#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/fib/ip4_fib.h>
+#include <vnet/udp/udp.h>
#include <nat/nat.h>
#include <nat/nat_ipfix_logging.h>
#include <nat/nat_reass.h>
#include <nat/nat_inlines.h>
+#include <nat/nat44_inlines.h>
#include <nat/nat_syslog.h>
#include <nat/nat_ha.h>
};
nat44_is_idle_session_ctx_t ctx0;
+ nat44_session_try_cleanup (&ip0->src_address, rx_fib_index0, thread_index,
+ now);
+
if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index)))
{
b0->error = node->errors[SNAT_IN2OUT_ERROR_MAX_SESSIONS_EXCEEDED];
thread_index,
sw_if_index0)))
goto trace00;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace00;
}
else
{
src_address /* changed member */ );
ip0->checksum = ip_csum_fold (sum0);
+ old_port0 = udp0->src_port;
+ new_port0 = udp0->src_port = s0->out2in.port;
+
if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
{
- old_port0 = tcp0->src_port;
- tcp0->src_port = s0->out2in.port;
- new_port0 = tcp0->src_port;
-
sum0 = tcp0->checksum;
sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
ip4_header_t,
}
else
{
- old_port0 = udp0->src_port;
- udp0->src_port = s0->out2in.port;
- udp0->checksum = 0;
+ if (PREDICT_FALSE (udp0->checksum))
+ {
+ sum0 = udp0->checksum;
+ sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+ ip4_header_t,
+ dst_address /* changed member */ );
+ sum0 = ip_csum_update (sum0, old_port0, new_port0,
+ ip4_header_t /* cheat */ ,
+ length /* changed member */ );
+ udp0->checksum = ip_csum_fold (sum0);
+ }
udp_packets++;
}
thread_index,
sw_if_index1)))
goto trace01;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto1 == SNAT_PROTOCOL_UDP
+ && (udp1->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace01;
}
else
{
src_address /* changed member */ );
ip1->checksum = ip_csum_fold (sum1);
+ old_port1 = udp1->src_port;
+ new_port1 = udp1->src_port = s1->out2in.port;
+
if (PREDICT_TRUE (proto1 == SNAT_PROTOCOL_TCP))
{
- old_port1 = tcp1->src_port;
- tcp1->src_port = s1->out2in.port;
- new_port1 = tcp1->src_port;
-
sum1 = tcp1->checksum;
sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
ip4_header_t,
}
else
{
- old_port1 = udp1->src_port;
- udp1->src_port = s1->out2in.port;
- udp1->checksum = 0;
+ if (PREDICT_FALSE (udp1->checksum))
+ {
+ sum1 = udp1->checksum;
+ sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
+ ip4_header_t,
+ dst_address /* changed member */ );
+ sum1 = ip_csum_update (sum1, old_port1, new_port1,
+ ip4_header_t /* cheat */ ,
+ length /* changed member */ );
+ udp1->checksum = ip_csum_fold (sum1);
+ }
udp_packets++;
}
thread_index,
sw_if_index0)))
goto trace0;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace0;
}
else
{
src_address /* changed member */ );
ip0->checksum = ip_csum_fold (sum0);
+ old_port0 = udp0->src_port;
+ new_port0 = udp0->src_port = s0->out2in.port;
+
if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
{
- old_port0 = tcp0->src_port;
- tcp0->src_port = s0->out2in.port;
- new_port0 = tcp0->src_port;
-
sum0 = tcp0->checksum;
sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
ip4_header_t,
}
else
{
- old_port0 = udp0->src_port;
- udp0->src_port = s0->out2in.port;
- udp0->checksum = 0;
+ if (PREDICT_FALSE (udp0->checksum))
+ {
+ sum0 = udp0->checksum;
+ sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+ ip4_header_t,
+ dst_address /* changed member */ );
+ sum0 = ip_csum_update (sum0, old_port0, new_port0,
+ ip4_header_t /* cheat */ ,
+ length /* changed member */ );
+ udp0->checksum = ip_csum_fold (sum0);
+ }
udp_packets++;
}
vlib_node_increment_counter (vm, stats_node_index,
SNAT_IN2OUT_ERROR_TCP_PACKETS, tcp_packets);
vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_UDP_PACKETS, tcp_packets);
+ SNAT_IN2OUT_ERROR_UDP_PACKETS, udp_packets);
vlib_node_increment_counter (vm, stats_node_index,
SNAT_IN2OUT_ERROR_ICMP_PACKETS, icmp_packets);
vlib_node_increment_counter (vm, stats_node_index,
if (PREDICT_FALSE (ip4_is_first_fragment (ip0)))
{
+ old_port0 = udp0->src_port;
+ new_port0 = udp0->src_port = s0->out2in.port;
+
if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
{
- old_port0 = tcp0->src_port;
- tcp0->src_port = s0->out2in.port;
- new_port0 = tcp0->src_port;
-
sum0 = tcp0->checksum;
sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
ip4_header_t,
length /* changed member */ );
tcp0->checksum = ip_csum_fold (sum0);
}
- else
+ else if (PREDICT_FALSE (udp0->checksum))
{
- old_port0 = udp0->src_port;
- udp0->src_port = s0->out2in.port;
- udp0->checksum = 0;
+ sum0 = udp0->checksum;
+ sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+ ip4_header_t,
+ dst_address /* changed member */ );
+ sum0 = ip_csum_update (sum0, old_port0, new_port0,
+ ip4_header_t /* cheat */ ,
+ length /* changed member */ );
+ udp0->checksum = ip_csum_fold (sum0);
}
}
if (PREDICT_FALSE (new_port0 != udp0->dst_port))
{
+ old_port0 = udp0->src_port;
+ udp0->src_port = new_port0;
+
if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
{
- old_port0 = tcp0->src_port;
- tcp0->src_port = new_port0;
-
sum0 = tcp0->checksum;
sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
ip4_header_t,
mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
- else
+ else if (udp0->checksum)
{
- old_port0 = udp0->src_port;
- udp0->src_port = new_port0;
- udp0->checksum = 0;
+ sum0 = udp0->checksum;
+ sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+ ip4_header_t,
+ dst_address /* changed member */ );
+ sum0 = ip_csum_update (sum0, old_port0, new_port0,
+ ip4_header_t /* cheat */ ,
+ length /* changed member */ );
+ udp0->checksum = ip_csum_fold (sum0);
}
}
else
mss_clamping (sm, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
+ else if (udp0->checksum)
+ {
+ sum0 = udp0->checksum;
+ sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
+ ip4_header_t,
+ dst_address /* changed member */ );
+ udp0->checksum = ip_csum_fold (sum0);
+ }
}
/* Hairpinning */
Code Review / vpp.git / blobdiff