X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat.h;h=5bd0a119f386dc1a7fac62cbdcf4ae0453d16ce4;hb=efcd1e9e1d7dda4e4ea3db5750925cd8f6894f4d;hp=e467fde75f32a28e274da63f0aa1a5acc78a891a;hpb=7865b5c8a4f11731d8c6d4627e505afe990989b4;p=vpp.git diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index e467fde75f3..5bd0a119f38 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -129,6 +129,9 @@ typedef enum { #define SNAT_SESSION_FLAG_UNKNOWN_PROTO 2 #define SNAT_SESSION_FLAG_LOAD_BALANCING 4 +#define NAT_INTERFACE_FLAG_IS_INSIDE 1 +#define NAT_INTERFACE_FLAG_IS_OUTSIDE 2 + typedef CLIB_PACKED(struct { snat_session_key_t out2in; /* 0-15 */ @@ -151,9 +154,9 @@ typedef CLIB_PACKED(struct { /* Outside address */ u32 outside_address_index; /* 64-67 */ - /* External host address */ + /* External host address and port */ ip4_address_t ext_host_addr; /* 68-71 */ - + u16 ext_host_port; /* 72-73 */ }) snat_session_t; @@ -217,7 +220,7 @@ typedef struct { typedef struct { u32 sw_if_index; - u8 is_inside; + u8 flags; } snat_interface_t; typedef struct { @@ -257,6 +260,7 @@ typedef u32 snat_icmp_match_function_t (struct snat_main_s *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, @@ -372,16 +376,19 @@ extern vlib_node_registration_t snat_det_out2in_node; extern vlib_node_registration_t snat_hairpin_dst_node; extern vlib_node_registration_t snat_hairpin_src_node; -void snat_free_outside_address_and_port (snat_main_t * sm, +void snat_free_outside_address_and_port (snat_address_t * addresses, u32 thread_index, snat_session_key_t * k, u32 address_index); -int snat_alloc_outside_address_and_port (snat_main_t * sm, +int snat_alloc_outside_address_and_port (snat_address_t * addresses, u32 fib_index, u32 thread_index, snat_session_key_t * k, - u32 * address_indexp); + u32 * address_indexp, + u8 vrf_mode, + u16 port_per_thread, + u32 snat_thread_index); int snat_static_mapping_match (snat_main_t * sm, snat_session_key_t match, @@ -405,7 +412,7 @@ typedef struct { @param s SNAT session @return 1 if SNAT session is created from static mapping otherwise 0 */ -#define snat_is_session_static(s) s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING +#define snat_is_session_static(s) (s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING) /** \brief Check if SNAT session for unknown protocol. @param s SNAT session @@ -413,6 +420,9 @@ typedef struct { */ #define snat_is_unk_proto_session(s) s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO +#define nat_interface_is_inside(i) i->flags & NAT_INTERFACE_FLAG_IS_INSIDE +#define nat_interface_is_outside(i) i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE + /* * Why is this here? Because we don't need to touch this layer to * simply reply to an icmp. We need to change id to a unique @@ -454,27 +464,33 @@ typedef struct { } tcp_udp_header_t; u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_in2out_det(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_out2in_det(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); void increment_v4_address(ip4_address_t * a); @@ -494,6 +510,8 @@ u8 * format_snat_protocol(u8 * s, va_list * args); int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, u32 vrf_id, nat44_lb_addr_port_t *locals, u8 is_add); +int nat44_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port, + snat_protocol_t proto, u32 vrf_id, int is_in); static_always_inline u8 icmp_is_error_message (icmp46_header_t * icmp) @@ -545,4 +563,30 @@ maximum_sessions_exceeded (snat_main_t *sm, u32 thread_index) return 0; } -#endif /* __included_nat_h__ */ +static_always_inline void +nat_send_all_to_node(vlib_main_t *vm, u32 *bi_vector, + vlib_node_runtime_t *node, vlib_error_t *error, u32 next) +{ + u32 n_left_from, *from, next_index, *to_next, n_left_to_next; + + from = bi_vector; + n_left_from = vec_len(bi_vector); + next_index = node->cached_next_index; + while (n_left_from > 0) { + vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next); + while (n_left_from > 0 && n_left_to_next > 0) { + u32 bi0 = to_next[0] = from[0]; + from += 1; + n_left_from -= 1; + to_next += 1; + n_left_to_next -= 1; + vlib_buffer_t *p0 = vlib_get_buffer(vm, bi0); + p0->error = *error; + vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, + n_left_to_next, bi0, next); + } + vlib_put_next_frame(vm, node, next_index, n_left_to_next); + } +} + +#endif /* __included_snat_h__ */