#include <vnet/fib/ip4_fib.h>
#include <nat/nat.h>
-#include <nat/nat_ha.h>
+//#include <nat/nat44-ei/nat44_ei_ha.h>
always_inline u64
calc_nat_key (ip4_address_t addr, u16 port, u32 fib_index, u8 proto)
ASSERT (fib_index <= (1 << 14) - 1);
ASSERT (proto <= (1 << 3) - 1);
return (u64) addr.as_u32 << 32 | (u64) port << 16 | fib_index << 3 |
- (proto & 0x7);
+ (proto & 0x7);
}
always_inline void
return 0;
}
-always_inline u8
-maximum_sessions_exceeded (snat_main_t * sm, u32 thread_index)
-{
- if (pool_elts (sm->per_thread_data[thread_index].sessions) >=
- sm->max_translations_per_thread)
- return 1;
-
- return 0;
-}
-
always_inline void
user_session_increment (snat_main_t * sm, snat_user_t * u, u8 is_static)
{
}
}
-/** \brief Set TCP session state.
- @return 1 if session was closed, otherwise 0
-*/
-always_inline int
+always_inline void
nat44_set_tcp_session_state_i2o (snat_main_t * sm, f64 now,
snat_session_t * ses, vlib_buffer_t * b,
u32 thread_index)
ses->state |= NAT44_SES_O2I_FIN_ACK;
if (nat44_is_ses_closed (ses))
{ // if session is now closed, save the timestamp
- ses->tcp_closed_timestamp = now + sm->tcp_transitory_timeout;
+ ses->tcp_closed_timestamp = now + sm->timeouts.tcp.transitory;
ses->last_lru_update = now;
}
}
}
clib_dlist_remove (tsm->lru_pool, ses->lru_index);
clib_dlist_addtail (tsm->lru_pool, ses->lru_head_index, ses->lru_index);
- return 0;
}
-always_inline int
+always_inline void
nat44_set_tcp_session_state_o2i (snat_main_t * sm, f64 now,
snat_session_t * ses, u8 tcp_flags,
u32 tcp_ack_number, u32 tcp_seq_number,
ses->state |= NAT44_SES_I2O_FIN_ACK;
if (nat44_is_ses_closed (ses))
{ // if session is now closed, save the timestamp
- ses->tcp_closed_timestamp = now + sm->tcp_transitory_timeout;
+ ses->tcp_closed_timestamp = now + sm->timeouts.tcp.transitory;
ses->last_lru_update = now;
}
}
}
clib_dlist_remove (tsm->lru_pool, ses->lru_index);
clib_dlist_addtail (tsm->lru_pool, ses->lru_head_index, ses->lru_index);
- return 0;
}
always_inline u32
switch (s->nat_proto)
{
case NAT_PROTOCOL_ICMP:
- return sm->icmp_timeout;
+ return sm->timeouts.icmp;
case NAT_PROTOCOL_UDP:
- return sm->udp_timeout;
+ return sm->timeouts.udp;
case NAT_PROTOCOL_TCP:
{
if (s->state)
- return sm->tcp_transitory_timeout;
+ return sm->timeouts.tcp.transitory;
else
- return sm->tcp_established_timeout;
+ return sm->timeouts.tcp.established;
}
default:
- return sm->udp_timeout;
+ return sm->timeouts.udp;
}
return 0;
s->last_heard = now;
s->total_pkts++;
s->total_bytes += bytes;
+#if 0
nat_ha_sref (&s->out2in.addr, s->out2in.port, &s->ext_host_addr,
s->ext_host_port, s->nat_proto, s->out2in.fib_index,
s->total_pkts, s->total_bytes, thread_index,
&s->ha_last_refreshed, now);
+#endif
}
/** \brief Per-user LRU list maintenance */
return value->value & ~(u32) 0;
}
-always_inline void
-split_ed_value (clib_bihash_kv_16_8_t * value, u32 * thread_index,
- u32 * session_index)
-{
- if (thread_index)
- {
- *thread_index = ed_value_get_thread_index (value);
- }
- if (session_index)
- {
- *session_index = ed_value_get_session_index (value);
- }
-}
-
always_inline void
split_ed_kv (clib_bihash_kv_16_8_t * kv,
ip4_address_t * l_addr, ip4_address_t * r_addr, u8 * proto,
}
static_always_inline int
-get_icmp_i2o_ed_key (vlib_buffer_t * b, ip4_header_t * ip0, u32 rx_fib_index,
- u32 thread_index, u32 session_index,
- nat_protocol_t * nat_proto, u16 * l_port, u16 * r_port,
- clib_bihash_kv_16_8_t * kv)
+nat_get_icmp_session_lookup_values (vlib_buffer_t *b, ip4_header_t *ip0,
+ ip4_address_t *lookup_saddr,
+ u16 *lookup_sport,
+ ip4_address_t *lookup_daddr,
+ u16 *lookup_dport, u8 *lookup_protocol)
{
- u8 proto;
- u16 _l_port, _r_port;
- ip4_address_t *l_addr, *r_addr;
-
icmp46_header_t *icmp0;
icmp_echo_header_t *echo0, *inner_echo0 = 0;
ip4_header_t *inner_ip0 = 0;
icmp0 = (icmp46_header_t *) ip4_next_header (ip0);
echo0 = (icmp_echo_header_t *) (icmp0 + 1);
- if (!icmp_type_is_error_message
- (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
- {
- proto = IP_PROTOCOL_ICMP;
- l_addr = &ip0->src_address;
- r_addr = &ip0->dst_address;
- _l_port = vnet_buffer (b)->ip.reass.l4_src_port;
- _r_port = 0;
- }
- else
- {
- inner_ip0 = (ip4_header_t *) (echo0 + 1);
- l4_header = ip4_next_header (inner_ip0);
- proto = inner_ip0->protocol;
- r_addr = &inner_ip0->src_address;
- l_addr = &inner_ip0->dst_address;
- switch (ip_proto_to_nat_proto (inner_ip0->protocol))
- {
- case NAT_PROTOCOL_ICMP:
- inner_icmp0 = (icmp46_header_t *) l4_header;
- inner_echo0 = (icmp_echo_header_t *) (inner_icmp0 + 1);
- _r_port = 0;
- _l_port = inner_echo0->identifier;
- break;
- case NAT_PROTOCOL_UDP:
- case NAT_PROTOCOL_TCP:
- _l_port = ((tcp_udp_header_t *) l4_header)->dst_port;
- _r_port = ((tcp_udp_header_t *) l4_header)->src_port;
- break;
- default:
- return NAT_IN2OUT_ED_ERROR_UNSUPPORTED_PROTOCOL;
- }
- }
- init_ed_kv (kv, *l_addr, _l_port, *r_addr, _r_port, rx_fib_index, proto,
- thread_index, session_index);
- if (nat_proto)
- {
- *nat_proto = ip_proto_to_nat_proto (proto);
- }
- if (l_port)
- {
- *l_port = _l_port;
- }
- if (r_port)
- {
- *r_port = _r_port;
- }
- return 0;
-}
-
-static_always_inline int
-get_icmp_o2i_ed_key (vlib_buffer_t * b, ip4_header_t * ip0, u32 rx_fib_index,
- u32 thread_index, u32 session_index,
- nat_protocol_t * nat_proto, u16 * l_port, u16 * r_port,
- clib_bihash_kv_16_8_t * kv)
-{
- icmp46_header_t *icmp0;
- u8 proto;
- ip4_address_t *l_addr, *r_addr;
- u16 _l_port, _r_port;
- icmp_echo_header_t *echo0, *inner_echo0 = 0;
- ip4_header_t *inner_ip0;
- void *l4_header = 0;
- icmp46_header_t *inner_icmp0;
-
- icmp0 = (icmp46_header_t *) ip4_next_header (ip0);
- echo0 = (icmp_echo_header_t *) (icmp0 + 1);
+ // avoid warning about unused variables in caller by setting to bogus values
+ *lookup_sport = 0;
+ *lookup_dport = 0;
if (!icmp_type_is_error_message
(vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
{
- proto = IP_PROTOCOL_ICMP;
- l_addr = &ip0->dst_address;
- r_addr = &ip0->src_address;
- _l_port = vnet_buffer (b)->ip.reass.l4_src_port;
- _r_port = 0;
+ *lookup_protocol = IP_PROTOCOL_ICMP;
+ lookup_saddr->as_u32 = ip0->src_address.as_u32;
+ *lookup_sport = vnet_buffer (b)->ip.reass.l4_src_port;
+ lookup_daddr->as_u32 = ip0->dst_address.as_u32;
+ *lookup_dport = vnet_buffer (b)->ip.reass.l4_dst_port;
}
else
{
inner_ip0 = (ip4_header_t *) (echo0 + 1);
l4_header = ip4_next_header (inner_ip0);
- proto = inner_ip0->protocol;
- l_addr = &inner_ip0->src_address;
- r_addr = &inner_ip0->dst_address;
+ *lookup_protocol = inner_ip0->protocol;
+ lookup_saddr->as_u32 = inner_ip0->dst_address.as_u32;
+ lookup_daddr->as_u32 = inner_ip0->src_address.as_u32;
switch (ip_proto_to_nat_proto (inner_ip0->protocol))
{
case NAT_PROTOCOL_ICMP:
inner_icmp0 = (icmp46_header_t *) l4_header;
inner_echo0 = (icmp_echo_header_t *) (inner_icmp0 + 1);
- _l_port = inner_echo0->identifier;
- _r_port = 0;
+ *lookup_sport = inner_echo0->identifier;
+ *lookup_dport = inner_echo0->identifier;
break;
case NAT_PROTOCOL_UDP:
case NAT_PROTOCOL_TCP:
- _l_port = ((tcp_udp_header_t *) l4_header)->src_port;
- _r_port = ((tcp_udp_header_t *) l4_header)->dst_port;
+ *lookup_sport = ((tcp_udp_header_t *) l4_header)->dst_port;
+ *lookup_dport = ((tcp_udp_header_t *) l4_header)->src_port;
break;
default:
- return -1;
+ return NAT_IN2OUT_ED_ERROR_UNSUPPORTED_PROTOCOL;
}
}
- init_ed_kv (kv, *l_addr, _l_port, *r_addr, _r_port, rx_fib_index, proto,
- thread_index, session_index);
- if (nat_proto)
- {
- *nat_proto = ip_proto_to_nat_proto (proto);
- }
- if (l_port)
- {
- *l_port = _l_port;
- }
- if (r_port)
- {
- *r_port = _r_port;
- }
return 0;
}
snat_interface_t *i;
/* *INDENT-OFF* */
- pool_foreach (i, sm->interfaces, ({
+ pool_foreach (i, sm->interfaces) {
/* NAT packet aimed at outside interface */
if ((nat_interface_is_outside (i)) && (sw_if_index == i->sw_if_index))
return 0;
- }));
+ }
/* *INDENT-ON* */
}