begin
+  require 'pf2'
+rescue LoadError
+  def profile = yield
+else
+  def profile
+    return yield unless ENV.key?('XLAT_PROFILE')
+
+    Pf2.start(threads: [Thread.current])
+    $profiling = true
+    begin
+      yield
+    ensure
+      $profiling = false
+      Pf2.stop
+    end
+  end
+end
+
+Signal.trap(:USR1) do
+  if $profiling
+    profile = Pf2.stop
+    begin
+      File.write("/tmp/xlat-#$$.pf2profile", profile)
+    ensure
+      Pf2.start
+    end
+  end
+end
+
+RubyVM::YJIT.enable if defined?(RubyVM::YJIT.enable) && !ENV.key?('XLAT_NOJIT')
+
+if @multiqueue
+  workers = []
+  while true
+    while workers.size < @multiqueue
+      workers << Ractor.new($stderr.dup, ifname, src_translator, dst_translator, true, &method(:do_work))
+    end
+    r, = Ractor.select(*workers)
+    workers.delete(r)
+  end
+else
+  profile do
+    do_work($stderr, ifname, src_translator, dst_translator, false)
+  end
+end

data/ext/xlat/io_buffer_ext/Cargo.toml

@@ -0,0 +1,11 @@
+[package]
+name = "io_buffer_ext"
+edition = "2021"
+publish = false
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+magnus = { version = "0.7", features = ["rb-sys"] }
+rb-sys = { version = "0.9" }

data/ext/xlat/io_buffer_ext/extconf.rb

@@ -0,0 +1,4 @@
+require 'mkmf'
+require 'rb_sys/mkmf'
+
+create_rust_makefile('xlat/io_buffer_ext')

data/ext/xlat/io_buffer_ext/src/gvl.rs

@@ -0,0 +1,49 @@
+use std::{cell::Cell, ffi::c_void, mem, ptr};
+
+struct Data<'a, F, R>
+where
+    F: FnOnce() -> R,
+{
+    fun: F,
+    ret: &'a Cell<Option<R>>,
+}
+
+/// Safety: `pdata` must point to a valid `Data<F, R>` object, which will be bitwise-copied.
+unsafe extern "C" fn trampoline<F, R>(pdata: *mut c_void) -> *mut c_void
+where
+    F: FnOnce() -> R,
+{
+    let Data { fun, ret } = unsafe { ptr::read(pdata as *const Data<F, R>) };
+    ret.set(Some(fun()));
+
+    ptr::null_mut()
+}
+
+pub fn call_without_gvl2<F, R>(fun: F) -> R
+where
+    F: FnOnce() -> R,
+{
+    let cell = Cell::new(None);
+
+    let data = mem::ManuallyDrop::new(Data { fun, ret: &cell });
+
+    loop {
+        unsafe {
+            rb_sys::rb_thread_call_without_gvl2(
+                Some(trampoline::<F, R>),
+                ptr::addr_of!(data) as *mut c_void, // ManuallyDrop is transparent
+                None,
+                ptr::null_mut(),
+            );
+        }
+
+        // If rb_thread_call_without_gvl2 returns before invoking the callback
+        // due to interrupts, the cell remains to be None, and
+        // it's safe to retry because data is not consumed yet.
+        if let Some(r) = cell.take() {
+            return r;
+        }
+
+        unsafe { rb_sys::rb_thread_check_ints() }
+    }
+}

data/ext/xlat/io_buffer_ext/src/io_buffer.rs

@@ -0,0 +1,67 @@
+use std::{mem::MaybeUninit, ptr};
+
+use magnus::{
+    rb_sys::{AsRawValue as _, FromRawValue as _},
+    value::{Lazy, ReprValue as _},
+    Error, RClass, Ruby, TryConvert, Value,
+};
+
+#[derive(Clone, Copy)]
+pub struct IOBuffer(Value);
+
+static RB_C_IO_BUFFER: Lazy<RClass> = Lazy::new(|_ruby| {
+    let val = unsafe { Value::from_raw(rb_sys::rb_cIOBuffer) };
+    RClass::from_value(val).unwrap()
+});
+
+impl IOBuffer {
+    pub fn from_value(val: Value) -> Option<Self> {
+        if val.is_kind_of(Ruby::get_with(val).get_inner(&RB_C_IO_BUFFER)) {
+            Some(IOBuffer(val))
+        } else {
+            None
+        }
+    }
+
+    pub fn get_bytes_for_reading(&self) -> *const [u8] {
+        let mut ptr = MaybeUninit::uninit();
+        let mut len = MaybeUninit::uninit();
+        unsafe {
+            rb_sys::rb_io_buffer_get_bytes_for_reading(
+                self.0.as_raw(),
+                ptr.as_mut_ptr(),
+                len.as_mut_ptr(),
+            );
+            ptr::slice_from_raw_parts(ptr.assume_init().cast::<u8>(), len.assume_init() as usize)
+        }
+    }
+
+    pub fn get_bytes_for_writing(&self) -> *mut [u8] {
+        let mut ptr = MaybeUninit::uninit();
+        let mut len = MaybeUninit::uninit();
+        unsafe {
+            rb_sys::rb_io_buffer_get_bytes_for_writing(
+                self.0.as_raw(),
+                ptr.as_mut_ptr(),
+                len.as_mut_ptr(),
+            );
+            ptr::slice_from_raw_parts_mut(
+                ptr.assume_init().cast::<u8>(),
+                len.assume_init() as usize,
+            )
+        }
+    }
+}
+
+impl TryConvert for IOBuffer {
+    fn try_convert(val: Value) -> Result<Self, Error> {
+        Self::from_value(val).ok_or_else(|| {
+            Error::new(
+                Ruby::get_with(val).exception_type_error(),
+                format!("no implicit conversion of {} into IO::Buffer", unsafe {
+                    val.classname()
+                },),
+            )
+        })
+    }
+}

data/ext/xlat/io_buffer_ext/src/lib.rs

@@ -0,0 +1,83 @@
+use std::{
+    fs::File,
+    io::{ErrorKind, IoSlice, IoSliceMut, Read, Write},
+    mem::ManuallyDrop,
+    os::fd::{AsRawFd as _, FromRawFd as _, RawFd},
+};
+
+use magnus::{function, prelude::*, Error, Object, RArray, RFile, Ruby};
+
+mod gvl;
+mod io_buffer;
+
+fn file_from_rfile(io: RFile) -> Result<ManuallyDrop<File>, Error> {
+    let raw_fd = io.as_raw_fd();
+    if raw_fd == -1 as RawFd {
+        Err(Error::new(
+            Ruby::get_with(io).exception_io_error(),
+            "closed stream",
+        ))
+    } else {
+        // Don't take FD ownership from Ruby
+        Ok(ManuallyDrop::new(unsafe { File::from_raw_fd(raw_fd) }))
+    }
+}
+
+/// writev(IO, Array[IO::Buffer]) -> Integer
+fn writev(ruby: &Ruby, io: RFile, bufs: RArray) -> Result<usize, Error> {
+    let mut w = file_from_rfile(io)?;
+
+    let vec = bufs
+        .into_iter()
+        .map(|v| {
+            io_buffer::IOBuffer::try_convert(v)
+                .map(|buf| IoSlice::new(unsafe { &*buf.get_bytes_for_reading() }))
+        })
+        .collect::<Result<Vec<_>, _>>()?;
+
+    loop {
+        match gvl::call_without_gvl2(|| w.write_vectored(&vec)) {
+            Ok(n) => return Ok(n),
+            Err(err) => {
+                if err.kind() != ErrorKind::Interrupted {
+                    return Err(Error::new(ruby.exception_io_error(), err.to_string()));
+                }
+            }
+        }
+    }
+}
+
+/// readv(IO, Array[IO::Buffer]) -> Integer
+fn readv(ruby: &Ruby, io: RFile, bufs: RArray) -> Result<usize, Error> {
+    let mut r = file_from_rfile(io)?;
+
+    let mut vec = bufs
+        .into_iter()
+        .map(|v| {
+            io_buffer::IOBuffer::try_convert(v)
+                .map(|buf| IoSliceMut::new(unsafe { &mut *buf.get_bytes_for_writing() }))
+        })
+        .collect::<Result<Vec<_>, _>>()?;
+
+    loop {
+        match gvl::call_without_gvl2(|| r.read_vectored(&mut vec)) {
+            Ok(n) => return Ok(n),
+            Err(err) => {
+                if err.kind() != ErrorKind::Interrupted {
+                    return Err(Error::new(ruby.exception_io_error(), err.to_string()));
+                }
+            }
+        }
+    }
+}
+
+#[magnus::init]
+fn init(ruby: &Ruby) -> Result<(), Error> {
+    // We don't share objects across Ractors
+    unsafe { rb_sys::rb_ext_ractor_safe(true) };
+
+    let module = ruby.define_module("Xlat")?.define_module("IOBufferExt")?;
+    module.define_singleton_method("readv", function!(readv, 2))?;
+    module.define_singleton_method("writev", function!(writev, 2))?;
+    Ok(())
+}