2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT44 endpoint-dependent inside to outside network translation
20 #include <vlib/vlib.h>
21 #include <vnet/vnet.h>
22 #include <vnet/pg/pg.h>
23 #include <vnet/ip/ip.h>
24 #include <vnet/ethernet/ethernet.h>
25 #include <vnet/fib/ip4_fib.h>
26 #include <vnet/udp/udp.h>
27 #include <vppinfra/error.h>
29 #include <nat/nat_ipfix_logging.h>
30 #include <nat/nat_inlines.h>
31 #include <nat/nat44/inlines.h>
32 #include <nat/nat_syslog.h>
33 #include <nat/nat_ha.h>
35 static char *nat_in2out_ed_error_strings[] = {
36 #define _(sym,string) string,
37 foreach_nat_in2out_ed_error
47 } nat_in2out_ed_trace_t;
50 format_nat_in2out_ed_trace (u8 * s, va_list * args)
52 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
53 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
54 nat_in2out_ed_trace_t *t = va_arg (*args, nat_in2out_ed_trace_t *);
58 t->is_slow_path ? "NAT44_IN2OUT_ED_SLOW_PATH" :
59 "NAT44_IN2OUT_ED_FAST_PATH";
61 s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag,
62 t->sw_if_index, t->next_index, t->session_index);
67 #ifndef CLIB_MARCH_VARIANT
69 nat44_i2o_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg)
71 snat_main_t *sm = &snat_main;
72 nat44_is_idle_session_ctx_t *ctx = arg;
74 u64 sess_timeout_time;
77 ip4_address_t *l_addr, *r_addr;
79 clib_bihash_kv_16_8_t ed_kv;
82 snat_session_key_t key;
83 snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data,
86 s = pool_elt_at_index (tsm->sessions, kv->value);
87 sess_timeout_time = s->last_heard + (f64) nat44_session_get_timeout (sm, s);
88 if (ctx->now >= sess_timeout_time)
90 if (is_fwd_bypass_session (s))
93 l_addr = &s->out2in.addr;
94 r_addr = &s->ext_host_addr;
95 fib_index = s->out2in.fib_index;
96 if (snat_is_unk_proto_session (s))
98 proto = s->in2out.port;
104 proto = snat_proto_to_ip_proto (s->in2out.protocol);
105 l_port = s->out2in.port;
106 r_port = s->ext_host_port;
108 make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
110 if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &ed_kv, 0))
111 nat_elog_warn ("out2in_ed key del failed");
113 if (snat_is_unk_proto_session (s))
116 snat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
117 s->in2out.addr.as_u32,
118 s->out2in.addr.as_u32,
122 s->in2out.fib_index);
124 nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
125 &s->in2out.addr, s->in2out.port,
126 &s->ext_host_nat_addr, s->ext_host_nat_port,
127 &s->out2in.addr, s->out2in.port,
128 &s->ext_host_addr, s->ext_host_port,
129 s->in2out.protocol, is_twice_nat_session (s));
131 nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr,
132 s->ext_host_port, s->out2in.protocol, s->out2in.fib_index,
135 if (is_twice_nat_session (s))
137 for (i = 0; i < vec_len (sm->twice_nat_addresses); i++)
139 key.protocol = s->in2out.protocol;
140 key.port = s->ext_host_nat_port;
141 a = sm->twice_nat_addresses + i;
142 if (a->addr.as_u32 == s->ext_host_nat_addr.as_u32)
144 snat_free_outside_address_and_port (sm->twice_nat_addresses,
152 if (snat_is_session_static (s))
155 snat_free_outside_address_and_port (sm->addresses, ctx->thread_index,
158 nat44_ed_delete_session (sm, s, ctx->thread_index, 1);
167 icmp_in2out_ed_slow_path (snat_main_t * sm, vlib_buffer_t * b0,
168 ip4_header_t * ip0, icmp46_header_t * icmp0,
169 u32 sw_if_index0, u32 rx_fib_index0,
170 vlib_node_runtime_t * node, u32 next0, f64 now,
171 u32 thread_index, snat_session_t ** p_s0)
173 next0 = icmp_in2out (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
174 next0, thread_index, p_s0, 0);
175 snat_session_t *s0 = *p_s0;
176 if (PREDICT_TRUE (next0 != NAT_NEXT_DROP && s0))
179 nat44_session_update_counters (s0, now,
180 vlib_buffer_length_in_chain
181 (sm->vlib_main, b0), thread_index);
182 /* Per-user LRU list maintenance */
183 nat44_session_update_lru (sm, s0, thread_index);
188 static_always_inline u16
189 snat_random_port (u16 min, u16 max)
191 snat_main_t *sm = &snat_main;
192 return min + random_u32 (&sm->random_seed) /
193 (random_u32_max () / (max - min + 1) + 1);
197 nat_ed_alloc_addr_and_port (snat_main_t * sm, u32 rx_fib_index,
198 u32 snat_proto, u32 thread_index,
199 ip4_address_t r_addr, u16 r_port, u8 proto,
200 u16 port_per_thread, u32 snat_thread_index,
202 ip4_address_t * allocated_addr,
203 u16 * allocated_port,
204 clib_bihash_kv_16_8_t * out2in_ed_kv)
207 snat_address_t *a, *ga = 0;
209 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
211 const u16 port_thread_offset = (port_per_thread * snat_thread_index) + 1024;
213 for (i = 0; i < vec_len (sm->addresses); i++)
215 a = sm->addresses + i;
218 #define _(N, j, n, unused) \
219 case SNAT_PROTOCOL_##N: \
220 if (a->fib_index == rx_fib_index) \
222 u16 port = snat_random_port (1, port_per_thread); \
223 u16 attempts = port_per_thread; \
224 while (attempts > 0) \
227 portnum = port_thread_offset + port; \
228 make_ed_kv (&a->addr, &r_addr, proto, s->out2in.fib_index, \
229 clib_host_to_net_u16 (portnum), r_port, \
230 s - tsm->sessions, out2in_ed_kv); \
231 int rv = clib_bihash_add_del_16_8 (&tsm->out2in_ed, out2in_ed_kv, \
235 ++a->busy_##n##_port_refcounts[portnum]; \
236 a->busy_##n##_ports_per_thread[thread_index]++; \
237 a->busy_##n##_ports++; \
238 *allocated_addr = a->addr; \
239 *allocated_port = clib_host_to_net_u16 (portnum); \
242 port = (port + 1) % port_per_thread; \
245 else if (a->fib_index == ~0) \
251 foreach_snat_protocol;
253 nat_elog_info ("unknown protocol");
260 /* fake fib_index to reuse macro */
265 foreach_snat_protocol;
267 nat_elog_info ("unknown protocol");
274 /* Totally out of translations to use... */
275 snat_ipfix_logging_addresses_exhausted (thread_index, 0);
280 slow_path_ed (snat_main_t * sm,
282 ip4_address_t l_addr,
283 ip4_address_t r_addr,
288 snat_session_t ** sessionp,
289 vlib_node_runtime_t * node, u32 next, u32 thread_index, f64 now)
291 snat_session_t *s = NULL;
292 snat_session_key_t key0, key1;
293 lb_nat_type_t lb = 0;
294 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
295 u32 snat_proto = ip_proto_to_snat_proto (proto);
296 nat_outside_fib_t *outside_fib;
297 fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
298 clib_bihash_kv_16_8_t out2in_ed_kv;
299 bool out2in_ed_inserted = false;
300 ip4_address_t allocated_addr;
304 .fp_proto = FIB_PROTOCOL_IP4,
306 .fp_addr = {.ip4.as_u32 = r_addr.as_u32,},
308 nat44_is_idle_session_ctx_t ctx;
310 if (PREDICT_TRUE (snat_proto == SNAT_PROTOCOL_TCP))
314 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)))
316 b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
317 return NAT_NEXT_DROP;
321 if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index)))
323 if (!nat_global_lru_free_one (sm, thread_index, now))
325 b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
326 nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
327 nat_elog_notice ("maximum sessions exceeded");
328 return NAT_NEXT_DROP;
334 key1.protocol = key0.protocol = snat_proto;
335 key0.fib_index = rx_fib_index;
336 key1.fib_index = sm->outside_fib_index;
338 /* First try to match static mapping by local address and port */
339 if (snat_static_mapping_match
340 (sm, key0, &key1, 0, 0, 0, &lb, 0, &identity_nat))
342 s = nat_ed_session_alloc (sm, thread_index, now);
345 nat_elog_warn ("create NAT session failed");
346 b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_USER_SESS_EXCEEDED];
349 switch (vec_len (sm->outside_fibs))
352 s->out2in.fib_index = sm->outside_fib_index;
355 s->out2in.fib_index = sm->outside_fibs[0].fib_index;
359 vec_foreach (outside_fib, sm->outside_fibs)
361 fei = fib_table_lookup (outside_fib->fib_index, &pfx);
362 if (FIB_NODE_INDEX_INVALID != fei)
364 if (fib_entry_get_resolving_interface (fei) != ~0)
366 s->out2in.fib_index = outside_fib->fib_index;
375 /* Try to create dynamic translation */
376 if (nat_ed_alloc_addr_and_port (sm, rx_fib_index, snat_proto,
377 thread_index, r_addr, r_port, proto,
379 tsm->snat_thread_index, s,
381 &allocated_port, &out2in_ed_kv))
383 nat_elog_notice ("addresses exhausted");
384 b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS];
388 out2in_ed_inserted = true;
389 key1.addr = allocated_addr;
390 key1.port = allocated_port;
394 if (PREDICT_FALSE (identity_nat))
399 s = nat_ed_session_alloc (sm, thread_index, now);
402 nat_elog_warn ("create NAT session failed");
403 b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_USER_SESS_EXCEEDED];
406 switch (vec_len (sm->outside_fibs))
409 s->out2in.fib_index = sm->outside_fib_index;
412 s->out2in.fib_index = sm->outside_fibs[0].fib_index;
416 vec_foreach (outside_fib, sm->outside_fibs)
418 fei = fib_table_lookup (outside_fib->fib_index, &pfx);
419 if (FIB_NODE_INDEX_INVALID != fei)
421 if (fib_entry_get_resolving_interface (fei) != ~0)
423 s->out2in.fib_index = outside_fib->fib_index;
432 s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
435 make_ed_kv (&key1.addr, &r_addr, proto,
436 s->out2in.fib_index, key1.port, r_port, s - tsm->sessions,
438 if (clib_bihash_add_or_overwrite_stale_16_8
439 (&tsm->out2in_ed, &out2in_ed_kv, nat44_o2i_ed_is_idle_session_cb,
441 nat_elog_notice ("out2in-ed key add failed");
442 out2in_ed_inserted = true;
446 s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
447 s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
448 s->ext_host_addr = r_addr;
449 s->ext_host_port = r_port;
452 s->out2in.protocol = key0.protocol;
454 clib_bihash_kv_16_8_t in2out_ed_kv;
455 make_ed_kv (&l_addr, &r_addr, proto, rx_fib_index, l_port, r_port,
456 s - tsm->sessions, &in2out_ed_kv);
458 ctx.thread_index = thread_index;
459 if (clib_bihash_add_or_overwrite_stale_16_8 (&tsm->in2out_ed, &in2out_ed_kv,
460 nat44_i2o_ed_is_idle_session_cb,
462 nat_elog_notice ("in2out-ed key add failed");
467 snat_ipfix_logging_nat44_ses_create (thread_index,
468 s->in2out.addr.as_u32,
469 s->out2in.addr.as_u32,
472 s->out2in.port, s->in2out.fib_index);
474 nat_syslog_nat44_sadd (s->user_index, s->in2out.fib_index,
475 &s->in2out.addr, s->in2out.port,
476 &s->ext_host_nat_addr, s->ext_host_nat_port,
477 &s->out2in.addr, s->out2in.port,
478 &s->ext_host_addr, s->ext_host_port,
479 s->in2out.protocol, 0);
481 nat_ha_sadd (&s->in2out.addr, s->in2out.port, &s->out2in.addr,
482 s->out2in.port, &s->ext_host_addr, s->ext_host_port,
483 &s->ext_host_nat_addr, s->ext_host_nat_port,
484 s->in2out.protocol, s->in2out.fib_index, s->flags,
489 if (out2in_ed_inserted)
491 if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &out2in_ed_kv, 0))
492 nat_elog_notice ("out2in-ed key del failed");
496 nat_free_session_data (sm, s, thread_index, 0);
497 nat44_ed_delete_session (sm, s, thread_index, 1);
499 return NAT_NEXT_DROP;
502 static_always_inline int
503 nat44_ed_not_translate (snat_main_t * sm, vlib_node_runtime_t * node,
504 u32 sw_if_index, ip4_header_t * ip, u32 proto,
505 u32 rx_fib_index, u32 thread_index)
507 udp_header_t *udp = ip4_next_header (ip);
508 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
509 clib_bihash_kv_16_8_t kv, value;
510 snat_session_key_t key0, key1;
512 make_ed_kv (&ip->dst_address, &ip->src_address, ip->protocol,
513 sm->outside_fib_index, udp->dst_port, udp->src_port, ~0ULL,
516 /* NAT packet aimed at external address if has active sessions */
517 if (clib_bihash_search_16_8 (&tsm->out2in_ed, &kv, &value))
519 key0.addr = ip->dst_address;
520 key0.port = udp->dst_port;
521 key0.protocol = proto;
522 key0.fib_index = sm->outside_fib_index;
523 /* or is static mappings */
524 if (!snat_static_mapping_match (sm, key0, &key1, 1, 0, 0, 0, 0, 0))
530 if (sm->forwarding_enabled)
533 return snat_not_translate_fast (sm, node, sw_if_index, ip, proto,
537 static_always_inline int
538 nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip,
539 u32 thread_index, f64 now,
540 vlib_main_t * vm, vlib_buffer_t * b)
542 clib_bihash_kv_16_8_t kv, value;
543 snat_session_t *s = 0;
544 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
546 if (!sm->forwarding_enabled)
549 if (ip->protocol == IP_PROTOCOL_ICMP)
551 if (get_icmp_i2o_ed_key (b, ip, 0, ~0ULL, 0, 0, 0, &kv))
554 else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
556 make_ed_kv (&ip->src_address, &ip->dst_address, ip->protocol, 0,
557 vnet_buffer (b)->ip.reass.l4_src_port,
558 vnet_buffer (b)->ip.reass.l4_dst_port, ~0ULL, &kv);
562 make_ed_kv (&ip->src_address, &ip->dst_address, ip->protocol, 0, 0,
566 if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &kv, &value))
568 s = pool_elt_at_index (tsm->sessions, value.value);
569 if (is_fwd_bypass_session (s))
571 if (ip->protocol == IP_PROTOCOL_TCP)
573 if (nat44_set_tcp_session_state_i2o
574 (sm, now, s, b, thread_index))
578 nat44_session_update_counters (s, now,
579 vlib_buffer_length_in_chain (vm, b),
581 /* Per-user LRU list maintenance */
582 nat44_session_update_lru (sm, s, thread_index);
592 static_always_inline int
593 nat44_ed_not_translate_output_feature (snat_main_t * sm, ip4_header_t * ip,
594 u16 src_port, u16 dst_port,
595 u32 thread_index, u32 rx_sw_if_index,
598 clib_bihash_kv_16_8_t kv, value;
599 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
602 u32 rx_fib_index = ip4_fib_table_get_index_for_sw_if_index (rx_sw_if_index);
603 u32 tx_fib_index = ip4_fib_table_get_index_for_sw_if_index (tx_sw_if_index);
606 make_ed_kv (&ip->src_address, &ip->dst_address, ip->protocol,
607 tx_fib_index, src_port, dst_port, ~0ULL, &kv);
608 if (!clib_bihash_search_16_8 (&tsm->out2in_ed, &kv, &value))
610 s = pool_elt_at_index (tsm->sessions, value.value);
611 if (nat44_is_ses_closed (s))
613 nat_free_session_data (sm, s, thread_index, 0);
614 nat44_ed_delete_session (sm, s, thread_index, 1);
617 s->flags |= SNAT_SESSION_FLAG_OUTPUT_FEATURE;
622 make_ed_kv (&ip->dst_address, &ip->src_address, ip->protocol,
623 rx_fib_index, dst_port, src_port, ~0ULL, &kv);
624 if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &kv, &value))
626 s = pool_elt_at_index (tsm->sessions, value.value);
627 if (is_fwd_bypass_session (s))
632 pool_foreach (i, sm->output_feature_interfaces,
634 if ((nat_interface_is_inside (i)) && (rx_sw_if_index == i->sw_if_index))
644 #ifndef CLIB_MARCH_VARIANT
646 icmp_match_in2out_ed (snat_main_t * sm, vlib_node_runtime_t * node,
647 u32 thread_index, vlib_buffer_t * b, ip4_header_t * ip,
648 u8 * p_proto, snat_session_key_t * p_value,
649 u8 * p_dont_translate, void *d, void *e)
653 snat_session_t *s = 0;
654 u8 dont_translate = 0;
655 clib_bihash_kv_16_8_t kv, value;
658 u16 l_port = 0, r_port = 0; // initialize to workaround gcc warning
659 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
661 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
662 rx_fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
665 get_icmp_i2o_ed_key (b, ip, rx_fib_index, ~0ULL, p_proto, &l_port,
669 b->error = node->errors[err];
670 next = NAT_NEXT_DROP;
674 if (clib_bihash_search_16_8 (&tsm->in2out_ed, &kv, &value))
676 if (vnet_buffer (b)->sw_if_index[VLIB_TX] != ~0)
679 (nat44_ed_not_translate_output_feature
680 (sm, ip, l_port, r_port, thread_index,
681 sw_if_index, vnet_buffer (b)->sw_if_index[VLIB_TX])))
689 if (PREDICT_FALSE (nat44_ed_not_translate (sm, node, sw_if_index,
690 ip, SNAT_PROTOCOL_ICMP,
700 (icmp_type_is_error_message
701 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)))
703 b->error = node->errors[NAT_IN2OUT_ED_ERROR_BAD_ICMP_TYPE];
704 next = NAT_NEXT_DROP;
709 slow_path_ed (sm, b, ip->src_address, ip->dst_address, l_port, r_port,
710 ip->protocol, rx_fib_index, &s, node, next,
711 thread_index, vlib_time_now (sm->vlib_main));
713 if (PREDICT_FALSE (next == NAT_NEXT_DROP))
725 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags !=
727 && vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags !=
729 && !icmp_type_is_error_message (vnet_buffer (b)->ip.
730 reass.icmp_type_or_tcp_flags)))
732 b->error = node->errors[NAT_IN2OUT_ED_ERROR_BAD_ICMP_TYPE];
733 next = NAT_NEXT_DROP;
737 s = pool_elt_at_index (tsm->sessions, value.value);
741 *p_value = s->out2in;
742 *p_dont_translate = dont_translate;
744 *(snat_session_t **) d = s;
749 static snat_session_t *
750 nat44_ed_in2out_unknown_proto (snat_main_t * sm,
756 vlib_main_t * vm, vlib_node_runtime_t * node)
758 clib_bihash_kv_8_8_t kv, value;
759 clib_bihash_kv_16_8_t s_kv, s_value;
760 snat_static_mapping_t *m;
761 u32 old_addr, new_addr = 0;
763 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
765 u32 outside_fib_index = sm->outside_fib_index;
768 nat_outside_fib_t *outside_fib;
769 fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
771 .fp_proto = FIB_PROTOCOL_IP4,
774 .ip4.as_u32 = ip->dst_address.as_u32,
778 switch (vec_len (sm->outside_fibs))
781 outside_fib_index = sm->outside_fib_index;
784 outside_fib_index = sm->outside_fibs[0].fib_index;
788 vec_foreach (outside_fib, sm->outside_fibs)
790 fei = fib_table_lookup (outside_fib->fib_index, &pfx);
791 if (FIB_NODE_INDEX_INVALID != fei)
793 if (fib_entry_get_resolving_interface (fei) != ~0)
795 outside_fib_index = outside_fib->fib_index;
803 old_addr = ip->src_address.as_u32;
805 make_ed_kv (&ip->src_address, &ip->dst_address, ip->protocol,
806 rx_fib_index, 0, 0, ~0ULL, &s_kv);
808 if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &s_kv, &s_value))
810 s = pool_elt_at_index (tsm->sessions, s_value.value);
811 new_addr = ip->src_address.as_u32 = s->out2in.addr.as_u32;
815 if (PREDICT_FALSE (nat44_maximum_sessions_exceeded (sm, thread_index)))
817 b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
818 nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
819 nat_elog_notice ("maximum sessions exceeded");
823 make_sm_kv (&kv, &ip->src_address, 0, rx_fib_index, 0);
825 /* Try to find static mapping first */
826 if (!clib_bihash_search_8_8 (&sm->static_mapping_by_local, &kv, &value))
828 m = pool_elt_at_index (sm->static_mappings, value.value);
829 new_addr = ip->src_address.as_u32 = m->external_addr.as_u32;
836 pool_foreach (s, tsm->sessions, {
837 if (s->ext_host_addr.as_u32 == ip->dst_address.as_u32)
839 new_addr = ip->src_address.as_u32 = s->out2in.addr.as_u32;
841 make_ed_kv (&s->out2in.addr, &ip->dst_address, ip->protocol,
842 outside_fib_index, 0, 0, ~0ULL, &s_kv);
843 if (clib_bihash_search_16_8 (&tsm->out2in_ed, &s_kv, &s_value))
851 for (i = 0; i < vec_len (sm->addresses); i++)
853 make_ed_kv (&sm->addresses[i].addr, &ip->dst_address,
854 ip->protocol, outside_fib_index, 0, 0, ~0ULL,
856 if (clib_bihash_search_16_8 (&tsm->out2in_ed, &s_kv, &s_value))
858 new_addr = ip->src_address.as_u32 =
859 sm->addresses[i].addr.as_u32;
867 s = nat_ed_session_alloc (sm, thread_index, now);
870 b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_USER_SESS_EXCEEDED];
871 nat_elog_warn ("create NAT session failed");
875 s->ext_host_addr.as_u32 = ip->dst_address.as_u32;
876 s->flags |= SNAT_SESSION_FLAG_UNKNOWN_PROTO;
877 s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
878 s->out2in.addr.as_u32 = new_addr;
879 s->out2in.fib_index = outside_fib_index;
880 s->in2out.addr.as_u32 = old_addr;
881 s->in2out.fib_index = rx_fib_index;
882 s->in2out.port = s->out2in.port = ip->protocol;
884 s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
886 /* Add to lookup tables */
887 make_ed_kv (&s->in2out.addr, &ip->dst_address, ip->protocol,
888 rx_fib_index, 0, 0, s - tsm->sessions, &s_kv);
889 if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1))
890 nat_elog_notice ("in2out key add failed");
892 make_ed_kv (&s->out2in.addr, &ip->dst_address, ip->protocol,
893 outside_fib_index, 0, 0, s - tsm->sessions, &s_kv);
894 if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &s_kv, 1))
895 nat_elog_notice ("out2in key add failed");
898 /* Update IP checksum */
900 sum = ip_csum_update (sum, old_addr, new_addr, ip4_header_t, src_address);
901 ip->checksum = ip_csum_fold (sum);
904 nat44_session_update_counters (s, now, vlib_buffer_length_in_chain (vm, b),
906 /* Per-user LRU list maintenance */
907 nat44_session_update_lru (sm, s, thread_index);
910 if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0)
911 nat44_ed_hairpinning_unknown_proto (sm, b, ip);
913 if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0)
914 vnet_buffer (b)->sw_if_index[VLIB_TX] = outside_fib_index;
920 nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm,
921 vlib_node_runtime_t * node,
922 vlib_frame_t * frame,
923 int is_output_feature)
925 u32 n_left_from, *from, *to_next, pkts_processed = 0, stats_node_index;
926 nat_next_t next_index;
927 snat_main_t *sm = &snat_main;
928 f64 now = vlib_time_now (vm);
929 u32 thread_index = vm->thread_index;
930 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
931 u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
934 def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH :
935 NAT_NEXT_IN2OUT_ED_SLOW_PATH;
937 stats_node_index = sm->ed_in2out_node_index;
939 from = vlib_frame_vector_args (frame);
940 n_left_from = frame->n_vectors;
941 next_index = node->cached_next_index;
943 while (n_left_from > 0)
947 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
949 while (n_left_from > 0 && n_left_to_next > 0)
953 u32 next0, sw_if_index0, rx_fib_index0, iph_offset0 = 0, proto0,
954 new_addr0, old_addr0;
955 u16 old_port0, new_port0;
959 snat_session_t *s0 = 0;
960 clib_bihash_kv_16_8_t kv0, value0;
963 /* speculatively enqueue b0 to the current next frame */
971 b0 = vlib_get_buffer (vm, bi0);
973 if (is_output_feature)
975 vnet_feature_next (&vnet_buffer2 (b0)->nat.arc_next, b0);
976 iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length;
979 next0 = vnet_buffer2 (b0)->nat.arc_next;
981 ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) +
984 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
986 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
989 if (PREDICT_FALSE (ip0->ttl == 1))
991 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
992 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
993 ICMP4_time_exceeded_ttl_exceeded_in_transit,
995 next0 = NAT_NEXT_ICMP_ERROR;
999 udp0 = ip4_next_header (ip0);
1000 tcp0 = (tcp_header_t *) udp0;
1001 proto0 = ip_proto_to_snat_proto (ip0->protocol);
1003 if (PREDICT_FALSE (proto0 == ~0))
1009 if (is_output_feature)
1011 if (PREDICT_FALSE (nat_not_translate_output_feature_fwd
1012 (sm, ip0, thread_index, now, vm, b0)))
1016 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
1022 make_ed_kv (&ip0->src_address, &ip0->dst_address,
1023 ip0->protocol, rx_fib_index0,
1024 vnet_buffer (b0)->ip.reass.l4_src_port,
1025 vnet_buffer (b0)->ip.reass.l4_dst_port, ~0ULL, &kv0);
1027 // lookup for session
1028 if (clib_bihash_search_16_8 (&tsm->in2out_ed, &kv0, &value0))
1030 // session does not exist go slow path
1034 s0 = pool_elt_at_index (tsm->sessions, value0.value);
1036 if (s0->tcp_close_timestamp)
1038 if (now >= s0->tcp_close_timestamp)
1040 // session is closed, go slow path
1045 // session in transitory timeout, drop
1046 b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TCP_CLOSED];
1047 next0 = NAT_NEXT_DROP;
1052 // drop if session expired
1053 u64 sess_timeout_time;
1054 sess_timeout_time = s0->last_heard +
1055 (f64) nat44_session_get_timeout (sm, s0);
1056 if (now >= sess_timeout_time)
1058 nat_free_session_data (sm, s0, thread_index, 0);
1059 nat44_ed_delete_session (sm, s0, thread_index, 1);
1060 // session is closed, go slow path
1065 b0->flags |= VNET_BUFFER_F_IS_NATED;
1067 if (!is_output_feature)
1068 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
1070 old_addr0 = ip0->src_address.as_u32;
1071 new_addr0 = ip0->src_address.as_u32 = s0->out2in.addr.as_u32;
1072 sum0 = ip0->checksum;
1073 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1075 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1076 sum0 = ip_csum_update (sum0, ip0->dst_address.as_u32,
1077 s0->ext_host_addr.as_u32, ip4_header_t,
1079 ip0->checksum = ip_csum_fold (sum0);
1081 old_port0 = vnet_buffer (b0)->ip.reass.l4_src_port;
1083 if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
1085 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1087 new_port0 = udp0->src_port = s0->out2in.port;
1088 sum0 = tcp0->checksum;
1090 ip_csum_update (sum0, old_addr0, new_addr0,
1091 ip4_header_t, dst_address);
1093 ip_csum_update (sum0, old_port0, new_port0,
1094 ip4_header_t, length);
1095 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1098 ip_csum_update (sum0, ip0->dst_address.as_u32,
1099 s0->ext_host_addr.as_u32,
1100 ip4_header_t, dst_address);
1102 ip_csum_update (sum0,
1103 vnet_buffer (b0)->ip.
1104 reass.l4_dst_port, s0->ext_host_port,
1105 ip4_header_t, length);
1106 tcp0->dst_port = s0->ext_host_port;
1107 ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
1109 mss_clamping (sm, tcp0, &sum0);
1110 tcp0->checksum = ip_csum_fold (sum0);
1113 if (nat44_set_tcp_session_state_i2o
1114 (sm, now, s0, b0, thread_index))
1117 else if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment
1120 new_port0 = udp0->src_port = s0->out2in.port;
1121 sum0 = udp0->checksum;
1123 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1126 ip_csum_update (sum0, old_port0, new_port0, ip4_header_t,
1128 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1130 sum0 = ip_csum_update (sum0, ip0->dst_address.as_u32,
1131 s0->ext_host_addr.as_u32,
1132 ip4_header_t, dst_address);
1134 ip_csum_update (sum0,
1135 vnet_buffer (b0)->ip.reass.l4_dst_port,
1136 s0->ext_host_port, ip4_header_t, length);
1137 udp0->dst_port = s0->ext_host_port;
1138 ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
1140 udp0->checksum = ip_csum_fold (sum0);
1145 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1147 new_port0 = udp0->src_port = s0->out2in.port;
1148 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1150 udp0->dst_port = s0->ext_host_port;
1151 ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
1158 nat44_session_update_counters (s0, now,
1159 vlib_buffer_length_in_chain
1160 (vm, b0), thread_index);
1161 /* Per-user LRU list maintenance */
1162 nat44_session_update_lru (sm, s0, thread_index);
1165 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1166 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1168 nat_in2out_ed_trace_t *t =
1169 vlib_add_trace (vm, node, b0, sizeof (*t));
1170 t->sw_if_index = sw_if_index0;
1171 t->next_index = next0;
1172 t->is_slow_path = 0;
1175 t->session_index = s0 - tsm->sessions;
1177 t->session_index = ~0;
1180 pkts_processed += next0 == vnet_buffer2 (b0)->nat.arc_next;
1181 /* verify speculative enqueue, maybe switch current next frame */
1182 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1183 to_next, n_left_to_next,
1187 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1190 vlib_node_increment_counter (vm, stats_node_index,
1191 NAT_IN2OUT_ED_ERROR_IN2OUT_PACKETS,
1193 vlib_node_increment_counter (vm, stats_node_index,
1194 NAT_IN2OUT_ED_ERROR_TCP_PACKETS, tcp_packets);
1195 vlib_node_increment_counter (vm, stats_node_index,
1196 NAT_IN2OUT_ED_ERROR_UDP_PACKETS, udp_packets);
1197 vlib_node_increment_counter (vm, stats_node_index,
1198 NAT_IN2OUT_ED_ERROR_ICMP_PACKETS,
1200 vlib_node_increment_counter (vm, stats_node_index,
1201 NAT_IN2OUT_ED_ERROR_OTHER_PACKETS,
1203 return frame->n_vectors;
1207 nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm,
1208 vlib_node_runtime_t * node,
1209 vlib_frame_t * frame,
1210 int is_output_feature)
1212 u32 n_left_from, *from, *to_next, pkts_processed = 0, stats_node_index;
1213 nat_next_t next_index;
1214 snat_main_t *sm = &snat_main;
1215 f64 now = vlib_time_now (vm);
1216 u32 thread_index = vm->thread_index;
1217 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
1218 u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = 0;
1220 stats_node_index = sm->ed_in2out_slowpath_node_index;
1222 from = vlib_frame_vector_args (frame);
1223 n_left_from = frame->n_vectors;
1224 next_index = node->cached_next_index;
1226 while (n_left_from > 0)
1230 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1232 while (n_left_from > 0 && n_left_to_next > 0)
1236 u32 next0, sw_if_index0, rx_fib_index0, iph_offset0 = 0, proto0,
1237 new_addr0, old_addr0;
1238 u16 old_port0, new_port0;
1242 icmp46_header_t *icmp0;
1243 snat_session_t *s0 = 0;
1244 clib_bihash_kv_16_8_t kv0, value0;
1247 /* speculatively enqueue b0 to the current next frame */
1253 n_left_to_next -= 1;
1255 b0 = vlib_get_buffer (vm, bi0);
1257 if (is_output_feature)
1258 iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length;
1260 next0 = vnet_buffer2 (b0)->nat.arc_next;
1262 ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) +
1265 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1267 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
1270 if (PREDICT_FALSE (ip0->ttl == 1))
1272 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1273 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
1274 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1276 next0 = NAT_NEXT_ICMP_ERROR;
1280 udp0 = ip4_next_header (ip0);
1281 tcp0 = (tcp_header_t *) udp0;
1282 icmp0 = (icmp46_header_t *) udp0;
1283 proto0 = ip_proto_to_snat_proto (ip0->protocol);
1285 if (PREDICT_FALSE (proto0 == ~0))
1287 s0 = nat44_ed_in2out_unknown_proto (sm, b0, ip0,
1292 next0 = NAT_NEXT_DROP;
1298 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
1300 next0 = icmp_in2out_ed_slow_path
1301 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
1302 node, next0, now, thread_index, &s0);
1308 make_ed_kv (&ip0->src_address, &ip0->dst_address,
1309 ip0->protocol, rx_fib_index0,
1310 vnet_buffer (b0)->ip.reass.l4_src_port,
1311 vnet_buffer (b0)->ip.reass.l4_dst_port, ~0ULL, &kv0);
1313 if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &kv0, &value0))
1315 s0 = pool_elt_at_index (tsm->sessions, value0.value);
1317 if (s0->tcp_close_timestamp && now >= s0->tcp_close_timestamp)
1319 nat_free_session_data (sm, s0, thread_index, 0);
1320 nat44_ed_delete_session (sm, s0, thread_index, 1);
1327 if (is_output_feature)
1330 (nat44_ed_not_translate_output_feature
1331 (sm, ip0, vnet_buffer (b0)->ip.reass.l4_src_port,
1332 vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index,
1334 vnet_buffer (b0)->sw_if_index[VLIB_TX])))
1338 * Send DHCP packets to the ipv4 stack, or we won't
1339 * be able to use dhcp client on the outside interface
1342 (proto0 == SNAT_PROTOCOL_UDP
1343 && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
1344 clib_host_to_net_u16 (UDP_DST_PORT_dhcp_to_server))
1345 && ip0->dst_address.as_u32 == 0xffffffff))
1351 (nat44_ed_not_translate
1352 (sm, node, sw_if_index0, ip0, proto0, rx_fib_index0,
1358 slow_path_ed (sm, b0, ip0->src_address, ip0->dst_address,
1359 vnet_buffer (b0)->ip.reass.l4_src_port,
1360 vnet_buffer (b0)->ip.reass.l4_dst_port,
1361 ip0->protocol, rx_fib_index0, &s0, node, next0,
1364 if (PREDICT_FALSE (next0 == NAT_NEXT_DROP))
1367 if (PREDICT_FALSE (!s0))
1372 b0->flags |= VNET_BUFFER_F_IS_NATED;
1374 if (!is_output_feature)
1375 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
1377 old_addr0 = ip0->src_address.as_u32;
1378 new_addr0 = ip0->src_address.as_u32 = s0->out2in.addr.as_u32;
1379 sum0 = ip0->checksum;
1380 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1382 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1383 sum0 = ip_csum_update (sum0, ip0->dst_address.as_u32,
1384 s0->ext_host_addr.as_u32, ip4_header_t,
1386 ip0->checksum = ip_csum_fold (sum0);
1388 old_port0 = vnet_buffer (b0)->ip.reass.l4_src_port;
1390 if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
1392 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1394 new_port0 = udp0->src_port = s0->out2in.port;
1395 sum0 = tcp0->checksum;
1397 ip_csum_update (sum0, old_addr0, new_addr0,
1398 ip4_header_t, dst_address);
1400 ip_csum_update (sum0, old_port0, new_port0,
1401 ip4_header_t, length);
1402 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1405 ip_csum_update (sum0, ip0->dst_address.as_u32,
1406 s0->ext_host_addr.as_u32,
1407 ip4_header_t, dst_address);
1409 ip_csum_update (sum0,
1410 vnet_buffer (b0)->ip.
1411 reass.l4_dst_port, s0->ext_host_port,
1412 ip4_header_t, length);
1413 tcp0->dst_port = s0->ext_host_port;
1414 ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
1416 mss_clamping (sm, tcp0, &sum0);
1417 tcp0->checksum = ip_csum_fold (sum0);
1420 if (nat44_set_tcp_session_state_i2o
1421 (sm, now, s0, b0, thread_index))
1424 else if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment
1427 new_port0 = udp0->src_port = s0->out2in.port;
1428 sum0 = udp0->checksum;
1430 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1433 ip_csum_update (sum0, old_port0, new_port0, ip4_header_t,
1435 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1437 sum0 = ip_csum_update (sum0, ip0->dst_address.as_u32,
1438 s0->ext_host_addr.as_u32,
1439 ip4_header_t, dst_address);
1441 ip_csum_update (sum0,
1442 vnet_buffer (b0)->ip.reass.l4_dst_port,
1443 s0->ext_host_port, ip4_header_t, length);
1444 udp0->dst_port = s0->ext_host_port;
1445 ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
1447 udp0->checksum = ip_csum_fold (sum0);
1452 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1454 new_port0 = udp0->src_port = s0->out2in.port;
1455 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1457 udp0->dst_port = s0->ext_host_port;
1458 ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32;
1465 nat44_session_update_counters (s0, now,
1466 vlib_buffer_length_in_chain
1467 (vm, b0), thread_index);
1468 /* Per-user LRU list maintenance */
1469 nat44_session_update_lru (sm, s0, thread_index);
1472 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1473 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1475 nat_in2out_ed_trace_t *t =
1476 vlib_add_trace (vm, node, b0, sizeof (*t));
1477 t->sw_if_index = sw_if_index0;
1478 t->next_index = next0;
1479 t->is_slow_path = 1;
1482 t->session_index = s0 - tsm->sessions;
1484 t->session_index = ~0;
1487 pkts_processed += next0 == vnet_buffer2 (b0)->nat.arc_next;
1489 /* verify speculative enqueue, maybe switch current next frame */
1490 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1491 to_next, n_left_to_next,
1495 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1498 vlib_node_increment_counter (vm, stats_node_index,
1499 NAT_IN2OUT_ED_ERROR_IN2OUT_PACKETS,
1501 vlib_node_increment_counter (vm, stats_node_index,
1502 NAT_IN2OUT_ED_ERROR_TCP_PACKETS, tcp_packets);
1503 vlib_node_increment_counter (vm, stats_node_index,
1504 NAT_IN2OUT_ED_ERROR_UDP_PACKETS, udp_packets);
1505 vlib_node_increment_counter (vm, stats_node_index,
1506 NAT_IN2OUT_ED_ERROR_ICMP_PACKETS,
1508 vlib_node_increment_counter (vm, stats_node_index,
1509 NAT_IN2OUT_ED_ERROR_OTHER_PACKETS,
1511 return frame->n_vectors;
1514 VLIB_NODE_FN (nat44_ed_in2out_node) (vlib_main_t * vm,
1515 vlib_node_runtime_t * node,
1516 vlib_frame_t * frame)
1518 return nat44_ed_in2out_fast_path_node_fn_inline (vm, node, frame, 0);
1522 VLIB_REGISTER_NODE (nat44_ed_in2out_node) = {
1523 .name = "nat44-ed-in2out",
1524 .vector_size = sizeof (u32),
1525 .sibling_of = "nat-default",
1526 .format_trace = format_nat_in2out_ed_trace,
1527 .type = VLIB_NODE_TYPE_INTERNAL,
1528 .n_errors = ARRAY_LEN (nat_in2out_ed_error_strings),
1529 .error_strings = nat_in2out_ed_error_strings,
1530 .runtime_data_bytes = sizeof (snat_runtime_t),
1534 VLIB_NODE_FN (nat44_ed_in2out_output_node) (vlib_main_t * vm,
1535 vlib_node_runtime_t * node,
1536 vlib_frame_t * frame)
1538 return nat44_ed_in2out_fast_path_node_fn_inline (vm, node, frame, 1);
1542 VLIB_REGISTER_NODE (nat44_ed_in2out_output_node) = {
1543 .name = "nat44-ed-in2out-output",
1544 .vector_size = sizeof (u32),
1545 .sibling_of = "nat-default",
1546 .format_trace = format_nat_in2out_ed_trace,
1547 .type = VLIB_NODE_TYPE_INTERNAL,
1548 .n_errors = ARRAY_LEN (nat_in2out_ed_error_strings),
1549 .error_strings = nat_in2out_ed_error_strings,
1550 .runtime_data_bytes = sizeof (snat_runtime_t),
1554 VLIB_NODE_FN (nat44_ed_in2out_slowpath_node) (vlib_main_t * vm,
1555 vlib_node_runtime_t *
1556 node, vlib_frame_t * frame)
1558 return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 0);
1562 VLIB_REGISTER_NODE (nat44_ed_in2out_slowpath_node) = {
1563 .name = "nat44-ed-in2out-slowpath",
1564 .vector_size = sizeof (u32),
1565 .sibling_of = "nat-default",
1566 .format_trace = format_nat_in2out_ed_trace,
1567 .type = VLIB_NODE_TYPE_INTERNAL,
1568 .n_errors = ARRAY_LEN (nat_in2out_ed_error_strings),
1569 .error_strings = nat_in2out_ed_error_strings,
1570 .runtime_data_bytes = sizeof (snat_runtime_t),
1574 VLIB_NODE_FN (nat44_ed_in2out_output_slowpath_node) (vlib_main_t * vm,
1577 vlib_frame_t * frame)
1579 return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 1);
1583 VLIB_REGISTER_NODE (nat44_ed_in2out_output_slowpath_node) = {
1584 .name = "nat44-ed-in2out-output-slowpath",
1585 .vector_size = sizeof (u32),
1586 .sibling_of = "nat-default",
1587 .format_trace = format_nat_in2out_ed_trace,
1588 .type = VLIB_NODE_TYPE_INTERNAL,
1589 .n_errors = ARRAY_LEN (nat_in2out_ed_error_strings),
1590 .error_strings = nat_in2out_ed_error_strings,
1591 .runtime_data_bytes = sizeof (snat_runtime_t),
1596 format_nat_pre_trace (u8 * s, va_list * args)
1598 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1599 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1600 nat_pre_trace_t *t = va_arg (*args, nat_pre_trace_t *);
1601 return format (s, "in2out next_index %d", t->next_index);
1604 VLIB_NODE_FN (nat_pre_in2out_node)
1605 (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
1607 return nat_pre_node_fn_inline (vm, node, frame,
1608 NAT_NEXT_IN2OUT_ED_FAST_PATH);
1612 VLIB_REGISTER_NODE (nat_pre_in2out_node) = {
1613 .name = "nat-pre-in2out",
1614 .vector_size = sizeof (u32),
1615 .sibling_of = "nat-default",
1616 .format_trace = format_nat_pre_trace,
1617 .type = VLIB_NODE_TYPE_INTERNAL,
1623 * fd.io coding-style-patch-verification: ON
1626 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob