2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 * @brief The NAT inline functions
19 #ifndef __included_nat44_ed_inlines_h__
20 #define __included_nat44_ed_inlines_h__
23 #include <vppinfra/clib.h>
24 #include <vnet/fib/ip4_fib.h>
26 #include <nat/lib/log.h>
27 #include <nat/nat44-ed/nat44_ed.h>
30 calc_nat_key (ip4_address_t addr, u16 port, u32 fib_index, u8 proto)
32 ASSERT (fib_index <= (1 << 14) - 1);
33 ASSERT (proto <= (1 << 3) - 1);
34 return (u64) addr.as_u32 << 32 | (u64) port << 16 | fib_index << 3 |
39 split_nat_key (u64 key, ip4_address_t *addr, u16 *port, u32 *fib_index,
40 nat_protocol_t *proto)
44 addr->as_u32 = key >> 32;
48 *port = (key >> 16) & (u16) ~0;
52 *fib_index = key >> 3 & ((1 << 13) - 1);
61 init_nat_k (clib_bihash_kv_8_8_t *kv, ip4_address_t addr, u16 port,
62 u32 fib_index, nat_protocol_t proto)
64 kv->key = calc_nat_key (addr, port, fib_index, proto);
69 init_nat_kv (clib_bihash_kv_8_8_t *kv, ip4_address_t addr, u16 port,
70 u32 fib_index, nat_protocol_t proto, u32 thread_index,
73 init_nat_k (kv, addr, port, fib_index, proto);
74 kv->value = (u64) thread_index << 32 | session_index;
78 init_nat_i2o_k (clib_bihash_kv_8_8_t *kv, snat_session_t *s)
80 return init_nat_k (kv, s->in2out.addr, s->in2out.port, s->in2out.fib_index,
85 init_nat_i2o_kv (clib_bihash_kv_8_8_t *kv, snat_session_t *s, u32 thread_index,
88 init_nat_k (kv, s->in2out.addr, s->in2out.port, s->in2out.fib_index,
90 kv->value = (u64) thread_index << 32 | session_index;
94 init_nat_o2i_k (clib_bihash_kv_8_8_t *kv, snat_session_t *s)
96 return init_nat_k (kv, s->out2in.addr, s->out2in.port, s->out2in.fib_index,
101 init_nat_o2i_kv (clib_bihash_kv_8_8_t *kv, snat_session_t *s, u32 thread_index,
104 init_nat_k (kv, s->out2in.addr, s->out2in.port, s->out2in.fib_index,
106 kv->value = (u64) thread_index << 32 | session_index;
110 nat_value_get_thread_index (clib_bihash_kv_8_8_t *value)
112 return value->value >> 32;
116 nat_value_get_session_index (clib_bihash_kv_8_8_t *value)
118 return value->value & ~(u32) 0;
122 init_ed_k (clib_bihash_kv_16_8_t *kv, ip4_address_t l_addr, u16 l_port,
123 ip4_address_t r_addr, u16 r_port, u32 fib_index, u8 proto)
125 kv->key[0] = (u64) r_addr.as_u32 << 32 | l_addr.as_u32;
127 (u64) r_port << 48 | (u64) l_port << 32 | fib_index << 8 | proto;
131 init_ed_kv (clib_bihash_kv_16_8_t *kv, ip4_address_t l_addr, u16 l_port,
132 ip4_address_t r_addr, u16 r_port, u32 fib_index, u8 proto,
133 u32 thread_index, u32 session_index)
135 init_ed_k (kv, l_addr, l_port, r_addr, r_port, fib_index, proto);
136 kv->value = (u64) thread_index << 32 | session_index;
140 ed_value_get_thread_index (clib_bihash_kv_16_8_t *value)
142 return value->value >> 32;
146 ed_value_get_session_index (clib_bihash_kv_16_8_t *value)
148 return value->value & ~(u32) 0;
152 split_ed_kv (clib_bihash_kv_16_8_t *kv, ip4_address_t *l_addr,
153 ip4_address_t *r_addr, u8 *proto, u32 *fib_index, u16 *l_port,
158 l_addr->as_u32 = kv->key[0] & (u32) ~0;
162 r_addr->as_u32 = kv->key[0] >> 32;
166 *r_port = kv->key[1] >> 48;
170 *l_port = (kv->key[1] >> 32) & (u16) ~0;
174 *fib_index = (kv->key[1] >> 8) & ((1 << 24) - 1);
178 *proto = kv->key[1] & (u8) ~0;
182 static_always_inline int
183 nat_get_icmp_session_lookup_values (vlib_buffer_t *b, ip4_header_t *ip0,
184 ip4_address_t *lookup_saddr,
186 ip4_address_t *lookup_daddr,
187 u16 *lookup_dport, u8 *lookup_protocol)
189 icmp46_header_t *icmp0;
190 icmp_echo_header_t *echo0, *inner_echo0 = 0;
191 ip4_header_t *inner_ip0 = 0;
193 icmp46_header_t *inner_icmp0;
195 icmp0 = (icmp46_header_t *) ip4_next_header (ip0);
196 echo0 = (icmp_echo_header_t *) (icmp0 + 1);
198 // avoid warning about unused variables in caller by setting to bogus values
202 if (!icmp_type_is_error_message (
203 vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
205 *lookup_protocol = IP_PROTOCOL_ICMP;
206 lookup_saddr->as_u32 = ip0->src_address.as_u32;
207 *lookup_sport = vnet_buffer (b)->ip.reass.l4_src_port;
208 lookup_daddr->as_u32 = ip0->dst_address.as_u32;
209 *lookup_dport = vnet_buffer (b)->ip.reass.l4_dst_port;
213 inner_ip0 = (ip4_header_t *) (echo0 + 1);
214 l4_header = ip4_next_header (inner_ip0);
215 *lookup_protocol = inner_ip0->protocol;
216 lookup_saddr->as_u32 = inner_ip0->dst_address.as_u32;
217 lookup_daddr->as_u32 = inner_ip0->src_address.as_u32;
218 switch (ip_proto_to_nat_proto (inner_ip0->protocol))
220 case NAT_PROTOCOL_ICMP:
221 inner_icmp0 = (icmp46_header_t *) l4_header;
222 inner_echo0 = (icmp_echo_header_t *) (inner_icmp0 + 1);
223 *lookup_sport = inner_echo0->identifier;
224 *lookup_dport = inner_echo0->identifier;
226 case NAT_PROTOCOL_UDP:
227 case NAT_PROTOCOL_TCP:
228 *lookup_sport = ((tcp_udp_header_t *) l4_header)->dst_port;
229 *lookup_dport = ((tcp_udp_header_t *) l4_header)->src_port;
232 return NAT_IN2OUT_ED_ERROR_UNSUPPORTED_PROTOCOL;
239 nat44_session_get_timeout (snat_main_t *sm, snat_session_t *s)
241 switch (s->nat_proto)
243 case NAT_PROTOCOL_ICMP:
244 return sm->timeouts.icmp;
245 case NAT_PROTOCOL_UDP:
246 return sm->timeouts.udp;
247 case NAT_PROTOCOL_TCP:
250 return sm->timeouts.tcp.transitory;
252 return sm->timeouts.tcp.established;
255 return sm->timeouts.udp;
261 static_always_inline u8
262 nat44_ed_maximum_sessions_exceeded (snat_main_t *sm, u32 fib_index,
266 translations = pool_elts (sm->per_thread_data[thread_index].sessions);
267 if (vec_len (sm->max_translations_per_fib) <= fib_index)
269 return translations >= sm->max_translations_per_fib[fib_index];
272 static_always_inline int
273 nat_ed_lru_insert (snat_main_per_thread_data_t *tsm, snat_session_t *s,
276 dlist_elt_t *lru_list_elt;
277 pool_get (tsm->lru_pool, lru_list_elt);
278 s->lru_index = lru_list_elt - tsm->lru_pool;
281 case IP_PROTOCOL_UDP:
282 s->lru_head_index = tsm->udp_lru_head_index;
284 case IP_PROTOCOL_TCP:
285 s->lru_head_index = tsm->tcp_trans_lru_head_index;
287 case IP_PROTOCOL_ICMP:
288 s->lru_head_index = tsm->icmp_lru_head_index;
291 s->lru_head_index = tsm->unk_proto_lru_head_index;
294 clib_dlist_addtail (tsm->lru_pool, s->lru_head_index, s->lru_index);
295 lru_list_elt->value = s - tsm->sessions;
296 s->last_lru_update = now;
300 static_always_inline void
301 nat_6t_flow_to_ed_k (clib_bihash_kv_16_8_t *kv, nat_6t_flow_t *f)
303 init_ed_k (kv, f->match.saddr, f->match.sport, f->match.daddr,
304 f->match.dport, f->match.fib_index, f->match.proto);
307 static_always_inline void
308 nat_6t_flow_to_ed_kv (clib_bihash_kv_16_8_t *kv, nat_6t_flow_t *f,
309 u32 thread_idx, u32 session_idx)
311 init_ed_kv (kv, f->match.saddr, f->match.sport, f->match.daddr,
312 f->match.dport, f->match.fib_index, f->match.proto, thread_idx,
316 static_always_inline int
317 nat_ed_ses_i2o_flow_hash_add_del (snat_main_t *sm, u32 thread_idx,
318 snat_session_t *s, int is_add)
320 snat_main_per_thread_data_t *tsm =
321 vec_elt_at_index (sm->per_thread_data, thread_idx);
322 clib_bihash_kv_16_8_t kv;
325 nat_6t_flow_to_ed_k (&kv, &s->i2o);
329 nat_6t_flow_to_ed_kv (&kv, &s->i2o, thread_idx, s - tsm->sessions);
330 nat_6t_l3_l4_csum_calc (&s->i2o);
332 return clib_bihash_add_del_16_8 (&sm->flow_hash, &kv, is_add);
335 static_always_inline int
336 nat_ed_ses_o2i_flow_hash_add_del (snat_main_t *sm, u32 thread_idx,
337 snat_session_t *s, int is_add)
339 snat_main_per_thread_data_t *tsm =
340 vec_elt_at_index (sm->per_thread_data, thread_idx);
341 clib_bihash_kv_16_8_t kv;
344 nat_6t_flow_to_ed_k (&kv, &s->o2i);
348 nat_6t_flow_to_ed_kv (&kv, &s->o2i, thread_idx, s - tsm->sessions);
349 nat_6t_l3_l4_csum_calc (&s->o2i);
351 return clib_bihash_add_del_16_8 (&sm->flow_hash, &kv, is_add);
355 nat_ed_session_delete (snat_main_t *sm, snat_session_t *ses, u32 thread_index,
357 /* delete from global LRU list */)
359 snat_main_per_thread_data_t *tsm =
360 vec_elt_at_index (sm->per_thread_data, thread_index);
364 clib_dlist_remove (tsm->lru_pool, ses->lru_index);
366 pool_put_index (tsm->lru_pool, ses->lru_index);
367 if (nat_ed_ses_i2o_flow_hash_add_del (sm, thread_index, ses, 0))
368 nat_elog_warn (sm, "flow hash del failed");
369 if (nat_ed_ses_o2i_flow_hash_add_del (sm, thread_index, ses, 0))
370 nat_elog_warn (sm, "flow hash del failed");
371 pool_put (tsm->sessions, ses);
372 vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
373 pool_elts (tsm->sessions));
376 static_always_inline int
377 nat_lru_free_one_with_head (snat_main_t *sm, int thread_index, f64 now,
380 snat_session_t *s = NULL;
381 dlist_elt_t *oldest_elt;
382 f64 sess_timeout_time;
384 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
385 oldest_index = clib_dlist_remove_head (tsm->lru_pool, head_index);
386 if (~0 != oldest_index)
388 oldest_elt = pool_elt_at_index (tsm->lru_pool, oldest_index);
389 s = pool_elt_at_index (tsm->sessions, oldest_elt->value);
392 s->last_heard + (f64) nat44_session_get_timeout (sm, s);
393 if (now >= sess_timeout_time ||
394 (s->tcp_closed_timestamp && now >= s->tcp_closed_timestamp))
396 nat_free_session_data (sm, s, thread_index, 0);
397 nat_ed_session_delete (sm, s, thread_index, 0);
402 clib_dlist_addhead (tsm->lru_pool, head_index, oldest_index);
408 static_always_inline int
409 nat_lru_free_one (snat_main_t *sm, int thread_index, f64 now)
411 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
414 if ((rc = nat_lru_free_one_with_head (sm, thread_index, now, \
415 tsm->p##_lru_head_index))) \
428 static_always_inline snat_session_t *
429 nat_ed_session_alloc (snat_main_t *sm, u32 thread_index, f64 now, u8 proto)
432 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
434 nat_lru_free_one (sm, thread_index, now);
436 pool_get (tsm->sessions, s);
437 clib_memset (s, 0, sizeof (*s));
439 nat_ed_lru_insert (tsm, s, now, proto);
441 s->ha_last_refreshed = now;
442 vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
443 pool_elts (tsm->sessions));
448 static_always_inline void
449 per_vrf_sessions_cleanup (u32 thread_index)
451 snat_main_t *sm = &snat_main;
452 snat_main_per_thread_data_t *tsm =
453 vec_elt_at_index (sm->per_thread_data, thread_index);
454 per_vrf_sessions_t *per_vrf_sessions;
455 u32 *to_free = 0, *i;
457 vec_foreach (per_vrf_sessions, tsm->per_vrf_sessions_vec)
459 if (per_vrf_sessions->expired)
461 if (per_vrf_sessions->ses_count == 0)
463 vec_add1 (to_free, per_vrf_sessions - tsm->per_vrf_sessions_vec);
468 if (vec_len (to_free))
470 vec_foreach (i, to_free)
472 vec_del1 (tsm->per_vrf_sessions_vec, *i);
480 static_always_inline void
481 per_vrf_sessions_register_session (snat_session_t *s, u32 thread_index)
483 snat_main_t *sm = &snat_main;
484 snat_main_per_thread_data_t *tsm =
485 vec_elt_at_index (sm->per_thread_data, thread_index);
486 per_vrf_sessions_t *per_vrf_sessions;
488 per_vrf_sessions_cleanup (thread_index);
490 // s->per_vrf_sessions_index == ~0 ... reuse of old session
492 vec_foreach (per_vrf_sessions, tsm->per_vrf_sessions_vec)
494 // ignore already expired registrations
495 if (per_vrf_sessions->expired)
498 if ((s->in2out.fib_index == per_vrf_sessions->rx_fib_index) &&
499 (s->out2in.fib_index == per_vrf_sessions->tx_fib_index))
503 if ((s->in2out.fib_index == per_vrf_sessions->tx_fib_index) &&
504 (s->out2in.fib_index == per_vrf_sessions->rx_fib_index))
510 // create a new registration
511 vec_add2 (tsm->per_vrf_sessions_vec, per_vrf_sessions, 1);
512 clib_memset (per_vrf_sessions, 0, sizeof (*per_vrf_sessions));
514 per_vrf_sessions->rx_fib_index = s->in2out.fib_index;
515 per_vrf_sessions->tx_fib_index = s->out2in.fib_index;
518 s->per_vrf_sessions_index = per_vrf_sessions - tsm->per_vrf_sessions_vec;
519 per_vrf_sessions->ses_count++;
523 static_always_inline void
524 per_vrf_sessions_unregister_session (snat_session_t *s, u32 thread_index)
526 snat_main_t *sm = &snat_main;
527 snat_main_per_thread_data_t *tsm;
528 per_vrf_sessions_t *per_vrf_sessions;
530 ASSERT (s->per_vrf_sessions_index != ~0);
532 tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
534 vec_elt_at_index (tsm->per_vrf_sessions_vec, s->per_vrf_sessions_index);
536 ASSERT (per_vrf_sessions->ses_count != 0);
538 per_vrf_sessions->ses_count--;
539 s->per_vrf_sessions_index = ~0;
543 static_always_inline u8
544 per_vrf_sessions_is_expired (snat_session_t *s, u32 thread_index)
546 snat_main_t *sm = &snat_main;
547 snat_main_per_thread_data_t *tsm;
548 per_vrf_sessions_t *per_vrf_sessions;
550 ASSERT (s->per_vrf_sessions_index != ~0);
552 tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
554 vec_elt_at_index (tsm->per_vrf_sessions_vec, s->per_vrf_sessions_index);
555 return per_vrf_sessions->expired;
558 static_always_inline void
559 nat_6t_flow_init (nat_6t_flow_t *f, u32 thread_idx, ip4_address_t saddr,
560 u16 sport, ip4_address_t daddr, u16 dport, u32 fib_index,
561 u8 proto, u32 session_idx)
563 clib_memset (f, 0, sizeof (*f));
564 f->match.saddr = saddr;
565 f->match.sport = sport;
566 f->match.daddr = daddr;
567 f->match.dport = dport;
568 f->match.proto = proto;
569 f->match.fib_index = fib_index;
572 static_always_inline void
573 nat_6t_i2o_flow_init (snat_main_t *sm, u32 thread_idx, snat_session_t *s,
574 ip4_address_t saddr, u16 sport, ip4_address_t daddr,
575 u16 dport, u32 fib_index, u8 proto)
577 snat_main_per_thread_data_t *tsm =
578 vec_elt_at_index (sm->per_thread_data, thread_idx);
579 nat_6t_flow_init (&s->i2o, thread_idx, saddr, sport, daddr, dport, fib_index,
580 proto, s - tsm->sessions);
583 static_always_inline void
584 nat_6t_o2i_flow_init (snat_main_t *sm, u32 thread_idx, snat_session_t *s,
585 ip4_address_t saddr, u16 sport, ip4_address_t daddr,
586 u16 dport, u32 fib_index, u8 proto)
588 snat_main_per_thread_data_t *tsm =
589 vec_elt_at_index (sm->per_thread_data, thread_idx);
590 nat_6t_flow_init (&s->o2i, thread_idx, saddr, sport, daddr, dport, fib_index,
591 proto, s - tsm->sessions);
594 static_always_inline int
595 nat_6t_flow_match (nat_6t_flow_t *f, vlib_buffer_t *b, ip4_address_t saddr,
596 u16 sport, ip4_address_t daddr, u16 dport, u8 protocol,
599 return f->match.daddr.as_u32 == daddr.as_u32 &&
600 f->match.dport == vnet_buffer (b)->ip.reass.l4_dst_port &&
601 f->match.proto == protocol && f->match.fib_index == fib_index &&
602 f->match.saddr.as_u32 == saddr.as_u32 &&
603 f->match.sport == vnet_buffer (b)->ip.reass.l4_src_port;
607 nat_pre_node_fn_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
608 vlib_frame_t *frame, u32 def_next)
610 u32 n_left_from, *from;
612 from = vlib_frame_vector_args (frame);
613 n_left_from = frame->n_vectors;
615 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
616 u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
617 vlib_get_buffers (vm, from, b, n_left_from);
619 while (n_left_from >= 2)
622 u32 arc_next0, arc_next1;
623 vlib_buffer_t *b0, *b1;
630 /* Prefetch next iteration. */
631 if (PREDICT_TRUE (n_left_from >= 4))
633 vlib_buffer_t *p2, *p3;
638 vlib_prefetch_buffer_header (p2, LOAD);
639 vlib_prefetch_buffer_header (p3, LOAD);
641 CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, LOAD);
642 CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, LOAD);
648 vnet_feature_next (&arc_next0, b0);
649 vnet_feature_next (&arc_next1, b1);
651 vnet_buffer2 (b0)->nat.arc_next = arc_next0;
652 vnet_buffer2 (b1)->nat.arc_next = arc_next1;
654 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
656 if (b0->flags & VLIB_BUFFER_IS_TRACED)
658 nat_pre_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
659 t->next_index = next0;
660 t->arc_next_index = arc_next0;
662 if (b1->flags & VLIB_BUFFER_IS_TRACED)
664 nat_pre_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
665 t->next_index = next1;
666 t->arc_next_index = arc_next1;
676 while (n_left_from > 0)
686 vnet_feature_next (&arc_next0, b0);
687 vnet_buffer2 (b0)->nat.arc_next = arc_next0;
689 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
690 (b0->flags & VLIB_BUFFER_IS_TRACED)))
692 nat_pre_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
693 t->next_index = next0;
694 t->arc_next_index = arc_next0;
701 vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
704 return frame->n_vectors;
707 static_always_inline u16
708 snat_random_port (u16 min, u16 max)
710 snat_main_t *sm = &snat_main;
714 rwide = random_u32 (&sm->random_seed);
716 if (r >= min && r <= max)
719 return min + (rwide % (max - min + 1));
723 is_interface_addr (snat_main_t *sm, vlib_node_runtime_t *node,
724 u32 sw_if_index0, u32 ip4_addr)
726 snat_runtime_t *rt = (snat_runtime_t *) node->runtime_data;
727 ip4_address_t *first_int_addr;
729 if (PREDICT_FALSE (rt->cached_sw_if_index != sw_if_index0))
731 first_int_addr = ip4_interface_first_address (
732 sm->ip4_main, sw_if_index0, 0 /* just want the address */);
733 rt->cached_sw_if_index = sw_if_index0;
735 rt->cached_ip4_address = first_int_addr->as_u32;
737 rt->cached_ip4_address = 0;
740 if (PREDICT_FALSE (ip4_addr == rt->cached_ip4_address))
747 nat44_set_tcp_session_state_i2o (snat_main_t *sm, f64 now, snat_session_t *ses,
748 vlib_buffer_t *b, u32 thread_index)
750 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
751 u8 tcp_flags = vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags;
752 u32 tcp_ack_number = vnet_buffer (b)->ip.reass.tcp_ack_number;
753 u32 tcp_seq_number = vnet_buffer (b)->ip.reass.tcp_seq_number;
754 if ((ses->state == 0) && (tcp_flags & TCP_FLAG_RST))
755 ses->state = NAT44_SES_RST;
756 if ((ses->state == NAT44_SES_RST) && !(tcp_flags & TCP_FLAG_RST))
758 if ((tcp_flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) &&
759 (ses->state & NAT44_SES_O2I_SYN))
761 if (tcp_flags & TCP_FLAG_SYN)
762 ses->state |= NAT44_SES_I2O_SYN;
763 if (tcp_flags & TCP_FLAG_FIN)
765 ses->i2o_fin_seq = clib_net_to_host_u32 (tcp_seq_number);
766 ses->state |= NAT44_SES_I2O_FIN;
768 if ((tcp_flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_O2I_FIN))
770 if (clib_net_to_host_u32 (tcp_ack_number) > ses->o2i_fin_seq)
772 ses->state |= NAT44_SES_O2I_FIN_ACK;
773 if (nat44_is_ses_closed (ses))
774 { // if session is now closed, save the timestamp
775 ses->tcp_closed_timestamp = now + sm->timeouts.tcp.transitory;
776 ses->last_lru_update = now;
781 // move the session to proper LRU
784 ses->lru_head_index = tsm->tcp_trans_lru_head_index;
788 ses->lru_head_index = tsm->tcp_estab_lru_head_index;
790 clib_dlist_remove (tsm->lru_pool, ses->lru_index);
791 clib_dlist_addtail (tsm->lru_pool, ses->lru_head_index, ses->lru_index);
795 nat44_set_tcp_session_state_o2i (snat_main_t *sm, f64 now, snat_session_t *ses,
796 u8 tcp_flags, u32 tcp_ack_number,
797 u32 tcp_seq_number, u32 thread_index)
799 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
800 if ((ses->state == 0) && (tcp_flags & TCP_FLAG_RST))
801 ses->state = NAT44_SES_RST;
802 if ((ses->state == NAT44_SES_RST) && !(tcp_flags & TCP_FLAG_RST))
804 if ((tcp_flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) &&
805 (ses->state & NAT44_SES_O2I_SYN))
807 if (tcp_flags & TCP_FLAG_SYN)
808 ses->state |= NAT44_SES_O2I_SYN;
809 if (tcp_flags & TCP_FLAG_FIN)
811 ses->o2i_fin_seq = clib_net_to_host_u32 (tcp_seq_number);
812 ses->state |= NAT44_SES_O2I_FIN;
814 if ((tcp_flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_FIN))
816 if (clib_net_to_host_u32 (tcp_ack_number) > ses->i2o_fin_seq)
817 ses->state |= NAT44_SES_I2O_FIN_ACK;
818 if (nat44_is_ses_closed (ses))
819 { // if session is now closed, save the timestamp
820 ses->tcp_closed_timestamp = now + sm->timeouts.tcp.transitory;
821 ses->last_lru_update = now;
824 // move the session to proper LRU
827 ses->lru_head_index = tsm->tcp_trans_lru_head_index;
831 ses->lru_head_index = tsm->tcp_estab_lru_head_index;
833 clib_dlist_remove (tsm->lru_pool, ses->lru_index);
834 clib_dlist_addtail (tsm->lru_pool, ses->lru_head_index, ses->lru_index);
838 nat44_session_update_counters (snat_session_t *s, f64 now, uword bytes,
843 s->total_bytes += bytes;
846 /** \brief Per-user LRU list maintenance */
848 nat44_session_update_lru (snat_main_t *sm, snat_session_t *s, u32 thread_index)
850 /* don't update too often - timeout is in magnitude of seconds anyway */
851 if (s->last_heard > s->last_lru_update + 1)
853 clib_dlist_remove (sm->per_thread_data[thread_index].lru_pool,
855 clib_dlist_addtail (sm->per_thread_data[thread_index].lru_pool,
856 s->lru_head_index, s->lru_index);
857 s->last_lru_update = s->last_heard;
861 #endif /* __included_nat44_ed_inlines_h__ */
864 * fd.io coding-style-patch-verification: ON
867 * eval: (c-set-style "gnu")