X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat64.c;h=748205a1631b3fc915dbc989546d58958d76b551;hb=fa0c1f4dfc91726140d868d9077bfb3e25c1f1fe;hp=0b7536f21a7a5a9d9d6990e535431faef604d836;hpb=e71eb5922a293eca36dbd323970741daaca3c5c7;p=vpp.git diff --git a/src/plugins/nat/nat64.c b/src/plugins/nat/nat64.c index 0b7536f21a7..748205a1631 100644 --- a/src/plugins/nat/nat64.c +++ b/src/plugins/nat/nat64.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include @@ -81,12 +82,14 @@ nat64_ip4_add_del_interface_address_cb (ip4_main_t * im, uword opaque, if (nm->addr_pool[j].addr.as_u32 == address->as_u32) return; - (void) nat64_add_del_pool_addr (address, ~0, 1); + (void) nat64_add_del_pool_addr (vlib_get_thread_index (), + address, ~0, 1); return; } else { - (void) nat64_add_del_pool_addr (address, ~0, 0); + (void) nat64_add_del_pool_addr (vlib_get_thread_index (), + address, ~0, 0); return; } } @@ -135,20 +138,35 @@ nat64_get_worker_out2in (ip4_header_t * ip) if (PREDICT_FALSE (nat_reass_is_drop_frag (0))) return vlib_get_thread_index (); - if (PREDICT_TRUE (!ip4_is_first_fragment (ip))) - { - nat_reass_ip4_t *reass; + nat_reass_ip4_t *reass; + reass = nat_ip4_reass_find (ip->src_address, ip->dst_address, + ip->fragment_id, ip->protocol); - reass = nat_ip4_reass_find (ip->src_address, ip->dst_address, - ip->fragment_id, ip->protocol); + if (reass && (reass->thread_index != (u32) ~ 0)) + return reass->thread_index; - if (reass && (reass->thread_index != (u32) ~ 0)) - return reass->thread_index; + if (ip4_is_first_fragment (ip)) + { + reass = + nat_ip4_reass_create (ip->src_address, ip->dst_address, + ip->fragment_id, ip->protocol); + if (!reass) + goto no_reass; + + port = clib_net_to_host_u16 (port); + if (port > 1024) + reass->thread_index = + nm->sm->first_worker_index + + ((port - 1024) / sm->port_per_thread); else - return vlib_get_thread_index (); + reass->thread_index = vlib_get_thread_index (); + return reass->thread_index; } + else + return vlib_get_thread_index (); } +no_reass: /* unknown protocol */ if (PREDICT_FALSE (proto == ~0)) { @@ -156,7 +174,7 @@ nat64_get_worker_out2in (ip4_header_t * ip) ip46_address_t daddr; nat64_db_bib_entry_t *bibe; - memset (&daddr, 0, sizeof (daddr)); + clib_memset (&daddr, 0, sizeof (daddr)); daddr.ip4.as_u32 = ip->dst_address.as_u32; /* *INDENT-OFF* */ @@ -214,23 +232,37 @@ nat64_init (vlib_main_t * vm) vlib_thread_main_t *tm = vlib_get_thread_main (); ip4_add_del_interface_address_callback_t cb4; ip4_main_t *im = &ip4_main; - vlib_node_t *error_drop_node = - vlib_get_node_by_name (vm, (u8 *) "error-drop"); + nm->sm = &snat_main; + vlib_node_t *node; vec_validate (nm->db, tm->n_vlib_mains - 1); - nm->sm = &snat_main; - nm->fq_in2out_index = ~0; nm->fq_out2in_index = ~0; - nm->error_node_index = error_drop_node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "error-drop"); + nm->error_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out"); + nm->in2out_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out-slowpath"); + nm->in2out_slowpath_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out-reass"); + nm->in2out_reass_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-out2in"); + nm->out2in_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-out2in-reass"); + nm->out2in_reass_node_index = node->index; /* set session timeouts to default values */ nm->udp_timeout = SNAT_UDP_TIMEOUT; nm->icmp_timeout = SNAT_ICMP_TIMEOUT; nm->tcp_trans_timeout = SNAT_TCP_TRANSITORY_TIMEOUT; nm->tcp_est_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT; - nm->tcp_incoming_syn_timeout = SNAT_TCP_INCOMING_SYN; nm->total_enabled_count = 0; @@ -240,6 +272,16 @@ nat64_init (vlib_main_t * vm) vec_add1 (im->add_del_interface_address_callbacks, cb4); nm->ip4_main = im; + /* Init counters */ + nm->total_bibs.name = "total-bibs"; + nm->total_bibs.stat_segment_name = "/nat64/total-bibs"; + vlib_validate_simple_counter (&nm->total_bibs, 0); + vlib_zero_simple_counter (&nm->total_bibs, 0); + nm->total_sessions.name = "total-sessions"; + nm->total_sessions.stat_segment_name = "/nat64/total-sessions"; + vlib_validate_simple_counter (&nm->total_sessions, 0); + vlib_zero_simple_counter (&nm->total_sessions, 0); + return 0; } @@ -264,13 +306,14 @@ nat64_set_hash (u32 bib_buckets, u32 bib_memory_size, u32 st_buckets, { if (nat64_db_init (db, bib_buckets, bib_memory_size, st_buckets, st_memory_size, nat64_free_out_addr_and_port)) - clib_warning ("NAT64 DB init failed"); + nat_log_err ("NAT64 DB init failed"); } /* *INDENT-ON* */ } int -nat64_add_del_pool_addr (ip4_address_t * addr, u32 vrf_id, u8 is_add) +nat64_add_del_pool_addr (u32 thread_index, + ip4_address_t * addr, u32 vrf_id, u8 is_add) { nat64_main_t *nm = &nat64_main; snat_address_t *a = 0; @@ -319,7 +362,13 @@ nat64_add_del_pool_addr (ip4_address_t * addr, u32 vrf_id, u8 is_add) /* Delete sessions using address */ /* *INDENT-OFF* */ vec_foreach (db, nm->db) - nat64_db_free_out_addr (db, &a->addr); + { + nat64_db_free_out_addr (thread_index, db, &a->addr); + vlib_set_simple_counter (&nm->total_bibs, db - nm->db, 0, + db->bib.bib_entries_num); + vlib_set_simple_counter (&nm->total_sessions, db - nm->db, 0, + db->st.st_entries_num); + } #define _(N, id, n, s) \ clib_bitmap_free (a->busy_##n##_port_bitmap); foreach_snat_protocol @@ -378,8 +427,8 @@ nat64_add_interface_address (u32 sw_if_index, int is_add) { /* if have address remove it */ if (first_int_addr) - (void) nat64_add_del_pool_addr (first_int_addr, ~0, 0); - + (void) nat64_add_del_pool_addr (vlib_get_thread_index (), + first_int_addr, ~0, 0); vec_del1 (nm->auto_add_sw_if_indices, i); return 0; } @@ -394,7 +443,8 @@ nat64_add_interface_address (u32 sw_if_index, int is_add) /* If the address is already bound - or static - add it now */ if (first_int_addr) - (void) nat64_add_del_pool_addr (first_int_addr, ~0, 1); + (void) nat64_add_del_pool_addr (vlib_get_thread_index (), + first_int_addr, ~0, 1); return 0; } @@ -506,7 +556,6 @@ nat64_alloc_out_addr_and_port (u32 fib_index, snat_protocol_t proto, nat64_main_t *nm = &nat64_main; snat_main_t *sm = nm->sm; snat_session_key_t k; - u32 ai; u32 worker_index = 0; int rv; @@ -516,7 +565,7 @@ nat64_alloc_out_addr_and_port (u32 fib_index, snat_protocol_t proto, worker_index = thread_index - sm->first_worker_index; rv = - sm->alloc_addr_and_port (nm->addr_pool, fib_index, thread_index, &k, &ai, + sm->alloc_addr_and_port (nm->addr_pool, fib_index, thread_index, &k, sm->port_per_thread, worker_index); if (!rv) @@ -550,14 +599,14 @@ nat64_free_out_addr_and_port (struct nat64_db_s *db, ip4_address_t * addr, case SNAT_PROTOCOL_##N: \ ASSERT (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \ port_host_byte_order) == 1); \ - clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, port, 0); \ + clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, port_host_byte_order, 0); \ a->busy_##n##_ports--; \ a->busy_##n##_ports_per_thread[thread_index]--; \ break; foreach_snat_protocol #undef _ default: - clib_warning ("unknown protocol"); + nat_log_notice ("unknown protocol"); return; } break; @@ -572,7 +621,7 @@ nat64_static_bib_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { nat64_main_t *nm = &nat64_main; - u32 thread_index = vlib_get_thread_index (); + u32 thread_index = vm->thread_index; nat64_db_t *db = &nm->db[thread_index]; nat64_static_bib_to_update_t *static_bib; nat64_db_bib_entry_t *bibe; @@ -585,12 +634,17 @@ nat64_static_bib_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, continue; if (static_bib->is_add) - (void) nat64_db_bib_entry_create (db, &static_bib->in_addr, - &static_bib->out_addr, - static_bib->in_port, - static_bib->out_port, - static_bib->fib_index, - static_bib->proto, 1); + { + (void) nat64_db_bib_entry_create (thread_index, db, + &static_bib->in_addr, + &static_bib->out_addr, + static_bib->in_port, + static_bib->out_port, + static_bib->fib_index, + static_bib->proto, 1); + vlib_set_simple_counter (&nm->total_bibs, thread_index, 0, + db->bib.bib_entries_num); + } else { addr.as_u64[0] = static_bib->in_addr.as_u64[0]; @@ -599,7 +653,13 @@ nat64_static_bib_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, static_bib->proto, static_bib->fib_index, 1); if (bibe) - nat64_db_bib_entry_free (db, bibe); + { + nat64_db_bib_entry_free (thread_index, db, bibe); + vlib_set_simple_counter (&nm->total_bibs, thread_index, 0, + db->bib.bib_entries_num); + vlib_set_simple_counter (&nm->total_sessions, thread_index, 0, + db->st.st_entries_num); + } } static_bib->done = 1; @@ -688,7 +748,7 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, foreach_snat_protocol #undef _ default: - memset (&addr, 0, sizeof (addr)); + clib_memset (&addr, 0, sizeof (addr)); addr.ip4.as_u32 = out_addr->as_u32; if (nat64_db_bib_entry_find (db, &addr, 0, proto, fib_index, 0)) return VNET_API_ERROR_INVALID_VALUE; @@ -698,12 +758,15 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, if (!nm->sm->num_workers) { bibe = - nat64_db_bib_entry_create (db, in_addr, out_addr, + nat64_db_bib_entry_create (thread_index, db, in_addr, out_addr, clib_host_to_net_u16 (in_port), clib_host_to_net_u16 (out_port), fib_index, proto, 1); if (!bibe) return VNET_API_ERROR_UNSPECIFIED; + + vlib_set_simple_counter (&nm->total_bibs, thread_index, 0, + db->bib.bib_entries_num); } } else @@ -712,7 +775,11 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, return VNET_API_ERROR_NO_SUCH_ENTRY; if (!nm->sm->num_workers) - nat64_db_bib_entry_free (db, bibe); + { + nat64_db_bib_entry_free (thread_index, db, bibe); + vlib_set_simple_counter (&nm->total_bibs, thread_index, 0, + db->bib.bib_entries_num); + } } if (nm->sm->num_workers) @@ -756,8 +823,6 @@ nat64_set_udp_timeout (u32 timeout) if (timeout == 0) nm->udp_timeout = SNAT_UDP_TIMEOUT; - else if (timeout < SNAT_UDP_TIMEOUT_MIN) - return VNET_API_ERROR_INVALID_VALUE; else nm->udp_timeout = timeout; @@ -794,7 +859,7 @@ nat64_get_icmp_timeout (void) } int -nat64_set_tcp_timeouts (u32 trans, u32 est, u32 incoming_syn) +nat64_set_tcp_timeouts (u32 trans, u32 est) { nat64_main_t *nm = &nat64_main; @@ -808,11 +873,6 @@ nat64_set_tcp_timeouts (u32 trans, u32 est, u32 incoming_syn) else nm->tcp_est_timeout = est; - if (incoming_syn == 0) - nm->tcp_incoming_syn_timeout = SNAT_TCP_INCOMING_SYN; - else - nm->tcp_incoming_syn_timeout = incoming_syn; - return 0; } @@ -832,14 +892,6 @@ nat64_get_tcp_est_timeout (void) return nm->tcp_est_timeout; } -u32 -nat64_get_tcp_incoming_syn_timeout (void) -{ - nat64_main_t *nm = &nat64_main; - - return nm->tcp_incoming_syn_timeout; -} - void nat64_session_reset_timeout (nat64_db_st_entry_t * ste, vlib_main_t * vm) { @@ -1034,7 +1086,7 @@ nat64_compose_ip6 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) if (prefix) { - clib_memcpy (ip6, &p->prefix, sizeof (ip6_address_t)); + clib_memcpy_fast (ip6, &p->prefix, sizeof (ip6_address_t)); switch (p->plen) { case 32: @@ -1068,13 +1120,13 @@ nat64_compose_ip6 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) ip6->as_u32[3] = ip4->as_u32; break; default: - clib_warning ("invalid prefix length"); + nat_log_notice ("invalid prefix length"); break; } } else { - clib_memcpy (ip6, well_known_prefix, sizeof (ip6_address_t)); + clib_memcpy_fast (ip6, well_known_prefix, sizeof (ip6_address_t)); ip6->as_u32[3] = ip4->as_u32; } } @@ -1141,7 +1193,7 @@ nat64_extract_ip4 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) ip4->as_u32 = ip6->as_u32[3]; break; default: - clib_warning ("invalid prefix length"); + nat_log_notice ("invalid prefix length"); break; } } @@ -1154,11 +1206,15 @@ nat64_expire_worker_walk_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { nat64_main_t *nm = &nat64_main; - u32 thread_index = vlib_get_thread_index (); + u32 thread_index = vm->thread_index; nat64_db_t *db = &nm->db[thread_index]; u32 now = (u32) vlib_time_now (vm); - nad64_db_st_free_expired (db, now); + nad64_db_st_free_expired (thread_index, db, now); + vlib_set_simple_counter (&nm->total_bibs, thread_index, 0, + db->bib.bib_entries_num); + vlib_set_simple_counter (&nm->total_sessions, thread_index, 0, + db->st.st_entries_num); return 0; } @@ -1222,7 +1278,7 @@ nat64_expire_walk_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, case NAT64_CLEANER_RESCHEDULE: break; default: - clib_warning ("unknown event %u", event_type); + nat_log_notice ("unknown event %u", event_type); break; }