return s;
}
-vlib_node_registration_t nat66_in2out_node;
-
#define foreach_nat66_in2out_error \
_(IN2OUT_PACKETS, "good in2out packets processed") \
_(NO_TRANSLATION, "no translation") \
NAT66_IN2OUT_N_NEXT,
} nat66_in2out_next_t;
-static inline uword
-nat66_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
- vlib_frame_t * frame)
+static inline u8
+nat66_not_translate (u32 rx_fib_index, ip6_address_t ip6_addr)
+{
+ nat66_main_t *nm = &nat66_main;
+ u32 sw_if_index;
+ snat_interface_t *i;
+ fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
+ fib_prefix_t pfx = {
+ .fp_proto = FIB_PROTOCOL_IP6,
+ .fp_len = 128,
+ .fp_addr = {
+ .ip6 = ip6_addr,
+ },
+ };
+
+ fei = fib_table_lookup (rx_fib_index, &pfx);
+ if (FIB_NODE_INDEX_INVALID == fei)
+ return 1;
+ sw_if_index = fib_entry_get_resolving_interface (fei);
+
+ if (sw_if_index == ~0)
+ {
+ fei = fib_table_lookup (nm->outside_fib_index, &pfx);
+ if (FIB_NODE_INDEX_INVALID == fei)
+ return 1;
+ sw_if_index = fib_entry_get_resolving_interface (fei);
+ }
+
+ /* *INDENT-OFF* */
+ pool_foreach (i, nm->interfaces,
+ ({
+ /* NAT packet aimed at outside interface */
+ if (nat_interface_is_outside (i) && sw_if_index == i->sw_if_index)
+ return 0;
+ }));
+ /* *INDENT-ON* */
+
+ return 1;
+}
+
+VLIB_NODE_FN (nat66_in2out_node) (vlib_main_t * vm,
+ vlib_node_runtime_t * node,
+ vlib_frame_t * frame)
{
u32 n_left_from, *from, *to_next;
nat66_in2out_next_t next_index;
u32 pkts_processed = 0;
- u32 thread_index = vlib_get_thread_index ();
+ u32 thread_index = vm->thread_index;
nat66_main_t *nm = &nat66_main;
from = vlib_frame_vector_args (frame);
if (PREDICT_FALSE
(ip6_parse
- (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
+ (vm, b0, ip60, b0->current_length, &l4_protocol0, &l4_offset0,
&frag_offset0)))
{
next0 = NAT66_IN2OUT_NEXT_DROP;
fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6,
sw_if_index0);
+ if (nat66_not_translate (fib_index0, ip60->dst_address))
+ goto trace0;
+
sm0 = nat66_static_mapping_get (&ip60->src_address, fib_index0, 1);
if (PREDICT_FALSE (!sm0))
{
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
- vlib_node_increment_counter (vm, nat66_in2out_node.index,
+ vlib_node_increment_counter (vm, nm->in2out_node_index,
NAT66_IN2OUT_ERROR_IN2OUT_PACKETS,
pkts_processed);
return frame->n_vectors;
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (nat66_in2out_node) = {
- .function = nat66_in2out_node_fn,
.name = "nat66-in2out",
.vector_size = sizeof (u32),
.format_trace = format_nat66_in2out_trace,
};
/* *INDENT-ON* */
-VLIB_NODE_FUNCTION_MULTIARCH (nat66_in2out_node, nat66_in2out_node_fn);
-
/*
* fd.io coding-style-patch-verification: ON
*