clib_bihash_kv_8_8_t kv;
nat_ed_ses_key_t ed_key;
clib_bihash_kv_16_8_t ed_kv;
- int i;
- snat_address_t *a;
snat_main_per_thread_data_t *tsm =
vec_elt_at_index (sm->per_thread_data, thread_index);
/* Twice NAT address and port for external host */
if (is_twice_nat_session (s))
{
- for (i = 0; i < vec_len (sm->twice_nat_addresses); i++)
- {
- key.protocol = s->in2out.protocol;
- key.port = s->ext_host_nat_port;
- a = sm->twice_nat_addresses + i;
- if (a->addr.as_u32 == s->ext_host_nat_addr.as_u32)
- {
- snat_free_outside_address_and_port (sm->twice_nat_addresses,
- thread_index, &key, i);
- break;
- }
- }
+ key.protocol = s->in2out.protocol;
+ key.port = s->ext_host_nat_port;
+ key.addr.as_u32 = s->ext_host_nat_addr.as_u32;
+ snat_free_outside_address_and_port (sm->twice_nat_addresses,
+ thread_index, &key);
}
if (snat_is_session_static (s))
if (s->outside_address_index != ~0)
snat_free_outside_address_and_port (sm->addresses, thread_index,
- &s->out2in, s->outside_address_index);
+ &s->out2in);
}
snat_user_t *
/* add user */
if (clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 1))
nat_log_warn ("user_hash keay add failed");
-
- clib_warning("%U %d", format_ip4_address, addr, fib_index);
}
else
{
return s;
}
+snat_session_t *
+nat_ed_session_alloc (snat_main_t *sm, snat_user_t *u, u32 thread_index)
+{
+ snat_session_t *s;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
+ dlist_elt_t * per_user_translation_list_elt;
+
+ if ((u->nsessions + u->nstaticsessions) >= sm->max_translations_per_user)
+ {
+ nat_log_warn ("max translations per user %U", format_ip4_address, &u->addr);
+ snat_ipfix_logging_max_entries_per_user (sm->max_translations_per_user,
+ u->addr.as_u32);
+ return 0;
+ }
+
+ pool_get (tsm->sessions, s);
+ memset (s, 0, sizeof (*s));
+ s->outside_address_index = ~0;
+
+ /* Create list elts */
+ pool_get (tsm->list_pool, per_user_translation_list_elt);
+ clib_dlist_init (tsm->list_pool,
+ per_user_translation_list_elt - tsm->list_pool);
+
+ per_user_translation_list_elt->value = s - tsm->sessions;
+ s->per_user_index = per_user_translation_list_elt - tsm->list_pool;
+ s->per_user_list_head_index = u->sessions_per_user_list_head_index;
+
+ clib_dlist_addtail (tsm->list_pool,
+ s->per_user_list_head_index,
+ per_user_translation_list_elt - tsm->list_pool);
+
+ return s;
+}
+
typedef struct {
u8 next_in2out;
} nat44_classify_trace_t;
vnet_feature_enable_disable ("ip4-local",
"nat44-ed-hairpinning",
sw_if_index, 1, 0, 0);
- else
+ else if (!sm->deterministic)
vnet_feature_enable_disable ("ip4-local",
"nat44-hairpinning",
sw_if_index, 1, 0, 0);
vnet_feature_enable_disable ("ip4-local",
"nat44-ed-hairpinning",
sw_if_index, 0, 0, 0);
- else
+ else if (!sm->deterministic)
vnet_feature_enable_disable ("ip4-local",
"nat44-hairpinning",
sw_if_index, 0, 0, 0);
if (sm->endpoint_dependent)
vnet_feature_enable_disable ("ip4-local", "nat44-ed-hairpinning",
sw_if_index, 0, 0, 0);
- else
+ else if (!sm->deterministic)
vnet_feature_enable_disable ("ip4-local", "nat44-hairpinning",
sw_if_index, 0, 0, 0);
}
if (sm->endpoint_dependent)
vnet_feature_enable_disable ("ip4-local", "nat44-ed-hairpinning",
sw_if_index, 1, 0, 0);
- else
+ else if (!sm->deterministic)
vnet_feature_enable_disable ("ip4-local", "nat44-hairpinning",
sw_if_index, 1, 0, 0);
}
void snat_free_outside_address_and_port (snat_address_t * addresses,
u32 thread_index,
- snat_session_key_t * k,
- u32 address_index)
+ snat_session_key_t * k)
{
snat_address_t *a;
+ u32 address_index;
u16 port_host_byte_order = clib_net_to_host_u16 (k->port);
+ for (address_index = 0; address_index < vec_len (addresses); address_index++)
+ {
+ if (addresses[address_index].addr.as_u32 == k->addr.as_u32)
+ break;
+ }
+
ASSERT (address_index < vec_len (addresses));
a = addresses + address_index;
}
u8 * format_snat_key (u8 * s, va_list * args);
+u8 * format_static_mapping_key (u8 * s, va_list * args);
u8 *
format_session_kvp (u8 * s, va_list * args)
k.as_u64 = v->key;
- s = format (s, "%U static-mapping-index %llu", format_snat_key, &k, v->value);
+ s = format (s, "%U static-mapping-index %llu",
+ format_static_mapping_key, &k, v->value);
return s;
}
format_unformat_error, input);
}
+ if (sm->deterministic && sm->endpoint_dependent)
+ return clib_error_return (
+ 0, "deterministic and endpoint-dependent modes are mutually exclusive");
+
+ if (static_mapping_only && (sm->deterministic || sm->endpoint_dependent))
+ return clib_error_return (
+ 0, "static mapping only mode available only for simple nat");
+
+ if (sm->out2in_dpo && (sm->deterministic || sm->endpoint_dependent))
+ return clib_error_return (
+ 0, "out2in dpo mode available only for simple nat");
+
/* for show commands, etc. */
sm->translation_buckets = translation_buckets;
sm->translation_memory_size = translation_memory_size;
return s;
}
+u8 * format_static_mapping_key (u8 * s, va_list * args)
+{
+ snat_session_key_t * key = va_arg (*args, snat_session_key_t *);
+
+ s = format (s, "%U proto %U port %d fib %d",
+ format_ip4_address, &key->addr,
+ format_snat_protocol, key->protocol,
+ key->port, key->fib_index);
+ return s;
+}
+
u8 * format_snat_session (u8 * s, va_list * args)
{
snat_main_per_thread_data_t * sm = va_arg (*args, snat_main_per_thread_data_t *);