t->is_slow_path ? "NAT44_IN2OUT_ED_SLOW_PATH" :
"NAT44_IN2OUT_ED_FAST_PATH";
- s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag,
- t->sw_if_index, t->next_index, t->session_index);
+ s = format (s, "%s: sw_if_index %d, next index %d", tag, t->sw_if_index,
+ t->next_index);
if (~0 != t->session_index)
{
- s = format (s, ", translation result '%U' via %s",
- format_nat_ed_translation_error, t->translation_error,
+ s = format (s, ", session %d, translation result '%U' via %s",
+ t->session_index, format_nat_ed_translation_error,
+ t->translation_error,
t->translation_via_i2of ? "i2of" : "o2if");
s = format (s, "\n i2of %U", format_nat_6t_flow, &t->i2of);
s = format (s, "\n o2if %U", format_nat_6t_flow, &t->o2if);
if (dport)
{
/* Address only mapping doesn't change port */
- *dport = is_addr_only_static_mapping (m) ? match_port : m->local_port;
+ *dport = is_sm_addr_only (m->flags) ? match_port : m->local_port;
}
return 1;
}
ip4_address_t outside_addr;
u16 outside_port;
u32 outside_fib_index;
- u8 is_identity_nat;
+ u8 is_identity_nat = 0;
u32 nat_proto = ip_proto_to_nat_proto (proto);
snat_session_t *s = NULL;
ip4_address_t daddr = r_addr;
u16 dport = r_port;
- if (PREDICT_TRUE (nat_proto == NAT_PROTOCOL_TCP))
- {
- if (PREDICT_FALSE
- (!tcp_flags_is_init
- (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)))
- {
- b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- return NAT_NEXT_DROP;
- }
- }
-
if (PREDICT_FALSE
(nat44_ed_maximum_sessions_exceeded (sm, rx_fib_index, thread_index)))
{
}
else
{
+ if (PREDICT_FALSE (is_identity_nat))
+ {
+ *sessionp = NULL;
+ return next;
+ }
is_sm = 1;
}
- if (PREDICT_FALSE (is_sm && is_identity_nat))
+ if (PREDICT_TRUE (nat_proto == NAT_PROTOCOL_TCP))
{
- *sessionp = NULL;
- return next;
+ if (PREDICT_FALSE (!tcp_flags_is_init (
+ vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)))
+ {
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
+ return NAT_NEXT_DROP;
+ }
}
s = nat_ed_session_alloc (sm, thread_index, now, proto);
rx_fib_index, proto);
nat_6t_flow_saddr_rewrite_set (&s->i2o, outside_addr.as_u32);
nat_6t_flow_daddr_rewrite_set (&s->i2o, daddr.as_u32);
+
if (NAT_PROTOCOL_ICMP == nat_proto)
{
nat_6t_flow_icmp_id_rewrite_set (&s->i2o, outside_port);
}
static_always_inline int
-nat44_ed_not_translate_output_feature (snat_main_t * sm, ip4_header_t * ip,
- u16 src_port, u16 dst_port,
- u32 thread_index, u32 rx_sw_if_index,
- u32 tx_sw_if_index, f64 now)
+nat44_ed_not_translate_output_feature (snat_main_t *sm, vlib_buffer_t *b,
+ ip4_header_t *ip, u16 src_port,
+ u16 dst_port, u32 thread_index,
+ u32 rx_sw_if_index, u32 tx_sw_if_index,
+ f64 now, int is_multi_worker)
{
clib_bihash_kv_16_8_t kv, value;
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
}
/* dst NAT check */
+ if (is_multi_worker &&
+ PREDICT_TRUE (!pool_is_free_index (
+ tsm->sessions, vnet_buffer2 (b)->nat.cached_dst_nat_session_index)))
+ {
+ nat_6t_t lookup;
+ lookup.fib_index = rx_fib_index;
+ lookup.proto = ip->protocol;
+ lookup.daddr.as_u32 = ip->src_address.as_u32;
+ lookup.dport = src_port;
+ lookup.saddr.as_u32 = ip->dst_address.as_u32;
+ lookup.sport = dst_port;
+ s = pool_elt_at_index (
+ tsm->sessions, vnet_buffer2 (b)->nat.cached_dst_nat_session_index);
+ if (PREDICT_TRUE (nat_6t_t_eq (&s->i2o.match, &lookup)))
+ {
+ goto skip_dst_nat_lookup;
+ }
+ s = NULL;
+ }
+
init_ed_k (&kv, ip->dst_address, dst_port, ip->src_address, src_port,
rx_fib_index, ip->protocol);
if (!clib_bihash_search_16_8 (&sm->flow_hash, &kv, &value))
pool_elt_at_index (tsm->sessions,
ed_value_get_session_index (&value));
+ skip_dst_nat_lookup:
if (is_fwd_bypass_session (s))
return 0;
icmp46_header_t *icmp, u32 sw_if_index,
u32 rx_fib_index, vlib_node_runtime_t *node,
u32 next, f64 now, u32 thread_index,
- nat_protocol_t nat_proto, snat_session_t **s_p)
+ nat_protocol_t nat_proto, snat_session_t **s_p,
+ int is_multi_worker)
{
vlib_main_t *vm = vlib_get_main ();
u16 checksum;
if (vnet_buffer (b)->sw_if_index[VLIB_TX] != ~0)
{
if (PREDICT_FALSE (nat44_ed_not_translate_output_feature (
- sm, ip, lookup_sport, lookup_dport, thread_index, sw_if_index,
- vnet_buffer (b)->sw_if_index[VLIB_TX], now)))
+ sm, b, ip, lookup_sport, lookup_dport, thread_index, sw_if_index,
+ vnet_buffer (b)->sw_if_index[VLIB_TX], now, is_multi_worker)))
{
return next;
}
vlib_prefetch_buffer_header (p2, LOAD);
- CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, LOAD);
+ clib_prefetch_load (p2->data);
}
if (is_output_feature)
fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0);
lookup.fib_index = rx_fib_index0;
- if (PREDICT_FALSE (ip0->ttl == 1))
+ if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1))
{
vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
skip_lookup:
+ ASSERT (thread_index == s0->thread_index);
+
if (PREDICT_FALSE (per_vrf_sessions_is_expired (s0, thread_index)))
{
// session is closed, go slow path
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
if (NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, f, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, f, proto0, is_output_feature)))
{
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
}
static inline uword
-nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm,
- vlib_node_runtime_t * node,
- vlib_frame_t * frame,
- int is_output_feature)
+nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
+ vlib_node_runtime_t *node,
+ vlib_frame_t *frame,
+ int is_output_feature,
+ int is_multi_worker)
{
u32 n_left_from, *from;
snat_main_t *sm = &snat_main;
rx_fib_index0 =
fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0);
- if (PREDICT_FALSE (ip0->ttl == 1))
+ if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1))
{
vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
if (!s0)
next[0] = NAT_NEXT_DROP;
- if (NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ if (NAT_NEXT_DROP != next[0] && s0 &&
+ NAT_ED_TRNSL_ERR_SUCCESS !=
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat_ed_session_delete (sm, s0, thread_index, 1);
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
{
- next[0] = icmp_in2out_ed_slow_path (sm, b0, ip0, icmp0, sw_if_index0,
- rx_fib_index0, node, next[0],
- now, thread_index, proto0, &s0);
+ next[0] = icmp_in2out_ed_slow_path (
+ sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next[0],
+ now, thread_index, proto0, &s0, is_multi_worker);
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat_ed_session_delete (sm, s0, thread_index, 1);
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
{
if (is_output_feature)
{
- if (PREDICT_FALSE
- (nat44_ed_not_translate_output_feature
- (sm, ip0, vnet_buffer (b0)->ip.reass.l4_src_port,
+ if (PREDICT_FALSE (nat44_ed_not_translate_output_feature (
+ sm, b0, ip0, vnet_buffer (b0)->ip.reass.l4_src_port,
vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index,
- sw_if_index0, vnet_buffer (b0)->sw_if_index[VLIB_TX],
- now)))
+ sw_if_index0, vnet_buffer (b0)->sw_if_index[VLIB_TX], now,
+ is_multi_worker)))
goto trace0;
/*
b0->flags |= VNET_BUFFER_F_IS_NATED;
if (NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
- s0 = NULL;
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
vlib_node_runtime_t *
node, vlib_frame_t * frame)
{
- return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 0);
+ if (snat_main.num_workers > 1)
+ {
+ return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 0, 1);
+ }
+ else
+ {
+ return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 0, 0);
+ }
}
VLIB_REGISTER_NODE (nat44_ed_in2out_slowpath_node) = {
* node,
vlib_frame_t * frame)
{
- return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 1);
+ if (snat_main.num_workers > 1)
+ {
+ return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 1, 1);
+ }
+ else
+ {
+ return nat44_ed_in2out_slow_path_node_fn_inline (vm, node, frame, 1, 0);
+ }
}
VLIB_REGISTER_NODE (nat44_ed_in2out_output_slowpath_node) = {
Code Review / vpp.git / blobdiff