VLIB_PLUGIN_REGISTER () = {
.version = VPP_BUILD_VER,
- .description = "Network Address Translation",
+ .description = "Network Address Translation (NAT)",
};
/* *INDENT-ON* */
if (is_fwd_bypass_session (s))
{
+ if (snat_is_unk_proto_session (s))
+ {
+ ed_key.proto = s->in2out.port;
+ ed_key.r_port = 0;
+ ed_key.l_port = 0;
+ }
+ else
+ {
+ ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
+ ed_key.l_port = s->in2out.port;
+ ed_key.r_port = s->ext_host_port;
+ }
ed_key.l_addr = s->in2out.addr;
ed_key.r_addr = s->ext_host_addr;
- ed_key.l_port = s->in2out.port;
- ed_key.r_port = s->ext_host_port;
- ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
ed_key.fib_index = 0;
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
- nat_log_warn ("in2out_ed key del failed");
+ nat_elog_warn ("in2out_ed key del failed");
return;
}
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &ed_kv, 0))
- nat_log_warn ("out2in_ed key del failed");
+ nat_elog_warn ("out2in_ed key del failed");
ed_key.l_addr = s->in2out.addr;
ed_key.fib_index = s->in2out.fib_index;
if (!snat_is_unk_proto_session (s))
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
- nat_log_warn ("in2out_ed key del failed");
+ nat_elog_warn ("in2out_ed key del failed");
if (!is_ha)
nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
{
kv.key = s->in2out.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 0))
- nat_log_warn ("in2out key del failed");
+ nat_elog_warn ("in2out key del failed");
kv.key = s->out2in.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 0))
- nat_log_warn ("out2in key del failed");
+ nat_elog_warn ("out2in key del failed");
if (!is_ha)
nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
/* add user */
if (clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 1))
- nat_log_warn ("user_hash keay add failed");
+ nat_elog_warn ("user_hash keay add failed");
vlib_set_simple_counter (&sm->total_users, thread_index, 0,
pool_elts (tsm->users));
if ((u->nsessions + u->nstaticsessions) >=
sm->max_translations_per_user)
{
- nat_log_warn ("max translations per user %U", format_ip4_address,
- &u->addr);
+ nat_elog_addr (SNAT_LOG_WARNING, "[warn] max translations per user",
+ clib_net_to_host_u32 (u->addr.as_u32));
snat_ipfix_logging_max_entries_per_user
(thread_index, sm->max_translations_per_user, u->addr.as_u32);
return 0;
if (!addr_only)
{
- if (rp->l_port != l_port || rp->e_port != e_port
+ if ((rp->l_port != l_port && rp->e_port != e_port)
|| rp->proto != proto)
continue;
}
{
fib_index = sm->inside_fib_index;
vrf_id = sm->inside_vrf_id;
+ fib_table_lock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_PLUGIN_LOW);
}
if (!(out2in_only || identity_nat))
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
kv.value = m - sm->static_mappings;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_external, &kv, 1))
{
- nat_log_err ("static_mapping_by_external key add failed");
+ nat_elog_err ("static_mapping_by_external key add failed");
return VNET_API_ERROR_UNSPECIFIED;
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_external, &kv, 0))
{
- nat_log_err ("static_mapping_by_external key del failed");
+ nat_elog_err ("static_mapping_by_external key del failed");
return VNET_API_ERROR_UNSPECIFIED;
}
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 0))
{
- nat_log_err ("static_mapping_by_local key del failed");
+ nat_elog_err ("static_mapping_by_local key del failed");
return VNET_API_ERROR_UNSPECIFIED;
}
}
kv.key = m_key.as_u64;
kv.value = m - sm->static_mappings;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_local, &kv, 1))
- nat_log_err ("static_mapping_by_local key add failed");
+ nat_elog_err ("static_mapping_by_local key add failed");
}
}
else
m_key.fib_index = match_local->fib_index;
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_local, &kv, 0))
- nat_log_err ("static_mapping_by_local key del failed");
+ nat_elog_err ("static_mapping_by_local key del failed");
}
if (sm->num_workers > 1)
/* Check if address is used in some static mapping */
if (is_snat_address_used_in_static_mapping (sm, addr))
{
- nat_log_notice ("address used in static mapping");
+ nat_elog_notice ("address used in static mapping");
return VNET_API_ERROR_UNSPECIFIED;
}
}
nat_outside_fib_t *outside_fib;
snat_interface_t *i;
u8 is_add = 1;
+ u8 match = 0;
if (new_fib_index == old_fib_index)
return;
if (!vec_len (sm->outside_fibs))
return;
- pool_foreach (i, sm->interfaces, (
- {
- if (i->sw_if_index == sw_if_index)
- {
- if (!(nat_interface_is_outside (i)))
- return;}
- }
- ));
+ /* *INDENT-OFF* */
+ pool_foreach (i, sm->interfaces,
+ ({
+ if (i->sw_if_index == sw_if_index)
+ {
+ if (!(nat_interface_is_outside (i)))
+ return;
+ match = 1;
+ }
+ }));
+ /* *INDENT-ON* */
+
+ if (!match)
+ return;
+
vec_foreach (outside_fib, sm->outside_fibs)
{
if (outside_fib->fib_index == old_fib_index)
sm->workers = 0;
sm->port_per_thread = 0xffff - 1024;
sm->fq_in2out_index = ~0;
+ sm->fq_in2out_output_index = ~0;
sm->fq_out2in_index = ~0;
sm->udp_timeout = SNAT_UDP_TIMEOUT;
sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
sm->forwarding_enabled = 0;
sm->log_class = vlib_log_register_class ("nat", 0);
+ sm->log_level = SNAT_LOG_NONE;
sm->mss_clamping = 0;
node = vlib_get_node_by_name (vm, (u8 *) "error-drop");
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return;
}
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
}
match.protocol, match.port,
tmp[lo], m->affinity,
m->affinity_per_service_list_head_index))
- nat_log_info ("create affinity record failed");
+ nat_elog_info ("create affinity record failed");
}
vec_free (tmp);
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
/* first try static mappings without port */
if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
{
- make_sm_kv (&kv, &ip->dst_address, 0, rx_fib_index, 0);
+ make_sm_kv (&kv, &ip->dst_address, 0, 0, 0);
if (!clib_bihash_search_8_8
(&sm->static_mapping_by_external, &kv, &value))
{
/* try static mappings with port */
if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
{
- make_sm_kv (&kv, &ip->dst_address, proto, rx_fib_index,
+ make_sm_kv (&kv, &ip->dst_address, proto, 0,
clib_net_to_host_u16 (port));
if (!clib_bihash_search_8_8
(&sm->static_mapping_by_external, &kv, &value))
kv.key = key.as_u64;
kv.value = s - tsm->sessions;
if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 1))
- nat_log_warn ("out2in key add failed");
+ nat_elog_warn ("out2in key add failed");
key.addr.as_u32 = in_addr->as_u32;
key.port = in_port;
s->in2out = key;
kv.key = key.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 1))
- nat_log_warn ("in2out key add failed");
+ nat_elog_warn ("in2out key add failed");
}
void
snat_proto_to_ip_proto (proto), fib_index, in_port,
s->ext_host_nat_port);
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
- nat_log_warn ("in2out key add failed");
+ nat_elog_warn ("in2out key add failed");
make_ed_kv (&kv, out_addr, eh_addr, snat_proto_to_ip_proto (proto),
s->out2in.fib_index, out_port, eh_port);
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &kv, 1))
- nat_log_warn ("out2in key add failed");
+ nat_elog_warn ("out2in key add failed");
}
void
rp->proto, !is_delete, rp->twice_nat,
rp->out2in_only, rp->tag, rp->identity_nat);
if (rv)
- nat_log_notice ("snat_add_static_mapping returned %d", rv);
+ nat_elog_notice_X1 ("snat_add_static_mapping returned %d", "i4", rv);
}
static void
rp->out2in_only, rp->tag,
rp->identity_nat);
if (rv)
- nat_log_notice ("snat_add_static_mapping returned %d", rv);
+ nat_elog_notice_X1 ("snat_add_static_mapping returned %d",
+ "i4", rv);
}
}
return;