static inline uword
nat44_classify_node_fn_inline (vlib_main_t * vm,
vlib_node_runtime_t * node,
- vlib_frame_t * frame)
+ vlib_frame_t * frame,
+ int is_ed)
{
u32 n_left_from, * from, * to_next;
nat44_classify_next_t next_index;
snat_main_t *sm = &snat_main;
snat_static_mapping_t *m;
+ u32 thread_index = vm->thread_index;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
{
u32 bi0;
vlib_buffer_t *b0;
- u32 next0 = NAT44_CLASSIFY_NEXT_IN2OUT;
+ u32 next0 = NAT44_CLASSIFY_NEXT_IN2OUT, sw_if_index0, rx_fib_index0;
ip4_header_t *ip0;
snat_address_t *ap;
snat_session_key_t m_key0;
clib_bihash_kv_8_8_t kv0, value0;
+ clib_bihash_kv_16_8_t ed_kv0, ed_value0;
+ udp_header_t *udp0;
/* speculatively enqueue b0 to the current next frame */
bi0 = from[0];
b0 = vlib_get_buffer (vm, bi0);
ip0 = vlib_buffer_get_current (b0);
+ udp0 = ip4_next_header (ip0);
+
+ if (is_ed)
+ {
+ sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
+ rx_fib_index0 =
+ fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
+ sw_if_index0);
+ make_ed_kv (&ed_kv0, &ip0->src_address, &ip0->dst_address,
+ ip0->protocol, rx_fib_index0, udp0->src_port,
+ udp0->dst_port);
+ if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &ed_kv0, &ed_value0))
+ goto enqueue0;
+ }
vec_foreach (ap, sm->addresses)
{
m_key0.addr = ip0->dst_address;
m_key0.port = 0;
m_key0.protocol = 0;
- m_key0.fib_index = sm->outside_fib_index;
+ m_key0.fib_index = 0;
kv0.key = m_key0.as_u64;
if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv0, &value0))
{
next0 = NAT44_CLASSIFY_NEXT_OUT2IN;
goto enqueue0;
}
- udp_header_t * udp0 = ip4_next_header (ip0);
m_key0.port = clib_net_to_host_u16 (udp0->dst_port);
m_key0.protocol = ip_proto_to_snat_proto (ip0->protocol);
kv0.key = m_key0.as_u64;
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
- return nat44_classify_node_fn_inline (vm, node, frame);
+ return nat44_classify_node_fn_inline (vm, node, frame, 0);
};
VLIB_REGISTER_NODE (nat44_classify_node) = {
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
- return nat44_classify_node_fn_inline (vm, node, frame);
+ return nat44_classify_node_fn_inline (vm, node, frame, 1);
};
VLIB_REGISTER_NODE (nat44_ed_classify_node) = {
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
- return nat44_classify_node_fn_inline (vm, node, frame);
+ return nat44_classify_node_fn_inline (vm, node, frame, 0);
};
VLIB_REGISTER_NODE (nat44_det_classify_node) = {
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
- return nat44_classify_node_fn_inline (vm, node, frame);
+ return nat44_classify_node_fn_inline (vm, node, frame, 0);
};
VLIB_REGISTER_NODE (nat44_handoff_classify_node) = {
m_key.addr = e_addr;
m_key.port = addr_only ? 0 : e_port;
m_key.protocol = addr_only ? 0 : proto;
- m_key.fib_index = sm->outside_fib_index;
+ m_key.fib_index = 0;
kv.key = m_key.as_u64;
if (clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
m = 0;
m_key.addr = m->external_addr;
m_key.port = m->external_port;
- m_key.fib_index = sm->outside_fib_index;
+ m_key.fib_index = 0;
kv.key = m_key.as_u64;
kv.value = m - sm->static_mappings;
clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 1);
m_key.addr = m->external_addr;
m_key.port = m->external_port;
- m_key.fib_index = sm->outside_fib_index;
+ m_key.fib_index = 0;
kv.key = m_key.as_u64;
clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 0);
}
int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
- snat_protocol_t proto, u32 vrf_id,
+ snat_protocol_t proto,
nat44_lb_addr_port_t *locals, u8 is_add,
twice_nat_type_t twice_nat, u8 out2in_only,
u8 *tag)
snat_static_mapping_t *m;
snat_session_key_t m_key;
clib_bihash_kv_8_8_t kv, value;
- u32 fib_index;
snat_address_t *a = 0;
int i;
nat44_lb_addr_port_t *local;
m_key.addr = e_addr;
m_key.port = e_port;
m_key.protocol = proto;
- m_key.fib_index = sm->outside_fib_index;
+ m_key.fib_index = 0;
kv.key = m_key.as_u64;
if (clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
m = 0;
if (vec_len (locals) < 2)
return VNET_API_ERROR_INVALID_VALUE;
- fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
- vrf_id,
- FIB_SOURCE_PLUGIN_LOW);
-
/* Find external address in allocated addresses and reserve port for
address and port pair mapping when dynamic translations enabled */
if (!(sm->static_mapping_only || out2in_only))
m->tag = vec_dup (tag);
m->external_addr = e_addr;
m->addr_only = 0;
- m->vrf_id = vrf_id;
- m->fib_index = fib_index;
m->external_port = e_port;
m->proto = proto;
m->twice_nat = twice_nat;
m_key.addr = m->external_addr;
m_key.port = m->external_port;
m_key.protocol = m->proto;
- m_key.fib_index = sm->outside_fib_index;
+ m_key.fib_index = 0;
kv.key = m_key.as_u64;
kv.value = m - sm->static_mappings;
if (clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 1))
m_key.fib_index = m->fib_index;
for (i = 0; i < vec_len (locals); i++)
{
+ locals[i].fib_index = fib_table_find_or_create_and_lock (
+ FIB_PROTOCOL_IP4, locals[i].vrf_id, FIB_SOURCE_PLUGIN_LOW);
m_key.addr = locals[i].addr;
+ m_key.fib_index = locals[i].fib_index;
if (!out2in_only)
{
m_key.port = locals[i].port;
if (!m)
return VNET_API_ERROR_NO_SUCH_ENTRY;
- fib_table_unlock (m->fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_PLUGIN_LOW);
-
/* Free external address port */
if (!(sm->static_mapping_only || out2in_only))
{
m_key.addr = m->external_addr;
m_key.port = m->external_port;
m_key.protocol = m->proto;
- m_key.fib_index = sm->outside_fib_index;
+ m_key.fib_index = 0;
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 0))
{
vec_foreach (local, m->locals)
{
+ fib_table_unlock (local->fib_index, FIB_PROTOCOL_IP4,
+ FIB_SOURCE_PLUGIN_LOW);
m_key.addr = local->addr;
if (!out2in_only)
{
m_key.port = local->port;
- m_key.fib_index = m->fib_index;
+ m_key.fib_index = local->fib_index;
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 0))
{
snat_address_t * ap;
snat_static_mapping_t * m;
snat_det_map_t * dm;
+ nat_outside_fib_t *outside_fib;
+ u32 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
+ sw_if_index);
if (sm->out2in_dpo && !is_inside)
return VNET_API_ERROR_UNSUPPORTED;
sm->fq_out2in_index = vlib_frame_queue_main_init (sm->out2in_node_index,
NAT_FQ_NELTS);
+ if (!is_inside)
+ {
+ vec_foreach (outside_fib, sm->outside_fibs)
+ {
+ if (outside_fib->fib_index == fib_index)
+ {
+ if (is_del)
+ {
+ outside_fib->refcount--;
+ if (!outside_fib->refcount)
+ vec_del1 (sm->outside_fibs, outside_fib - sm->outside_fibs);
+ }
+ else
+ outside_fib->refcount++;
+ goto feature_set;
+ }
+ }
+ if (!is_del)
+ {
+ vec_add2 (sm->outside_fibs, outside_fib, 1);
+ outside_fib->refcount = 1;
+ outside_fib->fib_index = fib_index;
+ }
+ }
+feature_set:
pool_foreach (i, sm->interfaces,
({
if (i->sw_if_index == sw_if_index)
clib_bihash_8_8_t *mapping_hash = &sm->static_mapping_by_local;
u32 rand, lo = 0, hi, mid;
+ m_key.fib_index = match.fib_index;
if (by_external)
- mapping_hash = &sm->static_mapping_by_external;
+ {
+ mapping_hash = &sm->static_mapping_by_external;
+ m_key.fib_index = 0;
+ }
m_key.addr = match.addr;
m_key.port = clib_net_to_host_u16 (match.port);
m_key.protocol = match.protocol;
- m_key.fib_index = match.fib_index;
kv.key = m_key.as_u64;
}
mapping->addr = m->locals[lo].addr;
mapping->port = clib_host_to_net_u16 (m->locals[lo].port);
+ mapping->fib_index = m->locals[lo].fib_index;
}
else
{
+ mapping->fib_index = m->fib_index;
mapping->addr = m->local_addr;
/* Address only mapping doesn't change port */
mapping->port = m->addr_only ? match.port
: clib_host_to_net_u16 (m->local_port);
}
- mapping->fib_index = m->fib_index;
mapping->protocol = m->proto;
}
else
{
if (vec_len (m->locals))
{
- s = format (s, "%U vrf %d external %U:%d %s %s",
+ s = format (s, "%U external %U:%d %s %s",
format_snat_protocol, m->proto,
- m->vrf_id,
format_ip4_address, &m->external_addr, m->external_port,
m->twice_nat == TWICE_NAT ? "twice-nat" :
m->twice_nat == TWICE_NAT_SELF ? "self-twice-nat" : "",
m->out2in_only ? "out2in-only" : "");
vec_foreach (local, m->locals)
- s = format (s, "\n local %U:%d probability %d\%",
+ s = format (s, "\n local %U:%d vrf %d probability %d\%",
format_ip4_address, &local->addr, local->port,
- local->probability);
+ local->vrf_id, local->probability);
}
else
s = format (s, "%U local %U:%d external %U:%d vrf %d %s %s",
Code Review / vpp.git / blobdiff