X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat.h;h=d4ad72520dac424d6988440c408b15ce137b3361;hb=36ea2d6d3a67a60534a7c2b58551688858a1ce7f;hp=f970821b1c95296ffaf9145c425fe81ae8efcccd;hpb=092b3cd59f17d5c3ebe167d8729273838afbe2cb;p=vpp.git

diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index f970821b1c9..d4ad72520da 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -95,19 +95,6 @@ typedef struct {
   };
 } snat_user_key_t;
 
-typedef struct {
-  union
-  {
-    struct
-    {
-      ip4_address_t addr;
-      u16 port;
-      u16 fib_index;
-    };
-    u64 as_u64;
-  };
-} snat_worker_key_t;
-
 
 #define foreach_snat_protocol \
   _(UDP, 0, udp, "udp")       \
@@ -142,6 +129,9 @@ typedef enum {
 #define SNAT_SESSION_FLAG_UNKNOWN_PROTO  2
 #define SNAT_SESSION_FLAG_LOAD_BALANCING 4
 
+#define NAT_INTERFACE_FLAG_IS_INSIDE 1
+#define NAT_INTERFACE_FLAG_IS_OUTSIDE 2
+
 typedef CLIB_PACKED(struct {
   snat_session_key_t out2in;    /* 0-15 */
 
@@ -224,12 +214,13 @@ typedef struct {
   u32 vrf_id;
   u32 fib_index;
   snat_protocol_t proto;
+  u32 worker_index;
   nat44_lb_addr_port_t *locals;
 } snat_static_mapping_t;
 
 typedef struct {
   u32 sw_if_index;
-  u8 is_inside;
+  u8 flags;
 } snat_interface_t;
 
 typedef struct {
@@ -269,6 +260,7 @@ typedef u32 snat_icmp_match_function_t (struct snat_main_s *sm,
                                         vlib_node_runtime_t *node,
                                         u32 thread_index,
                                         vlib_buffer_t *b0,
+                                        ip4_header_t *ip0,
                                         u8 *p_proto,
                                         snat_session_key_t *p_value,
                                         u8 *p_dont_translate,
@@ -282,12 +274,6 @@ typedef struct snat_main_s {
   clib_bihash_16_8_t out2in_ed;
   clib_bihash_16_8_t in2out_ed;
 
-  /* Non-translated packets worker lookup => src address + VRF */
-  clib_bihash_8_8_t worker_by_in;
-
-  /* Translated packets worker lookup => IP address + port number */
-  clib_bihash_8_8_t worker_by_out;
-
   snat_icmp_match_function_t * icmp_match_in2out_cb;
   snat_icmp_match_function_t * icmp_match_out2in_cb;
 
@@ -347,6 +333,7 @@ typedef struct snat_main_s {
   u8 deterministic;
   u32 translation_buckets;
   u32 translation_memory_size;
+  u32 max_translations;
   u32 user_buckets;
   u32 user_memory_size;
   u32 max_translations_per_user;
@@ -430,6 +417,9 @@ typedef struct {
 */
 #define snat_is_unk_proto_session(s) s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO
 
+#define nat_interface_is_inside(i) i->flags & NAT_INTERFACE_FLAG_IS_INSIDE
+#define nat_interface_is_outside(i) i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE
+
 /*
  * Why is this here? Because we don't need to touch this layer to
  * simply reply to an icmp. We need to change id to a unique
@@ -471,27 +461,33 @@ typedef struct {
 } tcp_udp_header_t;
 
 u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_in2out_det(snat_main_t *sm, vlib_node_runtime_t *node,
-                          u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                          u32 thread_index, vlib_buffer_t *b0,
+                          ip4_header_t *ip0, u8 *p_proto,
                           snat_session_key_t *p_value,
                           u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_out2in_det(snat_main_t *sm, vlib_node_runtime_t *node,
-                          u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                          u32 thread_index, vlib_buffer_t *b0,
+                          ip4_header_t *ip0, u8 *p_proto,
                           snat_session_key_t *p_value,
                           u8 *p_dont_translate, void *d, void *e);
 void increment_v4_address(ip4_address_t * a);
@@ -553,4 +549,13 @@ is_interface_addr(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0,
     return 0;
 }
 
+always_inline u8
+maximum_sessions_exceeded (snat_main_t *sm, u32 thread_index)
+{
+  if (pool_elts (sm->per_thread_data[thread_index].sessions) >= sm->max_translations)
+    return 1;
+
+  return 0;
+}
+
 #endif /* __included_nat_h__ */