- udp0 = ip4_next_header (ip0);
-
- if (is_ed && ip0->protocol != IP_PROTOCOL_ICMP)
- {
- if (!ip4_is_fragment (ip0) || ip4_is_first_fragment (ip0))
- {
- /* process leading fragment/whole packet (with L4 header) */
- sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- rx_fib_index0 =
- fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
- sw_if_index0);
- make_ed_kv (&ed_kv0, &ip0->src_address, &ip0->dst_address,
- ip0->protocol, rx_fib_index0, udp0->src_port,
- udp0->dst_port);
- if (ip4_is_fragment (ip0))
- {
- reass0 = nat_ip4_reass_find_or_create (ip0->src_address,
- ip0->dst_address,
- ip0->fragment_id,
- ip0->protocol,
- 1,
- &fragments_to_drop);
- if (PREDICT_FALSE (!reass0))
- {
- next0 = NAT44_CLASSIFY_NEXT_DROP;
- b0->error =
- node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
- goto enqueue0;
- }
- if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &ed_kv0,
- &ed_value0))
- {
- /* session exists so classify as IN2OUT,
- * save this information for future fragments and set
- * past fragments to be looped over and reprocessed */
- reass0->sess_index = ed_value0.value;
- reass0->classify_next =
- NAT_REASS_IP4_CLASSIFY_NEXT_IN2OUT;
- nat_ip4_reass_get_frags (reass0,
- &fragments_to_loopback);
- goto enqueue0;
- }
- else
- {
- /* session doesn't exist so continue in the code,
- * save this information for future fragments and set
- * past fragments to be looped over and reprocessed */
- reass0->flags |=
- NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE;
- nat_ip4_reass_get_frags (reass0,
- &fragments_to_loopback);
- }
- }
- else
- {
- /* process whole packet */
- if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &ed_kv0,
- &ed_value0))
- goto enqueue0;
- /* session doesn't exist so continue in code */
- }
- }
- else
- {
- /* process non-first fragment */
- reass0 = nat_ip4_reass_find_or_create (ip0->src_address,
- ip0->dst_address,
- ip0->fragment_id,
- ip0->protocol,
- 1,
- &fragments_to_drop);
- if (PREDICT_FALSE (!reass0))
- {
- next0 = NAT44_CLASSIFY_NEXT_DROP;
- b0->error =
- node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
- goto enqueue0;
- }
- /* check if first fragment has arrived */
- if (reass0->classify_next == NAT_REASS_IP4_CLASSIFY_NONE &&
- !(reass0->flags & NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE))
- {
- /* first fragment still hasn't arrived, cache this fragment */
- if (nat_ip4_reass_add_fragment
- (thread_index, reass0, bi0, &fragments_to_drop))
- {
- b0->error =
- node->errors[NAT44_CLASSIFY_ERROR_MAX_FRAG];
- nat_log_notice
- ("maximum fragments per reassembly exceeded");
- next0 = NAT44_CLASSIFY_NEXT_DROP;
- goto enqueue0;
- }
- cached0 = 1;
- goto enqueue0;
- }
- if (reass0->classify_next ==
- NAT_REASS_IP4_CLASSIFY_NEXT_IN2OUT)
- goto enqueue0;
- /* flag NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE is set
- * so keep the default next0 and continue in code to
- * potentially find other classification for this packet */
- }
- }