#include <vlib/vlib.h>
#include <vnet/vnet.h>
-#include <vnet/pg/pg.h>
#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/fib/ip4_fib.h>
-#include <vnet/udp/udp.h>
+#include <vnet/udp/udp_local.h>
#include <nat/nat.h>
-#include <nat/nat_ipfix_logging.h>
+#include <nat/lib/ipfix_logging.h>
#include <nat/nat_inlines.h>
#include <nat/nat44/inlines.h>
#include <nat/nat_syslog.h>
#define foreach_snat_in2out_error \
_(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
-_(IN2OUT_PACKETS, "good in2out packets processed") \
_(OUT_OF_PORTS, "out of ports") \
_(BAD_OUTSIDE_FIB, "outside VRF ID not found") \
_(BAD_ICMP_TYPE, "unsupported ICMP type") \
_(NO_TRANSLATION, "no translation") \
_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
-_(DROP_FRAGMENT, "drop fragment") \
-_(TCP_PACKETS, "TCP packets") \
-_(UDP_PACKETS, "UDP packets") \
-_(ICMP_PACKETS, "ICMP packets") \
-_(OTHER_PACKETS, "other protocol packets") \
-_(FRAGMENTS, "fragments") \
_(CANNOT_CREATE_USER, "cannot create NAT user")
typedef enum
if (!snat_static_mapping_match
(sm, ip0->dst_address, udp0->dst_port, sm->outside_fib_index,
proto0, &placeholder_addr, &placeholder_port,
- &placeholder_fib_index, 1, 0, 0, 0, 0, 0))
+ &placeholder_fib_index, 1, 0, 0, 0, 0, 0, 0))
return 0;
}
else
if (clib_bihash_add_del_8_8 (&tsm->out2in, &s_kv, 0))
nat_elog_warn ("out2in key del failed");
- snat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
- s->in2out.addr.as_u32,
- s->out2in.addr.as_u32,
- s->nat_proto,
- s->in2out.port,
- s->out2in.port,
- s->in2out.fib_index);
+ nat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
+ s->in2out.addr.as_u32,
+ s->out2in.addr.as_u32,
+ s->nat_proto,
+ s->in2out.port,
+ s->out2in.port,
+ s->in2out.fib_index);
nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
&s->in2out.addr, s->in2out.port,
/* First try to match static mapping by local address and port */
if (snat_static_mapping_match
(sm, i2o_addr, i2o_port, rx_fib_index0, nat_proto, &sm_addr,
- &sm_port, &sm_fib_index, 0, 0, 0, 0, 0, &identity_nat))
+ &sm_port, &sm_fib_index, 0, 0, 0, 0, 0, &identity_nat, 0))
{
/* Try to create dynamic translation */
if (snat_alloc_outside_address_and_port (sm->addresses, rx_fib_index0,
nat_elog_notice ("out2in key add failed");
/* log NAT event */
- snat_ipfix_logging_nat44_ses_create (thread_index,
- s->in2out.addr.as_u32,
- s->out2in.addr.as_u32,
- s->nat_proto,
- s->in2out.port,
- s->out2in.port, s->in2out.fib_index);
+ nat_ipfix_logging_nat44_ses_create (thread_index,
+ s->in2out.addr.as_u32,
+ s->out2in.addr.as_u32,
+ s->nat_proto,
+ s->in2out.port,
+ s->out2in.port, s->in2out.fib_index);
nat_syslog_nat44_apmadd (s->user_index, s->in2out.fib_index,
&s->in2out.addr, s->in2out.port, &s->out2in.addr,
if (snat_static_mapping_match
(sm, *addr, *port, *fib_index, *proto, &sm_addr, &sm_port,
- &sm_fib_index, 0, &is_addr_only, 0, 0, 0, 0))
+ &sm_fib_index, 0, &is_addr_only, 0, 0, 0, 0, 0))
{
if (PREDICT_FALSE (snat_not_translate_fast (sm, node, sw_if_index0, ip0,
IP_PROTOCOL_ICMP,
if (vnet_buffer (b0)->sw_if_index[VLIB_TX] == ~0)
{
- if (sm->deterministic ||
- 0 != snat_icmp_hairpinning (sm, b0, ip0, icmp0,
+ if (0 != snat_icmp_hairpinning (sm, b0, ip0, icmp0,
sm->endpoint_dependent))
vnet_buffer (b0)->sw_if_index[VLIB_TX] = fib_index;
}
int is_output_feature)
{
u32 n_left_from, *from;
- u32 pkts_processed = 0;
snat_main_t *sm = &snat_main;
f64 now = vlib_time_now (vm);
- u32 stats_node_index;
u32 thread_index = vm->thread_index;
- u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
- 0, fragments = 0;
-
- stats_node_index = is_slow_path ? sm->in2out_slowpath_node_index :
- sm->in2out_node_index;
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
b0->error =
node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
}
- other_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ other : &sm->counters.fastpath.
+ in2out.other, thread_index,
+ sw_if_index0, 1);
goto trace00;
}
next0 = icmp_in2out_slow_path
(sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
node, next0, now, thread_index, &s0);
- icmp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ icmp : &sm->counters.fastpath.
+ in2out.icmp, thread_index,
+ sw_if_index0, 1);
goto trace00;
}
}
mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
- tcp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.tcp : &sm->
+ counters.fastpath.in2out.tcp,
+ thread_index, sw_if_index0, 1);
}
else
{
udp0->checksum = ip_csum_fold (sum0);
}
}
- udp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.udp : &sm->
+ counters.fastpath.in2out.udp,
+ thread_index, sw_if_index0, 1);
}
/* Accounting */
s0 - sm->per_thread_data[thread_index].sessions;
}
- pkts_processed += next0 == SNAT_IN2OUT_NEXT_LOOKUP;
+ if (next0 == SNAT_IN2OUT_NEXT_DROP)
+ {
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ drops : &sm->counters.fastpath.
+ in2out.drops, thread_index,
+ sw_if_index0, 1);
+ }
if (is_output_feature)
iph_offset1 = vnet_buffer (b1)->ip.reass.save_rewrite_length;
b1->error =
node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
}
- other_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ other : &sm->counters.fastpath.
+ in2out.other, thread_index,
+ sw_if_index1, 1);
goto trace01;
}
next1 = icmp_in2out_slow_path
(sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node,
next1, now, thread_index, &s1);
- icmp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ icmp : &sm->counters.fastpath.
+ in2out.icmp, thread_index,
+ sw_if_index1, 1);
goto trace01;
}
}
mss_clamping (sm->mss_clamping, tcp1, &sum1);
tcp1->checksum = ip_csum_fold (sum1);
}
- tcp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.tcp : &sm->
+ counters.fastpath.in2out.tcp,
+ thread_index, sw_if_index1, 1);
}
else
{
udp1->checksum = ip_csum_fold (sum1);
}
}
- udp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.udp : &sm->
+ counters.fastpath.in2out.udp,
+ thread_index, sw_if_index1, 1);
}
/* Accounting */
s1 - sm->per_thread_data[thread_index].sessions;
}
- pkts_processed += next1 == SNAT_IN2OUT_NEXT_LOOKUP;
+ if (next1 == SNAT_IN2OUT_NEXT_DROP)
+ {
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ drops : &sm->counters.fastpath.
+ in2out.drops, thread_index,
+ sw_if_index1, 1);
+ }
n_left_from -= 2;
next[0] = next0;
b0->error =
node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
}
- other_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ other : &sm->counters.fastpath.
+ in2out.other, thread_index,
+ sw_if_index0, 1);
goto trace0;
}
next0 = icmp_in2out_slow_path
(sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
next0, now, thread_index, &s0);
- icmp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ icmp : &sm->counters.fastpath.
+ in2out.icmp, thread_index,
+ sw_if_index0, 1);
goto trace0;
}
}
mss_clamping (sm->mss_clamping, tcp0, &sum0);
tcp0->checksum = ip_csum_fold (sum0);
}
- tcp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.tcp : &sm->
+ counters.fastpath.in2out.tcp,
+ thread_index, sw_if_index0, 1);
}
else
{
udp0->checksum = ip_csum_fold (sum0);
}
}
- udp_packets++;
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.udp : &sm->
+ counters.fastpath.in2out.udp,
+ thread_index, sw_if_index0, 1);
}
/* Accounting */
s0 - sm->per_thread_data[thread_index].sessions;
}
- pkts_processed += next0 == SNAT_IN2OUT_NEXT_LOOKUP;
+ if (next0 == SNAT_IN2OUT_NEXT_DROP)
+ {
+ vlib_increment_simple_counter (is_slow_path ? &sm->
+ counters.slowpath.in2out.
+ drops : &sm->counters.fastpath.
+ in2out.drops, thread_index,
+ sw_if_index0, 1);
+ }
n_left_from--;
next[0] = next0;
vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
frame->n_vectors);
-
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_IN2OUT_PACKETS,
- pkts_processed);
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_TCP_PACKETS, tcp_packets);
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_UDP_PACKETS, udp_packets);
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_ICMP_PACKETS, icmp_packets);
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_OTHER_PACKETS,
- other_packets);
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_FRAGMENTS, fragments);
-
return frame->n_vectors;
}
{
u32 n_left_from, *from, *to_next;
snat_in2out_next_t next_index;
- u32 pkts_processed = 0;
snat_main_t *sm = &snat_main;
- u32 stats_node_index;
int is_hairpinning = 0;
- stats_node_index = sm->in2out_fast_node_index;
-
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
next_index = node->cached_next_index;
if (snat_static_mapping_match
(sm, ip0->src_address, udp0->src_port, rx_fib_index0, proto0,
- &sm0_addr, &sm0_port, &sm0_fib_index, 0, 0, 0, 0, 0, 0))
+ &sm0_addr, &sm0_port, &sm0_fib_index, 0, 0, 0, 0, 0, 0, 0))
{
b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
next0 = SNAT_IN2OUT_NEXT_DROP;
t->is_hairpinning = is_hairpinning;
}
- pkts_processed += next0 != SNAT_IN2OUT_NEXT_DROP;
+ if (next0 != SNAT_IN2OUT_NEXT_DROP)
+ {
+
+ vlib_increment_simple_counter (&sm->counters.fastpath.
+ in2out.other, sw_if_index0,
+ vm->thread_index, 1);
+ }
/* verify speculative enqueue, maybe switch current next frame */
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- vlib_node_increment_counter (vm, stats_node_index,
- SNAT_IN2OUT_ERROR_IN2OUT_PACKETS,
- pkts_processed);
return frame->n_vectors;
}
Code Review / vpp.git / blobdiff