X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat_inlines.h;h=0b4f8108c7e85ebe0da1c7ca38a6c7d5f8d3c42f;hb=6c01dceea5c612373453db7f1ccda589a2cd782e;hp=8922c05c39307598b272b7635c2548e1606e3d04;hpb=bb4e022502dd7f76d4f1cd705a7bac628d8c098c;p=vpp.git diff --git a/src/plugins/nat/nat_inlines.h b/src/plugins/nat/nat_inlines.h index 8922c05c393..0b4f8108c7e 100644 --- a/src/plugins/nat/nat_inlines.h +++ b/src/plugins/nat/nat_inlines.h @@ -19,6 +19,7 @@ #ifndef __included_nat_inlines_h__ #define __included_nat_inlines_h__ +#include #include always_inline u32 @@ -120,7 +121,8 @@ nat_send_all_to_node (vlib_main_t * vm, u32 * bi_vector, to_next += 1; n_left_to_next -= 1; vlib_buffer_t *p0 = vlib_get_buffer (vm, bi0); - p0->error = *error; + if (error) + p0->error = *error; vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, bi0, next); } @@ -213,7 +215,8 @@ nat44_set_tcp_session_state_i2o (snat_main_t * sm, snat_session_t * ses, if (clib_net_to_host_u32 (tcp->ack_number) > ses->o2i_fin_seq) ses->state |= NAT44_SES_O2I_FIN_ACK; } - if (nat44_is_ses_closed (ses)) + if (nat44_is_ses_closed (ses) + && !(ses->flags & SNAT_SESSION_FLAG_OUTPUT_FEATURE)) { nat_log_debug ("TCP close connection %U", format_snat_session, &sm->per_thread_data[thread_index], ses); @@ -369,13 +372,85 @@ mss_clamping (snat_main_t * sm, tcp_header_t * tcp, ip_csum_t * sum) *sum = ip_csum_update (*sum, mss, sm->mss_value_net, ip4_header_t, length); - clib_memcpy (data + 2, &sm->mss_value_net, 2); + clib_memcpy_fast (data + 2, &sm->mss_value_net, 2); } return; } } } +/** + * @brief Check if packet should be translated + * + * Packets aimed at outside interface and external address with active session + * should be translated. + * + * @param sm NAT main + * @param rt NAT runtime data + * @param sw_if_index0 index of the inside interface + * @param ip0 IPv4 header + * @param proto0 NAT protocol + * @param rx_fib_index0 RX FIB index + * + * @returns 0 if packet should be translated otherwise 1 + */ +static inline int +snat_not_translate_fast (snat_main_t * sm, vlib_node_runtime_t * node, + u32 sw_if_index0, ip4_header_t * ip0, u32 proto0, + u32 rx_fib_index0) +{ + if (sm->out2in_dpo) + return 0; + + fib_node_index_t fei = FIB_NODE_INDEX_INVALID; + nat_outside_fib_t *outside_fib; + fib_prefix_t pfx = { + .fp_proto = FIB_PROTOCOL_IP4, + .fp_len = 32, + .fp_addr = { + .ip4.as_u32 = ip0->dst_address.as_u32, + } + , + }; + + /* Don't NAT packet aimed at the intfc address */ + if (PREDICT_FALSE (is_interface_addr (sm, node, sw_if_index0, + ip0->dst_address.as_u32))) + return 1; + + fei = fib_table_lookup (rx_fib_index0, &pfx); + if (FIB_NODE_INDEX_INVALID != fei) + { + u32 sw_if_index = fib_entry_get_resolving_interface (fei); + if (sw_if_index == ~0) + { + vec_foreach (outside_fib, sm->outside_fibs) + { + fei = fib_table_lookup (outside_fib->fib_index, &pfx); + if (FIB_NODE_INDEX_INVALID != fei) + { + sw_if_index = fib_entry_get_resolving_interface (fei); + if (sw_if_index != ~0) + break; + } + } + } + if (sw_if_index == ~0) + return 1; + + snat_interface_t *i; + pool_foreach (i, sm->interfaces, ( + { + /* NAT packet aimed at outside interface */ + if ((nat_interface_is_outside (i)) + && (sw_if_index == + i->sw_if_index)) return 0;} + )); + } + + return 1; +} + #endif /* __included_nat_inlines_h__ */ /*