#include <nat/nat64.h>
#include <nat/nat64_db.h>
-#include <nat/nat_reass.h>
+#include <nat/nat_inlines.h>
#include <vnet/fib/ip4_fib.h>
#include <vppinfra/crc32.h>
+#include <vnet/ip/reass/ip4_sv_reass.h>
+#include <vnet/ip/reass/ip6_sv_reass.h>
nat64_main_t nat64_main;
.arc_name = "ip6-unicast",
.node_name = "nat64-in2out",
.runs_before = VNET_FEATURES ("ip6-lookup"),
+ .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
};
VNET_FEATURE_INIT (nat64_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat64-out2in",
.runs_before = VNET_FEATURES ("ip4-lookup"),
+ .runs_after = VNET_FEATURES ("ip4-sv-reassembly-feature"),
};
VNET_FEATURE_INIT (nat64_in2out_handoff, static) = {
.arc_name = "ip6-unicast",
.node_name = "nat64-in2out-handoff",
.runs_before = VNET_FEATURES ("ip6-lookup"),
+ .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
};
VNET_FEATURE_INIT (nat64_out2in_handoff, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat64-out2in-handoff",
.runs_before = VNET_FEATURES ("ip4-lookup"),
+ .runs_after = VNET_FEATURES ("ip4-sv-reassembly-feature"),
};
if (nm->addr_pool[j].addr.as_u32 == address->as_u32)
return;
- (void) nat64_add_del_pool_addr (address, ~0, 1);
+ (void) nat64_add_del_pool_addr (vlib_get_thread_index (),
+ address, ~0, 1);
return;
}
else
{
- (void) nat64_add_del_pool_addr (address, ~0, 0);
+ (void) nat64_add_del_pool_addr (vlib_get_thread_index (),
+ address, ~0, 0);
return;
}
}
}
u32
-nat64_get_worker_out2in (ip4_header_t * ip)
+nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip)
{
nat64_main_t *nm = &nat64_main;
snat_main_t *sm = nm->sm;
u16 port;
u32 proto;
- proto = ip_proto_to_snat_proto (ip->protocol);
+ proto = ip_proto_to_nat_proto (ip->protocol);
udp = ip4_next_header (ip);
port = udp->dst_port;
- /* fragments */
- if (PREDICT_FALSE (ip4_is_fragment (ip)))
- {
- if (PREDICT_FALSE (nat_reass_is_drop_frag (0)))
- return vlib_get_thread_index ();
-
- if (PREDICT_TRUE (!ip4_is_first_fragment (ip)))
- {
- nat_reass_ip4_t *reass;
-
- reass = nat_ip4_reass_find (ip->src_address, ip->dst_address,
- ip->fragment_id, ip->protocol);
-
- if (reass && (reass->thread_index != (u32) ~ 0))
- return reass->thread_index;
- else
- return vlib_get_thread_index ();
- }
- }
-
/* unknown protocol */
- if (PREDICT_FALSE (proto == ~0))
+ if (PREDICT_FALSE (proto == NAT_PROTOCOL_OTHER))
{
nat64_db_t *db;
ip46_address_t daddr;
nat64_db_bib_entry_t *bibe;
- memset (&daddr, 0, sizeof (daddr));
+ clib_memset (&daddr, 0, sizeof (daddr));
daddr.ip4.as_u32 = ip->dst_address.as_u32;
/* *INDENT-OFF* */
{
icmp46_header_t *icmp = (icmp46_header_t *) udp;
icmp_echo_header_t *echo = (icmp_echo_header_t *) (icmp + 1);
- if (!icmp_is_error_message (icmp))
- port = echo->identifier;
+ if (!icmp_type_is_error_message
+ (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
+ port = vnet_buffer (b)->ip.reass.l4_src_port;
else
{
+ /* if error message, then it's not fragmented and we can access it */
ip4_header_t *inner_ip = (ip4_header_t *) (echo + 1);
- proto = ip_proto_to_snat_proto (inner_ip->protocol);
+ proto = ip_proto_to_nat_proto (inner_ip->protocol);
void *l4_header = ip4_next_header (inner_ip);
switch (proto)
{
- case SNAT_PROTOCOL_ICMP:
+ case NAT_PROTOCOL_ICMP:
icmp = (icmp46_header_t *) l4_header;
echo = (icmp_echo_header_t *) (icmp + 1);
port = echo->identifier;
break;
- case SNAT_PROTOCOL_UDP:
- case SNAT_PROTOCOL_TCP:
+ case NAT_PROTOCOL_UDP:
+ case NAT_PROTOCOL_TCP:
port = ((tcp_udp_header_t *) l4_header)->src_port;
break;
default:
vlib_thread_main_t *tm = vlib_get_thread_main ();
ip4_add_del_interface_address_callback_t cb4;
ip4_main_t *im = &ip4_main;
- vlib_node_t *error_drop_node =
- vlib_get_node_by_name (vm, (u8 *) "error-drop");
+ nm->sm = &snat_main;
+ vlib_node_t *node;
vec_validate (nm->db, tm->n_vlib_mains - 1);
- nm->sm = &snat_main;
-
nm->fq_in2out_index = ~0;
nm->fq_out2in_index = ~0;
- nm->error_node_index = error_drop_node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "error-drop");
+ nm->error_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out");
+ nm->in2out_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out-slowpath");
+ nm->in2out_slowpath_node_index = node->index;
+
+ node = vlib_get_node_by_name (vm, (u8 *) "nat64-out2in");
+ nm->out2in_node_index = node->index;
/* set session timeouts to default values */
nm->udp_timeout = SNAT_UDP_TIMEOUT;
nm->icmp_timeout = SNAT_ICMP_TIMEOUT;
nm->tcp_trans_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
nm->tcp_est_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
- nm->tcp_incoming_syn_timeout = SNAT_TCP_INCOMING_SYN;
+
+ nm->total_enabled_count = 0;
/* Set up the interface address add/del callback */
cb4.function = nat64_ip4_add_del_interface_address_cb;
vec_add1 (im->add_del_interface_address_callbacks, cb4);
nm->ip4_main = im;
+ /* Init counters */
+ nm->total_bibs.name = "total-bibs";
+ nm->total_bibs.stat_segment_name = "/nat64/total-bibs";
+ vlib_validate_simple_counter (&nm->total_bibs, 0);
+ vlib_zero_simple_counter (&nm->total_bibs, 0);
+ nm->total_sessions.name = "total-sessions";
+ nm->total_sessions.stat_segment_name = "/nat64/total-sessions";
+ vlib_validate_simple_counter (&nm->total_sessions, 0);
+ vlib_zero_simple_counter (&nm->total_sessions, 0);
+
return 0;
}
u8 protocol);
void
-nat64_set_hash (u32 bib_buckets, u32 bib_memory_size, u32 st_buckets,
- u32 st_memory_size)
+nat64_set_hash (u32 bib_buckets, uword bib_memory_size, u32 st_buckets,
+ uword st_memory_size)
{
nat64_main_t *nm = &nat64_main;
nat64_db_t *db;
{
if (nat64_db_init (db, bib_buckets, bib_memory_size, st_buckets,
st_memory_size, nat64_free_out_addr_and_port))
- clib_warning ("NAT64 DB init failed");
+ nat_elog_err ("NAT64 DB init failed");
}
/* *INDENT-ON* */
}
int
-nat64_add_del_pool_addr (ip4_address_t * addr, u32 vrf_id, u8 is_add)
+nat64_add_del_pool_addr (u32 thread_index,
+ ip4_address_t * addr, u32 vrf_id, u8 is_add)
{
nat64_main_t *nm = &nat64_main;
snat_address_t *a = 0;
if (vrf_id != ~0)
a->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
#define _(N, id, n, s) \
- clib_bitmap_alloc (a->busy_##n##_port_bitmap, 65535); \
+ clib_memset (a->busy_##n##_port_refcounts, 0, sizeof(a->busy_##n##_port_refcounts)); \
a->busy_##n##_ports = 0; \
vec_validate_init_empty (a->busy_##n##_ports_per_thread, tm->n_vlib_mains - 1, 0);
- foreach_snat_protocol
+ foreach_nat_protocol
#undef _
}
else
return VNET_API_ERROR_NO_SUCH_ENTRY;
if (a->fib_index != ~0)
- fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6,
- FIB_SOURCE_PLUGIN_HI);
+ fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6, nat_fib_src_hi);
/* Delete sessions using address */
/* *INDENT-OFF* */
vec_foreach (db, nm->db)
- nat64_db_free_out_addr (db, &a->addr);
-#define _(N, id, n, s) \
- clib_bitmap_free (a->busy_##n##_port_bitmap);
- foreach_snat_protocol
-#undef _
+ {
+ nat64_db_free_out_addr (thread_index, db, &a->addr);
+ vlib_set_simple_counter (&nm->total_bibs, db - nm->db, 0,
+ db->bib.bib_entries_num);
+ vlib_set_simple_counter (&nm->total_sessions, db - nm->db, 0,
+ db->st.st_entries_num);
+ }
/* *INDENT-ON* */
vec_del1 (nm->addr_pool, i);
}
{
/* if have address remove it */
if (first_int_addr)
- (void) nat64_add_del_pool_addr (first_int_addr, ~0, 0);
-
+ (void) nat64_add_del_pool_addr (vlib_get_thread_index (),
+ first_int_addr, ~0, 0);
vec_del1 (nm->auto_add_sw_if_indices, i);
return 0;
}
/* If the address is already bound - or static - add it now */
if (first_int_addr)
- (void) nat64_add_del_pool_addr (first_int_addr, ~0, 1);
+ (void) nat64_add_del_pool_addr (vlib_get_thread_index (),
+ first_int_addr, ~0, 1);
return 0;
}
int
nat64_add_del_interface (u32 sw_if_index, u8 is_inside, u8 is_add)
{
+ vlib_main_t *vm = vlib_get_main ();
nat64_main_t *nm = &nat64_main;
snat_interface_t *interface = 0, *i;
snat_address_t *ap;
interface->flags |= NAT_INTERFACE_FLAG_IS_INSIDE;
else
interface->flags |= NAT_INTERFACE_FLAG_IS_OUTSIDE;
+
+ nm->total_enabled_count++;
+ vlib_process_signal_event (vm,
+ nm->nat64_expire_walk_node_index,
+ NAT64_CLEANER_RESCHEDULE, 0);
+
}
else
{
~NAT_INTERFACE_FLAG_IS_OUTSIDE;
else
pool_put (nm->interfaces, interface);
+
+ nm->total_enabled_count--;
}
if (!is_inside)
arc_name = is_inside ? "ip6-unicast" : "ip4-unicast";
+ if (is_inside)
+ {
+ int rv = ip6_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add);
+ if (rv)
+ return rv;
+ }
+ else
+ {
+ int rv = ip4_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add);
+ if (rv)
+ return rv;
+ }
+
return vnet_feature_enable_disable (arc_name, feature_name, sw_if_index,
is_add, 0, 0);
}
}
int
-nat64_alloc_out_addr_and_port (u32 fib_index, snat_protocol_t proto,
+nat64_alloc_out_addr_and_port (u32 fib_index, nat_protocol_t proto,
ip4_address_t * addr, u16 * port,
u32 thread_index)
{
nat64_main_t *nm = &nat64_main;
snat_main_t *sm = nm->sm;
- snat_session_key_t k;
- u32 ai;
u32 worker_index = 0;
int rv;
- k.protocol = proto;
-
if (sm->num_workers > 1)
worker_index = thread_index - sm->first_worker_index;
rv =
- sm->alloc_addr_and_port (nm->addr_pool, fib_index, thread_index, &k, &ai,
- sm->port_per_thread, worker_index);
-
- if (!rv)
- {
- *port = k.port;
- addr->as_u32 = k.addr.as_u32;
- }
+ sm->alloc_addr_and_port (nm->addr_pool, fib_index, thread_index,
+ proto, addr, port, sm->port_per_thread,
+ worker_index);
return rv;
}
int i;
snat_address_t *a;
u32 thread_index = db - nm->db;
- snat_protocol_t proto = ip_proto_to_snat_proto (protocol);
+ nat_protocol_t proto = ip_proto_to_nat_proto (protocol);
u16 port_host_byte_order = clib_net_to_host_u16 (port);
for (i = 0; i < vec_len (nm->addr_pool); i++)
switch (proto)
{
#define _(N, j, n, s) \
- case SNAT_PROTOCOL_##N: \
- ASSERT (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \
- port_host_byte_order) == 1); \
- clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, port, 0); \
+ case NAT_PROTOCOL_##N: \
+ ASSERT (a->busy_##n##_port_refcounts[port_host_byte_order] >= 1); \
+ --a->busy_##n##_port_refcounts[port_host_byte_order]; \
a->busy_##n##_ports--; \
a->busy_##n##_ports_per_thread[thread_index]--; \
break;
- foreach_snat_protocol
+ foreach_nat_protocol
#undef _
default:
- clib_warning ("unknown protocol");
+ nat_elog_notice ("unknown protocol");
return;
}
break;
vlib_frame_t * f)
{
nat64_main_t *nm = &nat64_main;
- u32 thread_index = vlib_get_thread_index ();
+ u32 thread_index = vm->thread_index;
nat64_db_t *db = &nm->db[thread_index];
nat64_static_bib_to_update_t *static_bib;
nat64_db_bib_entry_t *bibe;
continue;
if (static_bib->is_add)
- (void) nat64_db_bib_entry_create (db, &static_bib->in_addr,
- &static_bib->out_addr,
- static_bib->in_port,
- static_bib->out_port,
- static_bib->fib_index,
- static_bib->proto, 1);
+ {
+ (void) nat64_db_bib_entry_create (thread_index, db,
+ &static_bib->in_addr,
+ &static_bib->out_addr,
+ static_bib->in_port,
+ static_bib->out_port,
+ static_bib->fib_index,
+ static_bib->proto, 1);
+ vlib_set_simple_counter (&nm->total_bibs, thread_index, 0,
+ db->bib.bib_entries_num);
+ }
else
{
addr.as_u64[0] = static_bib->in_addr.as_u64[0];
static_bib->proto,
static_bib->fib_index, 1);
if (bibe)
- nat64_db_bib_entry_free (db, bibe);
+ {
+ nat64_db_bib_entry_free (thread_index, db, bibe);
+ vlib_set_simple_counter (&nm->total_bibs, thread_index, 0,
+ db->bib.bib_entries_num);
+ vlib_set_simple_counter (&nm->total_sessions, thread_index, 0,
+ db->st.st_entries_num);
+ }
}
static_bib->done = 1;
nat64_main_t *nm = &nat64_main;
nat64_db_bib_entry_t *bibe;
u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
- snat_protocol_t p = ip_proto_to_snat_proto (proto);
+ nat_fib_src_hi);
+ nat_protocol_t p = ip_proto_to_nat_proto (proto);
ip46_address_t addr;
int i;
snat_address_t *a;
switch (p)
{
#define _(N, j, n, s) \
- case SNAT_PROTOCOL_##N: \
- if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \
- out_port)) \
+ case NAT_PROTOCOL_##N: \
+ if (a->busy_##n##_port_refcounts[out_port]) \
return VNET_API_ERROR_INVALID_VALUE; \
- clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, \
- out_port, 1); \
+ ++a->busy_##n##_port_refcounts[out_port]; \
if (out_port > 1024) \
{ \
a->busy_##n##_ports++; \
a->busy_##n##_ports_per_thread[thread_index]++; \
} \
break;
- foreach_snat_protocol
+ foreach_nat_protocol
#undef _
default:
- memset (&addr, 0, sizeof (addr));
+ clib_memset (&addr, 0, sizeof (addr));
addr.ip4.as_u32 = out_addr->as_u32;
if (nat64_db_bib_entry_find (db, &addr, 0, proto, fib_index, 0))
return VNET_API_ERROR_INVALID_VALUE;
if (!nm->sm->num_workers)
{
bibe =
- nat64_db_bib_entry_create (db, in_addr, out_addr,
+ nat64_db_bib_entry_create (thread_index, db, in_addr, out_addr,
clib_host_to_net_u16 (in_port),
clib_host_to_net_u16 (out_port),
fib_index, proto, 1);
if (!bibe)
return VNET_API_ERROR_UNSPECIFIED;
+
+ vlib_set_simple_counter (&nm->total_bibs, thread_index, 0,
+ db->bib.bib_entries_num);
}
}
else
return VNET_API_ERROR_NO_SUCH_ENTRY;
if (!nm->sm->num_workers)
- nat64_db_bib_entry_free (db, bibe);
+ {
+ nat64_db_bib_entry_free (thread_index, db, bibe);
+ vlib_set_simple_counter (&nm->total_bibs, thread_index, 0,
+ db->bib.bib_entries_num);
+ }
}
if (nm->sm->num_workers)
if (timeout == 0)
nm->udp_timeout = SNAT_UDP_TIMEOUT;
- else if (timeout < SNAT_UDP_TIMEOUT_MIN)
- return VNET_API_ERROR_INVALID_VALUE;
else
nm->udp_timeout = timeout;
}
int
-nat64_set_tcp_timeouts (u32 trans, u32 est, u32 incoming_syn)
+nat64_set_tcp_timeouts (u32 trans, u32 est)
{
nat64_main_t *nm = &nat64_main;
else
nm->tcp_est_timeout = est;
- if (incoming_syn == 0)
- nm->tcp_incoming_syn_timeout = SNAT_TCP_INCOMING_SYN;
- else
- nm->tcp_incoming_syn_timeout = incoming_syn;
-
return 0;
}
return nm->tcp_est_timeout;
}
-u32
-nat64_get_tcp_incoming_syn_timeout (void)
-{
- nat64_main_t *nm = &nat64_main;
-
- return nm->tcp_incoming_syn_timeout;
-}
-
void
nat64_session_reset_timeout (nat64_db_st_entry_t * ste, vlib_main_t * vm)
{
nat64_main_t *nm = &nat64_main;
u32 now = (u32) vlib_time_now (vm);
- switch (ip_proto_to_snat_proto (ste->proto))
+ switch (ip_proto_to_nat_proto (ste->proto))
{
- case SNAT_PROTOCOL_ICMP:
+ case NAT_PROTOCOL_ICMP:
ste->expire = now + nm->icmp_timeout;
return;
- case SNAT_PROTOCOL_TCP:
+ case NAT_PROTOCOL_TCP:
{
switch (ste->tcp_state)
{
return;
}
}
- case SNAT_PROTOCOL_UDP:
+ case NAT_PROTOCOL_UDP:
ste->expire = now + nm->udp_timeout;
return;
default:
vec_add2 (nm->pref64, p, 1);
p->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
p->vrf_id = vrf_id;
}
if (prefix)
{
- clib_memcpy (ip6, &p->prefix, sizeof (ip6_address_t));
+ clib_memcpy_fast (ip6, &p->prefix, sizeof (ip6_address_t));
switch (p->plen)
{
case 32:
ip6->as_u32[3] = ip4->as_u32;
break;
default:
- clib_warning ("invalid prefix length");
+ nat_elog_notice ("invalid prefix length");
break;
}
}
else
{
- clib_memcpy (ip6, well_known_prefix, sizeof (ip6_address_t));
+ clib_memcpy_fast (ip6, well_known_prefix, sizeof (ip6_address_t));
ip6->as_u32[3] = ip4->as_u32;
}
}
ip4->as_u32 = ip6->as_u32[3];
break;
default:
- clib_warning ("invalid prefix length");
+ nat_elog_notice ("invalid prefix length");
break;
}
}
vlib_frame_t * f)
{
nat64_main_t *nm = &nat64_main;
- u32 thread_index = vlib_get_thread_index ();
+ u32 thread_index = vm->thread_index;
nat64_db_t *db = &nm->db[thread_index];
u32 now = (u32) vlib_time_now (vm);
- nad64_db_st_free_expired (db, now);
+ nad64_db_st_free_expired (thread_index, db, now);
+ vlib_set_simple_counter (&nm->total_bibs, thread_index, 0,
+ db->bib.bib_entries_num);
+ vlib_set_simple_counter (&nm->total_sessions, thread_index, 0,
+ db->st.st_entries_num);
return 0;
}
};
/* *INDENT-ON* */
+static vlib_node_registration_t nat64_expire_walk_node;
+
/**
* @brief Centralized process to drive per worker expire walk.
*/
nat64_expire_walk_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
vlib_frame_t * f)
{
+ nat64_main_t *nm = &nat64_main;
vlib_main_t **worker_vms = 0, *worker_vm;
int i;
+ uword event_type, *event_data = 0;
+
+ nm->nat64_expire_walk_node_index = nat64_expire_walk_node.index;
if (vec_len (vlib_mains) == 0)
vec_add1 (worker_vms, vm);
while (1)
{
- vlib_process_wait_for_event_or_clock (vm, 10.0);
- vlib_process_get_events (vm, NULL);
+ if (nm->total_enabled_count)
+ {
+ vlib_process_wait_for_event_or_clock (vm, 10.0);
+ event_type = vlib_process_get_events (vm, &event_data);
+ }
+ else
+ {
+ vlib_process_wait_for_event (vm);
+ event_type = vlib_process_get_events (vm, &event_data);
+ }
+
+ switch (event_type)
+ {
+ case ~0:
+ break;
+ case NAT64_CLEANER_RESCHEDULE:
+ break;
+ default:
+ nat_elog_notice_X1 ("unknown event %d", "i4", event_type);
+ break;
+ }
+
for (i = 0; i < vec_len (worker_vms); i++)
{
worker_vm = worker_vms[i];
return 0;
}
-static vlib_node_registration_t nat64_expire_walk_node;
-
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (nat64_expire_walk_node, static) = {
.function = nat64_expire_walk_fn,