2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief Classify for one armed NAT44 (in+out interface)
20 #include <vlib/vlib.h>
21 #include <vnet/vnet.h>
22 #include <vnet/fib/ip4_fib.h>
24 #include <nat/nat44-ed/nat44_ed.h>
25 #include <nat/nat44-ed/nat44_ed_inlines.h>
27 #define foreach_nat44_classify_error \
28 _(NEXT_IN2OUT, "next in2out") \
29 _(NEXT_OUT2IN, "next out2in") \
30 _(FRAG_CACHED, "fragment cached")
34 #define _(sym,str) NAT44_CLASSIFY_ERROR_##sym,
35 foreach_nat44_classify_error
37 NAT44_CLASSIFY_N_ERROR,
38 } nat44_classify_error_t;
42 NAT44_CLASSIFY_NEXT_IN2OUT,
43 NAT44_CLASSIFY_NEXT_OUT2IN,
44 NAT44_CLASSIFY_NEXT_DROP,
45 NAT44_CLASSIFY_N_NEXT,
46 } nat44_classify_next_t;
52 } nat44_classify_trace_t;
55 format_nat44_classify_trace (u8 * s, va_list * args)
57 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
58 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
59 nat44_classify_trace_t *t = va_arg (*args, nat44_classify_trace_t *);
63 s = format (s, "nat44-classify: fragment cached");
66 next = t->next_in2out ? "nat44-ed-in2out" : "nat44-ed-out2in";
67 s = format (s, "nat44-classify: next %s", next);
74 nat44_handoff_classify_node_fn_inline (vlib_main_t * vm,
75 vlib_node_runtime_t * node,
78 u32 n_left_from, *from, *to_next;
79 nat44_classify_next_t next_index;
80 snat_main_t *sm = &snat_main;
81 snat_static_mapping_t *m;
82 u32 next_in2out = 0, next_out2in = 0;
84 from = vlib_frame_vector_args (frame);
85 n_left_from = frame->n_vectors;
86 next_index = node->cached_next_index;
88 while (n_left_from > 0)
92 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
94 while (n_left_from > 0 && n_left_to_next > 0)
98 u32 next0 = NAT_NEXT_IN2OUT_CLASSIFY;
102 /* speculatively enqueue b0 to the current next frame */
110 b0 = vlib_get_buffer (vm, bi0);
111 ip0 = vlib_buffer_get_current (b0);
113 vec_foreach (ap, sm->addresses)
115 if (ip0->dst_address.as_u32 == ap->addr.as_u32)
117 next0 = NAT_NEXT_OUT2IN_CLASSIFY;
122 if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
124 /* try to classify the fragment based on IP header alone */
125 m = nat44_ed_sm_o2i_lookup (sm, ip0->dst_address, 0, 0, 0);
128 if (m->local_addr.as_u32 != m->external_addr.as_u32)
129 next0 = NAT_NEXT_OUT2IN_CLASSIFY;
132 m = nat44_ed_sm_o2i_lookup (
133 sm, ip0->dst_address, vnet_buffer (b0)->ip.reass.l4_dst_port,
137 if (m->local_addr.as_u32 != m->external_addr.as_u32)
138 next0 = NAT_NEXT_OUT2IN_CLASSIFY;
143 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
144 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
146 nat44_classify_trace_t *t =
147 vlib_add_trace (vm, node, b0, sizeof (*t));
149 t->next_in2out = next0 == NAT_NEXT_IN2OUT_CLASSIFY ? 1 : 0;
152 next_in2out += next0 == NAT_NEXT_IN2OUT_CLASSIFY;
153 next_out2in += next0 == NAT_NEXT_OUT2IN_CLASSIFY;
155 /* verify speculative enqueue, maybe switch current next frame */
156 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
157 to_next, n_left_to_next,
161 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
164 vlib_node_increment_counter (vm, node->node_index,
165 NAT44_CLASSIFY_ERROR_NEXT_IN2OUT, next_in2out);
166 vlib_node_increment_counter (vm, node->node_index,
167 NAT44_CLASSIFY_ERROR_NEXT_OUT2IN, next_out2in);
168 return frame->n_vectors;
172 nat44_ed_classify_node_fn_inline (vlib_main_t * vm,
173 vlib_node_runtime_t * node,
174 vlib_frame_t * frame)
176 u32 n_left_from, *from, *to_next;
177 nat44_classify_next_t next_index;
178 snat_main_t *sm = &snat_main;
179 snat_static_mapping_t *m;
180 u32 next_in2out = 0, next_out2in = 0;
182 from = vlib_frame_vector_args (frame);
183 n_left_from = frame->n_vectors;
184 next_index = node->cached_next_index;
186 while (n_left_from > 0)
190 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
192 while (n_left_from > 0 && n_left_to_next > 0)
196 u32 next0 = NAT_NEXT_IN2OUT_ED_FAST_PATH;
197 u32 sw_if_index0, rx_fib_index0;
200 clib_bihash_kv_16_8_t ed_kv0, ed_value0;
202 /* speculatively enqueue b0 to the current next frame */
210 b0 = vlib_get_buffer (vm, bi0);
211 ip0 = vlib_buffer_get_current (b0);
214 vnet_feature_next (&arc_next, b0);
215 vnet_buffer2 (b0)->nat.arc_next = arc_next;
217 if (ip0->protocol != IP_PROTOCOL_ICMP)
219 /* process leading fragment/whole packet (with L4 header) */
220 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
222 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
224 init_ed_k (&ed_kv0, ip0->src_address.as_u32,
225 vnet_buffer (b0)->ip.reass.l4_src_port,
226 ip0->dst_address.as_u32,
227 vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0,
229 /* process whole packet */
230 if (!clib_bihash_search_16_8 (&sm->flow_hash, &ed_kv0,
233 ASSERT (vm->thread_index ==
234 ed_value_get_thread_index (&ed_value0));
235 snat_main_per_thread_data_t *tsm =
236 &sm->per_thread_data[vm->thread_index];
237 snat_session_t *s = pool_elt_at_index (
238 tsm->sessions, ed_value_get_session_index (&ed_value0));
239 clib_bihash_kv_16_8_t i2o_kv;
240 nat_6t_flow_to_ed_k (&i2o_kv, &s->i2o);
241 vnet_buffer2 (b0)->nat.cached_session_index =
242 ed_value_get_session_index (&ed_value0);
243 if (i2o_kv.key[0] == ed_kv0.key[0] &&
244 i2o_kv.key[1] == ed_kv0.key[1])
246 next0 = NAT_NEXT_IN2OUT_ED_FAST_PATH;
250 next0 = NAT_NEXT_OUT2IN_ED_FAST_PATH;
255 /* session doesn't exist so continue in code */
258 vec_foreach (ap, sm->addresses)
260 if (ip0->dst_address.as_u32 == ap->addr.as_u32)
262 next0 = NAT_NEXT_OUT2IN_ED_FAST_PATH;
267 if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
269 /* try to classify the fragment based on IP header alone */
270 m = nat44_ed_sm_o2i_lookup (sm, ip0->dst_address, 0, 0, 0);
273 if (m->local_addr.as_u32 != m->external_addr.as_u32)
274 next0 = NAT_NEXT_OUT2IN_ED_FAST_PATH;
277 m = nat44_ed_sm_o2i_lookup (
278 sm, ip0->dst_address, vnet_buffer (b0)->ip.reass.l4_dst_port,
282 if (m->local_addr.as_u32 != m->external_addr.as_u32)
283 next0 = NAT_NEXT_OUT2IN_ED_FAST_PATH;
288 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
289 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
291 nat44_classify_trace_t *t =
292 vlib_add_trace (vm, node, b0, sizeof (*t));
294 t->next_in2out = next0 == NAT_NEXT_IN2OUT_ED_FAST_PATH ? 1 : 0;
297 next_in2out += next0 == NAT_NEXT_IN2OUT_ED_FAST_PATH;
298 next_out2in += next0 == NAT_NEXT_OUT2IN_ED_FAST_PATH;
300 /* verify speculative enqueue, maybe switch current next frame */
301 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
302 to_next, n_left_to_next,
306 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
309 vlib_node_increment_counter (vm, node->node_index,
310 NAT44_CLASSIFY_ERROR_NEXT_IN2OUT, next_in2out);
311 vlib_node_increment_counter (vm, node->node_index,
312 NAT44_CLASSIFY_ERROR_NEXT_OUT2IN, next_out2in);
313 return frame->n_vectors;
316 VLIB_NODE_FN (nat44_ed_classify_node) (vlib_main_t * vm,
317 vlib_node_runtime_t * node,
318 vlib_frame_t * frame)
320 return nat44_ed_classify_node_fn_inline (vm, node, frame);
323 VLIB_REGISTER_NODE (nat44_ed_classify_node) = {
324 .name = "nat44-ed-classify",
325 .vector_size = sizeof (u32),
326 .sibling_of = "nat-default",
327 .format_trace = format_nat44_classify_trace,
328 .type = VLIB_NODE_TYPE_INTERNAL,
331 VLIB_NODE_FN (nat44_handoff_classify_node) (vlib_main_t * vm,
332 vlib_node_runtime_t * node,
333 vlib_frame_t * frame)
335 return nat44_handoff_classify_node_fn_inline (vm, node, frame);
338 VLIB_REGISTER_NODE (nat44_handoff_classify_node) = {
339 .name = "nat44-handoff-classify",
340 .vector_size = sizeof (u32),
341 .sibling_of = "nat-default",
342 .format_trace = format_nat44_classify_trace,
343 .type = VLIB_NODE_TYPE_INTERNAL,
347 * fd.io coding-style-patch-verification: ON
350 * eval: (c-set-style "gnu")