#include <nat/nat_ipfix_logging.h>
#include <nat/nat_reass.h>
#include <nat/nat_inlines.h>
+#include <nat/nat_syslog.h>
#define foreach_nat_in2out_ed_error \
_(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \
s->out2in.port,
s->in2out.fib_index);
+ nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
+ &s->in2out.addr, s->in2out.port,
+ &s->ext_host_nat_addr, s->ext_host_nat_port,
+ &s->out2in.addr, s->out2in.port,
+ &s->ext_host_addr, s->ext_host_port,
+ s->in2out.protocol, is_twice_nat_session (s));
+
if (is_twice_nat_session (s))
{
for (i = 0; i < vec_len (sm->twice_nat_addresses); i++)
u32 rx_fib_index,
clib_bihash_kv_16_8_t * kv,
snat_session_t ** sessionp,
- vlib_node_runtime_t * node, u32 next, u32 thread_index, f64 now)
+ vlib_node_runtime_t * node, u32 next, u32 thread_index, f64 now,
+ tcp_header_t * tcp)
{
snat_session_t *s = 0;
snat_user_t *u;
is_sm = 1;
}
+ if (proto == SNAT_PROTOCOL_TCP)
+ {
+ if (!tcp_is_init (tcp))
+ {
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
+ return NAT_IN2OUT_ED_NEXT_DROP;
+ }
+ }
+
u = nat_user_get_or_create (sm, &key->l_addr, rx_fib_index, thread_index);
if (!u)
{
s->in2out.protocol,
s->in2out.port,
s->out2in.port, s->in2out.fib_index);
+
+ nat_syslog_nat44_sadd (s->user_index, s->in2out.fib_index,
+ &s->in2out.addr, s->in2out.port,
+ &s->ext_host_nat_addr, s->ext_host_nat_port,
+ &s->out2in.addr, s->out2in.port,
+ &s->ext_host_addr, s->ext_host_port,
+ s->in2out.protocol, 0);
+
return next;
}
}
next = slow_path_ed (sm, b, rx_fib_index, &kv, &s, node, next,
- thread_index, vlib_time_now (sm->vlib_main));
+ thread_index, vlib_time_now (sm->vlib_main), 0);
if (PREDICT_FALSE (next == NAT_IN2OUT_ED_NEXT_DROP))
goto out;
goto trace00;
}
- if ((proto0 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp0))
- {
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next0 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace00;
- }
-
next0 =
slow_path_ed (sm, b0, rx_fib_index0, &kv0, &s0, node,
- next0, thread_index, now);
+ next0, thread_index, now, tcp0);
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace00;
goto trace01;
}
- if ((proto1 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp1))
- {
- b1->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next1 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace01;
- }
-
next1 =
slow_path_ed (sm, b1, rx_fib_index1, &kv1, &s1, node,
- next1, thread_index, now);
+ next1, thread_index, now, tcp1);
if (PREDICT_FALSE (next1 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace01;
goto trace0;
}
- if ((proto0 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp0))
- {
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next0 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace0;
- }
-
next0 =
slow_path_ed (sm, b0, rx_fib_index0, &kv0, &s0, node,
- next0, thread_index, now);
+ next0, thread_index, now, tcp0);
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace0;
}
}
- if ((proto0 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp0))
- {
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next0 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace0;
- }
-
next0 = slow_path_ed (sm, b0, rx_fib_index0, &kv0,
- &s0, node, next0, thread_index, now);
+ &s0, node, next0, thread_index, now,
+ tcp0);
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace0;
Code Review / vpp.git / blobdiff