X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fin2out_ed.c;h=448e967b8ae3cfcda764a983ad6515a865e4fd23;hb=6484f4b9cbaf19062444cfe09b39ce1514dd146f;hp=7153a60353ad294a39f6fff1c5e16302f5906d4d;hpb=11fb09e38ffcbadc2629361377413f3ce12ec4da;p=vpp.git diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 7153a60353a..448e967b8ae 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -370,7 +370,7 @@ slow_path_ed (snat_main_t * sm, /* First try to match static mapping by local address and port */ if (snat_static_mapping_match (sm, l_addr, l_port, rx_fib_index, nat_proto, &sm_addr, &sm_port, - &sm_fib_index, 0, 0, 0, &lb, 0, &identity_nat)) + &sm_fib_index, 0, 0, 0, &lb, 0, &identity_nat, 0)) { s = nat_ed_session_alloc (sm, thread_index, now, proto); ASSERT (s); @@ -488,6 +488,8 @@ slow_path_ed (snat_main_t * sm, &s->ext_host_nat_addr, s->ext_host_nat_port, s->nat_proto, s->in2out.fib_index, s->flags, thread_index, 0); + per_vrf_sessions_register_session (s, thread_index); + return next; } @@ -512,7 +514,7 @@ nat44_ed_not_translate (snat_main_t * sm, vlib_node_runtime_t * node, if (!snat_static_mapping_match (sm, ip->dst_address, udp->dst_port, sm->outside_fib_index, proto, &placeholder_addr, &placeholder_port, &placeholder_fib_index, 1, 0, - 0, 0, 0, 0)) + 0, 0, 0, 0, 0)) return 0; } else @@ -886,6 +888,8 @@ nat44_ed_in2out_unknown_proto (snat_main_t * sm, s - tsm->sessions); if (clib_bihash_add_del_16_8 (&sm->out2in_ed, &s_kv, 1)) nat_elog_notice ("out2in key add failed"); + + per_vrf_sessions_register_session (s, thread_index); } /* Update IP checksum */ @@ -915,18 +919,13 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, vlib_frame_t * frame, int is_output_feature) { - u32 n_left_from, *from, pkts_processed = 0, stats_node_index; + u32 n_left_from, *from; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = - 0, def_slow; - - def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH : - NAT_NEXT_IN2OUT_ED_SLOW_PATH; - - stats_node_index = sm->ed_in2out_node_index; + u32 def_slow = is_output_feature ? NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH + : NAT_NEXT_IN2OUT_ED_SLOW_PATH; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -1029,11 +1028,20 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, pool_elt_at_index (tsm->sessions, ed_value_get_session_index (&value0)); + if (PREDICT_FALSE (per_vrf_sessions_is_expired (s0, thread_index))) + { + // session is closed, go slow path + nat_free_session_data (sm, s0, thread_index, 0); + nat_ed_session_delete (sm, s0, thread_index, 1); + next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH; + goto trace0; + } + if (s0->tcp_closed_timestamp) { if (now >= s0->tcp_closed_timestamp) { - // session is closed, go slow path + // session is closed, go slow path, freed in slow path next[0] = def_slow; } else @@ -1106,7 +1114,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.in2out_ed.tcp, + thread_index, sw_if_index0, 1); if (nat44_set_tcp_session_state_i2o (sm, now, s0, b0, thread_index)) goto trace0; } @@ -1133,7 +1142,8 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } udp0->checksum = ip_csum_fold (sum0); - udp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath.in2out_ed.udp, + thread_index, sw_if_index0, 1); } else { @@ -1145,7 +1155,9 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, udp0->dst_port = s0->ext_host_port; ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.fastpath. + in2out_ed.udp, thread_index, + sw_if_index0, 1); } } @@ -1173,7 +1185,12 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, t->session_index = ~0; } - pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next; + if (next[0] == NAT_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.fastpath. + in2out_ed.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next++; @@ -1181,20 +1198,6 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_IN2OUT_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_ICMP_PACKETS, - icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_OTHER_PACKETS, - other_packets); return frame->n_vectors; } @@ -1204,14 +1207,11 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, vlib_frame_t * frame, int is_output_feature) { - u32 n_left_from, *from, pkts_processed = 0, stats_node_index; + u32 n_left_from, *from; snat_main_t *sm = &snat_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = 0; - - stats_node_index = sm->ed_in2out_slowpath_node_index; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -1271,16 +1271,21 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, if (!s0) next[0] = NAT_NEXT_DROP; - other_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.other, thread_index, + sw_if_index0, 1); goto trace0; } if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next[0] = icmp_in2out_ed_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, - node, next[0], now, thread_index, &s0); - icmp_packets++; + next[0] = + icmp_in2out_ed_slow_path (sm, b0, ip0, icmp0, sw_if_index0, + rx_fib_index0, node, next[0], now, + thread_index, &s0); + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.icmp, thread_index, + sw_if_index0, 1); goto trace0; } @@ -1395,7 +1400,8 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, mss_clamping (sm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - tcp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.in2out_ed.tcp, + thread_index, sw_if_index0, 1); if (nat44_set_tcp_session_state_i2o (sm, now, s0, b0, thread_index)) goto trace0; } @@ -1422,7 +1428,8 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } udp0->checksum = ip_csum_fold (sum0); - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath.in2out_ed.udp, + thread_index, sw_if_index0, 1); } else { @@ -1434,7 +1441,9 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, udp0->dst_port = s0->ext_host_port; ip0->dst_address.as_u32 = s0->ext_host_addr.as_u32; } - udp_packets++; + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.udp, thread_index, + sw_if_index0, 1); } } @@ -1461,7 +1470,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, t->session_index = ~0; } - pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next; + if (next[0] == NAT_NEXT_DROP) + { + vlib_increment_simple_counter (&sm->counters.slowpath. + in2out_ed.drops, thread_index, + sw_if_index0, 1); + } n_left_from--; next++; @@ -1471,19 +1485,6 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts, frame->n_vectors); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_IN2OUT_PACKETS, - pkts_processed); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_TCP_PACKETS, tcp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_UDP_PACKETS, udp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_ICMP_PACKETS, - icmp_packets); - vlib_node_increment_counter (vm, stats_node_index, - NAT_IN2OUT_ED_ERROR_OTHER_PACKETS, - other_packets); return frame->n_vectors; }