Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
MAP: Convert from DPO to input feature.
[vpp.git] / src / plugins / nat / nat_inlines.h
diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h
index 4c79fd4..db5063c 100644 (file)
--- a/src/plugins/nat/nat_inlines.h
+++ b/src/plugins/nat/nat_inlines.h
@@ -19,6 +19,7 @@
 #ifndef __included_nat_inlines_h__
 #define __included_nat_inlines_h__
 
+#include <vnet/fib/ip4_fib.h>
 #include <nat/nat.h>
 
 always_inline u32
@@ -158,6 +159,8 @@ nat44_delete_user_with_no_session (snat_main_t * sm, snat_user_t * u,
       pool_put_index (tsm->list_pool, u->sessions_per_user_list_head_index);
       pool_put (tsm->users, u);
       clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 0);
+      vlib_set_simple_counter (&sm->total_users, thread_index, 0,
+                              pool_elts (tsm->users));
     }
 }
 
@@ -176,6 +179,8 @@ nat44_delete_session (snat_main_t * sm, snat_session_t * ses,
   clib_dlist_remove (tsm->list_pool, ses->per_user_index);
   pool_put_index (tsm->list_pool, ses->per_user_index);
   pool_put (tsm->sessions, ses);
+  vlib_set_simple_counter (&sm->total_sessions, thread_index, 0,
+                          pool_elts (tsm->sessions));
 
   u_key.addr = ses->in2out.addr;
   u_key.fib_index = ses->in2out.fib_index;
@@ -199,6 +204,10 @@ always_inline int
 nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses,
                                 tcp_header_t * tcp, u32 thread_index)
 {
+  if ((ses->state == 0) && (tcp->flags & TCP_FLAG_RST))
+    ses->state = NAT44_SES_RST;
+  if ((ses->state == NAT44_SES_RST) && !(tcp->flags & TCP_FLAG_RST))
+    ses->state = 0;
   if ((tcp->flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) &&
       (ses->state & NAT44_SES_O2I_SYN))
     ses->state = 0;
@@ -214,7 +223,8 @@ nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses,
       if (clib_net_to_host_u32 (tcp->ack_number) > ses->o2i_fin_seq)
        ses->state |= NAT44_SES_O2I_FIN_ACK;
     }
-  if (nat44_is_ses_closed (ses))
+  if (nat44_is_ses_closed (ses)
+      && !(ses->flags & SNAT_SESSION_FLAG_OUTPUT_FEATURE))
     {
       nat_log_debug ("TCP close connection %U", format_snat_session,
                     &sm->per_thread_data[thread_index], ses);
@@ -229,6 +239,10 @@ always_inline int
 nat44_set_tcp_session_state_o2i (snat_main_t * sm, snat_session_t * ses,
                                 tcp_header_t * tcp, u32 thread_index)
 {
+  if ((ses->state == 0) && (tcp->flags & TCP_FLAG_RST))
+    ses->state = NAT44_SES_RST;
+  if ((ses->state == NAT44_SES_RST) && !(tcp->flags & TCP_FLAG_RST))
+    ses->state = 0;
   if ((tcp->flags & TCP_FLAG_ACK) && (ses->state & NAT44_SES_I2O_SYN) &&
       (ses->state & NAT44_SES_O2I_SYN))
     ses->state = 0;
@@ -370,13 +384,85 @@ mss_clamping (snat_main_t * sm, tcp_header_t * tcp, ip_csum_t * sum)
              *sum =
                ip_csum_update (*sum, mss, sm->mss_value_net, ip4_header_t,
                                length);
-             clib_memcpy (data + 2, &sm->mss_value_net, 2);
+             clib_memcpy_fast (data + 2, &sm->mss_value_net, 2);
            }
          return;
        }
     }
 }
 
+/**
+ * @brief Check if packet should be translated
+ *
+ * Packets aimed at outside interface and external address with active session
+ * should be translated.
+ *
+ * @param sm            NAT main
+ * @param rt            NAT runtime data
+ * @param sw_if_index0  index of the inside interface
+ * @param ip0           IPv4 header
+ * @param proto0        NAT protocol
+ * @param rx_fib_index0 RX FIB index
+ *
+ * @returns 0 if packet should be translated otherwise 1
+ */
+static inline int
+snat_not_translate_fast (snat_main_t * sm, vlib_node_runtime_t * node,
+                        u32 sw_if_index0, ip4_header_t * ip0, u32 proto0,
+                        u32 rx_fib_index0)
+{
+  if (sm->out2in_dpo)
+    return 0;
+
+  fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
+  nat_outside_fib_t *outside_fib;
+  fib_prefix_t pfx = {
+    .fp_proto = FIB_PROTOCOL_IP4,
+    .fp_len = 32,
+    .fp_addr = {
+               .ip4.as_u32 = ip0->dst_address.as_u32,
+               }
+    ,
+  };
+
+  /* Don't NAT packet aimed at the intfc address */
+  if (PREDICT_FALSE (is_interface_addr (sm, node, sw_if_index0,
+                                       ip0->dst_address.as_u32)))
+    return 1;
+
+  fei = fib_table_lookup (rx_fib_index0, &pfx);
+  if (FIB_NODE_INDEX_INVALID != fei)
+    {
+      u32 sw_if_index = fib_entry_get_resolving_interface (fei);
+      if (sw_if_index == ~0)
+       {
+         vec_foreach (outside_fib, sm->outside_fibs)
+         {
+           fei = fib_table_lookup (outside_fib->fib_index, &pfx);
+           if (FIB_NODE_INDEX_INVALID != fei)
+             {
+               sw_if_index = fib_entry_get_resolving_interface (fei);
+               if (sw_if_index != ~0)
+                 break;
+             }
+         }
+       }
+      if (sw_if_index == ~0)
+       return 1;
+
+      snat_interface_t *i;
+      pool_foreach (i, sm->interfaces, (
+                                        {
+                                        /* NAT packet aimed at outside interface */
+                                        if ((nat_interface_is_outside (i))
+                                            && (sw_if_index ==
+                                                i->sw_if_index)) return 0;}
+                   ));
+    }
+
+  return 1;
+}
+
 #endif /* __included_nat_inlines_h__ */
 
 /*
Vector Packet Processing