X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat_reass.c;h=1185e1bb4af32f41ff80e25a783bcfe24a1b0242;hb=2d24cd027275905f308f75bf45d0f9d163f2235b;hp=a97d8f017e9cdc308760c8967a0c3dc7ad65c0d5;hpb=51e759fd0655b6089360e1ccf2f5341704549fd4;p=vpp.git

diff --git a/src/plugins/nat/nat_reass.c b/src/plugins/nat/nat_reass.c
old mode 100644
new mode 100755
index a97d8f017e9..1185e1bb4af
--- a/src/plugins/nat/nat_reass.c
+++ b/src/plugins/nat/nat_reass.c
@@ -19,6 +19,7 @@
 
 #include <vnet/vnet.h>
 #include <nat/nat_reass.h>
+#include <nat/nat_ipfix_logging.h>
 
 nat_reass_main_t nat_reass_main;
 
@@ -227,7 +228,7 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst,
   dlist_elt_t *oldest_elt, *elt;
   dlist_elt_t *per_reass_list_head_elt;
   u32 oldest_index, elt_index;
-  clib_bihash_kv_16_8_t kv;
+  clib_bihash_kv_16_8_t kv, value;
 
   k.src.as_u32 = src.as_u32;
   k.dst.as_u32 = dst.as_u32;
@@ -248,6 +249,13 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst,
 			      srm->ip4_reass_head_index,
 			      reass->lru_list_index);
 	}
+
+      if (reass->flags & NAT_REASS_FLAG_MAX_FRAG_DROP)
+	{
+	  reass = 0;
+	  goto unlock;
+	}
+
       goto unlock;
     }
 
@@ -264,7 +272,7 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst,
 	{
 	  clib_dlist_addhead (srm->ip4_reass_lru_list_pool,
 			      srm->ip4_reass_head_index, oldest_index);
-	  clib_warning ("no free resassembly slot");
+	  nat_log_warn ("no free resassembly slot");
 	  reass = 0;
 	  goto unlock;
 	}
@@ -272,12 +280,18 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst,
       clib_dlist_addtail (srm->ip4_reass_lru_list_pool,
 			  srm->ip4_reass_head_index, oldest_index);
 
-      kv.key[0] = k.as_u64[0];
-      kv.key[1] = k.as_u64[1];
-      if (clib_bihash_add_del_16_8 (&srm->ip4_reass_hash, &kv, 0))
+      kv.key[0] = reass->key.as_u64[0];
+      kv.key[1] = reass->key.as_u64[1];
+      if (!clib_bihash_search_16_8 (&srm->ip4_reass_hash, &kv, &value))
 	{
-	  reass = 0;
-	  goto unlock;
+	  if (value.value == (reass - srm->ip4_reass_pool))
+	    {
+	      if (clib_bihash_add_del_16_8 (&srm->ip4_reass_hash, &kv, 0))
+		{
+		  reass = 0;
+		  goto unlock;
+		}
+	    }
 	}
 
       nat_ip4_reass_get_frags_inline (reass, bi_to_drop);
@@ -305,6 +319,9 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst,
   reass->sess_index = (u32) ~ 0;
   reass->thread_index = (u32) ~ 0;
   reass->last_heard = now;
+  reass->frag_n = 0;
+  reass->flags = 0;
+  reass->classify_next = NAT_REASS_IP4_CLASSIFY_NONE;
 
   if (clib_bihash_add_del_16_8 (&srm->ip4_reass_hash, &kv, 1))
     {
@@ -318,14 +335,21 @@ unlock:
 }
 
 int
-nat_ip4_reass_add_fragment (nat_reass_ip4_t * reass, u32 bi)
+nat_ip4_reass_add_fragment (nat_reass_ip4_t * reass, u32 bi,
+			    u32 ** bi_to_drop)
 {
   nat_reass_main_t *srm = &nat_reass_main;
   dlist_elt_t *elt;
   u32 elt_index;
 
   if (reass->frag_n >= srm->ip4_max_frag)
-    return -1;
+    {
+      nat_ipfix_logging_max_fragments_ip4 (srm->ip4_max_frag,
+					   &reass->key.src);
+      reass->flags |= NAT_REASS_FLAG_MAX_FRAG_DROP;
+      nat_ip4_reass_get_frags_inline (reass, bi_to_drop);
+      return -1;
+    }
 
   clib_spinlock_lock_if_init (&srm->ip4_reass_lock);
 
@@ -434,6 +458,13 @@ nat_ip6_reass_find_or_create (ip6_address_t src, ip6_address_t dst,
 			      srm->ip6_reass_head_index,
 			      reass->lru_list_index);
 	}
+
+      if (reass->flags & NAT_REASS_FLAG_MAX_FRAG_DROP)
+	{
+	  reass = 0;
+	  goto unlock;
+	}
+
       goto unlock;
     }
 
@@ -450,7 +481,7 @@ nat_ip6_reass_find_or_create (ip6_address_t src, ip6_address_t dst,
 	{
 	  clib_dlist_addhead (srm->ip6_reass_lru_list_pool,
 			      srm->ip6_reass_head_index, oldest_index);
-	  clib_warning ("no free resassembly slot");
+	  nat_log_warn ("no free resassembly slot");
 	  reass = 0;
 	  goto unlock;
 	}
@@ -510,14 +541,21 @@ unlock:
 }
 
 int
-nat_ip6_reass_add_fragment (nat_reass_ip6_t * reass, u32 bi)
+nat_ip6_reass_add_fragment (nat_reass_ip6_t * reass, u32 bi,
+			    u32 ** bi_to_drop)
 {
   nat_reass_main_t *srm = &nat_reass_main;
   dlist_elt_t *elt;
   u32 elt_index;
 
   if (reass->frag_n >= srm->ip6_max_frag)
-    return -1;
+    {
+      nat_ipfix_logging_max_fragments_ip6 (srm->ip6_max_frag,
+					   &reass->key.src);
+      reass->flags |= NAT_REASS_FLAG_MAX_FRAG_DROP;
+      nat_ip6_reass_get_frags_inline (reass, bi_to_drop);
+      return -1;
+    }
 
   clib_spinlock_lock_if_init (&srm->ip6_reass_lock);
 
@@ -688,12 +726,51 @@ static int
 nat_ip4_reass_walk_cli (nat_reass_ip4_t * reass, void *ctx)
 {
   vlib_main_t *vm = ctx;
+  u8 *flags_str = 0;
+  const char *classify_next_str;
 
-  vlib_cli_output (vm, "  src %U dst %U proto %u id 0x%04x cached %u",
+  if (reass->flags & NAT_REASS_FLAG_MAX_FRAG_DROP)
+    flags_str = format (flags_str, "MAX_FRAG_DROP");
+  if (reass->flags & NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE)
+    {
+      if (flags_str)
+	flags_str = format (flags_str, " | ");
+      flags_str = format (flags_str, "CLASSIFY_ED_CONTINUE");
+    }
+  if (reass->flags & NAT_REASS_FLAG_ED_DONT_TRANSLATE)
+    {
+      if (flags_str)
+	flags_str = format (flags_str, " | ");
+      flags_str = format (flags_str, "CLASSIFY_ED_DONT_TRANSLATE");
+    }
+  if (!flags_str)
+    flags_str = format (flags_str, "0");
+  flags_str = format (flags_str, "%c", 0);
+
+  switch (reass->classify_next)
+    {
+    case NAT_REASS_IP4_CLASSIFY_NONE:
+      classify_next_str = "NONE";
+      break;
+    case NAT_REASS_IP4_CLASSIFY_NEXT_IN2OUT:
+      classify_next_str = "IN2OUT";
+      break;
+    case NAT_REASS_IP4_CLASSIFY_NEXT_OUT2IN:
+      classify_next_str = "OUT2IN";
+      break;
+    default:
+      classify_next_str = "invalid value";
+    }
+
+  vlib_cli_output (vm, "  src %U dst %U proto %u id 0x%04x cached %u "
+		   "flags %s classify_next %s",
 		   format_ip4_address, &reass->key.src,
 		   format_ip4_address, &reass->key.dst,
 		   reass->key.proto,
-		   clib_net_to_host_u16 (reass->key.frag_id), reass->frag_n);
+		   clib_net_to_host_u16 (reass->key.frag_id), reass->frag_n,
+		   flags_str, classify_next_str);
+
+  vec_free (flags_str);
 
   return 0;
 }
@@ -718,7 +795,7 @@ show_nat_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
 {
   vlib_cli_output (vm, "NAT IPv4 virtual fragmentation reassembly is %s",
 		   nat_reass_is_drop_frag (0) ? "DISABLED" : "ENABLED");
-  vlib_cli_output (vm, " max-reasssemblies %u", nat_reass_get_max_reass (0));
+  vlib_cli_output (vm, " max-reassemblies %u", nat_reass_get_max_reass (0));
   vlib_cli_output (vm, " max-fragments %u", nat_reass_get_max_frag (0));
   vlib_cli_output (vm, " timeout %usec", nat_reass_get_timeout (0));
   vlib_cli_output (vm, " reassemblies:");
@@ -726,7 +803,7 @@ show_nat_reass_command_fn (vlib_main_t * vm, unformat_input_t * input,
 
   vlib_cli_output (vm, "NAT IPv6 virtual fragmentation reassembly is %s",
 		   nat_reass_is_drop_frag (1) ? "DISABLED" : "ENABLED");
-  vlib_cli_output (vm, " max-reasssemblies %u", nat_reass_get_max_reass (1));
+  vlib_cli_output (vm, " max-reassemblies %u", nat_reass_get_max_reass (1));
   vlib_cli_output (vm, " max-fragments %u", nat_reass_get_max_frag (1));
   vlib_cli_output (vm, " timeout %usec", nat_reass_get_timeout (1));
   vlib_cli_output (vm, " reassemblies:");