* @param rt NAT runtime data
* @param sw_if_index0 index of the inside interface
* @param ip0 IPv4 header
- * @param proto0 NAT protocol
* @param rx_fib_index0 RX FIB index
*
* @returns 0 if packet should be translated otherwise 1
*/
static inline int
snat_not_translate_fast (snat_main_t *sm, vlib_node_runtime_t *node,
- u32 sw_if_index0, ip4_header_t *ip0, u32 proto0,
+ u32 sw_if_index0, ip4_header_t *ip0,
u32 rx_fib_index0)
{
fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
pool_foreach (i, sm->interfaces)
{
/* NAT packet aimed at outside interface */
- if ((nat_interface_is_outside (i)) &&
+ if ((nat44_ed_is_interface_outside (i)) &&
(sw_if_index == i->sw_if_index))
return 0;
}
if (vec_len (sm->addresses) > 0)
{
- int s_addr_offset = s_addr.as_u32 % vec_len (sm->addresses);
+ u32 s_addr_offset = s_addr.as_u32 % vec_len (sm->addresses);
for (i = s_addr_offset; i < vec_len (sm->addresses); ++i)
{
if (dport)
{
/* Address only mapping doesn't change port */
- *dport = is_addr_only_static_mapping (m) ? match_port : m->local_port;
+ *dport = is_sm_addr_only (m->flags) ? match_port : m->local_port;
}
return 1;
}
ip4_address_t outside_addr;
u16 outside_port;
u32 outside_fib_index;
- u8 is_identity_nat;
+ u8 is_identity_nat = 0;
u32 nat_proto = ip_proto_to_nat_proto (proto);
snat_session_t *s = NULL;
ip4_address_t daddr = r_addr;
u16 dport = r_port;
- if (PREDICT_TRUE (nat_proto == NAT_PROTOCOL_TCP))
- {
- if (PREDICT_FALSE
- (!tcp_flags_is_init
- (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)))
- {
- b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- return NAT_NEXT_DROP;
- }
- }
-
if (PREDICT_FALSE
(nat44_ed_maximum_sessions_exceeded (sm, rx_fib_index, thread_index)))
{
}
else
{
+ if (PREDICT_FALSE (is_identity_nat))
+ {
+ *sessionp = NULL;
+ return next;
+ }
is_sm = 1;
}
- if (PREDICT_FALSE (is_sm && is_identity_nat))
+ if (PREDICT_TRUE (nat_proto == NAT_PROTOCOL_TCP))
{
- *sessionp = NULL;
- return next;
+ if (PREDICT_FALSE (!tcp_flags_is_init (
+ vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)))
+ {
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
+ return NAT_NEXT_DROP;
+ }
}
s = nat_ed_session_alloc (sm, thread_index, now, proto);
if (lb)
s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
- s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
s->ext_host_addr = r_addr;
s->ext_host_port = r_port;
nat44_ed_not_translate (vlib_main_t *vm, snat_main_t *sm,
vlib_node_runtime_t *node, u32 sw_if_index,
vlib_buffer_t *b, ip4_header_t *ip, u32 proto,
- u32 rx_fib_index, u32 thread_index)
+ u32 rx_fib_index)
{
clib_bihash_kv_16_8_t kv, value;
if (sm->forwarding_enabled)
return 1;
- return snat_not_translate_fast (sm, node, sw_if_index, ip, proto,
- rx_fib_index);
+ return snat_not_translate_fast (sm, node, sw_if_index, ip, rx_fib_index);
}
static_always_inline int
pool_elt_at_index (tsm->sessions,
ed_value_get_session_index (&value));
- if (is_fwd_bypass_session (s))
+ if (na44_ed_is_fwd_bypass_session (s))
{
if (ip->protocol == IP_PROTOCOL_TCP)
{
ed_value_get_session_index (&value));
skip_dst_nat_lookup:
- if (is_fwd_bypass_session (s))
+ if (na44_ed_is_fwd_bypass_session (s))
return 0;
/* hairpinning */
pool_foreach (i, sm->output_feature_interfaces)
{
- if ((nat_interface_is_inside (i)) && (rx_sw_if_index == i->sw_if_index))
- return 0;
+ if ((nat44_ed_is_interface_inside (i)) &&
+ (rx_sw_if_index == i->sw_if_index))
+ return 0;
}
return 1;
}
icmp46_header_t *icmp, u32 sw_if_index,
u32 rx_fib_index, vlib_node_runtime_t *node,
u32 next, f64 now, u32 thread_index,
- nat_protocol_t nat_proto, snat_session_t **s_p,
- int is_multi_worker)
+ snat_session_t **s_p, int is_multi_worker)
{
vlib_main_t *vm = vlib_get_main ();
u16 checksum;
{
if (PREDICT_FALSE (nat44_ed_not_translate (vm, sm, node, sw_if_index, b,
ip, NAT_PROTOCOL_ICMP,
- rx_fib_index, thread_index)))
+ rx_fib_index)))
{
return next;
}
s->ext_host_addr.as_u32 = ip->dst_address.as_u32;
s->flags |= SNAT_SESSION_FLAG_UNKNOWN_PROTO;
- s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
s->out2in.addr.as_u32 = new_src_addr.as_u32;
s->out2in.fib_index = outside_fib_index;
s->in2out.addr.as_u32 = ip->src_address.as_u32;
while (n_left_from > 0)
{
vlib_buffer_t *b0;
- u32 sw_if_index0, rx_fib_index0, iph_offset0 = 0;
+ u32 rx_sw_if_index0, rx_fib_index0, iph_offset0 = 0;
+ u32 tx_sw_if_index0;
+ u32 cntr_sw_if_index0;
nat_protocol_t proto0;
ip4_header_t *ip0;
snat_session_t *s0 = 0;
vlib_prefetch_buffer_header (p2, LOAD);
- CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, LOAD);
+ clib_prefetch_load (p2->data);
}
if (is_output_feature)
ip0 =
(ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) + iph_offset0);
- sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- rx_fib_index0 =
- fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0);
+ rx_sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
+ tx_sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX];
+ cntr_sw_if_index0 =
+ is_output_feature ? tx_sw_if_index0 : rx_sw_if_index0;
+ rx_fib_index0 = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
+ rx_sw_if_index0);
lookup.fib_index = rx_fib_index0;
if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1))
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
if (NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, f, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, f, proto0, is_output_feature)))
{
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
{
case NAT_PROTOCOL_TCP:
vlib_increment_simple_counter (&sm->counters.fastpath.in2out.tcp,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
nat44_set_tcp_session_state_i2o (sm, now, s0, b0, thread_index);
break;
case NAT_PROTOCOL_UDP:
vlib_increment_simple_counter (&sm->counters.fastpath.in2out.udp,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
break;
case NAT_PROTOCOL_ICMP:
vlib_increment_simple_counter (&sm->counters.fastpath.in2out.icmp,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
break;
case NAT_PROTOCOL_OTHER:
vlib_increment_simple_counter (&sm->counters.fastpath.in2out.other,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
break;
}
{
nat_in2out_ed_trace_t *t =
vlib_add_trace (vm, node, b0, sizeof (*t));
- t->sw_if_index = sw_if_index0;
+ t->sw_if_index = rx_sw_if_index0;
t->next_index = next[0];
t->is_slow_path = 0;
t->translation_error = translation_error;
if (next[0] == NAT_NEXT_DROP)
{
vlib_increment_simple_counter (&sm->counters.fastpath.in2out.drops,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
}
n_left_from--;
while (n_left_from > 0)
{
vlib_buffer_t *b0;
- u32 sw_if_index0, rx_fib_index0, iph_offset0 = 0;
+ u32 rx_sw_if_index0, rx_fib_index0, iph_offset0 = 0;
+ u32 tx_sw_if_index0;
+ u32 cntr_sw_if_index0;
nat_protocol_t proto0;
ip4_header_t *ip0;
udp_header_t *udp0;
ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) +
iph_offset0);
- sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- rx_fib_index0 =
- fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0);
+ rx_sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
+ tx_sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_TX];
+ cntr_sw_if_index0 =
+ is_output_feature ? tx_sw_if_index0 : rx_sw_if_index0;
+ rx_fib_index0 = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
+ rx_sw_if_index0);
if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1))
{
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat_ed_session_delete (sm, s0, thread_index, 1);
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
vlib_increment_simple_counter (&sm->counters.slowpath.in2out.other,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
goto trace0;
}
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
{
next[0] = icmp_in2out_ed_slow_path (
- sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next[0],
- now, thread_index, proto0, &s0, is_multi_worker);
+ sm, b0, ip0, icmp0, rx_sw_if_index0, rx_fib_index0, node, next[0],
+ now, thread_index, &s0, is_multi_worker);
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat_ed_session_delete (sm, s0, thread_index, 1);
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
vlib_increment_simple_counter (&sm->counters.slowpath.in2out.icmp,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
goto trace0;
}
if (PREDICT_FALSE (nat44_ed_not_translate_output_feature (
sm, b0, ip0, vnet_buffer (b0)->ip.reass.l4_src_port,
vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index,
- sw_if_index0, vnet_buffer (b0)->sw_if_index[VLIB_TX], now,
- is_multi_worker)))
+ rx_sw_if_index0, tx_sw_if_index0, now, is_multi_worker)))
goto trace0;
/*
}
else
{
- if (PREDICT_FALSE (nat44_ed_not_translate (
- vm, sm, node, sw_if_index0, b0, ip0, proto0, rx_fib_index0,
- thread_index)))
+ if (PREDICT_FALSE (
+ nat44_ed_not_translate (vm, sm, node, rx_sw_if_index0, b0,
+ ip0, proto0, rx_fib_index0)))
goto trace0;
}
b0->flags |= VNET_BUFFER_F_IS_NATED;
if (NAT_ED_TRNSL_ERR_SUCCESS !=
- (translation_error = nat_6t_flow_buf_translate (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ (translation_error = nat_6t_flow_buf_translate_i2o (
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
- s0 = NULL;
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
{
vlib_increment_simple_counter (&sm->counters.slowpath.in2out.tcp,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
nat44_set_tcp_session_state_i2o (sm, now, s0, b0, thread_index);
}
else
{
vlib_increment_simple_counter (&sm->counters.slowpath.in2out.udp,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
}
/* Accounting */
{
nat_in2out_ed_trace_t *t =
vlib_add_trace (vm, node, b0, sizeof (*t));
- t->sw_if_index = sw_if_index0;
+ t->sw_if_index = rx_sw_if_index0;
t->next_index = next[0];
t->is_slow_path = 1;
t->translation_error = translation_error;
if (next[0] == NAT_NEXT_DROP)
{
vlib_increment_simple_counter (&sm->counters.slowpath.in2out.drops,
- thread_index, sw_if_index0, 1);
+ thread_index, cntr_sw_if_index0, 1);
}
n_left_from--;
Code Review / vpp.git / blobdiff