nat: fix ICMP error translation

[vpp.git] / src / plugins / nat / nat44-ed / nat44_ed.c

diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c
index d3ef3d5..8f35643 100644 (file)
--- a/src/plugins/nat/nat44-ed/nat44_ed.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed.c
@@ -38,7 +38,7 @@
 #include <nat/nat44-ed/nat44_ed_affinity.h>
 #include <nat/nat44-ed/nat44_ed_inlines.h>
 
-#include <vpp/stats/stat_segment.h>
+#include <vlib/stats/stats.h>
 
 snat_main_t snat_main;
 
@@ -2290,8 +2290,8 @@ nat_init (vlib_main_t * vm)
 
   nat_init_simple_counter (sm->total_sessions, "total-sessions",
                           "/nat44-ed/total-sessions");
-  sm->max_cfg_sessions_gauge = stat_segment_new_entry (
-    (u8 *) "/nat44-ed/max-cfg-sessions", STAT_DIR_TYPE_SCALAR_INDEX);
+  sm->max_cfg_sessions_gauge =
+    vlib_stats_add_gauge ("/nat44-ed/max-cfg-sessions");
 
 #define _(x)                                                                  \
   nat_init_simple_counter (sm->counters.fastpath.in2out.x, #x,                \
@@ -2373,8 +2373,8 @@ nat44_plugin_enable (nat44_config_t c)
     c.sessions = 63 * 1024;
 
   sm->max_translations_per_thread = c.sessions;
-  stat_segment_set_state_counter (sm->max_cfg_sessions_gauge,
-                                 sm->max_translations_per_thread);
+  vlib_stats_set_gauge (sm->max_cfg_sessions_gauge,
+                       sm->max_translations_per_thread);
   sm->translation_buckets = nat_calc_bihash_buckets (c.sessions);
 
   vec_add1 (sm->max_translations_per_fib, sm->max_translations_per_thread);
@@ -2390,6 +2390,8 @@ nat44_plugin_enable (nat44_config_t c)
 
   nat44_ed_db_init (sm->max_translations_per_thread, sm->translation_buckets);
 
+  nat44_ed_init_tcp_state_stable (sm);
+
   nat_affinity_enable ();
 
   nat_reset_timeouts (&sm->timeouts);
@@ -2582,6 +2584,8 @@ nat44_plugin_disable ()
 
   clib_memset (&sm->rconfig, 0, sizeof (sm->rconfig));
 
+  nat_affinity_disable ();
+
   sm->forwarding_enabled = 0;
   sm->enabled = 0;
 
@@ -3141,8 +3145,8 @@ nat44_update_session_limit (u32 session_limit, u32 vrf_id)
     return 1;
   sm->max_translations_per_thread = nat44_get_max_session_limit ();
 
-  stat_segment_set_state_counter (sm->max_cfg_sessions_gauge,
-                                 sm->max_translations_per_thread);
+  vlib_stats_set_gauge (sm->max_cfg_sessions_gauge,
+                       sm->max_translations_per_thread);
 
   sm->translation_buckets =
     nat_calc_bihash_buckets (sm->max_translations_per_thread);
@@ -3797,6 +3801,9 @@ nat_6t_flow_icmp_translate (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b,
              icmp->checksum = new_icmp_sum;
              break;
            case IP_PROTOCOL_ICMP:
+             nat_6t_flow_ip4_translate (sm, b, inner_ip, f, inner_proto,
+                                        1 /* is_icmp_inner_ip4 */,
+                                        0 /* skip_saddr_rewrite */);
              if (f->ops & NAT_FLOW_OP_ICMP_ID_REWRITE)
                {
                  icmp46_header_t *inner_icmp = ip4_next_header (inner_ip);
@@ -4066,6 +4073,51 @@ nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t *isaddr,
                         is_twicenat);
 }
 
+u8 *
+format_nat44_ed_tcp_state (u8 *s, va_list *args)
+{
+  nat44_ed_tcp_state_e e = va_arg (*args, nat44_ed_tcp_state_e);
+  switch (e)
+    {
+    case NAT44_ED_TCP_STATE_CLOSED:
+      s = format (s, "closed");
+      break;
+    case NAT44_ED_TCP_STATE_SYN_I2O:
+      s = format (s, "SYN seen in in2out direction");
+      break;
+    case NAT44_ED_TCP_STATE_SYN_O2I:
+      s = format (s, "SYN seen in out2in direction");
+      break;
+    case NAT44_ED_TCP_STATE_ESTABLISHED:
+      s = format (s, "SYN seen in both directions/established");
+      break;
+    case NAT44_ED_TCP_STATE_FIN_I2O:
+      s = format (s, "FIN seen in in2out direction");
+      break;
+    case NAT44_ED_TCP_STATE_FIN_O2I:
+      s = format (s, "FIN seen in out2in direction");
+      break;
+    case NAT44_ED_TCP_STATE_RST_TRANS:
+      s = format (s, "RST seen/transitory timeout");
+      break;
+    case NAT44_ED_TCP_STATE_FIN_TRANS:
+      s = format (s, "FIN seen in both directions/transitory timeout");
+      break;
+    case NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I:
+      s = format (s, "FIN seen in both directions/transitory timeout/session "
+                    "reopening in out2in direction");
+      break;
+    case NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O:
+      s = format (s, "FIN seen in both directions/transitory timeout/session "
+                    "reopening in in2out direction");
+      break;
+    case NAT44_ED_TCP_N_STATE:
+      s = format (s, "BUG! unexpected N_STATE! BUG!");
+      break;
+    }
+  return s;
+}
+
 /*
  * fd.io coding-style-patch-verification: ON
  *