nat: use SVR

[vpp.git] / src / plugins / nat / nat66_in2out.c

diff --git a/src/plugins/nat/nat66_in2out.c b/src/plugins/nat/nat66_in2out.c
index 1ec4da7..437d665 100644 (file)
--- a/src/plugins/nat/nat66_in2out.c
+++ b/src/plugins/nat/nat66_in2out.c
@@ -41,8 +41,6 @@ format_nat66_in2out_trace (u8 * s, va_list * args)
   return s;
 }
 
-vlib_node_registration_t nat66_in2out_node;
-
 #define foreach_nat66_in2out_error                       \
 _(IN2OUT_PACKETS, "good in2out packets processed")       \
 _(NO_TRANSLATION, "no translation")                      \
@@ -69,14 +67,54 @@ typedef enum
   NAT66_IN2OUT_N_NEXT,
 } nat66_in2out_next_t;
 
-static inline uword
-nat66_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
-                     vlib_frame_t * frame)
+static inline u8
+nat66_not_translate (u32 rx_fib_index, ip6_address_t ip6_addr)
+{
+  nat66_main_t *nm = &nat66_main;
+  u32 sw_if_index;
+  snat_interface_t *i;
+  fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
+  fib_prefix_t pfx = {
+    .fp_proto = FIB_PROTOCOL_IP6,
+    .fp_len = 128,
+    .fp_addr = {
+               .ip6 = ip6_addr,
+               },
+  };
+
+  fei = fib_table_lookup (rx_fib_index, &pfx);
+  if (FIB_NODE_INDEX_INVALID == fei)
+    return 1;
+  sw_if_index = fib_entry_get_resolving_interface (fei);
+
+  if (sw_if_index == ~0)
+    {
+      fei = fib_table_lookup (nm->outside_fib_index, &pfx);
+      if (FIB_NODE_INDEX_INVALID == fei)
+       return 1;
+      sw_if_index = fib_entry_get_resolving_interface (fei);
+    }
+
+  /* *INDENT-OFF* */
+  pool_foreach (i, nm->interfaces,
+  ({
+    /* NAT packet aimed at outside interface */
+    if (nat_interface_is_outside (i) && sw_if_index == i->sw_if_index)
+      return 0;
+  }));
+  /* *INDENT-ON* */
+
+  return 1;
+}
+
+VLIB_NODE_FN (nat66_in2out_node) (vlib_main_t * vm,
+                                 vlib_node_runtime_t * node,
+                                 vlib_frame_t * frame)
 {
   u32 n_left_from, *from, *to_next;
   nat66_in2out_next_t next_index;
   u32 pkts_processed = 0;
-  u32 thread_index = vlib_get_thread_index ();
+  u32 thread_index = vm->thread_index;
   nat66_main_t *nm = &nat66_main;
 
   from = vlib_frame_vector_args (frame);
@@ -118,7 +156,7 @@ nat66_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
 
          if (PREDICT_FALSE
              (ip6_parse
-              (ip60, b0->current_length, &l4_protocol0, &l4_offset0,
+              (vm, b0, ip60, b0->current_length, &l4_protocol0, &l4_offset0,
                &frag_offset0)))
            {
              next0 = NAT66_IN2OUT_NEXT_DROP;
@@ -131,6 +169,9 @@ nat66_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
            fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP6,
                                                 sw_if_index0);
 
+         if (nat66_not_translate (fib_index0, ip60->dst_address))
+           goto trace0;
+
          sm0 = nat66_static_mapping_get (&ip60->src_address, fib_index0, 1);
          if (PREDICT_FALSE (!sm0))
            {
@@ -189,7 +230,7 @@ nat66_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
       vlib_put_next_frame (vm, node, next_index, n_left_to_next);
     }
 
-  vlib_node_increment_counter (vm, nat66_in2out_node.index,
+  vlib_node_increment_counter (vm, nm->in2out_node_index,
                               NAT66_IN2OUT_ERROR_IN2OUT_PACKETS,
                               pkts_processed);
   return frame->n_vectors;
@@ -197,7 +238,6 @@ nat66_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
 
 /* *INDENT-OFF* */
 VLIB_REGISTER_NODE (nat66_in2out_node) = {
-  .function = nat66_in2out_node_fn,
   .name = "nat66-in2out",
   .vector_size = sizeof (u32),
   .format_trace = format_nat66_in2out_trace,
@@ -213,8 +253,6 @@ VLIB_REGISTER_NODE (nat66_in2out_node) = {
 };
 /* *INDENT-ON* */
 
-VLIB_NODE_FUNCTION_MULTIARCH (nat66_in2out_node, nat66_in2out_node_fn);
-
 /*
  * fd.io coding-style-patch-verification: ON
  *