X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat.h;h=e53e924ff039ec8557a01730aae2df85185136d1;hb=7e550693dffd368b9dd8e0397674cfc4d10f9579;hp=04c466dc6f57ddd22ae0bc7e46c9cb82a8d48521;hpb=2ba92e32e0197f676dd905e5edcb4ff3e1bec241;p=vpp.git

diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 04c466dc6f5..e53e924ff03 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -62,12 +62,13 @@ typedef struct {
       ip4_address_t l_addr;
       ip4_address_t r_addr;
       u32 fib_index;
+      u16 l_port;
       u8 proto;
-      u8 rsvd[3];
+      u8 rsvd;
     };
     u64 as_u64[2];
   };
-} snat_unk_proto_ses_key_t;
+} nat_ed_ses_key_t;
 
 typedef struct {
   union
@@ -94,19 +95,6 @@ typedef struct {
   };
 } snat_user_key_t;
 
-typedef struct {
-  union
-  {
-    struct
-    {
-      ip4_address_t addr;
-      u16 port;
-      u16 fib_index;
-    };
-    u64 as_u64;
-  };
-} snat_worker_key_t;
-
 
 #define foreach_snat_protocol \
   _(UDP, 0, udp, "udp")       \
@@ -139,6 +127,7 @@ typedef enum {
 
 #define SNAT_SESSION_FLAG_STATIC_MAPPING 1
 #define SNAT_SESSION_FLAG_UNKNOWN_PROTO  2
+#define SNAT_SESSION_FLAG_LOAD_BALANCING 4
 
 typedef CLIB_PACKED(struct {
   snat_session_key_t out2in;    /* 0-15 */
@@ -180,7 +169,8 @@ typedef struct {
   ip4_address_t addr;
   u32 fib_index;
 #define _(N, i, n, s) \
-  u32 busy_##n##_ports; \
+  u16 busy_##n##_ports; \
+  u16 * busy_##n##_ports_per_thread; \
   uword * busy_##n##_port_bitmap;
   foreach_snat_protocol
 #undef _
@@ -205,6 +195,13 @@ typedef struct {
   snat_det_session_t * sessions;
 } snat_det_map_t;
 
+typedef struct {
+  ip4_address_t addr;
+  u16 port;
+  u8 probability;
+  u8 prefix;
+} nat44_lb_addr_port_t;
+
 typedef struct {
   ip4_address_t local_addr;
   ip4_address_t external_addr;
@@ -214,6 +211,8 @@ typedef struct {
   u32 vrf_id;
   u32 fib_index;
   snat_protocol_t proto;
+  u32 worker_index;
+  nat44_lb_addr_port_t *locals;
 } snat_static_mapping_t;
 
 typedef struct {
@@ -233,6 +232,13 @@ typedef struct {
 } snat_static_map_resolve_t;
 
 typedef struct {
+  /* Main lookup tables */
+  clib_bihash_8_8_t out2in;
+  clib_bihash_8_8_t in2out;
+
+  /* Find-a-user => src address lookup */
+  clib_bihash_8_8_t user_hash;
+
   /* User pool */
   snat_user_t * users;
 
@@ -251,6 +257,7 @@ typedef u32 snat_icmp_match_function_t (struct snat_main_s *sm,
                                         vlib_node_runtime_t *node,
                                         u32 thread_index,
                                         vlib_buffer_t *b0,
+                                        ip4_header_t *ip0,
                                         u8 *p_proto,
                                         snat_session_key_t *p_value,
                                         u8 *p_dont_translate,
@@ -260,22 +267,9 @@ typedef u32 snat_icmp_match_function_t (struct snat_main_s *sm,
 typedef u32 (snat_get_worker_function_t) (ip4_header_t * ip, u32 rx_fib_index);
 
 typedef struct snat_main_s {
-  /* Main lookup tables */
-  clib_bihash_8_8_t out2in;
-  clib_bihash_8_8_t in2out;
-
-  /* Unknown protocol sessions lookup tables */
-  clib_bihash_16_8_t out2in_unk_proto;
-  clib_bihash_16_8_t in2out_unk_proto;
-
-  /* Find-a-user => src address lookup */
-  clib_bihash_8_8_t user_hash;
-
-  /* Non-translated packets worker lookup => src address + VRF */
-  clib_bihash_8_8_t worker_by_in;
-
-  /* Translated packets worker lookup => IP address + port number */
-  clib_bihash_8_8_t worker_by_out;
+  /* Endpoint address dependent sessions lookup tables */
+  clib_bihash_16_8_t out2in_ed;
+  clib_bihash_16_8_t in2out_ed;
 
   snat_icmp_match_function_t * icmp_match_in2out_cb;
   snat_icmp_match_function_t * icmp_match_out2in_cb;
@@ -336,6 +330,7 @@ typedef struct snat_main_s {
   u8 deterministic;
   u32 translation_buckets;
   u32 translation_memory_size;
+  u32 max_translations;
   u32 user_buckets;
   u32 user_memory_size;
   u32 max_translations_per_user;
@@ -379,6 +374,7 @@ extern vlib_node_registration_t snat_hairpin_dst_node;
 extern vlib_node_registration_t snat_hairpin_src_node;
 
 void snat_free_outside_address_and_port (snat_main_t * sm,
+                                         u32 thread_index,
                                          snat_session_key_t * k,
                                          u32 address_index);
 
@@ -459,27 +455,33 @@ typedef struct {
 } tcp_udp_header_t;
 
 u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_in2out_det(snat_main_t *sm, vlib_node_runtime_t *node,
-                          u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                          u32 thread_index, vlib_buffer_t *b0,
+                          ip4_header_t *ip0, u8 *p_proto,
                           snat_session_key_t *p_value,
                           u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
-                           u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                           u32 thread_index, vlib_buffer_t *b0,
+                           ip4_header_t *ip0, u8 *p_proto,
                            snat_session_key_t *p_value,
                            u8 *p_dont_translate, void *d, void *e);
 u32 icmp_match_out2in_det(snat_main_t *sm, vlib_node_runtime_t *node,
-                          u32 thread_index, vlib_buffer_t *b0, u8 *p_proto,
+                          u32 thread_index, vlib_buffer_t *b0,
+                          ip4_header_t *ip0, u8 *p_proto,
                           snat_session_key_t *p_value,
                           u8 *p_dont_translate, void *d, void *e);
 void increment_v4_address(ip4_address_t * a);
@@ -496,6 +498,9 @@ int snat_interface_add_del_output_feature(u32 sw_if_index, u8 is_inside,
 int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del);
 uword unformat_snat_protocol(unformat_input_t * input, va_list * args);
 u8 * format_snat_protocol(u8 * s, va_list * args);
+int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
+                                     snat_protocol_t proto, u32 vrf_id,
+                                     nat44_lb_addr_port_t *locals, u8 is_add);
 
 static_always_inline u8
 icmp_is_error_message (icmp46_header_t * icmp)
@@ -538,4 +543,13 @@ is_interface_addr(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0,
     return 0;
 }
 
+always_inline u8
+maximum_sessions_exceeded (snat_main_t *sm, u32 thread_index)
+{
+  if (pool_elts (sm->per_thread_data[thread_index].sessions) >= sm->max_translations)
+    return 1;
+
+  return 0;
+}
+
 #endif /* __included_nat_h__ */