{
snat_session_key_t key;
clib_bihash_kv_8_8_t kv;
- nat_ed_ses_key_t ed_key;
+ u8 proto;
+ u16 r_port, l_port;
+ ip4_address_t *l_addr, *r_addr;
+ u32 fib_index = 0;
clib_bihash_kv_16_8_t ed_kv;
snat_main_per_thread_data_t *tsm =
vec_elt_at_index (sm->per_thread_data, thread_index);
{
if (snat_is_unk_proto_session (s))
{
- ed_key.proto = s->in2out.port;
- ed_key.r_port = 0;
- ed_key.l_port = 0;
+ make_ed_kv (&s->in2out.addr, &s->ext_host_addr, s->in2out.port, 0,
+ 0, 0, ~0ULL, &ed_kv);
}
else
{
- ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
- ed_key.l_port = s->in2out.port;
- ed_key.r_port = s->ext_host_port;
+ l_port = s->in2out.port;
+ r_port = s->ext_host_port;
+ l_addr = &s->in2out.addr;
+ r_addr = &s->ext_host_addr;
+ proto = snat_proto_to_ip_proto (s->in2out.protocol);
+ make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
+ &ed_kv);
}
- ed_key.l_addr = s->in2out.addr;
- ed_key.r_addr = s->ext_host_addr;
- ed_key.fib_index = 0;
- ed_kv.key[0] = ed_key.as_u64[0];
- ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
nat_elog_warn ("in2out_ed key del failed");
return;
if (is_affinity_sessions (s))
nat_affinity_unlock (s->ext_host_addr, s->out2in.addr,
s->in2out.protocol, s->out2in.port);
- ed_key.l_addr = s->out2in.addr;
- ed_key.r_addr = s->ext_host_addr;
- ed_key.fib_index = s->out2in.fib_index;
+ l_addr = &s->out2in.addr;
+ r_addr = &s->ext_host_addr;
+ fib_index = s->out2in.fib_index;
if (snat_is_unk_proto_session (s))
{
- ed_key.proto = s->in2out.port;
- ed_key.r_port = 0;
- ed_key.l_port = 0;
+ proto = s->in2out.port;
+ r_port = 0;
+ l_port = 0;
}
else
{
- ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
- ed_key.l_port = s->out2in.port;
- ed_key.r_port = s->ext_host_port;
+ proto = snat_proto_to_ip_proto (s->in2out.protocol);
+ l_port = s->out2in.port;
+ r_port = s->ext_host_port;
}
- ed_kv.key[0] = ed_key.as_u64[0];
- ed_kv.key[1] = ed_key.as_u64[1];
+ make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
+ &ed_kv);
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &ed_kv, 0))
nat_elog_warn ("out2in_ed key del failed");
- ed_key.l_addr = s->in2out.addr;
- ed_key.fib_index = s->in2out.fib_index;
+ l_addr = &s->in2out.addr;
+ fib_index = s->in2out.fib_index;
if (!snat_is_unk_proto_session (s))
- ed_key.l_port = s->in2out.port;
+ l_port = s->in2out.port;
if (is_twice_nat_session (s))
{
- ed_key.r_addr = s->ext_host_nat_addr;
- ed_key.r_port = s->ext_host_nat_port;
+ r_addr = &s->ext_host_nat_addr;
+ r_port = s->ext_host_nat_port;
}
- ed_kv.key[0] = ed_key.as_u64[0];
- ed_kv.key[1] = ed_key.as_u64[1];
+ make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
+ &ed_kv);
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
nat_elog_warn ("in2out_ed key del failed");
&s->out2in);
}
+int
+nat44_set_session_limit (u32 session_limit, u32 vrf_id)
+{
+ snat_main_t *sm = &snat_main;
+ u32 fib_index = fib_table_find (FIB_PROTOCOL_IP4, vrf_id);
+ u32 len = vec_len (sm->max_translations_per_fib);
+
+ if (len <= fib_index)
+ {
+ vec_validate (sm->max_translations_per_fib, fib_index + 1);
+
+ for (; len < vec_len (sm->max_translations_per_fib); len++)
+ sm->max_translations_per_fib[len] = sm->max_translations;
+ }
+
+ sm->max_translations_per_fib[fib_index] = session_limit;
+ return 0;
+}
+
void
nat44_free_session_data (snat_main_t * sm, snat_session_t * s,
u32 thread_index, u8 is_ha)
{
snat_session_key_t key;
- nat_ed_ses_key_t ed_key;
+ u8 proto;
+ u16 r_port, l_port;
+ ip4_address_t *l_addr, *r_addr;
+ u32 fib_index;
clib_bihash_kv_16_8_t ed_kv;
snat_main_per_thread_data_t *tsm =
vec_elt_at_index (sm->per_thread_data, thread_index);
{
if (snat_is_unk_proto_session (s))
{
- ed_key.proto = s->in2out.port;
- ed_key.r_port = 0;
- ed_key.l_port = 0;
+ proto = s->in2out.port;
+ r_port = 0;
+ l_port = 0;
}
else
{
- ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
- ed_key.l_port = s->in2out.port;
- ed_key.r_port = s->ext_host_port;
+ proto = snat_proto_to_ip_proto (s->in2out.protocol);
+ l_port = s->in2out.port;
+ r_port = s->ext_host_port;
}
- ed_key.l_addr = s->in2out.addr;
- ed_key.r_addr = s->ext_host_addr;
- ed_key.fib_index = 0;
- ed_kv.key[0] = ed_key.as_u64[0];
- ed_kv.key[1] = ed_key.as_u64[1];
+ l_addr = &s->in2out.addr;
+ r_addr = &s->ext_host_addr;
+ fib_index = 0;
+ make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
+ &ed_kv);
if (PREDICT_FALSE
(clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0)))
if (is_affinity_sessions (s))
nat_affinity_unlock (s->ext_host_addr, s->out2in.addr,
s->in2out.protocol, s->out2in.port);
- ed_key.l_addr = s->out2in.addr;
- ed_key.r_addr = s->ext_host_addr;
- ed_key.fib_index = s->out2in.fib_index;
+ l_addr = &s->out2in.addr;
+ r_addr = &s->ext_host_addr;
+ fib_index = s->out2in.fib_index;
if (snat_is_unk_proto_session (s))
{
- ed_key.proto = s->in2out.port;
- ed_key.r_port = 0;
- ed_key.l_port = 0;
+ proto = s->in2out.port;
+ r_port = 0;
+ l_port = 0;
}
else
{
- ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
- ed_key.l_port = s->out2in.port;
- ed_key.r_port = s->ext_host_port;
+ proto = snat_proto_to_ip_proto (s->in2out.protocol);
+ l_port = s->out2in.port;
+ r_port = s->ext_host_port;
}
- ed_kv.key[0] = ed_key.as_u64[0];
- ed_kv.key[1] = ed_key.as_u64[1];
+ make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
+ &ed_kv);
if (PREDICT_FALSE (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &ed_kv, 0)))
nat_elog_warn ("out2in_ed key del failed");
- ed_key.l_addr = s->in2out.addr;
- ed_key.fib_index = s->in2out.fib_index;
+ l_addr = &s->in2out.addr;
+ fib_index = s->in2out.fib_index;
if (!snat_is_unk_proto_session (s))
- ed_key.l_port = s->in2out.port;
+ l_port = s->in2out.port;
if (is_twice_nat_session (s))
{
- ed_key.r_addr = s->ext_host_nat_addr;
- ed_key.r_port = s->ext_host_nat_port;
+ r_addr = &s->ext_host_nat_addr;
+ r_port = s->ext_host_nat_port;
}
-
- ed_kv.key[0] = ed_key.as_u64[0];
- ed_kv.key[1] = ed_key.as_u64[1];
+ make_ed_kv (l_addr, r_addr, proto, fib_index, l_port, r_port, ~0ULL,
+ &ed_kv);
if (PREDICT_FALSE (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0)))
nat_elog_warn ("in2out_ed key del failed");
if (sm->fq_in2out_index == ~0 && !sm->deterministic && sm->num_workers > 1)
sm->fq_in2out_index =
- vlib_frame_queue_main_init (sm->handoff_in2out_index, NAT_FQ_NELTS);
+ vlib_frame_queue_main_init (sm->in2out_node_index, NAT_FQ_NELTS);
if (sm->fq_out2in_index == ~0 && !sm->deterministic && sm->num_workers > 1)
sm->fq_out2in_index =
- vlib_frame_queue_main_init (sm->handoff_out2in_index, NAT_FQ_NELTS);
+ vlib_frame_queue_main_init (sm->out2in_node_index, NAT_FQ_NELTS);
if (!is_inside)
{
fq:
if (sm->fq_in2out_output_index == ~0 && sm->num_workers > 1)
sm->fq_in2out_output_index =
- vlib_frame_queue_main_init (sm->handoff_in2out_output_index, 0);
+ vlib_frame_queue_main_init (sm->in2out_output_node_index, 0);
if (sm->fq_out2in_index == ~0 && sm->num_workers > 1)
sm->fq_out2in_index =
- vlib_frame_queue_main_init (sm->handoff_out2in_index, 0);
+ vlib_frame_queue_main_init (sm->out2in_node_index, 0);
/* *INDENT-OFF* */
pool_foreach (i, sm->output_feature_interfaces,
snat_session_key_t * k,
u16 port_per_thread, u32 snat_thread_index);
+void
+test_ed_make_split ()
+{
+ ip4_address_t l_addr;
+ l_addr.as_u8[0] = 1;
+ l_addr.as_u8[1] = 1;
+ l_addr.as_u8[2] = 1;
+ l_addr.as_u8[3] = 1;
+ ip4_address_t r_addr;
+ r_addr.as_u8[0] = 2;
+ r_addr.as_u8[1] = 2;
+ r_addr.as_u8[2] = 2;
+ r_addr.as_u8[3] = 2;
+ u16 l_port = 40001;
+ u16 r_port = 40301;
+ u8 proto = 9;
+ u32 fib_index = 9000001;
+ u64 value = ~0ULL;
+ clib_bihash_kv_16_8_t kv;
+ make_ed_kv (&l_addr, &r_addr, proto, fib_index, l_port, r_port, value, &kv);
+ ip4_address_t l_addr2;
+ ip4_address_t r_addr2;
+ clib_memset (&l_addr2, 0, sizeof (l_addr2));
+ clib_memset (&r_addr2, 0, sizeof (r_addr2));
+ u16 l_port2 = 0;
+ u16 r_port2 = 0;
+ u8 proto2 = 0;
+ u32 fib_index2 = 0;
+ split_ed_kv (&kv, &l_addr2, &r_addr2, &proto2, &fib_index2, &l_port2,
+ &r_port2);
+ u64 value2 = kv.value;
+ ASSERT (l_addr.as_u32 == l_addr2.as_u32);
+ ASSERT (r_addr.as_u32 == r_addr2.as_u32);
+ ASSERT (l_port == l_port2);
+ ASSERT (r_port == r_port2);
+ ASSERT (proto == proto2);
+ ASSERT (fib_index == fib_index2);
+ ASSERT (value == value2);
+}
+
static clib_error_t *
snat_init (vlib_main_t * vm)
{
ip4_add_del_interface_address_callback_t cb4;
vlib_node_t *node;
- sm->vlib_main = vm;
sm->vnet_main = vnet_get_main ();
sm->ip4_main = im;
sm->ip4_lookup_main = lm;
{
for (i = 0; i < sm->num_workers; i++)
bitmap = clib_bitmap_set (bitmap, i, 1);
+ // sets thread indexes for workes
snat_set_workers (bitmap);
clib_bitmap_free (bitmap);
}
FIB_SOURCE_PRIORITY_LOW,
FIB_SOURCE_BH_SIMPLE);
+ test_ed_make_split ();
return error;
}
format_ed_session_kvp (u8 * s, va_list * args)
{
clib_bihash_kv_16_8_t *v = va_arg (*args, clib_bihash_kv_16_8_t *);
- nat_ed_ses_key_t k;
- k.as_u64[0] = v->key[0];
- k.as_u64[1] = v->key[1];
+ u8 proto;
+ u16 r_port, l_port;
+ ip4_address_t l_addr, r_addr;
+ u32 fib_index;
+ split_ed_kv (v, &l_addr, &r_addr, &proto, &fib_index, &l_port, &r_port);
s =
format (s, "local %U:%d remote %U:%d proto %U fib %d session-index %llu",
- format_ip4_address, &k.l_addr, clib_net_to_host_u16 (k.l_port),
- format_ip4_address, &k.r_addr, clib_net_to_host_u16 (k.r_port),
- format_ip_protocol, k.proto, k.fib_index, v->value);
+ format_ip4_address, &l_addr, clib_net_to_host_u16 (l_port),
+ format_ip4_address, &r_addr, clib_net_to_host_u16 (r_port),
+ format_ip_protocol, proto, fib_index, v->value);
return s;
}
break;
}
- make_ed_kv (&kv16, &ip->src_address, &ip->dst_address,
- ip->protocol, fib_index, udp->src_port, udp->dst_port);
+ make_ed_kv (&ip->src_address, &ip->dst_address,
+ ip->protocol, fib_index, udp->src_port, udp->dst_port,
+ ~0ULL, &kv16);
/* *INDENT-OFF* */
vec_foreach (tsm, sm->per_thread_data)
{
udp = ip4_next_header (ip);
- make_ed_kv (&kv16, &ip->dst_address, &ip->src_address,
- ip->protocol, rx_fib_index, udp->dst_port, udp->src_port);
+ make_ed_kv (&ip->dst_address, &ip->src_address,
+ ip->protocol, rx_fib_index, udp->dst_port, udp->src_port,
+ ~0ULL, &kv16);
/* *INDENT-OFF* */
vec_foreach (tsm, sm->per_thread_data)
}
else if (proto == SNAT_PROTOCOL_ICMP)
{
- nat_ed_ses_key_t key;
-
- if (!get_icmp_o2i_ed_key (b, ip, &key))
+ if (!get_icmp_o2i_ed_key (b, ip, rx_fib_index, ~0ULL, 0, 0, 0, &kv16))
{
-
- key.fib_index = rx_fib_index;
- kv16.key[0] = key.as_u64[0];
- kv16.key[1] = key.as_u64[1];
-
/* *INDENT-OFF* */
vec_foreach (tsm, sm->per_thread_data)
{
u32 fib_index, u16 flags, u32 thread_index)
{
snat_main_t *sm = &snat_main;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
snat_session_key_t key;
snat_user_t *u;
snat_session_t *s;
clib_bihash_kv_8_8_t kv;
- f64 now = vlib_time_now (sm->vlib_main);
+ vlib_main_t *vm = vlib_get_main ();
+ f64 now = vlib_time_now (vm);
nat_outside_fib_t *outside_fib;
fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
- snat_main_per_thread_data_t *tsm;
fib_prefix_t pfx = {
.fp_proto = FIB_PROTOCOL_IP4,
.fp_len = 32,
},
};
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
key.addr.as_u32 = out_addr->as_u32;
key.port = out_port;
key.protocol = proto;
u32 fib_index, u16 flags, u32 thread_index)
{
snat_main_t *sm = &snat_main;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
snat_session_key_t key;
snat_session_t *s;
clib_bihash_kv_16_8_t kv;
- f64 now = vlib_time_now (sm->vlib_main);
+ vlib_main_t *vm = vlib_get_main ();
+ f64 now = vlib_time_now (vm);
nat_outside_fib_t *outside_fib;
fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
- snat_main_per_thread_data_t *tsm;
fib_prefix_t pfx = {
.fp_proto = FIB_PROTOCOL_IP4,
.fp_len = 32,
},
};
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
key.addr.as_u32 = out_addr->as_u32;
key.port = out_port;
key.protocol = proto;
key.fib_index = fib_index;
s->in2out = key;
- make_ed_kv (&kv, in_addr, &s->ext_host_nat_addr,
+ make_ed_kv (in_addr, &s->ext_host_nat_addr,
snat_proto_to_ip_proto (proto), fib_index, in_port,
- s->ext_host_nat_port);
+ s->ext_host_nat_port, s - tsm->sessions, &kv);
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
nat_elog_warn ("in2out key add failed");
- make_ed_kv (&kv, out_addr, eh_addr, snat_proto_to_ip_proto (proto),
- s->out2in.fib_index, out_port, eh_port);
+ make_ed_kv (out_addr, eh_addr, snat_proto_to_ip_proto (proto),
+ s->out2in.fib_index, out_port, eh_port, s - tsm->sessions, &kv);
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &kv, 1))
nat_elog_warn ("out2in key add failed");
}
u32 fib_index, u32 ti)
{
snat_main_t *sm = &snat_main;
- nat_ed_ses_key_t key;
clib_bihash_kv_16_8_t kv, value;
u32 thread_index;
snat_session_t *s;
thread_index = sm->num_workers;
tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
- key.l_addr.as_u32 = out_addr->as_u32;
- key.l_port = out_port;
- key.r_addr.as_u32 = eh_addr->as_u32;
- key.r_port = eh_port;
- key.proto = proto;
- key.fib_index = fib_index;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
+ make_ed_kv (out_addr, eh_addr, proto, fib_index, out_port, eh_port, ~0ULL,
+ &kv);
if (clib_bihash_search_16_8 (&tsm->out2in_ed, &kv, &value))
return;
u32 thread_index)
{
snat_main_t *sm = &snat_main;
- nat_ed_ses_key_t key;
clib_bihash_kv_16_8_t kv, value;
snat_session_t *s;
snat_main_per_thread_data_t *tsm;
tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
- key.l_addr.as_u32 = out_addr->as_u32;
- key.l_port = out_port;
- key.r_addr.as_u32 = eh_addr->as_u32;
- key.r_port = eh_port;
- key.proto = proto;
- key.fib_index = fib_index;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
+ make_ed_kv (out_addr, eh_addr, proto, fib_index, out_port, eh_port, ~0ULL,
+ &kv);
if (clib_bihash_search_16_8 (&tsm->out2in_ed, &kv, &value))
return;
s->total_bytes = total_bytes;
}
+void
+nat44_db_init (snat_main_per_thread_data_t * tsm)
+{
+ snat_main_t *sm = &snat_main;
+
+ pool_alloc (tsm->sessions, sm->max_translations);
+ pool_alloc (tsm->global_lru_pool, sm->max_translations);
+
+ dlist_elt_t *head;
+ pool_get (tsm->global_lru_pool, head);
+ tsm->global_lru_head_index = head - tsm->global_lru_pool;
+ clib_dlist_init (tsm->global_lru_pool, tsm->global_lru_head_index);
+
+ if (sm->endpoint_dependent)
+ {
+ clib_bihash_init_16_8 (&tsm->in2out_ed, "in2out-ed",
+ sm->translation_buckets,
+ sm->translation_memory_size);
+ clib_bihash_set_kvp_format_fn_16_8 (&tsm->in2out_ed,
+ format_ed_session_kvp);
+ clib_bihash_init_16_8 (&tsm->out2in_ed, "out2in-ed",
+ sm->translation_buckets,
+ sm->translation_memory_size);
+ clib_bihash_set_kvp_format_fn_16_8 (&tsm->out2in_ed,
+ format_ed_session_kvp);
+ }
+ else
+ {
+ clib_bihash_init_8_8 (&tsm->in2out, "in2out",
+ sm->translation_buckets,
+ sm->translation_memory_size);
+ clib_bihash_set_kvp_format_fn_8_8 (&tsm->in2out, format_session_kvp);
+ clib_bihash_init_8_8 (&tsm->out2in, "out2in",
+ sm->translation_buckets,
+ sm->translation_memory_size);
+ clib_bihash_set_kvp_format_fn_8_8 (&tsm->out2in, format_session_kvp);
+ }
+
+ // TODO: resolve static mappings (put only to !ED)
+ pool_alloc (tsm->list_pool, sm->max_translations);
+ clib_bihash_init_8_8 (&tsm->user_hash, "users", sm->user_buckets,
+ sm->user_memory_size);
+ clib_bihash_set_kvp_format_fn_8_8 (&tsm->user_hash, format_user_kvp);
+}
+
+void
+nat44_db_free (snat_main_per_thread_data_t * tsm)
+{
+ snat_main_t *sm = &snat_main;
+
+ pool_free (tsm->sessions);
+ pool_free (tsm->global_lru_pool);
+
+ if (sm->endpoint_dependent)
+ {
+ clib_bihash_free_16_8 (&tsm->in2out_ed);
+ clib_bihash_free_16_8 (&tsm->out2in_ed);
+ }
+ else
+ {
+ clib_bihash_free_8_8 (&tsm->in2out);
+ clib_bihash_free_8_8 (&tsm->out2in);
+ }
+
+ // TODO: resolve static mappings (put only to !ED)
+ pool_free (tsm->users);
+ pool_free (tsm->list_pool);
+ clib_bihash_free_8_8 (&tsm->user_hash);
+}
+
static clib_error_t *
snat_config (vlib_main_t * vm, unformat_input_t * input)
{
snat_main_t *sm = &snat_main;
nat66_main_t *nm = &nat66_main;
- //dslite_main_t *dm = &dslite_main;
snat_main_per_thread_data_t *tsm;
u32 static_mapping_buckets = 1024;
sm->translation_buckets = translation_buckets;
sm->translation_memory_size = translation_memory_size;
-
/* do not exceed load factor 10 */
sm->max_translations = 10 * translation_buckets;
+ vec_add1 (sm->max_translations_per_fib, sm->max_translations);
+
sm->max_translations_per_user = max_translations_per_user == ~0 ?
sm->max_translations : max_translations_per_user;
sm->worker_in2out_cb = nat44_ed_get_worker_in2out_cb;
sm->worker_out2in_cb = nat44_ed_get_worker_out2in_cb;
- sm->handoff_out2in_index = nat_pre_out2in_node.index;
- sm->handoff_in2out_index = nat_pre_in2out_node.index;
- sm->handoff_in2out_output_index = nat44_ed_in2out_output_node.index;
-
sm->in2out_node_index = nat44_ed_in2out_node.index;
sm->in2out_output_node_index = nat44_ed_in2out_output_node.index;
sm->out2in_node_index = nat44_ed_out2in_node.index;
sm->worker_in2out_cb = snat_get_worker_in2out_cb;
sm->worker_out2in_cb = snat_get_worker_out2in_cb;
- sm->handoff_out2in_index = snat_out2in_node.index;
- sm->handoff_in2out_index = snat_in2out_node.index;
- sm->handoff_in2out_output_index = snat_in2out_output_node.index;
-
sm->in2out_node_index = snat_in2out_node.index;
sm->in2out_output_node_index = snat_in2out_output_node.index;
sm->out2in_node_index = snat_out2in_node.index;
+
sm->icmp_match_in2out_cb = icmp_match_in2out_slow;
sm->icmp_match_out2in_cb = icmp_match_out2in_slow;
nat_ha_init (vm, nat_ha_sadd_cb, nat_ha_sdel_cb, nat_ha_sref_cb);
/* *INDENT-OFF* */
vec_foreach (tsm, sm->per_thread_data)
{
- pool_alloc (tsm->sessions, sm->max_translations);
- pool_alloc (tsm->list_pool, sm->max_translations);
- pool_alloc (tsm->global_lru_pool, sm->max_translations);
-
- dlist_elt_t *head;
- pool_get (tsm->global_lru_pool, head);
- tsm->global_lru_head_index = head - tsm->global_lru_pool;
- clib_dlist_init (tsm->global_lru_pool,
- tsm->global_lru_head_index);
-
- if (sm->endpoint_dependent)
- {
- clib_bihash_init_16_8 (&tsm->in2out_ed, "in2out-ed",
- translation_buckets,
- translation_memory_size);
- clib_bihash_set_kvp_format_fn_16_8 (&tsm->in2out_ed,
- format_ed_session_kvp);
-
- clib_bihash_init_16_8 (&tsm->out2in_ed, "out2in-ed",
- translation_buckets,
- translation_memory_size);
- clib_bihash_set_kvp_format_fn_16_8 (&tsm->out2in_ed,
- format_ed_session_kvp);
- }
- else
- {
- clib_bihash_init_8_8 (&tsm->in2out, "in2out",
- translation_buckets,
- translation_memory_size);
- clib_bihash_set_kvp_format_fn_8_8 (&tsm->in2out,
- format_session_kvp);
-
- clib_bihash_init_8_8 (&tsm->out2in, "out2in",
- translation_buckets,
- translation_memory_size);
- clib_bihash_set_kvp_format_fn_8_8 (&tsm->out2in,
- format_session_kvp);
- }
-
- clib_bihash_init_8_8 (&tsm->user_hash, "users", user_buckets,
- user_memory_size);
- clib_bihash_set_kvp_format_fn_8_8 (&tsm->user_hash,
- format_user_kvp);
+ nat44_db_init (tsm);
}
/* *INDENT-ON* */
-
}
else
{
{
ip4_header_t ip;
clib_bihash_16_8_t *t;
- nat_ed_ses_key_t key;
clib_bihash_kv_16_8_t kv, value;
u32 fib_index = fib_table_find (FIB_PROTOCOL_IP4, vrf_id);
snat_session_t *s;
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
t = is_in ? &tsm->in2out_ed : &tsm->out2in_ed;
- key.l_addr.as_u32 = addr->as_u32;
- key.r_addr.as_u32 = eh_addr->as_u32;
- key.l_port = clib_host_to_net_u16 (port);
- key.r_port = clib_host_to_net_u16 (eh_port);
- key.proto = proto;
- key.fib_index = fib_index;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
+ make_ed_kv (addr, eh_addr, proto, fib_index, clib_host_to_net_u16 (port),
+ clib_host_to_net_u16 (eh_port), ~0ULL, &kv);
if (clib_bihash_search_16_8 (t, &kv, &value))
- return VNET_API_ERROR_NO_SUCH_ENTRY;
+ {
+ return VNET_API_ERROR_NO_SUCH_ENTRY;
+ }
if (pool_is_free_index (tsm->sessions, value.value))
return VNET_API_ERROR_UNSPECIFIED;
.next_nodes = {
[NAT_NEXT_DROP] = "error-drop",
[NAT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
- [NAT_NEXT_IN2OUT_PRE] = "nat-pre-in2out",
- [NAT_NEXT_OUT2IN_PRE] = "nat-pre-out2in",
+ //[NAT_NEXT_IN2OUT_PRE] = "nat-pre-in2out",
+ //[NAT_NEXT_OUT2IN_PRE] = "nat-pre-out2in",
[NAT_NEXT_IN2OUT_ED_FAST_PATH] = "nat44-ed-in2out",
[NAT_NEXT_IN2OUT_ED_SLOW_PATH] = "nat44-ed-in2out-slowpath",
[NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH] = "nat44-ed-in2out-output-slowpath",
[NAT_NEXT_OUT2IN_ED_FAST_PATH] = "nat44-ed-out2in",
[NAT_NEXT_OUT2IN_ED_SLOW_PATH] = "nat44-ed-out2in-slowpath",
+ [NAT_NEXT_IN2OUT_CLASSIFY] = "nat44-in2out-worker-handoff",
+ [NAT_NEXT_OUT2IN_CLASSIFY] = "nat44-out2in-worker-handoff",
},
};
/* *INDENT-ON* */
Code Review / vpp.git / blobdiff