2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vnet/handoff.h>
21 #include <vnet/ip/ip.h>
22 #include <vnet/ethernet/ethernet.h>
23 #include <vnet/fib/ip4_fib.h>
24 #include <snat/snat.h>
25 #include <snat/snat_ipfix_logging.h>
27 #include <vppinfra/hash.h>
28 #include <vppinfra/error.h>
29 #include <vppinfra/elog.h>
36 } snat_in2out_trace_t;
39 u32 next_worker_index;
41 } snat_in2out_worker_handoff_trace_t;
43 /* packet trace format function */
44 static u8 * format_snat_in2out_trace (u8 * s, va_list * args)
46 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
47 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
48 snat_in2out_trace_t * t = va_arg (*args, snat_in2out_trace_t *);
51 tag = t->is_slow_path ? "SNAT_IN2OUT_SLOW_PATH" : "SNAT_IN2OUT_FAST_PATH";
53 s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag,
54 t->sw_if_index, t->next_index, t->session_index);
59 static u8 * format_snat_in2out_fast_trace (u8 * s, va_list * args)
61 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
62 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
63 snat_in2out_trace_t * t = va_arg (*args, snat_in2out_trace_t *);
65 s = format (s, "SANT_IN2OUT_FAST: sw_if_index %d, next index %d",
66 t->sw_if_index, t->next_index);
71 static u8 * format_snat_in2out_worker_handoff_trace (u8 * s, va_list * args)
73 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
74 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
75 snat_in2out_worker_handoff_trace_t * t =
76 va_arg (*args, snat_in2out_worker_handoff_trace_t *);
79 m = t->do_handoff ? "next worker" : "same worker";
80 s = format (s, "SNAT_IN2OUT_WORKER_HANDOFF: %s %d", m, t->next_worker_index);
85 vlib_node_registration_t snat_in2out_node;
86 vlib_node_registration_t snat_in2out_slowpath_node;
87 vlib_node_registration_t snat_in2out_fast_node;
88 vlib_node_registration_t snat_in2out_worker_handoff_node;
90 #define foreach_snat_in2out_error \
91 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \
92 _(IN2OUT_PACKETS, "Good in2out packets processed") \
93 _(OUT_OF_PORTS, "Out of ports") \
94 _(BAD_OUTSIDE_FIB, "Outside VRF ID not found") \
95 _(BAD_ICMP_TYPE, "icmp type not echo-request") \
96 _(NO_TRANSLATION, "No translation")
99 #define _(sym,str) SNAT_IN2OUT_ERROR_##sym,
100 foreach_snat_in2out_error
103 } snat_in2out_error_t;
105 static char * snat_in2out_error_strings[] = {
106 #define _(sym,string) string,
107 foreach_snat_in2out_error
112 SNAT_IN2OUT_NEXT_LOOKUP,
113 SNAT_IN2OUT_NEXT_DROP,
114 SNAT_IN2OUT_NEXT_SLOW_PATH,
116 } snat_in2out_next_t;
118 static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0,
121 snat_session_key_t * key0,
122 snat_session_t ** sessionp,
123 vlib_node_runtime_t * node,
128 snat_user_key_t user_key;
130 clib_bihash_kv_8_8_t kv0, value0;
131 u32 oldest_per_user_translation_list_index;
132 dlist_elt_t * oldest_per_user_translation_list_elt;
133 dlist_elt_t * per_user_translation_list_elt;
134 dlist_elt_t * per_user_list_head_elt;
136 snat_session_key_t key1;
137 u32 address_index = ~0;
138 u32 outside_fib_index;
140 snat_static_mapping_key_t worker_by_out_key;
142 p = hash_get (sm->ip4_main->fib_index_by_table_id, sm->outside_vrf_id);
145 b0->error = node->errors[SNAT_IN2OUT_ERROR_BAD_OUTSIDE_FIB];
146 return SNAT_IN2OUT_NEXT_DROP;
148 outside_fib_index = p[0];
150 user_key.addr = ip0->src_address;
151 user_key.fib_index = rx_fib_index0;
152 kv0.key = user_key.as_u64;
154 /* Ever heard of the "user" = src ip4 address before? */
155 if (clib_bihash_search_8_8 (&sm->user_hash, &kv0, &value0))
157 /* no, make a new one */
158 pool_get (sm->per_thread_data[cpu_index].users, u);
159 memset (u, 0, sizeof (*u));
160 u->addr = ip0->src_address;
162 pool_get (sm->per_thread_data[cpu_index].list_pool, per_user_list_head_elt);
164 u->sessions_per_user_list_head_index = per_user_list_head_elt -
165 sm->per_thread_data[cpu_index].list_pool;
167 clib_dlist_init (sm->per_thread_data[cpu_index].list_pool,
168 u->sessions_per_user_list_head_index);
170 kv0.value = u - sm->per_thread_data[cpu_index].users;
173 clib_bihash_add_del_8_8 (&sm->user_hash, &kv0, 1 /* is_add */);
177 u = pool_elt_at_index (sm->per_thread_data[cpu_index].users,
181 /* Over quota? Recycle the least recently used dynamic translation */
182 if (u->nsessions >= sm->max_translations_per_user)
184 /* Remove the oldest dynamic translation */
186 oldest_per_user_translation_list_index =
187 clib_dlist_remove_head (sm->per_thread_data[cpu_index].list_pool,
188 u->sessions_per_user_list_head_index);
190 ASSERT (oldest_per_user_translation_list_index != ~0);
192 /* add it back to the end of the LRU list */
193 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
194 u->sessions_per_user_list_head_index,
195 oldest_per_user_translation_list_index);
196 /* Get the list element */
197 oldest_per_user_translation_list_elt =
198 pool_elt_at_index (sm->per_thread_data[cpu_index].list_pool,
199 oldest_per_user_translation_list_index);
201 /* Get the session index from the list element */
202 session_index = oldest_per_user_translation_list_elt->value;
204 /* Get the session */
205 s = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
207 } while (snat_is_session_static (s));
209 /* Remove in2out, out2in keys */
210 kv0.key = s->in2out.as_u64;
211 if (clib_bihash_add_del_8_8 (&sm->in2out, &kv0, 0 /* is_add */))
212 clib_warning ("in2out key delete failed");
213 kv0.key = s->out2in.as_u64;
214 if (clib_bihash_add_del_8_8 (&sm->out2in, &kv0, 0 /* is_add */))
215 clib_warning ("out2in key delete failed");
218 snat_ipfix_logging_nat44_ses_delete(s->in2out.addr.as_u32,
219 s->out2in.addr.as_u32,
223 s->in2out.fib_index);
225 snat_free_outside_address_and_port
226 (sm, &s->out2in, s->outside_address_index);
227 s->outside_address_index = ~0;
229 if (snat_alloc_outside_address_and_port (sm, &key1, &address_index))
233 b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
234 return SNAT_IN2OUT_NEXT_DROP;
236 s->outside_address_index = address_index;
240 u8 static_mapping = 1;
242 /* First try to match static mapping by local address and port */
243 if (snat_static_mapping_match (sm, *key0, &key1, 0))
246 /* Try to create dynamic translation */
247 if (snat_alloc_outside_address_and_port (sm, &key1, &address_index))
249 b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
250 return SNAT_IN2OUT_NEXT_DROP;
254 /* Create a new session */
255 pool_get (sm->per_thread_data[cpu_index].sessions, s);
256 memset (s, 0, sizeof (*s));
258 s->outside_address_index = address_index;
262 u->nstaticsessions++;
263 s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
270 /* Create list elts */
271 pool_get (sm->per_thread_data[cpu_index].list_pool,
272 per_user_translation_list_elt);
273 clib_dlist_init (sm->per_thread_data[cpu_index].list_pool,
274 per_user_translation_list_elt -
275 sm->per_thread_data[cpu_index].list_pool);
277 per_user_translation_list_elt->value =
278 s - sm->per_thread_data[cpu_index].sessions;
279 s->per_user_index = per_user_translation_list_elt -
280 sm->per_thread_data[cpu_index].list_pool;
281 s->per_user_list_head_index = u->sessions_per_user_list_head_index;
283 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
284 s->per_user_list_head_index,
285 per_user_translation_list_elt -
286 sm->per_thread_data[cpu_index].list_pool);
291 s->out2in.protocol = key0->protocol;
292 s->out2in.fib_index = outside_fib_index;
295 /* Add to translation hashes */
296 kv0.key = s->in2out.as_u64;
297 kv0.value = s - sm->per_thread_data[cpu_index].sessions;
298 if (clib_bihash_add_del_8_8 (&sm->in2out, &kv0, 1 /* is_add */))
299 clib_warning ("in2out key add failed");
301 kv0.key = s->out2in.as_u64;
302 kv0.value = s - sm->per_thread_data[cpu_index].sessions;
304 if (clib_bihash_add_del_8_8 (&sm->out2in, &kv0, 1 /* is_add */))
305 clib_warning ("out2in key add failed");
307 /* Add to translated packets worker lookup */
308 worker_by_out_key.addr = s->out2in.addr;
309 worker_by_out_key.port = s->out2in.port;
310 worker_by_out_key.fib_index = s->out2in.fib_index;
311 kv0.key = worker_by_out_key.as_u64;
312 kv0.value = cpu_index;
313 clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv0, 1);
316 snat_ipfix_logging_nat44_ses_create(s->in2out.addr.as_u32,
317 s->out2in.addr.as_u32,
321 s->in2out.fib_index);
325 static inline u32 icmp_in2out_slow_path (snat_main_t *sm,
328 icmp46_header_t * icmp0,
331 vlib_node_runtime_t * node,
336 snat_session_key_t key0;
337 icmp_echo_header_t *echo0;
338 clib_bihash_kv_8_8_t kv0, value0;
340 u32 new_addr0, old_addr0;
341 u16 old_id0, new_id0;
343 snat_runtime_t * rt = (snat_runtime_t *)node->runtime_data;
345 if (PREDICT_FALSE(icmp0->type != ICMP4_echo_request))
347 b0->error = node->errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE];
348 return SNAT_IN2OUT_NEXT_DROP;
351 echo0 = (icmp_echo_header_t *)(icmp0+1);
353 key0.addr = ip0->src_address;
354 key0.port = echo0->identifier;
355 key0.protocol = SNAT_PROTOCOL_ICMP;
356 key0.fib_index = rx_fib_index0;
358 kv0.key = key0.as_u64;
360 if (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0))
362 ip4_address_t * first_int_addr;
364 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
367 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
368 0 /* just want the address */);
369 rt->cached_sw_if_index = sw_if_index0;
371 rt->cached_ip4_address = first_int_addr->as_u32;
373 rt->cached_ip4_address = 0;
376 /* Don't NAT packet aimed at the intfc address */
377 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
378 rt->cached_ip4_address))
381 next0 = slow_path (sm, b0, ip0, rx_fib_index0, &key0,
382 &s0, node, next0, cpu_index);
384 if (PREDICT_FALSE (next0 == SNAT_IN2OUT_NEXT_DROP))
388 s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
391 old_addr0 = ip0->src_address.as_u32;
392 ip0->src_address = s0->out2in.addr;
393 new_addr0 = ip0->src_address.as_u32;
394 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
396 sum0 = ip0->checksum;
397 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
399 src_address /* changed member */);
400 ip0->checksum = ip_csum_fold (sum0);
402 old_id0 = echo0->identifier;
403 new_id0 = s0->out2in.port;
404 echo0->identifier = new_id0;
406 sum0 = icmp0->checksum;
407 sum0 = ip_csum_update (sum0, old_id0, new_id0, icmp_echo_header_t,
409 icmp0->checksum = ip_csum_fold (sum0);
412 s0->last_heard = now;
414 s0->total_bytes += vlib_buffer_length_in_chain (sm->vlib_main, b0);
415 /* Per-user LRU list maintenance for dynamic translations */
416 if (!snat_is_session_static (s0))
418 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
420 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
421 s0->per_user_list_head_index,
431 * Hairpinning allows two endpoints on the internal side of the NAT to
432 * communicate even if they only use each other's external IP addresses
435 * @param sm SNAT main.
436 * @param b0 Vlib buffer.
437 * @param ip0 IP header.
438 * @param udp0 UDP header.
439 * @param tcp0 TCP header.
440 * @param proto0 SNAT protocol.
443 snat_hairpinning (snat_main_t *sm,
450 snat_session_key_t key0, sm0;
451 snat_static_mapping_key_t k0;
453 clib_bihash_kv_8_8_t kv0, value0;
455 u32 new_dst_addr0 = 0, old_dst_addr0, ti = 0, si;
456 u16 new_dst_port0, old_dst_port0;
458 key0.addr = ip0->dst_address;
459 key0.port = udp0->dst_port;
460 key0.protocol = proto0;
461 key0.fib_index = sm->outside_fib_index;
462 kv0.key = key0.as_u64;
464 /* Check if destination is in active sessions */
465 if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
467 /* or static mappings */
468 if (!snat_static_mapping_match(sm, key0, &sm0, 1))
470 new_dst_addr0 = sm0.addr.as_u32;
471 new_dst_port0 = sm0.port;
472 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
478 if (sm->num_workers > 1)
480 k0.addr = ip0->dst_address;
481 k0.port = udp0->dst_port;
482 k0.fib_index = sm->outside_fib_index;
484 if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
490 ti = sm->num_workers;
492 s0 = pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
493 new_dst_addr0 = s0->in2out.addr.as_u32;
494 new_dst_port0 = s0->in2out.port;
495 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
498 /* Destination is behind the same NAT, use internal address and port */
501 old_dst_addr0 = ip0->dst_address.as_u32;
502 ip0->dst_address.as_u32 = new_dst_addr0;
503 sum0 = ip0->checksum;
504 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
505 ip4_header_t, dst_address);
506 ip0->checksum = ip_csum_fold (sum0);
508 old_dst_port0 = tcp0->ports.dst;
509 if (PREDICT_TRUE(new_dst_port0 != old_dst_port0))
511 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
513 tcp0->ports.dst = new_dst_port0;
514 sum0 = tcp0->checksum;
515 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
516 ip4_header_t, dst_address);
517 sum0 = ip_csum_update (sum0, old_dst_port0, new_dst_port0,
518 ip4_header_t /* cheat */, length);
519 tcp0->checksum = ip_csum_fold(sum0);
523 udp0->dst_port = new_dst_port0;
531 snat_in2out_node_fn_inline (vlib_main_t * vm,
532 vlib_node_runtime_t * node,
533 vlib_frame_t * frame, int is_slow_path)
535 u32 n_left_from, * from, * to_next;
536 snat_in2out_next_t next_index;
537 u32 pkts_processed = 0;
538 snat_main_t * sm = &snat_main;
539 snat_runtime_t * rt = (snat_runtime_t *)node->runtime_data;
540 f64 now = vlib_time_now (vm);
541 u32 stats_node_index;
542 u32 cpu_index = os_get_cpu_number ();
544 stats_node_index = is_slow_path ? snat_in2out_slowpath_node.index :
545 snat_in2out_node.index;
547 from = vlib_frame_vector_args (frame);
548 n_left_from = frame->n_vectors;
549 next_index = node->cached_next_index;
551 while (n_left_from > 0)
555 vlib_get_next_frame (vm, node, next_index,
556 to_next, n_left_to_next);
558 while (n_left_from >= 4 && n_left_to_next >= 2)
561 vlib_buffer_t * b0, * b1;
563 u32 sw_if_index0, sw_if_index1;
564 ip4_header_t * ip0, * ip1;
565 ip_csum_t sum0, sum1;
566 u32 new_addr0, old_addr0, new_addr1, old_addr1;
567 u16 old_port0, new_port0, old_port1, new_port1;
568 udp_header_t * udp0, * udp1;
569 tcp_header_t * tcp0, * tcp1;
570 icmp46_header_t * icmp0, * icmp1;
571 snat_session_key_t key0, key1;
572 u32 rx_fib_index0, rx_fib_index1;
574 snat_session_t * s0 = 0, * s1 = 0;
575 clib_bihash_kv_8_8_t kv0, value0, kv1, value1;
577 /* Prefetch next iteration. */
579 vlib_buffer_t * p2, * p3;
581 p2 = vlib_get_buffer (vm, from[2]);
582 p3 = vlib_get_buffer (vm, from[3]);
584 vlib_prefetch_buffer_header (p2, LOAD);
585 vlib_prefetch_buffer_header (p3, LOAD);
587 CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
588 CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE);
591 /* speculatively enqueue b0 and b1 to the current next frame */
592 to_next[0] = bi0 = from[0];
593 to_next[1] = bi1 = from[1];
599 b0 = vlib_get_buffer (vm, bi0);
600 b1 = vlib_get_buffer (vm, bi1);
602 ip0 = vlib_buffer_get_current (b0);
603 udp0 = ip4_next_header (ip0);
604 tcp0 = (tcp_header_t *) udp0;
605 icmp0 = (icmp46_header_t *) udp0;
607 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
608 rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
611 next0 = next1 = SNAT_IN2OUT_NEXT_LOOKUP;
614 proto0 = (ip0->protocol == IP_PROTOCOL_UDP)
615 ? SNAT_PROTOCOL_UDP : proto0;
616 proto0 = (ip0->protocol == IP_PROTOCOL_TCP)
617 ? SNAT_PROTOCOL_TCP : proto0;
618 proto0 = (ip0->protocol == IP_PROTOCOL_ICMP)
619 ? SNAT_PROTOCOL_ICMP : proto0;
621 /* Next configured feature, probably ip4-lookup */
624 if (PREDICT_FALSE (proto0 == ~0))
627 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
629 next0 = icmp_in2out_slow_path
630 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
631 node, next0, now, cpu_index);
637 if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
639 next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
644 key0.addr = ip0->src_address;
645 key0.port = udp0->src_port;
646 key0.protocol = proto0;
647 key0.fib_index = rx_fib_index0;
649 kv0.key = key0.as_u64;
651 if (PREDICT_FALSE (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0) != 0))
655 ip4_address_t * first_int_addr;
657 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
660 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
661 0 /* just want the address */);
662 rt->cached_sw_if_index = sw_if_index0;
664 rt->cached_ip4_address = first_int_addr->as_u32;
666 rt->cached_ip4_address = 0;
669 /* Don't NAT packet aimed at the intfc address */
670 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
671 rt->cached_ip4_address))
674 next0 = slow_path (sm, b0, ip0, rx_fib_index0, &key0,
675 &s0, node, next0, cpu_index);
676 if (PREDICT_FALSE (next0 == SNAT_IN2OUT_NEXT_DROP))
681 next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
686 s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
689 old_addr0 = ip0->src_address.as_u32;
690 ip0->src_address = s0->out2in.addr;
691 new_addr0 = ip0->src_address.as_u32;
692 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
694 sum0 = ip0->checksum;
695 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
697 src_address /* changed member */);
698 ip0->checksum = ip_csum_fold (sum0);
700 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
702 old_port0 = tcp0->ports.src;
703 tcp0->ports.src = s0->out2in.port;
704 new_port0 = tcp0->ports.src;
706 sum0 = tcp0->checksum;
707 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
709 dst_address /* changed member */);
710 sum0 = ip_csum_update (sum0, old_port0, new_port0,
711 ip4_header_t /* cheat */,
712 length /* changed member */);
713 tcp0->checksum = ip_csum_fold(sum0);
717 old_port0 = udp0->src_port;
718 udp0->src_port = s0->out2in.port;
723 snat_hairpinning (sm, b0, ip0, udp0, tcp0, proto0);
726 s0->last_heard = now;
728 s0->total_bytes += vlib_buffer_length_in_chain (vm, b0);
729 /* Per-user LRU list maintenance for dynamic translation */
730 if (!snat_is_session_static (s0))
732 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
734 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
735 s0->per_user_list_head_index,
740 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
741 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
743 snat_in2out_trace_t *t =
744 vlib_add_trace (vm, node, b0, sizeof (*t));
745 t->is_slow_path = is_slow_path;
746 t->sw_if_index = sw_if_index0;
747 t->next_index = next0;
748 t->session_index = ~0;
750 t->session_index = s0 - sm->per_thread_data[cpu_index].sessions;
753 pkts_processed += next0 != SNAT_IN2OUT_NEXT_DROP;
755 ip1 = vlib_buffer_get_current (b1);
756 udp1 = ip4_next_header (ip1);
757 tcp1 = (tcp_header_t *) udp1;
758 icmp1 = (icmp46_header_t *) udp1;
760 sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX];
761 rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
765 proto1 = (ip1->protocol == IP_PROTOCOL_UDP)
766 ? SNAT_PROTOCOL_UDP : proto1;
767 proto1 = (ip1->protocol == IP_PROTOCOL_TCP)
768 ? SNAT_PROTOCOL_TCP : proto1;
769 proto1 = (ip1->protocol == IP_PROTOCOL_ICMP)
770 ? SNAT_PROTOCOL_ICMP : proto1;
772 /* Next configured feature, probably ip4-lookup */
775 if (PREDICT_FALSE (proto1 == ~0))
778 if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_ICMP))
780 next1 = icmp_in2out_slow_path
781 (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node,
782 next1, now, cpu_index);
788 if (PREDICT_FALSE (proto1 == ~0 || proto1 == SNAT_PROTOCOL_ICMP))
790 next1 = SNAT_IN2OUT_NEXT_SLOW_PATH;
795 key1.addr = ip1->src_address;
796 key1.port = udp1->src_port;
797 key1.protocol = proto1;
798 key1.fib_index = rx_fib_index1;
800 kv1.key = key1.as_u64;
802 if (PREDICT_FALSE(clib_bihash_search_8_8 (&sm->in2out, &kv1, &value1) != 0))
806 ip4_address_t * first_int_addr;
808 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index1))
811 ip4_interface_first_address (sm->ip4_main, sw_if_index1,
812 0 /* just want the address */);
813 rt->cached_sw_if_index = sw_if_index1;
815 rt->cached_ip4_address = first_int_addr->as_u32;
817 rt->cached_ip4_address = 0;
820 /* Don't NAT packet aimed at the intfc address */
821 if (PREDICT_FALSE(ip1->dst_address.as_u32 ==
822 rt->cached_ip4_address))
825 next1 = slow_path (sm, b1, ip1, rx_fib_index1, &key1,
826 &s1, node, next1, cpu_index);
827 if (PREDICT_FALSE (next1 == SNAT_IN2OUT_NEXT_DROP))
832 next1 = SNAT_IN2OUT_NEXT_SLOW_PATH;
837 s1 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
840 old_addr1 = ip1->src_address.as_u32;
841 ip1->src_address = s1->out2in.addr;
842 new_addr1 = ip1->src_address.as_u32;
843 vnet_buffer(b1)->sw_if_index[VLIB_TX] = s1->out2in.fib_index;
845 sum1 = ip1->checksum;
846 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
848 src_address /* changed member */);
849 ip1->checksum = ip_csum_fold (sum1);
851 if (PREDICT_TRUE(proto1 == SNAT_PROTOCOL_TCP))
853 old_port1 = tcp1->ports.src;
854 tcp1->ports.src = s1->out2in.port;
855 new_port1 = tcp1->ports.src;
857 sum1 = tcp1->checksum;
858 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
860 dst_address /* changed member */);
861 sum1 = ip_csum_update (sum1, old_port1, new_port1,
862 ip4_header_t /* cheat */,
863 length /* changed member */);
864 tcp1->checksum = ip_csum_fold(sum1);
868 old_port1 = udp1->src_port;
869 udp1->src_port = s1->out2in.port;
874 snat_hairpinning (sm, b1, ip1, udp1, tcp1, proto1);
877 s1->last_heard = now;
879 s1->total_bytes += vlib_buffer_length_in_chain (vm, b1);
880 /* Per-user LRU list maintenance for dynamic translation */
881 if (!snat_is_session_static (s1))
883 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
885 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
886 s1->per_user_list_head_index,
891 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
892 && (b1->flags & VLIB_BUFFER_IS_TRACED)))
894 snat_in2out_trace_t *t =
895 vlib_add_trace (vm, node, b1, sizeof (*t));
896 t->sw_if_index = sw_if_index1;
897 t->next_index = next1;
898 t->session_index = ~0;
900 t->session_index = s1 - sm->per_thread_data[cpu_index].sessions;
903 pkts_processed += next1 != SNAT_IN2OUT_NEXT_DROP;
905 /* verify speculative enqueues, maybe switch current next frame */
906 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
907 to_next, n_left_to_next,
908 bi0, bi1, next0, next1);
911 while (n_left_from > 0 && n_left_to_next > 0)
919 u32 new_addr0, old_addr0;
920 u16 old_port0, new_port0;
923 icmp46_header_t * icmp0;
924 snat_session_key_t key0;
927 snat_session_t * s0 = 0;
928 clib_bihash_kv_8_8_t kv0, value0;
930 /* speculatively enqueue b0 to the current next frame */
938 b0 = vlib_get_buffer (vm, bi0);
939 next0 = SNAT_IN2OUT_NEXT_LOOKUP;
941 ip0 = vlib_buffer_get_current (b0);
942 udp0 = ip4_next_header (ip0);
943 tcp0 = (tcp_header_t *) udp0;
944 icmp0 = (icmp46_header_t *) udp0;
946 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
947 rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
951 proto0 = (ip0->protocol == IP_PROTOCOL_UDP)
952 ? SNAT_PROTOCOL_UDP : proto0;
953 proto0 = (ip0->protocol == IP_PROTOCOL_TCP)
954 ? SNAT_PROTOCOL_TCP : proto0;
955 proto0 = (ip0->protocol == IP_PROTOCOL_ICMP)
956 ? SNAT_PROTOCOL_ICMP : proto0;
958 /* Next configured feature, probably ip4-lookup */
961 if (PREDICT_FALSE (proto0 == ~0))
964 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
966 next0 = icmp_in2out_slow_path
967 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
968 next0, now, cpu_index);
974 if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
976 next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
981 key0.addr = ip0->src_address;
982 key0.port = udp0->src_port;
983 key0.protocol = proto0;
984 key0.fib_index = rx_fib_index0;
986 kv0.key = key0.as_u64;
988 if (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0))
992 ip4_address_t * first_int_addr;
994 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
997 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
998 0 /* just want the address */);
999 rt->cached_sw_if_index = sw_if_index0;
1001 rt->cached_ip4_address = first_int_addr->as_u32;
1003 rt->cached_ip4_address = 0;
1006 /* Don't NAT packet aimed at the intfc address */
1007 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
1008 rt->cached_ip4_address))
1011 next0 = slow_path (sm, b0, ip0, rx_fib_index0, &key0,
1012 &s0, node, next0, cpu_index);
1013 if (PREDICT_FALSE (next0 == SNAT_IN2OUT_NEXT_DROP))
1018 next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
1023 s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
1026 old_addr0 = ip0->src_address.as_u32;
1027 ip0->src_address = s0->out2in.addr;
1028 new_addr0 = ip0->src_address.as_u32;
1029 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
1031 sum0 = ip0->checksum;
1032 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1034 src_address /* changed member */);
1035 ip0->checksum = ip_csum_fold (sum0);
1037 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
1039 old_port0 = tcp0->ports.src;
1040 tcp0->ports.src = s0->out2in.port;
1041 new_port0 = tcp0->ports.src;
1043 sum0 = tcp0->checksum;
1044 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1046 dst_address /* changed member */);
1047 sum0 = ip_csum_update (sum0, old_port0, new_port0,
1048 ip4_header_t /* cheat */,
1049 length /* changed member */);
1050 tcp0->checksum = ip_csum_fold(sum0);
1054 old_port0 = udp0->src_port;
1055 udp0->src_port = s0->out2in.port;
1060 snat_hairpinning (sm, b0, ip0, udp0, tcp0, proto0);
1063 s0->last_heard = now;
1065 s0->total_bytes += vlib_buffer_length_in_chain (vm, b0);
1066 /* Per-user LRU list maintenance for dynamic translation */
1067 if (!snat_is_session_static (s0))
1069 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
1070 s0->per_user_index);
1071 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
1072 s0->per_user_list_head_index,
1073 s0->per_user_index);
1077 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
1078 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1080 snat_in2out_trace_t *t =
1081 vlib_add_trace (vm, node, b0, sizeof (*t));
1082 t->is_slow_path = is_slow_path;
1083 t->sw_if_index = sw_if_index0;
1084 t->next_index = next0;
1085 t->session_index = ~0;
1087 t->session_index = s0 - sm->per_thread_data[cpu_index].sessions;
1090 pkts_processed += next0 != SNAT_IN2OUT_NEXT_DROP;
1092 /* verify speculative enqueue, maybe switch current next frame */
1093 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1094 to_next, n_left_to_next,
1098 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1101 vlib_node_increment_counter (vm, stats_node_index,
1102 SNAT_IN2OUT_ERROR_IN2OUT_PACKETS,
1104 return frame->n_vectors;
1108 snat_in2out_fast_path_fn (vlib_main_t * vm,
1109 vlib_node_runtime_t * node,
1110 vlib_frame_t * frame)
1112 return snat_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */);
1115 VLIB_REGISTER_NODE (snat_in2out_node) = {
1116 .function = snat_in2out_fast_path_fn,
1117 .name = "snat-in2out",
1118 .vector_size = sizeof (u32),
1119 .format_trace = format_snat_in2out_trace,
1120 .type = VLIB_NODE_TYPE_INTERNAL,
1122 .n_errors = ARRAY_LEN(snat_in2out_error_strings),
1123 .error_strings = snat_in2out_error_strings,
1125 .runtime_data_bytes = sizeof (snat_runtime_t),
1127 .n_next_nodes = SNAT_IN2OUT_N_NEXT,
1129 /* edit / add dispositions here */
1131 [SNAT_IN2OUT_NEXT_DROP] = "error-drop",
1132 [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1133 [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath",
1137 VLIB_NODE_FUNCTION_MULTIARCH (snat_in2out_node, snat_in2out_fast_path_fn);
1140 snat_in2out_slow_path_fn (vlib_main_t * vm,
1141 vlib_node_runtime_t * node,
1142 vlib_frame_t * frame)
1144 return snat_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */);
1147 VLIB_REGISTER_NODE (snat_in2out_slowpath_node) = {
1148 .function = snat_in2out_slow_path_fn,
1149 .name = "snat-in2out-slowpath",
1150 .vector_size = sizeof (u32),
1151 .format_trace = format_snat_in2out_trace,
1152 .type = VLIB_NODE_TYPE_INTERNAL,
1154 .n_errors = ARRAY_LEN(snat_in2out_error_strings),
1155 .error_strings = snat_in2out_error_strings,
1157 .runtime_data_bytes = sizeof (snat_runtime_t),
1159 .n_next_nodes = SNAT_IN2OUT_N_NEXT,
1161 /* edit / add dispositions here */
1163 [SNAT_IN2OUT_NEXT_DROP] = "error-drop",
1164 [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1165 [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath",
1169 VLIB_NODE_FUNCTION_MULTIARCH (snat_in2out_slowpath_node, snat_in2out_slow_path_fn);
1172 snat_in2out_worker_handoff_fn (vlib_main_t * vm,
1173 vlib_node_runtime_t * node,
1174 vlib_frame_t * frame)
1176 snat_main_t *sm = &snat_main;
1177 vlib_thread_main_t *tm = vlib_get_thread_main ();
1178 u32 n_left_from, *from, *to_next = 0;
1179 static __thread vlib_frame_queue_elt_t **handoff_queue_elt_by_worker_index;
1180 static __thread vlib_frame_queue_t **congested_handoff_queue_by_worker_index
1182 vlib_frame_queue_elt_t *hf = 0;
1183 vlib_frame_t *f = 0;
1185 u32 n_left_to_next_worker = 0, *to_next_worker = 0;
1186 u32 next_worker_index = 0;
1187 u32 current_worker_index = ~0;
1188 u32 cpu_index = os_get_cpu_number ();
1190 ASSERT (vec_len (sm->workers));
1192 if (PREDICT_FALSE (handoff_queue_elt_by_worker_index == 0))
1194 vec_validate (handoff_queue_elt_by_worker_index, tm->n_vlib_mains - 1);
1196 vec_validate_init_empty (congested_handoff_queue_by_worker_index,
1197 sm->first_worker_index + sm->num_workers - 1,
1198 (vlib_frame_queue_t *) (~0));
1201 from = vlib_frame_vector_args (frame);
1202 n_left_from = frame->n_vectors;
1204 while (n_left_from > 0)
1211 snat_user_key_t key0;
1212 clib_bihash_kv_8_8_t kv0, value0;
1219 b0 = vlib_get_buffer (vm, bi0);
1221 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1222 rx_fib_index0 = ip4_fib_table_get_index_for_sw_if_index(sw_if_index0);
1224 ip0 = vlib_buffer_get_current (b0);
1226 key0.addr = ip0->src_address;
1227 key0.fib_index = rx_fib_index0;
1229 kv0.key = key0.as_u64;
1231 /* Ever heard of of the "user" before? */
1232 if (clib_bihash_search_8_8 (&sm->worker_by_in, &kv0, &value0))
1234 /* No, assign next available worker (RR) */
1235 next_worker_index = sm->first_worker_index;
1236 if (vec_len (sm->workers))
1238 next_worker_index +=
1239 sm->workers[sm->next_worker++ % _vec_len (sm->workers)];
1242 /* add non-traslated packets worker lookup */
1243 kv0.value = next_worker_index;
1244 clib_bihash_add_del_8_8 (&sm->worker_by_in, &kv0, 1);
1247 next_worker_index = value0.value;
1249 if (PREDICT_FALSE (next_worker_index != cpu_index))
1253 if (next_worker_index != current_worker_index)
1256 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1258 hf = vlib_get_worker_handoff_queue_elt (sm->fq_in2out_index,
1260 handoff_queue_elt_by_worker_index);
1262 n_left_to_next_worker = VLIB_FRAME_SIZE - hf->n_vectors;
1263 to_next_worker = &hf->buffer_index[hf->n_vectors];
1264 current_worker_index = next_worker_index;
1267 /* enqueue to correct worker thread */
1268 to_next_worker[0] = bi0;
1270 n_left_to_next_worker--;
1272 if (n_left_to_next_worker == 0)
1274 hf->n_vectors = VLIB_FRAME_SIZE;
1275 vlib_put_frame_queue_elt (hf);
1276 current_worker_index = ~0;
1277 handoff_queue_elt_by_worker_index[next_worker_index] = 0;
1284 /* if this is 1st frame */
1287 f = vlib_get_frame_to_node (vm, snat_in2out_node.index);
1288 to_next = vlib_frame_vector_args (f);
1296 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1297 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1299 snat_in2out_worker_handoff_trace_t *t =
1300 vlib_add_trace (vm, node, b0, sizeof (*t));
1301 t->next_worker_index = next_worker_index;
1302 t->do_handoff = do_handoff;
1307 vlib_put_frame_to_node (vm, snat_in2out_node.index, f);
1310 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
1312 /* Ship frames to the worker nodes */
1313 for (i = 0; i < vec_len (handoff_queue_elt_by_worker_index); i++)
1315 if (handoff_queue_elt_by_worker_index[i])
1317 hf = handoff_queue_elt_by_worker_index[i];
1319 * It works better to let the handoff node
1320 * rate-adapt, always ship the handoff queue element.
1322 if (1 || hf->n_vectors == hf->last_n_vectors)
1324 vlib_put_frame_queue_elt (hf);
1325 handoff_queue_elt_by_worker_index[i] = 0;
1328 hf->last_n_vectors = hf->n_vectors;
1330 congested_handoff_queue_by_worker_index[i] =
1331 (vlib_frame_queue_t *) (~0);
1334 current_worker_index = ~0;
1335 return frame->n_vectors;
1338 VLIB_REGISTER_NODE (snat_in2out_worker_handoff_node) = {
1339 .function = snat_in2out_worker_handoff_fn,
1340 .name = "snat-in2out-worker-handoff",
1341 .vector_size = sizeof (u32),
1342 .format_trace = format_snat_in2out_worker_handoff_trace,
1343 .type = VLIB_NODE_TYPE_INTERNAL,
1352 VLIB_NODE_FUNCTION_MULTIARCH (snat_in2out_worker_handoff_node, snat_in2out_worker_handoff_fn);
1354 static inline u32 icmp_in2out_static_map (snat_main_t *sm,
1357 icmp46_header_t * icmp0,
1359 vlib_node_runtime_t * node,
1363 snat_session_key_t key0, sm0;
1364 icmp_echo_header_t *echo0;
1365 u32 new_addr0, old_addr0;
1366 u16 old_id0, new_id0;
1368 snat_runtime_t * rt = (snat_runtime_t *)node->runtime_data;
1370 echo0 = (icmp_echo_header_t *)(icmp0+1);
1372 key0.addr = ip0->src_address;
1373 key0.port = echo0->identifier;
1374 key0.fib_index = rx_fib_index0;
1376 if (snat_static_mapping_match(sm, key0, &sm0, 0))
1378 ip4_address_t * first_int_addr;
1380 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
1383 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
1384 0 /* just want the address */);
1385 rt->cached_sw_if_index = sw_if_index0;
1387 rt->cached_ip4_address = first_int_addr->as_u32;
1389 rt->cached_ip4_address = 0;
1392 /* Don't NAT packet aimed at the intfc address */
1393 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
1394 rt->cached_ip4_address))
1397 b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
1398 return SNAT_IN2OUT_NEXT_DROP;
1401 new_addr0 = sm0.addr.as_u32;
1403 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
1404 old_addr0 = ip0->src_address.as_u32;
1405 ip0->src_address.as_u32 = new_addr0;
1407 sum0 = ip0->checksum;
1408 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1410 src_address /* changed member */);
1411 ip0->checksum = ip_csum_fold (sum0);
1413 if (PREDICT_FALSE(new_id0 != echo0->identifier))
1415 old_id0 = echo0->identifier;
1416 echo0->identifier = new_id0;
1418 sum0 = icmp0->checksum;
1419 sum0 = ip_csum_update (sum0, old_id0, new_id0, icmp_echo_header_t,
1421 icmp0->checksum = ip_csum_fold (sum0);
1428 snat_in2out_fast_static_map_fn (vlib_main_t * vm,
1429 vlib_node_runtime_t * node,
1430 vlib_frame_t * frame)
1432 u32 n_left_from, * from, * to_next;
1433 snat_in2out_next_t next_index;
1434 u32 pkts_processed = 0;
1435 snat_main_t * sm = &snat_main;
1436 snat_runtime_t * rt = (snat_runtime_t *)node->runtime_data;
1437 u32 stats_node_index;
1439 stats_node_index = snat_in2out_fast_node.index;
1441 from = vlib_frame_vector_args (frame);
1442 n_left_from = frame->n_vectors;
1443 next_index = node->cached_next_index;
1445 while (n_left_from > 0)
1449 vlib_get_next_frame (vm, node, next_index,
1450 to_next, n_left_to_next);
1452 while (n_left_from > 0 && n_left_to_next > 0)
1460 u32 new_addr0, old_addr0;
1461 u16 old_port0, new_port0;
1462 udp_header_t * udp0;
1463 tcp_header_t * tcp0;
1464 icmp46_header_t * icmp0;
1465 snat_session_key_t key0, sm0;
1469 /* speculatively enqueue b0 to the current next frame */
1475 n_left_to_next -= 1;
1477 b0 = vlib_get_buffer (vm, bi0);
1478 next0 = SNAT_IN2OUT_NEXT_LOOKUP;
1480 ip0 = vlib_buffer_get_current (b0);
1481 udp0 = ip4_next_header (ip0);
1482 tcp0 = (tcp_header_t *) udp0;
1483 icmp0 = (icmp46_header_t *) udp0;
1485 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
1486 rx_fib_index0 = ip4_fib_table_get_index_for_sw_if_index(sw_if_index0);
1489 proto0 = (ip0->protocol == IP_PROTOCOL_UDP)
1490 ? SNAT_PROTOCOL_UDP : proto0;
1491 proto0 = (ip0->protocol == IP_PROTOCOL_TCP)
1492 ? SNAT_PROTOCOL_TCP : proto0;
1493 proto0 = (ip0->protocol == IP_PROTOCOL_ICMP)
1494 ? SNAT_PROTOCOL_ICMP : proto0;
1496 if (PREDICT_FALSE (proto0 == ~0))
1499 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
1501 ip4_address_t * first_int_addr;
1503 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
1506 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
1507 0 /* just want the address */);
1508 rt->cached_sw_if_index = sw_if_index0;
1509 rt->cached_ip4_address = first_int_addr->as_u32;
1512 /* Don't NAT packet aimed at the intfc address */
1513 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
1514 rt->cached_ip4_address))
1517 next0 = icmp_in2out_static_map
1518 (sm, b0, ip0, icmp0, sw_if_index0, node, next0, rx_fib_index0);
1522 key0.addr = ip0->src_address;
1523 key0.port = udp0->src_port;
1524 key0.fib_index = rx_fib_index0;
1526 if (snat_static_mapping_match(sm, key0, &sm0, 0))
1528 b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
1529 next0= SNAT_IN2OUT_NEXT_DROP;
1533 new_addr0 = sm0.addr.as_u32;
1534 new_port0 = sm0.port;
1535 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
1536 old_addr0 = ip0->src_address.as_u32;
1537 ip0->src_address.as_u32 = new_addr0;
1539 sum0 = ip0->checksum;
1540 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1542 src_address /* changed member */);
1543 ip0->checksum = ip_csum_fold (sum0);
1545 if (PREDICT_FALSE(new_port0 != udp0->dst_port))
1547 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
1549 old_port0 = tcp0->ports.src;
1550 tcp0->ports.src = new_port0;
1552 sum0 = tcp0->checksum;
1553 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1555 dst_address /* changed member */);
1556 sum0 = ip_csum_update (sum0, old_port0, new_port0,
1557 ip4_header_t /* cheat */,
1558 length /* changed member */);
1559 tcp0->checksum = ip_csum_fold(sum0);
1563 old_port0 = udp0->src_port;
1564 udp0->src_port = new_port0;
1570 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
1572 sum0 = tcp0->checksum;
1573 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1575 dst_address /* changed member */);
1576 tcp0->checksum = ip_csum_fold(sum0);
1581 snat_hairpinning (sm, b0, ip0, udp0, tcp0, proto0);
1584 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
1585 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1587 snat_in2out_trace_t *t =
1588 vlib_add_trace (vm, node, b0, sizeof (*t));
1589 t->sw_if_index = sw_if_index0;
1590 t->next_index = next0;
1593 pkts_processed += next0 != SNAT_IN2OUT_NEXT_DROP;
1595 /* verify speculative enqueue, maybe switch current next frame */
1596 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1597 to_next, n_left_to_next,
1601 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1604 vlib_node_increment_counter (vm, stats_node_index,
1605 SNAT_IN2OUT_ERROR_IN2OUT_PACKETS,
1607 return frame->n_vectors;
1611 VLIB_REGISTER_NODE (snat_in2out_fast_node) = {
1612 .function = snat_in2out_fast_static_map_fn,
1613 .name = "snat-in2out-fast",
1614 .vector_size = sizeof (u32),
1615 .format_trace = format_snat_in2out_fast_trace,
1616 .type = VLIB_NODE_TYPE_INTERNAL,
1618 .n_errors = ARRAY_LEN(snat_in2out_error_strings),
1619 .error_strings = snat_in2out_error_strings,
1621 .runtime_data_bytes = sizeof (snat_runtime_t),
1623 .n_next_nodes = SNAT_IN2OUT_N_NEXT,
1625 /* edit / add dispositions here */
1627 [SNAT_IN2OUT_NEXT_DROP] = "error-drop",
1628 [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1629 [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath",
1633 VLIB_NODE_FUNCTION_MULTIARCH (snat_in2out_fast_node, snat_in2out_fast_static_map_fn);
Code Review / vpp.git / blob