X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat.h;h=9c50a0b77ec65a8202a33b95652687be3ee48e11;hb=5ba86f72439a627f2084bcafb221ad77f4990168;hp=8935144dd54b61c25e3a2d7cae1e3fc97fea822d;hpb=704018cf117b6667f08b09d6db5fbec105bf6d57;p=vpp.git diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 8935144dd54..9c50a0b77ec 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -95,19 +95,6 @@ typedef struct { }; } snat_user_key_t; -typedef struct { - union - { - struct - { - ip4_address_t addr; - u16 port; - u16 fib_index; - }; - u64 as_u64; - }; -} snat_worker_key_t; - #define foreach_snat_protocol \ _(UDP, 0, udp, "udp") \ @@ -142,6 +129,9 @@ typedef enum { #define SNAT_SESSION_FLAG_UNKNOWN_PROTO 2 #define SNAT_SESSION_FLAG_LOAD_BALANCING 4 +#define NAT_INTERFACE_FLAG_IS_INSIDE 1 +#define NAT_INTERFACE_FLAG_IS_OUTSIDE 2 + typedef CLIB_PACKED(struct { snat_session_key_t out2in; /* 0-15 */ @@ -182,7 +172,8 @@ typedef struct { ip4_address_t addr; u32 fib_index; #define _(N, i, n, s) \ - u32 busy_##n##_ports; \ + u16 busy_##n##_ports; \ + u16 * busy_##n##_ports_per_thread; \ uword * busy_##n##_port_bitmap; foreach_snat_protocol #undef _ @@ -223,12 +214,13 @@ typedef struct { u32 vrf_id; u32 fib_index; snat_protocol_t proto; + u32 worker_index; nat44_lb_addr_port_t *locals; } snat_static_mapping_t; typedef struct { u32 sw_if_index; - u8 is_inside; + u8 flags; } snat_interface_t; typedef struct { @@ -243,6 +235,13 @@ typedef struct { } snat_static_map_resolve_t; typedef struct { + /* Main lookup tables */ + clib_bihash_8_8_t out2in; + clib_bihash_8_8_t in2out; + + /* Find-a-user => src address lookup */ + clib_bihash_8_8_t user_hash; + /* User pool */ snat_user_t * users; @@ -261,6 +260,7 @@ typedef u32 snat_icmp_match_function_t (struct snat_main_s *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, @@ -270,23 +270,10 @@ typedef u32 snat_icmp_match_function_t (struct snat_main_s *sm, typedef u32 (snat_get_worker_function_t) (ip4_header_t * ip, u32 rx_fib_index); typedef struct snat_main_s { - /* Main lookup tables */ - clib_bihash_8_8_t out2in; - clib_bihash_8_8_t in2out; - /* Endpoint address dependent sessions lookup tables */ clib_bihash_16_8_t out2in_ed; clib_bihash_16_8_t in2out_ed; - /* Find-a-user => src address lookup */ - clib_bihash_8_8_t user_hash; - - /* Non-translated packets worker lookup => src address + VRF */ - clib_bihash_8_8_t worker_by_in; - - /* Translated packets worker lookup => IP address + port number */ - clib_bihash_8_8_t worker_by_out; - snat_icmp_match_function_t * icmp_match_in2out_cb; snat_icmp_match_function_t * icmp_match_out2in_cb; @@ -346,6 +333,7 @@ typedef struct snat_main_s { u8 deterministic; u32 translation_buckets; u32 translation_memory_size; + u32 max_translations; u32 user_buckets; u32 user_memory_size; u32 max_translations_per_user; @@ -389,6 +377,7 @@ extern vlib_node_registration_t snat_hairpin_dst_node; extern vlib_node_registration_t snat_hairpin_src_node; void snat_free_outside_address_and_port (snat_main_t * sm, + u32 thread_index, snat_session_key_t * k, u32 address_index); @@ -428,6 +417,9 @@ typedef struct { */ #define snat_is_unk_proto_session(s) s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO +#define nat_interface_is_inside(i) i->flags & NAT_INTERFACE_FLAG_IS_INSIDE +#define nat_interface_is_outside(i) i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE + /* * Why is this here? Because we don't need to touch this layer to * simply reply to an icmp. We need to change id to a unique @@ -469,27 +461,33 @@ typedef struct { } tcp_udp_header_t; u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_in2out_det(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); u32 icmp_match_out2in_det(snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, u8 *p_proto, + u32 thread_index, vlib_buffer_t *b0, + ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e); void increment_v4_address(ip4_address_t * a); @@ -509,6 +507,8 @@ u8 * format_snat_protocol(u8 * s, va_list * args); int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, u32 vrf_id, nat44_lb_addr_port_t *locals, u8 is_add); +int nat44_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port, + snat_protocol_t proto, u32 vrf_id, int is_in); static_always_inline u8 icmp_is_error_message (icmp46_header_t * icmp) @@ -551,4 +551,13 @@ is_interface_addr(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0, return 0; } +always_inline u8 +maximum_sessions_exceeded (snat_main_t *sm, u32 thread_index) +{ + if (pool_elts (sm->per_thread_data[thread_index].sessions) >= sm->max_translations) + return 1; + + return 0; +} + #endif /* __included_nat_h__ */