X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat_reass.c;h=1185e1bb4af32f41ff80e25a783bcfe24a1b0242;hb=2d24cd027275905f308f75bf45d0f9d163f2235b;hp=eb1b492552150c9d1f091989adbf31b40c49307d;hpb=5e85c54d229e443d30dabe9bca39625587add8a5;p=vpp.git diff --git a/src/plugins/nat/nat_reass.c b/src/plugins/nat/nat_reass.c index eb1b4925521..1185e1bb4af 100755 --- a/src/plugins/nat/nat_reass.c +++ b/src/plugins/nat/nat_reass.c @@ -249,6 +249,13 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst, srm->ip4_reass_head_index, reass->lru_list_index); } + + if (reass->flags & NAT_REASS_FLAG_MAX_FRAG_DROP) + { + reass = 0; + goto unlock; + } + goto unlock; } @@ -265,7 +272,7 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst, { clib_dlist_addhead (srm->ip4_reass_lru_list_pool, srm->ip4_reass_head_index, oldest_index); - clib_warning ("no free resassembly slot"); + nat_log_warn ("no free resassembly slot"); reass = 0; goto unlock; } @@ -313,6 +320,8 @@ nat_ip4_reass_find_or_create (ip4_address_t src, ip4_address_t dst, reass->thread_index = (u32) ~ 0; reass->last_heard = now; reass->frag_n = 0; + reass->flags = 0; + reass->classify_next = NAT_REASS_IP4_CLASSIFY_NONE; if (clib_bihash_add_del_16_8 (&srm->ip4_reass_hash, &kv, 1)) { @@ -326,7 +335,8 @@ unlock: } int -nat_ip4_reass_add_fragment (nat_reass_ip4_t * reass, u32 bi) +nat_ip4_reass_add_fragment (nat_reass_ip4_t * reass, u32 bi, + u32 ** bi_to_drop) { nat_reass_main_t *srm = &nat_reass_main; dlist_elt_t *elt; @@ -336,6 +346,8 @@ nat_ip4_reass_add_fragment (nat_reass_ip4_t * reass, u32 bi) { nat_ipfix_logging_max_fragments_ip4 (srm->ip4_max_frag, &reass->key.src); + reass->flags |= NAT_REASS_FLAG_MAX_FRAG_DROP; + nat_ip4_reass_get_frags_inline (reass, bi_to_drop); return -1; } @@ -446,6 +458,13 @@ nat_ip6_reass_find_or_create (ip6_address_t src, ip6_address_t dst, srm->ip6_reass_head_index, reass->lru_list_index); } + + if (reass->flags & NAT_REASS_FLAG_MAX_FRAG_DROP) + { + reass = 0; + goto unlock; + } + goto unlock; } @@ -462,7 +481,7 @@ nat_ip6_reass_find_or_create (ip6_address_t src, ip6_address_t dst, { clib_dlist_addhead (srm->ip6_reass_lru_list_pool, srm->ip6_reass_head_index, oldest_index); - clib_warning ("no free resassembly slot"); + nat_log_warn ("no free resassembly slot"); reass = 0; goto unlock; } @@ -522,7 +541,8 @@ unlock: } int -nat_ip6_reass_add_fragment (nat_reass_ip6_t * reass, u32 bi) +nat_ip6_reass_add_fragment (nat_reass_ip6_t * reass, u32 bi, + u32 ** bi_to_drop) { nat_reass_main_t *srm = &nat_reass_main; dlist_elt_t *elt; @@ -532,6 +552,8 @@ nat_ip6_reass_add_fragment (nat_reass_ip6_t * reass, u32 bi) { nat_ipfix_logging_max_fragments_ip6 (srm->ip6_max_frag, &reass->key.src); + reass->flags |= NAT_REASS_FLAG_MAX_FRAG_DROP; + nat_ip6_reass_get_frags_inline (reass, bi_to_drop); return -1; } @@ -704,12 +726,51 @@ static int nat_ip4_reass_walk_cli (nat_reass_ip4_t * reass, void *ctx) { vlib_main_t *vm = ctx; + u8 *flags_str = 0; + const char *classify_next_str; - vlib_cli_output (vm, " src %U dst %U proto %u id 0x%04x cached %u", + if (reass->flags & NAT_REASS_FLAG_MAX_FRAG_DROP) + flags_str = format (flags_str, "MAX_FRAG_DROP"); + if (reass->flags & NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE) + { + if (flags_str) + flags_str = format (flags_str, " | "); + flags_str = format (flags_str, "CLASSIFY_ED_CONTINUE"); + } + if (reass->flags & NAT_REASS_FLAG_ED_DONT_TRANSLATE) + { + if (flags_str) + flags_str = format (flags_str, " | "); + flags_str = format (flags_str, "CLASSIFY_ED_DONT_TRANSLATE"); + } + if (!flags_str) + flags_str = format (flags_str, "0"); + flags_str = format (flags_str, "%c", 0); + + switch (reass->classify_next) + { + case NAT_REASS_IP4_CLASSIFY_NONE: + classify_next_str = "NONE"; + break; + case NAT_REASS_IP4_CLASSIFY_NEXT_IN2OUT: + classify_next_str = "IN2OUT"; + break; + case NAT_REASS_IP4_CLASSIFY_NEXT_OUT2IN: + classify_next_str = "OUT2IN"; + break; + default: + classify_next_str = "invalid value"; + } + + vlib_cli_output (vm, " src %U dst %U proto %u id 0x%04x cached %u " + "flags %s classify_next %s", format_ip4_address, &reass->key.src, format_ip4_address, &reass->key.dst, reass->key.proto, - clib_net_to_host_u16 (reass->key.frag_id), reass->frag_n); + clib_net_to_host_u16 (reass->key.frag_id), reass->frag_n, + flags_str, classify_next_str); + + vec_free (flags_str); return 0; }